Difference between revisions of "EVP Message Digests"

From OpenSSLWiki
Jump to navigationJump to search
Line 50: Line 50:
 
[[Category:Crypto API]]
 
[[Category:Crypto API]]
 
[[Category:C level]]
 
[[Category:C level]]
 +
[[Category:Examples]]

Revision as of 18:11, 24 March 2013

A Message Digest or Hash Function takes any arbitrary message (with any content or length) as an input and provides a fixed size hash value as a result. Specifically the function exhibits the following properties:

  • It is simple to create a hash value for any given message
  • It is computationally infeasible to calculate a message from any given hash (i.e. the function is one-way)
  • It is infeasible to modify a message without also modifying the hash value
  • It is infeasible to find two messages that result in the same hash

The OpenSSL library supports a wide number of different hash functions including the popular SHA-2 set of hash functions (i.e. SHA-224, SHA-256, SHA-384 and SHA-512).

An Example use of a Hash Function

Using an OpenSSL message digest/hash function, consists of the following steps:

  • Create a Message Digest context
  • Initialise the context by identifying the algorithm to be used (built-in algorithms are defined in evp.h)
  • Provide the message whose digest needs to be calculated. Messages can be divided into sections and provided over a number of calls to the library if necessary
  • Caclulate the digest
  • Clean up the context if no longer required

Message digest algorithms are identified using an EVP_MD object. These are built-in to the library and obtained through appropriate library calls (e.g. such as EVP_sha256() or EVP_sha512()).

void digest_message(unsigned char *message, unsigned char **digest, unsigned int *digest_len)
{
	EVP_MD_CTX *mdctx;

	if((mdctx = EVP_MD_CTX_create()) == NULL)
		handleErrors();

	if(1 != EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
		handleErrors();

	if(1 != EVP_DigestUpdate(mdctx, message, strlen(message)))
		handleErrors();

	if((*digest = (unsigned char *)OPENSSL_malloc(EVP_MD_size(EVP_sha256()))) == NULL)
		handleErrors();

	if(1 != EVP_DigestFinal_ex(mdctx, *digest, digest_len))
		handleErrors();

	EVP_MD_CTX_destroy(mdctx);
}

Refer to the OpenSSL manual page for further details http://www.openssl.org/docs/crypto/EVP_DigestInit.html

See also