Part XLVII. eCosPro-SecureSockets

Table of Contents

178. OpenSSL eCos Support

178.1. Introduction

178.1.1. Licensing, Copyrights and Patents

178.2. Configuration

178.2.1. Full Configuration

178.2.2. Default Configuration

178.2.3. Kernel Configuration

178.2.4. Serial Line Support

178.2.5. File System Dependencies

178.2.6. Configuring OpenSSL

178.3. openssl Command Tool

178.4. Thread Safety

178.5. eCos Customization

178.5.1. Random Number Support

178.5.2. BIO_diag

178.6. Tests

178.7. Limitations

179. OpenSSL Manual

179.1. openssl Command Line Tool

openssl — OpenSSL command line tool

asn1parse — ASN.1 parsing tool

ca — sample minimal CA application

ciphers — SSL cipher display and cipher list tool.

cms — CMS utility

crl — CRL utility

crl2pkcs7 — Create a PKCS#7 structure from a CRL and certificates.

dgst — message digests

dhparam — DH parameter manipulation and generation

dsa — DSA key processing

dsaparam — DSA parameter manipulation and generation

ec — EC key processing

ecparam — EC parameter manipulation and generation

enc — symmetric cipher routines

errstr — lookup error codes

gendsa — generate a DSA private key from a set of parameters

genpkey — generate a private key

genrsa — generate an RSA private key

nseq — create or examine a netscape certificate sequence

ocsp — Online Certificate Status Protocol utility

passwd — compute password hashes

pkcs12 — PKCS#12 file utility

pkcs7 — PKCS#7 utility

pkcs8 — PKCS#8 format private key conversion tool

pkey — public or private key processing tool

pkeyparam — public key algorithm parameter processing tool

pkeyutl — public key algorithm utility

rand — generate pseudo-random bytes

req — PKCS#10 certificate request and certificate generating utility.

rsa — RSA key processing tool

rsautl — RSA utility

s_client — SSL/TLS client program

s_server — SSL/TLS server program

s_time — SSL/TLS performance timing program

sess_id — SSL/TLS session handling utility

smime — S/MIME utility

speed — test library performance

spkac — SPKAC printing and generating utility

ts — Time Stamping Authority tool (client/server)

verify — Utility to verify certificates.

version — print OpenSSL version information

x509 — Certificate display and signing utility

config — OpenSSL CONF library configuration files

x509v3_config — X509 V3 certificate extension configuration format

179.2. Cryptographic functions

crypto — OpenSSL cryptographic library

ASN1_generate_nconf — ASN1 generation functions

ASN1_OBJECT_new — object allocation functions

ASN1_STRING_length — ASN1_STRING utility functions

ASN1_STRING_new — ASN1_STRING allocation functions

ASN1_STRING_print_ex — ASN1_STRING output routines.

bio — I/O abstraction

BIO_ctrl — BIO control operations

BIO_f_base64 — base64 BIO filter

BIO_f_buffer — buffering BIO

BIO_f_cipher — cipher BIO filter

BIO_find_type — BIO chain traversal

BIO_f_md — message digest BIO filter

BIO_f_null — null filter

BIO_f_ssl — SSL BIO

BIO_new_CMS — CMS streaming filter BIO

BIO_new — BIO allocation and freeing functions

BIO_push — add and remove BIOs from a chain.

BIO_read — BIO I/O functions

BIO_s_accept — accept BIO

BIO_s_bio — BIO pair BIO

BIO_s_connect — connect BIO

BIO_set_callback — BIO callback functions

BIO_s_fd — file descriptor BIO

BIO_s_file — FILE bio

BIO_should_retry — BIO retry functions

BIO_s_mem — memory BIO

BIO_s_null — null data sink

BIO_s_socket — socket BIO

blowfish — Blowfish encryption

bn — multiprecision integer arithmetics

bn_internal — BIGNUM library internal functions

BN_add — arithmetic operations on BIGNUMs

BN_add_word — arithmetic functions on BIGNUMs with integers

BN_BLINDING_new — blinding related BIGNUM functions.

BN_bn2bin — format conversions

BN_cmp — BIGNUM comparison and test functions

BN_copy — copy BIGNUMs

BN_CTX_new — allocate and free BN_CTX structures

BN_CTX_start — use temporary BIGNUM variables

BN_generate_prime — generate primes and test for primality

BN_mod_inverse — compute inverse modulo n

BN_mod_mul_montgomery — Montgomery multiplication

BN_mod_mul_reciprocal — modular multiplication using reciprocal

BN_new — allocate and free BIGNUMs

BN_num_bytes — get BIGNUM size

BN_rand — generate pseudo-random number

BN_set_bit — bit operations on BIGNUMs

BN_swap — exchange BIGNUMs

BN_zero — BIGNUM assignment operations

buffer — simple character array structure, with some standard C library equivalents

CMS_add0_cert — CMS certificate and CRL utility functions

CMS_add1_recipient_cert — add recipients to a CMS enveloped data structure

CMS_compress — create a CMS CompressedData structure

CMS_decrypt — decrypt content from a CMS envelopedData structure

CMS_encrypt — create a CMS envelopedData structure

CMS_final — finalise a CMS_ContentInfo structure

CMS_get0_RecipientInfos — CMS envelopedData RecipientInfo routines

CMS_get0_SignerInfos — CMS signedData signer functions.

CMS_get0_type — get and set CMS content types and content

CMS_get1_ReceiptRequest — CMS signed receipt request functions.

CMS_add1_signer — add a signer to a CMS_ContentInfo signed data structure.

CMS_sign — create a CMS SignedData structure

CMS_sign_receipt — create a CMS signed receipt

CMS_uncompress — uncompress a CMS CompressedData structure

CMS_verify — verify a CMS SignedData structure

CMS_verify_receipt — verify a CMS signed receipt

CONF_modules_free — OpenSSL configuration cleanup functions

CONF_modules_load_file — OpenSSL configuration functions

CRYPTO_set_ex_data — internal application specific data functions

d2i_ASN1_OBJECT — ASN1 OBJECT IDENTIFIER functions

d2i_CMS_ContentInfo — CMS ContentInfo functions

d2i_DHparams — PKCS#3 DH parameter functions.

d2i_DSAPublicKey — DSA key encoding and parsing functions.

d2i_ECPrivateKey — Encode and decode functions for saving and reading EC_KEY structures

d2i_PKCS8PrivateKey — PKCS#8 format private key functions

d2i_PrivateKey — decode and encode functions for reading and saving EVP_PKEY structures.

d2i_RSAPublicKey — RSA public and private key encoding functions.

d2i_X509_ALGOR — AlgorithmIdentifier functions.

d2i_X509_CRL — PKCS#10 certificate request functions.

d2i_X509_NAME — X509_NAME encoding functions

d2i_X509 — X509 encode and decode functions

d2i_X509_REQ — PKCS#10 certificate request functions.

d2i_X509_SIG — DigestInfo functions.

des — DES encryption

des_modes — the variants of DES and other crypto algorithms of OpenSSL

dh — Diffie-Hellman key agreement

DH_generate_key — perform Diffie-Hellman key exchange

DH_generate_parameters — generate and check Diffie-Hellman parameters

DH_get_ex_new_index — add application specific data to DH structures

DH_new — allocate and free DH objects

DH_set_method — select DH method

DH_size — get Diffie-Hellman prime size

dsa — Digital Signature Algorithm

DSA_do_sign — raw DSA signature operations

DSA_dup_DH — create a DH structure out of DSA structure

DSA_generate_key — generate DSA key pair

DSA_generate_parameters — generate DSA parameters

DSA_get_ex_new_index — add application specific data to DSA structures

DSA_new — allocate and free DSA objects

DSA_set_method — select DSA method

DSA_SIG_new — allocate and free DSA signature objects

DSA_sign — DSA signatures

DSA_size — get DSA signature size

ecdsa — Elliptic Curve Digital Signature Algorithm

engine — ENGINE cryptographic module support

err — error codes

ERR_clear_error — clear the error queue

ERR_error_string — obtain human-readable error message

ERR_get_error — obtain error code and data

ERR_GET_LIB — get library, function and reason code

ERR_load_crypto_strings — load and free error strings

ERR_load_strings — load arbitrary error strings

ERR_print_errors — print error messages

ERR_put_error — record an error

ERR_remove_state — free a thread's error queue

ERR_set_mark — set marks and pop errors until mark

evp — high-level cryptographic functions

EVP_BytesToKey — password based encryption routine

EVP_DigestInit — EVP digest routines

EVP_DigestSignInit — EVP signing functions

EVP_DigestVerifyInit — EVP signature verification functions

EVP_EncodeInit — EVP base 64 encode/decode routines

EVP_EncryptInit — EVP cipher routines

EVP_OpenInit — EVP envelope decryption

EVP_PKEY_cmp — public key parameter and comparison functions

EVP_PKEY_CTX_ctrl — algorithm specific control operations

EVP_PKEY_CTX_new — public key algorithm context functions.

EVP_PKEY_decrypt — decrypt using a public key algorithm

EVP_PKEY_derive — derive public key algorithm shared secret.

EVP_PKEY_encrypt — encrypt using a public key algorithm

EVP_PKEY_get_default_digest — get default signature digest

EVP_PKEY_keygen — key and parameter generation functions

EVP_PKEY_new — private key allocation functions.

EVP_PKEY_print_private — public key algorithm printing routines.

EVP_PKEY_set1_RSA — EVP_PKEY assignment functions.

EVP_PKEY_sign — sign using a public key algorithm

EVP_PKEY_verify — signature verification using a public key algorithm

EVP_PKEY_verify_recover — recover signature using a public key algorithm

EVP_SealInit — EVP envelope encryption

EVP_SignInit — EVP signing functions

EVP_VerifyInit — EVP signature verification functions

hmac — HMAC message authentication code

i2d_CMS_bio_stream — output CMS_ContentInfo structure in BER format.

i2d_PKCS7_bio_stream — output PKCS7 structure in BER format.

lhash — dynamic hash table

lh_stats — LHASH statistics

md5 — MD2, MD4, and MD5 hash functions

mdc2 — MDC2 hash function

OBJ_nid2obj — ASN1 object utility functions

OpenSSL_add_all_algorithms — add algorithms to internal table

OPENSSL_Applink — glue between OpenSSL BIO and Win32 compiler run-time

OPENSSL_config — simple OpenSSL configuration functions

OPENSSL_ia32cap — finding the IA-32 processor capabilities

OPENSSL_load_builtin_modules — add standard configuration modules

OPENSSL_VERSION_NUMBER — get OpenSSL version number

pem — PEM routines

PEM_write_bio_CMS_stream — output CMS_ContentInfo structure in PEM format.

PEM_write_bio_PKCS7_stream — output PKCS7 structure in PEM format.

PKCS12_create — create a PKCS#12 structure

PKCS12_parse — parse a PKCS#12 structure

PKCS7_decrypt — decrypt content from a PKCS#7 envelopedData structure

PKCS7_encrypt — create a PKCS#7 envelopedData structure

PKCS7_sign_add_signer — add a signer PKCS7 signed data structure.

PKCS7_sign — create a PKCS#7 signedData structure

PKCS7_verify — verify a PKCS#7 signedData structure

rand — pseudo-random number generator

RAND_add — add entropy to the PRNG

RAND_bytes — generate random data

RAND_cleanup — erase the PRNG state

RAND_egd — query entropy gathering daemon

RAND_load_file — PRNG seed file

RAND_set_rand_method — select RAND method

rc4 — RC4 encryption

ripemd — RIPEMD-160 hash function

rsa — RSA public key cryptosystem

RSA_blinding_on — protect the RSA operation from timing attacks

RSA_check_key — validate private RSA keys

RSA_generate_key — generate RSA key pair

RSA_get_ex_new_index — add application specific data to RSA structures

RSA_new — allocate and free RSA objects

RSA_padding_add_PKCS1_type_1 — asymmetric encryption padding

RSA_print — print cryptographic parameters

RSA_private_encrypt — low level signature operations

RSA_public_encrypt — RSA public key cryptography

RSA_set_method — select RSA method

RSA_sign_ASN1_OCTET_STRING — RSA signatures

RSA_sign — RSA signatures

RSA_size — get RSA modulus size

sha — Secure Hash Algorithm

SMIME_read_CMS — parse S/MIME message.

SMIME_read_PKCS7 — parse S/MIME message.

SMIME_write_CMS — convert CMS structure to S/MIME format.

SMIME_write_PKCS7 — convert PKCS#7 structure to S/MIME format.

threads — OpenSSL thread support

ui_compat — Compatibility user interface functions

ui — New User Interface

x509 — X.509 certificate handling

X509_NAME_add_entry_by_txt — X509_NAME modification functions

X509_NAME_ENTRY_get_object — X509_NAME_ENTRY utility functions

X509_NAME_get_index_by_NID — X509_NAME lookup and enumeration functions

X509_NAME_print_ex — X509_NAME printing routines.

X509_new — X509 certificate ASN1 allocation functions

X509_STORE_CTX_get_error — get or set certificate verification status information

X509_STORE_CTX_get_ex_new_index — add application specific data to X509_STORE_CTX structures

X509_STORE_CTX_new — X509_STORE_CTX initialisation

X509_STORE_CTX_set_verify_cb — set verification callback

X509_STORE_set_verify_cb_func — set verification callback

X509_verify_cert — discover and verify X509 certificte chain

X509_VERIFY_PARAM_set_flags — X509 verification parameters

179.3. SSL Functions

ssl — OpenSSL SSL/TLS library

d2i_SSL_SESSION — convert SSL_SESSION object from/to ASN1 representation

SSL_accept — wait for a TLS/SSL client to initiate a TLS/SSL handshake

SSL_alert_type_string — get textual description of alert information

SSL_CIPHER_get_name — get SSL_CIPHER properties

SSL_clear — reset SSL object to allow another connection

SSL_COMP_add_compression_method — handle SSL/TLS integrated compression methods

SSL_connect — initiate the TLS/SSL handshake with an TLS/SSL server

SSL_CTX_add_extra_chain_cert — add or clear extra chain certificates

SSL_CTX_add_session — manipulate session cache

SSL_CTX_ctrl — internal handling functions for SSL_CTX and SSL objects

SSL_CTX_flush_sessions — remove expired sessions

SSL_CTX_free — free an allocated SSL_CTX object

SSL_CTX_get_ex_new_index — internal application specific data functions

SSL_CTX_get_verify_mode — get currently set verification parameters

SSL_CTX_load_verify_locations — set default locations for trusted CA certificates

SSL_CTX_new — create a new SSL_CTX object as framework for TLS/SSL enabled functions

SSL_CTX_sessions — access internal session cache

SSL_CTX_sess_number — obtain session cache statistics

SSL_CTX_sess_set_cache_size — manipulate session cache size

SSL_CTX_sess_set_get_cb — provide callback functions for server side external session caching

SSL_CTX_set_cert_store — manipulate X509 certificate verification storage

SSL_CTX_set_cert_verify_callback — set peer certificate verification procedure

SSL_CTX_set_cipher_list — choose list of available SSL_CIPHERs

SSL_CTX_set_client_CA_list — set list of CAs sent to the client when requesting a client certificate

SSL_CTX_set_client_cert_cb — handle client certificate callback function

SSL_CTX_set_default_passwd_cb — set passwd callback for encrypted PEM file handling

SSL_CTX_set_generate_session_id — manipulate generation of SSL session IDs (server only)

SSL_CTX_set_info_callback — handle information callback for SSL connections

SSL_CTX_set_max_cert_list — manipulate allowed for the peer's certificate chain

SSL_CTX_set_mode — manipulate SSL engine mode

SSL_CTX_set_msg_callback — install callback for observing protocol messages

SSL_CTX_set_options — manipulate SSL options

SSL_CTX_set_psk_client_callback — set PSK client callback

SSL_CTX_set_quiet_shutdown — manipulate shutdown behaviour

SSL_CTX_set_read_ahead — manage whether to read as many input bytes as possible

SSL_CTX_set_session_cache_mode — enable/disable session caching

SSL_CTX_set_session_id_context — set context within which session can be reused (server side only)

SSL_CTX_set_ssl_version — choose a new TLS/SSL method

SSL_CTX_set_timeout — manipulate timeout values for session caching

SSL_CTX_set_tlsext_status_cb — OCSP Certificate Status Request functions

SSL_CTX_set_tmp_dh_callback — handle DH keys for ephemeral key exchange

SSL_CTX_set_tmp_rsa_callback — handle RSA keys for ephemeral key exchange

SSL_CTX_set_verify — set peer certificate verification parameters

SSL_CTX_use_certificate — load certificate and key data

SSL_CTX_use_psk_identity_hint — set PSK identity hint to use

SSL_do_handshake — perform a TLS/SSL handshake

SSL_free — free an allocated SSL structure

SSL_get_ciphers — get list of available SSL_CIPHERs

SSL_get_client_CA_list — get list of client CAs

SSL_get_current_cipher — get SSL_CIPHER of a connection

SSL_get_default_timeout — get default session timeout value

SSL_get_error — obtain result code for TLS/SSL I/O operation

SSL_get_ex_data_X509_STORE_CTX_idx — get ex_data index to access SSL structure from X509_STORE_CTX

SSL_get_ex_new_index — internal application specific data functions

SSL_get_fd — get file descriptor linked to an SSL object

SSL_get_peer_cert_chain — get the X509 certificate chain of the peer

SSL_get_peer_certificate — get the X509 certificate of the peer

SSL_get_psk_identity — get PSK client identity and hint

SSL_get_rbio — get BIO linked to an SSL object

SSL_get_session — retrieve TLS/SSL session data

SSL_get_SSL_CTX — get the SSL_CTX from which an SSL is created

SSL_get_verify_result — get result of peer certificate verification

SSL_get_version — get the protocol version of a connection.

SSL_library_init — initialize SSL library by registering algorithms

SSL_load_client_CA_file — load certificate names from file

SSL_new — create a new SSL structure for a connection

SSL_pending — obtain number of readable bytes buffered in an SSL object

SSL_read — read bytes from a TLS/SSL connection.

SSL_rstate_string — get textual description of state of an SSL object during read operation

SSL_SESSION_free — free an allocated SSL_SESSION structure

SSL_SESSION_get_ex_new_index — internal application specific data functions

SSL_SESSION_get_time — retrieve and manipulate session time and timeout settings

SSL_session_reused — query whether a reused session was negotiated during handshake

SSL_set_bio — connect the SSL object with a BIO

SSL_set_connect_state — prepare SSL object to work in client or server mode

SSL_set_fd — connect the SSL object with a file descriptor

SSL_set_session — set a TLS/SSL session to be used during TLS/SSL connect

SSL_set_shutdown — manipulate shutdown state of an SSL connection

SSL_set_verify_result — override result of peer certificate verification

SSL_shutdown — shut down a TLS/SSL connection

SSL_state_string — get textual description of state of an SSL object

SSL_want — obtain state information TLS/SSL I/O operation

SSL_write — write bytes to a TLS/SSL connection.