I tried to use EVP but let if of go due to bad documentation... On Wed, Mar 28, 2012 at 2:49 AM, Jakob Bohm <jb-open...@wisemo.com> wrote:
> On 3/27/2012 10:42 PM, Jeffrey Walton wrote: > >> On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman<kgold...@us.ibm.com> wrote: >> >>> On 3/27/2012 3:51 PM, Jakob Bohm wrote: >>> >>>> On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote: >>>> >>>>> You should really be using EVP instead of the low level routines. >>>>> They are well documented with examples. >>>>> >>>> Where, precisely? >>>> >>>> I didn't find it either when I was looking a few years ago, so I >>>> settled on the obvious low level APIs too. >>>> >>> In fact, neither the low level or the EVP APIs are documented. I don't >>> see >>> any AES documentation at all. >>> >> Digest (search for "openssl evp digest example"): >> >> http://www.openssl.org/docs/**crypto/EVP_DigestInit.html<http://www.openssl.org/docs/crypto/EVP_DigestInit.html> >> > At least this one is outdated, it recommends SHA1, does not > mention any of the larger algorithms and still shows the > old SSL MD5+SHA1 288 bit length as the maximum MD size. > > openssl/evp.h has later definitions but no documentation in it. > > This document also gives two good reason not to use this > interface when retrofitting existing code: > > 1. The state structure (EVP_MD_CTX) requires an extra call to > free internal memory, which may not fit into existing code > that doesn't have such a requirement of its own. > > 2. The EVP_DigestInit_ex() function is documented as loading > a specific implementation if NULL is passed, thus almost certainly > ensuring that said specific implementation will be linked into > programs that don't use it at all. It is also unclear how > referencing a specific engine avoids loading the entire feature > set of that engine when only a subset is needed. Such granularity > issues basic questions one should always consider in any library > design. > > > Encrypt (search for "openssl evp encrypt example"): >> >> http://www.openssl.org/docs/**crypto/EVP_EncryptInit.html<http://www.openssl.org/docs/crypto/EVP_EncryptInit.html> >> >> Sign (search for "openssl evp sign example"): >> >> http://www.openssl.org/docs/**crypto/EVP_SignInit.html<http://www.openssl.org/docs/crypto/EVP_SignInit.html> >> >> Verify (search for "openssl evp verify example"): >> >> http://www.openssl.org/docs/**crypto/EVP_VerifyInit.html<http://www.openssl.org/docs/crypto/EVP_VerifyInit.html> >> > (I have not checked out those yet). > > Explicitly adding the "word" EVP to those searches was > non-obvious because as a programmer I tend not to consider > parts of identifiers as separate search words (except when > doing a raw grep). And besides, how should a newcomer to > OpenSSL guess that something called "EVP" is of any > significance? > > > -- > Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com > Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10 <call: > +4531131610> > This message is only for its intended recipient, delete if misaddressed. > WiseMo - Remote Service Management for PCs, Phones and Embedded > ______________________________**______________________________**__________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
