Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CRYPTO(3)	       FreeBSD Library Functions Manual		     CRYPTO(3)

NAME
     crypto -- OpenSSL cryptographic library

DESCRIPTION
     The OpenSSL crypto	library	implements a wide range	of cryptographic algo-
     rithms used in various Internet standards.	 The services provided by this
     library are used by the OpenSSL implementations of	TLS and	S/MIME,	and
     they have also been used to implement SSH,	OpenPGP, and other crypto-
     graphic standards.

     Symmetric ciphers including AES, Blowfish,	CAST, ChaCha20,	IDEA, DES,
     RC2, and RC4 are provided by the generic interface	EVP_EncryptInit(3).
     Low-level stand-alone interfaces include AES_encrypt(3), BF_set_key(3),
     ChaCha(3),	DES_set_key(3),	and RC4(3).

     Public key	cryptography and key agreement are provided by DH_new(3),
     ECDH_compute_key(3), X25519(3), DSA_new(3), ECDSA_SIG_new(3), RSA_new(3),
     and EVP_PKEY_new(3).

     Certificates are handled by X509_new(3) and X509v3_add_ext(3).

     Authentication codes and hash functions offered include
     EVP_DigestInit(3),	CMAC_Init(3), HMAC(3), MD4(3), MD5(3), RIPEMD160(3),
     SHA1(3), and SHA256(3).

     Input, output, and	data encoding facilities include ASN1_TYPE_get(3),
     BIO_new(3), CMS_ContentInfo_new(3), evp(3), EVP_EncodeInit(3),
     PEM_read(3), PKCS7_encrypt(3), PKCS7_sign(3), PKCS12_create(3), and
     SMIME_write_PKCS7(3).

     Auxiliary features	include:
     -	 configuration file handling: see OPENSSL_config(3)
     -	 error reporting: see ERR(3)
     -	 OCSP_REQUEST_new(3)
     -	 UI_new(3)

     Internal utilities	include	BIO_f_buffer(3), BN_new(3), EC_GROUP_new(3),
     lh_new(3),	and STACK_OF(3).

NAMING CONVENTIONS
     Elements used in the names	of API functions include the following:

     add0    See "set0"	below.

     add1    See "set1"	below.

     BIO     basic input and/or	output abstraction: The	function manipulates
	     objects of	the idiosyncratic OpenSSL BIO object type.  See
	     BIO_new(3).

     bio     The function uses a BIO object for	input or output.  In many
	     cases, simpler variants of	the function are available that	oper-
	     ate directly on <stdio.h> FILE objects or directly	in RAM,	usu-
	     ally using	byte arrays.

     BIO_f_  filter BIO: The function returns a	pointer	to a static built-in
	     object that, when passed to BIO_new(3), results in	the creation
	     of	a BIO object that can write data to and/or read	data from an-
	     other BIO object.

     BIO_s_  source and/or sink	BIO: The function returns a pointer to a
	     static built-in object that, when passed to BIO_new(3), results
	     in	the creation of	a BIO object that can write data to an exter-
	     nal destination and/or read data from an external source, for ex-
	     ample a file descriptor or	object,	a memory buffer, or the	net-
	     work.

     BN	     big number: The function operates on BIGNUM objects representing
	     integer numbers of	variable, almost unlimited size.  See
	     BN_new(3).

     cb	     callback: The function takes or returns a function	pointer	that
	     is	called by API functions	from inside the	library.  The function
	     pointed to	may be defined by the application program.  In some
	     cases, API	functions with "cb" in their name may return function
	     pointers to internal functions defined inside the library that
	     are not API functions.  The element "cb" is also used in the
	     names of some function pointer datatypes declared with typedef.
	     In	a small	number of cases, the all caps form "CB"	is used	with
	     the same meaning.

     CTX     context: The function operates on a wrapper object	around another
	     object.  The purposes and properties of such "CTX"	wrapper	ob-
	     jects vary	wildly depending on the	objects	in question.  A	few
	     function names use	the lower case form "ctx" in the same sense.

     d2i     DER to internal: The function decodes input conforming to ASN.1
	     basic encoding rules (BER)	and either stores the result in	an ex-
	     isting object or in a newly allocated object.  The	latter is usu-
	     ally preferable because creating a	new object is more robust and
	     less error	prone.	In spite of the	name, the input	usually	does
	     not need to conform to ASN.1 distinguished	encoding rules (DER),
	     which are more restrictive	than BER.

     EVP     digital EnVeloPe library: See evp(3).

     ex	     This name element is used for two completely unrelated purposes.

	     extended version: The function is similar to an older function
	     without the "ex" in its name, but takes one or more additional
	     arguments in order	to make	it more	versatile.  In several cases,
	     the older version is now deprecated.

	     extra data: Some object types support storing additional, appli-
	     cation-specific data inside objects in addition to	the data the
	     object is designed	to hold.  The function sets, retrieves,	or
	     prepares for using	such extra data.  Related function names usu-
	     ally contain "ex_data" or "ex_new_index".	See
	     CRYPTO_set_ex_data(3).

     fp	     file pointer: The function	takes a	FILE * argument.  Usually, the
	     function is a variant of another function taking a	BIO * argument
	     instead.

     i2d     internal to DER: The function encodes an object passed as an ar-
	     gument according to ASN.1 distinguished encoding rules (DER).
	     There are a few rare exceptions of	functions that have "i2d" in
	     their name	but produce output anyway that only conforms to	ASN.1
	     basic encoding rules (BER)	and not	to DER.

     get0    The function returns an internal pointer owned by the object
	     passed as an argument.  The returned pointer must not be freed by
	     the calling code.	It will	be freed automatically when the	object
	     owning the	pointer	will be	freed.

     get1    The function returns a copy of a sub-object of an object passed
	     as	an argument.  The caller is responsible	for freeing the	re-
	     turned object when	it is no longer	needed.

	     If	the object type	is reference counted, usually the reference
	     count is incremented instead of copying the object.  Conse-
	     quently, modifying	the returned object may	still impact all ob-
	     jects containing references to it.	 The caller is responsible for
	     freeing the returned object when it is no longer needed; for ref-
	     erence-counted objects still referenced elsewhere,	this will
	     merely decrement the reference count.

     get     Functions containing "get"	in their name without a	following
	     digit may behave in "get0"	or, more rarely, in "get1" style.  To
	     find out which is the case, refer to the individual manual	pages.

     lh	     linear hash: The function manipulates a dynamic hash table.  See
	     lh_new(3).

     md	     message digest.  Some function names use the all caps form	"MD"
	     in	the same sense.

     meth    The function manipulates an object	holding	a function table.
	     Usually, such function tables allow the application program to
	     implement additional cryptographic	or I/O algorithms and to use
	     them with the same	high-level API functions as the	algorithms
	     provided by the library itself, or	to replace the implementations
	     of	algorithms provided by the library with	custom implementations
	     provided by the application program.  Some	API functions use the
	     name elements "method" or "METHOD"	in the same sense.  See	also
	     the "cb" entry in the present list.

     ndef    indefinite	length form: The function encodes according to ASN.1
	     basic encoding rules (BER)	using the indefinite length form.
	     Even if the function name also includes "i2d", the	output does
	     not conform to ASN.1 distinguished	encoding rules (DER).  See
	     ASN1_item_ndef_i2d(3).  Some function names contain the all caps
	     version "NDEF" with the same meaning.

     nid     numerical identifier: A non-standard, LibreSSL-specific int num-
	     ber associated with an ASN.1 object identifier.  In several
	     cases, the	all caps form "NID" is used in the same	sense.	See
	     OBJ_nid2obj(3).

     obj     This name element and its all caps	form "OBJ" usually refer to
	     ASN.1 object identifiers represented by the ASN1_OBJECT data
	     type.  See	ASN1_OBJECT_new(3).

     PKEY    In	most cases, this name element and its lower case form "pkey"
	     mean "private key", but for both forms, there are some cases
	     where they	mean "public key" instead.

     set0    The function transfers ownership of a pointer passed as an	argu-
	     ment to an	object passed as another argument, by storing the
	     pointer inside the	object.	 The transferred pointer must not be
	     freed by the calling code.	 It will be freed automatically	when
	     the object	now owning the pointer will be freed.

     set1    The function copies the content of	one object passed as an	argu-
	     ment into another object also passed as an	argument.  When	the
	     calling code no longer needs the copied object, it	can free that
	     object.

	     In	some cases, if the object to be	copied is reference counted,
	     the function does not actually copy the object but	merely incre-
	     ments its reference count and stores the pointer to it in the
	     other object.  When the calling code no longer needs its original
	     pointer to	the now	inner object, it can free the original
	     pointer, thus decrementing	the reference count of the inner ob-
	     ject and transferring ownership of	the inner object to the	outer
	     object.  The inner	object will then be freed automatically	when
	     the outer object is freed later on.

     set     Functions containing "set"	in their name without a	following
	     digit may behave in "set0"	or, more rarely, in "set1" style.  To
	     find out which is the case, refer to the individual manual	pages.

     sk	     stack: The	function manipulates a variable-sized array of point-
	     ers in the	idiosyncratic style described in OPENSSL_sk_new(3).

     TS	     X.509 time-stamp protocol:	See TS_REQ_new(3).

     up_ref  The function increments the reference count of the	argument by
	     one.  Only	a minority of object types support reference counting.
	     For those that do,	if the reference count is greater than one,
	     the corresponding "free" function reverses	the effect of one call
	     to	the "up_ref" function rather than freeing the object.

SEE ALSO
     openssl(1), ssl(3)

FreeBSD	13.0		       February	4, 2022			  FreeBSD 13.0

NAME | DESCRIPTION | NAMING CONVENTIONS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=crypto&sektion=3&manpath=FreeBSD+13.1-RELEASE+and+Ports>

home | help