More secure storage of key material.

[openssl.git] / doc / crypto / BN_CTX_new.pod

=pod

=head1 NAME

BN_CTX_new, BN_CTX_secure_new, BN_CTX_init, BN_CTX_free - allocate and free BN_CTX structures

=head1 SYNOPSIS

 #include <openssl/bn.h>

 BN_CTX *BN_CTX_new(void);

 BN_CTX *BN_CTX_secure_new(void);

 void BN_CTX_free(BN_CTX *c);

=head1 DESCRIPTION

A B<BN_CTX> is a structure that holds B<BIGNUM> temporary variables used by
library functions. Since dynamic memory allocation to create B<BIGNUM>s
is rather expensive when used in conjunction with repeated subroutine
calls, the B<BN_CTX> structure is used.

BN_CTX_new() allocates and initializes a B<BN_CTX> structure.
BN_CTX_secure_new() allocates and initializes a B<BN_CTX> structure
but uses the secure heap (see L<CRYPTO_secure_malloc(3)>) to hold the
B<BIGNUM>s.

BN_CTX_free() frees the components of the B<BN_CTX>, and if it was
created by BN_CTX_new(), also the structure itself.
If L<BN_CTX_start(3)|BN_CTX_start(3)> has been used on the B<BN_CTX>,
L<BN_CTX_end(3)|BN_CTX_end(3)> must be called before the B<BN_CTX>
may be freed by BN_CTX_free().
If B<c> is NULL, nothing is done.

=head1 RETURN VALUES

BN_CTX_new() and BN_CTX_secure_new() return a pointer to the B<BN_CTX>.
If the allocation fails,
they return B<NULL> and sets an error code that can be obtained by
L<ERR_get_error(3)|ERR_get_error(3)>.

BN_CTX_free() has no return values.

=head1 REMOVED FUNCTIONALITY

 void BN_CTX_init(BN_CTX *c);

BN_CTX_init() is no longer available as of OpenSSL 1.1.0. Applications should
replace use of BN_CTX_init with BN_CTX_new instead:

 BN_CTX *ctx;
 ctx = BN_CTX_new();
 if(!ctx) /* Handle error */
 ...
 BN_CTX_free(ctx);

=head1 SEE ALSO

L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
L<BN_CTX_start(3)|BN_CTX_start(3)>

=head1 HISTORY

BN_CTX_new() and BN_CTX_free() are available in all versions on SSLeay
and OpenSSL. BN_CTX_init() was added in SSLeay 0.9.1b and removed in OpenSSL
1.1.0.

=cut