Geek Answers Handbook

I do not understand the OpenSSL_add_all_algorithms method

The documentation states

OpenSSL stores an internal table of digest and cipher algorithms. It uses this table to search for ciphers using functions such as EVP_get_cipher_byname ().

OpenSSL_add_all_digests () adds all digest algorithms to the table.

My question is: where is this table stored? How does my code know that this method performed? ... how does it work internally, what if I want more SSL connections, and one to add all digests, and the other not? Does anyone know a good documentation for this?

thanks

+7
source share
1 answer

The NOTES section of the manual page pretty much sums up:

A typical application will first call OpenSSL_add_all_algorithms () and EVP_cleanup () before exiting.

and

Encryption and digest search functions are used in many parts of the library. If the table is not initialized, some functions will behave badly and complain that they cannot find the algorithms. This includes the PEM, PKCS # 12, SSL, and S / MIME libraries. This is a general request on the OpenSSL mailing lists.

So, assuming you are writing a typical application, you will add this to your OpenSSL initialization code:

OpenSSL_add_all_algorithms();

and this is the OpenSSL cleanup code:

 EVP_cleanup();

and you're done. You are always responsible for calling them in applications that use OpenSSL. If you want to know how OpenSSL stores a table inside, use the source, Luke .

To control which ciphers are available for a particular SSL context, you should use SSL_CTX_set_cipher_list .

As for better documentation than on the manual page, I can recommend "Network Security with OpenSSL" by John Wiig, Matt Messier and Pravir Chandra . The book is outdated and does not apply to new versions of OpenSSL, but most of it is still very applicable.

+7
source

More articles:


All Articles