0Pricing
Cryptology Academy · Lesson

OpenSSL API: Core Structures and Pitfalls

Navigate EVP APIs, BIO abstractions, and the most common OpenSSL API misuse patterns.

EVP API: The High-Level Interface

The EVP (Envelope) API is OpenSSL's high-level interface for cryptographic operations and is the correct API to use in application code. It abstracts algorithm-specific details behind a consistent interface, supports engine and provider hardware acceleration automatically, and handles padding and mode details correctly. OpenSSL's lower-level algorithm-specific APIs are deprecated in modern versions and should be avoided.

EVP_CIPHER_CTX for Symmetric Encryption

Symmetric encryption in OpenSSL uses the EVP_CIPHER_CTX context object. The operation sequence is: EVP_CIPHER_CTX_new to allocate the context, EVP_EncryptInit_ex to initialize with cipher and key, EVP_EncryptUpdate repeatedly to process data, EVP_EncryptFinal_ex to flush the final block and retrieve remaining output, and EVP_CIPHER_CTX_free to release memory. Skipping EncryptFinal_ex is a common mistake that produces truncated output.

All lessons in this course

  1. libsodium: A Misuse-Resistant Crypto Library
  2. OpenSSL API: Core Structures and Pitfalls
  3. Google Tink: Safe High-Level Crypto
  4. Auditing and Selecting Cryptographic Dependencies
← Back to Cryptology Academy