Chapter 173. OpenSSL Manual

Table of Contents

173.1. openssl Command Line Tool
openssl — OpenSSL command line tool
asn1parse — ASN.1 parsing tool
ca — sample minimal CA application
ciphers — SSL cipher display and cipher list tool.
cms — CMS utility
crl — CRL utility
crl2pkcs7 — Create a PKCS#7 structure from a CRL and certificates.
dgst — message digests
dhparam — DH parameter manipulation and generation
dsa — DSA key processing
dsaparam — DSA parameter manipulation and generation
ec — EC key processing
ecparam — EC parameter manipulation and generation
enc — symmetric cipher routines
errstr — lookup error codes
gendsa — generate a DSA private key from a set of parameters
genpkey — generate a private key
genrsa — generate an RSA private key
nseq — create or examine a netscape certificate sequence
ocsp — Online Certificate Status Protocol utility
passwd — compute password hashes
pkcs12 — PKCS#12 file utility
pkcs7 — PKCS#7 utility
pkcs8 — PKCS#8 format private key conversion tool
pkey — public or private key processing tool
pkeyparam — public key algorithm parameter processing tool
pkeyutl — public key algorithm utility
rand — generate pseudo-random bytes
req — PKCS#10 certificate request and certificate generating utility.
rsa — RSA key processing tool
rsautl — RSA utility
s_client — SSL/TLS client program
s_server — SSL/TLS server program
s_time — SSL/TLS performance timing program
sess_id — SSL/TLS session handling utility
smime — S/MIME utility
speed — test library performance
spkac — SPKAC printing and generating utility
ts — Time Stamping Authority tool (client/server)
verify — Utility to verify certificates.
version — print OpenSSL version information
x509 — Certificate display and signing utility
config — OpenSSL CONF library configuration files
x509v3_config — X509 V3 certificate extension configuration format
173.2. Cryptographic functions
crypto — OpenSSL cryptographic library
ASN1_generate_nconf — ASN1 generation functions
ASN1_OBJECT_new — object allocation functions
ASN1_STRING_length — ASN1_STRING utility functions
ASN1_STRING_new — ASN1_STRING allocation functions
ASN1_STRING_print_ex — ASN1_STRING output routines.
bio — I/O abstraction
BIO_ctrl — BIO control operations
BIO_f_base64 — base64 BIO filter
BIO_f_buffer — buffering BIO
BIO_f_cipher — cipher BIO filter
BIO_find_type — BIO chain traversal
BIO_f_md — message digest BIO filter
BIO_f_null — null filter
BIO_f_ssl — SSL BIO
BIO_new_CMS — CMS streaming filter BIO
BIO_new — BIO allocation and freeing functions
BIO_push — add and remove BIOs from a chain.
BIO_read — BIO I/O functions
BIO_s_accept — accept BIO
BIO_s_bio — BIO pair BIO
BIO_s_connect — connect BIO
BIO_set_callback — BIO callback functions
BIO_s_fd — file descriptor BIO
BIO_s_file — FILE bio
BIO_should_retry — BIO retry functions
BIO_s_mem — memory BIO
BIO_s_null — null data sink
BIO_s_socket — socket BIO
blowfish — Blowfish encryption
bn — multiprecision integer arithmetics
bn_internal — BIGNUM library internal functions
BN_add — arithmetic operations on BIGNUMs
BN_add_word — arithmetic functions on BIGNUMs with integers
BN_BLINDING_new — blinding related BIGNUM functions.
BN_bn2bin — format conversions
BN_cmp — BIGNUM comparison and test functions
BN_copy — copy BIGNUMs
BN_CTX_new — allocate and free BN_CTX structures
BN_CTX_start — use temporary BIGNUM variables
BN_generate_prime — generate primes and test for primality
BN_mod_inverse — compute inverse modulo n
BN_mod_mul_montgomery — Montgomery multiplication
BN_mod_mul_reciprocal — modular multiplication using reciprocal
BN_new — allocate and free BIGNUMs
BN_num_bytes — get BIGNUM size
BN_rand — generate pseudo-random number
BN_set_bit — bit operations on BIGNUMs
BN_swap — exchange BIGNUMs
BN_zero — BIGNUM assignment operations
buffer — simple character array structure, with some standard C library equivalents
CMS_add0_cert — CMS certificate and CRL utility functions
CMS_add1_recipient_cert — add recipients to a CMS enveloped data structure
CMS_compress — create a CMS CompressedData structure
CMS_decrypt — decrypt content from a CMS envelopedData structure
CMS_encrypt — create a CMS envelopedData structure
CMS_final — finalise a CMS_ContentInfo structure
CMS_get0_RecipientInfos — CMS envelopedData RecipientInfo routines
CMS_get0_SignerInfos — CMS signedData signer functions.
CMS_get0_type — get and set CMS content types and content
CMS_get1_ReceiptRequest — CMS signed receipt request functions.
CMS_add1_signer — add a signer to a CMS_ContentInfo signed data structure.
CMS_sign — create a CMS SignedData structure
CMS_sign_receipt — create a CMS signed receipt
CMS_uncompress — uncompress a CMS CompressedData structure
CMS_verify — verify a CMS SignedData structure
CMS_verify_receipt — verify a CMS signed receipt
CONF_modules_free — OpenSSL configuration cleanup functions
CONF_modules_load_file — OpenSSL configuration functions
CRYPTO_set_ex_data — internal application specific data functions
d2i_CMS_ContentInfo — CMS ContentInfo functions
d2i_DHparams — PKCS#3 DH parameter functions.
d2i_DSAPublicKey — DSA key encoding and parsing functions.
d2i_ECPrivateKey — Encode and decode functions for saving and reading EC_KEY structures
d2i_PKCS8PrivateKey — PKCS#8 format private key functions
d2i_PrivateKey — decode and encode functions for reading and saving EVP_PKEY structures.
d2i_RSAPublicKey — RSA public and private key encoding functions.
d2i_X509_ALGOR — AlgorithmIdentifier functions.
d2i_X509_CRL — PKCS#10 certificate request functions.
d2i_X509_NAME — X509_NAME encoding functions
d2i_X509 — X509 encode and decode functions
d2i_X509_REQ — PKCS#10 certificate request functions.
d2i_X509_SIG — DigestInfo functions.
des — DES encryption
des_modes — the variants of DES and other crypto algorithms of OpenSSL
dh — Diffie-Hellman key agreement
DH_generate_key — perform Diffie-Hellman key exchange
DH_generate_parameters — generate and check Diffie-Hellman parameters
DH_get_ex_new_index — add application specific data to DH structures
DH_new — allocate and free DH objects
DH_set_method — select DH method
DH_size — get Diffie-Hellman prime size
dsa — Digital Signature Algorithm
DSA_do_sign — raw DSA signature operations
DSA_dup_DH — create a DH structure out of DSA structure
DSA_generate_key — generate DSA key pair
DSA_generate_parameters — generate DSA parameters
DSA_get_ex_new_index — add application specific data to DSA structures
DSA_new — allocate and free DSA objects
DSA_set_method — select DSA method
DSA_SIG_new — allocate and free DSA signature objects
DSA_sign — DSA signatures
DSA_size — get DSA signature size
ecdsa — Elliptic Curve Digital Signature Algorithm
engine — ENGINE cryptographic module support
err — error codes
ERR_clear_error — clear the error queue
ERR_error_string — obtain human-readable error message
ERR_get_error — obtain error code and data
ERR_GET_LIB — get library, function and reason code
ERR_load_crypto_strings — load and free error strings
ERR_load_strings — load arbitrary error strings
ERR_print_errors — print error messages
ERR_put_error — record an error
ERR_remove_state — free a thread's error queue
ERR_set_mark — set marks and pop errors until mark
evp — high-level cryptographic functions
EVP_BytesToKey — password based encryption routine
EVP_DigestInit — EVP digest routines
EVP_DigestSignInit — EVP signing functions
EVP_DigestVerifyInit — EVP signature verification functions
EVP_EncodeInit — EVP base 64 encode/decode routines
EVP_EncryptInit — EVP cipher routines
EVP_OpenInit — EVP envelope decryption
EVP_PKEY_cmp — public key parameter and comparison functions
EVP_PKEY_CTX_ctrl — algorithm specific control operations
EVP_PKEY_CTX_new — public key algorithm context functions.
EVP_PKEY_decrypt — decrypt using a public key algorithm
EVP_PKEY_derive — derive public key algorithm shared secret.
EVP_PKEY_encrypt — encrypt using a public key algorithm
EVP_PKEY_get_default_digest — get default signature digest
EVP_PKEY_keygen — key and parameter generation functions
EVP_PKEY_new — private key allocation functions.
EVP_PKEY_print_private — public key algorithm printing routines.
EVP_PKEY_set1_RSA — EVP_PKEY assignment functions.
EVP_PKEY_sign — sign using a public key algorithm
EVP_PKEY_verify — signature verification using a public key algorithm
EVP_PKEY_verify_recover — recover signature using a public key algorithm
EVP_SealInit — EVP envelope encryption
EVP_SignInit — EVP signing functions
EVP_VerifyInit — EVP signature verification functions
hmac — HMAC message authentication code
i2d_CMS_bio_stream — output CMS_ContentInfo structure in BER format.
i2d_PKCS7_bio_stream — output PKCS7 structure in BER format.
lhash — dynamic hash table
lh_stats — LHASH statistics
md5 — MD2, MD4, and MD5 hash functions
mdc2 — MDC2 hash function
OBJ_nid2obj — ASN1 object utility functions
OpenSSL_add_all_algorithms — add algorithms to internal table
OPENSSL_Applink — glue between OpenSSL BIO and Win32 compiler run-time
OPENSSL_config — simple OpenSSL configuration functions
OPENSSL_ia32cap — finding the IA-32 processor capabilities
OPENSSL_load_builtin_modules — add standard configuration modules
OPENSSL_VERSION_NUMBER — get OpenSSL version number
pem — PEM routines
PEM_write_bio_CMS_stream — output CMS_ContentInfo structure in PEM format.
PEM_write_bio_PKCS7_stream — output PKCS7 structure in PEM format.
PKCS12_create — create a PKCS#12 structure
PKCS12_parse — parse a PKCS#12 structure
PKCS7_decrypt — decrypt content from a PKCS#7 envelopedData structure
PKCS7_encrypt — create a PKCS#7 envelopedData structure
PKCS7_sign_add_signer — add a signer PKCS7 signed data structure.
PKCS7_sign — create a PKCS#7 signedData structure
PKCS7_verify — verify a PKCS#7 signedData structure
rand — pseudo-random number generator
RAND_add — add entropy to the PRNG
RAND_bytes — generate random data
RAND_cleanup — erase the PRNG state
RAND_egd — query entropy gathering daemon
RAND_load_file — PRNG seed file
RAND_set_rand_method — select RAND method
rc4 — RC4 encryption
ripemd — RIPEMD-160 hash function
rsa — RSA public key cryptosystem
RSA_blinding_on — protect the RSA operation from timing attacks
RSA_check_key — validate private RSA keys
RSA_generate_key — generate RSA key pair
RSA_get_ex_new_index — add application specific data to RSA structures
RSA_new — allocate and free RSA objects
RSA_padding_add_PKCS1_type_1 — asymmetric encryption padding
RSA_print — print cryptographic parameters
RSA_private_encrypt — low level signature operations
RSA_public_encrypt — RSA public key cryptography
RSA_set_method — select RSA method
RSA_sign_ASN1_OCTET_STRING — RSA signatures
RSA_sign — RSA signatures
RSA_size — get RSA modulus size
sha — Secure Hash Algorithm
SMIME_read_CMS — parse S/MIME message.
SMIME_read_PKCS7 — parse S/MIME message.
SMIME_write_CMS — convert CMS structure to S/MIME format.
SMIME_write_PKCS7 — convert PKCS#7 structure to S/MIME format.
threads — OpenSSL thread support
ui_compat — Compatibility user interface functions
ui — New User Interface
x509 — X.509 certificate handling
X509_NAME_add_entry_by_txt — X509_NAME modification functions
X509_NAME_ENTRY_get_object — X509_NAME_ENTRY utility functions
X509_NAME_get_index_by_NID — X509_NAME lookup and enumeration functions
X509_NAME_print_ex — X509_NAME printing routines.
X509_new — X509 certificate ASN1 allocation functions
X509_STORE_CTX_get_error — get or set certificate verification status information
X509_STORE_CTX_get_ex_new_index — add application specific data to X509_STORE_CTX structures
X509_STORE_CTX_new — X509_STORE_CTX initialisation
X509_STORE_CTX_set_verify_cb — set verification callback
X509_STORE_set_verify_cb_func — set verification callback
X509_verify_cert — discover and verify X509 certificte chain
X509_VERIFY_PARAM_set_flags — X509 verification parameters
173.3. SSL Functions
ssl — OpenSSL SSL/TLS library
d2i_SSL_SESSION — convert SSL_SESSION object from/to ASN1 representation
SSL_accept — wait for a TLS/SSL client to initiate a TLS/SSL handshake
SSL_alert_type_string — get textual description of alert information
SSL_CIPHER_get_name — get SSL_CIPHER properties
SSL_clear — reset SSL object to allow another connection
SSL_COMP_add_compression_method — handle SSL/TLS integrated compression methods
SSL_connect — initiate the TLS/SSL handshake with an TLS/SSL server
SSL_CTX_add_extra_chain_cert — add or clear extra chain certificates
SSL_CTX_add_session — manipulate session cache
SSL_CTX_ctrl — internal handling functions for SSL_CTX and SSL objects
SSL_CTX_flush_sessions — remove expired sessions
SSL_CTX_free — free an allocated SSL_CTX object
SSL_CTX_get_ex_new_index — internal application specific data functions
SSL_CTX_get_verify_mode — get currently set verification parameters
SSL_CTX_load_verify_locations — set default locations for trusted CA certificates
SSL_CTX_new — create a new SSL_CTX object as framework for TLS/SSL enabled functions
SSL_CTX_sessions — access internal session cache
SSL_CTX_sess_number — obtain session cache statistics
SSL_CTX_sess_set_cache_size — manipulate session cache size
SSL_CTX_sess_set_get_cb — provide callback functions for server side external session caching
SSL_CTX_set_cert_store — manipulate X509 certificate verification storage
SSL_CTX_set_cert_verify_callback — set peer certificate verification procedure
SSL_CTX_set_cipher_list — choose list of available SSL_CIPHERs
SSL_CTX_set_client_CA_list — set list of CAs sent to the client when requesting a client certificate
SSL_CTX_set_client_cert_cb — handle client certificate callback function
SSL_CTX_set_default_passwd_cb — set passwd callback for encrypted PEM file handling
SSL_CTX_set_generate_session_id — manipulate generation of SSL session IDs (server only)
SSL_CTX_set_info_callback — handle information callback for SSL connections
SSL_CTX_set_max_cert_list — manipulate allowed for the peer's certificate chain
SSL_CTX_set_mode — manipulate SSL engine mode
SSL_CTX_set_msg_callback — install callback for observing protocol messages
SSL_CTX_set_options — manipulate SSL options
SSL_CTX_set_psk_client_callback — set PSK client callback
SSL_CTX_set_quiet_shutdown — manipulate shutdown behaviour
SSL_CTX_set_read_ahead — manage whether to read as many input bytes as possible
SSL_CTX_set_session_cache_mode — enable/disable session caching
SSL_CTX_set_session_id_context — set context within which session can be reused (server side only)
SSL_CTX_set_ssl_version — choose a new TLS/SSL method
SSL_CTX_set_timeout — manipulate timeout values for session caching
SSL_CTX_set_tlsext_status_cb — OCSP Certificate Status Request functions
SSL_CTX_set_tmp_dh_callback — handle DH keys for ephemeral key exchange
SSL_CTX_set_tmp_rsa_callback — handle RSA keys for ephemeral key exchange
SSL_CTX_set_verify — set peer certificate verification parameters
SSL_CTX_use_certificate — load certificate and key data
SSL_CTX_use_psk_identity_hint — set PSK identity hint to use
SSL_do_handshake — perform a TLS/SSL handshake
SSL_free — free an allocated SSL structure
SSL_get_ciphers — get list of available SSL_CIPHERs
SSL_get_client_CA_list — get list of client CAs
SSL_get_current_cipher — get SSL_CIPHER of a connection
SSL_get_default_timeout — get default session timeout value
SSL_get_error — obtain result code for TLS/SSL I/O operation
SSL_get_ex_data_X509_STORE_CTX_idx — get ex_data index to access SSL structure from X509_STORE_CTX
SSL_get_ex_new_index — internal application specific data functions
SSL_get_fd — get file descriptor linked to an SSL object
SSL_get_peer_cert_chain — get the X509 certificate chain of the peer
SSL_get_peer_certificate — get the X509 certificate of the peer
SSL_get_psk_identity — get PSK client identity and hint
SSL_get_rbio — get BIO linked to an SSL object
SSL_get_session — retrieve TLS/SSL session data
SSL_get_SSL_CTX — get the SSL_CTX from which an SSL is created
SSL_get_verify_result — get result of peer certificate verification
SSL_get_version — get the protocol version of a connection.
SSL_library_init — initialize SSL library by registering algorithms
SSL_load_client_CA_file — load certificate names from file
SSL_new — create a new SSL structure for a connection
SSL_pending — obtain number of readable bytes buffered in an SSL object
SSL_read — read bytes from a TLS/SSL connection.
SSL_rstate_string — get textual description of state of an SSL object during read operation
SSL_SESSION_free — free an allocated SSL_SESSION structure
SSL_SESSION_get_ex_new_index — internal application specific data functions
SSL_SESSION_get_time — retrieve and manipulate session time and timeout settings
SSL_session_reused — query whether a reused session was negotiated during handshake
SSL_set_bio — connect the SSL object with a BIO
SSL_set_connect_state — prepare SSL object to work in client or server mode
SSL_set_fd — connect the SSL object with a file descriptor
SSL_set_session — set a TLS/SSL session to be used during TLS/SSL connect
SSL_set_shutdown — manipulate shutdown state of an SSL connection
SSL_set_verify_result — override result of peer certificate verification
SSL_shutdown — shut down a TLS/SSL connection
SSL_state_string — get textual description of state of an SSL object
SSL_want — obtain state information TLS/SSL I/O operation
SSL_write — write bytes to a TLS/SSL connection.

173.1. openssl Command Line Tool

173.2. Cryptographic functions

173.3. SSL Functions