OLD | NEW |
1 =pod | 1 =pod |
2 | 2 |
3 =head1 NAME | 3 =head1 NAME |
4 | 4 |
5 EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, | 5 EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, |
6 EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, | 6 EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, |
7 EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, | 7 EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, |
8 EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD
_CTX_type, | 8 EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD
_CTX_type, |
9 EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, | 9 EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, |
10 EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - | 10 EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
125 EVP_MD_pkey_type() returns the NID of the public key signing algorithm associate
d | 125 EVP_MD_pkey_type() returns the NID of the public key signing algorithm associate
d |
126 with this digest. For example EVP_sha1() is associated with RSA so this will | 126 with this digest. For example EVP_sha1() is associated with RSA so this will |
127 return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature | 127 return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature |
128 algorithms may not be retained in future versions of OpenSSL. | 128 algorithms may not be retained in future versions of OpenSSL. |
129 | 129 |
130 EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160() | 130 EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160() |
131 return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 dige
st | 131 return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 dige
st |
132 algorithms respectively. The associated signature algorithm is RSA in each case. | 132 algorithms respectively. The associated signature algorithm is RSA in each case. |
133 | 133 |
134 EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest | 134 EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest |
135 algorithms but using DSS (DSA) for the signature algorithm. | 135 algorithms but using DSS (DSA) for the signature algorithm. Note: there is |
| 136 no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are |
| 137 however retained for compatibility. |
136 | 138 |
137 EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it | 139 EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it |
138 returns is of zero length. | 140 returns is of zero length. |
139 | 141 |
140 EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() | 142 EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() |
141 return an B<EVP_MD> structure when passed a digest name, a digest NID or | 143 return an B<EVP_MD> structure when passed a digest name, a digest NID or |
142 an ASN1_OBJECT structure respectively. The digest table must be initialized | 144 an ASN1_OBJECT structure respectively. The digest table must be initialized |
143 using, for example, OpenSSL_add_all_digests() for these functions to work. | 145 using, for example, OpenSSL_add_all_digests() for these functions to work. |
144 | 146 |
145 =head1 RETURN VALUES | 147 =head1 RETURN VALUES |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
221 EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); | 223 EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); |
222 EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); | 224 EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); |
223 EVP_DigestFinal_ex(&mdctx, md_value, &md_len); | 225 EVP_DigestFinal_ex(&mdctx, md_value, &md_len); |
224 EVP_MD_CTX_cleanup(&mdctx); | 226 EVP_MD_CTX_cleanup(&mdctx); |
225 | 227 |
226 printf("Digest is: "); | 228 printf("Digest is: "); |
227 for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); | 229 for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); |
228 printf("\n"); | 230 printf("\n"); |
229 } | 231 } |
230 | 232 |
231 =head1 BUGS | |
232 | |
233 The link between digests and signing algorithms results in a situation where | |
234 EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS | |
235 even though they are identical digests. | |
236 | |
237 =head1 SEE ALSO | 233 =head1 SEE ALSO |
238 | 234 |
239 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, | 235 L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, |
240 L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, | 236 L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, |
241 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> | 237 L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> |
242 | 238 |
243 =head1 HISTORY | 239 =head1 HISTORY |
244 | 240 |
245 EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are | 241 EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are |
246 available in all versions of SSLeay and OpenSSL. | 242 available in all versions of SSLeay and OpenSSL. |
247 | 243 |
248 EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(), | 244 EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(), |
249 EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex() | 245 EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex() |
250 and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7. | 246 and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7. |
251 | 247 |
252 EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), | 248 EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), |
253 EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were | 249 EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were |
254 changed to return truely const EVP_MD * in OpenSSL 0.9.7. | 250 changed to return truely const EVP_MD * in OpenSSL 0.9.7. |
255 | 251 |
| 252 The link between digests and signing algorithms was fixed in OpenSSL 1.0 and |
| 253 later, so now EVP_sha1() can be used with RSA and DSA, there is no need to |
| 254 use EVP_dss1() any more. |
| 255 |
| 256 OpenSSL 1.0 and later does not include the MD2 digest algorithm in the |
| 257 default configuration due to its security weaknesses. |
| 258 |
256 =cut | 259 =cut |
OLD | NEW |