NAME

EVP_sha1, EVP_md5, EVP_md5_sha1, EVP_md4 — legacy message digest algorithms

SYNOPSIS

#include <openssl/evp.h>

const EVP_MD *
EVP_sha1(void);

const EVP_MD *
EVP_md5(void);

const EVP_MD *
EVP_md5_sha1(void);

const EVP_MD *
EVP_md4(void);

DESCRIPTION

The following message digest algorithms are cryptographically broken. None of them should be used in new code unless there is no way around it.

EVP_sha1() implements the SHA-1 algorithm and produces 160 bits of output from a given input. Examples of protocols and software still requiring it include OCSP, DNS, and the git version control system.

EVP_md5() implements the MD5 algorithm and produces 128 bits of output from a given input. It is still occasionally used when no security is required but a fast hash algorithm is beneficial.

EVP_md5_sha1() produces concatenated MD5 and SHA-1 message digests. Do not use this except where it is required for the historic SSLv3 protocol.

EVP_md4() implements the MD4 algorithm and produces 128 bits of output from a given input. It has been marked as “historic” by the Internet Engineering Task Force since 2011.

RETURN VALUES

These functions return pointers to static EVP_MD objects implementing the hash functions.

SEE ALSO

evp(3), EVP_DigestInit(3)

STANDARDS

T. Polk, L. Chen, S. Turner, and P. Hoffman, Security Considerations for the SHA-0 and SHA-1 Message-Digest Algorithms, RFC 6194, March 2011.

S. Turner and L. Chen, Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms, RFC 6151, March 2011.

S. Turner and L. Chen, MD4 to Historic Status, RFC 6150, March 2011.

P. Kocher, P. Karlton, and A. Freier, The Secure Sockets Layer (SSL) Protocol Version 3.0, RFC 6101, August 2011.

HISTORY

EVP_sha1() and EVP_md5() first appeared in SSLeay 0.5.1 and have been available since OpenBSD 2.4.

EVP_md4() first appeared in OpenSSL 0.9.6 and has been available since OpenBSD 2.9.

EVP_md5_sha1() first appeared in OpenSSL 1.1.0 and has been available since OpenBSD 6.3.