mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-27 07:33:41 +08:00
update
This commit is contained in:
Zhi Guan
@@ -4,9 +4,10 @@
|
||||
|
||||
EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
|
||||
EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
|
||||
EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
|
||||
EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
|
||||
EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
|
||||
EVP_MD_CTX_copy_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type,
|
||||
EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
|
||||
EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1,
|
||||
EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2,
|
||||
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
|
||||
EVP digest routines
|
||||
|
||||
@@ -25,24 +26,23 @@ EVP digest routines
|
||||
int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
|
||||
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
|
||||
|
||||
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
|
||||
int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
|
||||
|
||||
int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
|
||||
int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
|
||||
unsigned int *s);
|
||||
|
||||
int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
|
||||
int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
|
||||
|
||||
#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
|
||||
#define EVP_MAX_MD_SIZE 64 /* SHA512 */
|
||||
|
||||
int EVP_MD_type(const EVP_MD *md);
|
||||
int EVP_MD_pkey_type(const EVP_MD *md);
|
||||
int EVP_MD_size(const EVP_MD *md);
|
||||
int EVP_MD_block_size(const EVP_MD *md);
|
||||
|
||||
#define EVP_MD_type(e) ((e)->type)
|
||||
#define EVP_MD_pkey_type(e) ((e)->pkey_type)
|
||||
#define EVP_MD_size(e) ((e)->md_size)
|
||||
#define EVP_MD_block_size(e) ((e)->block_size)
|
||||
|
||||
#define EVP_MD_CTX_md(e) (e)->digest)
|
||||
#define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest)
|
||||
const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
|
||||
#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
|
||||
#define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest)
|
||||
#define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest)
|
||||
|
||||
@@ -56,6 +56,11 @@ EVP digest routines
|
||||
const EVP_MD *EVP_mdc2(void);
|
||||
const EVP_MD *EVP_ripemd160(void);
|
||||
|
||||
const EVP_MD *EVP_sha224(void);
|
||||
const EVP_MD *EVP_sha256(void);
|
||||
const EVP_MD *EVP_sha384(void);
|
||||
const EVP_MD *EVP_sha512(void);
|
||||
|
||||
const EVP_MD *EVP_get_digestbyname(const char *name);
|
||||
#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
|
||||
#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
|
||||
@@ -124,15 +129,17 @@ B<EVP_MD_CTX>.
|
||||
|
||||
EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated
|
||||
with this digest. For example EVP_sha1() is associated with RSA so this will
|
||||
return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
|
||||
algorithms may not be retained in future versions of OpenSSL.
|
||||
return B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms
|
||||
are no longer linked this function is only retained for compatibility
|
||||
reasons.
|
||||
|
||||
EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
|
||||
return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
|
||||
algorithms respectively. The associated signature algorithm is RSA in each case.
|
||||
EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
|
||||
EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>
|
||||
structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
|
||||
and RIPEMD160 digest algorithms respectively.
|
||||
|
||||
EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
|
||||
algorithms but using DSS (DSA) for the signature algorithm. Note: there is
|
||||
algorithms but using DSS (DSA) for the signature algorithm. Note: there is
|
||||
no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are
|
||||
however retained for compatibility.
|
||||
|
||||
@@ -154,9 +161,8 @@ EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.
|
||||
EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
|
||||
corresponding OBJECT IDENTIFIER or NID_undef if none exists.
|
||||
|
||||
EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
|
||||
EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
|
||||
size in bytes.
|
||||
EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
|
||||
EVP_MD_CTX_block_size() return the digest or block size in bytes.
|
||||
|
||||
EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
|
||||
EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
|
||||
@@ -171,21 +177,34 @@ The B<EVP> interface to message digests should almost always be used in
|
||||
preference to the low level interfaces. This is because the code then becomes
|
||||
transparent to the digest used and much more flexible.
|
||||
|
||||
SHA1 is the digest of choice for new applications. The other digest algorithms
|
||||
are still in common use.
|
||||
New applications should use the SHA2 digest algorithms such as SHA256.
|
||||
The other digest algorithms are still in common use.
|
||||
|
||||
For most applications the B<impl> parameter to EVP_DigestInit_ex() will be
|
||||
set to NULL to use the default digest implementation.
|
||||
|
||||
The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are
|
||||
The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are
|
||||
obsolete but are retained to maintain compatibility with existing code. New
|
||||
applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and
|
||||
applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and
|
||||
EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context
|
||||
instead of initializing and cleaning it up on each call and allow non default
|
||||
implementations of digests to be specified.
|
||||
|
||||
In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
|
||||
memory leaks will occur.
|
||||
memory leaks will occur.
|
||||
|
||||
Stack allocation of EVP_MD_CTX structures is common, for example:
|
||||
|
||||
EVP_MD_CTX mctx;
|
||||
EVP_MD_CTX_init(&mctx);
|
||||
|
||||
This will cause binary compatibility issues if the size of EVP_MD_CTX
|
||||
structure changes (this will only happen with a major release of OpenSSL).
|
||||
Applications wishing to avoid this should use EVP_MD_CTX_create() instead:
|
||||
|
||||
EVP_MD_CTX *mctx;
|
||||
mctx = EVP_MD_CTX_create();
|
||||
|
||||
|
||||
=head1 EXAMPLE
|
||||
|
||||
@@ -197,7 +216,7 @@ digest name passed on the command line.
|
||||
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
EVP_MD_CTX mdctx;
|
||||
EVP_MD_CTX *mdctx;
|
||||
const EVP_MD *md;
|
||||
char mess1[] = "Test Message\n";
|
||||
char mess2[] = "Hello World\n";
|
||||
@@ -218,23 +237,27 @@ digest name passed on the command line.
|
||||
exit(1);
|
||||
}
|
||||
|
||||
EVP_MD_CTX_init(&mdctx);
|
||||
EVP_DigestInit_ex(&mdctx, md, NULL);
|
||||
EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
|
||||
EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
|
||||
EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
|
||||
EVP_MD_CTX_cleanup(&mdctx);
|
||||
mdctx = EVP_MD_CTX_create();
|
||||
EVP_DigestInit_ex(mdctx, md, NULL);
|
||||
EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
|
||||
EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
|
||||
EVP_DigestFinal_ex(mdctx, md_value, &md_len);
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
|
||||
printf("Digest is: ");
|
||||
for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
|
||||
for(i = 0; i < md_len; i++)
|
||||
printf("%02x", md_value[i]);
|
||||
printf("\n");
|
||||
|
||||
/* Call this once before exit. */
|
||||
EVP_cleanup();
|
||||
exit(0);
|
||||
}
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
|
||||
L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
|
||||
L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
|
||||
L<dgst(1)|dgst(1)>,
|
||||
L<evp(3)|evp(3)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
@@ -247,10 +270,10 @@ and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
|
||||
|
||||
EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
|
||||
EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
|
||||
changed to return truely const EVP_MD * in OpenSSL 0.9.7.
|
||||
changed to return truly const EVP_MD * in OpenSSL 0.9.7.
|
||||
|
||||
The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
|
||||
later, so now EVP_sha1() can be used with RSA and DSA, there is no need to
|
||||
later, so now EVP_sha1() can be used with RSA and DSA; there is no need to
|
||||
use EVP_dss1() any more.
|
||||
|
||||
OpenSSL 1.0 and later does not include the MD2 digest algorithm in the
|
||||
|
||||
Reference in New Issue
Block a user