354 lines
12 KiB
Groff
354 lines
12 KiB
Groff
.\" $NetBSD: EVP_DigestInit.3,v 1.11 2002/08/09 16:15:39 itojun Exp $
|
|
.\"
|
|
.\" Automatically generated by Pod::Man version 1.02
|
|
.\" Sat Aug 10 00:56:44 2002
|
|
.\"
|
|
.\" Standard preamble:
|
|
.\" ======================================================================
|
|
.de Sh \" Subsection heading
|
|
.br
|
|
.if t .Sp
|
|
.ne 5
|
|
.PP
|
|
\fB\\$1\fR
|
|
.PP
|
|
..
|
|
.de Sp \" Vertical space (when we can't use .PP)
|
|
.if t .sp .5v
|
|
.if n .sp
|
|
..
|
|
.de Ip \" List item
|
|
.br
|
|
.ie \\n(.$>=3 .ne \\$3
|
|
.el .ne 3
|
|
.IP "\\$1" \\$2
|
|
..
|
|
.de Vb \" Begin verbatim text
|
|
.ft CW
|
|
.nf
|
|
.ne \\$1
|
|
..
|
|
.de Ve \" End verbatim text
|
|
.ft R
|
|
|
|
.fi
|
|
..
|
|
.\" Set up some character translations and predefined strings. \*(-- will
|
|
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
|
|
.\" double quote, and \*(R" will give a right double quote. | will give a
|
|
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
|
|
.\" to do unbreakable dashes and therefore won't be available. \*(C` and
|
|
.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
|
|
.tr \(*W-|\(bv\*(Tr
|
|
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
|
|
.ie n \{\
|
|
. ds -- \(*W-
|
|
. ds PI pi
|
|
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
|
|
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
|
|
. ds L" ""
|
|
. ds R" ""
|
|
. ds C` `
|
|
. ds C' '
|
|
'br\}
|
|
.el\{\
|
|
. ds -- \|\(em\|
|
|
. ds PI \(*p
|
|
. ds L" ``
|
|
. ds R" ''
|
|
'br\}
|
|
.\"
|
|
.\" If the F register is turned on, we'll generate index entries on stderr
|
|
.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
|
|
.\" index entries marked with X<> in POD. Of course, you'll have to process
|
|
.\" the output yourself in some meaningful fashion.
|
|
.if \nF \{\
|
|
. de IX
|
|
. tm Index:\\$1\t\\n%\t"\\$2"
|
|
. .
|
|
. nr % 0
|
|
. rr F
|
|
.\}
|
|
.\"
|
|
.\" For nroff, turn off justification. Always turn off hyphenation; it
|
|
.\" makes way too many mistakes in technical documents.
|
|
.hy 0
|
|
.if n .na
|
|
.\"
|
|
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
|
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
|
.bd B 3
|
|
. \" fudge factors for nroff and troff
|
|
.if n \{\
|
|
. ds #H 0
|
|
. ds #V .8m
|
|
. ds #F .3m
|
|
. ds #[ \f1
|
|
. ds #] \fP
|
|
.\}
|
|
.if t \{\
|
|
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
|
|
. ds #V .6m
|
|
. ds #F 0
|
|
. ds #[ \&
|
|
. ds #] \&
|
|
.\}
|
|
. \" simple accents for nroff and troff
|
|
.if n \{\
|
|
. ds ' \&
|
|
. ds ` \&
|
|
. ds ^ \&
|
|
. ds , \&
|
|
. ds ~ ~
|
|
. ds /
|
|
.\}
|
|
.if t \{\
|
|
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
|
|
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
|
|
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
|
|
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
|
|
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
|
|
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
|
|
.\}
|
|
. \" troff and (daisy-wheel) nroff accents
|
|
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
|
|
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
|
|
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
|
|
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
|
|
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
|
|
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
|
|
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
|
|
.ds ae a\h'-(\w'a'u*4/10)'e
|
|
.ds Ae A\h'-(\w'A'u*4/10)'E
|
|
. \" corrections for vroff
|
|
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
|
|
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
|
|
. \" for low resolution devices (crt and lpr)
|
|
.if \n(.H>23 .if \n(.V>19 \
|
|
\{\
|
|
. ds : e
|
|
. ds 8 ss
|
|
. ds o a
|
|
. ds d- d\h'-1'\(ga
|
|
. ds D- D\h'-1'\(hy
|
|
. ds th \o'bp'
|
|
. ds Th \o'LP'
|
|
. ds ae ae
|
|
. ds Ae AE
|
|
.\}
|
|
.rm #[ #] #H #V #F C
|
|
.\" ======================================================================
|
|
.\"
|
|
.IX Title "EVP_DigestInit 3"
|
|
.TH EVP_DigestInit 3 "0.9.6g" "2002-07-31" "OpenSSL"
|
|
.UC
|
|
.SH "NAME"
|
|
EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal, \s-1EVP_MAX_MD_SIZE\s0,
|
|
EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size,
|
|
EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
|
|
EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
|
|
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \-
|
|
\&\s-1EVP\s0 digest routines
|
|
.SH "LIBRARY"
|
|
libcrypto, -lcrypto
|
|
.SH "SYNOPSIS"
|
|
.IX Header "SYNOPSIS"
|
|
.Vb 1
|
|
\& #include <openssl/evp.h>
|
|
.Ve
|
|
.Vb 4
|
|
\& void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
|
|
\& void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
|
|
\& void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
|
|
\& unsigned int *s);
|
|
.Ve
|
|
.Vb 1
|
|
\& #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
|
|
.Ve
|
|
.Vb 1
|
|
\& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
|
|
.Ve
|
|
.Vb 4
|
|
\& #define EVP_MD_type(e) ((e)->type)
|
|
\& #define EVP_MD_pkey_type(e) ((e)->pkey_type)
|
|
\& #define EVP_MD_size(e) ((e)->md_size)
|
|
\& #define EVP_MD_block_size(e) ((e)->block_size)
|
|
.Ve
|
|
.Vb 4
|
|
\& #define EVP_MD_CTX_md(e) (e)->digest)
|
|
\& #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest)
|
|
\& #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest)
|
|
\& #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest)
|
|
.Ve
|
|
.Vb 9
|
|
\& EVP_MD *EVP_md_null(void);
|
|
\& EVP_MD *EVP_md2(void);
|
|
\& EVP_MD *EVP_md5(void);
|
|
\& EVP_MD *EVP_sha(void);
|
|
\& EVP_MD *EVP_sha1(void);
|
|
\& EVP_MD *EVP_dss(void);
|
|
\& EVP_MD *EVP_dss1(void);
|
|
\& EVP_MD *EVP_mdc2(void);
|
|
\& EVP_MD *EVP_ripemd160(void);
|
|
.Ve
|
|
.Vb 3
|
|
\& const EVP_MD *EVP_get_digestbyname(const char *name);
|
|
\& #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
|
|
\& #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
|
|
.Ve
|
|
.SH "DESCRIPTION"
|
|
.IX Header "DESCRIPTION"
|
|
The \s-1EVP\s0 digest routines are a high level interface to message digests.
|
|
.PP
|
|
\&\fIEVP_DigestInit()\fR initializes a digest context \fBctx\fR to use a digest
|
|
\&\fBtype\fR: this will typically be supplied by a function such as
|
|
\&\fIEVP_sha1()\fR.
|
|
.PP
|
|
\&\fIEVP_DigestUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
|
|
digest context \fBctx\fR. This function can be called several times on the
|
|
same \fBctx\fR to hash additional data.
|
|
.PP
|
|
\&\fIEVP_DigestFinal()\fR retrieves the digest value from \fBctx\fR and places
|
|
it in \fBmd\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of
|
|
bytes of data written (i.e. the length of the digest) will be written
|
|
to the integer at \fBs\fR, at most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written.
|
|
After calling \fIEVP_DigestFinal()\fR no additional calls to \fIEVP_DigestUpdate()\fR
|
|
can be made, but \fIEVP_DigestInit()\fR can be called to initialize a new
|
|
digest operation.
|
|
.PP
|
|
\&\fIEVP_MD_CTX_copy()\fR can be used to copy the message digest state from
|
|
\&\fBin\fR to \fBout\fR. This is useful if large amounts of data are to be
|
|
hashed which only differ in the last few bytes.
|
|
.PP
|
|
\&\fIEVP_MD_size()\fR and \fIEVP_MD_CTX_size()\fR return the size of the message digest
|
|
when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the
|
|
hash.
|
|
.PP
|
|
\&\fIEVP_MD_block_size()\fR and \fIEVP_MD_CTX_block_size()\fR return the block size of the
|
|
message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure.
|
|
.PP
|
|
\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT\s0 \s-1IDENTIFIER\s0
|
|
representing the given message digest when passed an \fB\s-1EVP_MD\s0\fR structure.
|
|
For example EVP_MD_type(\fIEVP_sha1()\fR) returns \fBNID_sha1\fR. This function is
|
|
normally used when setting \s-1ASN1\s0 OIDs.
|
|
.PP
|
|
\&\fIEVP_MD_CTX_md()\fR returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed
|
|
\&\fB\s-1EVP_MD_CTX\s0\fR.
|
|
.PP
|
|
\&\fIEVP_MD_pkey_type()\fR returns the \s-1NID\s0 of the public key signing algorithm associated
|
|
with this digest. For example \fIEVP_sha1()\fR is associated with \s-1RSA\s0 so this will
|
|
return \fBNID_sha1WithRSAEncryption\fR. This \*(L"link\*(R" between digests and signature
|
|
algorithms may not be retained in future versions of OpenSSL.
|
|
.PP
|
|
\&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR
|
|
return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0, \s-1SHA1\s0, \s-1MDC2\s0 and \s-1RIPEMD160\s0 digest
|
|
algorithms respectively. The associated signature algorithm is \s-1RSA\s0 in each case.
|
|
.PP
|
|
\&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest
|
|
algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm.
|
|
.PP
|
|
\&\fIEVP_md_null()\fR is a \*(L"null\*(R" message digest that does nothing: i.e. the hash it
|
|
returns is of zero length.
|
|
.PP
|
|
\&\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR
|
|
return an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \s-1NID\s0 or
|
|
an \s-1ASN1_OBJECT\s0 structure respectively. The digest table must be initialized
|
|
using, for example, \fIOpenSSL_add_all_digests()\fR for these functions to work.
|
|
.SH "RETURN VALUES"
|
|
.IX Header "RETURN VALUES"
|
|
\&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR do not return values.
|
|
.PP
|
|
\&\fIEVP_MD_CTX_copy()\fR returns 1 if successful or 0 for failure.
|
|
.PP
|
|
\&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the
|
|
corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none exists.
|
|
.PP
|
|
\&\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_size\fR\|(e), \fIEVP_MD_size()\fR,
|
|
\&\fIEVP_MD_CTX_block_size()\fR and \fIEVP_MD_block_size()\fR return the digest or block
|
|
size in bytes.
|
|
.PP
|
|
\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_dss()\fR,
|
|
\&\fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR return pointers to the
|
|
corresponding \s-1EVP_MD\s0 structures.
|
|
.PP
|
|
\&\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR
|
|
return either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs.
|
|
.SH "NOTES"
|
|
.IX Header "NOTES"
|
|
The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in
|
|
preference to the low level interfaces. This is because the code then becomes
|
|
transparent to the digest used and much more flexible.
|
|
.PP
|
|
\&\s-1SHA1\s0 is the digest of choice for new applications. The other digest algorithms
|
|
are still in common use.
|
|
.SH "EXAMPLE"
|
|
.IX Header "EXAMPLE"
|
|
This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the
|
|
digest name passed on the command line.
|
|
.PP
|
|
.Vb 2
|
|
\& #include <stdio.h>
|
|
\& #include <openssl/evp.h>
|
|
.Ve
|
|
.Vb 8
|
|
\& main(int argc, char *argv[])
|
|
\& {
|
|
\& EVP_MD_CTX mdctx;
|
|
\& const EVP_MD *md;
|
|
\& char mess1[] = "Test Message\en";
|
|
\& char mess2[] = "Hello World\en";
|
|
\& unsigned char md_value[EVP_MAX_MD_SIZE];
|
|
\& int md_len, i;
|
|
.Ve
|
|
.Vb 1
|
|
\& OpenSSL_add_all_digests();
|
|
.Ve
|
|
.Vb 4
|
|
\& if(!argv[1]) {
|
|
\& printf("Usage: mdtest digestname\en");
|
|
\& exit(1);
|
|
\& }
|
|
.Ve
|
|
.Vb 1
|
|
\& md = EVP_get_digestbyname(argv[1]);
|
|
.Ve
|
|
.Vb 4
|
|
\& if(!md) {
|
|
\& printf("Unknown message digest %s\en", argv[1]);
|
|
\& exit(1);
|
|
\& }
|
|
.Ve
|
|
.Vb 4
|
|
\& EVP_DigestInit(&mdctx, md);
|
|
\& EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
|
|
\& EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
|
|
\& EVP_DigestFinal(&mdctx, md_value, &md_len);
|
|
.Ve
|
|
.Vb 4
|
|
\& printf("Digest is: ");
|
|
\& for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
|
|
\& printf("\en");
|
|
\& }
|
|
.Ve
|
|
.SH "BUGS"
|
|
.IX Header "BUGS"
|
|
Several of the functions do not return values: maybe they should. Although the
|
|
internal digest operations will never fail some future hardware based operations
|
|
might.
|
|
.PP
|
|
The link between digests and signing algorithms results in a situation where
|
|
\&\fIEVP_sha1()\fR must be used with \s-1RSA\s0 and \fIEVP_dss1()\fR must be used with \s-1DSS\s0
|
|
even though they are identical digests.
|
|
.PP
|
|
The size of an \fB\s-1EVP_MD_CTX\s0\fR structure is determined at compile time: this results
|
|
in code that must be recompiled if the size of \fB\s-1EVP_MD_CTX\s0\fR increases.
|
|
.SH "SEE ALSO"
|
|
.IX Header "SEE ALSO"
|
|
openssl_evp(3), openssl_hmac(3), md2(3),
|
|
openssl_md5(3), openssl_mdc2(3), openssl_ripemd(3),
|
|
openssl_sha(3), openssl_dgst(1)
|
|
.SH "HISTORY"
|
|
.IX Header "HISTORY"
|
|
\&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR are
|
|
available in all versions of SSLeay and OpenSSL.
|