NAME¶

BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx, BIO_set_md_ctx — message digest BIO filter

SYNOPSIS¶

#include <openssl/bio.h>
#include <openssl/evp.h>

const BIO_METHOD *
BIO_f_md(void);

long
BIO_set_md(BIO *b, EVP_MD *md);

long
BIO_get_md(BIO *b, EVP_MD **mdp);

long
BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp);

long
BIO_set_md_ctx(BIO *b, EVP_MD_CTX *mdc);

DESCRIPTION¶

BIO_f_md() returns the message digest BIO method. This is a filter BIO that digests any data passed through it. It is a BIO wrapper for the digest routines EVP_DigestInit(3), EVP_DigestUpdate(3), and EVP_DigestFinal(3).

BIO_set_md() sets the message digest of b to md and initializes it using EVP_DigestInit_ex(3). Calling this function is required before any data is passed through b.

BIO_get_md() places a pointer to the digest method of b into *mdp.

Any data written or read through a digest BIO using BIO_read(3) and BIO_write(3) is digested.

BIO_gets(3), if its size parameter is large enough, finishes the digest calculation and returns the digest value. BIO_puts(3) is not supported. If an application needs to call BIO_gets(3) or BIO_puts(3) through a chain containing digest BIOs, this can be done by prepending a buffering BIO.

After the digest has been retrieved from a digest BIO, call BIO_reset(3) to reinitialize it and any BIOs following it in its chain before passing any more data through it. If no subsequent BIOs require reinitialization, BIO_set_md() can be used instead of BIO_reset(3).

BIO_get_md_ctx() places a pointer to the digest context of b into *mdcp and marks the BIO as initialized without actually initializing it. Unless BIO_set_md() was already called on b, the caller becomes responsible for initializing the digest context with EVP_DigestInit_ex(3).

The context returned by BIO_get_md_ctx() can be used in calls to EVP_DigestFinal(3) and also in the signature routines EVP_SignFinal(3) and EVP_VerifyFinal(3).

The context returned by BIO_get_md_ctx() is an internal context structure. Changes made to this context will affect the digest BIO itself, and the context pointer will become invalid when the digest BIO is freed.

BIO_set_md_ctx() replaces the digest context of b with mdc. Calling this function is usually not necessary because creating a digest BIO with BIO_new(3) automatically creates a digest context and stores it internally. Before calling BIO_set_md_ctx(), the caller has to retrieve the old context using BIO_get_md_ctx(), and the caller also becomes responsible for calling EVP_MD_CTX_free(3) on the old context. Unless mdc is already initialized, the caller needs to initialize it after calling BIO_set_md_ctx() using either BIO_set_md() or EVP_DigestInit(3).

When a chain containing a message digest BIO is copied with BIO_dup_chain(3), EVP_MD_CTX_copy_ex(3) is called internally to automatically copy the message digest context from the existing BIO object to the new one, and the init flag that can be retrieved with BIO_get_init(3) is set to 1.

BIO_ctrl(3) cmd arguments correspond to macros as follows:

RETURN VALUES¶

BIO_f_md() returns the digest BIO method.

When called on a message digest BIO object, BIO_method_type(3) returns the constant BIO_TYPE_MD and BIO_method_name(3) returns a pointer to the static string "message digest".

BIO_set_md() returns 1 on success or 0 if EVP_DigestInit_ex(3) fails.

BIO_get_md() and BIO_set_md_ctx() return 1 on success or 0 if b is not initialized.

BIO_get_md_ctx() returns 1 on success or 0 on failure, but the current implementation cannot actually fail.

EXAMPLES¶

The following example creates a BIO chain containing a SHA-1 and MD5 digest BIO and passes the string "Hello World" through it. Error checking has been omitted for clarity.

BIO *bio, *mdtmp;
const char message[] = "Hello World";
bio = BIO_new(BIO_s_null());
mdtmp = BIO_new(BIO_f_md());
BIO_set_md(mdtmp, EVP_sha1());
/*
 * For BIO_push() we want to append the sink BIO
 * and keep a note of the start of the chain.
 */
bio = BIO_push(mdtmp, bio);
mdtmp = BIO_new(BIO_f_md());
BIO_set_md(mdtmp, EVP_md5());
bio = BIO_push(mdtmp, bio);
/* Note: mdtmp can now be discarded */
BIO_write(bio, message, strlen(message));

The next example digests data by reading through a chain instead:

BIO *bio, *mdtmp;
char buf[1024];
int rdlen;

bio = BIO_new_file(file, "rb");
mdtmp = BIO_new(BIO_f_md());
BIO_set_md(mdtmp, EVP_sha1());
bio = BIO_push(mdtmp, bio);
mdtmp = BIO_new(BIO_f_md());
BIO_set_md(mdtmp, EVP_md5());
bio = BIO_push(mdtmp, bio);
do {
	rdlen = BIO_read(bio, buf, sizeof(buf));
	/* Might want to do something with the data here */
} while (rdlen > 0);

This next example retrieves the message digests from a BIO chain and outputs them. This could be used with the examples above.

BIO *mdtmp;
unsigned char mdbuf[EVP_MAX_MD_SIZE];
int mdlen;
int i;

mdtmp = bio;	/* Assume bio has previously been set up */
do {
	EVP_MD *md;
	mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
	if (!mdtmp)
		break;
	BIO_get_md(mdtmp, &md);
	printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
	mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
	for(i = 0; i < mdlen; i++)
		printf(":%02X", mdbuf[i]);
	printf("\n");
	mdtmp = BIO_next(mdtmp);
} while(mdtmp);
BIO_free_all(bio);

SEE ALSO¶

BIO_new(3), EVP_DigestInit(3)

HISTORY¶

BIO_f_md(), BIO_set_md(), and BIO_get_md() first appeared in SSLeay 0.6.0. BIO_get_md_ctx() first appeared in SSLeay 0.8.1. These functions have been available since OpenBSD 2.4.

BIO_set_md_ctx() first appeared in OpenSSL 0.9.7e and has been available since OpenBSD 3.8.

Before OpenSSL 1.0.0, the call to BIO_get_md_ctx() would only work if the BIO had been initialized, for example by calling BIO_set_md().

BUGS¶

The lack of support for BIO_puts(3) and the non-standard behaviour of BIO_gets(3) could be regarded as anomalous. It could be argued that BIO_gets(3) and BIO_puts(3) should be passed to the next BIO in the chain and digest the data passed through and that digests should be retrieved using a separate BIO_ctrl(3) call.