OpenSSLWiki - User contributions [en]

Libcrypto API

2013-03-11T10:17:45Z

Jwalton-test: /* See also */

OpenSSL provides two primary libraries: [[Libssl API|libssl]] and libcrypto. The libcrypto library provides the fundamental cryptographic routines used by [[Libssl API|libssl]]. You can however use libcrypto without using [[Libssl API|libssl]].

==Getting Started==

In order to use libcrypto it must first (typically) be initialised:

#include <openssl/conf.h>
#include <openssl/evp.h>

int main(int arc, char *argv[])
{
/* Load the human readable error strings for libcrypto */
ERR_load_crypto_strings();

/* Load all digest and cipher algorithms */
OpenSSL_add_all_algorithms();

/* Load config file, and other important initialisation */
OPENSSL_config(NULL);

/* ... Do some crypto stuff here ... */

/* Clean up */

/* Removes all digests and ciphers */
EVP_cleanup();

/* Remove error strings */
ERR_free_strings();

return 0;
}

==High Level and Low Level Interfaces==

For most uses, users should use the high level interface that is provided for performing cryptographic operations. This is known as the [[EVP]] interface (short for Envelope). This interface provides a suite of functions for performing encryption/decryption (both symmetric and asymmetric), signing/verifying, as well as generating hashes and MAC codes, across the full range of OpenSSL supported algorithms and modes. Working with the high level interface means that a lot of the complexity of performing cryptographic operations is hidden from view. A single consistent API is provided. In the event that you need to change your code to use a different algorithm (for example), then this is a simple change when using the high level interface. In addition low level issues such as padding and encryption modes are all handled for you.

Refer to [[EVP]] for further information on the high level interface.

In addition to the high level interface, OpenSSL also provides low level interfaces for working directly with the individual algorithms. These low level interfaces are not recommended for the novice user, but provide a degree of control that may not be possible when using only the high level interface. Note that many low-level interfaces are not available if you are running in [[FIPS 140-2|FIPS]] mode.

==Error Handling==

Most OpenSSL functions will return an integer to indicate success or failure. Typically a function will return 1 on success or 0 on error. All return codes should be checked and handled as appropriate.

It is common to see errors handled in a way similar to the following:

if(1 != EVP_xxx()) goto err;
if(1 != EVP_yyy()) goto err;

/* ... do some stuff ... */

err:
ERR_print_errors_fp(stderr);

Note that not all of the libcrypto functions return 0 for error and 1 for success. There '''are''' exceptions which can trip up the unwary. For example if you want to check a signature with some functions you get 1 if the signature is correct, 0 if it is not correct and -1 if something bad happened like a memory allocation failure. So if you do:

<pre>
if (some_verify_function())
/* signature successful */
</pre>

and someone can induce the "something bad happened" condition you end up behaving as though a bad signature is good. This one cropped up in the library internals at one point and was fixed in a security release. Currently you should check the manual pages or the source to be sure.

One way to avoid being bitten by this potential problem is to always use this idiom to check for errors when calling an OpenSSL function:

<pre>
if (1 != some_openssl_function())
/* handle error */
</pre>

== Further libcrypto information ==

There are a number of other pages that cover specific aspects of working with libcrypto:
* [[EVP|EVP High level interface for cryptographic operations]]
* [[Low Level Cryptographic APIs]]
* [[Random Numbers|Handling Random Numbers]]
* [[BIO|Working with BIOs]]

==See also==
* [[Libssl API]]
* [[Buy_Vi@gr@|Buy Vi@gr@]]

Main Page

2013-02-27T19:16:14Z

Jwalton-test:

'''Welcome to the OpenSSL Wiki'''

This wiki is under construction as we figure out what works and what doesn't. Please see the [[basic rules]] which are summarized here:

This wiki is intended for the OpenSSL community. There are a few minor restrictions so we don't have to fool with capchas and constantly monitor for spam, defacements, and vandalism. The essence of the restrictions are:

* Everyone can read content
* Registered users can add or edit content

We encourage your participation and hope you will add pages and improve existing pages. If you want to add or edit content you should register for an account by clicking ''Create Account'' in the upper right hand corner of the page.

We hope to have multiple administrators. Those who have an interest may request admission to the Administrator or Bureaucrat groups.

We would like the content to be as accessible and usable as possible. We ask that all original content be in the public domain. We understand existing OpenSSL subject matter from other sources will inevitably appear here. Please respect other's copyright, and only place material if you are the copyright holder. If you are the holder and do place existing material, please place the content in public domain ''or'' under the OpenSSL license.

It remains to be seen how this will work out. If you think your contributions have been blocked or modified inappropriately it was probably done by accident; please contact Steve Marquess, marquess@opensslfoundation.com, +1 301-874-2571.

{{CategoryTOC}}

== Getting started ==
* [http://meta.wikimedia.org/wiki/Help:Contents User's Guide] for information on using the wiki software.
* [http://www.mediawiki.org/wiki/Manual:Configuration_settings Configuration settings list]
* [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ]
* [https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce MediaWiki release mailing list]

Here's an attempt to deface this wiki page. The account, [[User:Jwalton-test]] was created and verified by email. Under [[Special:ListUsers|Users]], the account has no membership.

Main Page

2013-02-27T19:15:36Z

Jwalton-test: