The OpenSSL crypto library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of TLS and S/MIME, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards.
Symmetric ciphers including AES, Blowfish, CAST, Chacha20, IDEA, DES, RC2, RC4, and RC5 are provided by the generic interface EVP_EncryptInit(3). Low-level stand-alone interfaces include BF_set_key(3), DES_set_key(3), and RC4(3).
Public key cryptography and key agreement are provided by DH_new(3), DSA_new(3), ECDSA_SIG_new(3), and RSA_new(3).
Certificates are handled by X509_new(3) and X509v3_add_ext(3).
Authentication codes and hash functions offered include HMAC(3), MD2(3), MD4(3), MD5(3), RIPEMD160(3), SHA1(3), and SHA256(3).
Input, output, and data encoding facilities include ASN.1, BIO_new(3), evp(3), PEM_read(3), PKCS7_encrypt(3), PKCS7_sign(3), PKCS12_create(3), and SMIME_write_PKCS7(3).
Auxiliary features include:
- configuration file handling: see OPENSSL_config(3)
- error reporting: see ERR(3)
- thread support: see CRYPTO_set_locking_callback(3)
Internal utilities include BIO_f_buffer(3), BN_new(3), EC_GROUP_new(3), lh_new(3).
Some of the newer functions follow a naming convention using the numbers ‘0’ and ‘1’. For example consider the names of these functions:
*crl, X509_REVOKED *rev);
*x, ASN1_OBJECT *obj);
The ‘0’ version uses the supplied structure pointer directly in the parent and it will be freed up when the parent is freed. In the above example crl would be freed but rev would not.
The ‘1’ function uses a copy of the supplied structure pointer (or in some cases increases its link count) in the parent and so both (x and obj above) should be freed up.