Table of Contents

179.1. openssl Command Line Tool

openssl — OpenSSL command line tool

asn1parse — ASN.1 parsing tool

ca — sample minimal CA application

ciphers — SSL cipher display and cipher list tool.

cms — CMS utility

crl — CRL utility

crl2pkcs7 — Create a PKCS#7 structure from a CRL and certificates.

dgst — message digests

dhparam — DH parameter manipulation and generation

dsa — DSA key processing

dsaparam — DSA parameter manipulation and generation

ec — EC key processing

ecparam — EC parameter manipulation and generation

enc — symmetric cipher routines

errstr — lookup error codes

gendsa — generate a DSA private key from a set of parameters

genpkey — generate a private key

genrsa — generate an RSA private key

nseq — create or examine a netscape certificate sequence

ocsp — Online Certificate Status Protocol utility

passwd — compute password hashes

pkcs12 — PKCS#12 file utility

pkcs7 — PKCS#7 utility

pkcs8 — PKCS#8 format private key conversion tool

pkey — public or private key processing tool

pkeyparam — public key algorithm parameter processing tool

pkeyutl — public key algorithm utility

rand — generate pseudo-random bytes

req — PKCS#10 certificate request and certificate generating utility.

rsa — RSA key processing tool

rsautl — RSA utility

s_client — SSL/TLS client program

s_server — SSL/TLS server program

s_time — SSL/TLS performance timing program

sess_id — SSL/TLS session handling utility

smime — S/MIME utility

speed — test library performance

spkac — SPKAC printing and generating utility

ts — Time Stamping Authority tool (client/server)

verify — Utility to verify certificates.

version — print OpenSSL version information

x509 — Certificate display and signing utility

config — OpenSSL CONF library configuration files

x509v3_config — X509 V3 certificate extension configuration format

179.2. Cryptographic functions

crypto — OpenSSL cryptographic library

ASN1_generate_nconf — ASN1 generation functions

ASN1_OBJECT_new — object allocation functions

ASN1_STRING_length — ASN1_STRING utility functions

ASN1_STRING_new — ASN1_STRING allocation functions

ASN1_STRING_print_ex — ASN1_STRING output routines.

bio — I/O abstraction

BIO_ctrl — BIO control operations

BIO_f_base64 — base64 BIO filter

BIO_f_buffer — buffering BIO

BIO_f_cipher — cipher BIO filter

BIO_find_type — BIO chain traversal

BIO_f_md — message digest BIO filter

BIO_f_null — null filter

BIO_f_ssl — SSL BIO

BIO_new_CMS — CMS streaming filter BIO

BIO_new — BIO allocation and freeing functions

BIO_push — add and remove BIOs from a chain.

BIO_read — BIO I/O functions

BIO_s_accept — accept BIO

BIO_s_bio — BIO pair BIO

BIO_s_connect — connect BIO

BIO_set_callback — BIO callback functions

BIO_s_fd — file descriptor BIO

BIO_s_file — FILE bio

BIO_should_retry — BIO retry functions

BIO_s_mem — memory BIO

BIO_s_null — null data sink

BIO_s_socket — socket BIO

blowfish — Blowfish encryption

bn — multiprecision integer arithmetics

bn_internal — BIGNUM library internal functions

BN_add — arithmetic operations on BIGNUMs

BN_add_word — arithmetic functions on BIGNUMs with integers

BN_BLINDING_new — blinding related BIGNUM functions.

BN_bn2bin — format conversions

BN_cmp — BIGNUM comparison and test functions

BN_copy — copy BIGNUMs

BN_CTX_new — allocate and free BN_CTX structures

BN_CTX_start — use temporary BIGNUM variables

BN_generate_prime — generate primes and test for primality

BN_mod_inverse — compute inverse modulo n

BN_mod_mul_montgomery — Montgomery multiplication

BN_mod_mul_reciprocal — modular multiplication using reciprocal

BN_new — allocate and free BIGNUMs

BN_num_bytes — get BIGNUM size

BN_rand — generate pseudo-random number

BN_set_bit — bit operations on BIGNUMs

BN_swap — exchange BIGNUMs

BN_zero — BIGNUM assignment operations

buffer — simple character array structure, with some standard C library equivalents

CMS_add0_cert — CMS certificate and CRL utility functions

CMS_add1_recipient_cert — add recipients to a CMS enveloped data structure

CMS_compress — create a CMS CompressedData structure

CMS_decrypt — decrypt content from a CMS envelopedData structure

CMS_encrypt — create a CMS envelopedData structure

CMS_final — finalise a CMS_ContentInfo structure

CMS_get0_RecipientInfos — CMS envelopedData RecipientInfo routines

CMS_get0_SignerInfos — CMS signedData signer functions.

CMS_get0_type — get and set CMS content types and content

CMS_get1_ReceiptRequest — CMS signed receipt request functions.

CMS_add1_signer — add a signer to a CMS_ContentInfo signed data structure.

CMS_sign — create a CMS SignedData structure

CMS_sign_receipt — create a CMS signed receipt

CMS_uncompress — uncompress a CMS CompressedData structure

CMS_verify — verify a CMS SignedData structure

CMS_verify_receipt — verify a CMS signed receipt

CONF_modules_free — OpenSSL configuration cleanup functions

CONF_modules_load_file — OpenSSL configuration functions

CRYPTO_set_ex_data — internal application specific data functions

d2i_ASN1_OBJECT — ASN1 OBJECT IDENTIFIER functions

d2i_CMS_ContentInfo — CMS ContentInfo functions

d2i_DHparams — PKCS#3 DH parameter functions.

d2i_DSAPublicKey — DSA key encoding and parsing functions.

d2i_ECPrivateKey — Encode and decode functions for saving and reading EC_KEY structures

d2i_PKCS8PrivateKey — PKCS#8 format private key functions

d2i_PrivateKey — decode and encode functions for reading and saving EVP_PKEY structures.

d2i_RSAPublicKey — RSA public and private key encoding functions.

d2i_X509_ALGOR — AlgorithmIdentifier functions.

d2i_X509_CRL — PKCS#10 certificate request functions.

d2i_X509_NAME — X509_NAME encoding functions

d2i_X509 — X509 encode and decode functions

d2i_X509_REQ — PKCS#10 certificate request functions.

d2i_X509_SIG — DigestInfo functions.

des — DES encryption

des_modes — the variants of DES and other crypto algorithms of OpenSSL

dh — Diffie-Hellman key agreement

DH_generate_key — perform Diffie-Hellman key exchange

DH_generate_parameters — generate and check Diffie-Hellman parameters

DH_get_ex_new_index — add application specific data to DH structures

DH_new — allocate and free DH objects

DH_set_method — select DH method

DH_size — get Diffie-Hellman prime size

dsa — Digital Signature Algorithm

DSA_do_sign — raw DSA signature operations

DSA_dup_DH — create a DH structure out of DSA structure

DSA_generate_key — generate DSA key pair

DSA_generate_parameters — generate DSA parameters

DSA_get_ex_new_index — add application specific data to DSA structures

DSA_new — allocate and free DSA objects

DSA_set_method — select DSA method

DSA_SIG_new — allocate and free DSA signature objects

DSA_sign — DSA signatures

DSA_size — get DSA signature size

ecdsa — Elliptic Curve Digital Signature Algorithm

engine — ENGINE cryptographic module support

err — error codes

ERR_clear_error — clear the error queue

ERR_error_string — obtain human-readable error message

ERR_get_error — obtain error code and data

ERR_GET_LIB — get library, function and reason code

ERR_load_crypto_strings — load and free error strings

ERR_load_strings — load arbitrary error strings

ERR_print_errors — print error messages

ERR_put_error — record an error

ERR_remove_state — free a thread's error queue

ERR_set_mark — set marks and pop errors until mark

evp — high-level cryptographic functions

EVP_BytesToKey — password based encryption routine

EVP_DigestInit — EVP digest routines

EVP_DigestSignInit — EVP signing functions

EVP_DigestVerifyInit — EVP signature verification functions

EVP_EncodeInit — EVP base 64 encode/decode routines

EVP_EncryptInit — EVP cipher routines

EVP_OpenInit — EVP envelope decryption

EVP_PKEY_cmp — public key parameter and comparison functions

EVP_PKEY_CTX_ctrl — algorithm specific control operations

EVP_PKEY_CTX_new — public key algorithm context functions.

EVP_PKEY_decrypt — decrypt using a public key algorithm

EVP_PKEY_derive — derive public key algorithm shared secret.

EVP_PKEY_encrypt — encrypt using a public key algorithm

EVP_PKEY_get_default_digest — get default signature digest

EVP_PKEY_keygen — key and parameter generation functions

EVP_PKEY_new — private key allocation functions.

EVP_PKEY_print_private — public key algorithm printing routines.

EVP_PKEY_set1_RSA — EVP_PKEY assignment functions.

EVP_PKEY_sign — sign using a public key algorithm

EVP_PKEY_verify — signature verification using a public key algorithm

EVP_PKEY_verify_recover — recover signature using a public key algorithm

EVP_SealInit — EVP envelope encryption

EVP_SignInit — EVP signing functions

EVP_VerifyInit — EVP signature verification functions

hmac — HMAC message authentication code

i2d_CMS_bio_stream — output CMS_ContentInfo structure in BER format.

i2d_PKCS7_bio_stream — output PKCS7 structure in BER format.

lhash — dynamic hash table

lh_stats — LHASH statistics

md5 — MD2, MD4, and MD5 hash functions

mdc2 — MDC2 hash function

OBJ_nid2obj — ASN1 object utility functions

OpenSSL_add_all_algorithms — add algorithms to internal table

OPENSSL_Applink — glue between OpenSSL BIO and Win32 compiler run-time

OPENSSL_config — simple OpenSSL configuration functions

OPENSSL_ia32cap — finding the IA-32 processor capabilities

OPENSSL_load_builtin_modules — add standard configuration modules

OPENSSL_VERSION_NUMBER — get OpenSSL version number

pem — PEM routines

PEM_write_bio_CMS_stream — output CMS_ContentInfo structure in PEM format.

PEM_write_bio_PKCS7_stream — output PKCS7 structure in PEM format.

PKCS12_create — create a PKCS#12 structure

PKCS12_parse — parse a PKCS#12 structure

PKCS7_decrypt — decrypt content from a PKCS#7 envelopedData structure

PKCS7_encrypt — create a PKCS#7 envelopedData structure

PKCS7_sign_add_signer — add a signer PKCS7 signed data structure.

PKCS7_sign — create a PKCS#7 signedData structure

PKCS7_verify — verify a PKCS#7 signedData structure

rand — pseudo-random number generator

RAND_add — add entropy to the PRNG

RAND_bytes — generate random data

RAND_cleanup — erase the PRNG state

RAND_egd — query entropy gathering daemon

RAND_load_file — PRNG seed file

RAND_set_rand_method — select RAND method

rc4 — RC4 encryption

ripemd — RIPEMD-160 hash function

rsa — RSA public key cryptosystem

RSA_blinding_on — protect the RSA operation from timing attacks

RSA_check_key — validate private RSA keys

RSA_generate_key — generate RSA key pair

RSA_get_ex_new_index — add application specific data to RSA structures

RSA_new — allocate and free RSA objects

RSA_padding_add_PKCS1_type_1 — asymmetric encryption padding

RSA_print — print cryptographic parameters

RSA_private_encrypt — low level signature operations

RSA_public_encrypt — RSA public key cryptography

RSA_set_method — select RSA method

RSA_sign_ASN1_OCTET_STRING — RSA signatures

RSA_sign — RSA signatures

RSA_size — get RSA modulus size

sha — Secure Hash Algorithm

SMIME_read_CMS — parse S/MIME message.

SMIME_read_PKCS7 — parse S/MIME message.

SMIME_write_CMS — convert CMS structure to S/MIME format.

SMIME_write_PKCS7 — convert PKCS#7 structure to S/MIME format.

threads — OpenSSL thread support

ui_compat — Compatibility user interface functions

ui — New User Interface

x509 — X.509 certificate handling

X509_NAME_add_entry_by_txt — X509_NAME modification functions

X509_NAME_ENTRY_get_object — X509_NAME_ENTRY utility functions

X509_NAME_get_index_by_NID — X509_NAME lookup and enumeration functions

X509_NAME_print_ex — X509_NAME printing routines.

X509_new — X509 certificate ASN1 allocation functions

X509_STORE_CTX_get_error — get or set certificate verification status information

X509_STORE_CTX_get_ex_new_index — add application specific data to X509_STORE_CTX structures

X509_STORE_CTX_new — X509_STORE_CTX initialisation

X509_STORE_CTX_set_verify_cb — set verification callback

X509_STORE_set_verify_cb_func — set verification callback

X509_verify_cert — discover and verify X509 certificte chain

X509_VERIFY_PARAM_set_flags — X509 verification parameters

179.3. SSL Functions

ssl — OpenSSL SSL/TLS library

d2i_SSL_SESSION — convert SSL_SESSION object from/to ASN1 representation

SSL_accept — wait for a TLS/SSL client to initiate a TLS/SSL handshake

SSL_alert_type_string — get textual description of alert information

SSL_CIPHER_get_name — get SSL_CIPHER properties

SSL_clear — reset SSL object to allow another connection

SSL_COMP_add_compression_method — handle SSL/TLS integrated compression methods

SSL_connect — initiate the TLS/SSL handshake with an TLS/SSL server

SSL_CTX_add_extra_chain_cert — add or clear extra chain certificates

SSL_CTX_add_session — manipulate session cache

SSL_CTX_ctrl — internal handling functions for SSL_CTX and SSL objects

SSL_CTX_flush_sessions — remove expired sessions

SSL_CTX_free — free an allocated SSL_CTX object

SSL_CTX_get_ex_new_index — internal application specific data functions

SSL_CTX_get_verify_mode — get currently set verification parameters

SSL_CTX_load_verify_locations — set default locations for trusted CA certificates

SSL_CTX_new — create a new SSL_CTX object as framework for TLS/SSL enabled functions

SSL_CTX_sessions — access internal session cache

SSL_CTX_sess_number — obtain session cache statistics

SSL_CTX_sess_set_cache_size — manipulate session cache size

SSL_CTX_sess_set_get_cb — provide callback functions for server side external session caching

SSL_CTX_set_cert_store — manipulate X509 certificate verification storage

SSL_CTX_set_cert_verify_callback — set peer certificate verification procedure

SSL_CTX_set_cipher_list — choose list of available SSL_CIPHERs

SSL_CTX_set_client_CA_list — set list of CAs sent to the client when requesting a client certificate

SSL_CTX_set_client_cert_cb — handle client certificate callback function

SSL_CTX_set_default_passwd_cb — set passwd callback for encrypted PEM file handling

SSL_CTX_set_generate_session_id — manipulate generation of SSL session IDs (server only)

SSL_CTX_set_info_callback — handle information callback for SSL connections

SSL_CTX_set_max_cert_list — manipulate allowed for the peer's certificate chain

SSL_CTX_set_mode — manipulate SSL engine mode

SSL_CTX_set_msg_callback — install callback for observing protocol messages

SSL_CTX_set_options — manipulate SSL options

SSL_CTX_set_psk_client_callback — set PSK client callback

SSL_CTX_set_quiet_shutdown — manipulate shutdown behaviour

SSL_CTX_set_read_ahead — manage whether to read as many input bytes as possible

SSL_CTX_set_session_cache_mode — enable/disable session caching

SSL_CTX_set_session_id_context — set context within which session can be reused (server side only)

SSL_CTX_set_ssl_version — choose a new TLS/SSL method

SSL_CTX_set_timeout — manipulate timeout values for session caching

SSL_CTX_set_tlsext_status_cb — OCSP Certificate Status Request functions

SSL_CTX_set_tmp_dh_callback — handle DH keys for ephemeral key exchange

SSL_CTX_set_tmp_rsa_callback — handle RSA keys for ephemeral key exchange

SSL_CTX_set_verify — set peer certificate verification parameters

SSL_CTX_use_certificate — load certificate and key data

SSL_CTX_use_psk_identity_hint — set PSK identity hint to use

SSL_do_handshake — perform a TLS/SSL handshake

SSL_free — free an allocated SSL structure

SSL_get_ciphers — get list of available SSL_CIPHERs

SSL_get_client_CA_list — get list of client CAs

SSL_get_current_cipher — get SSL_CIPHER of a connection

SSL_get_default_timeout — get default session timeout value

SSL_get_error — obtain result code for TLS/SSL I/O operation

SSL_get_ex_data_X509_STORE_CTX_idx — get ex_data index to access SSL structure from X509_STORE_CTX

SSL_get_ex_new_index — internal application specific data functions

SSL_get_fd — get file descriptor linked to an SSL object

SSL_get_peer_cert_chain — get the X509 certificate chain of the peer

SSL_get_peer_certificate — get the X509 certificate of the peer

SSL_get_psk_identity — get PSK client identity and hint

SSL_get_rbio — get BIO linked to an SSL object

SSL_get_session — retrieve TLS/SSL session data

SSL_get_SSL_CTX — get the SSL_CTX from which an SSL is created

SSL_get_verify_result — get result of peer certificate verification

SSL_get_version — get the protocol version of a connection.

SSL_library_init — initialize SSL library by registering algorithms

SSL_load_client_CA_file — load certificate names from file

SSL_new — create a new SSL structure for a connection

SSL_pending — obtain number of readable bytes buffered in an SSL object

SSL_read — read bytes from a TLS/SSL connection.

SSL_rstate_string — get textual description of state of an SSL object during read operation

SSL_SESSION_free — free an allocated SSL_SESSION structure

SSL_SESSION_get_ex_new_index — internal application specific data functions

SSL_SESSION_get_time — retrieve and manipulate session time and timeout settings

SSL_session_reused — query whether a reused session was negotiated during handshake

SSL_set_bio — connect the SSL object with a BIO

SSL_set_connect_state — prepare SSL object to work in client or server mode

SSL_set_fd — connect the SSL object with a file descriptor

SSL_set_session — set a TLS/SSL session to be used during TLS/SSL connect

SSL_set_shutdown — manipulate shutdown state of an SSL connection

SSL_set_verify_result — override result of peer certificate verification

SSL_shutdown — shut down a TLS/SSL connection

SSL_state_string — get textual description of state of an SSL object

SSL_want — obtain state information TLS/SSL I/O operation

SSL_write — write bytes to a TLS/SSL connection.