I agree with this as it has made many life's easy ... On Wed, Mar 28, 2012 at 12:48 PM, nudge <nudge...@fastmail.fm> wrote:
> As an independent follower of this list, I'd just like say that even if > the documentation has its critics, the support provided here is > incredibly good ! > > > On Wed, Mar 28, 2012, at 12:32 PM, Prashanth kumar N wrote: > > I tried to use EVP but let if of go due to bad documentation... > > > > On Wed, Mar 28, 2012 at 2:49 AM, Jakob Bohm <jb-open...@wisemo.com> > > wrote: > > > > > On 3/27/2012 10:42 PM, Jeffrey Walton wrote: > > > > > >> On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman<kgold...@us.ibm.com> > wrote: > > >> > > >>> On 3/27/2012 3:51 PM, Jakob Bohm wrote: > > >>> > > >>>> On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote: > > >>>> > > >>>>> You should really be using EVP instead of the low level routines. > > >>>>> They are well documented with examples. > > >>>>> > > >>>> Where, precisely? > > >>>> > > >>>> I didn't find it either when I was looking a few years ago, so I > > >>>> settled on the obvious low level APIs too. > > >>>> > > >>> In fact, neither the low level or the EVP APIs are documented. I > don't > > >>> see > > >>> any AES documentation at all. > > >>> > > >> Digest (search for "openssl evp digest example"): > > >> http://www.openssl.org/docs/**crypto/EVP_DigestInit.html< > http://www.openssl.org/docs/crypto/EVP_DigestInit.html> > > >> > > > At least this one is outdated, it recommends SHA1, does not > > > mention any of the larger algorithms and still shows the > > > old SSL MD5+SHA1 288 bit length as the maximum MD size. > > > > > > openssl/evp.h has later definitions but no documentation in it. > > > > > > This document also gives two good reason not to use this > > > interface when retrofitting existing code: > > > > > > 1. The state structure (EVP_MD_CTX) requires an extra call to > > > free internal memory, which may not fit into existing code > > > that doesn't have such a requirement of its own. > > > > > > 2. The EVP_DigestInit_ex() function is documented as loading > > > a specific implementation if NULL is passed, thus almost certainly > > > ensuring that said specific implementation will be linked into > > > programs that don't use it at all. It is also unclear how > > > referencing a specific engine avoids loading the entire feature > > > set of that engine when only a subset is needed. Such granularity > > > issues basic questions one should always consider in any library > > > design. > > > > > > > > > Encrypt (search for "openssl evp encrypt example"): > > >> http://www.openssl.org/docs/**crypto/EVP_EncryptInit.html< > http://www.openssl.org/docs/crypto/EVP_EncryptInit.html> > > >> > > >> Sign (search for "openssl evp sign example"): > > >> http://www.openssl.org/docs/**crypto/EVP_SignInit.html< > http://www.openssl.org/docs/crypto/EVP_SignInit.html> > > >> > > >> Verify (search for "openssl evp verify example"): > > >> http://www.openssl.org/docs/**crypto/EVP_VerifyInit.html< > http://www.openssl.org/docs/crypto/EVP_VerifyInit.html> > > >> > > > (I have not checked out those yet). > > > > > > Explicitly adding the "word" EVP to those searches was > > > non-obvious because as a programmer I tend not to consider > > > parts of identifiers as separate search words (except when > > > doing a raw grep). And besides, how should a newcomer to > > > OpenSSL guess that something called "EVP" is of any > > > significance? > > > > > > > > > -- > > > Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com > > > Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10<call: > > > +4531131610> > > > This message is only for its intended recipient, delete if > misaddressed. > > > WiseMo - Remote Service Management for PCs, Phones and Embedded > > > > ______________________________**______________________________**__________ > > > OpenSSL Project http://www.openssl.org > > > User Support Mailing List openssl-users@openssl.org > > > Automated List Manager majord...@openssl.org > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
