The OpenSSL crypto library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of TLS and S/MIME, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards.
Symmetric ciphers including AES, Blowfish, CAST, Chacha20, IDEA, DES, RC2, and RC4 are provided by the generic interface EVP_EncryptInit(3). Low-level stand-alone interfaces include AES_encrypt(3), BF_set_key(3), DES_set_key(3), and RC4(3).
Public key cryptography and key agreement are provided by DH_new(3), ECDH_compute_key(3), X25519(3), DSA_new(3), ECDSA_SIG_new(3), RSA_new(3), and EVP_PKEY_new(3).
Certificates are handled by X509_new(3) and X509v3_add_ext(3).
Authentication codes and hash functions offered include EVP_DigestInit(3), HMAC(3), MD4(3), MD5(3), RIPEMD160(3), SHA1(3), and SHA256(3).
Input, output, and data encoding facilities include ASN1_TYPE_get(3), BIO_new(3), CMS_ContentInfo_new(3), evp(3), EVP_EncodeInit(3), PEM_read(3), PKCS7_encrypt(3), PKCS7_sign(3), PKCS12_create(3), and SMIME_write_PKCS7(3).
Auxiliary features include:
- configuration file handling: see OPENSSL_config(3)
- error reporting: see ERR(3)
Internal utilities include BIO_f_buffer(3), BN_new(3), EC_GROUP_new(3), lh_new(3), and STACK_OF(3).
Some of the newer functions follow a naming convention using the numbers ‘0’ and ‘1’. For example consider the names of these functions:
*crl, X509_REVOKED *rev);
*x, ASN1_OBJECT *obj);
The ‘0’ version uses the supplied structure pointer directly in the parent and it will be freed up when the parent is freed. In the above example crl would be freed but rev would not.
The ‘1’ function uses a copy of the supplied structure pointer (or in some cases increases its link count) in the parent and so both (x and obj above) should be freed up.