From 3cbe1980fd2c0b477c0a83d93f1c70b06c5c1b2b Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 6 Feb 2000 17:44:54 +0000 Subject: [PATCH] Document EVP digest operations. --- doc/crypto/EVP_DigestInit.pod | 191 ++++++++++++++++++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100644 doc/crypto/EVP_DigestInit.pod diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod new file mode 100644 index 0000000000..337ffb7930 --- /dev/null +++ b/doc/crypto/EVP_DigestInit.pod @@ -0,0 +1,191 @@ +=pod + +=head1 NAME + +EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines + +=head1 SYNOPSIS + + #include + + void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); + void EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, unsigned int cnt); + void EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); + + #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ + + int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); + + #define EVP_MD_type(e) ((e)->type) + #define EVP_MD_pkey_type(e) ((e)->pkey_type) + #define EVP_MD_size(e) ((e)->md_size) + #define EVP_MD_block_size(e) ((e)->block_size) + + #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) + #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) + #define EVP_MD_CTX_type(e) ((e)->digest) + + EVP_MD *EVP_md_null(void); + EVP_MD *EVP_md2(void); + EVP_MD *EVP_md5(void); + EVP_MD *EVP_sha(void); + EVP_MD *EVP_sha1(void); + EVP_MD *EVP_dss(void); + EVP_MD *EVP_dss1(void); + EVP_MD *EVP_mdc2(void); + EVP_MD *EVP_ripemd160(void); + + const EVP_MD *EVP_get_digestbyname(const char *name); + #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) + #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) + +=head1 DESCRIPTION + +The EVP digest routines are a high level interface to message digests. + +B initialises a digest context B to use a digest +B: this will typically be supplied by a function such as +B. + +B hashes B bytes of data at B into the +digest context B. This funtion can be called several times on the +same B to hash additional data. + +B retrieves the digest value from B and places +it in B. If the B parameter is not NULL then the number of +bytes of data written (i.e. the length of the digest) will be written +to the integer at B, at most B bytes will be written. +After calling B no additional calls to B +can be made, but B can be called to initialiase a new +digest operation. + +B can be used to copy the message digest state from +B to B. This is useful if large amounts of data are to be +hashed which only differ in the last few bytes. + +B and B return the size of the message digest +when passed an B or an B structure, i.e. the size of the +hash. + +B and B return the block size of the +message digest when passed an B or an B structure. + +B and B return the NID of the OBJECT IDENTIFIER +representing the given message digest when passed an B structure. +For example B returns B. This function is +normally used when setting ASN1 OIDs. + +B return the B structure corresponding to the passed +B. + +B returns the NID of the public key signing algorithm associated +with this digest. For example B is associated with RSA so this will +return B. This "link" between digests and signature +algorithms may not be retained in future versions of OpenSSL. + +B, B, B, B, B and B +return B structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest +algorithms respectively. The associated signature algorithm is RSA in each case. + +B and B return B structures for SHA and SHA1 digest +algorithms but using DSS (DSA) for the signature algorithm. + +B is a "null" message digest that does nothing: i.e. the hash it +returns is of zero length. + +B, B and B +return an B structure when passed a digest name, a digest NID or +and ASN1_OBJECT structure respectively. The digest table must be initialised +using, for example, B for these functions to work. + +=head1 RETURN VALUES + +EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() do not return values. + +EVP_MD_CTX_copy() returns 1 if successful or 0 for failure. + +EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the +corresponding OBJECT IDENTIFIER or NID_undef if none exists. + +EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(), +EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block +size in bytes. + +EVP_md_null(), EVP_MD *EVP_md2(), EVP_MD *EVP_md5(), EVP_MD *EVP_sha(), +EVP_sha1(), EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return +pointers to the corresponding EVP_MD structures. + +B, B and B +return either an B structure or NULL if an error occurs. + +=head1 NOTES + +The B interface to message digests should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the digest used and much more flexible. + +SHA1 is the digest of choice for new applications. The other digest algorithms +are still in common use. + +=head1 EXAMPLE + +This example digests the data "Test Message\n" and "Hello World\n", using the +digest name passed on the command line. + + #include + #include + + main(int argc, char *argv[]) + { + EVP_MD_CTX mdctx; + const EVP_MD *md; + char mess1[] = "Test Message\n"; + char mess2[] = "Hello World\n"; + unsigned char md_value[EVP_MAX_MD_SIZE]; + int md_len, i; + + OpenSSL_add_all_digests(); + + if(!argv[1]) { + printf("Usage: mdtest digestname\n"); + exit(1); + } + + md = EVP_get_digestbyname(argv[1]); + + if(!md) { + printf("Unknown message digest %s\n", argv[1]); + exit(1); + } + + EVP_DigestInit(&mdctx, md); + EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); + EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); + EVP_DigestFinal(&mdctx, md_value, &md_len); + + printf("Digest is: "); + for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); + printf("\n"); + } + +=head1 BUGS + +B is not a good name because its name wrongly implies it does +the same as B but takes an B parameter instead. + +Several of the functions do not return values: maybe they should. Although the +internal digest operations will never fail some future hardware based operations +might. + +The link between digests and signing algorithms results in a situation where +B must be used with RSA and B must be used with DSS +even though they are identical digests. + +The size of an B structure is determined at compile time: this results +in code that must be recompiled if the size of B increases. + +=head1 SEE ALSO + +=head1 HISTORY + +=cut -- 2.25.1