GitHub - CyanogenMod/android_external_openssl: OpenSSL for Android
GitHub - robertying/openssl-curl-android: Compile openssl and curl for Android
one. OpenSSL is an open source cryptography library that provides rich cryptography functions and implementation of security protocols. In the source code of OpenSSL, crypto and ssl are two main modules, used for cryptographic functions and SSL/TLS protocol implementation respectively.
crypto module:
Provides a wealth of cryptographic functions, including symmetric encryption algorithms (such as AES, DES), hash algorithms (such as MD5, SHA), public key encryption algorithms (such as RSA, ECDSA), etc.
Various cryptographic protocols are implemented, such as SSL/TLS, S/MIME, PKCS, etc.
Provides cryptography-related data structures and functions, such as large number operations, random number generation, certificate operations, etc.
Supports encryption, decryption, signature, verification, key generation and other operations of cryptographic algorithms.
ssl module:
The SSL/TLS protocol is implemented to provide a secure communication channel to ensure the confidentiality, integrity and authentication of data during transmission.
Implemented the SSL/TLS handshake protocol for establishing secure connections and negotiating encryption algorithms and keys.
Implemented the SSL/TLS record protocol, which is used to split application layer data into records and encrypt and transmit them according to the protocol requirements.
Provides SSL/TLS related data structures and functions, such as SSL context, SSL connection, handshake phase functions, etc.
Supports SSL/TLS client and server programming interfaces to facilitate applications for SSL/TLS communication.
It should be noted that the crypto module provides cryptography-related functions, while the ssl module is built on the crypto module and uses the cryptography library to implement the SSL/TLS protocol. Through OpenSSL's crypto and ssl modules, developers can implement various cryptographic functions and secure communication mechanisms in their applications.
two. OpenSSL's crypto module provides many main interfaces for performing various cryptography-related operations. Here are some of the main crypto interfaces:
Hash function interface:
EVP_MD_CTX_new() and EVP_MD_CTX_free(): Create and release hash function context.
EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal(): Initialize, update and complete hash calculations.
EVP_MD_size(): Get the output byte length of the hash digest.
Symmetric encryption interface:
EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(): Create and release symmetric encryption algorithm context.
EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal(): Initialize, update and complete the encryption or decryption operation of the symmetric encryption algorithm.
EVP_CIPHER_key_length() and EVP_CIPHER_iv_length(): Get the key length and initialization vector length of the symmetric encryption algorithm.
Random number generation interface:
RAND_bytes(): Generates a sequence of random number bytes.
RAND_pseudo_bytes(): Generates a pseudo-random number byte sequence.
Public key encryption interface:
EVP_PKEY_new() and EVP_PKEY_free(): Create and release public key (or private key) objects.
EVP_PKEY_encrypt() and EVP_PKEY_decrypt(): Use the public key (or private key) to encrypt or decrypt data.
Digital signature interface:
EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal(): Initialize, update and complete digital signature operations.
EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal(): Initialize, update and complete digital signature verification operations.
Key pair and certificate operations:
RSA_generate_key(): Generate RSA key pair.
EVP_PKEY_assign_RSA(): Assign the RSA key pair to the EVP_PKEY object.
EVP_PKEY_get1_RSA(): Get the RSA key pair from the EVP_PKEY object.
PEM_write_X509(): Write the certificate in X.509 format to the file.
These are just a few examples of the interfaces provided by the crypto module; there are actually many other functions and data structures that can be used to perform different types of cryptographic operations. Developers can learn more detailed interface information through OpenSSL's official documentation and header files.
three.
The SSL module is the part of OpenSSL used to implement the SSL/TLS protocol. It provides a series of interfaces to support SSL/TLS secure communication. The following are the main interfaces provided by some SSL modules:
-
Context operation interface:
SSL_CTX_new()andSSL_CTX_free(): Create and release SSL context objects.SSL_CTX_set_options()andSSL_CTX_clear_options(): Options for setting and clearing the SSL context.SSL_CTX_use_certificate_file()andSSL_CTX_use_PrivateKey_file(): Set the certificate and private key of the SSL context.SSL_CTX_load_verify_locations(): Set the CA certificate location of the SSL context.
-
Connection operation interface:
SSL_new()andSSL_free(): Create and release SSL connection objects.SSL_set_fd()andSSL_get_fd(): Associate and obtain the socket file descriptor of the SSL connection.SSL_connect()andSSL_accept(): Establish SSL connections on the client and server sides.SSL_read()andSSL_write(): Reading and writing data on SSL encrypted channels.SSL_shutdown(): Close the SSL connection gracefully.
-
Handshake operation interface:
SSL_set_connect_state()andSSL_set_accept_state(): Set the handshake status of SSL connection.SSL_do_handshake(): Execute the handshake process of SSL connection.
-
Encryption and Verification interface:
SSL_get_cipher()andSSL_get_cipher_list(): Get the list of encryption algorithms and cipher suites used by SSL connections.SSL_get_peer_certificate()andSSL_get_peer_cert_chain(): Get the peer's certificate and certificate chain.SSL_get_verify_result(): Get the result of verifying the peer certificate.
These are just a few examples of the interfaces provided by the SSL module; there are many other functions and data structures that can be used to configure and operate SSL/TLS connections. Developers can learn more detailed interface information through OpenSSL's official documentation and header files.