FreeBSD Manual Pages
CRYPTO(3) Library Functions Manual CRYPTO(3) NAME crypto -- OpenSSL cryptographic library DESCRIPTION The OpenSSL crypto library implements a wide range of cryptographic al- gorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of TLS and S/MIME, and they have also been used to implement SSH, OpenPGP, and other cryp- tographic standards. Symmetric ciphers including AES, Blowfish, CAST, ChaCha20, IDEA, DES, RC2, and RC4 are provided by the generic interface EVP_EncryptInit(3). Low-level stand-alone interfaces include AES_encrypt(3), BF_set_key(3), ChaCha(3), DES_set_key(3), RC2_encrypt(3), and RC4(3). Public key cryptography and key agreement are provided by DH_new(3), ECDH_compute_key(3), X25519(3), DSA_new(3), ECDSA_SIG_new(3), RSA_new(3), and EVP_PKEY_new(3). Certificates are handled by X509_new(3) and X509v3_add_ext(3). Authentication codes and hash functions offered include EVP_DigestInit(3), CMAC_Init(3), HMAC(3), MD4(3), MD5(3), RIPEMD160(3), SHA1(3), and SHA256(3). Input, output, and data encoding facilities include ASN1_TYPE_get(3), BIO_new(3), CMS_ContentInfo_new(3), evp(3), EVP_EncodeInit(3), PEM_read(3), PKCS7_encrypt(3), PKCS7_sign(3), PKCS12_create(3), and SMIME_write_PKCS7(3). Auxiliary features include: - configuration file handling: see OPENSSL_config(3) - error reporting: see ERR(3) - OCSP_REQUEST_new(3) - UI_new(3) Internal utilities include BIO_f_buffer(3), BN_new(3), EC_GROUP_new_by_curve_name(3), lh_new(3), and STACK_OF(3). NAMING CONVENTIONS Elements used in the names of API functions include the following: add0 See "set0" below. add1 See "set1" below. BIO basic input and/or output abstraction: The function manipulates objects of the idiosyncratic OpenSSL BIO object type. See BIO_new(3). bio The function uses a BIO object for input or output. In many cases, simpler variants of the function are available that op- erate directly on <stdio.h> FILE objects or directly in RAM, usually using byte arrays. BIO_f_ filter BIO: The function returns a pointer to a static built-in object that, when passed to BIO_new(3), results in the creation of a BIO object that can write data to and/or read data from another BIO object. BIO_s_ source and/or sink BIO: The function returns a pointer to a static built-in object that, when passed to BIO_new(3), results in the creation of a BIO object that can write data to an ex- ternal destination and/or read data from an external source, for example a file descriptor or object, a memory buffer, or the network. BN big number: The function operates on BIGNUM objects represent- ing integer numbers of variable, almost unlimited size. See BN_new(3). cb callback: The function takes or returns a function pointer that is called by API functions from inside the library. The func- tion pointed to may be defined by the application program. In some cases, API functions with "cb" in their name may return function pointers to internal functions defined inside the li- brary that are not API functions. The element "cb" is also used in the names of some function pointer datatypes declared with typedef. In a small number of cases, the all caps form "CB" is used with the same meaning. CTX context: The function operates on a wrapper object around an- other object. The purposes and properties of such "CTX" wrap- per objects vary wildly depending on the objects in question. A few function names use the lower case form "ctx" in the same sense. d2i DER to internal: The function decodes input conforming to ASN.1 basic encoding rules (BER) and either stores the result in an existing object or in a newly allocated object. The latter is usually preferable because creating a new object is more robust and less error prone. In spite of the name, the input usually does not need to conform to ASN.1 distinguished encoding rules (DER), which are more restrictive than BER. EVP digital EnVeloPe library: See evp(3). ex This name element is used for two completely unrelated pur- poses. extended version: The function is similar to an older function without the "ex" in its name, but takes one or more additional arguments in order to make it more versatile. In several cases, the older version is now deprecated. extra data: Some object types support storing additional, ap- plication-specific data inside objects in addition to the data the object is designed to hold. The function sets, retrieves, or prepares for using such extra data. Related function names usually contain "ex_data" or "ex_new_index". See CRYPTO_set_ex_data(3). fp file pointer: The function takes a FILE * argument. Usually, the function is a variant of another function taking a BIO * argument instead. i2d internal to DER: The function encodes an object passed as an argument according to ASN.1 distinguished encoding rules (DER). There are a few rare exceptions of functions that have "i2d" in their name but produce output anyway that only conforms to ASN.1 basic encoding rules (BER) and not to DER. get0 The function returns an internal pointer owned by the object passed as an argument. The returned pointer must not be freed by the calling code. It will be freed automatically when the object owning the pointer will be freed. get1 The function returns a copy of a sub-object of an object passed as an argument. The caller is responsible for freeing the re- turned object when it is no longer needed. If the object type is reference counted, usually the reference count is incremented instead of copying the object. Conse- quently, modifying the returned object may still impact all ob- jects containing references to it. The caller is responsible for freeing the returned object when it is no longer needed; for reference-counted objects still referenced elsewhere, this will merely decrement the reference count. get Functions containing "get" in their name without a following digit may behave in "get0" or, more rarely, in "get1" style. To find out which is the case, refer to the individual manual pages. lh linear hash: The function manipulates a dynamic hash table. See lh_new(3). md message digest. Some function names use the all caps form "MD" in the same sense. meth The function manipulates an object holding a function table. Usually, such function tables allow the application program to implement additional cryptographic or I/O algorithms and to use them with the same high-level API functions as the algorithms provided by the library itself, or to replace the implementa- tions of algorithms provided by the library with custom imple- mentations provided by the application program. Some API func- tions use the name elements "method" or "METHOD" in the same sense. See also the "cb" entry in the present list. nid numerical identifier: A non-standard, LibreSSL-specific int number associated with an ASN.1 object identifier. In several cases, the all caps form "NID" is used in the same sense. See OBJ_nid2obj(3). obj This name element and its all caps form "OBJ" usually refer to ASN.1 object identifiers represented by the ASN1_OBJECT data type. See ASN1_OBJECT_new(3). PKEY In most cases, this name element and its lower case form "pkey" mean "private key", but for both forms, there are some cases where they mean "public key" instead. set0 The function transfers ownership of a pointer passed as an ar- gument to an object passed as another argument, by storing the pointer inside the object. The transferred pointer must not be freed by the calling code. It will be freed automatically when the object now owning the pointer will be freed. set1 The function copies the content of one object passed as an ar- gument into another object also passed as an argument. When the calling code no longer needs the copied object, it can free that object. In some cases, if the object to be copied is reference counted, the function does not actually copy the object but merely in- crements its reference count and stores the pointer to it in the other object. When the calling code no longer needs its original pointer to the now inner object, it can free the orig- inal pointer, thus decrementing the reference count of the in- ner object and transferring ownership of the inner object to the outer object. The inner object will then be freed automat- ically when the outer object is freed later on. set Functions containing "set" in their name without a following digit may behave in "set0" or, more rarely, in "set1" style. To find out which is the case, refer to the individual manual pages. sk stack: The function manipulates a variable-sized array of pointers in the idiosyncratic style described in OPENSSL_sk_new(3). TS X.509 time-stamp protocol: See TS_REQ_new(3). up_ref The function increments the reference count of the argument by one. Only a minority of object types support reference count- ing. For those that do, if the reference count is greater than one, the corresponding "free" function reverses the effect of one call to the "up_ref" function rather than freeing the ob- ject. SEE ALSO openssl(1), ssl(3) FreeBSD 15.0 April 25, 2025 CRYPTO(3)
NAME | DESCRIPTION | NAMING CONVENTIONS | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=crypto&manpath=FreeBSD+15.0-RELEASE+and+Ports.quarterly>