EVP Message Digests

From OpenSSLWiki
Revision as of 10:49, 9 March 2013 by Matt (talk | contribs) (Initial draft)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

A Message Digest or Hash Function takes any arbitrary message (with any content or length) as an input and provides a fixed size hash value as a result. Specifically the function exhibits the following properties:

  • It is simple to create a hash value for any given message
  • It is computationally infeasible to calculate a message from any given hash (i.e. the function is one-way)
  • It is infeasible to modify a message without also modifying the hash value
  • It is infeasible to find two messages that result in the same hash output from the hash function

The OpenSSL library supports a wide number of different hash functions including the popular SHA-2 set of hash functions (i.e. SHA-224, SHA-256, SHA-384 and SHA-512).

An Example use of a Hash Function

Using an OpenSSL message digest/hash function, consists of the following steps:

  • Create a Message Digest context
  • Initialise the context by identifying the algorithm to be used (built-in algorithms are defined in evp.h)
  • Provide the message whose digest needs to be calculated. Messages can be divided into sections and provided over a number of calls to the library if necessary
  • Caclulate the digest
  • Clean up the context if no longer required

Message digest algorithms are identified using an EVP_MD object. These are built-in to the library and obtained through appropriate library calls (e.g. such as EVP_sha256() or EVP_sha512()).

void digest_message(unsigned char *message, unsigned char **digest, unsigned int *digest_len)
	EVP_MD_CTX *mdctx;

	if((mdctx = EVP_MD_CTX_create()) == NULL)

	if(1 != EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))

	if(1 != EVP_DigestUpdate(mdctx, message, strlen(message)))

	if((*digest = (unsigned char *)OPENSSL_malloc(EVP_MD_size(EVP_sha256()))) == NULL)

	if(1 != EVP_DigestFinal_ex(mdctx, *digest, digest_len))


See also