EVP Message Digests

From OpenSSLWiki
Revision as of 23:00, 28 April 2017 by Jwalton (talk | contribs) (Add links to all EVP articles.)
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Message Digests
Documentation
#include <openssl/evp.h>

A Message Digest or Hash Function takes any arbitrary message (with any content or length) as an input and provides a fixed size hash value as a result. Specifically the function exhibits the following properties:

  • It is simple to create a hash value for any given message
  • It is computationally infeasible to calculate a message from any given hash (i.e. the function is one-way)
  • It is infeasible to modify a message without also modifying the hash value
  • It is infeasible to find two messages that result in the same hash

The OpenSSL library supports a wide number of different hash functions including the popular Category:SHA-2 set of hash functions (i.e. SHA-224, SHA-256, SHA-384 and SHA-512).

An Example use of a Hash Function

Using an OpenSSL message digest/hash function, consists of the following steps:

  • Create a Message Digest context
  • Initialise the context by identifying the algorithm to be used (built-in algorithms are defined in evp.h)
  • Provide the message whose digest needs to be calculated. Messages can be divided into sections and provided over a number of calls to the library if necessary
  • Caclulate the digest
  • Clean up the context if no longer required

Message digest algorithms are identified using an EVP_MD object. These are built-in to the library and obtained through appropriate library calls (e.g. such as EVP_sha256() or EVP_sha512()).

void digest_message(const unsigned char *message, size_t message_len, unsigned char **digest, unsigned int *digest_len)
{
	EVP_MD_CTX *mdctx;

	if((mdctx = EVP_MD_CTX_create()) == NULL)
		handleErrors();

	if(1 != EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
		handleErrors();

	if(1 != EVP_DigestUpdate(mdctx, message, message_len))
		handleErrors();

	if((*digest = (unsigned char *)OPENSSL_malloc(EVP_MD_size(EVP_sha256()))) == NULL)
		handleErrors();

	if(1 != EVP_DigestFinal_ex(mdctx, *digest, digest_len))
		handleErrors();

	EVP_MD_CTX_destroy(mdctx);
}

Refer to the OpenSSL manual page for further details Manual:EVP_DigestInit(3)

See also