OpenSSL API: Core Structures and Pitfalls
Navigate EVP APIs, BIO abstractions, and the most common OpenSSL API misuse patterns.
EVP API: The High-Level Interface
The EVP (Envelope) API is OpenSSL's high-level interface for cryptographic operations and is the correct API to use in application code. It abstracts algorithm-specific details behind a consistent interface, supports engine and provider hardware acceleration automatically, and handles padding and mode details correctly. OpenSSL's lower-level algorithm-specific APIs are deprecated in modern versions and should be avoided.
EVP_CIPHER_CTX for Symmetric Encryption
Symmetric encryption in OpenSSL uses the EVP_CIPHER_CTX context object. The operation sequence is: EVP_CIPHER_CTX_new to allocate the context, EVP_EncryptInit_ex to initialize with cipher and key, EVP_EncryptUpdate repeatedly to process data, EVP_EncryptFinal_ex to flush the final block and retrieve remaining output, and EVP_CIPHER_CTX_free to release memory. Skipping EncryptFinal_ex is a common mistake that produces truncated output.
All lessons in this course
- libsodium: A Misuse-Resistant Crypto Library
- OpenSSL API: Core Structures and Pitfalls
- Google Tink: Safe High-Level Crypto
- Auditing and Selecting Cryptographic Dependencies