Don't understand OpenSSL_add_all_algorithms method

The NOTES section of the manual page pretty much sums it up:

A typical application will call OpenSSL_add_all_algorithms() initially and EVP_cleanup() before exiting.

and

The cipher and digest lookup functions are used in many parts of the library. If the table is not initialized several functions will misbehave and complain they cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries. This is a common query in the OpenSSL mailing lists.

So assuming that you are writing a typical application, you will add this to your OpenSSL initialization code:

OpenSSL_add_all_algorithms();

and this to the OpenSSL cleanup code:

EVP_cleanup();

and you are done. You are always responsible for calling these yourself in applications which use OpenSSL. If you want to know how OpenSSL stores the table internally, use the source, Luke.

To control which ciphers are available for a specific SSL context, you would use SSL_CTX_set_cipher_list.

As for better documentation than the manual page, I can recommend "Network Security with OpenSSL" by John Viega, Matt Messier & Pravir Chandra. The book is old and does not cover newer versions of OpenSSL, but most of it is still very applicable.

Tags:

Ssl

Openssl