]>
Commit | Line | Data |
---|---|---|
3cbe1980 DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
3fd70262 | 5 | EVP_MD_fetch, EVP_MD_up_ref, EVP_MD_free, |
ae3ff60e | 6 | EVP_MD_get_params, EVP_MD_gettable_params, |
0324ae3e P |
7 | EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_dup, |
8 | EVP_MD_CTX_copy, EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, | |
ae3ff60e | 9 | EVP_MD_CTX_set_params, EVP_MD_CTX_get_params, |
e6879a31 | 10 | EVP_MD_settable_ctx_params, EVP_MD_gettable_ctx_params, |
ae3ff60e | 11 | EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params, |
d5e5e2ff | 12 | EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, |
4d49b685 | 13 | EVP_Q_digest, EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit, |
5a7e9991 | 14 | EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, |
6ea964cd | 15 | EVP_MD_is_a, EVP_MD_get0_name, EVP_MD_get0_description, |
31b7f23d TM |
16 | EVP_MD_names_do_all, EVP_MD_get0_provider, EVP_MD_get_type, |
17 | EVP_MD_get_pkey_type, EVP_MD_get_size, EVP_MD_get_block_size, EVP_MD_get_flags, | |
18 | EVP_MD_CTX_get0_name, EVP_MD_CTX_md, EVP_MD_CTX_get0_md, EVP_MD_CTX_get1_md, | |
ed576acd TM |
19 | EVP_MD_CTX_get_type, EVP_MD_CTX_get_size, EVP_MD_CTX_get_block_size, |
20 | EVP_MD_CTX_get0_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, | |
a9cf71a3 | 21 | EVP_md_null, |
37842dfa | 22 | EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, |
ed576acd | 23 | EVP_MD_CTX_get_pkey_ctx, EVP_MD_CTX_set_pkey_ctx, |
31b7f23d TM |
24 | EVP_MD_do_all_provided, |
25 | EVP_MD_type, EVP_MD_nid, EVP_MD_name, EVP_MD_pkey_type, EVP_MD_size, | |
26 | EVP_MD_block_size, EVP_MD_flags, EVP_MD_CTX_size, EVP_MD_CTX_block_size, | |
27 | EVP_MD_CTX_type, EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_md_data | |
c540f00f | 28 | - EVP digest routines |
3cbe1980 DSH |
29 | |
30 | =head1 SYNOPSIS | |
31 | ||
32 | #include <openssl/evp.h> | |
33 | ||
b4250010 | 34 | EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, |
2cafb1df | 35 | const char *properties); |
3fd70262 RL |
36 | int EVP_MD_up_ref(EVP_MD *md); |
37 | void EVP_MD_free(EVP_MD *md); | |
ae3ff60e RL |
38 | int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]); |
39 | const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest); | |
25191fff RL |
40 | EVP_MD_CTX *EVP_MD_CTX_new(void); |
41 | int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); | |
42 | void EVP_MD_CTX_free(EVP_MD_CTX *ctx); | |
52ad5b60 | 43 | void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2); |
4e7991b4 | 44 | int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]); |
d5e5e2ff | 45 | int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); |
e6879a31 MC |
46 | const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md); |
47 | const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md); | |
48 | const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx); | |
49 | const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx); | |
a9cf71a3 RL |
50 | void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); |
51 | void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); | |
52 | int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); | |
e72d734d | 53 | |
4d49b685 | 54 | int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq, |
006de767 RL |
55 | const void *data, size_t datalen, |
56 | unsigned char *md, size_t *mdlen); | |
37842dfa AS |
57 | int EVP_Digest(const void *data, size_t count, unsigned char *md, |
58 | unsigned int *size, const EVP_MD *type, ENGINE *impl); | |
5a7e9991 P |
59 | int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type, |
60 | const OSSL_PARAM params[]); | |
e72d734d | 61 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); |
109d3123 | 62 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); |
e9b77246 | 63 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); |
cd8d1456 | 64 | int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); |
e72d734d | 65 | |
0324ae3e | 66 | EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in); |
aebb9aac | 67 | int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); |
e72d734d DSH |
68 | |
69 | int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); | |
e9b77246 | 70 | int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); |
3cbe1980 | 71 | |
aebb9aac | 72 | int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); |
e72d734d | 73 | |
ed576acd TM |
74 | const char *EVP_MD_get0_name(const EVP_MD *md); |
75 | const char *EVP_MD_get0_description(const EVP_MD *md); | |
251e610c | 76 | int EVP_MD_is_a(const EVP_MD *md, const char *name); |
d84f5515 MC |
77 | int EVP_MD_names_do_all(const EVP_MD *md, |
78 | void (*fn)(const char *name, void *data), | |
79 | void *data); | |
ed576acd TM |
80 | const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md); |
81 | int EVP_MD_get_type(const EVP_MD *md); | |
82 | int EVP_MD_get_pkey_type(const EVP_MD *md); | |
83 | int EVP_MD_get_size(const EVP_MD *md); | |
84 | int EVP_MD_get_block_size(const EVP_MD *md); | |
85 | unsigned long EVP_MD_get_flags(const EVP_MD *md); | |
3cbe1980 | 86 | |
f6c95e46 RS |
87 | const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx); |
88 | EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx); | |
ed576acd TM |
89 | const char *EVP_MD_CTX_get0_name(const EVP_MD_CTX *ctx); |
90 | int EVP_MD_CTX_get_size(const EVP_MD_CTX *ctx); | |
91 | int EVP_MD_CTX_get_block_size(const EVP_MD_CTX *ctx); | |
92 | int EVP_MD_CTX_get_type(const EVP_MD_CTX *ctx); | |
93 | void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx); | |
3cbe1980 | 94 | |
13588350 | 95 | const EVP_MD *EVP_md_null(void); |
e4adad92 | 96 | |
3cbe1980 | 97 | const EVP_MD *EVP_get_digestbyname(const char *name); |
25191fff RL |
98 | const EVP_MD *EVP_get_digestbynid(int type); |
99 | const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); | |
3cbe1980 | 100 | |
ed576acd | 101 | EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx); |
675f4cee PY |
102 | void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); |
103 | ||
b4250010 | 104 | void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, |
251e610c RL |
105 | void (*fn)(EVP_MD *mac, void *arg), |
106 | void *arg); | |
c540f00f | 107 | |
31b7f23d TM |
108 | #define EVP_MD_type EVP_MD_get_type |
109 | #define EVP_MD_nid EVP_MD_get_type | |
110 | #define EVP_MD_name EVP_MD_get0_name | |
111 | #define EVP_MD_pkey_type EVP_MD_get_pkey_type | |
112 | #define EVP_MD_size EVP_MD_get_size | |
113 | #define EVP_MD_block_size EVP_MD_get_block_size | |
114 | #define EVP_MD_flags EVP_MD_get_flags | |
115 | #define EVP_MD_CTX_size EVP_MD_CTX_get_size | |
116 | #define EVP_MD_CTX_block_size EVP_MD_CTX_get_block_size | |
117 | #define EVP_MD_CTX_type EVP_MD_CTX_get_type | |
118 | #define EVP_MD_CTX_pkey_ctx EVP_MD_CTX_get_pkey_ctx | |
119 | #define EVP_MD_CTX_md_data EVP_MD_CTX_get0_md_data | |
120 | ||
3dbf8243 MC |
121 | The following functions have been deprecated since OpenSSL 3.0, and can be |
122 | hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, | |
123 | see L<openssl_user_macros(7)>: | |
1409b5f6 | 124 | |
f6c95e46 RS |
125 | const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); |
126 | ||
1409b5f6 RS |
127 | int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, |
128 | const void *data, size_t count); | |
129 | ||
130 | void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, | |
131 | int (*update)(EVP_MD_CTX *ctx, | |
132 | const void *data, size_t count)); | |
133 | ||
3cbe1980 DSH |
134 | =head1 DESCRIPTION |
135 | ||
8c1cbc72 | 136 | The EVP digest routines are a high-level interface to message digests, |
3fd70262 RL |
137 | and should be used instead of the digest-specific functions. |
138 | ||
139 | The B<EVP_MD> type is a structure for digest method implementation. | |
3cbe1980 | 140 | |
bbda8ce9 | 141 | =over 4 |
25191fff | 142 | |
2cafb1df RL |
143 | =item EVP_MD_fetch() |
144 | ||
041a96e7 RL |
145 | Fetches the digest implementation for the given I<algorithm> from any |
146 | provider offering it, within the criteria given by the I<properties>. | |
906bced1 | 147 | See L<crypto(7)/ALGORITHM FETCHING> for further information. |
2cafb1df | 148 | |
3fd70262 RL |
149 | The returned value must eventually be freed with EVP_MD_free(). |
150 | ||
151 | Fetched B<EVP_MD> structures are reference counted. | |
152 | ||
153 | =item EVP_MD_up_ref() | |
154 | ||
155 | Increments the reference count for an B<EVP_MD> structure. | |
156 | ||
157 | =item EVP_MD_free() | |
158 | ||
159 | Decrements the reference count for the fetched B<EVP_MD> structure. | |
160 | If the reference count drops to 0 then the structure is freed. | |
2cafb1df | 161 | |
bbda8ce9 | 162 | =item EVP_MD_CTX_new() |
e72d734d | 163 | |
b45497c3 | 164 | Allocates and returns a digest context. |
e72d734d | 165 | |
bbda8ce9 | 166 | =item EVP_MD_CTX_reset() |
52ad5b60 | 167 | |
041a96e7 | 168 | Resets the digest context I<ctx>. This can be used to reuse an already |
bbda8ce9 | 169 | existing context. |
3cbe1980 | 170 | |
bbda8ce9 | 171 | =item EVP_MD_CTX_free() |
3cbe1980 | 172 | |
041a96e7 | 173 | Cleans up digest context I<ctx> and frees up the space allocated to it. |
3cbe1980 | 174 | |
bbda8ce9 RT |
175 | =item EVP_MD_CTX_ctrl() |
176 | ||
b5b91a79 | 177 | I<This is a legacy method. EVP_MD_CTX_set_params() and EVP_MD_CTX_get_params() |
d5e5e2ff | 178 | is the mechanism that should be used to set and get parameters that are used by |
b5b91a79 RL |
179 | providers.> |
180 | ||
041a96e7 RL |
181 | Performs digest-specific control actions on context I<ctx>. The control command |
182 | is indicated in I<cmd> and any additional arguments in I<p1> and I<p2>. | |
5a7e9991 | 183 | EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex2(). Other restrictions |
37842dfa | 184 | may apply depending on the control type and digest implementation. |
b5b91a79 RL |
185 | |
186 | If this function happens to be used with a fetched B<EVP_MD>, it will | |
187 | translate the controls that are known to OpenSSL into L<OSSL_PARAM(3)> | |
188 | parameters with keys defined by OpenSSL and call EVP_MD_CTX_get_params() or | |
189 | EVP_MD_CTX_set_params() as is appropriate for each control command. | |
190 | ||
191 | See L</CONTROLS> below for more information, including what translations are | |
192 | being done. | |
bbda8ce9 | 193 | |
ae3ff60e RL |
194 | =item EVP_MD_get_params() |
195 | ||
041a96e7 | 196 | Retrieves the requested list of I<params> from a MD I<md>. |
2710e8a8 | 197 | See L</PARAMETERS> below for more information. |
ae3ff60e RL |
198 | |
199 | =item EVP_MD_CTX_get_params() | |
d5e5e2ff | 200 | |
041a96e7 | 201 | Retrieves the requested list of I<params> from a MD context I<ctx>. |
2710e8a8 | 202 | See L</PARAMETERS> below for more information. |
d5e5e2ff | 203 | |
ae3ff60e | 204 | =item EVP_MD_CTX_set_params() |
d5e5e2ff | 205 | |
041a96e7 | 206 | Sets the list of I<params> into a MD context I<ctx>. |
2710e8a8 | 207 | See L</PARAMETERS> below for more information. |
d5e5e2ff | 208 | |
d618ac6f P |
209 | =item EVP_MD_gettable_params() |
210 | ||
211 | Get a constant B<OSSL_PARAM> array that describes the retrievable parameters | |
212 | that can be used with EVP_MD_get_params(). See L<OSSL_PARAM(3)> for the | |
213 | use of B<OSSL_PARAM> as a parameter descriptor. | |
214 | ||
215 | =item EVP_MD_gettable_ctx_params(), EVP_MD_CTX_gettable_params() | |
216 | ||
217 | Get a constant B<OSSL_PARAM> array that describes the retrievable parameters | |
218 | that can be used with EVP_MD_CTX_get_params(). EVP_MD_gettable_ctx_params() | |
219 | returns the parameters that can be retrieved from the algorithm, whereas | |
220 | EVP_MD_CTX_gettable_params() returns the parameters that can be retrieved | |
221 | in the context's current state. See L<OSSL_PARAM(3)> for the use of | |
222 | B<OSSL_PARAM> as a parameter descriptor. | |
223 | ||
224 | =item EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params() | |
225 | ||
226 | Get a constant B<OSSL_PARAM> array that describes the settable parameters | |
227 | that can be used with EVP_MD_CTX_set_params(). EVP_MD_settable_ctx_params() | |
228 | returns the parameters that can be set from the algorithm, whereas | |
229 | EVP_MD_CTX_settable_params() returns the parameters that can be set in the | |
230 | context's current state. See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> | |
231 | as a parameter descriptor. | |
ae3ff60e | 232 | |
a9cf71a3 RL |
233 | =item EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags() |
234 | ||
041a96e7 | 235 | Sets, clears and tests I<ctx> flags. See L</FLAGS> below for more information. |
a9cf71a3 | 236 | |
4d49b685 | 237 | =item EVP_Q_digest() is a quick one-shot digest function. |
006de767 RL |
238 | |
239 | It hashes I<datalen> bytes of data at I<data> using the digest algorithm | |
240 | I<name>, which is fetched using the optional I<libctx> and I<propq> parameters. | |
241 | The digest value is placed in I<md> and its length is written at I<mdlen> | |
4d49b685 DDO |
242 | if the pointer is not NULL. At most B<EVP_MAX_MD_SIZE> bytes will be written. |
243 | ||
37842dfa AS |
244 | =item EVP_Digest() |
245 | ||
246 | A wrapper around the Digest Init_ex, Update and Final_ex functions. | |
041a96e7 RL |
247 | Hashes I<count> bytes of data at I<data> using a digest I<type> from ENGINE |
248 | I<impl>. The digest value is placed in I<md> and its length is written at I<size> | |
37842dfa | 249 | if the pointer is not NULL. At most B<EVP_MAX_MD_SIZE> bytes will be written. |
041a96e7 | 250 | If I<impl> is NULL the default implementation of digest I<type> is used. |
37842dfa | 251 | |
5a7e9991 P |
252 | =item EVP_DigestInit_ex2() |
253 | ||
254 | Sets up digest context I<ctx> to use a digest I<type>. | |
255 | I<type> is typically supplied by a function such as EVP_sha1(), or a | |
256 | value explicitly fetched with EVP_MD_fetch(). | |
257 | ||
258 | The parameters B<params> are set on the context after initialisation. | |
259 | ||
260 | The I<type> parameter can be NULL if I<ctx> has been already initialized | |
261 | with another EVP_DigestInit_ex() call and has not been reset with | |
262 | EVP_MD_CTX_reset(). | |
263 | ||
bbda8ce9 RT |
264 | =item EVP_DigestInit_ex() |
265 | ||
041a96e7 RL |
266 | Sets up digest context I<ctx> to use a digest I<type>. |
267 | I<type> is typically supplied by a function such as EVP_sha1(), or a | |
2cafb1df RL |
268 | value explicitly fetched with EVP_MD_fetch(). |
269 | ||
041a96e7 | 270 | If I<impl> is non-NULL, its implementation of the digest I<type> is used if |
2cafb1df | 271 | there is one, and if not, the default implementation is used. |
bbda8ce9 | 272 | |
2b407d05 TM |
273 | The I<type> parameter can be NULL if I<ctx> has been already initialized |
274 | with another EVP_DigestInit_ex() call and has not been reset with | |
275 | EVP_MD_CTX_reset(). | |
276 | ||
bbda8ce9 RT |
277 | =item EVP_DigestUpdate() |
278 | ||
041a96e7 RL |
279 | Hashes I<cnt> bytes of data at I<d> into the digest context I<ctx>. This |
280 | function can be called several times on the same I<ctx> to hash additional | |
bbda8ce9 RT |
281 | data. |
282 | ||
283 | =item EVP_DigestFinal_ex() | |
284 | ||
041a96e7 | 285 | Retrieves the digest value from I<ctx> and places it in I<md>. If the I<s> |
bbda8ce9 | 286 | parameter is not NULL then the number of bytes of data written (i.e. the |
041a96e7 | 287 | length of the digest) will be written to the integer at I<s>, at most |
bbda8ce9 | 288 | B<EVP_MAX_MD_SIZE> bytes will be written. After calling EVP_DigestFinal_ex() |
cd8d1456 | 289 | no additional calls to EVP_DigestUpdate() can be made, but |
5a7e9991 | 290 | EVP_DigestInit_ex2() can be called to initialize a new digest operation. |
bbda8ce9 RT |
291 | |
292 | =item EVP_DigestFinalXOF() | |
293 | ||
294 | Interfaces to extendable-output functions, XOFs, such as SHAKE128 and SHAKE256. | |
3f2a8d97 | 295 | It retrieves the digest value from I<ctx> and places it in I<len>-sized I<md>. |
bbda8ce9 | 296 | After calling this function no additional calls to EVP_DigestUpdate() can be |
5a7e9991 | 297 | made, but EVP_DigestInit_ex2() can be called to initialize a new operation. |
bbda8ce9 | 298 | |
0324ae3e P |
299 | =item EVP_MD_CTX_dup() |
300 | ||
301 | Can be used to duplicate the message digest state from I<in>. This is useful | |
302 | to avoid multiple EVP_MD_fetch() calls or if large amounts of data are to be | |
303 | hashed which only differ in the last few bytes. | |
304 | ||
bbda8ce9 RT |
305 | =item EVP_MD_CTX_copy_ex() |
306 | ||
041a96e7 | 307 | Can be used to copy the message digest state from I<in> to I<out>. This is |
bbda8ce9 | 308 | useful if large amounts of data are to be hashed which only differ in the last |
b45497c3 | 309 | few bytes. |
bbda8ce9 RT |
310 | |
311 | =item EVP_DigestInit() | |
312 | ||
5a7e9991 P |
313 | Behaves in the same way as EVP_DigestInit_ex2() except it doesn't set any |
314 | parameters and calls EVP_MD_CTX_reset() so it cannot be used with an I<type> | |
315 | of NULL. | |
bbda8ce9 RT |
316 | |
317 | =item EVP_DigestFinal() | |
318 | ||
2b407d05 TM |
319 | Similar to EVP_DigestFinal_ex() except after computing the digest |
320 | the digest context I<ctx> is automatically cleaned up with EVP_MD_CTX_reset(). | |
bbda8ce9 RT |
321 | |
322 | =item EVP_MD_CTX_copy() | |
cd8d1456 | 323 | |
041a96e7 | 324 | Similar to EVP_MD_CTX_copy_ex() except the destination I<out> does not have to |
bbda8ce9 | 325 | be initialized. |
e72d734d | 326 | |
251e610c RL |
327 | =item EVP_MD_is_a() |
328 | ||
329 | Returns 1 if I<md> is an implementation of an algorithm that's | |
330 | identifiable with I<name>, otherwise 0. | |
331 | ||
e4a1d023 RL |
332 | If I<md> is a legacy digest (it's the return value from the likes of |
333 | EVP_sha256() rather than the result of an EVP_MD_fetch()), only cipher | |
334 | names registered with the default library context (see | |
b4250010 | 335 | L<OSSL_LIB_CTX(3)>) will be considered. |
e4a1d023 | 336 | |
ed576acd TM |
337 | =item EVP_MD_get0_name(), |
338 | EVP_MD_CTX_get0_name() | |
c750bc08 | 339 | |
251e610c | 340 | Return the name of the given message digest. For fetched message |
f651c727 RL |
341 | digests with multiple names, only one of them is returned; it's |
342 | recommended to use EVP_MD_names_do_all() instead. | |
343 | ||
344 | =item EVP_MD_names_do_all() | |
345 | ||
346 | Traverses all names for the I<md>, and calls I<fn> with each name and | |
347 | I<data>. This is only useful with fetched B<EVP_MD>s. | |
c750bc08 | 348 | |
ed576acd | 349 | =item EVP_MD_get0_description() |
03888233 RL |
350 | |
351 | Returns a description of the digest, meant for display and human consumption. | |
352 | The description is at the discretion of the digest implementation. | |
353 | ||
ed576acd | 354 | =item EVP_MD_get0_provider() |
1d2622d4 RL |
355 | |
356 | Returns an B<OSSL_PROVIDER> pointer to the provider that implements the given | |
357 | B<EVP_MD>. | |
358 | ||
ed576acd TM |
359 | =item EVP_MD_get_size(), |
360 | EVP_MD_CTX_get_size() | |
e72d734d | 361 | |
bbda8ce9 RT |
362 | Return the size of the message digest when passed an B<EVP_MD> or an |
363 | B<EVP_MD_CTX> structure, i.e. the size of the hash. | |
e72d734d | 364 | |
ed576acd TM |
365 | =item EVP_MD_get_block_size(), |
366 | EVP_MD_CTX_get_block_size() | |
3cbe1980 | 367 | |
bbda8ce9 RT |
368 | Return the block size of the message digest when passed an B<EVP_MD> or an |
369 | B<EVP_MD_CTX> structure. | |
3cbe1980 | 370 | |
ed576acd TM |
371 | =item EVP_MD_get_type(), |
372 | EVP_MD_CTX_get_type() | |
3cbe1980 | 373 | |
bbda8ce9 | 374 | Return the NID of the OBJECT IDENTIFIER representing the given message digest |
ed576acd | 375 | when passed an B<EVP_MD> structure. For example, C<EVP_MD_get_type(EVP_sha1())> |
bbda8ce9 | 376 | returns B<NID_sha1>. This function is normally used when setting ASN1 OIDs. |
3cbe1980 | 377 | |
ed576acd | 378 | =item EVP_MD_CTX_get0_md_data() |
a9cf71a3 RL |
379 | |
380 | Return the digest method private data for the passed B<EVP_MD_CTX>. | |
381 | The space is allocated by OpenSSL and has the size originally set with | |
382 | EVP_MD_meth_set_app_datasize(). | |
383 | ||
f6c95e46 | 384 | =item EVP_MD_CTX_get0_md(), EVP_MD_CTX_get1_md() |
3cbe1980 | 385 | |
f6c95e46 RS |
386 | EVP_MD_CTX_get0_md() returns |
387 | the B<EVP_MD> structure corresponding to the passed B<EVP_MD_CTX>. This | |
5a7e9991 | 388 | will be the same B<EVP_MD> object originally passed to EVP_DigestInit_ex2() (or |
b7c913c8 MC |
389 | other similar function) when the EVP_MD_CTX was first initialised. Note that |
390 | where explicit fetch is in use (see L<EVP_MD_fetch(3)>) the value returned from | |
391 | this function will not have its reference count incremented and therefore it | |
392 | should not be used after the EVP_MD_CTX is freed. | |
f6c95e46 RS |
393 | EVP_MD_CTX_get1_md() is the same except the ownership is passed to the |
394 | caller and is from the passed B<EVP_MD_CTX>. | |
3cbe1980 | 395 | |
37842dfa AS |
396 | =item EVP_MD_CTX_set_update_fn() |
397 | ||
041a96e7 | 398 | Sets the update function for I<ctx> to I<update>. |
1409b5f6 | 399 | This is the function that is called by EVP_DigestUpdate(). If not set, the |
37842dfa AS |
400 | update function from the B<EVP_MD> type specified at initialization is used. |
401 | ||
402 | =item EVP_MD_CTX_update_fn() | |
403 | ||
041a96e7 | 404 | Returns the update function for I<ctx>. |
37842dfa | 405 | |
ed576acd | 406 | =item EVP_MD_get_flags() |
37842dfa | 407 | |
041a96e7 | 408 | Returns the I<md> flags. Note that these are different from the B<EVP_MD_CTX> |
37842dfa AS |
409 | ones. See L<EVP_MD_meth_set_flags(3)> for more information. |
410 | ||
ed576acd | 411 | =item EVP_MD_get_pkey_type() |
3cbe1980 | 412 | |
bbda8ce9 RT |
413 | Returns the NID of the public key signing algorithm associated with this |
414 | digest. For example EVP_sha1() is associated with RSA so this will return | |
415 | B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms are no | |
416 | longer linked this function is only retained for compatibility reasons. | |
3cbe1980 | 417 | |
bbda8ce9 RT |
418 | =item EVP_md_null() |
419 | ||
420 | A "null" message digest that does nothing: i.e. the hash it returns is of zero | |
421 | length. | |
422 | ||
423 | =item EVP_get_digestbyname(), | |
424 | EVP_get_digestbynid(), | |
425 | EVP_get_digestbyobj() | |
426 | ||
427 | Returns an B<EVP_MD> structure when passed a digest name, a digest B<NID> or an | |
428 | B<ASN1_OBJECT> structure respectively. | |
429 | ||
971dbab4 MC |
430 | The EVP_get_digestbyname() function is present for backwards compatibility with |
431 | OpenSSL prior to version 3 and is different to the EVP_MD_fetch() function | |
432 | since it does not attempt to "fetch" an implementation of the cipher. | |
433 | Additionally, it only knows about digests that are built-in to OpenSSL and have | |
434 | an associated NID. Similarly EVP_get_digestbynid() and EVP_get_digestbyobj() | |
435 | also return objects without an associated implementation. | |
436 | ||
437 | When the digest objects returned by these functions are used (such as in a call | |
438 | to EVP_DigestInit_ex()) an implementation of the digest will be implicitly | |
439 | fetched from the loaded providers. This fetch could fail if no suitable | |
440 | implementation is available. Use EVP_MD_fetch() instead to explicitly fetch | |
441 | the algorithm and an associated implementation from a provider. | |
442 | ||
443 | See L<crypto(7)/ALGORITHM FETCHING> for more information about fetching. | |
444 | ||
445 | The digest objects returned from these functions do not need to be freed with | |
446 | EVP_MD_free(). | |
447 | ||
ed576acd | 448 | =item EVP_MD_CTX_get_pkey_ctx() |
37842dfa | 449 | |
041a96e7 | 450 | Returns the B<EVP_PKEY_CTX> assigned to I<ctx>. The returned pointer should not |
37842dfa AS |
451 | be freed by the caller. |
452 | ||
675f4cee PY |
453 | =item EVP_MD_CTX_set_pkey_ctx() |
454 | ||
455 | Assigns an B<EVP_PKEY_CTX> to B<EVP_MD_CTX>. This is usually used to provide | |
37842dfa | 456 | a customized B<EVP_PKEY_CTX> to L<EVP_DigestSignInit(3)> or |
041a96e7 RL |
457 | L<EVP_DigestVerifyInit(3)>. The I<pctx> passed to this function should be freed |
458 | by the caller. A NULL I<pctx> pointer is also allowed to clear the B<EVP_PKEY_CTX> | |
459 | assigned to I<ctx>. In such case, freeing the cleared B<EVP_PKEY_CTX> or not | |
81c79453 | 460 | depends on how the B<EVP_PKEY_CTX> is created. |
675f4cee | 461 | |
251e610c | 462 | =item EVP_MD_do_all_provided() |
c540f00f RL |
463 | |
464 | Traverses all messages digests implemented by all activated providers | |
465 | in the given library context I<libctx>, and for each of the implementations, | |
466 | calls the given function I<fn> with the implementation method and the given | |
467 | I<arg> as argument. | |
468 | ||
bbda8ce9 | 469 | =back |
3cbe1980 | 470 | |
2710e8a8 | 471 | =head1 PARAMETERS |
d5e5e2ff SL |
472 | |
473 | See L<OSSL_PARAM(3)> for information about passing parameters. | |
474 | ||
475 | EVP_MD_CTX_set_params() can be used with the following OSSL_PARAM keys: | |
476 | ||
477 | =over 4 | |
478 | ||
af53092c | 479 | =item "xoflen" (B<OSSL_DIGEST_PARAM_XOFLEN>) <unsigned integer> |
d5e5e2ff SL |
480 | |
481 | Sets the digest length for extendable output functions. | |
7b6b194b P |
482 | It is used by the SHAKE algorithm and should not exceed what can be given |
483 | using a B<size_t>. | |
d5e5e2ff | 484 | |
af53092c | 485 | =item "pad-type" (B<OSSL_DIGEST_PARAM_PAD_TYPE>) <unsigned integer> |
d5e5e2ff | 486 | |
041a96e7 | 487 | Sets the padding type. |
d5e5e2ff SL |
488 | It is used by the MDC2 algorithm. |
489 | ||
490 | =back | |
491 | ||
492 | EVP_MD_CTX_get_params() can be used with the following OSSL_PARAM keys: | |
493 | ||
494 | =over 4 | |
495 | ||
0c452a51 | 496 | =item "micalg" (B<OSSL_PARAM_DIGEST_KEY_MICALG>) <UTF8 string>. |
d5e5e2ff SL |
497 | |
498 | Gets the digest Message Integrity Check algorithm string. This is used when | |
499 | creating S/MIME multipart/signed messages, as specified in RFC 3851. | |
500 | It may be used by external engines or providers. | |
501 | ||
502 | =back | |
503 | ||
37842dfa AS |
504 | =head1 CONTROLS |
505 | ||
506 | EVP_MD_CTX_ctrl() can be used to send the following standard controls: | |
507 | ||
508 | =over 4 | |
509 | ||
510 | =item EVP_MD_CTRL_MICALG | |
511 | ||
512 | Gets the digest Message Integrity Check algorithm string. This is used when | |
513 | creating S/MIME multipart/signed messages, as specified in RFC 3851. | |
041a96e7 | 514 | The string value is written to I<p2>. |
37842dfa | 515 | |
b5b91a79 RL |
516 | When used with a fetched B<EVP_MD>, EVP_MD_CTX_get_params() gets called with |
517 | an L<OSSL_PARAM(3)> item with the key "micalg" (B<OSSL_DIGEST_PARAM_MICALG>). | |
518 | ||
37842dfa AS |
519 | =item EVP_MD_CTRL_XOF_LEN |
520 | ||
041a96e7 | 521 | This control sets the digest length for extendable output functions to I<p1>. |
37842dfa | 522 | Sending this control directly should not be necessary, the use of |
041a96e7 | 523 | EVP_DigestFinalXOF() is preferred. |
37842dfa AS |
524 | Currently used by SHAKE. |
525 | ||
b5b91a79 RL |
526 | When used with a fetched B<EVP_MD>, EVP_MD_CTX_get_params() gets called with |
527 | an L<OSSL_PARAM(3)> item with the key "xoflen" (B<OSSL_DIGEST_PARAM_XOFLEN>). | |
528 | ||
37842dfa AS |
529 | =back |
530 | ||
a9cf71a3 RL |
531 | =head1 FLAGS |
532 | ||
533 | EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags() and EVP_MD_CTX_test_flags() | |
534 | can be used the manipulate and test these B<EVP_MD_CTX> flags: | |
535 | ||
536 | =over 4 | |
537 | ||
538 | =item EVP_MD_CTX_FLAG_ONESHOT | |
539 | ||
540 | This flag instructs the digest to optimize for one update only, if possible. | |
541 | ||
542 | =for comment EVP_MD_CTX_FLAG_CLEANED is internal, don't mention it | |
543 | ||
544 | =for comment EVP_MD_CTX_FLAG_REUSE is internal, don't mention it | |
545 | ||
546 | =for comment We currently avoid documenting flags that are only bit holder: | |
547 | EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, EVP_MD_CTX_FLAGS_PAD_* | |
548 | ||
549 | =item EVP_MD_CTX_FLAG_NO_INIT | |
550 | ||
551 | This flag instructs EVP_DigestInit() and similar not to initialise the | |
552 | implementation specific data. | |
553 | ||
554 | =item EVP_MD_CTX_FLAG_FINALISE | |
555 | ||
556 | Some functions such as EVP_DigestSign only finalise copies of internal | |
557 | contexts so additional data can be included after the finalisation call. | |
558 | This is inefficient if this functionality is not required, and can be | |
559 | disabled with this flag. | |
560 | ||
561 | =back | |
562 | ||
3cbe1980 DSH |
563 | =head1 RETURN VALUES |
564 | ||
bbda8ce9 RT |
565 | =over 4 |
566 | ||
2cafb1df RL |
567 | =item EVP_MD_fetch() |
568 | ||
569 | Returns a pointer to a B<EVP_MD> for success or NULL for failure. | |
570 | ||
3fd70262 RL |
571 | =item EVP_MD_up_ref() |
572 | ||
573 | Returns 1 for success or 0 for failure. | |
574 | ||
4d49b685 DDO |
575 | =item EVP_Q_digest(), |
576 | EVP_Digest(), | |
577 | EVP_DigestInit_ex2(), | |
5a7e9991 | 578 | EVP_DigestInit_ex(), |
bbda8ce9 | 579 | EVP_DigestUpdate(), |
4d49b685 DDO |
580 | EVP_DigestFinal_ex(), |
581 | EVP_DigestFinalXOF(), and | |
582 | EVP_DigestFinal() | |
bbda8ce9 | 583 | |
4d49b685 | 584 | return 1 for |
13588350 | 585 | success and 0 for failure. |
3cbe1980 | 586 | |
bbda8ce9 RT |
587 | =item EVP_MD_CTX_ctrl() |
588 | ||
589 | Returns 1 if successful or 0 for failure. | |
590 | ||
d5e5e2ff SL |
591 | =item EVP_MD_CTX_set_params(), |
592 | EVP_MD_CTX_get_params() | |
593 | ||
594 | Returns 1 if successful or 0 for failure. | |
595 | ||
ae3ff60e RL |
596 | =item EVP_MD_CTX_settable_params(), |
597 | EVP_MD_CTX_gettable_params() | |
598 | ||
599 | Return an array of constant B<OSSL_PARAM>s, or NULL if there is none | |
600 | to get. | |
601 | ||
0324ae3e P |
602 | =item EVP_MD_CTX_dup() |
603 | ||
604 | Returns a new EVP_MD_CTX if successful or NULL on failure. | |
605 | ||
bbda8ce9 | 606 | =item EVP_MD_CTX_copy_ex() |
52ad5b60 | 607 | |
bbda8ce9 | 608 | Returns 1 if successful or 0 for failure. |
3cbe1980 | 609 | |
ed576acd TM |
610 | =item EVP_MD_get_type(), |
611 | EVP_MD_get_pkey_type() | |
3cbe1980 | 612 | |
bbda8ce9 RT |
613 | Returns the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none |
614 | exists. | |
3cbe1980 | 615 | |
ed576acd TM |
616 | =item EVP_MD_get_size(), |
617 | EVP_MD_get_block_size(), | |
618 | EVP_MD_CTX_get_size(), | |
619 | EVP_MD_CTX_get_block_size() | |
3cbe1980 | 620 | |
bbda8ce9 RT |
621 | Returns the digest or block size in bytes. |
622 | ||
623 | =item EVP_md_null() | |
624 | ||
625 | Returns a pointer to the B<EVP_MD> structure of the "null" message digest. | |
626 | ||
627 | =item EVP_get_digestbyname(), | |
628 | EVP_get_digestbynid(), | |
629 | EVP_get_digestbyobj() | |
630 | ||
631 | Returns either an B<EVP_MD> structure or NULL if an error occurs. | |
632 | ||
675f4cee PY |
633 | =item EVP_MD_CTX_set_pkey_ctx() |
634 | ||
635 | This function has no return value. | |
636 | ||
d84f5515 MC |
637 | =item EVP_MD_names_do_all() |
638 | ||
639 | Returns 1 if the callback was called for all names. A return value of 0 means | |
640 | that the callback was not called for any names. | |
641 | ||
bbda8ce9 | 642 | =back |
3cbe1980 DSH |
643 | |
644 | =head1 NOTES | |
645 | ||
646 | The B<EVP> interface to message digests should almost always be used in | |
8c1cbc72 | 647 | preference to the low-level interfaces. This is because the code then becomes |
3cbe1980 DSH |
648 | transparent to the digest used and much more flexible. |
649 | ||
bbda8ce9 | 650 | New applications should use the SHA-2 (such as L<EVP_sha256(3)>) or the SHA-3 |
89f66fe2 | 651 | digest algorithms (such as L<EVP_sha3_512(3)>). The other digest algorithms |
652 | are still in common use. | |
3cbe1980 | 653 | |
041a96e7 | 654 | For most applications the I<impl> parameter to EVP_DigestInit_ex() will be |
e72d734d DSH |
655 | set to NULL to use the default digest implementation. |
656 | ||
7b3e11c5 | 657 | The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are |
e72d734d | 658 | obsolete but are retained to maintain compatibility with existing code. New |
7b3e11c5 | 659 | applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and |
e72d734d DSH |
660 | EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context |
661 | instead of initializing and cleaning it up on each call and allow non default | |
662 | implementations of digests to be specified. | |
663 | ||
fa332bba | 664 | If digest contexts are not cleaned up after use, |
7b3e11c5 | 665 | memory leaks will occur. |
13588350 | 666 | |
ed576acd TM |
667 | EVP_MD_CTX_get0_name(), EVP_MD_CTX_get_size(), EVP_MD_CTX_get_block_size(), |
668 | EVP_MD_CTX_get_type(), EVP_get_digestbynid() and EVP_get_digestbyobj() are | |
669 | defined as macros. | |
5a34fcd7 | 670 | |
52ad5b60 TS |
671 | EVP_MD_CTX_ctrl() sends commands to message digests for additional configuration |
672 | or control. | |
5a34fcd7 | 673 | |
cda77422 | 674 | =head1 EXAMPLES |
3cbe1980 DSH |
675 | |
676 | This example digests the data "Test Message\n" and "Hello World\n", using the | |
677 | digest name passed on the command line. | |
678 | ||
679 | #include <stdio.h> | |
19ac1bf2 | 680 | #include <string.h> |
3cbe1980 DSH |
681 | #include <openssl/evp.h> |
682 | ||
19ac1bf2 | 683 | int main(int argc, char *argv[]) |
3cbe1980 | 684 | { |
2947af32 BB |
685 | EVP_MD_CTX *mdctx; |
686 | const EVP_MD *md; | |
687 | char mess1[] = "Test Message\n"; | |
688 | char mess2[] = "Hello World\n"; | |
689 | unsigned char md_value[EVP_MAX_MD_SIZE]; | |
19ac1bf2 | 690 | unsigned int md_len, i; |
2947af32 BB |
691 | |
692 | if (argv[1] == NULL) { | |
693 | printf("Usage: mdtest digestname\n"); | |
694 | exit(1); | |
695 | } | |
696 | ||
697 | md = EVP_get_digestbyname(argv[1]); | |
698 | if (md == NULL) { | |
699 | printf("Unknown message digest %s\n", argv[1]); | |
700 | exit(1); | |
701 | } | |
702 | ||
703 | mdctx = EVP_MD_CTX_new(); | |
5a7e9991 | 704 | EVP_DigestInit_ex2(mdctx, md, NULL); |
2947af32 BB |
705 | EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); |
706 | EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); | |
707 | EVP_DigestFinal_ex(mdctx, md_value, &md_len); | |
708 | EVP_MD_CTX_free(mdctx); | |
709 | ||
710 | printf("Digest is: "); | |
711 | for (i = 0; i < md_len; i++) | |
712 | printf("%02x", md_value[i]); | |
713 | printf("\n"); | |
714 | ||
715 | exit(0); | |
3cbe1980 DSH |
716 | } |
717 | ||
3cbe1980 DSH |
718 | =head1 SEE ALSO |
719 | ||
37842dfa | 720 | L<EVP_MD_meth_new(3)>, |
1903a9b7 | 721 | L<openssl-dgst(1)>, |
d5e5e2ff SL |
722 | L<evp(7)>, |
723 | L<OSSL_PROVIDER(3)>, | |
8809fdff P |
724 | L<OSSL_PARAM(3)>, |
725 | L<property(7)>, | |
726 | L<crypto(7)/ALGORITHM FETCHING>, | |
727 | L<provider-digest(7)>, | |
728 | L<life_cycle-digest(7)> | |
4facdbb5 | 729 | |
bbda8ce9 RT |
730 | The full list of digest algorithms are provided below. |
731 | ||
732 | L<EVP_blake2b512(3)>, | |
733 | L<EVP_md2(3)>, | |
734 | L<EVP_md4(3)>, | |
735 | L<EVP_md5(3)>, | |
736 | L<EVP_mdc2(3)>, | |
737 | L<EVP_ripemd160(3)>, | |
738 | L<EVP_sha1(3)>, | |
739 | L<EVP_sha224(3)>, | |
740 | L<EVP_sha3_224(3)>, | |
67e247fa | 741 | L<EVP_sm3(3)>, |
bbda8ce9 RT |
742 | L<EVP_whirlpool(3)> |
743 | ||
3cbe1980 DSH |
744 | =head1 HISTORY |
745 | ||
fc5ecadd DMSP |
746 | The EVP_MD_CTX_create() and EVP_MD_CTX_destroy() functions were renamed to |
747 | EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.0, respectively. | |
25191fff | 748 | |
3fa39ed7 | 749 | The link between digests and signing algorithms was fixed in OpenSSL 1.0 and |
a95d7574 RS |
750 | later, so now EVP_sha1() can be used with RSA and DSA. |
751 | ||
fc5ecadd | 752 | The EVP_dss1() function was removed in OpenSSL 1.1.0. |
3fa39ed7 | 753 | |
1409b5f6 | 754 | The EVP_MD_CTX_set_pkey_ctx() function was added in OpenSSL 1.1.1. |
675f4cee | 755 | |
4d49b685 DDO |
756 | The EVP_Q_digest(), EVP_DigestInit_ex2(), |
757 | EVP_MD_fetch(), EVP_MD_free(), EVP_MD_up_ref(), | |
d618ac6f P |
758 | EVP_MD_get_params(), EVP_MD_CTX_set_params(), EVP_MD_CTX_get_params(), |
759 | EVP_MD_gettable_params(), EVP_MD_gettable_ctx_params(), | |
760 | EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params() and | |
761 | EVP_MD_CTX_gettable_params() functions were added in OpenSSL 3.0. | |
762 | ||
31b7f23d TM |
763 | The EVP_MD_type(), EVP_MD_nid(), EVP_MD_name(), EVP_MD_pkey_type(), |
764 | EVP_MD_size(), EVP_MD_block_size(), EVP_MD_flags(), EVP_MD_CTX_size(), | |
765 | EVP_MD_CTX_block_size(), EVP_MD_CTX_type(), and EVP_MD_CTX_md_data() | |
766 | functions were renamed to include C<get> or C<get0> in their names in | |
767 | OpenSSL 3.0, respectively. The old names are kept as non-deprecated | |
768 | alias macros. | |
769 | ||
f6c95e46 RS |
770 | The EVP_MD_CTX_md() function was deprecated in OpenSSL 3.0; use |
771 | EVP_MD_CTX_get0_md() instead. | |
772 | EVP_MD_CTX_update_fn() and EVP_MD_CTX_set_update_fn() were deprecated | |
1409b5f6 | 773 | in OpenSSL 3.0. |
d5e5e2ff | 774 | |
0324ae3e P |
775 | EVP_MD_CTX_dup() was added in OpenSSL 3.1. |
776 | ||
e2f92610 RS |
777 | =head1 COPYRIGHT |
778 | ||
fecb3aae | 779 | Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 780 | |
4746f25a | 781 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
782 | this file except in compliance with the License. You can obtain a copy |
783 | in the file LICENSE in the source distribution or at | |
784 | L<https://www.openssl.org/source/license.html>. | |
785 | ||
786 | =cut |