As an independent follower of this list, I'd just like say that even if the documentation has its critics, the support provided here is incredibly good !
On Wed, Mar 28, 2012, at 12:32 PM, Prashanth kumar N wrote: > I tried to use EVP but let if of go due to bad documentation... > > On Wed, Mar 28, 2012 at 2:49 AM, Jakob Bohm <jb-open...@wisemo.com> > wrote: > > > On 3/27/2012 10:42 PM, Jeffrey Walton wrote: > > > >> On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman<kgold...@us.ibm.com> wrote: > >> > >>> On 3/27/2012 3:51 PM, Jakob Bohm wrote: > >>> > >>>> On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote: > >>>> > >>>>> You should really be using EVP instead of the low level routines. > >>>>> They are well documented with examples. > >>>>> > >>>> Where, precisely? > >>>> > >>>> I didn't find it either when I was looking a few years ago, so I > >>>> settled on the obvious low level APIs too. > >>>> > >>> In fact, neither the low level or the EVP APIs are documented. I don't > >>> see > >>> any AES documentation at all. > >>> > >> Digest (search for "openssl evp digest example"): > >> > >> http://www.openssl.org/docs/**crypto/EVP_DigestInit.html<http://www.openssl.org/docs/crypto/EVP_DigestInit.html> > >> > > At least this one is outdated, it recommends SHA1, does not > > mention any of the larger algorithms and still shows the > > old SSL MD5+SHA1 288 bit length as the maximum MD size. > > > > openssl/evp.h has later definitions but no documentation in it. > > > > This document also gives two good reason not to use this > > interface when retrofitting existing code: > > > > 1. The state structure (EVP_MD_CTX) requires an extra call to > > free internal memory, which may not fit into existing code > > that doesn't have such a requirement of its own. > > > > 2. The EVP_DigestInit_ex() function is documented as loading > > a specific implementation if NULL is passed, thus almost certainly > > ensuring that said specific implementation will be linked into > > programs that don't use it at all. It is also unclear how > > referencing a specific engine avoids loading the entire feature > > set of that engine when only a subset is needed. Such granularity > > issues basic questions one should always consider in any library > > design. > > > > > > Encrypt (search for "openssl evp encrypt example"): > >> > >> http://www.openssl.org/docs/**crypto/EVP_EncryptInit.html<http://www.openssl.org/docs/crypto/EVP_EncryptInit.html> > >> > >> Sign (search for "openssl evp sign example"): > >> > >> http://www.openssl.org/docs/**crypto/EVP_SignInit.html<http://www.openssl.org/docs/crypto/EVP_SignInit.html> > >> > >> Verify (search for "openssl evp verify example"): > >> > >> http://www.openssl.org/docs/**crypto/EVP_VerifyInit.html<http://www.openssl.org/docs/crypto/EVP_VerifyInit.html> > >> > > (I have not checked out those yet). > > > > Explicitly adding the "word" EVP to those searches was > > non-obvious because as a programmer I tend not to consider > > parts of identifiers as separate search words (except when > > doing a raw grep). And besides, how should a newcomer to > > OpenSSL guess that something called "EVP" is of any > > significance? > > > > > > -- > > Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com > > Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10 <call: > > +4531131610> > > This message is only for its intended recipient, delete if misaddressed. > > WiseMo - Remote Service Management for PCs, Phones and Embedded > > ______________________________**______________________________**__________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
