On Fri, Jan 9, 2009 at 10:20 AM, Steve Chaplin
<[email protected]> wrote:
> Hi all,
>
> I have an application that essentially performs the same purpose
> as apps/enc.c and have a couple of questions. I have spent a few
> days checking out enc.c and others plus googling and have checked
> the mailing list archive, I also have the O'Reilly books.
>
> 1. I am calling EVP_get_cipherbyname() with a name supplied by my
> user. Now the user naturally wants to know the available names. I
> found this post in the mail archive;
> http://marc.info/?l=openssl-users&m=107873956817083&w=2
> where a similar questioner was directed to show_ciphers() and
> OBJ_NAME_do_all_sorted() etc, in enc.c. Is this really the recommended
> way to do this? Does this OBJ_ stuff form part of the published
> API and, if so, is it documented. If this is the case, it sounds like I will
> need my own version of show_ciphers() to store the results rather than
> display them. Would this be the right way to go?
OBJ_NAME_* is part of the API (and resides in crypto/objects/ ); alas,
it lacks a pod/manpage document at the moment.
You may use it, but may I point you at the more modern 'wrapper'
functions EVP_CIPHER_do_all*(), EVP_MD_do_all*(), etc. which take care
of defining the proper type for picking the proper sort of crypto
element (cipher, hash, etc.) according to the OBJ_NAME_TYPE_* #defines
in <openssl/objects.h>?
A usage sample of those can be found in apps/openssl.c: see the
list_md() and list_cipher() function snippets below:
----------------------------------------
static void list_cipher_fn(const EVP_CIPHER *c,
const char *from, const char *to, void *arg)
{
if (c)
BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
else
{
if (!from)
from = "<undefined>";
if (!to)
to = "<undefined>";
BIO_printf(arg, "%s => %s\n", from, to);
}
}
static void list_cipher(BIO *out)
{
EVP_CIPHER_do_all_sorted(list_cipher_fn, out);
}
static void list_md_fn(const EVP_MD *m,
const char *from, const char *to, void *arg)
{
if (m)
BIO_printf(arg, "%s\n", EVP_MD_name(m));
else
{
if (!from)
from = "<undefined>";
if (!to)
to = "<undefined>";
BIO_printf(arg, "%s => %s\n", from, to);
}
}
static void list_md(BIO *out)
{
EVP_MD_do_all_sorted(list_md_fn, out);
}
----------------------------------------
>
> 2. I have initialised my app with OpenSSL_add_allciphers(), but
> many of the ciphers that "openssl enc..." can do, I get a NULL back from
> EVP_get_cipherbyname() when I try and use them. For example, aes-256-cbc
> works in my app but des-ede3-cfb doesn't. I can't see what else enc.c is
> doing to bring in these extra ciphers. Of course, if I
> had the answer to 1, I could dump out my available cipher list which might
> help.
I take it you meant
OpenSSL_add_all_algorithms();
though you may call
OpenSSL_add_all_ciphers();
and
OpenSSL_add_all_digests();
for (almost) identical functionality.
One reason why some ciphers won't show up is related to the
configuration of the OpenSSL lib on compilation: depending on your
./config arguments (or the ones used by the one who produced the
OpenSSL lib for you, e.g. in case of an off the shelf Linux distro)
some ciphers, digests and/or other pieces may have been disabled
(removed) at compile time: as they won't exist in the code, they will
not show up in the cipher/digest/... list.
But that would be far easier to diagnose indeed, when you list the
ciphers as you suggested yourself.
--
Met vriendelijke groeten / Best regards,
Ger Hobbelt
--------------------------------------------------
web: http://www.hobbelt.com/
http://www.hebbut.net/
mail: [email protected]
mobile: +31-6-11 120 978
--------------------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
