Part XLIV. eCosPro-SecureSockets

[Important]Important

eCosPro-SecureSockets is an optional add-on package and may not be included in your release of eCosPro. If this package is not listed in either the graphical or command line eCos Configuration tool, please contact eCosCentric for availability and pricing.

Table of Contents

169. OpenSSL eCos Support
169.1. Introduction
169.1.1. Licensing, Copyrights and Patents
169.2. Configuration
169.2.1. Full Configuration
169.2.2. Default Configuration
169.2.3. Kernel Configuration
169.2.4. Serial Line Support
169.2.5. File System Dependencies
169.2.6. Configuring OpenSSL
169.3. openssl Command Tool
169.4. Thread Safety
169.5. eCos Customization
169.5.1. Random Number Support
169.5.2. BIO_diag
169.6. Tests
169.7. Limitations
170. OpenSSL Manual
170.1. openssl Command Line Tool
openssl — OpenSSL command line tool
asn1parse — ASN.1 parsing tool
ca — sample minimal CA application
ciphers — SSL cipher display and cipher list tool.
cms — CMS utility
crl — CRL utility
crl2pkcs7 — Create a PKCS#7 structure from a CRL and certificates.
dgst — message digests
dhparam — DH parameter manipulation and generation
dsa — DSA key processing
dsaparam — DSA parameter manipulation and generation
ec — EC key processing
ecparam — EC parameter manipulation and generation
enc — symmetric cipher routines
errstr — lookup error codes
gendsa — generate a DSA private key from a set of parameters
genpkey — generate a private key
genrsa — generate an RSA private key
nseq — create or examine a netscape certificate sequence
ocsp — Online Certificate Status Protocol utility
passwd — compute password hashes
pkcs12 — PKCS#12 file utility
pkcs7 — PKCS#7 utility
pkcs8 — PKCS#8 format private key conversion tool
pkey — public or private key processing tool
pkeyparam — public key algorithm parameter processing tool
pkeyutl — public key algorithm utility
rand — generate pseudo-random bytes
req — PKCS#10 certificate request and certificate generating utility.
rsa — RSA key processing tool
rsautl — RSA utility
s_client — SSL/TLS client program
s_server — SSL/TLS server program
s_time — SSL/TLS performance timing program
sess_id — SSL/TLS session handling utility
smime — S/MIME utility
speed — test library performance
spkac — SPKAC printing and generating utility
ts — Time Stamping Authority tool (client/server)
verify — Utility to verify certificates.
version — print OpenSSL version information
x509 — Certificate display and signing utility
config — OpenSSL CONF library configuration files
x509v3_config — X509 V3 certificate extension configuration format
170.2. Cryptographic functions
crypto — OpenSSL cryptographic library
ASN1_generate_nconf — ASN1 generation functions
ASN1_OBJECT_new — object allocation functions
ASN1_STRING_length — ASN1_STRING utility functions
ASN1_STRING_new — ASN1_STRING allocation functions
ASN1_STRING_print_ex — ASN1_STRING output routines.
bio — I/O abstraction
BIO_ctrl — BIO control operations
BIO_f_base64 — base64 BIO filter
BIO_f_buffer — buffering BIO
BIO_f_cipher — cipher BIO filter
BIO_find_type — BIO chain traversal
BIO_f_md — message digest BIO filter
BIO_f_null — null filter
BIO_f_ssl — SSL BIO
BIO_new_CMS — CMS streaming filter BIO
BIO_new — BIO allocation and freeing functions
BIO_push — add and remove BIOs from a chain.
BIO_read — BIO I/O functions
BIO_s_accept — accept BIO
BIO_s_bio — BIO pair BIO
BIO_s_connect — connect BIO
BIO_set_callback — BIO callback functions
BIO_s_fd — file descriptor BIO
BIO_s_file — FILE bio
BIO_should_retry — BIO retry functions
BIO_s_mem — memory BIO
BIO_s_null — null data sink
BIO_s_socket — socket BIO
blowfish — Blowfish encryption
bn — multiprecision integer arithmetics
bn_internal — BIGNUM library internal functions
BN_add — arithmetic operations on BIGNUMs
BN_add_word — arithmetic functions on BIGNUMs with integers
BN_BLINDING_new — blinding related BIGNUM functions.
BN_bn2bin — format conversions
BN_cmp — BIGNUM comparison and test functions
BN_copy — copy BIGNUMs
BN_CTX_new — allocate and free BN_CTX structures
BN_CTX_start — use temporary BIGNUM variables
BN_generate_prime — generate primes and test for primality
BN_mod_inverse — compute inverse modulo n
BN_mod_mul_montgomery — Montgomery multiplication
BN_mod_mul_reciprocal — modular multiplication using reciprocal
BN_new — allocate and free BIGNUMs
BN_num_bytes — get BIGNUM size
BN_rand — generate pseudo-random number
BN_set_bit — bit operations on BIGNUMs
BN_swap — exchange BIGNUMs
BN_zero — BIGNUM assignment operations
buffer — simple character array structure, with some standard C library equivalents
CMS_add0_cert — CMS certificate and CRL utility functions
CMS_add1_recipient_cert — add recipients to a CMS enveloped data structure
CMS_compress — create a CMS CompressedData structure
CMS_decrypt — decrypt content from a CMS envelopedData structure
CMS_encrypt — create a CMS envelopedData structure
CMS_final — finalise a CMS_ContentInfo structure
CMS_get0_RecipientInfos — CMS envelopedData RecipientInfo routines
CMS_get0_SignerInfos — CMS signedData signer functions.
CMS_get0_type — get and set CMS content types and content
CMS_get1_ReceiptRequest — CMS signed receipt request functions.
CMS_add1_signer — add a signer to a CMS_ContentInfo signed data structure.
CMS_sign — create a CMS SignedData structure
CMS_sign_receipt — create a CMS signed receipt
CMS_uncompress — uncompress a CMS CompressedData structure
CMS_verify — verify a CMS SignedData structure
CMS_verify_receipt — verify a CMS signed receipt
CONF_modules_free — OpenSSL configuration cleanup functions
CONF_modules_load_file — OpenSSL configuration functions
CRYPTO_set_ex_data — internal application specific data functions
d2i_ASN1_OBJECT — ASN1 OBJECT IDENTIFIER functions
d2i_CMS_ContentInfo — CMS ContentInfo functions
d2i_DHparams — PKCS#3 DH parameter functions.
d2i_DSAPublicKey — DSA key encoding and parsing functions.
d2i_ECPrivateKey — Encode and decode functions for saving and reading EC_KEY structures
d2i_PKCS8PrivateKey — PKCS#8 format private key functions
d2i_PrivateKey — decode and encode functions for reading and saving EVP_PKEY structures.
d2i_RSAPublicKey — RSA public and private key encoding functions.
d2i_X509_ALGOR — AlgorithmIdentifier functions.
d2i_X509_CRL — PKCS#10 certificate request functions.
d2i_X509_NAME — X509_NAME encoding functions
d2i_X509 — X509 encode and decode functions
d2i_X509_REQ — PKCS#10 certificate request functions.
d2i_X509_SIG — DigestInfo functions.
des — DES encryption
des_modes — the variants of DES and other crypto algorithms of OpenSSL
dh — Diffie-Hellman key agreement
DH_generate_key — perform Diffie-Hellman key exchange
DH_generate_parameters — generate and check Diffie-Hellman parameters
DH_get_ex_new_index — add application specific data to DH structures
DH_new — allocate and free DH objects
DH_set_method — select DH method
DH_size — get Diffie-Hellman prime size
dsa — Digital Signature Algorithm
DSA_do_sign — raw DSA signature operations
DSA_dup_DH — create a DH structure out of DSA structure
DSA_generate_key — generate DSA key pair
DSA_generate_parameters — generate DSA parameters
DSA_get_ex_new_index — add application specific data to DSA structures
DSA_new — allocate and free DSA objects
DSA_set_method — select DSA method
DSA_SIG_new — allocate and free DSA signature objects
DSA_sign — DSA signatures
DSA_size — get DSA signature size
ecdsa — Elliptic Curve Digital Signature Algorithm
engine — ENGINE cryptographic module support
err — error codes
ERR_clear_error — clear the error queue
ERR_error_string — obtain human-readable error message
ERR_get_error — obtain error code and data
ERR_GET_LIB — get library, function and reason code
ERR_load_crypto_strings — load and free error strings
ERR_load_strings — load arbitrary error strings
ERR_print_errors — print error messages
ERR_put_error — record an error
ERR_remove_state — free a thread's error queue
ERR_set_mark — set marks and pop errors until mark
evp — high-level cryptographic functions
EVP_BytesToKey — password based encryption routine
EVP_DigestInit — EVP digest routines
EVP_DigestSignInit — EVP signing functions
EVP_DigestVerifyInit — EVP signature verification functions
EVP_EncodeInit — EVP base 64 encode/decode routines
EVP_EncryptInit — EVP cipher routines
EVP_OpenInit — EVP envelope decryption
EVP_PKEY_cmp — public key parameter and comparison functions
EVP_PKEY_CTX_ctrl — algorithm specific control operations
EVP_PKEY_CTX_new — public key algorithm context functions.
EVP_PKEY_decrypt — decrypt using a public key algorithm
EVP_PKEY_derive — derive public key algorithm shared secret.
EVP_PKEY_encrypt — encrypt using a public key algorithm
EVP_PKEY_get_default_digest — get default signature digest
EVP_PKEY_keygen — key and parameter generation functions
EVP_PKEY_new — private key allocation functions.
EVP_PKEY_print_private — public key algorithm printing routines.
EVP_PKEY_set1_RSA — EVP_PKEY assignment functions.
EVP_PKEY_sign — sign using a public key algorithm
EVP_PKEY_verify — signature verification using a public key algorithm
EVP_PKEY_verify_recover — recover signature using a public key algorithm
EVP_SealInit — EVP envelope encryption
EVP_SignInit — EVP signing functions
EVP_VerifyInit — EVP signature verification functions
hmac — HMAC message authentication code
i2d_CMS_bio_stream — output CMS_ContentInfo structure in BER format.
i2d_PKCS7_bio_stream — output PKCS7 structure in BER format.
lhash — dynamic hash table
lh_stats — LHASH statistics
md5 — MD2, MD4, and MD5 hash functions
mdc2 — MDC2 hash function
OBJ_nid2obj — ASN1 object utility functions
OpenSSL_add_all_algorithms — add algorithms to internal table
OPENSSL_Applink — glue between OpenSSL BIO and Win32 compiler run-time
OPENSSL_config — simple OpenSSL configuration functions
OPENSSL_ia32cap — finding the IA-32 processor capabilities
OPENSSL_load_builtin_modules — add standard configuration modules
OPENSSL_VERSION_NUMBER — get OpenSSL version number
pem — PEM routines
PEM_write_bio_CMS_stream — output CMS_ContentInfo structure in PEM format.
PEM_write_bio_PKCS7_stream — output PKCS7 structure in PEM format.
PKCS12_create — create a PKCS#12 structure
PKCS12_parse — parse a PKCS#12 structure
PKCS7_decrypt — decrypt content from a PKCS#7 envelopedData structure
PKCS7_encrypt — create a PKCS#7 envelopedData structure
PKCS7_sign_add_signer — add a signer PKCS7 signed data structure.
PKCS7_sign — create a PKCS#7 signedData structure
PKCS7_verify — verify a PKCS#7 signedData structure
rand — pseudo-random number generator
RAND_add — add entropy to the PRNG
RAND_bytes — generate random data
RAND_cleanup — erase the PRNG state
RAND_egd — query entropy gathering daemon
RAND_load_file — PRNG seed file
RAND_set_rand_method — select RAND method
rc4 — RC4 encryption
ripemd — RIPEMD-160 hash function
rsa — RSA public key cryptosystem
RSA_blinding_on — protect the RSA operation from timing attacks
RSA_check_key — validate private RSA keys
RSA_generate_key — generate RSA key pair
RSA_get_ex_new_index — add application specific data to RSA structures
RSA_new — allocate and free RSA objects
RSA_padding_add_PKCS1_type_1 — asymmetric encryption padding
RSA_print — print cryptographic parameters
RSA_private_encrypt — low level signature operations
RSA_public_encrypt — RSA public key cryptography
RSA_set_method — select RSA method
RSA_sign_ASN1_OCTET_STRING — RSA signatures
RSA_sign — RSA signatures
RSA_size — get RSA modulus size
sha — Secure Hash Algorithm
SMIME_read_CMS — parse S/MIME message.
SMIME_read_PKCS7 — parse S/MIME message.
SMIME_write_CMS — convert CMS structure to S/MIME format.
SMIME_write_PKCS7 — convert PKCS#7 structure to S/MIME format.
threads — OpenSSL thread support
ui_compat — Compatibility user interface functions
ui — New User Interface
x509 — X.509 certificate handling
X509_NAME_add_entry_by_txt — X509_NAME modification functions
X509_NAME_ENTRY_get_object — X509_NAME_ENTRY utility functions
X509_NAME_get_index_by_NID — X509_NAME lookup and enumeration functions
X509_NAME_print_ex — X509_NAME printing routines.
X509_new — X509 certificate ASN1 allocation functions
X509_STORE_CTX_get_error — get or set certificate verification status information
X509_STORE_CTX_get_ex_new_index — add application specific data to X509_STORE_CTX structures
X509_STORE_CTX_new — X509_STORE_CTX initialisation
X509_STORE_CTX_set_verify_cb — set verification callback
X509_STORE_set_verify_cb_func — set verification callback
X509_verify_cert — discover and verify X509 certificte chain
X509_VERIFY_PARAM_set_flags — X509 verification parameters
170.3. SSL Functions
ssl — OpenSSL SSL/TLS library
d2i_SSL_SESSION — convert SSL_SESSION object from/to ASN1 representation
SSL_accept — wait for a TLS/SSL client to initiate a TLS/SSL handshake
SSL_alert_type_string — get textual description of alert information
SSL_CIPHER_get_name — get SSL_CIPHER properties
SSL_clear — reset SSL object to allow another connection
SSL_COMP_add_compression_method — handle SSL/TLS integrated compression methods
SSL_connect — initiate the TLS/SSL handshake with an TLS/SSL server
SSL_CTX_add_extra_chain_cert — add or clear extra chain certificates
SSL_CTX_add_session — manipulate session cache
SSL_CTX_ctrl — internal handling functions for SSL_CTX and SSL objects
SSL_CTX_flush_sessions — remove expired sessions
SSL_CTX_free — free an allocated SSL_CTX object
SSL_CTX_get_ex_new_index — internal application specific data functions
SSL_CTX_get_verify_mode — get currently set verification parameters
SSL_CTX_load_verify_locations — set default locations for trusted CA certificates
SSL_CTX_new — create a new SSL_CTX object as framework for TLS/SSL enabled functions
SSL_CTX_sessions — access internal session cache
SSL_CTX_sess_number — obtain session cache statistics
SSL_CTX_sess_set_cache_size — manipulate session cache size
SSL_CTX_sess_set_get_cb — provide callback functions for server side external session caching
SSL_CTX_set_cert_store — manipulate X509 certificate verification storage
SSL_CTX_set_cert_verify_callback — set peer certificate verification procedure
SSL_CTX_set_cipher_list — choose list of available SSL_CIPHERs
SSL_CTX_set_client_CA_list — set list of CAs sent to the client when requesting a client certificate
SSL_CTX_set_client_cert_cb — handle client certificate callback function
SSL_CTX_set_default_passwd_cb — set passwd callback for encrypted PEM file handling
SSL_CTX_set_generate_session_id — manipulate generation of SSL session IDs (server only)
SSL_CTX_set_info_callback — handle information callback for SSL connections
SSL_CTX_set_max_cert_list — manipulate allowed for the peer's certificate chain
SSL_CTX_set_mode — manipulate SSL engine mode
SSL_CTX_set_msg_callback — install callback for observing protocol messages
SSL_CTX_set_options — manipulate SSL options
SSL_CTX_set_psk_client_callback — set PSK client callback
SSL_CTX_set_quiet_shutdown — manipulate shutdown behaviour
SSL_CTX_set_read_ahead — manage whether to read as many input bytes as possible
SSL_CTX_set_session_cache_mode — enable/disable session caching
SSL_CTX_set_session_id_context — set context within which session can be reused (server side only)
SSL_CTX_set_ssl_version — choose a new TLS/SSL method
SSL_CTX_set_timeout — manipulate timeout values for session caching
SSL_CTX_set_tlsext_status_cb — OCSP Certificate Status Request functions
SSL_CTX_set_tmp_dh_callback — handle DH keys for ephemeral key exchange
SSL_CTX_set_tmp_rsa_callback — handle RSA keys for ephemeral key exchange
SSL_CTX_set_verify — set peer certificate verification parameters
SSL_CTX_use_certificate — load certificate and key data
SSL_CTX_use_psk_identity_hint — set PSK identity hint to use
SSL_do_handshake — perform a TLS/SSL handshake
SSL_free — free an allocated SSL structure
SSL_get_ciphers — get list of available SSL_CIPHERs
SSL_get_client_CA_list — get list of client CAs
SSL_get_current_cipher — get SSL_CIPHER of a connection
SSL_get_default_timeout — get default session timeout value
SSL_get_error — obtain result code for TLS/SSL I/O operation
SSL_get_ex_data_X509_STORE_CTX_idx — get ex_data index to access SSL structure from X509_STORE_CTX
SSL_get_ex_new_index — internal application specific data functions
SSL_get_fd — get file descriptor linked to an SSL object
SSL_get_peer_cert_chain — get the X509 certificate chain of the peer
SSL_get_peer_certificate — get the X509 certificate of the peer
SSL_get_psk_identity — get PSK client identity and hint
SSL_get_rbio — get BIO linked to an SSL object
SSL_get_session — retrieve TLS/SSL session data
SSL_get_SSL_CTX — get the SSL_CTX from which an SSL is created
SSL_get_verify_result — get result of peer certificate verification
SSL_get_version — get the protocol version of a connection.
SSL_library_init — initialize SSL library by registering algorithms
SSL_load_client_CA_file — load certificate names from file
SSL_new — create a new SSL structure for a connection
SSL_pending — obtain number of readable bytes buffered in an SSL object
SSL_read — read bytes from a TLS/SSL connection.
SSL_rstate_string — get textual description of state of an SSL object during read operation
SSL_SESSION_free — free an allocated SSL_SESSION structure
SSL_SESSION_get_ex_new_index — internal application specific data functions
SSL_SESSION_get_time — retrieve and manipulate session time and timeout settings
SSL_session_reused — query whether a reused session was negotiated during handshake
SSL_set_bio — connect the SSL object with a BIO
SSL_set_connect_state — prepare SSL object to work in client or server mode
SSL_set_fd — connect the SSL object with a file descriptor
SSL_set_session — set a TLS/SSL session to be used during TLS/SSL connect
SSL_set_shutdown — manipulate shutdown state of an SSL connection
SSL_set_verify_result — override result of peer certificate verification
SSL_shutdown — shut down a TLS/SSL connection
SSL_state_string — get textual description of state of an SSL object
SSL_want — obtain state information TLS/SSL I/O operation
SSL_write — write bytes to a TLS/SSL connection.