OpenSSL provides two primary libraries: libssl and libcrypto. The libcrypto library provides the fundamental cryptographic routines used by libssl. You can however use libcrypto without using libssl.
- Openssl Crypto Library C#
- Openssl Crypto Library Required
- Openssl Crypto Library Not Found
- Openssl Library Vs Windows Secure
Getting Started[edit]
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The OpenSSL crypto library ('libcrypto') implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS and S/MIME, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards.
In order to use libcrypto it must first (typically) be initialised:
High Level and Low Level Interfaces[edit]
For most uses, users should use the high level interface that is provided for performing cryptographic operations. This is known as the EVP interface (short for Envelope). This interface provides a suite of functions for performing encryption/decryption (both symmetric and asymmetric), signing/verifying, as well as generating hashes and MAC codes, across the full range of OpenSSL supported algorithms and modes. Working with the high level interface means that a lot of the complexity of performing cryptographic operations is hidden from view. A single consistent API is provided. In the event that you need to change your code to use a different algorithm (for example), then this is a simple change when using the high level interface. In addition low level issues such as padding and encryption modes are all handled for you.
Refer to EVP for further information on the high level interface.
In addition to the high level interface, OpenSSL also provides low level interfaces for working directly with the individual algorithms. These low level interfaces are not recommended for the novice user, but provide a degree of control that may not be possible when using only the high level interface. Note that many low-level interfaces are not available if you are running in FIPS mode.
Error Handling[edit]
Most OpenSSL functions will return an integer to indicate success or failure. Typically a function will return 1 on success or 0 on error. All return codes should be checked and handled as appropriate.
It is common to see errors handled in a way similar to the following:
Note that not all of the libcrypto functions return 0 for error and 1 for success. There are exceptions which can trip up the unwary. For example if you want to check a signature with some functions you get 1 if the signature is correct, 0 if it is not correct and -1 if something bad happened like a memory allocation failure. So if you do:
and someone can induce the 'something bad happened' condition you end up behaving as though a bad signature is good. This one cropped up in the library internals at one point and was fixed in a security release. Currently you should check the manual pages or the source to be sure.
One way to avoid being bitten by this potential problem is to always use this idiom to check for errors when calling an OpenSSL function:
Refer to the Library Errors page for more information about OpenSSL errors.
Thread Safety[edit]
OpenSSL currently is thread-NOT-safe by default. In order to make it thread-safe the caller has to provide various callbacks for locking, atomic integer addition, and thread ID determination (this last has reasonable defaults). This makes it difficult to use OpenSSL from multiple distinct objects in one multi-threaded process: one of them had better provide these callbacks, but only one of them should.
Currently the only moderately safe way for libraries using OpenSSL to handle thread safety is to do the following as early as possible, possible in .init or DllMain:
- Check if the locking callback has been set, then set it if not;
- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK), set the remaining callbacks (threadid, dynlock, and add_lock) if not already set, then CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
In the future we hope that OpenSSL will self-initialize thread-safely to use native threading where available.
Fork Safety[edit]
- main article: Random fork-safety
OpenSSL library functions are generally not async-signal-safe, therefore:
- do not call OpenSSL functions from signal handlers
- do not call OpenSSL functions on the child-side of fork() (exec or _exit)
- do not call OpenSSL functions from pthread_atfork() handlers (fork() itself is and must be and remain async-signal-safe)
Ssundee discord bot. If you have an application for which using OpenSSL on the parent and child sides of fork() (without exec'ing) and it does not blow up naturally, then you should arrange to call RAND_poll() on the child-side of fork() before using any other RAND functions.
Further libcrypto information[edit]
There are a number of other pages that cover specific aspects of working with libcrypto:
See also[edit]
![Openssl_crypto_library Openssl_crypto_library](/uploads/1/3/7/5/137564599/286100960.png)
Retrieved from 'https://wiki.openssl.org/index.php?title=Libcrypto_API&oldid=2082'
- Table of contents
- IKEv1 Cipher Suites
- Diffie Hellman Groups
Openssl Crypto Library C#
![Ubuntu openssl library Ubuntu openssl library](/uploads/1/3/7/5/137564599/383357753.jpg)
The keywords listed below can be used with the ike and esp directives in ipsec.conf or the proposals settings in swanctl.conf to define cipher suites.
IANA provides lists of algorithm identifiers for IKEv1 and IPsec.
Encryption Algorithms¶
Keyword | Description | IANA | IKE | ESP | Built-in Plugins | Deprecated |
---|---|---|---|---|---|---|
null | Null encryption | 11 | k | |||
aes128 or aes | 128 bit AES-CBC | 7 | x o g a | k | aes | |
aes192 | 192 bit AES-CBC | x o g a | k | aes | ||
aes256 | 256 bit AES-CBC | x o g a | k | aes | ||
aes128ctr | 128 bit AES-COUNTER | 13 | k | |||
aes192ctr | 192 bit AES-COUNTER | k | ||||
aes256ctr | 256 bit AES-COUNTER | k | ||||
aes128ccm8 or aes128ccm64 | 128 bit AES-CCM with 64 bit ICV | 14 | k | |||
aes192ccm8 or aes192ccm64 | 192 bit AES-CCM with 64 bit ICV | k | ||||
aes256ccm8 or aes256ccm64 | 256 bit AES-CCM with 64 bit ICV | k | ||||
aes128ccm12 or aes128ccm96 | 128 bit AES-CCM with 96 bit ICV | 15 | k | |||
aes192ccm12 or aes192ccm96 | 192 bit AES-CCM with 96 bit ICV | k | ||||
aes256ccm12 or aes256ccm96 | 256 bit AES-CCM with 96 bit ICV | k | ||||
aes128ccm16 or aes128ccm128 | 128 bit AES-CCM with 128 bit ICV | 16 | k | |||
aes192ccm16 or aes192ccm128 | 192 bit AES-CCM with 128 bit ICV | k | ||||
aes256ccm16 or aes256ccm128 | 256 bit AES-CCM with 128 bit ICV | k | ||||
aes128gcm8 or aes128gcm64 | 128 bit AES-GCM with 64 bit ICV | 18 | k | |||
aes192gcm8 or aes192gcm64 | 192 bit AES-GCM with 64 bit ICV | k | ||||
aes256gcm8 or aes256gcm64 | 256 bit AES-GCM with 64 bit ICV | k | ||||
aes128gcm12 or aes128gcm96 | 128 bit AES-GCM with 96 bit ICV | 19 | k | |||
aes192gcm12 or aes192gcm96 | 192 bit AES-GCM with 96 bit ICV | k | ||||
aes256gcm12 or aes256gcm96 | 256 bit AES-GCM with 96 bit ICV | k | ||||
aes128gcm16 or aes128gcm128 | 128 bit AES-GCM with 128 bit ICV | 20 | k | |||
aes192gcm16 or aes192gcm128 | 192 bit AES-GCM with 128 bit ICV | k | ||||
aes256gcm16 or aes256gcm128 | 256 bit AES-GCM with 128 bit ICV | k | ||||
aes128gmac | Null encryption with 128 bit AES-GMAC | 23 | k | |||
aes192gmac | Null encryption with 192 bit AES-GMAC | k | ||||
aes256gmac | Null encryption with 256 bit AES-GMAC | k | ||||
3des | 168 bit 3DES-EDE-CBC | 5 | x o g a | k | des | s |
blowfish128 or blowfish | 128 bit Blowfish-CBC | 3 | x o g a | k | blowfish | s |
blowfish192 | 192 bit Blowfish-CBC | x o a | k | blowfish | s | |
blowfish256 | 256 bit Blowfish-CBC | x o a | k | blowfish | s | |
camellia128 or camellia | 128 bit Camellia-CBC | 8 | k | |||
camellia192 | 192 bit Camellia-CBC | k | ||||
camellia256 | 256 bit Camellia-CBC | k | ||||
serpent128 or serpent | 128 bit Serpent-CBC | 252 | g a | k | ||
serpent192 | 192 bit Serpent-CBC | g a | k | |||
serpent256 | 256 bit Serpent-CBC | g a | k | |||
twofish128 or twofish | 128 bit Twofish-CBC | 253 | g a | k | ||
twofish192 | 192 bit Twofish-CBC | a | k | |||
twofish256 | 256 bit Twofish-CBC | g a | k | |||
IKE support | ||||||
x default built-in crypto plugin(s) (see separate column) o OpenSSL crypto library (openssl plugin) g Gcrypt crypto library (gcrypt plugin) a AF_ALG userland crypto API for Linux 2.6.38 kernel or newer (af-alg plugin) | ||||||
ESP support | ||||||
k Linux 2.6+ kernel | ||||||
Deprecated | ||||||
s broken by SWEET32 |
Openssl Crypto Library Required
Integrity Algorithms¶
Keyword | Description | IANA | IKE | ESP/AH | Length | Built-in Plugins |
---|---|---|---|---|---|---|
md5 | MD5 HMAC | 1 | x o a | k | 96 bit | md5, hmac |
sha1 or sha | SHA1 HMAC | 2 | x o a | k | 96 bit | sha1, hmac |
sha256 or sha2_256 | SHA2_256_128 HMAC | 5 | x o a | n | 128 bit | sha2, hmac |
sha384 or sha2_384 | SHA2_384_192 HMAC | 6 | x o a | k | 192 bit | sha2, hmac |
sha512 or sha2_512 | SHA2_512_256 HMAC | 7 | x o a | k | 256 bit | sha2, hmac |
aesxcbc | AES XCBC | 9 | k | 96 bit | ||
aes128gmac | 128-bit AES-GMAC | 11 | q | 128 bit | ||
aes192gmac | 192-bit AES-GMAC | 12 | q | 128 bit | ||
aes256gmac | 256-bit AES-GMAC | 13 | q | 128 bit | ||
IKE support | ||||||
x default built-in crypto plugin(s) (see separate column) o OpenSSL crypto library (openssl plugin) a AF_ALG userland crypto API for Linux 2.6.38 kernel or newer (af-alg plugin) It's also possible to use the hash implementations provided by the gcrypt or openssl plugin together with the hmac plugin. | ||||||
ESP/AH support | ||||||
k Linux 2.6+ kernel q for AH, AES-GMAC is negotiated as encryption algorithm for ESP n before version 2.6.33 the Linux kernel incorrectly used 96 bit truncation for SHA-256 |
Diffie Hellman Groups¶
Keyword | DH Group | Modulus | Subgroup | IKE | Deprecated |
---|---|---|---|---|---|
Regular Groups | |||||
modp768 | 1 | 768 bits | m o g | l | |
modp1024 | 2 | 1024 bits | m o g | l | |
modp1536 | 5 | 1536 bits | m o g | l | |
modp2048 | 14 | 2048 bits | m o g | ||
modp3072 | 15 | 3072 bits | m o g | ||
modp4096 | 16 | 4096 bits | m o g | ||
modp6144 | 17 | 6144 bits | m o g | ||
modp8192 | 18 | 8192 bits | m o g | ||
Modulo Prime Groups with Prime Order Subgroup | |||||
modp1024s160 | 22 | 1024 bits | 160 bits | m o g | x |
modp2048s224 | 23 | 2048 bits | 224 bits | m o g | x |
modp2048s256 | 24 | 2048 bits | 256 bits | m o g | x |
NIST Elliptic Curve Groups | |||||
ecp192 | 25 | 192 bits | o | w | |
ecp224 | 26 | 224 bits | o | ||
ecp256 | 19 | 256 bits | o | ||
ecp384 | 20 | 384 bits | o | ||
ecp521 | 21 | 521 bits | o | ||
Brainpool Elliptic Curve Groups | |||||
ecp224bp | 27 | 224 bits | o | ||
ecp256bp | 28 | 256 bits | o | ||
ecp384bp | 29 | 384 bits | o | ||
ecp512bp | 30 | 512 bits | o | ||
Elliptic Curve 25519 - only standardized for IKEv2 but also supported for IKEv1 by strongSwan | |||||
curve25519 or x25519 | 31 | 256 bits | c | ||
IKE support | |||||
ccurve25519 plugin m GMP multi-precision library (gmp plugin) o OpenSSL crypto library (openssl plugin) g Gcrypt crypto library (gcrypt plugin) | |||||
Deprecated | |||||
x questionable source of the primes. Potentially trapdoored (https://eprint.iacr.org/2016/961). l broken by LogJam w less than 112 bit security strength |
Post-Quantum Key Exchange using NTRU Encryption¶
Keyword | DH Group | Strength | IKE |
ntru112 | 1030 | 112 bits | n |
ntru128 | 1031 | 128 bits | n |
ntru192 | 1032 | 192 bits | n |
ntru256 | 1033 | 256 bits | n |
IKE support | |||
nntru plugin (includes ntru-crypto library) |
Post-Quantum Key Exchange using NewHope¶
Keyword | DH Group | Strength | IKE |
---|---|---|---|
newhope128 | 1040 | 128 bits | n |
IKE support | |||
nnewhope plugin |
Openssl Crypto Library Not Found
Since the Diffie-Hellman Group Transform IDs 1030.1033 and 1040 selected by the strongSwan project to designate the four NTRU key exchange strengths and the NewHope key exchange algorithm, respectively, were taken from the private-use range, the strongSwan vendor ID must be sent by the charon daemon. This can be enabled by the following statement in /etc/strongswan.conf: