Document EVP digest operations.

1 files changed, 191 insertions, 0 deletions

diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
new file mode 100644
index 0000000000..337ffb7930
--- /dev/null
+++ b/doc/crypto/EVP_DigestInit.pod
@@ -0,0 +1,191 @@
+=pod
+
+=head1 NAME
+
+EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ void EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, unsigned int cnt);
+ void EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+
+ #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+
+ int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
+
+ #define EVP_MD_type(e)			((e)->type)
+ #define EVP_MD_pkey_type(e)		((e)->pkey_type)
+ #define EVP_MD_size(e)			((e)->md_size)
+ #define EVP_MD_block_size(e)		((e)->block_size)
+
+ #define EVP_MD_CTX_size(e)		EVP_MD_size((e)->digest)
+ #define EVP_MD_CTX_block_size(e)	EVP_MD_block_size((e)->digest)
+ #define EVP_MD_CTX_type(e)		((e)->digest)
+
+ EVP_MD *EVP_md_null(void);
+ EVP_MD *EVP_md2(void);
+ EVP_MD *EVP_md5(void);
+ EVP_MD *EVP_sha(void);
+ EVP_MD *EVP_sha1(void);
+ EVP_MD *EVP_dss(void);
+ EVP_MD *EVP_dss1(void);
+ EVP_MD *EVP_mdc2(void);
+ EVP_MD *EVP_ripemd160(void);
+
+ const EVP_MD *EVP_get_digestbyname(const char *name);
+ #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+ #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+
+=head1 DESCRIPTION
+
+The EVP digest routines are a high level interface to message digests.
+
+B<EVP_DigestInit()> initialises a digest context B<ctx> to use a digest
+B<type>: this will typically be supplied by a function such as
+B<EVP_sha1()>.
+
+B<EVP_DigestUpdate()> hashes B<cnt> bytes of data at B<d> into the
+digest context B<ctx>. This funtion can be called several times on the
+same B<ctx> to hash additional data.
+
+B<EVP_DigestFinal()> retrieves the digest value from B<ctx> and places
+it in B<md>. If the B<s> parameter is not NULL then the number of
+bytes of data written (i.e. the length of the digest) will be written
+to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written.
+After calling B<EVP_DigestFinal> no additional calls to B<EVP_DigestUpdate>
+can be made, but B<EVP_DigestInit> can be called to initialiase a new
+digest operation.
+
+B<EVP_MD_CTX_copy> can be used to copy the message digest state from
+B<in> to B<out>. This is useful if large amounts of data are to be
+hashed which only differ in the last few bytes.
+
+B<EVP_MD_size> and B<EVP_MD_CTX_size> return the size of the message digest
+when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the
+hash.
+
+B<EVP_MD_block_size> and B<EVP_MD_CTX_block_size> return the block size of the
+message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure.
+
+B<EVP_MD_type> and B<EVP_MD_CTX_type> return the NID of the OBJECT IDENTIFIER
+representing the given message digest when passed an B<EVP_MD> structure.
+For example B<EVP_MD_type(EVP_sha1())> returns B<NID_sha1>. This function is
+normally used when setting ASN1 OIDs.
+
+B<EVP_MD_CTX_type> return the B<EVP_MD> structure corresponding to the passed
+B<EVP_MD_CTX>.
+
+B<EVP_MD_pkey_type> returns the NID of the public key signing algorithm associated
+with this digest. For example B<EVP_sha1()> is associated with RSA so this will
+return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
+algorithms may not be retained in future versions of OpenSSL.
+
+B<EVP_md2>, B<EVP_md5>, B<EVP_sha>, B<EVP_sha1>, B<EVP_mdc2> and B<EVP_ripemd160>
+return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
+algorithms respectively. The associated signature algorithm is RSA in each case.
+
+B<EVP_dss> and B<EVP_dss1> return B<EVP_MD> structures for SHA and SHA1 digest
+algorithms but using DSS (DSA) for the signature algorithm.
+
+B<EVP_md_null> is a "null" message digest that does nothing: i.e. the hash it
+returns is of zero length.
+
+B<EVP_get_digestbyname>, B<EVP_get_digestbynid> and B<EVP_get_digestbyobj>
+return an B<EVP_MD> structure when passed a digest name, a digest NID or
+and ASN1_OBJECT structure respectively. The digest table must be initialised
+using, for example, B<OpenSSL_add_all_digests()> for these functions to work.
+
+=head1 RETURN VALUES
+
+EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() do not return values.
+
+EVP_MD_CTX_copy() returns 1 if successful or 0 for failure.
+
+EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
+corresponding OBJECT IDENTIFIER or NID_undef if none exists.
+
+EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
+EVP_MD_CTX_block_size()	and EVP_MD_block_size() return the digest or block
+size in bytes.
+
+EVP_md_null(), EVP_MD *EVP_md2(), EVP_MD *EVP_md5(), EVP_MD *EVP_sha(),
+EVP_sha1(), EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return
+pointers to the corresponding EVP_MD structures.
+
+B<EVP_get_digestbyname>, B<EVP_get_digestbynid> and B<EVP_get_digestbyobj>
+return either an B<EVP_MD> structure or NULL if an error occurs.
+
+=head1 NOTES
+
+The B<EVP> interface to message digests should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the digest used and much more flexible.
+
+SHA1 is the digest of choice for new applications. The other digest algorithms
+are still in common use.
+
+=head1 EXAMPLE
+
+This example digests the data "Test Message\n" and "Hello World\n", using the
+digest name passed on the command line.
+
+ #include <stdio.h>
+ #include <openssl/evp.h>
+
+ main(int argc, char *argv[])
+ {
+ EVP_MD_CTX mdctx;
+ const EVP_MD *md;
+ char mess1[] = "Test Message\n";
+ char mess2[] = "Hello World\n";
+ unsigned char md_value[EVP_MAX_MD_SIZE];
+ int md_len, i;
+
+ OpenSSL_add_all_digests();
+
+ if(!argv[1]) {
+ 	printf("Usage: mdtest digestname\n");
+	exit(1);
+ }
+
+ md = EVP_get_digestbyname(argv[1]);
+
+ if(!md) {
+ 	printf("Unknown message digest %s\n", argv[1]);
+	exit(1);
+ }
+
+ EVP_DigestInit(&mdctx, md);
+ EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
+ EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
+ EVP_DigestFinal(&mdctx, md_value, &md_len);
+
+ printf("Digest is: ");
+ for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
+ printf("\n");
+ }
+
+=head1 BUGS
+
+B<EVP_MD_CTX_type> is not a good name because its name wrongly implies it does
+the same as B<EVP_MD_type> but takes an B<EVP_MD_CTX> parameter instead.
+
+Several of the functions do not return values: maybe they should. Although the
+internal digest operations will never fail some future hardware based operations
+might.
+
+The link between digests and signing algorithms results in a situation where
+B<EVP_sha1()> must be used with RSA and B<EVP_dss1()> must be used with DSS
+even though they are identical digests.
+
+The size of an B<EVP_MD_CTX> structure is determined at compile time: this results
+in code that must be recompiled if the size of B<EVP_MD_CTX> increases.
+
+=head1 SEE ALSO
+
+=head1 HISTORY
+
+=cut