OpenSSLWiki - User contributions [en]

EVP Signing and Verifying

2015-06-21T21:37:09Z

Richmoore: /* Signing */

There are two APIs available to perform sign and verify operations. The first are the older <tt>EVP_Sign*</tt> and <tt>EVP_Verify*</tt> functions; and the second are the newer and more flexible <tt>EVP_DigestSign*</tt> and <tt>EVP_DigestVerify*</tt> functions. Though the APIs are similar, new applications should use the <tt>EVP_DigestSign*</tt> and <tt>EVP_DigestVerify*</tt> functions.

The examples below use the new <tt>EVP_DigestSign*</tt> and <tt>EVP_DigestVerify*</tt> functions to demonstarte signing and verification. The first example uses an HMAC, and the second example uses RSA key pairs. Additionally, the code for the examples are available for download.

==Overview==

In general, signing a message is a three stage process:

* Initialize the context with a message digest/hash function and <tt>EVP_PKEY</tt> key
* Add the message data (this step can be repeated as many times as necessary)
* Finalize the context to create the signature

In order to initialize, you first need to select a message digest algorithm (refer to [[EVP#Working with Algorithms and Modes|Working with Algorithms and Modes]]). Second, you need to provide a <tt>EVP_PKEY</tt> containing a key for an algorithm that supports signing (refer to [[EVP#Working with EVP_PKEYs|Working with EVP_PKEYs]]). Both the digest and the key are provided to <tt>EVP_DigestSignInit</tt>.

To add the message data, you call <tt>EVP_DigestSignUpdate</tt> one or more times.

To finalize the operation and retrieve the signature, you call <tt>EVP_DigestSignFinal</tt>.

In general, verification follows the same steps. The key difference is the finalization:

* Initialize the context with a message digest/hash function and <tt>EVP_PKEY</tt> key
* Add the message data (this step can be repeated as many times as necessary)
* Finalize the context '''''with''''' the previous signature to verify the message

When finalizing during verification, you add the signature in the call. <tt>EVP_DigestVerifyFinal</tt> will then perform the validate the signature on the message.

==HMAC==

The first example shows how to create a signature over a message using an HMAC with <tt>EVP_DigestSignInit</tt>, <tt>EVP_DigestSignUpdate</tt> and <tt>EVP_DigestSignFinal</tt>. The second part shows how to verify a signature over the message using using the same <tt>EVP_DigestSign</tt> functions. You do not use the <tt>EVP_DigestVerify</tt> functions to verify.

'''''Note well''''': you do not use <tt>EVP_DigestVerify</tt> to verify an HMAC. <tt>EVP_DigestVerifyInit</tt> will fail with an error 0x608f096: <tt>error:0608F096:digital envelope routines:EVP_PKEY_verify_init:operation not supported for this keytype</tt>.

===Signing===

The code below signs a string using an HMAC.

<pre>int sign_it(const byte* msg, size_t mlen, byte** sig, size_t* slen, EVP_PKEY* pkey)
{
/* Returned to caller */
int result = -1;

if(!msg || !mlen || !sig || !pkey) {
assert(0);
return -1;
}

if(*sig)
OPENSSL_free(*sig);

*sig = NULL;
*slen = 0;

EVP_MD_CTX* ctx = NULL;

do
{
ctx = EVP_MD_CTX_create();
assert(ctx != NULL);
if(ctx == NULL) {
printf("EVP_MD_CTX_create failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}

const EVP_MD* md = EVP_get_digestbyname("SHA256");
assert(md != NULL);
if(md == NULL) {
printf("EVP_get_digestbyname failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}

int rc = EVP_DigestInit_ex(ctx, md, NULL);
assert(rc == 1);
if(rc != 1) {
printf("EVP_DigestInit_ex failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}

rc = EVP_DigestSignInit(ctx, NULL, md, NULL, pkey);
assert(rc == 1);
if(rc != 1) {
printf("EVP_DigestSignInit failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}

rc = EVP_DigestSignUpdate(ctx, msg, mlen);
assert(rc == 1);
if(rc != 1) {
printf("EVP_DigestSignUpdate failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}

size_t req = 0;
rc = EVP_DigestSignFinal(ctx, NULL, &req);
assert(rc == 1);
if(rc != 1) {
printf("EVP_DigestSignFinal failed (1), error 0x%lx\n", ERR_get_error());
break; /* failed */
}

assert(req > 0);
if(!(req > 0)) {
printf("EVP_DigestSignFinal failed (2), error 0x%lx\n", ERR_get_error());
break; /* failed */
}

*sig = OPENSSL_malloc(req);
assert(*sig != NULL);
if(*sig == NULL) {
printf("OPENSSL_malloc failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}

*slen = req;
rc = EVP_DigestSignFinal(ctx, *sig, slen);
assert(rc == 1);
if(rc != 1) {
printf("EVP_DigestSignFinal failed (3), return code %d, error 0x%lx\n", rc, ERR_get_error());
break; /* failed */
}

assert(req == *slen);
if(rc != 1) {
printf("EVP_DigestSignFinal failed, mismatched signature sizes %ld, %ld", req, *slen);
break; /* failed */
}

result = 0;

} while(0);

if(ctx) {
EVP_MD_CTX_destroy(ctx);
ctx = NULL;
}

/* Convert to 0/1 result */
return !!result;
}</pre>

===Verifying===

The code below performs verification of a string using an HMAC.

<pre>int verify_it(const byte* msg, size_t mlen, const byte* sig, size_t slen, EVP_PKEY* pkey)
{
/* Returned to caller */
int result = -1;

if(!msg || !mlen || !sig || !slen || !pkey) {
assert(0);
return -1;
}

EVP_MD_CTX* ctx = NULL;

do
{
ctx = EVP_MD_CTX_create();
assert(ctx != NULL);
if(ctx == NULL) {
printf("EVP_MD_CTX_create failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}

const EVP_MD* md = EVP_get_digestbyname("SHA256");
assert(md != NULL);
if(md == NULL) {
printf("EVP_get_digestbyname failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}

int rc = EVP_DigestInit_ex(ctx, md, NULL);
assert(rc == 1);
if(rc != 1) {
printf("EVP_DigestInit_ex failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}

rc = EVP_DigestSignInit(ctx, NULL, md, NULL, pkey);
assert(rc == 1);
if(rc != 1) {
printf("EVP_DigestSignInit failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}

rc = EVP_DigestSignUpdate(ctx, msg, mlen);
assert(rc == 1);
if(rc != 1) {
printf("EVP_DigestSignUpdate failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}

byte buff[EVP_MAX_MD_SIZE];
size_t size = sizeof(buff);

rc = EVP_DigestSignFinal(ctx, buff, &size);
assert(rc == 1);
if(rc != 1) {
printf("EVP_DigestVerifyFinal failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}

assert(size > 0);
if(!(size > 0)) {
printf("EVP_DigestSignFinal failed (2)\n");
break; /* failed */
}

const size_t m = (slen < size ? slen : size);
result = !!CRYPTO_memcmp(sig, buff, m);

OPENSSL_cleanse(buff, sizeof(buff));

} while(0);

if(ctx) {
EVP_MD_CTX_destroy(ctx);
ctx = NULL;
}

/* Convert to 0/1 result */
return !!result;
}</pre>

==Public Key==

The second example shows how to create a signature over a message using public keys with <tt>EVP_DigestSignInit</tt>, <tt>EVP_DigestSignUpdate</tt> and <tt>EVP_DigestSignFinal</tt>. The second example shows how to verify a signature over the message using <tt>EVP_DigestVerifyInit</tt>, <tt>EVP_DigestVerifyUpdate</tt> and <tt>EVP_DigestVerifyFinal</tt>. Unlike HMACs, you do use the <tt>EVP_DigestVerify</tt> functions to verify.

===Signing===

<pre>EVP_MD_CTX *mdctx = NULL;
int ret = 0;

*sig = NULL;

/* Create the Message Digest Context */
if(!(mdctx = EVP_MD_CTX_create())) goto err;

/* Initialise the DigestSign operation - SHA-256 has been selected as the message digest function in this example */
if(1 != EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, key)) goto err;

/* Call update with the message */
if(1 != EVP_DigestSignUpdate(mdctx, msg, strlen(msg))) goto err;

/* Finalise the DigestSign operation */
/* First call EVP_DigestSignFinal with a NULL sig parameter to obtain the length of the
* signature. Length is returned in slen */
if(1 != EVP_DigestSignFinal(mdctx, NULL, slen)) goto err;
/* Allocate memory for the signature based on size in slen */
if(!(*sig = OPENSSL_malloc(sizeof(unsigned char) * (*slen)))) goto err;
/* Obtain the signature */
if(1 != EVP_DigestSignFinal(mdctx, *sig, slen)) goto err;

/* Success */
ret = 1;

err:
if(ret != 1)
{
/* Do some error handling */
}

/* Clean up */
if(*sig && !ret) OPENSSL_free(*sig);
if(mdctx) EVP_MD_CTX_destroy(mdctx);</pre>

Note: There is no difference in the API between signing using an asymmetric algorithm, and generating a MAC code. In the case of CMAC no message digest function is required (NULL can be passed). Signing using the EVP_Sign* functions is very similar to the above example, except there is no support for MAC codes. Note that CMAC is only supported in the (as yet unreleased) version 1.1.0 of OpenSSL.

One gotcha to be aware of is that the first call to EVP_DigestSignFinal simply returns the maximum size of the buffer required. This will not always be the same as the size of the generated signature (specifically in the case of DSA and ECDSA). This means that you should also take account of the value of the length returned on the second call (in the slen variable in this example) when making use of the signature.

Refer to [[Manual:EVP_DigestSignInit(3)]] for further details on the EVP_DigestSign* functions, and [[Manual:EVP_SignInit(3)]] for the EVP_Sign* functions.

===Verifying===

Verifying a message is very similar to signing except the EVP_DigestVerify* functions (or EVP_Verify* functions) are used instead. Clearly only a public key is required for a verify operation:

<pre>/* Initialize `key` with a public key */
if(1 != EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, key)) goto err;

/* Initialize `key` with a public key */
if(1 != EVP_DigestVerifyUpdate(mdctx, msg, strlen(msg))) goto err;

if(1 == EVP_DigestVerifyFinal(mdctx, sig, slen))
{
/* Success */
}
else
{
/* Failure */
}
</pre>

Note that MAC operations do not support the verify operation. Verifying a MAC code is done by calling the sign operations and confirming that the generated code is identical to the one provided. It is important that when comparing a supplied MAC with an expected MAC that the comparison takes a constant time whether the comparison returns a match or not. Failure to do this can expose your code to timing attacks, which could (for example) enable an attacker to forge MAC codes. To do this use the CRYPTO_memcmp function as shown in the code example below. '''Never''' use memcmp for this test:

<pre>
if(!(mdctx = EVP_MD_CTX_create())) goto err;

/* Create a buffer to store the MAC for the received message */
if(!(sigtmp = OPENSSL_malloc(sizeof(unsigned char) * EVP_PKEY_size(key)))) goto err;
sigtmplen = EVP_PKEY_size(key);

/* Calculate the MAC for the received message */
if(1 != EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, key)) goto err;
if(1 != EVP_DigestSignUpdate(mdctx, msg, strlen(msg))) goto err;
if(1 != EVP_DigestSignFinal(mdctx, sigtmp, &sigtmplen)) goto err;

/* Check the lengths of the calculated and supplied MACs are the same */
if(sigtmplen != slen) goto err;

/* Calculated MAC is in sigtmp. Supplied MAC is in sig. Compare the two */
if(CRYPTO_memcmp(sig, sigtmp, slen))
/* Verify failure */ goto failure;
else
/* Verify success */;
</pre>

Refer to [[Manual:EVP_DigestVerifyInit(3)]] and [[Manual:EVP_VerifyInit(3)]] for further information on the verify functions.

==Downloads==

[[Media:t-hmac.c.tar.gz|t-hmac.c.tar.gz]] - sample program to sign and verify a string using an HMAC with the <tt>EVP_DigestSign*</tt> and <tt>EVP_DigestVerify*</tt> functions.

[[Media:t-rsa.c.tar.gz|t-rsa.c.tar.gz]] - sample program to sign and verify a string using RSA with the <tt>EVP_DigestSign*</tt> and <tt>EVP_DigestVerify*</tt> functions.

==See also==
* [[EVP]]
* [[Libcrypto API]]

[[Category:Crypto API]]
[[Category:C level]]
[[Category:Examples]]

Simple TLS Server

2015-05-18T20:38:05Z

Richmoore: Fix missing error check on accept

The code below is a complete implementation of a minimal TLS server. The first thing we do is initialise openssl in the ''init_openssl()'' function by loading the strings used for error messages, and setting up the algorithms needed for TLS. We then create an ''SSL_CTX'' or SSL context. This is created using the ''SSLv23_server_method'' which despite its name actually creates a server that will negotiate the highest version of SSL/TLS supported by the client it is connecting to. The context is then configured - we use ''SSL_CTX_set_ecdh_auto'' to tell openssl to handle selecting the right elliptic curves for us (this function isn't available in older versions of openssl which required this to be done manually). The final step of configuring the context is to specify the certificate and private key to use.

Next we perform some normal socket programming and create a new server socket, there's nothing openssl specific about this code. Whenever we get a new connection we call ''accept'' as normal. To handle the TLS we create a new ''SSL'' structure, this holds the information related to this particular connection. We use ''SSL_set_fd'' to tell openssl the file descriptor to use for the communication. In this example, we call ''SSL_accept'' to handle the server side of the TLS handshake, then use ''SSL_write()'' to send our message. Finally we clean up the various structures.

<pre>

#include <stdio.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

int create_socket(int port)
{
int s;
struct sockaddr_in addr;

addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = htonl(INADDR_ANY);

s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0) {
perror("Unable to create socket");
exit(EXIT_FAILURE);
}

if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
perror("Unable to bind");
exit(EXIT_FAILURE);
}

if (listen(s, 1) < 0) {
perror("Unable to listen");
exit(EXIT_FAILURE);
}

return s;
}

void init_openssl()
{
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
}

void cleanup_openssl()
{
EVP_cleanup();
}

SSL_CTX *create_context()
{
const SSL_METHOD *method;
SSL_CTX *ctx;

method = SSLv23_server_method();

ctx = SSL_CTX_new(method);
if (!ctx) {
perror("Unable to create SSL context");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

return ctx;
}

void configure_context(SSL_CTX *ctx)
{
SSL_CTX_set_ecdh_auto(ctx, 1);

/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, "cert.pem", SSL_FILETYPE_PEM) < 0) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

if (SSL_CTX_use_PrivateKey_file(ctx, "key.pem", SSL_FILETYPE_PEM) < 0 ) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
}

int main(int argc, char **argv)
{
int sock;
SSL_CTX *ctx;

init_openssl();
ctx = create_context();

configure_context(ctx);

sock = create_socket(4433);

/* Handle connections */
while(1) {
struct sockaddr_in addr;
uint len = sizeof(addr);
SSL *ssl;
const char reply[] = "test\n";

int client = accept(sock, (struct sockaddr*)&addr, &len);
if (client < 0) {
perror("Unable to accept");
exit(EXIT_FAILURE);
}

ssl = SSL_new(ctx);
SSL_set_fd(ssl, client);

if (SSL_accept(ssl) <= 0) {
ERR_print_errors_fp(stderr);
}
else {
SSL_write(ssl, reply, strlen(reply));
}

SSL_free(ssl);
close(client);
}

close(sock);
SSL_CTX_free(ctx);
cleanup_openssl();
}

</pre>

Simple TLS Server

2015-05-17T19:49:44Z

Richmoore:

The code below is a complete implementation of a minimal TLS server. The first thing we do is initialise openssl in the ''init_openssl()'' function by loading the strings used for error messages, and setting up the algorithms needed for TLS. We then create an ''SSL_CTX'' or SSL context. This is created using the ''SSLv23_server_method'' which despite its name actually creates a server that will negotiate the highest version of SSL/TLS supported by the client it is connecting to. The context is then configured - we use ''SSL_CTX_set_ecdh_auto'' to tell openssl to handle selecting the right elliptic curves for us (this function isn't available in older versions of openssl which required this to be done manually). The final step of configuring the context is to specify the certificate and private key to use.

Next we perform some normal socket programming and create a new server socket, there's nothing openssl specific about this code. Whenever we get a new connection we call ''accept'' as normal. To handle the TLS we create a new ''SSL'' structure, this holds the information related to this particular connection. We use ''SSL_set_fd'' to tell openssl the file descriptor to use for the communication. In this example, we call ''SSL_accept'' to handle the server side of the TLS handshake, then use ''SSL_write()'' to send our message. Finally we clean up the various structures.

<pre>

#include <stdio.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

int create_socket(int port)
{
int s;
struct sockaddr_in addr;

addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = htonl(INADDR_ANY);

s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0) {
perror("Unable to create socket");
exit(EXIT_FAILURE);
}

if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
perror("Unable to bind");
exit(EXIT_FAILURE);
}

if (listen(s, 1) < 0) {
perror("Unable to listen");
exit(EXIT_FAILURE);
}

return s;
}

void init_openssl()
{
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
}

void cleanup_openssl()
{
EVP_cleanup();
}

SSL_CTX *create_context()
{
const SSL_METHOD *method;
SSL_CTX *ctx;

method = SSLv23_server_method();

ctx = SSL_CTX_new(method);
if (!ctx) {
perror("Unable to create SSL context");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

return ctx;
}

void configure_context(SSL_CTX *ctx)
{
SSL_CTX_set_ecdh_auto(ctx, 1);

/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, "cert.pem", SSL_FILETYPE_PEM) < 0) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

if (SSL_CTX_use_PrivateKey_file(ctx, "key.pem", SSL_FILETYPE_PEM) < 0 ) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
}

int main(int argc, char **argv)
{
int sock;
SSL_CTX *ctx;

init_openssl();
ctx = create_context();

configure_context(ctx);

sock = create_socket(4433);

/* Handle connections */
while(1) {
struct sockaddr_in addr;
uint len = sizeof(addr);
SSL *ssl;
const char reply[] = "test\n";

uint client = accept(sock, (struct sockaddr*)&addr, &len);
ssl = SSL_new(ctx);
SSL_set_fd(ssl, client);

if (SSL_accept(ssl) <= 0) {
ERR_print_errors_fp(stderr);
}
else {
SSL_write(ssl, reply, strlen(reply));
}

SSL_free(ssl);
close(client);
}

close(sock);
SSL_CTX_free(ctx);
cleanup_openssl();
}

</pre>

Simple TLS Server

2015-05-17T16:49:36Z

Richmoore:

The code below is a complete implementation of a minimal TLS server.

<pre>

#include <stdio.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

int create_socket(int port)
{
int s;
struct sockaddr_in addr;

addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = htonl(INADDR_ANY);

s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0) {
perror("Unable to create socket");
exit(EXIT_FAILURE);
}

if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
perror("Unable to bind");
exit(EXIT_FAILURE);
}

if (listen(s, 1) < 0) {
perror("Unable to listen");
exit(EXIT_FAILURE);
}

return s;
}

void init_openssl()
{
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
}

void cleanup_openssl()
{
EVP_cleanup();
}

SSL_CTX *create_context()
{
const SSL_METHOD *method;
SSL_CTX *ctx;

method = SSLv23_server_method();

ctx = SSL_CTX_new(method);
if (!ctx) {
perror("Unable to create SSL context");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

return ctx;
}

void configure_context(SSL_CTX *ctx)
{
SSL_CTX_set_ecdh_auto(ctx, 1);

/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, "cert.pem", SSL_FILETYPE_PEM) < 0) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

if (SSL_CTX_use_PrivateKey_file(ctx, "key.pem", SSL_FILETYPE_PEM) < 0 ) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
}

int main(int argc, char **argv)
{
int sock;
SSL_CTX *ctx;

init_openssl();
ctx = create_context();

configure_context(ctx);

sock = create_socket(4433);

/* Handle connections */
while(1) {
struct sockaddr_in addr;
uint len = sizeof(addr);
SSL *ssl;
const char reply[] = "test\n";

uint client = accept(sock, (struct sockaddr*)&addr, &len);
ssl = SSL_new(ctx);
SSL_set_fd(ssl, client);

if (SSL_accept(ssl) <= 0) {
ERR_print_errors_fp(stderr);
}
else {
SSL_write(ssl, reply, strlen(reply));
}

SSL_free(ssl);
close(client);
}

close(sock);
SSL_CTX_free(ctx);
cleanup_openssl();
}

</pre>

Simple TLS Server

2015-05-17T12:04:17Z

Richmoore:

The code below is a complete implementation of a minimal TLS server.

<pre>

#include <stdio.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

int create_socket(int port)
{
int s;
struct sockaddr_in addr;

addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = htonl(INADDR_ANY);

s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0) {
perror("Unable to create socket");
exit(EXIT_FAILURE);
}

if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
perror("Unable to bind");
exit(EXIT_FAILURE);
}

if (listen(s, 1) < 0) {
perror("Unable to listen");
exit(EXIT_FAILURE);
}

return s;
}

void init_openssl()
{
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
}

void cleanup_openssl()
{
EVP_cleanup();
}

SSL_CTX *create_context()
{
const SSL_METHOD *method;
SSL_CTX *ctx;

method = TLSv1_server_method();

ctx = SSL_CTX_new(method);
if (!ctx) {
perror("Unable to create SSL context");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

return ctx;
}

int main(int argc, char **argv)
{
int sock;
SSL_CTX *ctx;

init_openssl();
ctx = create_context();

/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, "cert.pem", SSL_FILETYPE_PEM) < 0) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

if (SSL_CTX_use_PrivateKey_file(ctx, "key.pem", SSL_FILETYPE_PEM) < 0 ) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

sock = create_socket(4433);

/* Handle connections */
while(1) {
struct sockaddr_in addr;
uint len = sizeof(addr);
SSL *ssl;
const char reply[] = "test\n";

uint client = accept(sock, (struct sockaddr*)&addr, &len);
ssl = SSL_new(ctx);
SSL_set_fd(ssl, client);

if (SSL_accept(ssl) <= 0) {
ERR_print_errors_fp(stderr);
}
else {
SSL_write(ssl, reply, strlen(reply));
}

SSL_free(ssl);
close(client);
}

close(sock);
SSL_CTX_free(ctx);
cleanup_openssl();
}

</pre>

Simple TLS Server

2015-05-16T09:39:02Z

Richmoore: /* Simple TLS Server */

The code below is a complete implementation of a minimal TLS server.

<pre>

#include <stdio.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

int create_socket(int port)
{
int s;
struct sockaddr_in addr;

addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = htonl(INADDR_ANY);

s = socket(AF_INET, SOCK_STREAM, 0);

if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
perror("Unable to bind");
exit(EXIT_FAILURE);
}

if (listen(s, 1) < 0) {
perror("Unable to listen");
exit(EXIT_FAILURE);
}

return s;
}

void init_openssl()
{
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
}

void cleanup_openssl()
{
EVP_cleanup();
}

SSL_CTX *create_context()
{
const SSL_METHOD *method;
SSL_CTX *ctx;

method = TLSv1_server_method();

ctx = SSL_CTX_new(method);
if (!ctx) {
perror("Unable to create SSL context");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

return ctx;
}

int main(int argc, char **argv)
{
int sock;
SSL_CTX *ctx;

init_openssl();
ctx = create_context();

/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, "cert.pem", SSL_FILETYPE_PEM) < 0) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

if (SSL_CTX_use_PrivateKey_file(ctx, "key.pem", SSL_FILETYPE_PEM) < 0 ) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

sock = create_socket(4433);

/* Handle connections */
while(1) {
struct sockaddr_in addr;
uint len = sizeof(addr);
SSL *ssl;
const char reply[] = "test\n";

uint client = accept(sock, (struct sockaddr*)&addr, &len);
ssl = SSL_new(ctx);
SSL_set_fd(ssl, client);

if (SSL_accept(ssl) <= 0) {
ERR_print_errors_fp(stderr);
}
else {
SSL_write(ssl, reply, strlen(reply));
}

SSL_free(ssl);
close(client);
}

close(sock);
SSL_CTX_free(ctx);
cleanup_openssl();
}

</pre>

Simple TLS Server

2015-05-16T09:38:49Z

Richmoore: Created page with "= Simple TLS Server = The code below is a complete implementation of a minimal TLS server. <pre> #include <stdio.h> #include <unistd.h> #include <sys/socket.h> #include <ar..."

= Simple TLS Server =

The code below is a complete implementation of a minimal TLS server.

<pre>

#include <stdio.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

int create_socket(int port)
{
int s;
struct sockaddr_in addr;

addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = htonl(INADDR_ANY);

s = socket(AF_INET, SOCK_STREAM, 0);

if (bind(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
perror("Unable to bind");
exit(EXIT_FAILURE);
}

if (listen(s, 1) < 0) {
perror("Unable to listen");
exit(EXIT_FAILURE);
}

return s;
}

void init_openssl()
{
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
}

void cleanup_openssl()
{
EVP_cleanup();
}

SSL_CTX *create_context()
{
const SSL_METHOD *method;
SSL_CTX *ctx;

method = TLSv1_server_method();

ctx = SSL_CTX_new(method);
if (!ctx) {
perror("Unable to create SSL context");
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

return ctx;
}

int main(int argc, char **argv)
{
int sock;
SSL_CTX *ctx;

init_openssl();
ctx = create_context();

/* Set the key and cert */
if (SSL_CTX_use_certificate_file(ctx, "cert.pem", SSL_FILETYPE_PEM) < 0) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

if (SSL_CTX_use_PrivateKey_file(ctx, "key.pem", SSL_FILETYPE_PEM) < 0 ) {
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}

sock = create_socket(4433);

/* Handle connections */
while(1) {
struct sockaddr_in addr;
uint len = sizeof(addr);
SSL *ssl;
const char reply[] = "test\n";

uint client = accept(sock, (struct sockaddr*)&addr, &len);
ssl = SSL_new(ctx);
SSL_set_fd(ssl, client);

if (SSL_accept(ssl) <= 0) {
ERR_print_errors_fp(stderr);
}
else {
SSL_write(ssl, reply, strlen(reply));
}

SSL_free(ssl);
close(client);
}

close(sock);
SSL_CTX_free(ctx);
cleanup_openssl();
}

</pre>

Main Page

2015-05-16T09:35:46Z

Richmoore: /* Usage and Programming */

If this is your first visit or to get an account please see the [[Welcome]] page. Your participation and [[Contributions]] are valued.

This wiki is intended as a place for collecting, organizing, and refining useful information about OpenSSL that is currently strewn among multiple locations and formats.

== OpenSSL Quick Links ==

<TABLE border=0>
<TR>
<TD>[[OpenSSL Overview]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Compilation and Installation]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Internals]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Mailing Lists]] </TD>
</TR>
<TR>
<TD>[[libcrypto API]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[libssl API]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Examples]] </TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Documentation Index|Index of all API functions]]</TD>
</TR>
<TR>
<TD>[[License]] </TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Command Line Utilities]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[Related Links]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
<TD>[[SSL and TLS Protocols]]</TD>
</TR>
<TR>
<TD>[[1.1 API Changes]]</TD>
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD>
</TR>

</TABLE>

== Administrivia ==
Site guidelines, legal and admininstrative issues.
:* [[Basic rules]], [[Commercial Product Disclaimer]], [[Contributions]], [[Copyright]], [[License]]
:* Using This Wiki
:: [http://meta.wikimedia.org/wiki/Help:Contents Wiki User's Guide], [http://www.mediawiki.org/wiki/Manual:Configuration_settings Configuration settings list], [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ], [https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce MediaWiki Mailing List]

== Reference ==
This section contains the automagically generated man pages from the OpenSSL git repository, and similar "man" style reference documentation. The man pages are automatically imported from the OpenSSL git repository and local wiki modifications are submitted as patches.
:* OpenSSL Manual Pages
::* [[Manual:Openssl(1)]], [[Manual:Ssl(3)]], [[Manual:Crypto(3)]], [[Documentation Index]]
:: If you wish to edit any of the Manual page content please refer to the [[Guidelines for Manual Page Authors]] page.
:* [[API]], [[Libcrypto API]], [[Libssl API]]
:* [[FIPS mode()]], [[FIPS_mode_set()]]

== Usage and Programming ==
This section has discussions of practical issues in using OpenSSL
:* Building from Source
:: Where to find it, the different versions, how to build and install it.
:* [[OpenSSL Overview]]
:* [[Versioning]]
:* [[Compilation and Installation]]
:* [[EVP]]
:: Programming techniques and example code
:: Use of EVP is preferred for most applications and circumstances
::* [[EVP Asymmetric Encryption and Decryption of an Envelope]]
::* [[EVP Authenticated Encryption and Decryption]]
::* [[EVP Symmetric Encryption and Decryption]]
::* [[EVP Key and Parameter Generation]]
::* [[EVP Key Agreement]]
::* [[EVP Message Digests]]
::* [[EVP Key Derivation]]
::* [[EVP Signing and Verifying|EVP Signing and Verifying (including MAC codes)]]
:* [[STACK API]]
:* Low Level APIs
:: More specialized non-EVP usage
::* [[Diffie-Hellman parameters]]
:* [[FIPS Mode]]
:* [[Simple TLS Server]]

== Concepts and Theory ==
Discussions of basic cryptographic theory and concepts
Discussions of common operational issues
:* [[Base64]]
:* [http://wiki.openssl.org/index.php/Category:FIPS_140 FIPS 140-2]
:* [[Random Numbers]]
:* [[Diffie Hellman]]
:* [[Elliptic Curve Diffie Hellman]]
:* [[Elliptic Curve Cryptography]]

== Security Advisories ==
:* [https://www.openssl.org/about/secpolicy.html OpenSSL Security Policy]
:* [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List]
:* [[Security_Advisories|Security Advisories Additional Information]]

== Feedback and Contributions ==
:* [https://www.openssl.org/support/faq.html#BUILD18 Notification of suspected security vulnerabilities]
:* [https://www.openssl.org/support/rt.html Contributing bug reports, other than for suspected vulnerabilities]
:* [[Contributions|General background on source and documentation contributions - '''must read''']]
:* Contributing code fixes, other than for suspected vulnerabilities, as well as fixes and other improvements to manual pages
::* Follow the [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|instructions for accessing source code]] in the appropriate branches
:::* Note that manual pages and the FAQ are maintained with the source code.
::* If you are unsure as to whether a feature will be useful for the general OpenSSL community please discuss it on the [https://www.openssl.org/support/community.html openssl-dev mailing list] first. Someone may be already working on the same thing or there may be a good reason as to why that feature isn't implemented.
::* Submit a pull request for each separate fix (also documented [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|there]])
::* Submit a bug report for the issue and reference the pull request
:* Contributing fixes and other improvements to the web site
::* Follow the [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|instructions for accessing web site sources]]
::* Create a patch (also documented [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|there]])
::* Submit a bug report and add the patch as an attachment
:* [[Developing For OpenSSL]]
:* [[KnownPatches|Known patches not part of OpenSSL]]
:* [[Welcome|Contributing to this wiki]]

== Internals and Development ==
This section is for internal details of primary interest to OpenSSL maintainers and power users
:* [[Code reformatting]]

:* [[Internals]]
:* [[Code Quality]]
:* [[Static and Dynamic Analysis]]
:* [[OCB|OCB Licence details]]
:* [[Defect and Feature Review Process]]
:* [[Unit Testing]] (includes other automated testing information)

OpenSSL 1.1.0 Changes

2015-02-10T18:21:30Z

Richmoore:

This is a parent page for discussion about API changes being done for OpenSSL version 1.1

The overall goal of this project is to make most data structures opaque to applications. This provides us with a number of benefits:
* We can add fields without breaking binary compatibility
* Applications are more robust and can be more assured about correctness
* It helps us determine which (new) accessors and settors, for example, are needed

Please add sub-pages to discuss particular parts of the library has work progresses.

So far, the SSL library has mostly been made opaque. The old DES API has been removed.

== Things that Broke in Qt ==

Here's what's broken in the dev branch of Qt when building openssl master as of 6 Feb 2015.

* DH - we were directly accessing p and q to set the DH params to primes embedded in Qt. We can probably replace this with SSL_CTX_set_dh_auto(ctx, 1). Another option suggested by Steve Henson is to save the DHparams we're using at the moment then use d2i_DHparams to load them in. This is compatible with openssl versions that don't have the dh_auto option.

* ctx->cert_store - we were directly accessing the cert_store field of SSL_CTX. We can probably replace this with X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx) [Fixed in dev]

* session->tlsext_tick_lifetime_hint - we were directly accessing the lifetime hint of the session. No replacement found.

* cipher->valid - we were directly accessing the valid field of SSL_CIPHER. No replacement found. [This turned out not to be needed and so will be removed].

== Things that Broke in Curl ==

* SSL_SESSION->ssl_version. Replaced with SSL_version(SSL *)

== Things that Broke in wget ==

* SSL->state. Replaced with SSL_state(SSL *)

OpenSSL 1.1.0 Changes

2015-02-10T18:17:30Z

Richmoore: /* Things that Broke in Curl */

OpenSSL 1.1.0 Changes

2015-02-08T11:47:28Z

Richmoore: /* Things that Broke in Qt */

OpenSSL 1.1.0 Changes

2015-02-07T21:58:25Z

Richmoore:

This is a parent page for discussion about API changes being done for OpenSSL version 1.1

The overall goal of this project is to make most data structures opaque to applications. This provides us with a number of benefits:
* We can add fields without breaking binary compatibility
* Applications are more robust and can be more assured about correctness
* It helps us determine which (new) accessors and settors, for example, are needed

Please add sub-pages to discuss particular parts of the library has work progresses.

So far, the SSL library has mostly been made opaque. The old DES API has been removed.

== Things that Broke in Qt ==

Here's what's broken in the dev branch of Qt when building openssl master as of 6 Feb 2015.

* DH - we were directly accessing p and q to set the DH params to primes embedded in Qt. We can probably replace this with SSL_CTX_set_dh_auto(ctx, 1). Another option suggested by Steve Henson is to save the DHparams we're using at the moment then use d2i_DHparams to load them in. This is compatible with openssl versions that don't have the dh_auto option.

* ctx->cert_store - we were directly accessing the cert_store field of SSL_CTX. We can probably replace this with X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx)

* session->tlsext_tick_lifetime_hint - we were directly accessing the lifetime hint of the session. No replacement found.

* cipher->valid - we were directly accessing the valid field of SSL_CIPHER. No replacement found.

== Things that Broke in Curl ==

* SSL_SESSION->ssl_version. Replaced with SSL_version(SSL *)

OpenSSL 1.1.0 Changes

2015-02-07T20:01:50Z

Richmoore: /* Things that Broke in Qt */

This is a parent page for discussion about API changes being done for OpenSSL version 1.1

The overall goal of this project is to make most data structures opaque to applications. This provides us with a number of benefits:
* We can add fields without breaking binary compatibility
* Applications are more robust and can be more assured about correctness
* It helps us determine which (new) accessors and settors, for example, are needed

Please add sub-pages to discuss particular parts of the library has work progresses.

So far, the SSL library has mostly been made opaque. The old DES API has been removed.

== Things that Broke in Qt ==

Here's what's broken in the dev branch of Qt when building openssl master as of 6 Feb 2015.

* DH - we were directly accessing p and q to set the DH params to primes embedded in Qt. We can probably replace this with SSL_CTX_set_dh_auto(ctx, 1). Another option suggested by Steve Henson is to save the DHparams we're using at the moment then use d2i_DHparams to load them in. This is compatible with openssl versions that don't have the dh_auto option.

* ctx->cert_store - we were directly accessing the cert_store field of SSL_CTX. We can probably replace this with X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx)

* session->tlsext_tick_lifetime_hint - we were directly accessing the lifetime hint of the session. No replacement found.

* cipher->valid - we were directly accessing the valid field of SSL_CIPHER. No replacement found.

OpenSSL 1.1.0 Changes

2015-02-07T14:36:47Z

Richmoore:

This is a parent page for discussion about API changes being done for OpenSSL version 1.1

The overall goal of this project is to make most data structures opaque to applications. This provides us with a number of benefits:
* We can add fields without breaking binary compatibility
* Applications are more robust and can be more assured about correctness
* It helps us determine which (new) accessors and settors, for example, are needed

Please add sub-pages to discuss particular parts of the library has work progresses.

So far, the SSL library has mostly been made opaque. The old DES API has been removed.

== Things that Broke in Qt ==

Here's what's broken in the dev branch of Qt when building openssl master as of 6 Feb 2015.

* DH - we were directly accessing p and q to set the DH params to primes embedded in Qt. We can probably replace this with SSL_CTX_set_dh_auto(ctx, 1)

* ctx->cert_store - we were directly accessing the cert_store field of SSL_CTX. We can probably replace this with X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx)

* session->tlsext_tick_lifetime_hint - we were directly accessing the lifetime hint of the session. No replacement found.

* cipher->valid - we were directly accessing the valid field of SSL_CIPHER. No replacement found.