https://wiki.openssl.org/api.php?action=feedcontributions&user=Bernardh&feedformat=atomOpenSSLWiki - User contributions [en]2024-03-29T09:25:00ZUser contributionsMediaWiki 1.35.6https://wiki.openssl.org/index.php?title=Command_Line_Utilities&diff=2189Command Line Utilities2015-04-03T07:38:11Z<p>Bernardh: /* DER PEM conversion */</p>
<hr />
<div>[http://www.openssl.org/docs/apps/openssl.html OpenSSL site command line tools]<br />
<br />
=== Getting started with your openssl toolkit ===<br />
<br />
The openssl binary (usually /usr/bin/openssl on linux) is an entry point for many functions. You call it following the pattern<br />
<pre><br />
$ openssl command [ command_opts ] [ command_args ] <br />
</pre><br />
<br />
Alternatively you can call it without arguments to enter the interactive mode with an 'OpenSSL>' prompt. Then you can directly type your commands. You can leave the interactive mode with Ctrl+C or Ctrl+D or by typing 'quit':<br />
<pre><br />
OpenSSL> quit<br />
</pre><br />
<br />
There are three different kinds of commands. These are [[standard commands]], [[cipher commands]], and [[message-digest commands]]. In the following an overview over some commands is given. These are grouped by purpose and not necessarily by the classification just mentioned.<br />
<br />
=== Learn about your installation ===<br />
<br />
==== List commands by type ====<br />
<br />
You can get a list of available commands by calling<br />
<br />
<pre><br />
$ openssl list-standard-commands<br />
$ openssl list-cipher-commands<br />
$ openssl list-message-digest-commands<br />
</pre><br />
<br />
==== version ====<br />
<br />
OpenSSL> version<br />
OpenSSL 1.0.1e 11 Feb 2013<br />
<br />
==== ciphers ====<br />
<br />
returns SSL/TLS ciphers supported.<br />
<br />
<code><br />
OpenSSL> ciphers<br />
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5<br />
</code><br />
<br />
openssl list-cipher-algorithms<br />
<br />
openssl list-public-key-algorithms<br />
<pre><br />
Name: OpenSSL RSA method<br />
Type: Builtin Algorithm<br />
OID: rsaEncryption<br />
PEM string: RSA<br />
Name: rsa<br />
Type: Alias to rsaEncryption<br />
Name: OpenSSL PKCS#3 DH method<br />
Type: Builtin Algorithm<br />
OID: dhKeyAgreement<br />
PEM string: DH<br />
Name: dsaWithSHA<br />
Type: Alias to dsaEncryption<br />
Name: dsaEncryption-old<br />
Type: Alias to dsaEncryption<br />
Name: dsaWithSHA1-old<br />
Type: Alias to dsaEncryption<br />
Name: dsaWithSHA1<br />
Type: Alias to dsaEncryption<br />
Name: OpenSSL DSA method<br />
Type: Builtin Algorithm<br />
OID: dsaEncryption<br />
PEM string: DSA<br />
Name: OpenSSL EC algorithm<br />
Type: Builtin Algorithm<br />
OID: id-ecPublicKey<br />
PEM string: EC<br />
Name: OpenSSL HMAC method<br />
Type: Builtin Algorithm<br />
OID: hmac<br />
PEM string: HMAC<br />
Name: OpenSSL CMAC method<br />
Type: Builtin Algorithm<br />
OID: cmac<br />
PEM string: CMAC<br />
</pre><br />
<br />
==== engine ====<br />
<br />
OpenSSL> engine<br />
(rsax) RSAX engine support<br />
(dynamic) Dynamic engine loading support<br />
<br />
==== speed ====<br />
<br />
returns informations of toolkit performance on cryptographic functions computations.<br />
<br />
( Ex: on Linux 3.1.0-1-amd64 #1 SMP x86_64 GNU/Linux, HP dv7 i7 4Gb )<br />
<br />
<pre><br />
$ openssl speed<br />
Doing md4 for 3s on 16 size blocks: 12430613 md4's in 3.00s<br />
...<br />
Doing md5 for 3s on 16 size blocks: 8943943 md5's in 2.99s<br />
Doing md5 for 3s on 64 size blocks: 6560162 md5's in 3.00s<br />
Doing md5 for 3s on 256 size blocks: 3674563 md5's in 3.00s<br />
Doing md5 for 3s on 1024 size blocks: 1325803 md5's in 3.00s<br />
Doing md5 for 3s on 8192 size blocks: 190271 md5's in 3.00s<br />
Doing hmac(md5) for 3s on 16 size blocks: 7289025 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 64 size blocks: 5519732 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 256 size blocks: 3319123 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 1024 size blocks: 1275475 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 8192 size blocks: 187134 hmac(md5)'s in 3.00s<br />
Doing sha1 for 3s on 16 size blocks: 10089842 sha1's in 2.99s<br />
Doing sha1 for 3s on 64 size blocks: 7033355 sha1's in 3.00s<br />
Doing sha1 for 3s on 256 size blocks: 3919372 sha1's in 3.00s<br />
Doing sha1 for 3s on 1024 size blocks: 1374314 sha1's in 3.00s<br />
Doing sha1 for 3s on 8192 size blocks: 198808 sha1's in 3.00s<br />
Doing sha256 for 3s on 16 size blocks: 6462822 sha256's in 3.00s<br />
Doing sha256 for 3s on 64 size blocks: 3504641 sha256's in 3.00s<br />
Doing sha256 for 3s on 256 size blocks: 1486771 sha256's in 3.00s<br />
Doing sha256 for 3s on 1024 size blocks: 440613 sha256's in 3.00s<br />
Doing sha256 for 3s on 8192 size blocks: 58418 sha256's in 3.00s<br />
Doing sha512 for 3s on 16 size blocks: 5040453 sha512's in 2.99s<br />
Doing sha512 for 3s on 64 size blocks: 5089425 sha512's in 3.00s<br />
Doing sha512 for 3s on 256 size blocks: 1865240 sha512's in 3.00s<br />
Doing sha512 for 3s on 1024 size blocks: 643708 sha512's in 3.00s<br />
Doing sha512 for 3s on 8192 size blocks: 90615 sha512's in 3.00s<br />
...<br />
Doing whirlpool for 3s on 8192 size blocks: 33204 whirlpool's in 3.00s<br />
...<br />
Doing rmd160 for 3s on 8192 size blocks: 66719 rmd160's in 3.00s<br />
...<br />
Doing rc4 for 3s on 8192 size blocks: 238972 rc4's in 3.00s<br />
...<br />
Doing des cbc for 3s on 8192 size blocks: 19837 des cbc's in 3.00s<br />
...<br />
Doing des ede3 for 3s on 8192 size blocks: 7706 des ede3's in 3.00s<br />
...<br />
Doing aes-128 cbc for 3s on 8192 size blocks: 35217 aes-128 cbc's in 3.00s<br />
...<br />
Doing aes-192 cbc for 3s on 8192 size blocks: 29225 aes-192 cbc's in 3.01s<br />
...<br />
Doing aes-256 cbc for 3s on 8192 size blocks: 24414 aes-256 cbc's in 3.00s<br />
...<br />
Doing aes-256 ige for 3s on 8192 size blocks: 23331 aes-256 ige's in 2.99s<br />
...<br />
</pre><br />
<br />
=== Basic encryption ===<br />
<br />
The command for symmetric encryption/decryption operations is [[enc|openssl enc]].<br />
<br />
For public key asymmetric encryption/decryption/sign/verify operations, use [[pkeyutl]] or the older RSA-specific [[rsautl]].<br />
<br />
==== Basic file ====<br />
<br />
to cipher a file or data to protect and share it protected by a shared key.<br />
<br />
symmetric cipher :<br />
[[AES]] [[Blowfish]] [[RC4]] [[3DES]] [[RC2]] [[DES]] [[CAST5]] [[SEED]]<br />
<br />
block to stream conversion :<br />
[[ECB]] [[CBC]] [[OFB]] [[CFB]] [[CTR]] [[XTS]] [[GCM]]<br />
<br />
compression :<br />
[[ZLIB]]<br />
<br />
<pre><br />
Cipher commands (see the `enc' command for more details)<br />
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb <br />
aes-256-cbc aes-256-ecb base64 bf <br />
bf-cbc bf-cfb bf-ecb bf-ofb <br />
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb <br />
camellia-256-cbc camellia-256-ecb cast cast-cbc <br />
cast5-cbc cast5-cfb cast5-ecb cast5-ofb <br />
des des-cbc des-cfb des-ecb <br />
des-ede des-ede-cbc des-ede-cfb des-ede-ofb <br />
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb <br />
des-ofb des3 desx rc2 <br />
rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb <br />
rc2-ecb rc2-ofb rc4 rc4-40 <br />
seed seed-cbc seed-cfb seed-ecb <br />
seed-ofb zlib<br />
</pre><br />
<br />
<pre><br />
openssl enc --help<br />
unknown option '--help'<br />
options are<br />
-in <file> input file<br />
-out <file> output file<br />
-pass <arg> pass phrase source<br />
-e encrypt<br />
-d decrypt<br />
-a/-base64 base64 encode/decode, depending on encryption flag<br />
-k passphrase is the next argument<br />
-kfile passphrase is the first line of the file argument<br />
-md the next argument is the md to use to create a key<br />
from a passphrase. One of md2, md5, sha or sha1<br />
-S salt in hex is the next argument<br />
-K/-iv key/iv in hex is the next argument<br />
-[pP] print the iv/key (then exit if -P)<br />
-bufsize <n> buffer size<br />
-nopad disable standard block padding<br />
-engine e use engine e, possibly a hardware device.<br />
Cipher Types<br />
-aes-128-cbc -aes-128-cfb -aes-128-cfb1 <br />
-aes-128-cfb8 -aes-128-ctr -aes-128-ecb <br />
-aes-128-gcm -aes-128-ofb -aes-128-xts <br />
-aes-192-cbc -aes-192-cfb -aes-192-cfb1 <br />
-aes-192-cfb8 -aes-192-ctr -aes-192-ecb <br />
-aes-192-gcm -aes-192-ofb -aes-256-cbc <br />
-aes-256-cfb -aes-256-cfb1 -aes-256-cfb8 <br />
-aes-256-ctr -aes-256-ecb -aes-256-gcm <br />
-aes-256-ofb -aes-256-xts -aes128 <br />
-aes192 -aes256 -bf <br />
-bf-cbc -bf-cfb -bf-ecb <br />
-bf-ofb -blowfish -camellia-128-cbc <br />
-camellia-128-cfb -camellia-128-cfb1 -camellia-128-cfb8 <br />
-camellia-128-ecb -camellia-128-ofb -camellia-192-cbc <br />
-camellia-192-cfb -camellia-192-cfb1 -camellia-192-cfb8 <br />
-camellia-192-ecb -camellia-192-ofb -camellia-256-cbc <br />
-camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8 <br />
-camellia-256-ecb -camellia-256-ofb -camellia128 <br />
-camellia192 -camellia256 -cast <br />
-cast-cbc -cast5-cbc -cast5-cfb <br />
-cast5-ecb -cast5-ofb -des <br />
-des-cbc -des-cfb -des-cfb1 <br />
-des-cfb8 -des-ecb -des-ede <br />
-des-ede-cbc -des-ede-cfb -des-ede-ofb <br />
-des-ede3 -des-ede3-cbc -des-ede3-cfb <br />
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ofb <br />
-des-ofb -des3 -desx <br />
-desx-cbc -id-aes128-GCM -id-aes192-GCM <br />
-id-aes256-GCM -rc2 -rc2-40-cbc <br />
-rc2-64-cbc -rc2-cbc -rc2-cfb <br />
-rc2-ecb -rc2-ofb -rc4 <br />
-rc4-40 -rc4-hmac-md5 -seed <br />
-seed-cbc -seed-cfb -seed-ecb <br />
-seed-ofb <br />
</pre><br />
<br />
==== Mail / SMIME ====<br />
<br />
===== smime v2 pkcs7 1.5 =====<br />
<br />
<pre><br />
openssl smime --help<br />
Usage smime [options] cert.pem ...<br />
where options are<br />
-encrypt encrypt message<br />
-decrypt decrypt encrypted message<br />
-sign sign message<br />
-verify verify signed message<br />
-pk7out output PKCS#7 structure<br />
-des3 encrypt with triple DES<br />
-des encrypt with DES<br />
-seed encrypt with SEED<br />
-rc2-40 encrypt with RC2-40 (default)<br />
-rc2-64 encrypt with RC2-64<br />
-rc2-128 encrypt with RC2-128<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-nointern don't search certificates in message for signer<br />
-nosigs don't verify message signature<br />
-noverify don't verify signers certificate<br />
-nocerts don't include signers certificate when signing<br />
-nodetach use opaque signing<br />
-noattr don't include any signed attributes<br />
-binary don't translate message to text<br />
-certfile file other certificates file<br />
-signer file signer certificate file<br />
-recip file recipient certificate file for decryption<br />
-in file input file<br />
-inform arg input format SMIME (default), PEM or DER<br />
-inkey file input private key (if not signer or recipient)<br />
-keyform arg input private key format (PEM or ENGINE)<br />
-out file output file<br />
-outform arg output format SMIME (default), PEM or DER<br />
-content file supply or override content for detached signature<br />
-to addr to address<br />
-from ad from address<br />
-subject s subject<br />
-text include or delete text MIME headers<br />
-CApath dir trusted certificates directory<br />
-CAfile file trusted certificates file<br />
-crl_check check revocation status of signer's certificate using CRLs<br />
-crl_check_all check revocation status of signer's certificate chain using CRLs<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg input file pass phrase source<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
cert.pem recipient certificate(s) for encryption<br />
</pre><br />
<br />
===== smime v3 cms =====<br />
<br />
<pre><br />
openssl cms --help<br />
Usage cms [options] cert.pem ...<br />
where options are<br />
-encrypt encrypt message<br />
-decrypt decrypt encrypted message<br />
-sign sign message<br />
-verify verify signed message<br />
-cmsout output CMS structure<br />
-des3 encrypt with triple DES<br />
-des encrypt with DES<br />
-seed encrypt with SEED<br />
-rc2-40 encrypt with RC2-40 (default)<br />
-rc2-64 encrypt with RC2-64<br />
-rc2-128 encrypt with RC2-128<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-nointern don't search certificates in message for signer<br />
-nosigs don't verify message signature<br />
-noverify don't verify signers certificate<br />
-nocerts don't include signers certificate when signing<br />
-nodetach use opaque signing<br />
-noattr don't include any signed attributes<br />
-binary don't translate message to text<br />
-certfile file other certificates file<br />
-certsout file certificate output file<br />
-signer file signer certificate file<br />
-recip file recipient certificate file for decryption<br />
-keyid use subject key identifier<br />
-in file input file<br />
-inform arg input format SMIME (default), PEM or DER<br />
-inkey file input private key (if not signer or recipient)<br />
-keyform arg input private key format (PEM or ENGINE)<br />
-out file output file<br />
-outform arg output format SMIME (default), PEM or DER<br />
-content file supply or override content for detached signature<br />
-to addr to address<br />
-from ad from address<br />
-subject s subject<br />
-text include or delete text MIME headers<br />
-CApath dir trusted certificates directory<br />
-CAfile file trusted certificates file<br />
-crl_check check revocation status of signer's certificate using CRLs<br />
-crl_check_all check revocation status of signer's certificate chain using CRLs<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg input file pass phrase source<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
cert.pem recipient certificate(s) for encryption<br />
</pre><br />
<br />
==== Public Key Cryptographic Operations ====<br />
<br />
<pre><br />
openssl pkeyutl --help<br />
Usage: pkeyutl [options]<br />
-in file input file<br />
-out file output file<br />
-sigfile file signature file (verify operation only)<br />
-inkey file input key<br />
-keyform arg private key format - default PEM<br />
-pubin input is a public key<br />
-certin input is a certificate carrying a public key<br />
-pkeyopt X:Y public key options<br />
-sign sign with private key<br />
-verify verify with public key<br />
-verifyrecover verify with public key, recover original data<br />
-encrypt encrypt with public key<br />
-decrypt decrypt with private key<br />
-derive derive shared secret<br />
-hexdump hex dump output<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg pass phrase source<br />
</pre><br />
<br />
Legacy RSA command:<br />
<pre><br />
openssl rsautl --help<br />
Usage: rsautl [options]<br />
-in file input file<br />
-out file output file<br />
-inkey file input key<br />
-keyform arg private key format - default PEM<br />
-pubin input is an RSA public<br />
-certin input is a certificate carrying an RSA public key<br />
-ssl use SSL v2 padding<br />
-raw use no padding<br />
-pkcs use PKCS#1 v1.5 padding (default)<br />
-oaep use PKCS#1 OAEP<br />
-sign sign with private key<br />
-verify verify with public key<br />
-encrypt encrypt with public key<br />
-decrypt decrypt with private key<br />
-hexdump hex dump output<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg pass phrase source<br />
</pre><br />
<br />
=== Create / Handle Public Key Certificates ===<br />
<br />
This requires you have a knowledge of what PKI is ( Certificate Authorities, Certificate Request, Certificate, Public Key, Private Key )<br />
<br />
Classical use case is to obtain a valid Certificate for a Secured Web site ( https protocol ).<br />
First you create a Private Key ( will be created together with Public key ).<br />
Then create a Certificate Request for that private key with some informations for purpose of future Certificate.<br />
Then send that Certificate Request to a Certificate Authority ( CA ) that will issue a Certificate that CA signed. For well known CA you need to pay. <br />
Up to you to install your Private key together with the received Certificate on your system. <br />
<br />
It exists graphical front-end to operate openssl wihtin a GUI : [http://xca.sourceforge.net/ XCA]<br />
<br />
==== Key Generation ====<br />
<br />
===== rsa / genrsa =====<br />
<br />
RSA is the most common type of Public/Private Key.<br />
Private Key part should never be disclosed while public key part is ... public.<br />
<br />
<pre><br />
openssl genrsa --help<br />
usage: genrsa [args] [numbits]<br />
-des encrypt the generated key with DES in cbc mode<br />
-des3 encrypt the generated key with DES in ede cbc mode (168 bit key)<br />
-seed<br />
encrypt PEM output with cbc seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-out file output the key to 'file<br />
-passout arg output file pass phrase source<br />
-f4 use F4 (0x10001) for the E value<br />
-3 use 3 for the E value<br />
-engine e use engine e, possibly a hardware device.<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
</pre><br />
<br />
<pre><br />
rsa help<br />
unknown option help<br />
rsa [options] <infile >outfile<br />
where options are<br />
-inform arg input format - one of DER NET PEM<br />
-outform arg output format - one of DER NET PEM<br />
-in arg input file<br />
-sgckey Use IIS SGC key format<br />
-passin arg input file pass phrase source<br />
-out arg output file<br />
-passout arg output file pass phrase source<br />
-des encrypt PEM output with cbc des<br />
-des3 encrypt PEM output with ede cbc des using 168 bit key<br />
-seed encrypt PEM output with cbc seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-text print the key in text<br />
-noout don't print key out<br />
-modulus print the RSA key modulus<br />
-check verify key consistency<br />
-pubin expect a public key in input file<br />
-pubout output a public key<br />
-engine e use engine e, possibly a hardware device.<br />
error in rsa<br />
</pre><br />
<br />
===== dsa / gendsa=====<br />
<br />
dsa is a less common Public/Private key scheme, but can be seen anyway, so ...<br />
<br />
<pre><br />
openssl gendsa<br />
usage: gendsa [args] dsaparam-file<br />
-out file - output the key to 'file'<br />
-des - encrypt the generated key with DES in cbc mode<br />
-des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)<br />
-seed<br />
encrypt PEM output with cbc seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-engine e - use engine e, possibly a hardware device.<br />
-rand file:file:...<br />
- load the file (or the files in the directory) into<br />
the random number generator<br />
dsaparam-file<br />
- a DSA parameter file as generated by the dsaparam command<br />
<br />
</pre><br />
<br />
<pre><br />
OpenSSL> dsa help<br />
unknown option help<br />
dsa [options] <infile >outfile<br />
where options are<br />
-inform arg input format - DER or PEM<br />
-outform arg output format - DER or PEM<br />
-in arg input file<br />
-passin arg input file pass phrase source<br />
-out arg output file<br />
-passout arg output file pass phrase source<br />
-engine e use engine e, possibly a hardware device.<br />
-des encrypt PEM output with cbc des<br />
-des3 encrypt PEM output with ede cbc des using 168 bit key<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-seed encrypt PEM output with cbc seed<br />
-text print the key in text<br />
-noout don't print key out<br />
-modulus print the DSA public value<br />
error in dsa<br />
</pre><br />
<br />
===== Elliptic Curves / ec ecparam =====<br />
<br />
[[Elliptic_Curve_Cryptography]]<br />
<br />
See [[Command Line Elliptic Curve Operations]] for a description of these commands.<br />
<br />
<pre><br />
openssl ecparam --help<br />
unknown option --help<br />
ecparam [options] <infile >outfile<br />
where options are<br />
-inform arg input format - default PEM (DER or PEM)<br />
-outform arg output format - default PEM<br />
-in arg input file - default stdin<br />
-out arg output file - default stdout<br />
-noout do not print the ec parameter<br />
-text print the ec parameters in text form<br />
-check validate the ec parameters<br />
-C print a 'C' function creating the parameters<br />
-name arg use the ec parameters with 'short name' name<br />
-list_curves prints a list of all currently available curve 'short names'<br />
-conv_form arg specifies the point conversion form <br />
possible values: compressed<br />
uncompressed (default)<br />
hybrid<br />
-param_enc arg specifies the way the ec parameters are encoded<br />
in the asn1 der encoding<br />
possible values: named_curve (default)<br />
explicit<br />
-no_seed if 'explicit' parameters are chosen do not use the seed<br />
-genkey generate ec key<br />
-rand file files to use for random number input<br />
-engine e use engine e, possibly a hardware device<br />
</pre><br />
<br />
<pre><br />
ec [options] <infile >outfile<br />
where options are<br />
-inform arg input format - DER or PEM<br />
-outform arg output format - DER or PEM<br />
-in arg input file<br />
-passin arg input file pass phrase source<br />
-out arg output file<br />
-passout arg output file pass phrase source<br />
-engine e use engine e, possibly a hardware device.<br />
-des encrypt PEM output, instead of 'des' every other <br />
cipher supported by OpenSSL can be used<br />
-text print the key<br />
-noout don't print key out<br />
-param_out print the elliptic curve parameters<br />
-conv_form arg specifies the point conversion form <br />
possible values: compressed<br />
uncompressed (default)<br />
hybrid<br />
-param_enc arg specifies the way the ec parameters are encoded<br />
in the asn1 der encoding<br />
possible values: named_curve (default)<br />
explicit<br />
</pre><br />
<br />
==== Certificate Authority / ca ====<br />
<br />
When you want to act as a Certificate Authority.<br />
<br />
OpenSSL> ca<br />
Using configuration from /usr/lib/ssl/openssl.cnf<br />
Error opening CA private key ./demoCA/private/cakey.pem<br />
140492277311144:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('./demoCA/private/cakey.pem','r')<br />
140492277311144:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:<br />
unable to load CA private key<br />
error in ca<br />
<br />
By default you don't have ca created...<br />
<br />
==== Certificate Request / pkcs10 / req ====<br />
<br />
OpenSSL> req ?<br />
unknown option ?<br />
req [options] <infile >outfile<br />
where options are<br />
-inform arg input format - DER or PEM<br />
-outform arg output format - DER or PEM<br />
-in arg input file<br />
-out arg output file<br />
-text text form of request<br />
-pubkey output public key<br />
-noout do not output REQ<br />
-verify verify signature on REQ<br />
-modulus RSA modulus<br />
-nodes don't encrypt the output key<br />
-engine e use engine e, possibly a hardware device<br />
-subject output the request's subject<br />
-passin private key password source<br />
-key file use the private key contained in file<br />
-keyform arg key file format<br />
-keyout arg file to send the key to<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
-newkey rsa:bits generate a new RSA key of 'bits' in size<br />
-newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'<br />
-newkey ec:file generate a new EC key, parameters taken from CA in 'file'<br />
-[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)<br />
-config file request template file.<br />
-subj arg set or modify request subject<br />
-multivalue-rdn enable support for multivalued RDNs<br />
-new new request.<br />
-batch do not ask anything during request generation<br />
-x509 output a x509 structure instead of a cert. req.<br />
-days number of days a certificate generated by -x509 is valid for.<br />
-set_serial serial number to use for a certificate generated by -x509.<br />
-newhdr output "NEW" in the header lines<br />
-asn1-kludge Output the 'request' in a format that is wrong but some CA's<br />
have been reported as requiring<br />
-extensions .. specify certificate extension section (override value in config file)<br />
-reqexts .. specify request extension section (override value in config file)<br />
-utf8 input characters are UTF8 (default ASCII)<br />
-nameopt arg - various certificate name options<br />
-reqopt arg - various request text options<br />
<br />
error in req<br />
<br />
==== Certificates AKA x509 ====<br />
<br />
x509 command allows you to display content of a x509 certificate and to convert it from/to [[PEM]], [[NET]] or [[DER]] formats.<br />
<br />
OpenSSL> x509 help<br />
unknown option help<br />
usage: x509 args<br />
-inform arg - input format - default PEM (one of DER, NET or PEM)<br />
-outform arg - output format - default PEM (one of DER, NET or PEM)<br />
-keyform arg - private key format - default PEM<br />
-CAform arg - CA format - default PEM<br />
-CAkeyform arg - CA key format - default PEM<br />
-in arg - input file - default stdin<br />
-out arg - output file - default stdout<br />
-passin arg - private key password source<br />
-serial - print serial number value<br />
-subject_hash - print subject hash value<br />
-subject_hash_old - print old-style (MD5) subject hash value<br />
-issuer_hash - print issuer hash value<br />
-issuer_hash_old - print old-style (MD5) issuer hash value<br />
-hash - synonym for -subject_hash<br />
-subject - print subject DN<br />
-issuer - print issuer DN<br />
-email - print email address(es)<br />
-startdate - notBefore field<br />
-enddate - notAfter field<br />
-purpose - print out certificate purposes<br />
-dates - both Before and After dates<br />
-modulus - print the RSA key modulus<br />
-pubkey - output the public key<br />
-fingerprint - print the certificate fingerprint<br />
-alias - output certificate alias<br />
-noout - no certificate output<br />
-ocspid - print OCSP hash values for the subject name and public key<br />
-ocsp_uri - print OCSP Responder URL(s)<br />
-trustout - output a "trusted" certificate<br />
-clrtrust - clear all trusted purposes<br />
-clrreject - clear all rejected purposes<br />
-addtrust arg - trust certificate for a given purpose<br />
-addreject arg - reject certificate for a given purpose<br />
-setalias arg - set certificate alias<br />
-days arg - How long till expiry of a signed certificate - def 30 days<br />
-checkend arg - check whether the cert expires in the next arg seconds<br />
exit 1 if so, 0 if not<br />
-signkey arg - self sign cert with arg<br />
-x509toreq - output a certification request object<br />
-req - input is a certificate request, sign and output.<br />
-CA arg - set the CA certificate, must be PEM format.<br />
-CAkey arg - set the CA key, must be PEM format<br />
missing, it is assumed to be in the CA file.<br />
-CAcreateserial - create serial number file if it does not exist<br />
-CAserial arg - serial file<br />
-set_serial - serial number to use<br />
-text - print the certificate in text form<br />
-C - print out C code forms<br />
-md2/-md5/-sha1/-mdc2 - digest to use<br />
-extfile - configuration file with X509V3 extensions to add<br />
-extensions - section from config file with X509V3 extensions to add<br />
-clrext - delete extensions before signing and input certificate<br />
-nameopt arg - various certificate name options<br />
-engine e - use engine e, possibly a hardware device.<br />
-certopt arg - various certificate text options<br />
<br />
==== Client Certificates AKA pkcs12 ====<br />
<br />
Client Certificate is a language abuse, but anyway it is kind of file you need to install on your system when SSL/TLS server require Client Authentication.<br />
Those kind of certificates credentials are known with .'''pkcs12''' or .'''pfx''' file extension.<br />
They contains a x509 Certificate and the public/private key of client. Those files are then very sensible to handle with same security as a private key.<br />
<br />
<pre><br />
Usage: pkcs12 [options]<br />
where options are<br />
-export output PKCS12 file<br />
-chain add certificate chain<br />
-inkey file private key if not infile<br />
-certfile f add all certs in f<br />
-CApath arg - PEM format directory of CA's<br />
-CAfile arg - PEM format file of CA's<br />
-name "name" use name as friendly name<br />
-caname "nm" use nm as CA friendly name (can be used more than once).<br />
-in infile input filename<br />
-out outfile output filename<br />
-noout don't output anything, just verify.<br />
-nomacver don't verify MAC.<br />
-nocerts don't output certificates.<br />
-clcerts only output client certificates.<br />
-cacerts only output CA certificates.<br />
-nokeys don't output private keys.<br />
-info give info about PKCS#12 structure.<br />
-des encrypt private keys with DES<br />
-des3 encrypt private keys with triple DES (default)<br />
-seed encrypt private keys with seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-nodes don't encrypt private keys<br />
-noiter don't use encryption iteration<br />
-nomaciter don't use MAC iteration<br />
-maciter use MAC iteration<br />
-nomac don't generate MAC<br />
-twopass separate MAC, encryption passwords<br />
-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)<br />
-certpbe alg specify certificate PBE algorithm (default RC2-40)<br />
-keypbe alg specify private key PBE algorithm (default 3DES)<br />
-macalg alg digest algorithm used in MAC (default SHA1)<br />
-keyex set MS key exchange type<br />
-keysig set MS key signature type<br />
-password p set import/export password source<br />
-passin p input file pass phrase source<br />
-passout p output file pass phrase source<br />
-engine e use engine e, possibly a hardware device.<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
-CSP name Microsoft CSP name<br />
-LMK Add local machine keyset attribute to private key<br />
</pre><br />
<br />
=== SSL/TLS and Certificates ONLINE services ===<br />
<br />
==== s_server ====<br />
<br />
This implements a generic SSL/TLS server. <br />
<br />
<pre><br />
openssl s_server<br />
Error opening server certificate private key file server.pem<br />
139811478357672:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('server.pem','r')<br />
139811478357672:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:<br />
unable to load server certificate private key file<br />
</pre><br />
<br />
'''you need to provide certificate and private key to be able to run SSL/TLS server.'''<br />
<br />
<pre><br />
openssl s_server --help<br />
unknown option --help<br />
usage: s_server [args ...]<br />
<br />
-accept arg - port to accept on (default is 4433)<br />
-context arg - set session ID context<br />
-verify arg - turn on peer certificate verification<br />
-Verify arg - turn on peer certificate verification, must have a cert.<br />
-cert arg - certificate file to use<br />
(default is server.pem)<br />
-crl_check - check the peer certificate has not been revoked by its CA.<br />
The CRL(s) are appended to the certificate file<br />
-crl_check_all - check the peer certificate has not been revoked by its CA<br />
or any other CRL in the CA chain. CRL(s) are appened to the<br />
the certificate file.<br />
-certform arg - certificate format (PEM or DER) PEM default<br />
-key arg - Private Key file to use, in cert file if<br />
not specified (default is server.pem)<br />
-keyform arg - key format (PEM, DER or ENGINE) PEM default<br />
-pass arg - private key file pass phrase source<br />
-dcert arg - second certificate file to use (usually for DSA)<br />
-dcertform x - second certificate format (PEM or DER) PEM default<br />
-dkey arg - second private key file to use (usually for DSA)<br />
-dkeyform arg - second key format (PEM, DER or ENGINE) PEM default<br />
-dpass arg - second private key file pass phrase source<br />
-dhparam arg - DH parameter file to use, in cert file if not specified<br />
or a default set of parameters is used<br />
-named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.<br />
Use "openssl ecparam -list_curves" for all names<br />
(default is nistp256).<br />
-nbio - Run with non-blocking IO<br />
-nbio_test - test with the non-blocking test bio<br />
-crlf - convert LF from terminal into CRLF<br />
-debug - Print more output<br />
-msg - Show protocol messages<br />
-state - Print the SSL states<br />
-CApath arg - PEM format directory of CA's<br />
-CAfile arg - PEM format file of CA's<br />
-nocert - Don't use any certificates (Anon-DH)<br />
-cipher arg - play with 'openssl ciphers' to see what goes here<br />
-serverpref - Use server's cipher preferences<br />
-quiet - No server output<br />
-no_tmp_rsa - Do not generate a tmp RSA key<br />
-psk_hint arg - PSK identity hint to use<br />
-psk arg - PSK in hex (without 0x)<br />
-srpvfile file - The verifier file for SRP<br />
-srpuserseed string - A seed string for a default user salt.<br />
-ssl2 - Just talk SSLv2<br />
-ssl3 - Just talk SSLv3<br />
-tls1_2 - Just talk TLSv1.2<br />
-tls1_1 - Just talk TLSv1.1<br />
-tls1 - Just talk TLSv1<br />
-dtls1 - Just talk DTLSv1<br />
-timeout - Enable timeouts<br />
-mtu - Set link layer MTU<br />
-chain - Read a certificate chain<br />
-no_ssl2 - Just disable SSLv2<br />
-no_ssl3 - Just disable SSLv3<br />
-no_tls1 - Just disable TLSv1<br />
-no_tls1_1 - Just disable TLSv1.1<br />
-no_tls1_2 - Just disable TLSv1.2<br />
-no_dhe - Disable ephemeral DH<br />
-no_ecdhe - Disable ephemeral ECDH<br />
-bugs - Turn on SSL bug compatibility<br />
-www - Respond to a 'GET /' with a status page<br />
-WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path><br />
-HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path><br />
with the assumption it contains a complete HTTP response.<br />
-engine id - Initialise and use the specified engine<br />
-id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'<br />
-rand file:file:...<br />
-servername host - servername for HostName TLS extension<br />
-servername_fatal - on mismatch send fatal alert (default warning alert)<br />
-cert2 arg - certificate file to use for servername<br />
(default is server2.pem)<br />
-key2 arg - Private Key file to use for servername, in cert file if<br />
not specified (default is server2.pem)<br />
-tlsextdebug - hex dump of all TLS extensions received<br />
-no_ticket - disable use of RFC4507bis session tickets<br />
-legacy_renegotiation - enable use of legacy renegotiation (dangerous)<br />
-nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)<br />
-use_srtp profiles - Offer SRTP key management with a colon-separated profile list<br />
-keymatexport label - Export keying material using label<br />
-keymatexportlen len - Export len bytes of keying material (default 20)<br />
</pre><br />
<br />
==== s_client ====<br />
<br />
This implements a generic SSL/TLS client<br />
<br />
<pre><br />
unknown option --help<br />
usage: s_client args<br />
<br />
-host host - use -connect instead<br />
-port port - use -connect instead<br />
-connect host:port - who to connect to (default is localhost:4433)<br />
-verify arg - turn on peer certificate verification<br />
-cert arg - certificate file to use, PEM format assumed<br />
-certform arg - certificate format (PEM or DER) PEM default<br />
-key arg - Private key file to use, in cert file if<br />
not specified but cert file is.<br />
-keyform arg - key format (PEM or DER) PEM default<br />
-pass arg - private key file pass phrase source<br />
-CApath arg - PEM format directory of CA's<br />
-CAfile arg - PEM format file of CA's<br />
-reconnect - Drop and re-make the connection with the same Session-ID<br />
-pause - sleep(1) after each read(2) and write(2) system call<br />
-showcerts - show all certificates in the chain<br />
-debug - extra output<br />
-msg - Show protocol messages<br />
-nbio_test - more ssl protocol testing<br />
-state - print the 'ssl' states<br />
-nbio - Run with non-blocking IO<br />
-crlf - convert LF from terminal into CRLF<br />
-quiet - no s_client output<br />
-ign_eof - ignore input eof (default when -quiet)<br />
-no_ign_eof - don't ignore input eof<br />
-psk_identity arg - PSK identity<br />
-psk arg - PSK in hex (without 0x)<br />
-srpuser user - SRP authentification for 'user'<br />
-srppass arg - password for 'user'<br />
-srp_lateuser - SRP username into second ClientHello message<br />
-srp_moregroups - Tolerate other than the known g N values.<br />
-srp_strength int - minimal mength in bits for N (default 1024).<br />
-ssl2 - just use SSLv2<br />
-ssl3 - just use SSLv3<br />
-tls1_2 - just use TLSv1.2<br />
-tls1_1 - just use TLSv1.1<br />
-tls1 - just use TLSv1<br />
-dtls1 - just use DTLSv1<br />
-mtu - set the link layer MTU<br />
-no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol<br />
-bugs - Switch on all SSL implementation bug workarounds<br />
-serverpref - Use server's cipher preferences (only SSLv2)<br />
-cipher - preferred cipher to use, use the 'openssl ciphers'<br />
command to see what is available<br />
-starttls prot - use the STARTTLS command before starting TLS<br />
for those protocols that support it, where<br />
'prot' defines which one to assume. Currently,<br />
only "smtp", "pop3", "imap", "ftp" and "xmpp"<br />
are supported.<br />
-engine id - Initialise and use the specified engine<br />
-rand file:file:...<br />
-sess_out arg - file to write SSL session to<br />
-sess_in arg - file to read SSL session from<br />
-servername host - Set TLS extension servername in ClientHello<br />
-tlsextdebug - hex dump of all TLS extensions received<br />
-status - request certificate status from server<br />
-no_ticket - disable use of RFC4507bis session tickets<br />
-nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)<br />
-legacy_renegotiation - enable use of legacy renegotiation (dangerous)<br />
-use_srtp profiles - Offer SRTP key management with a colon-separated profile list<br />
-keymatexport label - Export keying material using label<br />
-keymatexportlen len - Export len bytes of keying material (default 20)<br />
</pre><br />
<br />
==== ocsp ====<br />
<br />
<br />
=== Signing / Digest and Timestamping ===<br />
<br />
==== Signing / Digest ====<br />
<br />
<pre><br />
openssl dgst --help<br />
unknown option '--help'<br />
options are<br />
-c to output the digest with separating colons<br />
-r to output the digest in coreutils format<br />
-d to output debug info<br />
-hex output as hex dump<br />
-binary output in binary form<br />
-hmac arg set the HMAC key to arg<br />
-non-fips-allow allow use of non FIPS digest<br />
-sign file sign digest using private key in file<br />
-verify file verify a signature using public key in file<br />
-prverify file verify a signature using private key in file<br />
-keyform arg key file format (PEM or ENGINE)<br />
-out filename output to filename rather than stdout<br />
-signature file signature to verify<br />
-sigopt nm:v signature parameter<br />
-hmac key create hashed MAC with key<br />
-mac algorithm create MAC (not neccessarily HMAC)<br />
-macopt nm:v MAC algorithm parameters or key<br />
-engine e use engine e, possibly a hardware device.<br />
-md4 to use the md4 message digest algorithm<br />
-md5 to use the md5 message digest algorithm<br />
-ripemd160 to use the ripemd160 message digest algorithm<br />
-sha to use the sha message digest algorithm<br />
-sha1 to use the sha1 message digest algorithm<br />
-sha224 to use the sha224 message digest algorithm<br />
-sha256 to use the sha256 message digest algorithm<br />
-sha384 to use the sha384 message digest algorithm<br />
-sha512 to use the sha512 message digest algorithm<br />
-whirlpool to use the whirlpool message digest algorithm<br />
</pre><br />
==== timestamping ====<br />
<br />
openssl ts<br />
<br />
<pre><br />
usage:<br />
ts -query [-rand file:file:...] [-config configfile] [-data file_to_hash] [-digest digest_bytes][-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] [-policy object_id] [-no_nonce] [-cert] [-in request.tsq] [-out request.tsq] [-text]<br />
or<br />
ts -reply [-config configfile] [-section tsa_section] [-queryfile request.tsq] [-passin password] [-signer tsa_cert.pem] [-inkey private_key.pem] [-chain certs_file.pem] [-policy object_id] [-in response.tsr] [-token_in] [-out response.tsr] [-token_out] [-text] [-engine id]<br />
or<br />
ts -verify [-data file_to_hash] [-digest digest_bytes] [-queryfile request.tsq] -in response.tsr [-token_in] -CApath ca_path -CAfile ca_file.pem -untrusted cert_file.pem<br />
</pre><br />
<br />
=== Data handling ===<br />
<br />
==== ASN.1 ====<br />
<br />
[[DER]] decoding <br />
<br />
<pre><br />
openssl asn1parse --help<br />
unknown option --help<br />
asn1parse [options] <infile<br />
where options are<br />
-inform arg input format - one of DER PEM<br />
-in arg input file<br />
-out arg output file (output format is always DER<br />
-noout arg don't produce any output<br />
-offset arg offset into file<br />
-length arg length of section in file<br />
-i indent entries<br />
-dump dump unknown data in hex form<br />
-dlimit arg dump the first arg bytes of unknown data in hex form<br />
-oid file file of extra oid definitions<br />
-strparse offset<br />
a series of these can be used to 'dig' into multiple<br />
ASN1 blob wrappings<br />
-genstr str string to generate ASN1 structure from<br />
-genconf file file to generate ASN1 structure from<br />
</pre><br />
<br />
==== Base64 ====<br />
<br />
base64 encoding / decoding<br />
<br />
[[Base64]]<br />
<br />
===== a String =====<br />
<br />
<pre><br />
openssl base64 -e <<< 'Welcome to openssl wiki'<br />
V2VsY29tZSB0byBvcGVuc3NsIHdpa2kK<br />
openssl base64 -d <<< 'V2VsY29tZSB0byBvcGVuc3NsIHdpa2kK'<br />
Welcome to openssl wiki<br />
</pre><br />
<br />
warning '''base64 line length is limited to 76 characters by default in openssl''' ( and generated with 64 characters / line ).<br />
<br />
<pre><br />
openssl base64 -e <<< 'Welcome to openssl wiki with a very long line that splits...'<br />
V2VsY29tZSB0byBvcGVuc3NsIHdpa2kgd2l0aCBhIHZlcnkgbG9uZyBsaW5lIHRo<br />
YXQgc3BsaXRzLi4uCg==<br />
openssl base64 -d <<< 'V2VsY29tZSB0byBvcGVuc3NsIHdpa2kgd2l0aCBhIHZlcnkgbG9uZyBsaW5lIHRoYXQgc3BsaXRzLi4uCg=='<br />
</pre><br />
=> NOTHING !<br />
<br />
to be able to decode a base64 line without line feed that exceed 76 characters use -A option :<br />
<br />
<pre><br />
openssl base64 -d -A <<< 'V2VsY29tZSB0byBvcGVuc3NsIHdpa2kgd2l0aCBhIHZlcnkgbG9uZyBsaW5lIHRoYXQgc3BsaXRzLi4uCg=='<br />
Welcome to openssl wiki with a very long line that splits...<br />
</pre><br />
<br />
This is anyway better to actualy split base64 result in 64 characters lines since -A option is BUGGY ( limit with long files ).<br />
<br />
==== DER <-> PEM conversion ====<br />
<br />
Many openSSL commands do support both PEM and DER formats on both inputs and outputs. The formats are specified with '''inform''' and '''outform''' optional parameters (default is usually PEM).<br />
Then it is easy to read it in a format and write it in another.<br />
<br />
For instance, you have downloaded a certificate in DER and you need to PEM version for some signature verification commands.<br />
The '''x509''' command that handles certificates will simply be invoked as:<br />
<pre><br />
OpenSSL> x509 -inform DER -in MyCertificate.der -out MyCertificate.pem<br />
</pre><br />
<br />
==== pkcs8 / pkcs5 ====<br />
<br />
pkcs8 is a format to store private keys.<br />
pkcs8 uses various pkcs5 version as subformat.<br />
<br />
<pre><br />
openssl pkcs8 --help<br />
Usage pkcs8 [options]<br />
where options are<br />
-in file input file<br />
-inform X input format (DER or PEM)<br />
-passin arg input file pass phrase source<br />
-outform X output format (DER or PEM)<br />
-out file output file<br />
-passout arg output file pass phrase source<br />
-topk8 output PKCS8 file<br />
-nooct use (nonstandard) no octet format<br />
-embed use (nonstandard) embedded DSA parameters format<br />
-nsdb use (nonstandard) DSA Netscape DB format<br />
-noiter use 1 as iteration count<br />
-nocrypt use or expect unencrypted private key<br />
-v2 alg use PKCS#5 v2.0 and cipher "alg"<br />
-v1 obj use PKCS#5 v1.5 and cipher "alg"<br />
-engine e use engine e, possibly a hardware device.<br />
</pre><br />
<br />
=== Diagnostics ===<br />
<br />
==== SSL/TLS session information ====<br />
<br />
<pre><br />
openssl sess_id --help<br />
unknown option --help<br />
usage: sess_id args<br />
<br />
-inform arg - input format - default PEM (DER or PEM)<br />
-outform arg - output format - default PEM<br />
-in arg - input file - default stdin<br />
-out arg - output file - default stdout<br />
-text - print ssl session id details<br />
-cert - output certificate <br />
-noout - no CRL output<br />
-context arg - set the session ID context<br />
</pre><br />
<br />
== Further reading ==<br />
<br />
* Paul Heinlein. [https://www.madboa.com/geek/openssl/ "OpenSSL Command-Line HOWTO"]. Has many quick cookbook-style recipes for doing common tasks using the "oppenssl" command-line application.<br />
<br />
[[Category:Shell level]]</div>Bernardhhttps://wiki.openssl.org/index.php?title=Main_Page&diff=1966Main Page2014-09-11T09:15:32Z<p>Bernardh: /* Security Advisories */</p>
<hr />
<div>If this is your first visit or to get an account please see the [[Welcome]] page. Your participation and [[Contributions]] are valued.<br />
<br />
This wiki is intended as a place for collecting, organizing, and refining useful information about OpenSSL that is currently strewn among multiple locations and formats.<br />
<br />
== OpenSSL Quick Links ==<br />
<br />
<TABLE border=0><br />
<TR><br />
<TD>[[OpenSSL Overview]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Compilation and Installation]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Internals]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Mailing Lists]] </TD><br />
</TR><br />
<TR><br />
<TD>[[libcrypto API]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[libssl API]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Examples]] </TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Documentation Index|Index of all API functions]]</TD><br />
</TR><br />
<TR><br />
<TD>[[License]] </TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Command Line Utilities]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Related Links]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[SSL and TLS Protocols]]</TD><br />
</TR><br />
</TABLE><br />
<br />
== Administrivia ==<br />
Site guidelines, legal and admininstrative issues.<br />
:* [[Basic rules]], [[Commercial Product Disclaimer]], [[Contributions]], [[Copyright]], [[License]]<br />
:* Using This Wiki<br />
:: [http://meta.wikimedia.org/wiki/Help:Contents Wiki User's Guide], [http://www.mediawiki.org/wiki/Manual:Configuration_settings Configuration settings list], [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ], [https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce MediaWiki Mailing List]<br />
<br />
== Reference ==<br />
This section contains the automagically generated man pages from the OpenSSL git repository, and similar "man" style reference documentation. The man pages are automatically imported from the OpenSSL git repository and local wiki modifications are submitted as patches.<br />
:* OpenSSL Manual Pages<br />
::* [[Manual:Openssl(1)]], [[Manual:Ssl(3)]], [[Manual:Crypto(3)]], [[Documentation Index]]<br />
:: If you wish to edit any of the Manual page content please refer to the [[Guidelines for Manual Page Authors]] page.<br />
:* [[API]], [[Libcrypto API]], [[Libssl API]]<br />
:* [[FIPS mode()]], [[FIPS_mode_set()]]<br />
<br />
== Usage and Programming ==<br />
This section has discussions of practical issues in using OpenSSL<br />
:* Building from Source<br />
:: Where to find it, the different versions, how to build and install it.<br />
:* [[OpenSSL Overview]]<br />
:* [[Versioning]]<br />
:* [[Compilation and Installation]]<br />
:* [[EVP]]<br />
:: Programming techniques and example code<br />
:: Use of EVP is preferred for most applications and circumstances<br />
::* [[EVP Asymmetric Encryption and Decryption of an Envelope]]<br />
::* [[EVP Authenticated Encryption and Decryption]]<br />
::* [[EVP Symmetric Encryption and Decryption]]<br />
::* [[EVP Key and Parameter Generation]]<br />
::* [[EVP Key Agreement]]<br />
::* [[EVP Message Digests]]<br />
::* [[EVP Key Derivation]]<br />
::* [[EVP Signing and Verifying|EVP Signing and Verifying (including MAC codes)]]<br />
:* [[STACK API]]<br />
:* Low Level APIs<br />
:: More specialized non-EVP usage<br />
::* [[Diffie-Hellman parameters]]<br />
:* [[FIPS Mode]]<br />
<br />
== Concepts and Theory ==<br />
Discussions of basic cryptographic theory and concepts<br />
Discussions of common operational issues<br />
:* [[Base64]]<br />
:* [http://wiki.openssl.org/index.php/Category:FIPS_140 FIPS 140-2]<br />
:* [[Random Numbers]]<br />
:* [[Diffie Hellman]]<br />
:* [[Elliptic Curve Diffie Hellman]]<br />
:* [[Elliptic Curve Cryptography]]<br />
<br />
== Security Advisories ==<br />
:* [https://www.openssl.org/about/secpolicy.html OpenSSL Security Policy]<br />
:* [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List]<br />
:* [[Security_Advisories|Security Advisories Additional Information]]<br />
<br />
== Feedback and Contributions ==<br />
:* [https://www.openssl.org/support/faq.html#BUILD18 Notification of suspected security vulnerabilities]<br />
:* [https://www.openssl.org/support/rt.html Contributing bug reports, other than for suspected vulnerabilities]<br />
:* [[Contributions|General background on source and documentation contributions - '''must read''']]<br />
:* Contributing code fixes, other than for suspected vulnerabilities, as well as fixes and other improvements to manual pages<br />
::* Follow the [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|instructions for accessing source code]] in the appropriate branches<br />
:::* Note that manual pages and the FAQ are maintained with the source code.<br />
::* If you are unsure as to whether a feature will be useful for the general OpenSSL community please discuss it on the [https://www.openssl.org/support/community.html openssl-dev mailing list] first. Someone may be already working on the same thing or there may be a good reason as to why that feature isn't implemented.<br />
::* Submit a pull request for each separate fix (also documented [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|there]])<br />
::* Submit a bug report for the issue and reference the pull request<br />
:* Contributing fixes and other improvements to the web site<br />
::* Follow the [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|instructions for accessing web site sources]]<br />
::* Create a patch (also documented [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|there]])<br />
::* Submit a bug report and add the patch as an attachment<br />
:* [[KnownPatches|Known patches not part of OpenSSL]]<br />
:* [[Welcome|Contributing to this wiki]]<br />
<br />
== Internals and Development ==<br />
This section is for internal details of primary interest to OpenSSL maintainers and power users<br />
:* [[Internals]]<br />
:* [[Code Quality]]<br />
:* [[Static and Dynamic Analysis]]<br />
:* [[OCB|OCB Licence details]]<br />
:* [[Defect and Feature Review Process]]<br />
:* [[Unit Testing]] (includes other automated testing information)</div>Bernardhhttps://wiki.openssl.org/index.php?title=Documentation_Index&diff=1933Documentation Index2014-09-02T07:01:11Z<p>Bernardh: </p>
<hr />
<div>This page provides a full index of all OpenSSL functions mentioned in the manual pages. Only functions that have a mention in the manual pages are listed, so '''there is many OpenSSL functions not listed here'''. The list has been automatically generated and therefore there may well be some false positives.<br />
<br />
Entries in bold in the list below should be considered as the primary reference for that function.<br />
<br />
NOTE: Function families notably missing are: X509_ALGOR*, X509_ATTRIBUTE*, X509_CERT*, X509_CRL*, X509_get* (amongst which the indispensable X509_get_pubkey(...)), X509_LOOKUP* and more...<br />
<br> <br><br />
<br />
ASN1_add_oid_module [[Manual:OPENSSL_load_builtin_modules(3)]]<br><br />
ASN1_generate_nconf '''[[Manual:ASN1_generate_nconf(3)]]'''<br><br />
ASN1_generate_v3 '''[[Manual:ASN1_generate_nconf(3)]]'''<br><br />
ASN1_INTEGER_to_BN [[Manual:BN_bn2bin(3)]]<br><br />
ASN1_OBJECT_free '''[[Manual:ASN1_OBJECT_new(3)]]'''<br><br />
ASN1_OBJECT_new '''[[Manual:ASN1_OBJECT_new(3)]]'''<br><br />
ASN1_OCTET_STRING_new [[Manual:ASN1_STRING_new(3)]]<br><br />
ASN1_STRING_cmp '''[[Manual:ASN1_STRING_length(3)]]'''<br><br />
ASN1_STRING_data '''[[Manual:ASN1_STRING_length(3)]]'''<br><br />
ASN1_STRING_dup '''[[Manual:ASN1_STRING_length(3)]]'''<br><br />
ASN1_STRING_free '''[[Manual:ASN1_STRING_new(3)]]'''<br><br />
ASN1_STRING_length '''[[Manual:ASN1_STRING_length(3)]]'''<br><br />
ASN1_STRING_length_set '''[[Manual:ASN1_STRING_length(3)]]'''<br><br />
ASN1_STRING_new '''[[Manual:ASN1_STRING_new(3)]]'''<br><br />
ASN1_STRING_print_ex_fp '''[[Manual:ASN1_STRING_print_ex(3)]]'''<br><br />
ASN1_STRING_print_ex '''[[Manual:ASN1_STRING_print_ex(3)]]'''<br><br />
ASN1_STRING_print_ex [[Manual:X509_NAME_print_ex(3)]]<br><br />
ASN1_STRING_print [[Manual:ASN1_STRING_print_ex(3)]]<br><br />
ASN1_STRING_set_by_NID [[Manual:X509_NAME_add_entry_by_txt(3)]]<br><br />
ASN1_STRING_set '''[[Manual:ASN1_STRING_length(3)]]'''<br><br />
ASN1_STRING_to_UTF8 [[Manual:ASN1_STRING_length(3)]]<br><br />
ASN1_STRING_type '''[[Manual:ASN1_STRING_length(3)]]'''<br><br />
ASN1_STRING_type [[Manual:ASN1_STRING_new(3)]]<br><br />
ASN1_STRING_type_new '''[[Manual:ASN1_STRING_new(3)]]'''<br><br />
ASN1_tag2str [[Manual:ASN1_STRING_print_ex(3)]]<br><br />
ASN1_TIME_print [[Manual:X509_STORE_CTX_set_verify_cb(3)]]<br><br />
BF_cbc_encrypt '''[[Manual:blowfish(3)]]'''<br><br />
BF_cfb64_encrypt '''[[Manual:blowfish(3)]]'''<br><br />
BF_decrypt '''[[Manual:blowfish(3)]]'''<br><br />
BF_ecb_encrypt '''[[Manual:blowfish(3)]]'''<br><br />
BF_encrypt '''[[Manual:blowfish(3)]]'''<br><br />
BF_ofb64_encrypt '''[[Manual:blowfish(3)]]'''<br><br />
BF_options '''[[Manual:blowfish(3)]]'''<br><br />
BF_set_key '''[[Manual:blowfish(3)]]'''<br><br />
BIO_accept [[Manual:BIO_s_accept(3)]]<br><br />
BIO_callback_ctrl '''[[Manual:BIO_ctrl(3)]]'''<br><br />
BIO_ctrl_get_read_request '''[[Manual:BIO_s_bio(3)]]'''<br><br />
BIO_ctrl_get_write_guarantee '''[[Manual:BIO_s_bio(3)]]'''<br><br />
BIO_ctrl [[Manual:bio(3)]]<br><br />
BIO_ctrl '''[[Manual:BIO_ctrl(3)]]'''<br><br />
BIO_ctrl [[Manual:BIO_f_buffer(3)]]<br><br />
BIO_ctrl [[Manual:BIO_f_cipher(3)]]<br><br />
BIO_ctrl [[Manual:BIO_f_md(3)]]<br><br />
BIO_ctrl [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_ctrl [[Manual:BIO_s_bio(3)]]<br><br />
BIO_ctrl [[Manual:BIO_set_callback(3)]]<br><br />
BIO_ctrl [[Manual:BIO_s_fd(3)]]<br><br />
BIO_ctrl_pending '''[[Manual:BIO_ctrl(3)]]'''<br><br />
BIO_ctrl_pending [[Manual:BIO_s_bio(3)]]<br><br />
BIO_ctrl_pending [[Manual:BIO_s_mem(3)]]<br><br />
BIO_ctrl_reset_read_request '''[[Manual:BIO_s_bio(3)]]'''<br><br />
BIO_ctrl_wpending '''[[Manual:BIO_ctrl(3)]]'''<br><br />
BIO_ctrl_wpending [[Manual:BIO_s_bio(3)]]<br><br />
BIO_debug_callback '''[[Manual:BIO_set_callback(3)]]'''<br><br />
BIO_f_base64 [[Manual:bio(3)]]<br><br />
BIO_f_base64 '''[[Manual:BIO_f_base64(3)]]'''<br><br />
BIO_f_buffer [[Manual:bio(3)]]<br><br />
BIO_f_buffer '''[[Manual:BIO_f_buffer(3)]]'''<br><br />
BIO_f_buffer [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_f_buffer [[Manual:BIO_new_CMS(3)]]<br><br />
BIO_f_buffer [[Manual:BIO_read(3)]]<br><br />
BIO_f_cipher [[Manual:bio(3)]]<br><br />
BIO_f_cipher '''[[Manual:BIO_f_cipher(3)]]'''<br><br />
BIO_find_type [[Manual:bio(3)]]<br><br />
BIO_find_type '''[[Manual:BIO_find_type(3)]]'''<br><br />
BIO_find_type [[Manual:BIO_f_md(3)]]<br><br />
BIO_f_md [[Manual:bio(3)]]<br><br />
BIO_f_md '''[[Manual:BIO_f_md(3)]]'''<br><br />
BIO_f_null [[Manual:bio(3)]]<br><br />
BIO_f_null '''[[Manual:BIO_f_null(3)]]'''<br><br />
BIO_free_all [[Manual:BIO_f_base64(3)]]<br><br />
BIO_free_all [[Manual:BIO_f_md(3)]]<br><br />
BIO_free_all [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_free_all '''[[Manual:BIO_new(3)]]'''<br><br />
BIO_free_all [[Manual:BIO_new_CMS(3)]]<br><br />
BIO_free_all [[Manual:BIO_s_bio(3)]]<br><br />
BIO_free [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_free '''[[Manual:BIO_new(3)]]'''<br><br />
BIO_free [[Manual:BIO_new_CMS(3)]]<br><br />
BIO_free [[Manual:BIO_s_accept(3)]]<br><br />
BIO_free [[Manual:BIO_s_bio(3)]]<br><br />
BIO_free [[Manual:BIO_s_connect(3)]]<br><br />
BIO_free [[Manual:BIO_set_callback(3)]]<br><br />
BIO_free [[Manual:BIO_s_fd(3)]]<br><br />
BIO_free [[Manual:BIO_s_file(3)]]<br><br />
BIO_free [[Manual:BIO_s_mem(3)]]<br><br />
BIO_get_callback_arg '''[[Manual:BIO_set_callback(3)]]'''<br><br />
BIO_get_callback '''[[Manual:BIO_set_callback(3)]]'''<br><br />
BIO_get_retry_BIO '''[[Manual:BIO_should_retry(3)]]'''<br><br />
BIO_get_retry_reason '''[[Manual:BIO_should_retry(3)]]'''<br><br />
BIO_gets [[Manual:BIO_f_base64(3)]]<br><br />
BIO_gets [[Manual:BIO_f_buffer(3)]]<br><br />
BIO_gets [[Manual:BIO_f_cipher(3)]]<br><br />
BIO_gets [[Manual:BIO_f_md(3)]]<br><br />
BIO_gets [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_gets '''[[Manual:BIO_read(3)]]'''<br><br />
BIO_gets [[Manual:BIO_s_accept(3)]]<br><br />
BIO_gets [[Manual:BIO_s_connect(3)]]<br><br />
BIO_gets [[Manual:BIO_set_callback(3)]]<br><br />
BIO_gets [[Manual:BIO_s_fd(3)]]<br><br />
BIO_gets [[Manual:BIO_s_file(3)]]<br><br />
BIO_gets [[Manual:BIO_s_mem(3)]]<br><br />
BIO_gets [[Manual:BIO_s_socket(3)]]<br><br />
BIO_int_ctrl '''[[Manual:BIO_ctrl(3)]]'''<br><br />
BIO_int_ctrl [[Manual:BIO_f_buffer(3)]]<br><br />
BIO_int_ctrl [[Manual:BIO_s_fd(3)]]<br><br />
BIO_method_type [[Manual:BIO_find_type(3)]]<br><br />
BIO_new_accept [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_new_accept [[Manual:BIO_s_accept(3)]]<br><br />
BIO_new_bio_pair [[Manual:bio(3)]]<br><br />
BIO_new_bio_pair '''[[Manual:BIO_s_bio(3)]]'''<br><br />
BIO_new_CMS '''[[Manual:BIO_new_CMS(3)]]'''<br><br />
BIO_new_CMS [[Manual:CMS_compress(3)]]<br><br />
BIO_new_CMS [[Manual:CMS_encrypt(3)]]<br><br />
BIO_new_CMS [[Manual:CMS_sign(3)]]<br><br />
BIO_new_connect [[Manual:BIO_s_connect(3)]]<br><br />
BIO_new_fd '''[[Manual:BIO_s_fd(3)]]'''<br><br />
BIO_new_file [[Manual:BIO_f_md(3)]]<br><br />
BIO_new_file '''[[Manual:BIO_s_file(3)]]'''<br><br />
BIO_new_fp [[Manual:BIO_f_base64(3)]]<br><br />
BIO_new_fp [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_new_fp [[Manual:BIO_s_connect(3)]]<br><br />
BIO_new_fp '''[[Manual:BIO_s_file(3)]]'''<br><br />
BIO_new [[Manual:bio(3)]]<br><br />
BIO_new [[Manual:BIO_f_base64(3)]]<br><br />
BIO_new [[Manual:BIO_f_md(3)]]<br><br />
BIO_new [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_new '''[[Manual:BIO_new(3)]]'''<br><br />
BIO_new [[Manual:BIO_s_accept(3)]]<br><br />
BIO_new [[Manual:BIO_s_bio(3)]]<br><br />
BIO_new [[Manual:BIO_s_connect(3)]]<br><br />
BIO_new [[Manual:BIO_s_file(3)]]<br><br />
BIO_new [[Manual:BIO_s_mem(3)]]<br><br />
BIO_new_mem_buf '''[[Manual:BIO_s_mem(3)]]'''<br><br />
BIO_new_PKCS7 [[Manual:PKCS7_encrypt(3)]]<br><br />
BIO_new_PKCS7 [[Manual:PKCS7_sign(3)]]<br><br />
BIO_new_socket '''[[Manual:BIO_s_socket(3)]]'''<br><br />
BIO_next '''[[Manual:BIO_find_type(3)]]'''<br><br />
BIO_next [[Manual:BIO_f_md(3)]]<br><br />
BIO_pop [[Manual:BIO_f_buffer(3)]]<br><br />
BIO_pop [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_pop [[Manual:BIO_new_CMS(3)]]<br><br />
BIO_pop '''[[Manual:BIO_push(3)]]'''<br><br />
BIO_pop [[Manual:BIO_s_accept(3)]]<br><br />
BIO_printf [[Manual:BIO_s_fd(3)]]<br><br />
BIO_printf [[Manual:BIO_s_file(3)]]<br><br />
BIO_printf [[Manual:X509_STORE_CTX_set_verify_cb(3)]]<br><br />
BIO_ptr_ctrl '''[[Manual:BIO_ctrl(3)]]'''<br><br />
BIO_push [[Manual:bio(3)]]<br><br />
BIO_push [[Manual:BIO_f_base64(3)]]<br><br />
BIO_push [[Manual:BIO_f_md(3)]]<br><br />
BIO_push [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_push '''[[Manual:BIO_push(3)]]'''<br><br />
BIO_puts [[Manual:BIO_f_base64(3)]]<br><br />
BIO_puts [[Manual:BIO_f_buffer(3)]]<br><br />
BIO_puts [[Manual:BIO_f_cipher(3)]]<br><br />
BIO_puts [[Manual:BIO_f_md(3)]]<br><br />
BIO_puts [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_puts '''[[Manual:BIO_read(3)]]'''<br><br />
BIO_puts [[Manual:BIO_s_accept(3)]]<br><br />
BIO_puts [[Manual:BIO_s_connect(3)]]<br><br />
BIO_puts [[Manual:BIO_set_callback(3)]]<br><br />
BIO_puts [[Manual:BIO_s_fd(3)]]<br><br />
BIO_puts [[Manual:BIO_s_file(3)]]<br><br />
BIO_puts [[Manual:BIO_s_mem(3)]]<br><br />
BIO_puts [[Manual:BIO_s_socket(3)]]<br><br />
BIO_puts [[Manual:X509_STORE_CTX_set_verify_cb(3)]]<br><br />
BIO_read [[Manual:bio(3)]]<br><br />
BIO_read [[Manual:BIO_f_base64(3)]]<br><br />
BIO_read [[Manual:BIO_f_buffer(3)]]<br><br />
BIO_read [[Manual:BIO_f_md(3)]]<br><br />
BIO_read [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_read '''[[Manual:BIO_read(3)]]'''<br><br />
BIO_read [[Manual:BIO_s_bio(3)]]<br><br />
BIO_read [[Manual:BIO_s_connect(3)]]<br><br />
BIO_read [[Manual:BIO_set_callback(3)]]<br><br />
BIO_read [[Manual:BIO_s_fd(3)]]<br><br />
BIO_read [[Manual:BIO_s_file(3)]]<br><br />
BIO_read [[Manual:BIO_should_retry(3)]]<br><br />
BIO_read [[Manual:BIO_s_mem(3)]]<br><br />
BIO_read [[Manual:BIO_s_socket(3)]]<br><br />
BIO_s_accept [[Manual:bio(3)]]<br><br />
BIO_s_accept '''[[Manual:BIO_s_accept(3)]]'''<br><br />
BIO_s_bio [[Manual:bio(3)]]<br><br />
BIO_s_bio '''[[Manual:BIO_s_bio(3)]]'''<br><br />
BIO_s_connect [[Manual:bio(3)]]<br><br />
BIO_s_connect [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_s_connect '''[[Manual:BIO_s_connect(3)]]'''<br><br />
BIO_set_callback_arg '''[[Manual:BIO_set_callback(3)]]'''<br><br />
BIO_set_callback [[Manual:bio(3)]]<br><br />
BIO_set_callback '''[[Manual:BIO_set_callback(3)]]'''<br><br />
BIO_set_cipher '''[[Manual:BIO_f_cipher(3)]]'''<br><br />
BIO_set_flags [[Manual:BIO_f_base64(3)]]<br><br />
BIO_set [[Manual:BIO_ctrl(3)]]<br><br />
BIO_set [[Manual:BIO_f_buffer(3)]]<br><br />
BIO_set [[Manual:BIO_f_md(3)]]<br><br />
BIO_set [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_set '''[[Manual:BIO_new(3)]]'''<br><br />
BIO_set [[Manual:BIO_s_accept(3)]]<br><br />
BIO_set [[Manual:BIO_s_bio(3)]]<br><br />
BIO_set [[Manual:BIO_s_connect(3)]]<br><br />
BIO_set [[Manual:BIO_s_fd(3)]]<br><br />
BIO_set [[Manual:BIO_s_file(3)]]<br><br />
BIO_set [[Manual:BIO_s_mem(3)]]<br><br />
BIO_set [[Manual:BIO_s_socket(3)]]<br><br />
BIO_s_fd [[Manual:bio(3)]]<br><br />
BIO_s_fd [[Manual:BIO_s_accept(3)]]<br><br />
BIO_s_fd '''[[Manual:BIO_s_fd(3)]]'''<br><br />
BIO_s_file [[Manual:bio(3)]]<br><br />
BIO_s_file '''[[Manual:BIO_s_file(3)]]'''<br><br />
BIO_s_mem [[Manual:bio(3)]]<br><br />
BIO_s_mem [[Manual:BIO_new(3)]]<br><br />
BIO_s_mem '''[[Manual:BIO_s_mem(3)]]'''<br><br />
BIO_s_mem [[Manual:d2i_PKCS8PrivateKey(3)]]<br><br />
BIO_s_null [[Manual:bio(3)]]<br><br />
BIO_s_null [[Manual:BIO_f_md(3)]]<br><br />
BIO_s_null '''[[Manual:BIO_s_null(3)]]'''<br><br />
BIO_s_socket [[Manual:bio(3)]]<br><br />
BIO_s_socket '''[[Manual:BIO_s_socket(3)]]'''<br><br />
BIO_vfree '''[[Manual:BIO_new(3)]]'''<br><br />
BIO_write [[Manual:BIO_ctrl(3)]]<br><br />
BIO_write [[Manual:BIO_f_base64(3)]]<br><br />
BIO_write [[Manual:BIO_f_md(3)]]<br><br />
BIO_write [[Manual:BIO_f_ssl(3)]]<br><br />
BIO_write '''[[Manual:BIO_read(3)]]'''<br><br />
BIO_write [[Manual:BIO_s_bio(3)]]<br><br />
BIO_write [[Manual:BIO_s_connect(3)]]<br><br />
BIO_write [[Manual:BIO_set_callback(3)]]<br><br />
BIO_write [[Manual:BIO_s_fd(3)]]<br><br />
BIO_write [[Manual:BIO_s_file(3)]]<br><br />
BIO_write [[Manual:BIO_should_retry(3)]]<br><br />
BIO_write [[Manual:BIO_s_socket(3)]]<br><br />
BIO_write [[Manual:EVP_PKEY_keygen(3)]]<br><br />
BN_add [[Manual:bn(3)]]<br><br />
BN_add '''[[Manual:BN_add(3)]]'''<br><br />
BN_add [[Manual:BN_add_word(3)]]<br><br />
BN_add [[Manual:BN_CTX_new(3)]]<br><br />
BN_add [[Manual:BN_mod_inverse(3)]]<br><br />
BN_add [[Manual:BN_mod_mul_montgomery(3)]]<br><br />
BN_add [[Manual:BN_mod_mul_reciprocal(3)]]<br><br />
BN_add [[Manual:BN_set_bit(3)]]<br><br />
BN_add_word [[Manual:bn(3)]]<br><br />
BN_add_word [[Manual:BN_add(3)]]<br><br />
BN_add_word '''[[Manual:BN_add_word(3)]]'''<br><br />
bn_add_words '''[[Manual:bn_internal(3)]]'''<br><br />
BN_bin2bn [[Manual:bn(3)]]<br><br />
BN_bin2bn '''[[Manual:BN_bn2bin(3)]]'''<br><br />
BN_BLINDING_convert_ex [[Manual:bn(3)]]<br><br />
BN_BLINDING_convert_ex '''[[Manual:BN_BLINDING_new(3)]]'''<br><br />
BN_BLINDING_convert [[Manual:bn(3)]]<br><br />
BN_BLINDING_convert '''[[Manual:BN_BLINDING_new(3)]]'''<br><br />
BN_BLINDING_create_param [[Manual:bn(3)]]<br><br />
BN_BLINDING_create_param '''[[Manual:BN_BLINDING_new(3)]]'''<br><br />
BN_BLINDING_free [[Manual:bn(3)]]<br><br />
BN_BLINDING_free '''[[Manual:BN_BLINDING_new(3)]]'''<br><br />
BN_BLINDING_get_flags [[Manual:bn(3)]]<br><br />
BN_BLINDING_get_flags '''[[Manual:BN_BLINDING_new(3)]]'''<br><br />
BN_BLINDING_get_thread_id [[Manual:bn(3)]]<br><br />
BN_BLINDING_get_thread_id '''[[Manual:BN_BLINDING_new(3)]]'''<br><br />
BN_BLINDING_invert_ex [[Manual:bn(3)]]<br><br />
BN_BLINDING_invert_ex '''[[Manual:BN_BLINDING_new(3)]]'''<br><br />
BN_BLINDING_invert [[Manual:bn(3)]]<br><br />
BN_BLINDING_invert '''[[Manual:BN_BLINDING_new(3)]]'''<br><br />
BN_BLINDING_new [[Manual:bn(3)]]<br><br />
BN_BLINDING_new '''[[Manual:BN_BLINDING_new(3)]]'''<br><br />
BN_BLINDING_set_flags [[Manual:bn(3)]]<br><br />
BN_BLINDING_set_flags '''[[Manual:BN_BLINDING_new(3)]]'''<br><br />
BN_BLINDING_set_thread_id [[Manual:bn(3)]]<br><br />
BN_BLINDING_set_thread_id '''[[Manual:BN_BLINDING_new(3)]]'''<br><br />
BN_BLINDING_thread_id [[Manual:BN_BLINDING_new(3)]]<br><br />
BN_BLINDING_update [[Manual:bn(3)]]<br><br />
BN_BLINDING_update '''[[Manual:BN_BLINDING_new(3)]]'''<br><br />
BN_bn2bin [[Manual:bn(3)]]<br><br />
BN_bn2bin '''[[Manual:BN_bn2bin(3)]]'''<br><br />
BN_bn2bin [[Manual:BN_zero(3)]]<br><br />
BN_bn2bin [[Manual:RSA_print(3)]]<br><br />
BN_bn2dec [[Manual:bn(3)]]<br><br />
BN_bn2dec '''[[Manual:BN_bn2bin(3)]]'''<br><br />
BN_bn2hex [[Manual:bn(3)]]<br><br />
BN_bn2hex '''[[Manual:BN_bn2bin(3)]]'''<br><br />
BN_bn2mpi [[Manual:bn(3)]]<br><br />
BN_bn2mpi '''[[Manual:BN_bn2bin(3)]]'''<br><br />
BN_clear_bit [[Manual:bn(3)]]<br><br />
BN_clear_bit '''[[Manual:BN_set_bit(3)]]'''<br><br />
BN_clear_free [[Manual:bn(3)]]<br><br />
BN_clear_free '''[[Manual:BN_new(3)]]'''<br><br />
BN_clear [[Manual:bn(3)]]<br><br />
BN_clear '''[[Manual:BN_new(3)]]'''<br><br />
BN_cmp [[Manual:bn(3)]]<br><br />
BN_cmp '''[[Manual:BN_cmp(3)]]'''<br><br />
bn_cmp_words '''[[Manual:bn_internal(3)]]'''<br><br />
BN_copy [[Manual:bn(3)]]<br><br />
BN_copy '''[[Manual:BN_copy(3)]]'''<br><br />
BN_CTX_end [[Manual:BN_CTX_new(3)]]<br><br />
BN_CTX_end '''[[Manual:BN_CTX_start(3)]]'''<br><br />
BN_CTX_free [[Manual:bn(3)]]<br><br />
BN_CTX_free '''[[Manual:BN_CTX_new(3)]]'''<br><br />
BN_CTX_get '''[[Manual:BN_CTX_start(3)]]'''<br><br />
BN_CTX_init [[Manual:bn(3)]]<br><br />
BN_CTX_init '''[[Manual:BN_CTX_new(3)]]'''<br><br />
BN_CTX_new [[Manual:bn(3)]]<br><br />
BN_CTX_new [[Manual:BN_add(3)]]<br><br />
BN_CTX_new '''[[Manual:BN_CTX_new(3)]]'''<br><br />
BN_CTX_new [[Manual:BN_CTX_start(3)]]<br><br />
BN_CTX_new [[Manual:BN_mod_mul_montgomery(3)]]<br><br />
BN_CTX_new [[Manual:BN_mod_mul_reciprocal(3)]]<br><br />
BN_CTX_start [[Manual:BN_CTX_new(3)]]<br><br />
BN_CTX_start '''[[Manual:BN_CTX_start(3)]]'''<br><br />
BN_CTX_start [[Manual:bn_internal(3)]]<br><br />
BN_dec2bn [[Manual:bn(3)]]<br><br />
BN_dec2bn '''[[Manual:BN_bn2bin(3)]]'''<br><br />
BN_div [[Manual:bn(3)]]<br><br />
BN_div '''[[Manual:BN_add(3)]]'''<br><br />
BN_div_recp '''[[Manual:BN_mod_mul_reciprocal(3)]]'''<br><br />
BN_div_word [[Manual:bn(3)]]<br><br />
BN_div_word '''[[Manual:BN_add_word(3)]]'''<br><br />
bn_div_words '''[[Manual:bn_internal(3)]]'''<br><br />
BN_dup [[Manual:bn(3)]]<br><br />
BN_dup '''[[Manual:BN_copy(3)]]'''<br><br />
bn_expand2 '''[[Manual:bn_internal(3)]]'''<br><br />
BN_exp [[Manual:bn(3)]]<br><br />
BN_exp '''[[Manual:BN_add(3)]]'''<br><br />
BN_free [[Manual:bn(3)]]<br><br />
BN_free '''[[Manual:BN_new(3)]]'''<br><br />
BN_from_montgomery [[Manual:bn(3)]]<br><br />
BN_from_montgomery '''[[Manual:BN_mod_mul_montgomery(3)]]'''<br><br />
BN_gcd [[Manual:bn(3)]]<br><br />
BN_gcd '''[[Manual:BN_add(3)]]'''<br><br />
BN_generate_prime [[Manual:bn(3)]]<br><br />
BN_generate_prime '''[[Manual:BN_generate_prime(3)]]'''<br><br />
BN_generate_prime [[Manual:DH_generate_parameters(3)]]<br><br />
BN_generate_prime [[Manual:RSA_generate_key(3)]]<br><br />
BN_get_word [[Manual:bn(3)]]<br><br />
BN_get_word '''[[Manual:BN_zero(3)]]'''<br><br />
BN_hex2bn [[Manual:bn(3)]]<br><br />
BN_hex2bn '''[[Manual:BN_bn2bin(3)]]'''<br><br />
BN_init [[Manual:bn(3)]]<br><br />
BN_init '''[[Manual:BN_new(3)]]'''<br><br />
BN_is_bit_set [[Manual:bn(3)]]<br><br />
BN_is_bit_set '''[[Manual:BN_set_bit(3)]]'''<br><br />
BN_is_prime_fasttest '''[[Manual:BN_generate_prime(3)]]'''<br><br />
BN_is_prime [[Manual:bn(3)]]<br><br />
BN_is_prime '''[[Manual:BN_generate_prime(3)]]'''<br><br />
BN_is_prime [[Manual:DSA_generate_parameters(3)]]<br><br />
BN_lshift1 [[Manual:bn(3)]]<br><br />
BN_lshift1 '''[[Manual:BN_set_bit(3)]]'''<br><br />
BN_lshift [[Manual:bn(3)]]<br><br />
BN_lshift [[Manual:BN_add(3)]]<br><br />
BN_lshift '''[[Manual:BN_set_bit(3)]]'''<br><br />
BN_mask_bits [[Manual:bn(3)]]<br><br />
BN_mask_bits '''[[Manual:BN_set_bit(3)]]'''<br><br />
BN_mod_add [[Manual:bn(3)]]<br><br />
BN_mod_add '''[[Manual:BN_add(3)]]'''<br><br />
BN_mod_exp [[Manual:bn(3)]]<br><br />
BN_mod_exp '''[[Manual:BN_add(3)]]'''<br><br />
BN_mod_exp [[Manual:BN_mod_mul_montgomery(3)]]<br><br />
BN_mod_exp_mont [[Manual:BN_BLINDING_new(3)]]<br><br />
BN_mod_inverse [[Manual:bn(3)]]<br><br />
BN_mod_inverse '''[[Manual:BN_mod_inverse(3)]]'''<br><br />
BN_mod_mul [[Manual:bn(3)]]<br><br />
BN_mod_mul '''[[Manual:BN_add(3)]]'''<br><br />
BN_mod_mul [[Manual:BN_mod_mul_reciprocal(3)]]<br><br />
BN_mod_mul_montgomery [[Manual:bn(3)]]<br><br />
BN_mod_mul_montgomery [[Manual:BN_add(3)]]<br><br />
BN_mod_mul_montgomery '''[[Manual:BN_mod_mul_montgomery(3)]]'''<br><br />
BN_mod_mul_reciprocal [[Manual:bn(3)]]<br><br />
BN_mod_mul_reciprocal [[Manual:BN_add(3)]]<br><br />
BN_mod_mul_reciprocal '''[[Manual:BN_mod_mul_reciprocal(3)]]'''<br><br />
BN_mod_sqr [[Manual:bn(3)]]<br><br />
BN_mod_sqr '''[[Manual:BN_add(3)]]'''<br><br />
BN_mod_sub [[Manual:bn(3)]]<br><br />
BN_mod_sub '''[[Manual:BN_add(3)]]'''<br><br />
BN_mod_word [[Manual:bn(3)]]<br><br />
BN_mod_word '''[[Manual:BN_add_word(3)]]'''<br><br />
BN_MONT_CTX_copy [[Manual:bn(3)]]<br><br />
BN_MONT_CTX_copy '''[[Manual:BN_mod_mul_montgomery(3)]]'''<br><br />
BN_MONT_CTX_free [[Manual:bn(3)]]<br><br />
BN_MONT_CTX_free '''[[Manual:BN_mod_mul_montgomery(3)]]'''<br><br />
BN_MONT_CTX_init [[Manual:bn(3)]]<br><br />
BN_MONT_CTX_init '''[[Manual:BN_mod_mul_montgomery(3)]]'''<br><br />
BN_MONT_CTX_new [[Manual:bn(3)]]<br><br />
BN_MONT_CTX_new '''[[Manual:BN_mod_mul_montgomery(3)]]'''<br><br />
BN_MONT_CTX_set [[Manual:bn(3)]]<br><br />
BN_MONT_CTX_set '''[[Manual:BN_mod_mul_montgomery(3)]]'''<br><br />
BN_mpi2bn [[Manual:bn(3)]]<br><br />
BN_mpi2bn '''[[Manual:BN_bn2bin(3)]]'''<br><br />
bn_mul_add_words '''[[Manual:bn_internal(3)]]'''<br><br />
bn_mul_comba4 '''[[Manual:bn_internal(3)]]'''<br><br />
bn_mul_comba8 '''[[Manual:bn_internal(3)]]'''<br><br />
bn_mul_high '''[[Manual:bn_internal(3)]]'''<br><br />
bn_mul_low_normal '''[[Manual:bn_internal(3)]]'''<br><br />
bn_mul_low_recursive '''[[Manual:bn_internal(3)]]'''<br><br />
BN_mul [[Manual:bn(3)]]<br><br />
BN_mul '''[[Manual:BN_add(3)]]'''<br><br />
BN_mul [[Manual:bn_internal(3)]]<br><br />
bn_mul_normal '''[[Manual:bn_internal(3)]]'''<br><br />
bn_mul_part_recursive '''[[Manual:bn_internal(3)]]'''<br><br />
bn_mul_recursive '''[[Manual:bn_internal(3)]]'''<br><br />
BN_mul_word [[Manual:bn(3)]]<br><br />
BN_mul_word '''[[Manual:BN_add_word(3)]]'''<br><br />
bn_mul_words '''[[Manual:bn_internal(3)]]'''<br><br />
BN_new [[Manual:bn(3)]]<br><br />
BN_new '''[[Manual:BN_new(3)]]'''<br><br />
BN_nnmod [[Manual:bn(3)]]<br><br />
BN_nnmod '''[[Manual:BN_add(3)]]'''<br><br />
BN_num_bits [[Manual:bn(3)]]<br><br />
BN_num_bits [[Manual:BN_mod_mul_reciprocal(3)]]<br><br />
BN_num_bits '''[[Manual:BN_num_bytes(3)]]'''<br><br />
BN_num_bits_word [[Manual:bn(3)]]<br><br />
BN_num_bits_word '''[[Manual:BN_num_bytes(3)]]'''<br><br />
BN_print_fp [[Manual:bn(3)]]<br><br />
BN_print_fp '''[[Manual:BN_bn2bin(3)]]'''<br><br />
BN_print [[Manual:bn(3)]]<br><br />
BN_print '''[[Manual:BN_bn2bin(3)]]'''<br><br />
BN_pseudo_rand [[Manual:bn(3)]]<br><br />
BN_pseudo_rand '''[[Manual:BN_rand(3)]]'''<br><br />
BN_pseudo_rand_range [[Manual:bn(3)]]<br><br />
BN_pseudo_rand_range [[Manual:BN_rand(3)]]<br><br />
BN_rand [[Manual:bn(3)]]<br><br />
BN_rand '''[[Manual:BN_rand(3)]]'''<br><br />
BN_rand [[Manual:rand(3)]]<br><br />
BN_rand_range [[Manual:bn(3)]]<br><br />
BN_rand_range [[Manual:BN_rand(3)]]<br><br />
BN_reciprocal [[Manual:BN_mod_mul_reciprocal(3)]]<br><br />
BN_RECP_CTX_free [[Manual:bn(3)]]<br><br />
BN_RECP_CTX_free '''[[Manual:BN_mod_mul_reciprocal(3)]]'''<br><br />
BN_RECP_CTX_init [[Manual:bn(3)]]<br><br />
BN_RECP_CTX_init '''[[Manual:BN_mod_mul_reciprocal(3)]]'''<br><br />
BN_RECP_CTX_new [[Manual:bn(3)]]<br><br />
BN_RECP_CTX_new '''[[Manual:BN_mod_mul_reciprocal(3)]]'''<br><br />
BN_RECP_CTX_set [[Manual:bn(3)]]<br><br />
BN_RECP_CTX_set '''[[Manual:BN_mod_mul_reciprocal(3)]]'''<br><br />
BN_rshift1 [[Manual:bn(3)]]<br><br />
BN_rshift1 '''[[Manual:BN_set_bit(3)]]'''<br><br />
BN_rshift [[Manual:bn(3)]]<br><br />
BN_rshift [[Manual:BN_add(3)]]<br><br />
BN_rshift '''[[Manual:BN_set_bit(3)]]'''<br><br />
BN_set_bit [[Manual:bn(3)]]<br><br />
BN_set_bit [[Manual:BN_add(3)]]<br><br />
BN_set_bit '''[[Manual:BN_set_bit(3)]]'''<br><br />
BN_set_negative [[Manual:bn(3)]]<br><br />
BN_set_word [[Manual:bn(3)]]<br><br />
BN_set_word '''[[Manual:BN_zero(3)]]'''<br><br />
bn_sqr_comba4 '''[[Manual:bn_internal(3)]]'''<br><br />
bn_sqr_comba8 '''[[Manual:bn_internal(3)]]'''<br><br />
BN_sqr [[Manual:bn(3)]]<br><br />
BN_sqr '''[[Manual:BN_add(3)]]'''<br><br />
bn_sqr_normal '''[[Manual:bn_internal(3)]]'''<br><br />
bn_sqr_recursive '''[[Manual:bn_internal(3)]]'''<br><br />
bn_sqr_words '''[[Manual:bn_internal(3)]]'''<br><br />
BN_sub [[Manual:bn(3)]]<br><br />
BN_sub '''[[Manual:BN_add(3)]]'''<br><br />
BN_sub_word [[Manual:bn(3)]]<br><br />
BN_sub_word '''[[Manual:BN_add_word(3)]]'''<br><br />
bn_sub_words '''[[Manual:bn_internal(3)]]'''<br><br />
BN_swap [[Manual:bn(3)]]<br><br />
BN_swap '''[[Manual:BN_swap(3)]]'''<br><br />
BN_ucmp [[Manual:bn(3)]]<br><br />
BN_ucmp '''[[Manual:BN_cmp(3)]]'''<br><br />
BN_value_one [[Manual:bn(3)]]<br><br />
BN_value_one '''[[Manual:BN_zero(3)]]'''<br><br />
buffer_read [[Manual:BIO_f_buffer(3)]]<br><br />
BUF_MEM_free '''[[Manual:buffer(3)]]'''<br><br />
BUF_MEM_grow '''[[Manual:buffer(3)]]'''<br><br />
BUF_MEM_new '''[[Manual:buffer(3)]]'''<br><br />
BUF_strdup '''[[Manual:buffer(3)]]'''<br><br />
CMS_add0_cert '''[[Manual:CMS_add0_cert(3)]]'''<br><br />
CMS_add0_crl '''[[Manual:CMS_add0_cert(3)]]'''<br><br />
CMS_add0_recipient_key '''[[Manual:CMS_add1_recipient_cert(3)]]'''<br><br />
CMS_add0_recipient_key [[Manual:CMS_encrypt(3)]]<br><br />
CMS_add1_cert '''[[Manual:CMS_add0_cert(3)]]'''<br><br />
CMS_add1_crl [[Manual:CMS_add0_cert(3)]]<br><br />
CMS_add1_ReceiptRequest '''[[Manual:CMS_get1_ReceiptRequest(3)]]'''<br><br />
CMS_add1_recipient_cert '''[[Manual:CMS_add1_recipient_cert(3)]]'''<br><br />
CMS_add1_recipient_cert [[Manual:CMS_encrypt(3)]]<br><br />
CMS_add1_recipient_cert [[Manual:CMS_get0_RecipientInfos(3)]]<br><br />
CMS_compress '''[[Manual:CMS_compress(3)]]'''<br><br />
CMS_compress [[Manual:CMS_uncompress(3)]]<br><br />
CMS_decrypt [[Manual:CMS_add1_recipient_cert(3)]]<br><br />
CMS_decrypt '''[[Manual:CMS_decrypt(3)]]'''<br><br />
CMS_decrypt [[Manual:CMS_encrypt(3)]]<br><br />
CMS_decrypt [[Manual:CMS_get0_RecipientInfos(3)]]<br><br />
CMS_decrypt [[Manual:i2d_CMS_bio_stream(3)]]<br><br />
CMS_decrypt [[Manual:PEM_write_bio_CMS_stream(3)]]<br><br />
CMS_decrypt [[Manual:SMIME_read_CMS(3)]]<br><br />
CMS_decrypt [[Manual:SMIME_write_CMS(3)]]<br><br />
CMS_encrypt [[Manual:BIO_new_CMS(3)]]<br><br />
CMS_encrypt [[Manual:CMS_add0_cert(3)]]<br><br />
CMS_encrypt [[Manual:CMS_add1_recipient_cert(3)]]<br><br />
CMS_encrypt [[Manual:CMS_decrypt(3)]]<br><br />
CMS_encrypt '''[[Manual:CMS_encrypt(3)]]'''<br><br />
CMS_encrypt [[Manual:CMS_final(3)]]<br><br />
CMS_encrypt [[Manual:i2d_CMS_bio_stream(3)]]<br><br />
CMS_encrypt [[Manual:PEM_write_bio_CMS_stream(3)]]<br><br />
CMS_encrypt [[Manual:SMIME_read_CMS(3)]]<br><br />
CMS_encrypt [[Manual:SMIME_write_CMS(3)]]<br><br />
CMS_final [[Manual:CMS_add1_recipient_cert(3)]]<br><br />
CMS_final '''[[Manual:CMS_final(3)]]'''<br><br />
CMS_final [[Manual:CMS_sign(3)]]<br><br />
CMS_final [[Manual:CMS_sign_add1_signer(3)]]<br><br />
CMS_get0_eContentType '''[[Manual:CMS_get0_type(3)]]'''<br><br />
CMS_get0_RecipientInfos '''[[Manual:CMS_get0_RecipientInfos(3)]]'''<br><br />
CMS_get0_SignerInfos '''[[Manual:CMS_get0_SignerInfos(3)]]'''<br><br />
CMS_get0_signers [[Manual:CMS_verify(3)]]<br><br />
CMS_get0_type '''[[Manual:CMS_get0_type(3)]]'''<br><br />
CMS_get0_type [[Manual:SMIME_read_CMS(3)]]<br><br />
CMS_get1_certs '''[[Manual:CMS_add0_cert(3)]]'''<br><br />
CMS_get1_crls '''[[Manual:CMS_add0_cert(3)]]'''<br><br />
CMS_get1_ReceiptRequest '''[[Manual:CMS_get1_ReceiptRequest(3)]]'''<br><br />
CMS_ReceiptRequest_create0 '''[[Manual:CMS_get1_ReceiptRequest(3)]]'''<br><br />
CMS_ReceiptRequest_get0_values '''[[Manual:CMS_get1_ReceiptRequest(3)]]'''<br><br />
CMS_RecipientInfo_decrypt '''[[Manual:CMS_get0_RecipientInfos(3)]]'''<br><br />
CMS_RecipientInfo_encrypt [[Manual:CMS_get0_RecipientInfos(3)]]<br><br />
CMS_RecipientInfo_kekri_get0_id '''[[Manual:CMS_get0_RecipientInfos(3)]]'''<br><br />
CMS_RecipientInfo_kekri_id_cmp '''[[Manual:CMS_get0_RecipientInfos(3)]]'''<br><br />
CMS_RecipientInfo_ktri_cert_cmp '''[[Manual:CMS_get0_RecipientInfos(3)]]'''<br><br />
CMS_RecipientInfo_ktri_get0_signer_id '''[[Manual:CMS_get0_RecipientInfos(3)]]'''<br><br />
CMS_RecipientInfo_set0_key [[Manual:CMS_decrypt(3)]]<br><br />
CMS_RecipientInfo_set0_key '''[[Manual:CMS_get0_RecipientInfos(3)]]'''<br><br />
CMS_RecipientInfo_set0_pkey '''[[Manual:CMS_get0_RecipientInfos(3)]]'''<br><br />
CMS_RecipientInfo_type '''[[Manual:CMS_get0_RecipientInfos(3)]]'''<br><br />
CMS_set1_eContentType '''[[Manual:CMS_get0_type(3)]]'''<br><br />
CMS_SignerInfo_cert_cmp '''[[Manual:CMS_get0_SignerInfos(3)]]'''<br><br />
CMS_SignerInfo_get0_signer_id '''[[Manual:CMS_get0_SignerInfos(3)]]'''<br><br />
CMS_SignerInfo_set1_signer_cert [[Manual:CMS_get0_SignerInfos(3)]]<br><br />
CMS_SignerInfo_sign '''[[Manual:CMS_sign_add1_signer(3)]]'''<br><br />
CMS_sign [[Manual:BIO_new_CMS(3)]]<br><br />
CMS_sign [[Manual:CMS_add0_cert(3)]]<br><br />
CMS_sign [[Manual:CMS_final(3)]]<br><br />
CMS_sign [[Manual:CMS_get1_ReceiptRequest(3)]]<br><br />
CMS_sign '''[[Manual:CMS_sign(3)]]'''<br><br />
CMS_sign [[Manual:CMS_sign_add1_signer(3)]]<br><br />
CMS_sign [[Manual:CMS_sign_receipt(3)]]<br><br />
CMS_sign [[Manual:CMS_verify(3)]]<br><br />
CMS_sign [[Manual:i2d_CMS_bio_stream(3)]]<br><br />
CMS_sign [[Manual:PEM_write_bio_CMS_stream(3)]]<br><br />
CMS_sign [[Manual:SMIME_read_CMS(3)]]<br><br />
CMS_sign [[Manual:SMIME_write_CMS(3)]]<br><br />
CMS_sign_receipt [[Manual:CMS_get1_ReceiptRequest(3)]]<br><br />
CMS_sign_receipt '''[[Manual:CMS_sign_receipt(3)]]'''<br><br />
CMS_sign_receipt [[Manual:CMS_verify_receipt(3)]]<br><br />
CMS_uncompress [[Manual:CMS_compress(3)]]<br><br />
CMS_uncompress '''[[Manual:CMS_uncompress(3)]]'''<br><br />
CMS_verify [[Manual:CMS_decrypt(3)]]<br><br />
CMS_verify [[Manual:CMS_get0_SignerInfos(3)]]<br><br />
CMS_verify [[Manual:CMS_get1_ReceiptRequest(3)]]<br><br />
CMS_verify [[Manual:CMS_sign(3)]]<br><br />
CMS_verify [[Manual:CMS_uncompress(3)]]<br><br />
CMS_verify '''[[Manual:CMS_verify(3)]]'''<br><br />
CMS_verify [[Manual:CMS_verify_receipt(3)]]<br><br />
CMS_verify [[Manual:i2d_CMS_bio_stream(3)]]<br><br />
CMS_verify [[Manual:PEM_write_bio_CMS_stream(3)]]<br><br />
CMS_verify [[Manual:SMIME_read_CMS(3)]]<br><br />
CMS_verify [[Manual:SMIME_write_CMS(3)]]<br><br />
CMS_verify [[Manual:X509_STORE_set_verify_cb_func(3)]]<br><br />
CMS_verify_receipt [[Manual:CMS_get1_ReceiptRequest(3)]]<br><br />
CMS_verify_receipt [[Manual:CMS_sign_receipt(3)]]<br><br />
CMS_verify_receipt '''[[Manual:CMS_verify_receipt(3)]]'''<br><br />
compute_key [[Manual:DH_set_method(3)]]<br><br />
CONF_free [[Manual:CONF_modules_load_file(3)]]<br><br />
CONF_load [[Manual:CONF_modules_load_file(3)]]<br><br />
CONF_load [[Manual:OPENSSL_config(3)]]<br><br />
CONF_modules_finish '''[[Manual:CONF_modules_free(3)]]'''<br><br />
CONF_modules_free '''[[Manual:CONF_modules_free(3)]]'''<br><br />
CONF_modules_free [[Manual:OPENSSL_config(3)]]<br><br />
CONF_modules_load_file [[Manual:CONF_modules_free(3)]]<br><br />
CONF_modules_load_file '''[[Manual:CONF_modules_load_file(3)]]'''<br><br />
CONF_modules_load '''[[Manual:CONF_modules_load_file(3)]]'''<br><br />
CONF_modules_load [[Manual:OPENSSL_config(3)]]<br><br />
CONF_modules_unload '''[[Manual:CONF_modules_free(3)]]'''<br><br />
contract [[Manual:lhash(3)]]<br><br />
CRYPTO_add_lock [[Manual:threads(3)]]<br><br />
CRYPTO_destroy_dynlockid '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_get_ex_data '''[[Manual:CRYPTO_set_ex_data(3)]]'''<br><br />
CRYPTO_get_ex_data [[Manual:RSA_get_ex_new_index(3)]]<br><br />
CRYPTO_get_id_callback [[Manual:threads(3)]]<br><br />
CRYPTO_get_new_dynlockid '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_lock '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_num_locks '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_set_dynlock_create_callback '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_set_dynlock_destroy_callback '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_set_dynlock_lock_callback '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_set_ex_data '''[[Manual:CRYPTO_set_ex_data(3)]]'''<br><br />
CRYPTO_set_ex_data [[Manual:RSA_get_ex_new_index(3)]]<br><br />
CRYPTO_set_id_callback [[Manual:err(3)]]<br><br />
CRYPTO_set_id_callback [[Manual:threads(3)]]<br><br />
CRYPTO_set_locking_callback [[Manual:err(3)]]<br><br />
CRYPTO_set_locking_callback '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_THREADID_cmp '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_THREADID_cpy '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_THREADID_current '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_THREADID_get_callback '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_THREADID_hash '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_thread_id [[Manual:threads(3)]]<br><br />
CRYPTO_THREADID_set_callback '''[[Manual:threads(3)]]'''<br><br />
CRYPTO_THREADID_set_numeric [[Manual:threads(3)]]<br><br />
CRYPTO_THREADID_set_pointer [[Manual:threads(3)]]<br><br />
d2i_ASN1_OBJECT [[Manual:ASN1_OBJECT_new(3)]]<br><br />
d2i_ASN1_OBJECT '''[[Manual:d2i_ASN1_OBJECT(3)]]'''<br><br />
d2i_DHparams '''[[Manual:d2i_DHparams(3)]]'''<br><br />
d2i_DHparams [[Manual:dh(3)]]<br><br />
d2i_DSAparams [[Manual:d2i_DSAPublicKey(3)]]<br><br />
d2i_DSAparams [[Manual:dsa(3)]]<br><br />
d2i_DSAPrivateKey '''[[Manual:d2i_DSAPublicKey(3)]]'''<br><br />
d2i_DSAPrivateKey [[Manual:dsa(3)]]<br><br />
d2i_DSA_PUBKEY '''[[Manual:d2i_DSAPublicKey(3)]]'''<br><br />
d2i_DSAPublicKey '''[[Manual:d2i_DSAPublicKey(3)]]'''<br><br />
d2i_DSAPublicKey [[Manual:dsa(3)]]<br><br />
d2i_DSA_SIG '''[[Manual:d2i_DSAPublicKey(3)]]'''<br><br />
d2i_DSA_SIG [[Manual:dsa(3)]]<br><br />
d2i_ECDSA_SIG [[Manual:ecdsa(3)]]<br><br />
d2i_Netscape_RSA '''[[Manual:d2i_RSAPublicKey(3)]]'''<br><br />
d2i_PKCS12 [[Manual:PKCS12_create(3)]]<br><br />
d2i_PKCS12 [[Manual:PKCS12_parse(3)]]<br><br />
d2i_PKCS7_bio [[Manual:i2d_PKCS7_bio_stream(3)]]<br><br />
d2i_PKCS8PrivateKey_bio '''[[Manual:d2i_PKCS8PrivateKey(3)]]'''<br><br />
d2i_PKCS8PrivateKey_fp '''[[Manual:d2i_PKCS8PrivateKey(3)]]'''<br><br />
d2i_RSAPrivateKey '''[[Manual:d2i_RSAPublicKey(3)]]'''<br><br />
d2i_RSA_PUBKEY '''[[Manual:d2i_RSAPublicKey(3)]]'''<br><br />
d2i_RSAPublicKey '''[[Manual:d2i_RSAPublicKey(3)]]'''<br><br />
d2i_SSL_SESSION '''[[Manual:d2i_SSL_SESSION(3)]]'''<br><br />
d2i_SSL_SESSION [[Manual:ssl(3)]]<br><br />
d2i_SSL_SESSION [[Manual:SSL_CTX_sess_set_get_cb(3)]]<br><br />
d2i_SSL_SESSION [[Manual:SSL_CTX_set_session_id_context(3)]]<br><br />
d2i_SSL_SESSION [[Manual:SSL_SESSION_free(3)]]<br><br />
d2i_X509_ALGOR '''[[Manual:d2i_X509_ALGOR(3)]]'''<br><br />
d2i_X509_ALGOR [[Manual:x509(3)]]<br><br />
d2i_X509_bio '''[[Manual:d2i_X509(3)]]'''<br><br />
d2i_X509_CRL_bio '''[[Manual:d2i_X509_CRL(3)]]'''<br><br />
d2i_X509_CRL_fp [[Manual:d2i_X509_CRL(3)]]<br><br />
d2i_X509_CRL '''[[Manual:d2i_X509_CRL(3)]]'''<br><br />
d2i_X509_CRL [[Manual:x509(3)]]<br><br />
d2i_X509_fp '''[[Manual:d2i_X509(3)]]'''<br><br />
d2i_X509 [[Manual:d2i_ASN1_OBJECT(3)]]<br><br />
d2i_X509 [[Manual:d2i_DHparams(3)]]<br><br />
d2i_X509 [[Manual:d2i_DSAPublicKey(3)]]<br><br />
d2i_X509 [[Manual:d2i_RSAPublicKey(3)]]<br><br />
d2i_X509 '''[[Manual:d2i_X509(3)]]'''<br><br />
d2i_X509 [[Manual:d2i_X509_ALGOR(3)]]<br><br />
d2i_X509 [[Manual:d2i_X509_CRL(3)]]<br><br />
d2i_X509 [[Manual:d2i_X509_NAME(3)]]<br><br />
d2i_X509 [[Manual:d2i_X509_REQ(3)]]<br><br />
d2i_X509 [[Manual:d2i_X509_SIG(3)]]<br><br />
d2i_X509 [[Manual:x509(3)]]<br><br />
d2i_X509 [[Manual:X509_new(3)]]<br><br />
d2i_X509_NAME '''[[Manual:d2i_X509_NAME(3)]]'''<br><br />
d2i_X509_NAME [[Manual:x509(3)]]<br><br />
d2i_X509_NAME [[Manual:X509_NAME_add_entry_by_txt(3)]]<br><br />
d2i_X509_NAME [[Manual:X509_NAME_ENTRY_get_object(3)]]<br><br />
d2i_X509_NAME [[Manual:X509_NAME_get_index_by_NID(3)]]<br><br />
d2i_X509_REQ_bio '''[[Manual:d2i_X509_REQ(3)]]'''<br><br />
d2i_X509_REQ_fp '''[[Manual:d2i_X509_REQ(3)]]'''<br><br />
d2i_X509_REQ '''[[Manual:d2i_X509_REQ(3)]]'''<br><br />
d2i_X509_REQ [[Manual:x509(3)]]<br><br />
d2i_X509_SIG '''[[Manual:d2i_X509_SIG(3)]]'''<br><br />
d2i_X509_SIG [[Manual:x509(3)]]<br><br />
DES_cbc_cksum '''[[Manual:des(3)]]'''<br><br />
DES_cbc_encrypt [[Manual:des(3)]]<br><br />
DES_cfb64_encrypt '''[[Manual:des(3)]]'''<br><br />
DES_cfb_encrypt '''[[Manual:des(3)]]'''<br><br />
DES_crypt '''[[Manual:des(3)]]'''<br><br />
DES_ecb3_encrypt '''[[Manual:des(3)]]'''<br><br />
DES_ecb_encrypt '''[[Manual:des(3)]]'''<br><br />
DES_ede3_cbc_encrypt '''[[Manual:des(3)]]'''<br><br />
DES_ede3_cbcm_encrypt '''[[Manual:des(3)]]'''<br><br />
DES_ede3_cfb64_encrypt '''[[Manual:des(3)]]'''<br><br />
DES_ede3_ofb64_encrypt '''[[Manual:des(3)]]'''<br><br />
DES_enc_read '''[[Manual:des(3)]]'''<br><br />
DES_enc_write '''[[Manual:des(3)]]'''<br><br />
DES_fcrypt '''[[Manual:des(3)]]'''<br><br />
DES_is_weak_key '''[[Manual:des(3)]]'''<br><br />
DES_key_sched '''[[Manual:des(3)]]'''<br><br />
DES_ncbc_encrypt '''[[Manual:des(3)]]'''<br><br />
DES_ofb64_encrypt '''[[Manual:des(3)]]'''<br><br />
DES_ofb_encrypt '''[[Manual:des(3)]]'''<br><br />
DES_pcbc_encrypt '''[[Manual:des(3)]]'''<br><br />
DES_quad_cksum '''[[Manual:des(3)]]'''<br><br />
DES_random_key '''[[Manual:des(3)]]'''<br><br />
DES_set_key_checked '''[[Manual:des(3)]]'''<br><br />
DES_set_key '''[[Manual:des(3)]]'''<br><br />
DES_set_key_unchecked '''[[Manual:des(3)]]'''<br><br />
DES_set_odd_parity '''[[Manual:des(3)]]'''<br><br />
DES_string_to_2keys '''[[Manual:des(3)]]'''<br><br />
DES_string_to_key '''[[Manual:des(3)]]'''<br><br />
DES_string_to_key [[Manual:ui_compat(3)]]<br><br />
DES_xcbc_encrypt '''[[Manual:des(3)]]'''<br><br />
DH_check [[Manual:dh(3)]]<br><br />
DH_check '''[[Manual:DH_generate_parameters(3)]]'''<br><br />
DH_compute_key [[Manual:dh(3)]]<br><br />
DH_compute_key '''[[Manual:DH_generate_key(3)]]'''<br><br />
DH_compute_key [[Manual:DH_size(3)]]<br><br />
DH_free [[Manual:dh(3)]]<br><br />
DH_free [[Manual:DH_generate_parameters(3)]]<br><br />
DH_free '''[[Manual:DH_new(3)]]'''<br><br />
DH_free [[Manual:DH_set_method(3)]]<br><br />
DH_generate_key [[Manual:dh(3)]]<br><br />
DH_generate_key '''[[Manual:DH_generate_key(3)]]'''<br><br />
DH_generate_key [[Manual:DH_new(3)]]<br><br />
DH_generate_key [[Manual:DH_size(3)]]<br><br />
DH_generate_parameters [[Manual:dh(3)]]<br><br />
DH_generate_parameters '''[[Manual:DH_generate_parameters(3)]]'''<br><br />
DH_generate_parameters [[Manual:DH_new(3)]]<br><br />
DH_get_default_method [[Manual:dh(3)]]<br><br />
DH_get_default_method '''[[Manual:DH_set_method(3)]]'''<br><br />
DH_get_ex_data [[Manual:dh(3)]]<br><br />
DH_get_ex_data '''[[Manual:DH_get_ex_new_index(3)]]'''<br><br />
DH_get_ex_new_index [[Manual:CRYPTO_set_ex_data(3)]]<br><br />
DH_get_ex_new_index [[Manual:dh(3)]]<br><br />
DH_get_ex_new_index '''[[Manual:DH_get_ex_new_index(3)]]'''<br><br />
DH_new [[Manual:dh(3)]]<br><br />
DH_new '''[[Manual:DH_new(3)]]'''<br><br />
DH_new [[Manual:DH_set_method(3)]]<br><br />
DH_new_method [[Manual:dh(3)]]<br><br />
DH_new_method '''[[Manual:DH_set_method(3)]]'''<br><br />
DH_OpenSSL [[Manual:dh(3)]]<br><br />
DH_OpenSSL '''[[Manual:DH_set_method(3)]]'''<br><br />
DHparams_print_fp [[Manual:dh(3)]]<br><br />
DHparams_print_fp '''[[Manual:RSA_print(3)]]'''<br><br />
DHparams_print [[Manual:dh(3)]]<br><br />
DHparams_print '''[[Manual:RSA_print(3)]]'''<br><br />
DH_set_default_method [[Manual:dh(3)]]<br><br />
DH_set_default_method '''[[Manual:DH_set_method(3)]]'''<br><br />
DH_set_ex_data [[Manual:dh(3)]]<br><br />
DH_set_ex_data '''[[Manual:DH_get_ex_new_index(3)]]'''<br><br />
DH_set_method [[Manual:dh(3)]]<br><br />
DH_set_method '''[[Manual:DH_set_method(3)]]'''<br><br />
DH_size [[Manual:BN_num_bytes(3)]]<br><br />
DH_size [[Manual:dh(3)]]<br><br />
DH_size [[Manual:DH_generate_key(3)]]<br><br />
DH_size '''[[Manual:DH_size(3)]]'''<br><br />
DSA_do_sign [[Manual:dsa(3)]]<br><br />
DSA_do_sign '''[[Manual:DSA_do_sign(3)]]'''<br><br />
dsa_do_sign [[Manual:DSA_set_method(3)]]<br><br />
DSA_do_sign [[Manual:DSA_sign(3)]]<br><br />
DSA_do_sign [[Manual:DSA_SIG_new(3)]]<br><br />
DSA_do_verify [[Manual:dsa(3)]]<br><br />
DSA_do_verify '''[[Manual:DSA_do_sign(3)]]'''<br><br />
dsa_do_verify [[Manual:DSA_set_method(3)]]<br><br />
DSA_dup_DH [[Manual:dsa(3)]]<br><br />
DSA_dup_DH '''[[Manual:DSA_dup_DH(3)]]'''<br><br />
DSA_free [[Manual:dsa(3)]]<br><br />
DSA_free [[Manual:DSA_generate_parameters(3)]]<br><br />
DSA_free '''[[Manual:DSA_new(3)]]'''<br><br />
DSA_free [[Manual:DSA_set_method(3)]]<br><br />
DSA_generate_key [[Manual:dsa(3)]]<br><br />
DSA_generate_key '''[[Manual:DSA_generate_key(3)]]'''<br><br />
DSA_generate_key [[Manual:DSA_new(3)]]<br><br />
DSA_generate_parameters [[Manual:dsa(3)]]<br><br />
DSA_generate_parameters [[Manual:DSA_generate_key(3)]]<br><br />
DSA_generate_parameters '''[[Manual:DSA_generate_parameters(3)]]'''<br><br />
DSA_generate_parameters [[Manual:DSA_new(3)]]<br><br />
DSA_get_default_method [[Manual:dsa(3)]]<br><br />
DSA_get_default_method '''[[Manual:DSA_set_method(3)]]'''<br><br />
DSA_get_ex_data [[Manual:dsa(3)]]<br><br />
DSA_get_ex_data '''[[Manual:DSA_get_ex_new_index(3)]]'''<br><br />
DSA_get_ex_new_index [[Manual:CRYPTO_set_ex_data(3)]]<br><br />
DSA_get_ex_new_index [[Manual:dsa(3)]]<br><br />
DSA_get_ex_new_index '''[[Manual:DSA_get_ex_new_index(3)]]'''<br><br />
DSA_new [[Manual:dsa(3)]]<br><br />
DSA_new '''[[Manual:DSA_new(3)]]'''<br><br />
DSA_new [[Manual:DSA_set_method(3)]]<br><br />
DSA_new_method [[Manual:dsa(3)]]<br><br />
DSA_new_method [[Manual:DSA_new(3)]]<br><br />
DSA_new_method '''[[Manual:DSA_set_method(3)]]'''<br><br />
DSA_OpenSSL [[Manual:dsa(3)]]<br><br />
DSA_OpenSSL '''[[Manual:DSA_set_method(3)]]'''<br><br />
DSAparams_print_fp [[Manual:dsa(3)]]<br><br />
DSAparams_print_fp '''[[Manual:RSA_print(3)]]'''<br><br />
DSAparams_print [[Manual:dsa(3)]]<br><br />
DSAparams_print '''[[Manual:RSA_print(3)]]'''<br><br />
DSA_print_fp [[Manual:dsa(3)]]<br><br />
DSA_print_fp '''[[Manual:RSA_print(3)]]'''<br><br />
DSA_print [[Manual:dsa(3)]]<br><br />
DSA_print '''[[Manual:RSA_print(3)]]'''<br><br />
DSA_set_default_method [[Manual:dsa(3)]]<br><br />
DSA_set_default_method '''[[Manual:DSA_set_method(3)]]'''<br><br />
DSA_set_ex_data [[Manual:dsa(3)]]<br><br />
DSA_set_ex_data '''[[Manual:DSA_get_ex_new_index(3)]]'''<br><br />
DSA_set_method [[Manual:dsa(3)]]<br><br />
DSA_set_method '''[[Manual:DSA_set_method(3)]]'''<br><br />
DSA_SIG_free [[Manual:dsa(3)]]<br><br />
DSA_SIG_free '''[[Manual:DSA_SIG_new(3)]]'''<br><br />
DSA_SIG_new [[Manual:dsa(3)]]<br><br />
DSA_SIG_new [[Manual:DSA_do_sign(3)]]<br><br />
DSA_SIG_new '''[[Manual:DSA_SIG_new(3)]]'''<br><br />
DSA_sign [[Manual:dsa(3)]]<br><br />
DSA_sign [[Manual:DSA_do_sign(3)]]<br><br />
DSA_sign '''[[Manual:DSA_sign(3)]]'''<br><br />
DSA_sign [[Manual:DSA_size(3)]]<br><br />
DSA_sign_setup [[Manual:dsa(3)]]<br><br />
DSA_sign_setup [[Manual:DSA_do_sign(3)]]<br><br />
dsa_sign_setup [[Manual:DSA_set_method(3)]]<br><br />
DSA_sign_setup '''[[Manual:DSA_sign(3)]]'''<br><br />
DSA_size [[Manual:BN_num_bytes(3)]]<br><br />
DSA_size [[Manual:dsa(3)]]<br><br />
DSA_size [[Manual:DSA_sign(3)]]<br><br />
DSA_size '''[[Manual:DSA_size(3)]]'''<br><br />
DSA_verify [[Manual:dsa(3)]]<br><br />
DSA_verify '''[[Manual:DSA_sign(3)]]'''<br><br />
ECDSA_do_sign_ex [[Manual:ecdsa(3)]]<br><br />
ECDSA_do_sign [[Manual:ecdsa(3)]]<br><br />
ECDSA_do_verify [[Manual:ecdsa(3)]]<br><br />
ECDSA_get_default_method [[Manual:ecdsa(3)]]<br><br />
ECDSA_get_ex_data [[Manual:ecdsa(3)]]<br><br />
ECDSA_get_ex_new_index [[Manual:ecdsa(3)]]<br><br />
ECDSA_OpenSSL [[Manual:ecdsa(3)]]<br><br />
ECDSA_set_default_method [[Manual:ecdsa(3)]]<br><br />
ECDSA_set_ex_data [[Manual:ecdsa(3)]]<br><br />
ECDSA_set_method [[Manual:ecdsa(3)]]<br><br />
ECDSA_SIG_free [[Manual:ecdsa(3)]]<br><br />
ECDSA_SIG_new [[Manual:ecdsa(3)]]<br><br />
ECDSA_sign_ex [[Manual:ecdsa(3)]]<br><br />
ECDSA_sign [[Manual:ecdsa(3)]]<br><br />
ECDSA_sign_setup [[Manual:ecdsa(3)]]<br><br />
ECDSA_size [[Manual:ecdsa(3)]]<br><br />
ECDSA_verify [[Manual:ecdsa(3)]]<br><br />
EC_GROUP_new [[Manual:ecdsa(3)]]<br><br />
EC_KEY_generate_key [[Manual:ecdsa(3)]]<br><br />
EC_KEY_new [[Manual:ecdsa(3)]]<br><br />
ENGINE_add_conf_module [[Manual:engine(3)]]<br><br />
ENGINE_add_conf_module [[Manual:OPENSSL_load_builtin_modules(3)]]<br><br />
ENGINE_add [[Manual:engine(3)]]<br><br />
ENGINE_by_id [[Manual:engine(3)]]<br><br />
ENGINE_cleanup [[Manual:engine(3)]]<br><br />
ENGINE_cmd_is_executable [[Manual:engine(3)]]<br><br />
ENGINE_ctrl_cmd [[Manual:engine(3)]]<br><br />
ENGINE_ctrl_cmd_string [[Manual:engine(3)]]<br><br />
ENGINE_ctrl [[Manual:engine(3)]]<br><br />
ENGINE_finish [[Manual:engine(3)]]<br><br />
ENGINE_free [[Manual:engine(3)]]<br><br />
ENGINE_get_cipher_engine [[Manual:engine(3)]]<br><br />
ENGINE_get_cipher [[Manual:engine(3)]]<br><br />
ENGINE_get_ciphers [[Manual:engine(3)]]<br><br />
ENGINE_get_cmd_defns [[Manual:engine(3)]]<br><br />
ENGINE_get_ctrl_function [[Manual:engine(3)]]<br><br />
ENGINE_get_default_DH [[Manual:engine(3)]]<br><br />
ENGINE_get_default_DSA [[Manual:engine(3)]]<br><br />
ENGINE_get_default_ECDH [[Manual:engine(3)]]<br><br />
ENGINE_get_default_ECDSA [[Manual:engine(3)]]<br><br />
ENGINE_get_default_RAND [[Manual:engine(3)]]<br><br />
ENGINE_get_default_RSA [[Manual:engine(3)]]<br><br />
ENGINE_get_destroy_function [[Manual:engine(3)]]<br><br />
ENGINE_get_DH [[Manual:engine(3)]]<br><br />
ENGINE_get_digest_engine [[Manual:engine(3)]]<br><br />
ENGINE_get_digest [[Manual:engine(3)]]<br><br />
ENGINE_get_digests [[Manual:engine(3)]]<br><br />
ENGINE_get_DSA [[Manual:engine(3)]]<br><br />
ENGINE_get_ECDH [[Manual:engine(3)]]<br><br />
ENGINE_get_ECDSA [[Manual:engine(3)]]<br><br />
ENGINE_get_ex_data [[Manual:engine(3)]]<br><br />
ENGINE_get_ex_new_index [[Manual:engine(3)]]<br><br />
ENGINE_get_finish_function [[Manual:engine(3)]]<br><br />
ENGINE_get_first [[Manual:engine(3)]]<br><br />
ENGINE_get_flags [[Manual:engine(3)]]<br><br />
ENGINE_get_id [[Manual:engine(3)]]<br><br />
ENGINE_get_init_function [[Manual:engine(3)]]<br><br />
ENGINE_get_last [[Manual:engine(3)]]<br><br />
ENGINE_get_load_privkey_function [[Manual:engine(3)]]<br><br />
ENGINE_get_load_pubkey_function [[Manual:engine(3)]]<br><br />
ENGINE_get_name [[Manual:engine(3)]]<br><br />
ENGINE_get_next [[Manual:engine(3)]]<br><br />
ENGINE_get_prev [[Manual:engine(3)]]<br><br />
ENGINE_get_RAND [[Manual:engine(3)]]<br><br />
ENGINE_get_RSA [[Manual:engine(3)]]<br><br />
ENGINE_get_STORE [[Manual:engine(3)]]<br><br />
ENGINE_get_table_flags [[Manual:engine(3)]]<br><br />
ENGINE_init [[Manual:engine(3)]]<br><br />
ENGINE_load_builtin_engines [[Manual:engine(3)]]<br><br />
ENGINE_load_cryptodev [[Manual:engine(3)]]<br><br />
ENGINE_load_dynamic [[Manual:engine(3)]]<br><br />
ENGINE_load_openssl [[Manual:engine(3)]]<br><br />
ENGINE_load_private_key [[Manual:engine(3)]]<br><br />
ENGINE_load_public_key [[Manual:engine(3)]]<br><br />
ENGINE_new [[Manual:engine(3)]]<br><br />
ENGINE_register_all_ciphers [[Manual:engine(3)]]<br><br />
ENGINE_register_all_complete [[Manual:engine(3)]]<br><br />
ENGINE_register_all_DH [[Manual:engine(3)]]<br><br />
ENGINE_register_all_digests [[Manual:engine(3)]]<br><br />
ENGINE_register_all_DSA [[Manual:engine(3)]]<br><br />
ENGINE_register_all_ECDH [[Manual:engine(3)]]<br><br />
ENGINE_register_all_ECDSA [[Manual:engine(3)]]<br><br />
ENGINE_register_all_RAND [[Manual:engine(3)]]<br><br />
ENGINE_register_all_RSA [[Manual:engine(3)]]<br><br />
ENGINE_register_all_STORE [[Manual:engine(3)]]<br><br />
ENGINE_register_ciphers [[Manual:engine(3)]]<br><br />
ENGINE_register_complete [[Manual:engine(3)]]<br><br />
ENGINE_register_DH [[Manual:engine(3)]]<br><br />
ENGINE_register_digests [[Manual:engine(3)]]<br><br />
ENGINE_register_DSA [[Manual:engine(3)]]<br><br />
ENGINE_register_ECDH [[Manual:engine(3)]]<br><br />
ENGINE_register_ECDSA [[Manual:engine(3)]]<br><br />
ENGINE_register_RAND [[Manual:engine(3)]]<br><br />
ENGINE_register_RSA [[Manual:engine(3)]]<br><br />
ENGINE_register_STORE [[Manual:engine(3)]]<br><br />
ENGINE_remove [[Manual:engine(3)]]<br><br />
ENGINE_set_ciphers [[Manual:engine(3)]]<br><br />
ENGINE_set_cmd_defns [[Manual:engine(3)]]<br><br />
ENGINE_set_ctrl_function [[Manual:engine(3)]]<br><br />
ENGINE_set_default_ciphers [[Manual:engine(3)]]<br><br />
ENGINE_set_default_DH [[Manual:engine(3)]]<br><br />
ENGINE_set_default_digests [[Manual:engine(3)]]<br><br />
ENGINE_set_default_DSA [[Manual:engine(3)]]<br><br />
ENGINE_set_default_ECDH [[Manual:engine(3)]]<br><br />
ENGINE_set_default_ECDSA [[Manual:engine(3)]]<br><br />
ENGINE_set_default [[Manual:engine(3)]]<br><br />
ENGINE_set_default_RAND [[Manual:engine(3)]]<br><br />
ENGINE_set_default_RSA [[Manual:engine(3)]]<br><br />
ENGINE_set_default_string [[Manual:engine(3)]]<br><br />
ENGINE_set_destroy_function [[Manual:engine(3)]]<br><br />
ENGINE_set_DH [[Manual:engine(3)]]<br><br />
ENGINE_set_digests [[Manual:engine(3)]]<br><br />
ENGINE_set_DSA [[Manual:engine(3)]]<br><br />
ENGINE_set_ECDH [[Manual:engine(3)]]<br><br />
ENGINE_set_ECDSA [[Manual:engine(3)]]<br><br />
ENGINE_set_ex_data [[Manual:engine(3)]]<br><br />
ENGINE_set_finish_function [[Manual:engine(3)]]<br><br />
ENGINE_set_flags [[Manual:engine(3)]]<br><br />
ENGINE_set_id [[Manual:engine(3)]]<br><br />
ENGINE_set_init_function [[Manual:engine(3)]]<br><br />
ENGINE_set_load_privkey_function [[Manual:engine(3)]]<br><br />
ENGINE_set_load_pubkey_function [[Manual:engine(3)]]<br><br />
ENGINE_set_name [[Manual:engine(3)]]<br><br />
ENGINE_set_RAND [[Manual:engine(3)]]<br><br />
ENGINE_set_RSA [[Manual:engine(3)]]<br><br />
ENGINE_set_STORE [[Manual:engine(3)]]<br><br />
ENGINE_set_table_flags [[Manual:engine(3)]]<br><br />
ENGINE_unregister_ciphers [[Manual:engine(3)]]<br><br />
ENGINE_unregister_DH [[Manual:engine(3)]]<br><br />
ENGINE_unregister_digests [[Manual:engine(3)]]<br><br />
ENGINE_unregister_DSA [[Manual:engine(3)]]<br><br />
ENGINE_unregister_ECDH [[Manual:engine(3)]]<br><br />
ENGINE_unregister_ECDSA [[Manual:engine(3)]]<br><br />
ENGINE_unregister_RAND [[Manual:engine(3)]]<br><br />
ENGINE_unregister_RSA [[Manual:engine(3)]]<br><br />
ENGINE_unregister_STORE [[Manual:engine(3)]]<br><br />
ENGINE_up_ref [[Manual:engine(3)]]<br><br />
ERR_add_error_data [[Manual:err(3)]]<br><br />
ERR_add_error_data '''[[Manual:ERR_put_error(3)]]'''<br><br />
ERR_clear_error [[Manual:err(3)]]<br><br />
ERR_clear_error '''[[Manual:ERR_clear_error(3)]]'''<br><br />
ERR_error_string [[Manual:err(3)]]<br><br />
ERR_error_string '''[[Manual:ERR_error_string(3)]]'''<br><br />
ERR_error_string [[Manual:ERR_get_error(3)]]<br><br />
ERR_error_string [[Manual:ERR_load_crypto_strings(3)]]<br><br />
ERR_error_string [[Manual:ERR_print_errors(3)]]<br><br />
ERR_error_string_n '''[[Manual:ERR_error_string(3)]]'''<br><br />
ERR_free_strings [[Manual:err(3)]]<br><br />
ERR_free_strings '''[[Manual:ERR_load_crypto_strings(3)]]'''<br><br />
ERR_func_error_string [[Manual:err(3)]]<br><br />
ERR_func_error_string '''[[Manual:ERR_error_string(3)]]'''<br><br />
ERR_get_error_line_data [[Manual:err(3)]]<br><br />
ERR_get_error_line_data '''[[Manual:ERR_get_error(3)]]'''<br><br />
ERR_get_error_line [[Manual:err(3)]]<br><br />
ERR_get_error_line '''[[Manual:ERR_get_error(3)]]'''<br><br />
ERR_get_error [[Manual:ASN1_generate_nconf(3)]]<br><br />
ERR_get_error [[Manual:ASN1_OBJECT_new(3)]]<br><br />
ERR_get_error [[Manual:ASN1_STRING_length(3)]]<br><br />
ERR_get_error [[Manual:ASN1_STRING_new(3)]]<br><br />
ERR_get_error [[Manual:BIO_new_CMS(3)]]<br><br />
ERR_get_error [[Manual:BN_add(3)]]<br><br />
ERR_get_error [[Manual:BN_add_word(3)]]<br><br />
ERR_get_error [[Manual:BN_bn2bin(3)]]<br><br />
ERR_get_error [[Manual:BN_copy(3)]]<br><br />
ERR_get_error [[Manual:BN_CTX_new(3)]]<br><br />
ERR_get_error [[Manual:BN_CTX_start(3)]]<br><br />
ERR_get_error [[Manual:BN_generate_prime(3)]]<br><br />
ERR_get_error [[Manual:BN_mod_inverse(3)]]<br><br />
ERR_get_error [[Manual:BN_mod_mul_montgomery(3)]]<br><br />
ERR_get_error [[Manual:BN_mod_mul_reciprocal(3)]]<br><br />
ERR_get_error [[Manual:BN_new(3)]]<br><br />
ERR_get_error [[Manual:BN_rand(3)]]<br><br />
ERR_get_error [[Manual:BN_set_bit(3)]]<br><br />
ERR_get_error [[Manual:CMS_add0_cert(3)]]<br><br />
ERR_get_error [[Manual:CMS_add1_recipient_cert(3)]]<br><br />
ERR_get_error [[Manual:CMS_compress(3)]]<br><br />
ERR_get_error [[Manual:CMS_decrypt(3)]]<br><br />
ERR_get_error [[Manual:CMS_encrypt(3)]]<br><br />
ERR_get_error [[Manual:CMS_final(3)]]<br><br />
ERR_get_error [[Manual:CMS_get0_RecipientInfos(3)]]<br><br />
ERR_get_error [[Manual:CMS_get0_SignerInfos(3)]]<br><br />
ERR_get_error [[Manual:CMS_get0_type(3)]]<br><br />
ERR_get_error [[Manual:CMS_get1_ReceiptRequest(3)]]<br><br />
ERR_get_error [[Manual:CMS_sign(3)]]<br><br />
ERR_get_error [[Manual:CMS_sign_add1_signer(3)]]<br><br />
ERR_get_error [[Manual:CMS_sign_receipt(3)]]<br><br />
ERR_get_error [[Manual:CMS_uncompress(3)]]<br><br />
ERR_get_error [[Manual:CMS_verify(3)]]<br><br />
ERR_get_error [[Manual:CMS_verify_receipt(3)]]<br><br />
ERR_get_error [[Manual:CRYPTO_set_ex_data(3)]]<br><br />
ERR_get_error [[Manual:d2i_X509(3)]]<br><br />
ERR_get_error [[Manual:DH_generate_key(3)]]<br><br />
ERR_get_error [[Manual:DH_generate_parameters(3)]]<br><br />
ERR_get_error [[Manual:DH_new(3)]]<br><br />
ERR_get_error [[Manual:DH_set_method(3)]]<br><br />
ERR_get_error [[Manual:DSA_do_sign(3)]]<br><br />
ERR_get_error [[Manual:DSA_dup_DH(3)]]<br><br />
ERR_get_error [[Manual:DSA_generate_key(3)]]<br><br />
ERR_get_error [[Manual:DSA_generate_parameters(3)]]<br><br />
ERR_get_error [[Manual:DSA_new(3)]]<br><br />
ERR_get_error [[Manual:DSA_set_method(3)]]<br><br />
ERR_get_error [[Manual:DSA_sign(3)]]<br><br />
ERR_get_error [[Manual:DSA_SIG_new(3)]]<br><br />
ERR_get_error [[Manual:ecdsa(3)]]<br><br />
ERR_get_error [[Manual:err(3)]]<br><br />
ERR_get_error [[Manual:ERR_clear_error(3)]]<br><br />
ERR_get_error [[Manual:ERR_error_string(3)]]<br><br />
ERR_get_error '''[[Manual:ERR_get_error(3)]]'''<br><br />
ERR_get_error [[Manual:ERR_GET_LIB(3)]]<br><br />
ERR_get_error [[Manual:ERR_print_errors(3)]]<br><br />
ERR_get_error [[Manual:EVP_DigestSignInit(3)]]<br><br />
ERR_get_error [[Manual:EVP_DigestVerifyInit(3)]]<br><br />
ERR_get_error [[Manual:EVP_SignInit(3)]]<br><br />
ERR_get_error [[Manual:EVP_VerifyInit(3)]]<br><br />
ERR_get_error [[Manual:i2d_CMS_bio_stream(3)]]<br><br />
ERR_get_error [[Manual:i2d_PKCS7_bio_stream(3)]]<br><br />
ERR_get_error [[Manual:OBJ_nid2obj(3)]]<br><br />
ERR_get_error [[Manual:PEM_write_bio_CMS_stream(3)]]<br><br />
ERR_get_error [[Manual:PEM_write_bio_PKCS7_stream(3)]]<br><br />
ERR_get_error [[Manual:PKCS12_parse(3)]]<br><br />
ERR_get_error [[Manual:PKCS7_decrypt(3)]]<br><br />
ERR_get_error [[Manual:PKCS7_encrypt(3)]]<br><br />
ERR_get_error [[Manual:PKCS7_sign(3)]]<br><br />
ERR_get_error [[Manual:PKCS7_sign_add_signer(3)]]<br><br />
ERR_get_error [[Manual:PKCS7_verify(3)]]<br><br />
ERR_get_error [[Manual:RAND_bytes(3)]]<br><br />
ERR_get_error [[Manual:RSA_check_key(3)]]<br><br />
ERR_get_error [[Manual:RSA_generate_key(3)]]<br><br />
ERR_get_error [[Manual:RSA_get_ex_new_index(3)]]<br><br />
ERR_get_error [[Manual:RSA_new(3)]]<br><br />
ERR_get_error [[Manual:RSA_padding_add_PKCS1_type_1(3)]]<br><br />
ERR_get_error [[Manual:RSA_private_encrypt(3)]]<br><br />
ERR_get_error [[Manual:RSA_public_encrypt(3)]]<br><br />
ERR_get_error [[Manual:RSA_set_method(3)]]<br><br />
ERR_get_error [[Manual:RSA_sign(3)]]<br><br />
ERR_get_error [[Manual:RSA_sign_ASN1_OCTET_STRING(3)]]<br><br />
ERR_get_error [[Manual:SMIME_read_CMS(3)]]<br><br />
ERR_get_error [[Manual:SMIME_read_PKCS7(3)]]<br><br />
ERR_get_error [[Manual:SMIME_write_CMS(3)]]<br><br />
ERR_get_error [[Manual:SMIME_write_PKCS7(3)]]<br><br />
ERR_get_error [[Manual:X509_NAME_add_entry_by_txt(3)]]<br><br />
ERR_get_error [[Manual:X509_NAME_ENTRY_get_object(3)]]<br><br />
ERR_get_error [[Manual:X509_NAME_get_index_by_NID(3)]]<br><br />
ERR_get_error [[Manual:X509_new(3)]]<br><br />
ERR_get_err_state_table [[Manual:err(3)]]<br><br />
ERR_get_next_error_library [[Manual:err(3)]]<br><br />
ERR_get_next_error_library '''[[Manual:ERR_load_strings(3)]]'''<br><br />
ERR_get_state [[Manual:err(3)]]<br><br />
ERR_get_string_table [[Manual:err(3)]]<br><br />
ERR_lib_error_string [[Manual:err(3)]]<br><br />
ERR_lib_error_string '''[[Manual:ERR_error_string(3)]]'''<br><br />
ERR_load_crypto_strings [[Manual:BIO_f_ssl(3)]]<br><br />
ERR_load_crypto_strings [[Manual:BIO_s_accept(3)]]<br><br />
ERR_load_crypto_strings [[Manual:BIO_s_connect(3)]]<br><br />
ERR_load_crypto_strings [[Manual:err(3)]]<br><br />
ERR_load_crypto_strings [[Manual:ERR_error_string(3)]]<br><br />
ERR_load_crypto_strings '''[[Manual:ERR_load_crypto_strings(3)]]'''<br><br />
ERR_load_crypto_strings [[Manual:ERR_print_errors(3)]]<br><br />
ERR_load_strings [[Manual:err(3)]]<br><br />
ERR_load_strings '''[[Manual:ERR_load_strings(3)]]'''<br><br />
ERR_load_strings [[Manual:ERR_put_error(3)]]<br><br />
ERR_load_UI_strings '''[[Manual:ui(3)]]'''<br><br />
ERR_peek_error_line_data [[Manual:err(3)]]<br><br />
ERR_peek_error_line_data '''[[Manual:ERR_get_error(3)]]'''<br><br />
ERR_peek_error_line [[Manual:err(3)]]<br><br />
ERR_peek_error_line '''[[Manual:ERR_get_error(3)]]'''<br><br />
ERR_peek_error [[Manual:err(3)]]<br><br />
ERR_peek_error '''[[Manual:ERR_get_error(3)]]'''<br><br />
ERR_peek_last_error_line_data '''[[Manual:ERR_get_error(3)]]'''<br><br />
ERR_peek_last_error_line '''[[Manual:ERR_get_error(3)]]'''<br><br />
ERR_peek_last_error '''[[Manual:ERR_get_error(3)]]'''<br><br />
ERR_pop_to_mark '''[[Manual:ERR_set_mark(3)]]'''<br><br />
ERR_print_errors_fp [[Manual:BIO_f_ssl(3)]]<br><br />
ERR_print_errors_fp [[Manual:BIO_s_accept(3)]]<br><br />
ERR_print_errors_fp [[Manual:BIO_s_connect(3)]]<br><br />
ERR_print_errors_fp [[Manual:err(3)]]<br><br />
ERR_print_errors_fp '''[[Manual:ERR_print_errors(3)]]'''<br><br />
ERR_print_errors [[Manual:err(3)]]<br><br />
ERR_print_errors [[Manual:ERR_error_string(3)]]<br><br />
ERR_print_errors '''[[Manual:ERR_print_errors(3)]]'''<br><br />
ERR_put_error [[Manual:err(3)]]<br><br />
ERR_put_error '''[[Manual:ERR_put_error(3)]]'''<br><br />
ERR_reason_error_string [[Manual:err(3)]]<br><br />
ERR_reason_error_string '''[[Manual:ERR_error_string(3)]]'''<br><br />
ERR_remove_state [[Manual:err(3)]]<br><br />
ERR_remove_state '''[[Manual:ERR_remove_state(3)]]'''<br><br />
ERR_set_mark '''[[Manual:ERR_set_mark(3)]]'''<br><br />
EVP_aes_128_ccm [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_aes_128_gcm [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_aes_192_ccm [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_aes_192_gcm [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_aes_256_ccm [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_aes_256_gcm [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_bf_cbc [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_bf_cfb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_bf_ecb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_bf_ofb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_BytesToKey '''[[Manual:EVP_BytesToKey(3)]]'''<br><br />
EVP_cast5_cbc [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_cast5_cfb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_cast5_ecb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_cast5_ofb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_CIPHER_asn1_to_param '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_block_size '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_CTX_block_size '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_CTX_cipher '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_CTX_cleanup '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_CTX_ctrl '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_CTX_flags '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_CTX_get_app_data '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_CTX_init '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_CTX_iv_length '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_CTX_key_length '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_CTX_nid '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_CTX_set_app_data '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_CTX_set_key_length '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_CTX_set_padding '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CipherFinal_ex '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CipherFinal [[Manual:BIO_f_cipher(3)]]<br><br />
EVP_CipherFinal '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_flags '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CipherInit_ex '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CipherInit [[Manual:BIO_f_cipher(3)]]<br><br />
EVP_CipherInit '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_iv_length '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_iv_length [[Manual:EVP_SealInit(3)]]<br><br />
EVP_CIPHER_key_length '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_nid '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_param_to_asn1 '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CIPHER_type '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_CipherUpdate [[Manual:BIO_f_cipher(3)]]<br><br />
EVP_CipherUpdate '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_cleanup [[Manual:OpenSSL_add_all_algorithms(3)]]<br><br />
EVP_DecryptFinal_ex '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_DecryptFinal '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_DecryptFinal [[Manual:EVP_OpenInit(3)]]<br><br />
EVP_DecryptInit_ex '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_DecryptInit '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_DecryptInit [[Manual:EVP_OpenInit(3)]]<br><br />
EVP_DecryptUpdate '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_DecryptUpdate [[Manual:EVP_OpenInit(3)]]<br><br />
EVP_des_cbc [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_des_cbc [[Manual:EVP_SealInit(3)]]<br><br />
EVP_des_cfb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_des_ecb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_des_ede3_cbc [[Manual:CMS_encrypt(3)]]<br><br />
EVP_des_ede3_cbc [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_des_ede3_cbc [[Manual:pem(3)]]<br><br />
EVP_des_ede3_cbc [[Manual:PKCS7_encrypt(3)]]<br><br />
EVP_des_ede3_cfb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_des_ede3 [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_des_ede3_ofb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_des_ede_cbc [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_des_ede_cfb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_des_ede [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_des_ede_ofb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_des_ofb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_desx_cbc [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_DigestFinal_ex '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_DigestFinal [[Manual:BIO_f_md(3)]]<br><br />
EVP_DigestFinal [[Manual:EVP_DigestInit(3)]]<br><br />
EVP_DigestInit_ex '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_DigestInit [[Manual:BIO_f_md(3)]]<br><br />
EVP_DigestInit [[Manual:des(3)]]<br><br />
EVP_DigestInit [[Manual:evp(3)]]<br><br />
EVP_DigestInit [[Manual:EVP_DigestInit(3)]]<br><br />
EVP_DigestInit [[Manual:EVP_DigestSignInit(3)]]<br><br />
EVP_DigestInit [[Manual:EVP_DigestVerifyInit(3)]]<br><br />
EVP_DigestInit [[Manual:EVP_SignInit(3)]]<br><br />
EVP_DigestInit [[Manual:EVP_VerifyInit(3)]]<br><br />
EVP_DigestInit [[Manual:md5(3)]]<br><br />
EVP_DigestInit [[Manual:mdc2(3)]]<br><br />
EVP_DigestInit [[Manual:OpenSSL_add_all_algorithms(3)]]<br><br />
EVP_DigestInit [[Manual:ripemd(3)]]<br><br />
EVP_DigestInit [[Manual:sha(3)]]<br><br />
EVP_Digest [[Manual:evp(3)]]<br><br />
EVP_Digest [[Manual:EVP_DigestSignInit(3)]]<br><br />
EVP_Digest [[Manual:EVP_DigestVerifyInit(3)]]<br><br />
EVP_DigestSignFinal '''[[Manual:EVP_DigestSignInit(3)]]'''<br><br />
EVP_DigestSignInit '''[[Manual:EVP_DigestSignInit(3)]]'''<br><br />
EVP_DigestSignInit [[Manual:EVP_DigestVerifyInit(3)]]<br><br />
EVP_DigestUpdate [[Manual:BIO_f_md(3)]]<br><br />
EVP_DigestUpdate '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_DigestVerifyFinal '''[[Manual:EVP_DigestVerifyInit(3)]]'''<br><br />
EVP_DigestVerifyInit [[Manual:EVP_DigestSignInit(3)]]<br><br />
EVP_DigestVerifyInit '''[[Manual:EVP_DigestVerifyInit(3)]]'''<br><br />
EVP_dss1 '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_dss1 [[Manual:EVP_DigestSignInit(3)]]<br><br />
EVP_dss1 [[Manual:EVP_DigestVerifyInit(3)]]<br><br />
EVP_dss '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_enc_null [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_EncryptFinal_ex '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_EncryptFinal '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_EncryptFinal [[Manual:EVP_SealInit(3)]]<br><br />
EVP_EncryptInit_ex '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_EncryptInit [[Manual:blowfish(3)]]<br><br />
EVP_EncryptInit [[Manual:evp(3)]]<br><br />
EVP_EncryptInit [[Manual:EVP_BytesToKey(3)]]<br><br />
EVP_EncryptInit '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_EncryptInit [[Manual:EVP_OpenInit(3)]]<br><br />
EVP_EncryptInit [[Manual:EVP_SealInit(3)]]<br><br />
EVP_EncryptInit [[Manual:OpenSSL_add_all_algorithms(3)]]<br><br />
EVP_EncryptInit [[Manual:rc4(3)]]<br><br />
EVP_EncryptUpdate '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_EncryptUpdate [[Manual:EVP_SealInit(3)]]<br><br />
EVP_get_cipherbyname '''[[Manual:EVP_EncryptInit(3)]]'''<br><br />
EVP_get_cipherbyname [[Manual:pem(3)]]<br><br />
EVP_get_digestbyname '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_idea_cbc [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_idea_cfb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_idea_ecb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_idea_ofb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_md5 [[Manual:BIO_f_md(3)]]<br><br />
EVP_md5 '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_MD_block_size '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_mdc2 '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_MD_CTX_cleanup '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_MD_CTX_cleanup [[Manual:EVP_DigestSignInit(3)]]<br><br />
EVP_MD_CTX_cleanup [[Manual:EVP_DigestVerifyInit(3)]]<br><br />
EVP_MD_CTX_cleanup [[Manual:EVP_SignInit(3)]]<br><br />
EVP_MD_CTX_cleanup [[Manual:EVP_VerifyInit(3)]]<br><br />
EVP_MD_CTX_copy_ex '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_MD_CTX_copy '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_MD_CTX_create '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_MD_CTX_destroy '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_MD_CTX_init '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_MD_CTX_init [[Manual:EVP_DigestSignInit(3)]]<br><br />
EVP_MD_CTX_init [[Manual:EVP_DigestVerifyInit(3)]]<br><br />
EVP_MD_CTX_init [[Manual:EVP_SignInit(3)]]<br><br />
EVP_MD_CTX_init [[Manual:EVP_VerifyInit(3)]]<br><br />
EVP_MD_CTX_md '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_md_null '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_MD_pkey_type '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_MD_size '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_MD_type [[Manual:BIO_f_md(3)]]<br><br />
EVP_MD_type '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_OpenFinal '''[[Manual:EVP_OpenInit(3)]]'''<br><br />
EVP_OpenInit [[Manual:evp(3)]]<br><br />
EVP_OpenInit '''[[Manual:EVP_OpenInit(3)]]'''<br><br />
EVP_OpenInit [[Manual:EVP_SealInit(3)]]<br><br />
EVP_PKEY_assign [[Manual:EVP_PKEY_set1_RSA(3)]]<br><br />
EVP_PKEY_cmp '''[[Manual:EVP_PKEY_cmp(3)]]'''<br><br />
EVP_PKEY_cmp_parameters '''[[Manual:EVP_PKEY_cmp(3)]]'''<br><br />
EVP_PKEY_copy_parameters '''[[Manual:EVP_PKEY_cmp(3)]]'''<br><br />
EVP_PKEY_CTX_ctrl [[Manual:EVP_PKEY_CTX_ctrl(3)]]<br><br />
EVP_PKEY_CTX_ctrl_str [[Manual:EVP_PKEY_CTX_ctrl(3)]]<br><br />
EVP_PKEY_CTX_dup '''[[Manual:EVP_PKEY_CTX_new(3)]]'''<br><br />
EVP_PKEY_CTX_free '''[[Manual:EVP_PKEY_CTX_new(3)]]'''<br><br />
EVP_PKEY_CTX_get_app_data '''[[Manual:EVP_PKEY_keygen(3)]]'''<br><br />
EVP_PKEY_CTX_get_cb '''[[Manual:EVP_PKEY_keygen(3)]]'''<br><br />
EVP_PKEY_CTX_get_keygen_info '''[[Manual:EVP_PKEY_keygen(3)]]'''<br><br />
EVP_PKEY_CTX_new_id '''[[Manual:EVP_PKEY_CTX_new(3)]]'''<br><br />
EVP_PKEY_CTX_new_id [[Manual:EVP_PKEY_keygen(3)]]<br><br />
EVP_PKEY_CTX_new [[Manual:EVP_PKEY_cmp(3)]]<br><br />
EVP_PKEY_CTX_new [[Manual:EVP_PKEY_CTX_ctrl(3)]]<br><br />
EVP_PKEY_CTX_new '''[[Manual:EVP_PKEY_CTX_new(3)]]'''<br><br />
EVP_PKEY_CTX_new [[Manual:EVP_PKEY_decrypt(3)]]<br><br />
EVP_PKEY_CTX_new [[Manual:EVP_PKEY_derive(3)]]<br><br />
EVP_PKEY_CTX_new [[Manual:EVP_PKEY_encrypt(3)]]<br><br />
EVP_PKEY_CTX_new [[Manual:EVP_PKEY_get_default_digest(3)]]<br><br />
EVP_PKEY_CTX_new [[Manual:EVP_PKEY_keygen(3)]]<br><br />
EVP_PKEY_CTX_new [[Manual:EVP_PKEY_print_private(3)]]<br><br />
EVP_PKEY_CTX_new [[Manual:EVP_PKEY_sign(3)]]<br><br />
EVP_PKEY_CTX_new [[Manual:EVP_PKEY_verify(3)]]<br><br />
EVP_PKEY_CTX_new [[Manual:EVP_PKEY_verify_recover(3)]]<br><br />
EVP_PKEY_CTX_set_app_data '''[[Manual:EVP_PKEY_keygen(3)]]'''<br><br />
EVP_PKEY_CTX_set_cb '''[[Manual:EVP_PKEY_keygen(3)]]'''<br><br />
EVP_PKEY_decrypt_init '''[[Manual:EVP_PKEY_decrypt(3)]]'''<br><br />
EVP_PKEY_decrypt [[Manual:EVP_PKEY_CTX_ctrl(3)]]<br><br />
EVP_PKEY_decrypt '''[[Manual:EVP_PKEY_decrypt(3)]]'''<br><br />
EVP_PKEY_decrypt [[Manual:EVP_PKEY_derive(3)]]<br><br />
EVP_PKEY_decrypt [[Manual:EVP_PKEY_encrypt(3)]]<br><br />
EVP_PKEY_decrypt [[Manual:EVP_PKEY_keygen(3)]]<br><br />
EVP_PKEY_decrypt [[Manual:EVP_PKEY_sign(3)]]<br><br />
EVP_PKEY_decrypt [[Manual:EVP_PKEY_verify(3)]]<br><br />
EVP_PKEY_decrypt [[Manual:EVP_PKEY_verify_recover(3)]]<br><br />
EVP_PKEY_derive_init '''[[Manual:EVP_PKEY_derive(3)]]'''<br><br />
EVP_PKEY_derive [[Manual:EVP_PKEY_CTX_ctrl(3)]]<br><br />
EVP_PKEY_derive [[Manual:EVP_PKEY_decrypt(3)]]<br><br />
EVP_PKEY_derive '''[[Manual:EVP_PKEY_derive(3)]]'''<br><br />
EVP_PKEY_derive [[Manual:EVP_PKEY_encrypt(3)]]<br><br />
EVP_PKEY_derive [[Manual:EVP_PKEY_keygen(3)]]<br><br />
EVP_PKEY_derive [[Manual:EVP_PKEY_sign(3)]]<br><br />
EVP_PKEY_derive [[Manual:EVP_PKEY_verify(3)]]<br><br />
EVP_PKEY_derive [[Manual:EVP_PKEY_verify_recover(3)]]<br><br />
EVP_PKEY_derive_set_peer '''[[Manual:EVP_PKEY_derive(3)]]'''<br><br />
EVP_PKEY_encrypt_init '''[[Manual:EVP_PKEY_encrypt(3)]]'''<br><br />
EVP_PKEY_encrypt [[Manual:EVP_PKEY_CTX_ctrl(3)]]<br><br />
EVP_PKEY_encrypt [[Manual:EVP_PKEY_decrypt(3)]]<br><br />
EVP_PKEY_encrypt [[Manual:EVP_PKEY_derive(3)]]<br><br />
EVP_PKEY_encrypt '''[[Manual:EVP_PKEY_encrypt(3)]]'''<br><br />
EVP_PKEY_encrypt [[Manual:EVP_PKEY_keygen(3)]]<br><br />
EVP_PKEY_encrypt [[Manual:EVP_PKEY_sign(3)]]<br><br />
EVP_PKEY_encrypt [[Manual:EVP_PKEY_verify(3)]]<br><br />
EVP_PKEY_encrypt [[Manual:EVP_PKEY_verify_recover(3)]]<br><br />
EVP_PKEY_free '''[[Manual:EVP_PKEY_new(3)]]'''<br><br />
EVP_PKEY_get1_DH '''[[Manual:EVP_PKEY_set1_RSA(3)]]'''<br><br />
EVP_PKEY_get1_DSA '''[[Manual:EVP_PKEY_set1_RSA(3)]]'''<br><br />
EVP_PKEY_get1_EC_KEY '''[[Manual:EVP_PKEY_set1_RSA(3)]]'''<br><br />
EVP_PKEY_get1_RSA '''[[Manual:EVP_PKEY_set1_RSA(3)]]'''<br><br />
EVP_PKEY_get_default_digest_nid [[Manual:EVP_PKEY_CTX_ctrl(3)]]<br><br />
EVP_PKEY_get_default_digest_nid '''[[Manual:EVP_PKEY_get_default_digest(3)]]'''<br><br />
EVP_PKEY_keygen_init '''[[Manual:EVP_PKEY_keygen(3)]]'''<br><br />
EVP_PKEY_keygen [[Manual:EVP_PKEY_cmp(3)]]<br><br />
EVP_PKEY_keygen [[Manual:EVP_PKEY_CTX_ctrl(3)]]<br><br />
EVP_PKEY_keygen '''[[Manual:EVP_PKEY_keygen(3)]]'''<br><br />
EVP_PKEY_keygen [[Manual:EVP_PKEY_print_private(3)]]<br><br />
EVP_PKEY_missing_parameters '''[[Manual:EVP_PKEY_cmp(3)]]'''<br><br />
EVP_PKEY_new [[Manual:EVP_PKEY_CTX_new(3)]]<br><br />
EVP_PKEY_new '''[[Manual:EVP_PKEY_new(3)]]'''<br><br />
EVP_PKEY_new [[Manual:EVP_PKEY_set1_RSA(3)]]<br><br />
EVP_PKEY_paramgen_init '''[[Manual:EVP_PKEY_keygen(3)]]'''<br><br />
EVP_PKEY_paramgen '''[[Manual:EVP_PKEY_keygen(3)]]'''<br><br />
EVP_PKEY_print_params '''[[Manual:EVP_PKEY_print_private(3)]]'''<br><br />
EVP_PKEY_print_private '''[[Manual:EVP_PKEY_print_private(3)]]'''<br><br />
EVP_PKEY_print_public '''[[Manual:EVP_PKEY_print_private(3)]]'''<br><br />
EVP_PKEY_set1_DH '''[[Manual:EVP_PKEY_set1_RSA(3)]]'''<br><br />
EVP_PKEY_set1_DSA '''[[Manual:EVP_PKEY_set1_RSA(3)]]'''<br><br />
EVP_PKEY_set1_EC_KEY '''[[Manual:EVP_PKEY_set1_RSA(3)]]'''<br><br />
EVP_PKEY_set1_RSA [[Manual:EVP_PKEY_new(3)]]<br><br />
EVP_PKEY_set1_RSA '''[[Manual:EVP_PKEY_set1_RSA(3)]]'''<br><br />
EVP_PKEY_sign_init '''[[Manual:EVP_PKEY_sign(3)]]'''<br><br />
EVP_PKEY_sign [[Manual:EVP_PKEY_CTX_ctrl(3)]]<br><br />
EVP_PKEY_sign [[Manual:EVP_PKEY_decrypt(3)]]<br><br />
EVP_PKEY_sign [[Manual:EVP_PKEY_derive(3)]]<br><br />
EVP_PKEY_sign [[Manual:EVP_PKEY_encrypt(3)]]<br><br />
EVP_PKEY_sign [[Manual:EVP_PKEY_get_default_digest(3)]]<br><br />
EVP_PKEY_sign [[Manual:EVP_PKEY_keygen(3)]]<br><br />
EVP_PKEY_sign '''[[Manual:EVP_PKEY_sign(3)]]'''<br><br />
EVP_PKEY_sign [[Manual:EVP_PKEY_verify(3)]]<br><br />
EVP_PKEY_sign [[Manual:EVP_PKEY_verify_recover(3)]]<br><br />
EVP_PKEY_size [[Manual:EVP_DigestSignInit(3)]]<br><br />
EVP_PKEY_size [[Manual:EVP_SealInit(3)]]<br><br />
EVP_PKEY_size [[Manual:EVP_SignInit(3)]]<br><br />
EVP_PKEY_type '''[[Manual:EVP_PKEY_set1_RSA(3)]]'''<br><br />
EVP_PKEY_verify_init '''[[Manual:EVP_PKEY_verify(3)]]'''<br><br />
EVP_PKEY_verify [[Manual:EVP_PKEY_CTX_ctrl(3)]]<br><br />
EVP_PKEY_verify [[Manual:EVP_PKEY_decrypt(3)]]<br><br />
EVP_PKEY_verify [[Manual:EVP_PKEY_derive(3)]]<br><br />
EVP_PKEY_verify [[Manual:EVP_PKEY_encrypt(3)]]<br><br />
EVP_PKEY_verify [[Manual:EVP_PKEY_get_default_digest(3)]]<br><br />
EVP_PKEY_verify [[Manual:EVP_PKEY_keygen(3)]]<br><br />
EVP_PKEY_verify [[Manual:EVP_PKEY_sign(3)]]<br><br />
EVP_PKEY_verify '''[[Manual:EVP_PKEY_verify(3)]]'''<br><br />
EVP_PKEY_verify [[Manual:EVP_PKEY_verify_recover(3)]]<br><br />
EVP_PKEY_verify_recover_init '''[[Manual:EVP_PKEY_verify_recover(3)]]'''<br><br />
EVP_PKEY_verify_recover [[Manual:EVP_PKEY_CTX_ctrl(3)]]<br><br />
EVP_PKEY_verify_recover [[Manual:EVP_PKEY_decrypt(3)]]<br><br />
EVP_PKEY_verify_recover [[Manual:EVP_PKEY_derive(3)]]<br><br />
EVP_PKEY_verify_recover [[Manual:EVP_PKEY_encrypt(3)]]<br><br />
EVP_PKEY_verify_recover [[Manual:EVP_PKEY_get_default_digest(3)]]<br><br />
EVP_PKEY_verify_recover [[Manual:EVP_PKEY_keygen(3)]]<br><br />
EVP_PKEY_verify_recover [[Manual:EVP_PKEY_sign(3)]]<br><br />
EVP_PKEY_verify_recover [[Manual:EVP_PKEY_verify(3)]]<br><br />
EVP_PKEY_verify_recover '''[[Manual:EVP_PKEY_verify_recover(3)]]'''<br><br />
EVP_rc2_40_cbc [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_rc2_40_cbc [[Manual:PKCS7_encrypt(3)]]<br><br />
EVP_rc2_64_cbc [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_rc2_64_cbc [[Manual:PKCS7_encrypt(3)]]<br><br />
EVP_rc2_cbc [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_rc2_cfb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_rc2_ecb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_rc2_ofb [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_rc4_40 [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_rc4 [[Manual:EVP_EncryptInit(3)]]<br><br />
EVP_read_pw_string [[Manual:ui_compat(3)]]<br><br />
EVP_ripemd160 '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_ripemd160 [[Manual:hmac(3)]]<br><br />
EVP_SealFinal '''[[Manual:EVP_SealInit(3)]]'''<br><br />
EVP_SealInit [[Manual:evp(3)]]<br><br />
EVP_SealInit [[Manual:EVP_OpenInit(3)]]<br><br />
EVP_SealInit '''[[Manual:EVP_SealInit(3)]]'''<br><br />
EVP_sha1 [[Manual:BIO_f_md(3)]]<br><br />
EVP_sha1 '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_sha1 [[Manual:hmac(3)]]<br><br />
EVP_sha1 [[Manual:OpenSSL_add_all_algorithms(3)]]<br><br />
EVP_sha224 '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_sha256 '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_sha256 [[Manual:EVP_PKEY_sign(3)]]<br><br />
EVP_sha256 [[Manual:EVP_PKEY_verify(3)]]<br><br />
EVP_sha256 [[Manual:EVP_PKEY_verify_recover(3)]]<br><br />
EVP_sha384 '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_sha512 '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_sha '''[[Manual:EVP_DigestInit(3)]]'''<br><br />
EVP_SignFinal [[Manual:BIO_f_md(3)]]<br><br />
EVP_SignFinal '''[[Manual:EVP_SignInit(3)]]'''<br><br />
EVP_SignFinal [[Manual:EVP_VerifyInit(3)]]<br><br />
EVP_VerifyFinal [[Manual:BIO_f_md(3)]]<br><br />
EVP_VerifyFinal [[Manual:EVP_DigestVerifyInit(3)]]<br><br />
EVP_VerifyFinal '''[[Manual:EVP_VerifyInit(3)]]'''<br><br />
generate_key [[Manual:DH_set_method(3)]]<br><br />
HMAC_CTX_cleanup [[Manual:hmac(3)]]<br><br />
HMAC_CTX_init [[Manual:hmac(3)]]<br><br />
HMAC_Final '''[[Manual:hmac(3)]]'''<br><br />
HMAC_Init_ex [[Manual:hmac(3)]]<br><br />
HMAC_Init '''[[Manual:hmac(3)]]'''<br><br />
HMAC '''[[Manual:hmac(3)]]'''<br><br />
HMAC_Update '''[[Manual:hmac(3)]]'''<br><br />
i2d_ASN1_OBJECT '''[[Manual:d2i_ASN1_OBJECT(3)]]'''<br><br />
i2d_CMS_bio [[Manual:i2d_CMS_bio_stream(3)]]<br><br />
i2d_CMS_bio_stream [[Manual:CMS_compress(3)]]<br><br />
i2d_CMS_bio_stream [[Manual:CMS_encrypt(3)]]<br><br />
i2d_CMS_bio_stream [[Manual:CMS_sign(3)]]<br><br />
i2d_CMS_bio_stream '''[[Manual:i2d_CMS_bio_stream(3)]]'''<br><br />
i2d_CMS_bio_stream [[Manual:PEM_write_bio_CMS_stream(3)]]<br><br />
i2d_DHparams '''[[Manual:d2i_DHparams(3)]]'''<br><br />
i2d_DHparams [[Manual:dh(3)]]<br><br />
i2d_DSAparams [[Manual:d2i_DSAPublicKey(3)]]<br><br />
i2d_DSAparams [[Manual:dsa(3)]]<br><br />
i2d_DSAPrivateKey '''[[Manual:d2i_DSAPublicKey(3)]]'''<br><br />
i2d_DSAPrivateKey [[Manual:dsa(3)]]<br><br />
i2d_DSA_PUBKEY '''[[Manual:d2i_DSAPublicKey(3)]]'''<br><br />
i2d_DSAPublicKey '''[[Manual:d2i_DSAPublicKey(3)]]'''<br><br />
i2d_DSAPublicKey [[Manual:dsa(3)]]<br><br />
i2d_DSA_SIG '''[[Manual:d2i_DSAPublicKey(3)]]'''<br><br />
i2d_DSA_SIG [[Manual:dsa(3)]]<br><br />
i2d_ECDSA_SIG [[Manual:ecdsa(3)]]<br><br />
i2d_Netscape_RSA '''[[Manual:d2i_RSAPublicKey(3)]]'''<br><br />
i2d_PKCS7_bio_stream '''[[Manual:i2d_PKCS7_bio_stream(3)]]'''<br><br />
i2d_PKCS7_bio_stream [[Manual:PEM_write_bio_PKCS7_stream(3)]]<br><br />
i2d_PKCS7_bio_stream [[Manual:PKCS7_encrypt(3)]]<br><br />
i2d_PKCS7_bio_stream [[Manual:PKCS7_sign(3)]]<br><br />
i2d_PKCS8PrivateKey_bio '''[[Manual:d2i_PKCS8PrivateKey(3)]]'''<br><br />
i2d_PKCS8PrivateKey_fp '''[[Manual:d2i_PKCS8PrivateKey(3)]]'''<br><br />
i2d_PKCS8PrivateKey_nid_bio '''[[Manual:d2i_PKCS8PrivateKey(3)]]'''<br><br />
i2d_PKCS8PrivateKey_nid_fp '''[[Manual:d2i_PKCS8PrivateKey(3)]]'''<br><br />
i2d_RSAPrivateKey '''[[Manual:d2i_RSAPublicKey(3)]]'''<br><br />
i2d_RSA_PUBKEY '''[[Manual:d2i_RSAPublicKey(3)]]'''<br><br />
i2d_RSAPublicKey '''[[Manual:d2i_RSAPublicKey(3)]]'''<br><br />
i2d_SSL_SESSION '''[[Manual:d2i_SSL_SESSION(3)]]'''<br><br />
i2d_SSL_SESSION [[Manual:SSL_CTX_set_session_id_context(3)]]<br><br />
i2d_SSL_SESSION [[Manual:SSL_SESSION_get_ex_new_index(3)]]<br><br />
i2d_X509_ALGOR '''[[Manual:d2i_X509_ALGOR(3)]]'''<br><br />
i2d_X509_bio '''[[Manual:d2i_X509(3)]]'''<br><br />
i2d_X509_CRL_bio '''[[Manual:d2i_X509_CRL(3)]]'''<br><br />
i2d_X509_CRL_fp '''[[Manual:d2i_X509_CRL(3)]]'''<br><br />
i2d_X509_CRL '''[[Manual:d2i_X509_CRL(3)]]'''<br><br />
i2d_X509_CRL [[Manual:x509(3)]]<br><br />
i2d_X509_fp '''[[Manual:d2i_X509(3)]]'''<br><br />
i2d_X509 [[Manual:d2i_ASN1_OBJECT(3)]]<br><br />
i2d_X509 [[Manual:d2i_DHparams(3)]]<br><br />
i2d_X509 [[Manual:d2i_DSAPublicKey(3)]]<br><br />
i2d_X509 [[Manual:d2i_RSAPublicKey(3)]]<br><br />
i2d_X509 '''[[Manual:d2i_X509(3)]]'''<br><br />
i2d_X509 [[Manual:d2i_X509_ALGOR(3)]]<br><br />
i2d_X509 [[Manual:d2i_X509_CRL(3)]]<br><br />
i2d_X509 [[Manual:d2i_X509_NAME(3)]]<br><br />
i2d_X509 [[Manual:d2i_X509_REQ(3)]]<br><br />
i2d_X509 [[Manual:d2i_X509_SIG(3)]]<br><br />
i2d_X509 [[Manual:x509(3)]]<br><br />
i2d_X509_NAME '''[[Manual:d2i_X509_NAME(3)]]'''<br><br />
i2d_X509_REQ_bio '''[[Manual:d2i_X509_REQ(3)]]'''<br><br />
i2d_X509_REQ_fp '''[[Manual:d2i_X509_REQ(3)]]'''<br><br />
i2d_X509_REQ '''[[Manual:d2i_X509_REQ(3)]]'''<br><br />
i2d_X509_REQ [[Manual:x509(3)]]<br><br />
i2d_X509_SIG '''[[Manual:d2i_X509_SIG(3)]]'''<br><br />
inverse [[Manual:BIO_new_CMS(3)]]<br><br />
inverse [[Manual:BN_BLINDING_new(3)]]<br><br />
inverse '''[[Manual:BN_mod_inverse(3)]]'''<br><br />
inverse [[Manual:BN_mod_mul_montgomery(3)]]<br><br />
lh_delete '''[[Manual:lhash(3)]]'''<br><br />
lh_doall_arg '''[[Manual:lhash(3)]]'''<br><br />
lh_doall '''[[Manual:lhash(3)]]'''<br><br />
lh_free '''[[Manual:lhash(3)]]'''<br><br />
lh_insert '''[[Manual:lhash(3)]]'''<br><br />
lh_new '''[[Manual:lhash(3)]]'''<br><br />
lh_node_stats_bio '''[[Manual:lh_stats(3)]]'''<br><br />
lh_node_stats '''[[Manual:lh_stats(3)]]'''<br><br />
lh_node_usage_stats_bio '''[[Manual:lh_stats(3)]]'''<br><br />
lh_node_usage_stats '''[[Manual:lh_stats(3)]]'''<br><br />
lh_retrieve '''[[Manual:lhash(3)]]'''<br><br />
lh_stats_bio '''[[Manual:lh_stats(3)]]'''<br><br />
lh_stats [[Manual:lhash(3)]]<br><br />
lh_stats '''[[Manual:lh_stats(3)]]'''<br><br />
lh_strhash [[Manual:lhash(3)]]<br><br />
MD4_Final '''[[Manual:md5(3)]]'''<br><br />
MD4_Init '''[[Manual:md5(3)]]'''<br><br />
MD4 '''[[Manual:md5(3)]]'''<br><br />
MD4_Update '''[[Manual:md5(3)]]'''<br><br />
MD5_Final '''[[Manual:md5(3)]]'''<br><br />
MD5_Init '''[[Manual:md5(3)]]'''<br><br />
MD5 [[Manual:BIO_f_md(3)]]<br><br />
MD5 [[Manual:EVP_BytesToKey(3)]]<br><br />
MD5 [[Manual:EVP_DigestInit(3)]]<br><br />
MD5 '''[[Manual:md5(3)]]'''<br><br />
MD5 [[Manual:RSA_sign(3)]]<br><br />
MD5_Update '''[[Manual:md5(3)]]'''<br><br />
MDC2_Final '''[[Manual:mdc2(3)]]'''<br><br />
MDC2_Init '''[[Manual:mdc2(3)]]'''<br><br />
MDC2 [[Manual:EVP_DigestInit(3)]]<br><br />
MDC2 '''[[Manual:mdc2(3)]]'''<br><br />
MDC2_Update '''[[Manual:mdc2(3)]]'''<br><br />
MGF1 [[Manual:RSA_public_encrypt(3)]]<br><br />
OBJ_cleanup '''[[Manual:OBJ_nid2obj(3)]]'''<br><br />
OBJ_cmp '''[[Manual:OBJ_nid2obj(3)]]'''<br><br />
OBJ_create '''[[Manual:OBJ_nid2obj(3)]]'''<br><br />
OBJ_dup '''[[Manual:OBJ_nid2obj(3)]]'''<br><br />
OBJ_ln2nid '''[[Manual:OBJ_nid2obj(3)]]'''<br><br />
OBJ_nid2ln '''[[Manual:OBJ_nid2obj(3)]]'''<br><br />
OBJ_nid2obj [[Manual:ASN1_OBJECT_new(3)]]<br><br />
OBJ_nid2obj '''[[Manual:OBJ_nid2obj(3)]]'''<br><br />
OBJ_nid2obj [[Manual:X509_NAME_ENTRY_get_object(3)]]<br><br />
OBJ_nid2sn [[Manual:BIO_f_md(3)]]<br><br />
OBJ_nid2sn [[Manual:EVP_DigestInit(3)]]<br><br />
OBJ_nid2sn [[Manual:EVP_EncryptInit(3)]]<br><br />
OBJ_nid2sn '''[[Manual:OBJ_nid2obj(3)]]'''<br><br />
OBJ_obj2nid [[Manual:CMS_get0_type(3)]]<br><br />
OBJ_obj2nid [[Manual:EVP_DigestInit(3)]]<br><br />
OBJ_obj2nid [[Manual:EVP_EncryptInit(3)]]<br><br />
OBJ_obj2nid '''[[Manual:OBJ_nid2obj(3)]]'''<br><br />
OBJ_obj2txt '''[[Manual:OBJ_nid2obj(3)]]'''<br><br />
OBJ_sn2nid '''[[Manual:OBJ_nid2obj(3)]]'''<br><br />
OBJ_txt2nid '''[[Manual:OBJ_nid2obj(3)]]'''<br><br />
OBJ_txt2obj '''[[Manual:OBJ_nid2obj(3)]]'''<br><br />
OBJ_txt2obj [[Manual:X509_NAME_add_entry_by_txt(3)]]<br><br />
OpenSSL_add_all_ciphers '''[[Manual:OpenSSL_add_all_algorithms(3)]]'''<br><br />
OpenSSL_add_all_digests [[Manual:EVP_DigestInit(3)]]<br><br />
OpenSSL_add_all_digests '''[[Manual:OpenSSL_add_all_algorithms(3)]]'''<br><br />
OPENSSL_config [[Manual:CONF_modules_free(3)]]<br><br />
OPENSSL_config [[Manual:CONF_modules_load_file(3)]]<br><br />
OPENSSL_config '''[[Manual:OPENSSL_config(3)]]'''<br><br />
OPENSSL_config [[Manual:OPENSSL_load_builtin_modules(3)]]<br><br />
OPENSSL_ia32cap_loc [[Manual:OPENSSL_ia32cap(3)]]<br><br />
OPENSSL_instrument_bus2 [[Manual:OPENSSL_instrument_bus(3)]]<br><br />
OPENSSL_instrument_bus [[Manual:OPENSSL_instrument_bus(3)]]<br><br />
OPENSSL_load_builtin_modules '''[[Manual:OPENSSL_load_builtin_modules(3)]]'''<br><br />
OPENSSL_no_config '''[[Manual:OPENSSL_config(3)]]'''<br><br />
PEM_read_bio_DHparams '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio_DSAparams '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio_DSAPrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio_DSA_PUBKEY '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio [[Manual:pem(3)]]<br><br />
PEM_read_bio_NETSCAPE_CERT_SEQUENCE '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio_PKCS7 '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio_PrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio_PUBKEY '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio_RSAPrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio_RSA_PUBKEY '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio_RSAPublicKey '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio_X509_AUX '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio_X509_CRL '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio_X509 '''[[Manual:pem(3)]]'''<br><br />
PEM_read_bio_X509_REQ '''[[Manual:pem(3)]]'''<br><br />
PEM_read_DHparams '''[[Manual:pem(3)]]'''<br><br />
PEM_read_DSAparams '''[[Manual:pem(3)]]'''<br><br />
PEM_read_DSAPrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_read_DSA_PUBKEY '''[[Manual:pem(3)]]'''<br><br />
PEM_read [[Manual:pem(3)]]<br><br />
PEM_read_NETSCAPE_CERT_SEQUENCE '''[[Manual:pem(3)]]'''<br><br />
PEM_read_PKCS7 '''[[Manual:pem(3)]]'''<br><br />
PEM_read_PrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_read_PUBKEY '''[[Manual:pem(3)]]'''<br><br />
PEM_read_RSAPrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_read_RSA_PUBKEY '''[[Manual:pem(3)]]'''<br><br />
PEM_read_RSAPublicKey '''[[Manual:pem(3)]]'''<br><br />
PEM_read_X509_AUX '''[[Manual:pem(3)]]'''<br><br />
PEM_read_X509_CRL '''[[Manual:pem(3)]]'''<br><br />
PEM_read_X509 '''[[Manual:pem(3)]]'''<br><br />
PEM_read_X509_REQ '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_CMS [[Manual:PEM_write_bio_CMS_stream(3)]]<br><br />
PEM_write_bio_CMS_stream [[Manual:CMS_compress(3)]]<br><br />
PEM_write_bio_CMS_stream [[Manual:CMS_encrypt(3)]]<br><br />
PEM_write_bio_CMS_stream [[Manual:CMS_sign(3)]]<br><br />
PEM_write_bio_CMS_stream [[Manual:i2d_CMS_bio_stream(3)]]<br><br />
PEM_write_bio_CMS_stream '''[[Manual:PEM_write_bio_CMS_stream(3)]]'''<br><br />
PEM_write_bio_DHparams '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_DSAparams '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_DSAPrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_DSA_PUBKEY '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio [[Manual:pem(3)]]<br><br />
PEM_write_bio_NETSCAPE_CERT_SEQUENCE '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_PKCS7 '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_PKCS7 [[Manual:PEM_write_bio_PKCS7_stream(3)]]<br><br />
PEM_write_bio_PKCS7_stream [[Manual:i2d_PKCS7_bio_stream(3)]]<br><br />
PEM_write_bio_PKCS7_stream '''[[Manual:PEM_write_bio_PKCS7_stream(3)]]'''<br><br />
PEM_write_bio_PKCS7_stream [[Manual:PKCS7_encrypt(3)]]<br><br />
PEM_write_bio_PKCS7_stream [[Manual:PKCS7_sign(3)]]<br><br />
PEM_write_bio_PKCS8PrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_PKCS8PrivateKey_nid '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_PrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_PUBKEY '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_RSAPrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_RSA_PUBKEY '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_RSAPublicKey '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_SSL_SESSION [[Manual:SSL_SESSION_get_ex_new_index(3)]]<br><br />
PEM_write_bio_X509_AUX '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_X509_CRL '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_X509 '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_X509_REQ '''[[Manual:pem(3)]]'''<br><br />
PEM_write_bio_X509_REQ_NEW '''[[Manual:pem(3)]]'''<br><br />
PEM_write_DHparams '''[[Manual:pem(3)]]'''<br><br />
PEM_write_DSAparams '''[[Manual:pem(3)]]'''<br><br />
PEM_write_DSAPrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_write_DSA_PUBKEY '''[[Manual:pem(3)]]'''<br><br />
PEM_write [[Manual:pem(3)]]<br><br />
PEM_write_NETSCAPE_CERT_SEQUENCE '''[[Manual:pem(3)]]'''<br><br />
PEM_write_PKCS7 '''[[Manual:pem(3)]]'''<br><br />
PEM_write_PKCS8PrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_write_PKCS8PrivateKey_nid '''[[Manual:pem(3)]]'''<br><br />
PEM_write_PrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_write_PUBKEY '''[[Manual:pem(3)]]'''<br><br />
PEM_write_RSAPrivateKey '''[[Manual:pem(3)]]'''<br><br />
PEM_write_RSA_PUBKEY '''[[Manual:pem(3)]]'''<br><br />
PEM_write_RSAPublicKey '''[[Manual:pem(3)]]'''<br><br />
PEM_write_SSL_SESSION [[Manual:SSL_SESSION_get_ex_new_index(3)]]<br><br />
PEM_write_X509_AUX '''[[Manual:pem(3)]]'''<br><br />
PEM_write_X509_CRL '''[[Manual:pem(3)]]'''<br><br />
PEM_write_X509 '''[[Manual:pem(3)]]'''<br><br />
PEM_write_X509_REQ '''[[Manual:pem(3)]]'''<br><br />
PEM_write_X509_REQ_NEW '''[[Manual:pem(3)]]'''<br><br />
PKCS12_create '''[[Manual:PKCS12_create(3)]]'''<br><br />
PKCS12_parse '''[[Manual:PKCS12_parse(3)]]'''<br><br />
PKCS7_decrypt [[Manual:i2d_PKCS7_bio_stream(3)]]<br><br />
PKCS7_decrypt [[Manual:PEM_write_bio_PKCS7_stream(3)]]<br><br />
PKCS7_decrypt '''[[Manual:PKCS7_decrypt(3)]]'''<br><br />
PKCS7_decrypt [[Manual:PKCS7_encrypt(3)]]<br><br />
PKCS7_decrypt [[Manual:SMIME_read_PKCS7(3)]]<br><br />
PKCS7_decrypt [[Manual:SMIME_write_PKCS7(3)]]<br><br />
PKCS7_encrypt [[Manual:i2d_PKCS7_bio_stream(3)]]<br><br />
PKCS7_encrypt [[Manual:PEM_write_bio_PKCS7_stream(3)]]<br><br />
PKCS7_encrypt [[Manual:PKCS7_decrypt(3)]]<br><br />
PKCS7_encrypt '''[[Manual:PKCS7_encrypt(3)]]'''<br><br />
PKCS7_encrypt [[Manual:SMIME_read_PKCS7(3)]]<br><br />
PKCS7_encrypt [[Manual:SMIME_write_PKCS7(3)]]<br><br />
PKCS7_final [[Manual:PKCS7_sign(3)]]<br><br />
PKCS7_final [[Manual:PKCS7_sign_add_signer(3)]]<br><br />
PKCS7_get0_signers [[Manual:PKCS7_verify(3)]]<br><br />
PKCS7_sign_add_signer [[Manual:PKCS7_sign(3)]]<br><br />
PKCS7_sign_add_signer '''[[Manual:PKCS7_sign_add_signer(3)]]'''<br><br />
PKCS7_SIGNER_INFO_sign [[Manual:PKCS7_sign_add_signer(3)]]<br><br />
PKCS7_sign [[Manual:i2d_PKCS7_bio_stream(3)]]<br><br />
PKCS7_sign [[Manual:PEM_write_bio_PKCS7_stream(3)]]<br><br />
PKCS7_sign [[Manual:PKCS7_decrypt(3)]]<br><br />
PKCS7_sign '''[[Manual:PKCS7_sign(3)]]'''<br><br />
PKCS7_sign [[Manual:PKCS7_sign_add_signer(3)]]<br><br />
PKCS7_sign [[Manual:PKCS7_verify(3)]]<br><br />
PKCS7_sign [[Manual:SMIME_read_PKCS7(3)]]<br><br />
PKCS7_sign [[Manual:SMIME_write_PKCS7(3)]]<br><br />
PKCS7_verify [[Manual:i2d_PKCS7_bio_stream(3)]]<br><br />
PKCS7_verify [[Manual:PEM_write_bio_PKCS7_stream(3)]]<br><br />
PKCS7_verify [[Manual:PKCS7_decrypt(3)]]<br><br />
PKCS7_verify [[Manual:PKCS7_sign(3)]]<br><br />
PKCS7_verify '''[[Manual:PKCS7_verify(3)]]'''<br><br />
PKCS7_verify [[Manual:SMIME_read_PKCS7(3)]]<br><br />
PKCS7_verify [[Manual:SMIME_write_PKCS7(3)]]<br><br />
pkey_cb [[Manual:EVP_PKEY_keygen(3)]]<br><br />
print_fp '''[[Manual:RSA_print(3)]]'''<br><br />
RAND_add [[Manual:BN_rand(3)]]<br><br />
RAND_add [[Manual:rand(3)]]<br><br />
RAND_add '''[[Manual:RAND_add(3)]]'''<br><br />
RAND_add [[Manual:RAND_bytes(3)]]<br><br />
RAND_add [[Manual:RAND_egd(3)]]<br><br />
RAND_add [[Manual:RAND_load_file(3)]]<br><br />
RAND_add [[Manual:RAND_set_rand_method(3)]]<br><br />
RAND_bytes [[Manual:BN_rand(3)]]<br><br />
RAND_bytes [[Manual:rand(3)]]<br><br />
RAND_bytes '''[[Manual:RAND_bytes(3)]]'''<br><br />
RAND_bytes [[Manual:RAND_egd(3)]]<br><br />
RAND_bytes [[Manual:RAND_set_rand_method(3)]]<br><br />
RAND_cleanup [[Manual:rand(3)]]<br><br />
RAND_cleanup [[Manual:RAND_add(3)]]<br><br />
RAND_cleanup '''[[Manual:RAND_cleanup(3)]]'''<br><br />
RAND_cleanup [[Manual:RAND_egd(3)]]<br><br />
RAND_cleanup [[Manual:RAND_load_file(3)]]<br><br />
RAND_cleanup [[Manual:RAND_set_rand_method(3)]]<br><br />
RAND_egd_bytes [[Manual:RAND_egd(3)]]<br><br />
RAND_egd [[Manual:rand(3)]]<br><br />
RAND_egd [[Manual:RAND_add(3)]]<br><br />
RAND_egd '''[[Manual:RAND_egd(3)]]'''<br><br />
RAND_file_name [[Manual:rand(3)]]<br><br />
RAND_file_name '''[[Manual:RAND_load_file(3)]]'''<br><br />
RAND_get_rand_method [[Manual:rand(3)]]<br><br />
RAND_get_rand_method '''[[Manual:RAND_set_rand_method(3)]]'''<br><br />
RAND_load_file [[Manual:rand(3)]]<br><br />
RAND_load_file [[Manual:RAND_add(3)]]<br><br />
RAND_load_file '''[[Manual:RAND_load_file(3)]]'''<br><br />
RAND_pseudo_bytes [[Manual:rand(3)]]<br><br />
RAND_pseudo_bytes '''[[Manual:RAND_bytes(3)]]'''<br><br />
RAND_query_egd_bytes [[Manual:RAND_egd(3)]]<br><br />
RAND_seed [[Manual:des(3)]]<br><br />
RAND_seed [[Manual:rand(3)]]<br><br />
RAND_seed '''[[Manual:RAND_add(3)]]'''<br><br />
RAND_seed [[Manual:RAND_set_rand_method(3)]]<br><br />
RAND_set_rand_engine [[Manual:rand(3)]]<br><br />
RAND_set_rand_engine [[Manual:RAND_set_rand_method(3)]]<br><br />
RAND_set_rand_method [[Manual:rand(3)]]<br><br />
RAND_set_rand_method '''[[Manual:RAND_set_rand_method(3)]]'''<br><br />
RAND_SSLeay [[Manual:rand(3)]]<br><br />
RAND_SSLeay '''[[Manual:RAND_set_rand_method(3)]]'''<br><br />
RAND_status [[Manual:rand(3)]]<br><br />
RAND_status '''[[Manual:RAND_add(3)]]'''<br><br />
RAND_status [[Manual:RAND_egd(3)]]<br><br />
RAND_status [[Manual:RAND_set_rand_method(3)]]<br><br />
RAND_write_file [[Manual:rand(3)]]<br><br />
RAND_write_file '''[[Manual:RAND_load_file(3)]]'''<br><br />
RC4 [[Manual:EVP_EncryptInit(3)]]<br><br />
RC4 [[Manual:OPENSSL_ia32cap(3)]]<br><br />
RC4 '''[[Manual:rc4(3)]]'''<br><br />
RC4_set_key '''[[Manual:rc4(3)]]'''<br><br />
RIPEMD160_Final '''[[Manual:ripemd(3)]]'''<br><br />
RIPEMD160_Init '''[[Manual:ripemd(3)]]'''<br><br />
RIPEMD160 [[Manual:EVP_DigestInit(3)]]<br><br />
RIPEMD160 '''[[Manual:ripemd(3)]]'''<br><br />
RIPEMD160_Update '''[[Manual:ripemd(3)]]'''<br><br />
RSA_blinding_off [[Manual:rsa(3)]]<br><br />
RSA_blinding_off '''[[Manual:RSA_blinding_on(3)]]'''<br><br />
RSA_blinding_on [[Manual:rsa(3)]]<br><br />
RSA_blinding_on '''[[Manual:RSA_blinding_on(3)]]'''<br><br />
RSA_check_key [[Manual:rsa(3)]]<br><br />
RSA_check_key '''[[Manual:RSA_check_key(3)]]'''<br><br />
RSA_flags [[Manual:rsa(3)]]<br><br />
RSA_flags '''[[Manual:RSA_set_method(3)]]'''<br><br />
RSA_free [[Manual:rsa(3)]]<br><br />
RSA_free [[Manual:RSA_generate_key(3)]]<br><br />
RSA_free '''[[Manual:RSA_new(3)]]'''<br><br />
RSA_free [[Manual:RSA_set_method(3)]]<br><br />
RSA_generate_key [[Manual:rsa(3)]]<br><br />
RSA_generate_key '''[[Manual:RSA_generate_key(3)]]'''<br><br />
RSA_generate_key [[Manual:RSA_new(3)]]<br><br />
RSA_get_default_method [[Manual:rsa(3)]]<br><br />
RSA_get_default_method '''[[Manual:RSA_set_method(3)]]'''<br><br />
RSA_get_ex_data [[Manual:DH_get_ex_new_index(3)]]<br><br />
RSA_get_ex_data [[Manual:DSA_get_ex_new_index(3)]]<br><br />
RSA_get_ex_data [[Manual:rsa(3)]]<br><br />
RSA_get_ex_data '''[[Manual:RSA_get_ex_new_index(3)]]'''<br><br />
RSA_get_ex_data [[Manual:X509_STORE_CTX_get_ex_new_index(3)]]<br><br />
RSA_get_ex_new_index [[Manual:CRYPTO_set_ex_data(3)]]<br><br />
RSA_get_ex_new_index [[Manual:DH_get_ex_new_index(3)]]<br><br />
RSA_get_ex_new_index [[Manual:DSA_get_ex_new_index(3)]]<br><br />
RSA_get_ex_new_index [[Manual:rsa(3)]]<br><br />
RSA_get_ex_new_index '''[[Manual:RSA_get_ex_new_index(3)]]'''<br><br />
RSA_get_ex_new_index [[Manual:X509_STORE_CTX_get_ex_new_index(3)]]<br><br />
RSA_get_method [[Manual:rsa(3)]]<br><br />
RSA_get_method '''[[Manual:RSA_set_method(3)]]'''<br><br />
RSA_new [[Manual:rsa(3)]]<br><br />
RSA_new [[Manual:RSA_get_ex_new_index(3)]]<br><br />
RSA_new '''[[Manual:RSA_new(3)]]'''<br><br />
RSA_new [[Manual:RSA_set_method(3)]]<br><br />
RSA_new_method [[Manual:engine(3)]]<br><br />
RSA_new_method [[Manual:rsa(3)]]<br><br />
RSA_new_method [[Manual:RSA_new(3)]]<br><br />
RSA_new_method '''[[Manual:RSA_set_method(3)]]'''<br><br />
RSA_null_method [[Manual:rsa(3)]]<br><br />
RSA_null_method '''[[Manual:RSA_set_method(3)]]'''<br><br />
RSA_padding_add_none '''[[Manual:RSA_padding_add_PKCS1_type_1(3)]]'''<br><br />
RSA_padding_add_PKCS1_OAEP '''[[Manual:RSA_padding_add_PKCS1_type_1(3)]]'''<br><br />
RSA_padding_add_PKCS1_type_1 [[Manual:rsa(3)]]<br><br />
RSA_padding_add_PKCS1_type_1 '''[[Manual:RSA_padding_add_PKCS1_type_1(3)]]'''<br><br />
RSA_padding_add_PKCS1_type_2 '''[[Manual:RSA_padding_add_PKCS1_type_1(3)]]'''<br><br />
RSA_padding_add_SSLv23 '''[[Manual:RSA_padding_add_PKCS1_type_1(3)]]'''<br><br />
RSA_padding_check_none '''[[Manual:RSA_padding_add_PKCS1_type_1(3)]]'''<br><br />
RSA_padding_check_PKCS1_OAEP '''[[Manual:RSA_padding_add_PKCS1_type_1(3)]]'''<br><br />
RSA_padding_check_PKCS1_type_1 '''[[Manual:RSA_padding_add_PKCS1_type_1(3)]]'''<br><br />
RSA_padding_check_PKCS1_type_2 '''[[Manual:RSA_padding_add_PKCS1_type_1(3)]]'''<br><br />
RSA_padding_check_SSLv23 '''[[Manual:RSA_padding_add_PKCS1_type_1(3)]]'''<br><br />
RSA_PKCS1_SSLeay [[Manual:rsa(3)]]<br><br />
RSA_PKCS1_SSLeay '''[[Manual:RSA_set_method(3)]]'''<br><br />
RSA_print_fp [[Manual:rsa(3)]]<br><br />
RSA_print_fp '''[[Manual:RSA_print(3)]]'''<br><br />
RSA_print [[Manual:dh(3)]]<br><br />
RSA_print [[Manual:dsa(3)]]<br><br />
RSA_print [[Manual:rsa(3)]]<br><br />
RSA_print '''[[Manual:RSA_print(3)]]'''<br><br />
RSA_private_decrypt [[Manual:rsa(3)]]<br><br />
RSA_private_decrypt [[Manual:RSA_padding_add_PKCS1_type_1(3)]]<br><br />
RSA_private_decrypt '''[[Manual:RSA_public_encrypt(3)]]'''<br><br />
RSA_private_encrypt [[Manual:rsa(3)]]<br><br />
RSA_private_encrypt '''[[Manual:RSA_private_encrypt(3)]]'''<br><br />
RSA_private_encrypt [[Manual:RSA_sign(3)]]<br><br />
RSA_public_decrypt [[Manual:rsa(3)]]<br><br />
RSA_public_decrypt '''[[Manual:RSA_private_encrypt(3)]]'''<br><br />
RSA_public_decrypt [[Manual:RSA_sign(3)]]<br><br />
RSA_public_encrypt [[Manual:rsa(3)]]<br><br />
RSA_public_encrypt [[Manual:RSA_padding_add_PKCS1_type_1(3)]]<br><br />
RSA_public_encrypt '''[[Manual:RSA_public_encrypt(3)]]'''<br><br />
RSA_set_default_method [[Manual:rsa(3)]]<br><br />
RSA_set_default_method '''[[Manual:RSA_set_method(3)]]'''<br><br />
RSA_set_ex_data [[Manual:DH_get_ex_new_index(3)]]<br><br />
RSA_set_ex_data [[Manual:DSA_get_ex_new_index(3)]]<br><br />
RSA_set_ex_data [[Manual:rsa(3)]]<br><br />
RSA_set_ex_data '''[[Manual:RSA_get_ex_new_index(3)]]'''<br><br />
RSA_set_ex_data [[Manual:X509_STORE_CTX_get_ex_new_index(3)]]<br><br />
RSA_set_method [[Manual:rsa(3)]]<br><br />
RSA_set_method '''[[Manual:RSA_set_method(3)]]'''<br><br />
RSA_sign_ASN1_OCTET_STRING [[Manual:rsa(3)]]<br><br />
RSA_sign_ASN1_OCTET_STRING '''[[Manual:RSA_sign_ASN1_OCTET_STRING(3)]]'''<br><br />
RSA_sign [[Manual:rsa(3)]]<br><br />
RSA_sign [[Manual:RSA_padding_add_PKCS1_type_1(3)]]<br><br />
RSA_sign [[Manual:RSA_private_encrypt(3)]]<br><br />
RSA_sign '''[[Manual:RSA_sign(3)]]'''<br><br />
RSA_sign [[Manual:RSA_sign_ASN1_OCTET_STRING(3)]]<br><br />
RSA_size [[Manual:BN_num_bytes(3)]]<br><br />
RSA_size [[Manual:rsa(3)]]<br><br />
RSA_size [[Manual:RSA_private_encrypt(3)]]<br><br />
RSA_size [[Manual:RSA_public_encrypt(3)]]<br><br />
RSA_size [[Manual:RSA_sign(3)]]<br><br />
RSA_size [[Manual:RSA_sign_ASN1_OCTET_STRING(3)]]<br><br />
RSA_size '''[[Manual:RSA_size(3)]]'''<br><br />
RSA_verify_ASN1_OCTET_STRING [[Manual:rsa(3)]]<br><br />
RSA_verify_ASN1_OCTET_STRING '''[[Manual:RSA_sign_ASN1_OCTET_STRING(3)]]'''<br><br />
RSA_verify [[Manual:rsa(3)]]<br><br />
RSA_verify [[Manual:RSA_padding_add_PKCS1_type_1(3)]]<br><br />
RSA_verify [[Manual:RSA_private_encrypt(3)]]<br><br />
RSA_verify '''[[Manual:RSA_sign(3)]]'''<br><br />
RSA_verify [[Manual:RSA_sign_ASN1_OCTET_STRING(3)]]<br><br />
SHA1_Final '''[[Manual:sha(3)]]'''<br><br />
SHA1_Init '''[[Manual:sha(3)]]'''<br><br />
SHA1 [[Manual:BIO_f_md(3)]]<br><br />
SHA1 [[Manual:CMS_sign(3)]]<br><br />
SHA1 [[Manual:EVP_DigestInit(3)]]<br><br />
SHA1 [[Manual:EVP_DigestSignInit(3)]]<br><br />
SHA1 [[Manual:EVP_DigestVerifyInit(3)]]<br><br />
SHA1 [[Manual:EVP_PKEY_get_default_digest(3)]]<br><br />
SHA1 [[Manual:PKCS7_sign(3)]]<br><br />
SHA1 [[Manual:RSA_sign(3)]]<br><br />
SHA1 '''[[Manual:sha(3)]]'''<br><br />
SHA1_Update '''[[Manual:sha(3)]]'''<br><br />
SHA224 [[Manual:EVP_DigestInit(3)]]<br><br />
SHA256 [[Manual:EVP_DigestInit(3)]]<br><br />
SHA256 [[Manual:EVP_PKEY_sign(3)]]<br><br />
SHA256 [[Manual:EVP_PKEY_verify(3)]]<br><br />
SHA256 [[Manual:EVP_PKEY_verify_recover(3)]]<br><br />
SHA384 [[Manual:EVP_DigestInit(3)]]<br><br />
SHA512 [[Manual:EVP_DigestInit(3)]]<br><br />
SHA [[Manual:ecdsa(3)]]<br><br />
SHA [[Manual:err(3)]]<br><br />
SHA [[Manual:EVP_DigestInit(3)]]<br><br />
SHA [[Manual:md5(3)]]<br><br />
SHA [[Manual:rand(3)]]<br><br />
SHA [[Manual:RSA_public_encrypt(3)]]<br><br />
SHA [[Manual:sha(3)]]<br><br />
SMIME_read_CMS '''[[Manual:SMIME_read_CMS(3)]]'''<br><br />
SMIME_read_PKCS7 '''[[Manual:SMIME_read_PKCS7(3)]]'''<br><br />
SMIME_write_CMS [[Manual:CMS_compress(3)]]<br><br />
SMIME_write_CMS [[Manual:CMS_encrypt(3)]]<br><br />
SMIME_write_CMS [[Manual:CMS_sign(3)]]<br><br />
SMIME_write_CMS [[Manual:i2d_CMS_bio_stream(3)]]<br><br />
SMIME_write_CMS [[Manual:PEM_write_bio_CMS_stream(3)]]<br><br />
SMIME_write_CMS '''[[Manual:SMIME_write_CMS(3)]]'''<br><br />
SMIME_write_PKCS7 [[Manual:i2d_PKCS7_bio_stream(3)]]<br><br />
SMIME_write_PKCS7 [[Manual:PEM_write_bio_PKCS7_stream(3)]]<br><br />
SMIME_write_PKCS7 [[Manual:PKCS7_encrypt(3)]]<br><br />
SMIME_write_PKCS7 [[Manual:PKCS7_sign(3)]]<br><br />
SMIME_write_PKCS7 '''[[Manual:SMIME_write_PKCS7(3)]]'''<br><br />
SSL_accept [[Manual:ssl(3)]]<br><br />
SSL_accept '''[[Manual:SSL_accept(3)]]'''<br><br />
SSL_accept [[Manual:SSL_connect(3)]]<br><br />
SSL_accept [[Manual:SSL_CTX_new(3)]]<br><br />
SSL_accept [[Manual:SSL_CTX_set_info_callback(3)]]<br><br />
SSL_accept [[Manual:SSL_CTX_set_verify(3)]]<br><br />
SSL_accept [[Manual:SSL_do_handshake(3)]]<br><br />
SSL_accept [[Manual:SSL_get_error(3)]]<br><br />
SSL_accept [[Manual:SSL_read(3)]]<br><br />
SSL_accept [[Manual:SSL_set_bio(3)]]<br><br />
SSL_accept [[Manual:SSL_set_connect_state(3)]]<br><br />
SSL_accept [[Manual:SSL_set_fd(3)]]<br><br />
SSL_accept [[Manual:SSL_shutdown(3)]]<br><br />
SSL_accept [[Manual:SSL_write(3)]]<br><br />
SSL_add_client_CA [[Manual:ssl(3)]]<br><br />
SSL_add_client_CA '''[[Manual:SSL_CTX_set_client_CA_list(3)]]'''<br><br />
SSL_add_client_CA [[Manual:SSL_get_client_CA_list(3)]]<br><br />
SSL_add_dir_cert_subjects_to_stack [[Manual:ssl(3)]]<br><br />
SSL_add_file_cert_subjects_to_stack [[Manual:ssl(3)]]<br><br />
SSL_alert_desc_string_long [[Manual:ssl(3)]]<br><br />
SSL_alert_desc_string_long '''[[Manual:SSL_alert_type_string(3)]]'''<br><br />
SSL_alert_desc_string_long [[Manual:SSL_CTX_set_info_callback(3)]]<br><br />
SSL_alert_desc_string [[Manual:ssl(3)]]<br><br />
SSL_alert_desc_string '''[[Manual:SSL_alert_type_string(3)]]'''<br><br />
SSL_alert_type_string_long [[Manual:ssl(3)]]<br><br />
SSL_alert_type_string_long '''[[Manual:SSL_alert_type_string(3)]]'''<br><br />
SSL_alert_type_string_long [[Manual:SSL_CTX_set_info_callback(3)]]<br><br />
SSL_alert_type_string [[Manual:ssl(3)]]<br><br />
SSL_alert_type_string '''[[Manual:SSL_alert_type_string(3)]]'''<br><br />
SSL_alert_type_string [[Manual:SSL_CTX_set_info_callback(3)]]<br><br />
SSL_callback_ctrl '''[[Manual:SSL_CTX_ctrl(3)]]'''<br><br />
SSL_check_private_key [[Manual:ssl(3)]]<br><br />
SSL_check_private_key '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_CIPHER_description [[Manual:ssl(3)]]<br><br />
SSL_CIPHER_description '''[[Manual:SSL_CIPHER_get_name(3)]]'''<br><br />
SSL_CIPHER_get_bits [[Manual:ssl(3)]]<br><br />
SSL_CIPHER_get_bits '''[[Manual:SSL_CIPHER_get_name(3)]]'''<br><br />
SSL_CIPHER_get_bits [[Manual:SSL_get_current_cipher(3)]]<br><br />
SSL_CIPHER_get_name [[Manual:ssl(3)]]<br><br />
SSL_CIPHER_get_name '''[[Manual:SSL_CIPHER_get_name(3)]]'''<br><br />
SSL_CIPHER_get_name [[Manual:SSL_get_ciphers(3)]]<br><br />
SSL_CIPHER_get_name [[Manual:SSL_get_current_cipher(3)]]<br><br />
SSL_CIPHER_get_version [[Manual:ssl(3)]]<br><br />
SSL_CIPHER_get_version '''[[Manual:SSL_CIPHER_get_name(3)]]'''<br><br />
SSL_CIPHER_get_version [[Manual:SSL_get_current_cipher(3)]]<br><br />
SSL_clear [[Manual:ssl(3)]]<br><br />
SSL_clear '''[[Manual:SSL_clear(3)]]'''<br><br />
SSL_clear [[Manual:SSL_CTX_set_client_cert_cb(3)]]<br><br />
SSL_clear [[Manual:SSL_CTX_set_options(3)]]<br><br />
SSL_clear [[Manual:SSL_CTX_set_quiet_shutdown(3)]]<br><br />
SSL_clear [[Manual:SSL_CTX_set_ssl_version(3)]]<br><br />
SSL_clear [[Manual:SSL_CTX_use_certificate(3)]]<br><br />
SSL_clear [[Manual:SSL_free(3)]]<br><br />
SSL_clear [[Manual:SSL_get_session(3)]]<br><br />
SSL_clear [[Manual:SSL_new(3)]]<br><br />
SSL_clear [[Manual:SSL_set_shutdown(3)]]<br><br />
SSL_clear [[Manual:SSL_shutdown(3)]]<br><br />
SSL_COMP_add_compression_method [[Manual:ssl(3)]]<br><br />
SSL_COMP_add_compression_method '''[[Manual:SSL_COMP_add_compression_method(3)]]'''<br><br />
SSL_CONF_cmd_argv [[Manual:SSL_CONF_cmd(3)]]<br><br />
SSL_CONF_cmd_argv '''[[Manual:SSL_CONF_cmd_argv(3)]]'''<br><br />
SSL_CONF_cmd_argv [[Manual:SSL_CONF_CTX_new(3)]]<br><br />
SSL_CONF_cmd_argv [[Manual:SSL_CONF_CTX_set1_prefix(3)]]<br><br />
SSL_CONF_cmd_argv [[Manual:SSL_CONF_CTX_set_flags(3)]]<br><br />
SSL_CONF_cmd_argv [[Manual:SSL_CONF_CTX_set_ssl_ctx(3)]]<br><br />
SSL_CONF_cmd '''[[Manual:SSL_CONF_cmd(3)]]'''<br><br />
SSL_CONF_cmd [[Manual:SSL_CONF_cmd_argv(3)]]<br><br />
SSL_CONF_cmd [[Manual:SSL_CONF_CTX_new(3)]]<br><br />
SSL_CONF_cmd [[Manual:SSL_CONF_CTX_set1_prefix(3)]]<br><br />
SSL_CONF_cmd [[Manual:SSL_CONF_CTX_set_flags(3)]]<br><br />
SSL_CONF_cmd [[Manual:SSL_CONF_CTX_set_ssl_ctx(3)]]<br><br />
SSL_CONF_CTX_clear_flags '''[[Manual:SSL_CONF_CTX_set_flags(3)]]'''<br><br />
SSL_CONF_CTX_free '''[[Manual:SSL_CONF_CTX_new(3)]]'''<br><br />
SSL_CONF_CTX_new [[Manual:SSL_CONF_cmd(3)]]<br><br />
SSL_CONF_CTX_new [[Manual:SSL_CONF_cmd_argv(3)]]<br><br />
SSL_CONF_CTX_new '''[[Manual:SSL_CONF_CTX_new(3)]]'''<br><br />
SSL_CONF_CTX_new [[Manual:SSL_CONF_CTX_set1_prefix(3)]]<br><br />
SSL_CONF_CTX_new [[Manual:SSL_CONF_CTX_set_flags(3)]]<br><br />
SSL_CONF_CTX_new [[Manual:SSL_CONF_CTX_set_ssl_ctx(3)]]<br><br />
SSL_CONF_CTX_set1_prefix [[Manual:SSL_CONF_cmd(3)]]<br><br />
SSL_CONF_CTX_set1_prefix [[Manual:SSL_CONF_cmd_argv(3)]]<br><br />
SSL_CONF_CTX_set1_prefix [[Manual:SSL_CONF_CTX_new(3)]]<br><br />
SSL_CONF_CTX_set1_prefix '''[[Manual:SSL_CONF_CTX_set1_prefix(3)]]'''<br><br />
SSL_CONF_CTX_set1_prefix [[Manual:SSL_CONF_CTX_set_flags(3)]]<br><br />
SSL_CONF_CTX_set1_prefix [[Manual:SSL_CONF_CTX_set_ssl_ctx(3)]]<br><br />
SSL_CONF_CTX_set_flags [[Manual:SSL_CONF_cmd(3)]]<br><br />
SSL_CONF_CTX_set_flags [[Manual:SSL_CONF_cmd_argv(3)]]<br><br />
SSL_CONF_CTX_set_flags [[Manual:SSL_CONF_CTX_new(3)]]<br><br />
SSL_CONF_CTX_set_flags [[Manual:SSL_CONF_CTX_set1_prefix(3)]]<br><br />
SSL_CONF_CTX_set_flags '''[[Manual:SSL_CONF_CTX_set_flags(3)]]'''<br><br />
SSL_CONF_CTX_set_flags [[Manual:SSL_CONF_CTX_set_ssl_ctx(3)]]<br><br />
SSL_CONF_CTX_set_ssl_ctx [[Manual:SSL_CONF_cmd(3)]]<br><br />
SSL_CONF_CTX_set_ssl_ctx [[Manual:SSL_CONF_cmd_argv(3)]]<br><br />
SSL_CONF_CTX_set_ssl_ctx [[Manual:SSL_CONF_CTX_new(3)]]<br><br />
SSL_CONF_CTX_set_ssl_ctx [[Manual:SSL_CONF_CTX_set1_prefix(3)]]<br><br />
SSL_CONF_CTX_set_ssl_ctx [[Manual:SSL_CONF_CTX_set_flags(3)]]<br><br />
SSL_CONF_CTX_set_ssl_ctx '''[[Manual:SSL_CONF_CTX_set_ssl_ctx(3)]]'''<br><br />
SSL_CONF_CTX_set_ssl '''[[Manual:SSL_CONF_CTX_set_ssl_ctx(3)]]'''<br><br />
SSL_connect [[Manual:ssl(3)]]<br><br />
SSL_connect [[Manual:SSL_accept(3)]]<br><br />
SSL_connect '''[[Manual:SSL_connect(3)]]'''<br><br />
SSL_connect [[Manual:SSL_CTX_set_info_callback(3)]]<br><br />
SSL_connect [[Manual:SSL_do_handshake(3)]]<br><br />
SSL_connect [[Manual:SSL_get_error(3)]]<br><br />
SSL_connect [[Manual:SSL_read(3)]]<br><br />
SSL_connect [[Manual:SSL_set_bio(3)]]<br><br />
SSL_connect [[Manual:SSL_set_connect_state(3)]]<br><br />
SSL_connect [[Manual:SSL_set_fd(3)]]<br><br />
SSL_connect [[Manual:SSL_set_session(3)]]<br><br />
SSL_connect [[Manual:SSL_shutdown(3)]]<br><br />
SSL_connect [[Manual:SSL_write(3)]]<br><br />
SSL_copy_session_id [[Manual:ssl(3)]]<br><br />
SSL_ctrl [[Manual:ssl(3)]]<br><br />
SSL_ctrl '''[[Manual:SSL_CTX_ctrl(3)]]'''<br><br />
SSL_CTX_add_client_CA [[Manual:ssl(3)]]<br><br />
SSL_CTX_add_client_CA '''[[Manual:SSL_CTX_set_client_CA_list(3)]]'''<br><br />
SSL_CTX_add_client_CA [[Manual:SSL_get_client_CA_list(3)]]<br><br />
SSL_CTX_add_session [[Manual:ssl(3)]]<br><br />
SSL_CTX_add_session '''[[Manual:SSL_CTX_add_session(3)]]'''<br><br />
SSL_CTX_add_session [[Manual:SSL_CTX_sessions(3)]]<br><br />
SSL_CTX_add_session [[Manual:SSL_CTX_set_session_cache_mode(3)]]<br><br />
SSL_CTX_callback_ctrl '''[[Manual:SSL_CTX_ctrl(3)]]'''<br><br />
SSL_CTX_check_private_key [[Manual:ssl(3)]]<br><br />
SSL_CTX_check_private_key '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_CTX_ctrl [[Manual:ssl(3)]]<br><br />
SSL_CTX_ctrl '''[[Manual:SSL_CTX_ctrl(3)]]'''<br><br />
SSL_CTX_flush_sessions [[Manual:ssl(3)]]<br><br />
SSL_CTX_flush_sessions '''[[Manual:SSL_CTX_flush_sessions(3)]]'''<br><br />
SSL_CTX_flush_sessions [[Manual:SSL_CTX_sess_set_cache_size(3)]]<br><br />
SSL_CTX_flush_sessions [[Manual:SSL_CTX_sess_set_get_cb(3)]]<br><br />
SSL_CTX_flush_sessions [[Manual:SSL_CTX_set_session_cache_mode(3)]]<br><br />
SSL_CTX_flush_sessions [[Manual:SSL_CTX_set_timeout(3)]]<br><br />
SSL_CTX_flush_sessions [[Manual:SSL_get_default_timeout(3)]]<br><br />
SSL_CTX_flush_sessions [[Manual:SSL_get_session(3)]]<br><br />
SSL_CTX_flush_sessions [[Manual:SSL_SESSION_free(3)]]<br><br />
SSL_CTX_free [[Manual:ssl(3)]]<br><br />
SSL_CTX_free '''[[Manual:SSL_CTX_free(3)]]'''<br><br />
SSL_CTX_free [[Manual:SSL_CTX_new(3)]]<br><br />
SSL_CTX_free [[Manual:SSL_CTX_sess_set_get_cb(3)]]<br><br />
SSL_CTX_get_cert_store [[Manual:ssl(3)]]<br><br />
SSL_CTX_get_cert_store '''[[Manual:SSL_CTX_set_cert_store(3)]]'''<br><br />
SSL_CTX_get_client_CA_list [[Manual:ssl(3)]]<br><br />
SSL_CTX_get_client_CA_list '''[[Manual:SSL_get_client_CA_list(3)]]'''<br><br />
SSL_CTX_get_client_cert_cb [[Manual:ssl(3)]]<br><br />
SSL_CTX_get_client_cert_cb '''[[Manual:SSL_CTX_set_client_cert_cb(3)]]'''<br><br />
SSL_CTX_get_ex_data [[Manual:ssl(3)]]<br><br />
SSL_CTX_get_ex_data '''[[Manual:SSL_CTX_get_ex_new_index(3)]]'''<br><br />
SSL_CTX_get_ex_new_index [[Manual:ssl(3)]]<br><br />
SSL_CTX_get_ex_new_index '''[[Manual:SSL_CTX_get_ex_new_index(3)]]'''<br><br />
SSL_CTX_get_info_callback [[Manual:ssl(3)]]<br><br />
SSL_CTX_get_info_callback '''[[Manual:SSL_CTX_set_info_callback(3)]]'''<br><br />
SSL_CTX_get_quiet_shutdown [[Manual:ssl(3)]]<br><br />
SSL_CTX_get_quiet_shutdown '''[[Manual:SSL_CTX_set_quiet_shutdown(3)]]'''<br><br />
SSL_CTX_get_timeout [[Manual:ssl(3)]]<br><br />
SSL_CTX_get_timeout '''[[Manual:SSL_CTX_set_timeout(3)]]'''<br><br />
SSL_CTX_get_verify_callback [[Manual:ssl(3)]]<br><br />
SSL_CTX_get_verify_callback '''[[Manual:SSL_CTX_get_verify_mode(3)]]'''<br><br />
SSL_CTX_get_verify_depth '''[[Manual:SSL_CTX_get_verify_mode(3)]]'''<br><br />
SSL_CTX_get_verify_mode [[Manual:ssl(3)]]<br><br />
SSL_CTX_get_verify_mode '''[[Manual:SSL_CTX_get_verify_mode(3)]]'''<br><br />
SSL_CTX_get_verify_mode [[Manual:SSL_CTX_set_verify(3)]]<br><br />
SSL_CTX_load_verify_locations [[Manual:ssl(3)]]<br><br />
SSL_CTX_load_verify_locations [[Manual:SSL_CTX_add_extra_chain_cert(3)]]<br><br />
SSL_CTX_load_verify_locations '''[[Manual:SSL_CTX_load_verify_locations(3)]]'''<br><br />
SSL_CTX_load_verify_locations [[Manual:SSL_CTX_set_cert_store(3)]]<br><br />
SSL_CTX_load_verify_locations [[Manual:SSL_CTX_set_cert_verify_callback(3)]]<br><br />
SSL_CTX_load_verify_locations [[Manual:SSL_CTX_set_client_CA_list(3)]]<br><br />
SSL_CTX_load_verify_locations [[Manual:SSL_CTX_set_verify(3)]]<br><br />
SSL_CTX_load_verify_locations [[Manual:SSL_CTX_use_certificate(3)]]<br><br />
SSL_CTX_new [[Manual:ssl(3)]]<br><br />
SSL_CTX_new [[Manual:SSL_accept(3)]]<br><br />
SSL_CTX_new [[Manual:SSL_connect(3)]]<br><br />
SSL_CTX_new [[Manual:SSL_CTX_free(3)]]<br><br />
SSL_CTX_new '''[[Manual:SSL_CTX_new(3)]]'''<br><br />
SSL_CTX_new [[Manual:SSL_CTX_set_ssl_version(3)]]<br><br />
SSL_CTX_new [[Manual:SSL_read(3)]]<br><br />
SSL_CTX_new [[Manual:SSL_set_connect_state(3)]]<br><br />
SSL_CTX_new [[Manual:SSL_write(3)]]<br><br />
SSL_CTX_remove_session [[Manual:ssl(3)]]<br><br />
SSL_CTX_remove_session '''[[Manual:SSL_CTX_add_session(3)]]'''<br><br />
SSL_CTX_sess_get_get_cb [[Manual:ssl(3)]]<br><br />
SSL_CTX_sess_get_get_cb '''[[Manual:SSL_CTX_sess_set_get_cb(3)]]'''<br><br />
SSL_CTX_sess_get_new_cb [[Manual:ssl(3)]]<br><br />
SSL_CTX_sess_get_new_cb '''[[Manual:SSL_CTX_sess_set_get_cb(3)]]'''<br><br />
SSL_CTX_sess_get_remove_cb [[Manual:ssl(3)]]<br><br />
SSL_CTX_sess_get_remove_cb '''[[Manual:SSL_CTX_sess_set_get_cb(3)]]'''<br><br />
SSL_CTX_sessions [[Manual:ssl(3)]]<br><br />
SSL_CTX_sessions '''[[Manual:SSL_CTX_sessions(3)]]'''<br><br />
SSL_CTX_sess_set_get_cb [[Manual:d2i_SSL_SESSION(3)]]<br><br />
SSL_CTX_sess_set_get_cb [[Manual:ssl(3)]]<br><br />
SSL_CTX_sess_set_get_cb [[Manual:SSL_CTX_flush_sessions(3)]]<br><br />
SSL_CTX_sess_set_get_cb [[Manual:SSL_CTX_free(3)]]<br><br />
SSL_CTX_sess_set_get_cb '''[[Manual:SSL_CTX_sess_set_get_cb(3)]]'''<br><br />
SSL_CTX_sess_set_get_cb [[Manual:SSL_CTX_set_session_cache_mode(3)]]<br><br />
SSL_CTX_sess_set_new_cb [[Manual:ssl(3)]]<br><br />
SSL_CTX_sess_set_new_cb '''[[Manual:SSL_CTX_sess_set_get_cb(3)]]'''<br><br />
SSL_CTX_sess_set_remove_cb [[Manual:ssl(3)]]<br><br />
SSL_CTX_sess_set_remove_cb [[Manual:SSL_CTX_free(3)]]<br><br />
SSL_CTX_sess_set_remove_cb '''[[Manual:SSL_CTX_sess_set_get_cb(3)]]'''<br><br />
SSL_CTX_set_cert_store [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_cert_store [[Manual:SSL_CTX_load_verify_locations(3)]]<br><br />
SSL_CTX_set_cert_store '''[[Manual:SSL_CTX_set_cert_store(3)]]'''<br><br />
SSL_CTX_set_cert_verify_callback [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_cert_verify_callback '''[[Manual:SSL_CTX_set_cert_verify_callback(3)]]'''<br><br />
SSL_CTX_set_cert_verify_callback [[Manual:SSL_CTX_set_verify(3)]]<br><br />
SSL_CTX_set_cipher_list [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_cipher_list '''[[Manual:SSL_CTX_set_cipher_list(3)]]'''<br><br />
SSL_CTX_set_cipher_list [[Manual:SSL_CTX_set_tmp_dh_callback(3)]]<br><br />
SSL_CTX_set_cipher_list [[Manual:SSL_CTX_set_tmp_rsa_callback(3)]]<br><br />
SSL_CTX_set_cipher_list [[Manual:SSL_CTX_use_certificate(3)]]<br><br />
SSL_CTX_set_cipher_list [[Manual:SSL_get_ciphers(3)]]<br><br />
SSL_CTX_set_client_CA_list [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_client_CA_list [[Manual:SSL_CTX_load_verify_locations(3)]]<br><br />
SSL_CTX_set_client_CA_list '''[[Manual:SSL_CTX_set_client_CA_list(3)]]'''<br><br />
SSL_CTX_set_client_CA_list [[Manual:SSL_get_client_CA_list(3)]]<br><br />
SSL_CTX_set_client_CA_list [[Manual:SSL_load_client_CA_file(3)]]<br><br />
SSL_CTX_set_client_cert_cb [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_client_cert_cb [[Manual:SSL_clear(3)]]<br><br />
SSL_CTX_set_client_cert_cb [[Manual:SSL_CTX_add_extra_chain_cert(3)]]<br><br />
SSL_CTX_set_client_cert_cb '''[[Manual:SSL_CTX_set_client_cert_cb(3)]]'''<br><br />
SSL_CTX_set_client_cert_cb [[Manual:SSL_CTX_use_certificate(3)]]<br><br />
SSL_CTX_set_client_cert_cb [[Manual:SSL_get_client_CA_list(3)]]<br><br />
SSL_CTX_set_client_cert_cb [[Manual:SSL_get_error(3)]]<br><br />
SSL_CTX_set_client_cert_cb [[Manual:SSL_want(3)]]<br><br />
SSL_CTX_set_default_passwd_cb [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_default_passwd_cb '''[[Manual:SSL_CTX_set_default_passwd_cb(3)]]'''<br><br />
SSL_CTX_set_default_passwd_cb [[Manual:SSL_CTX_use_certificate(3)]]<br><br />
SSL_CTX_set_default_passwd_cb_userdata '''[[Manual:SSL_CTX_set_default_passwd_cb(3)]]'''<br><br />
SSL_CTX_set_default_verify_paths [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_ex_data [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_ex_data '''[[Manual:SSL_CTX_get_ex_new_index(3)]]'''<br><br />
SSL_CTX_set_generate_session_id [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_generate_session_id '''[[Manual:SSL_CTX_set_generate_session_id(3)]]'''<br><br />
SSL_CTX_set_info_callback [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_info_callback [[Manual:SSL_alert_type_string(3)]]<br><br />
SSL_CTX_set_info_callback '''[[Manual:SSL_CTX_set_info_callback(3)]]'''<br><br />
SSL_CTX_set_info_callback [[Manual:SSL_state_string(3)]]<br><br />
SSL_CTX_set_msg_callback [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_msg_callback '''[[Manual:SSL_CTX_set_msg_callback(3)]]'''<br><br />
SSL_CTX_set_psk_client_callback [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_psk_client_callback '''[[Manual:SSL_CTX_set_psk_client_callback(3)]]'''<br><br />
SSL_CTX_set_psk_server_callback [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_psk_server_callback '''[[Manual:SSL_CTX_use_psk_identity_hint(3)]]'''<br><br />
SSL_CTX_set_quiet_shutdown [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_quiet_shutdown '''[[Manual:SSL_CTX_set_quiet_shutdown(3)]]'''<br><br />
SSL_CTX_set_quiet_shutdown [[Manual:SSL_set_shutdown(3)]]<br><br />
SSL_CTX_set_quiet_shutdown [[Manual:SSL_shutdown(3)]]<br><br />
SSL_CTX_set_session_id_context [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_session_id_context [[Manual:SSL_CTX_set_session_cache_mode(3)]]<br><br />
SSL_CTX_set_session_id_context '''[[Manual:SSL_CTX_set_session_id_context(3)]]'''<br><br />
SSL_CTX_set_ssl_version [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_ssl_version '''[[Manual:SSL_CTX_set_ssl_version(3)]]'''<br><br />
SSL_CTX_set_ssl_version [[Manual:SSL_set_connect_state(3)]]<br><br />
SSL_CTX_set_timeout [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_timeout [[Manual:SSL_CTX_flush_sessions(3)]]<br><br />
SSL_CTX_set_timeout [[Manual:SSL_CTX_set_session_cache_mode(3)]]<br><br />
SSL_CTX_set_timeout '''[[Manual:SSL_CTX_set_timeout(3)]]'''<br><br />
SSL_CTX_set_timeout [[Manual:SSL_get_default_timeout(3)]]<br><br />
SSL_CTX_set_timeout [[Manual:SSL_SESSION_get_time(3)]]<br><br />
SSL_CTX_set_tmp_dh_callback [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_tmp_dh_callback [[Manual:SSL_CTX_set_cipher_list(3)]]<br><br />
SSL_CTX_set_tmp_dh_callback [[Manual:SSL_CTX_set_options(3)]]<br><br />
SSL_CTX_set_tmp_dh_callback '''[[Manual:SSL_CTX_set_tmp_dh_callback(3)]]'''<br><br />
SSL_CTX_set_tmp_dh_callback [[Manual:SSL_CTX_set_tmp_rsa_callback(3)]]<br><br />
SSL_CTX_set_tmp_rsa_callback [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_tmp_rsa_callback [[Manual:SSL_CTX_set_cipher_list(3)]]<br><br />
SSL_CTX_set_tmp_rsa_callback [[Manual:SSL_CTX_set_options(3)]]<br><br />
SSL_CTX_set_tmp_rsa_callback [[Manual:SSL_CTX_set_tmp_dh_callback(3)]]<br><br />
SSL_CTX_set_tmp_rsa_callback '''[[Manual:SSL_CTX_set_tmp_rsa_callback(3)]]'''<br><br />
SSL_CTX_set_verify_depth '''[[Manual:SSL_CTX_set_verify(3)]]'''<br><br />
SSL_CTX_set_verify [[Manual:ssl(3)]]<br><br />
SSL_CTX_set_verify [[Manual:SSL_CTX_get_verify_mode(3)]]<br><br />
SSL_CTX_set_verify [[Manual:SSL_CTX_set_cert_store(3)]]<br><br />
SSL_CTX_set_verify [[Manual:SSL_CTX_set_cert_verify_callback(3)]]<br><br />
SSL_CTX_set_verify [[Manual:SSL_CTX_set_client_CA_list(3)]]<br><br />
SSL_CTX_set_verify [[Manual:SSL_CTX_set_max_cert_list(3)]]<br><br />
SSL_CTX_set_verify '''[[Manual:SSL_CTX_set_verify(3)]]'''<br><br />
SSL_CTX_set_verify [[Manual:SSL_get_ex_data_X509_STORE_CTX_idx(3)]]<br><br />
SSL_CTX_set_verify [[Manual:SSL_get_ex_new_index(3)]]<br><br />
SSL_CTX_set_verify [[Manual:SSL_get_peer_certificate(3)]]<br><br />
SSL_CTX_use_certificate_ASN1 [[Manual:ssl(3)]]<br><br />
SSL_CTX_use_certificate_ASN1 '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_CTX_use_certificate_chain_file '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_CTX_use_certificate_file [[Manual:ssl(3)]]<br><br />
SSL_CTX_use_certificate_file '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_CTX_use_certificate [[Manual:ssl(3)]]<br><br />
SSL_CTX_use_certificate [[Manual:SSL_CTX_add_extra_chain_cert(3)]]<br><br />
SSL_CTX_use_certificate [[Manual:SSL_CTX_load_verify_locations(3)]]<br><br />
SSL_CTX_use_certificate [[Manual:SSL_CTX_set_cipher_list(3)]]<br><br />
SSL_CTX_use_certificate [[Manual:SSL_CTX_set_client_cert_cb(3)]]<br><br />
SSL_CTX_use_certificate [[Manual:SSL_CTX_set_default_passwd_cb(3)]]<br><br />
SSL_CTX_use_certificate '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_CTX_use_PrivateKey_ASN1 [[Manual:ssl(3)]]<br><br />
SSL_CTX_use_PrivateKey_ASN1 '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_CTX_use_PrivateKey_file [[Manual:ssl(3)]]<br><br />
SSL_CTX_use_PrivateKey_file '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_CTX_use_PrivateKey [[Manual:ssl(3)]]<br><br />
SSL_CTX_use_PrivateKey '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_CTX_use_psk_identity_hint [[Manual:ssl(3)]]<br><br />
SSL_CTX_use_psk_identity_hint '''[[Manual:SSL_CTX_use_psk_identity_hint(3)]]'''<br><br />
SSL_CTX_use_RSAPrivateKey_ASN1 [[Manual:ssl(3)]]<br><br />
SSL_CTX_use_RSAPrivateKey_ASN1 '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_CTX_use_RSAPrivateKey_file [[Manual:ssl(3)]]<br><br />
SSL_CTX_use_RSAPrivateKey_file '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_CTX_use_RSAPrivateKey [[Manual:ssl(3)]]<br><br />
SSL_CTX_use_RSAPrivateKey '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_do_handshake [[Manual:ssl(3)]]<br><br />
SSL_do_handshake [[Manual:SSL_accept(3)]]<br><br />
SSL_do_handshake [[Manual:SSL_connect(3)]]<br><br />
SSL_do_handshake '''[[Manual:SSL_do_handshake(3)]]'''<br><br />
SSL_do_handshake [[Manual:SSL_get_error(3)]]<br><br />
SSL_do_handshake [[Manual:SSL_set_connect_state(3)]]<br><br />
SSL_dup_CA_list [[Manual:ssl(3)]]<br><br />
SSL_dup [[Manual:ssl(3)]]<br><br />
SSLeay_version '''[[Manual:OPENSSL_VERSION_NUMBER(3)]]'''<br><br />
SSLeay_version '''[[Manual:SSLeay_version(3)]]'''<br><br />
SSL_free [[Manual:ssl(3)]]<br><br />
SSL_free [[Manual:SSL_clear(3)]]<br><br />
SSL_free [[Manual:SSL_CTX_set_client_cert_cb(3)]]<br><br />
SSL_free [[Manual:SSL_CTX_set_quiet_shutdown(3)]]<br><br />
SSL_free '''[[Manual:SSL_free(3)]]'''<br><br />
SSL_free [[Manual:SSL_get_session(3)]]<br><br />
SSL_free [[Manual:SSL_new(3)]]<br><br />
SSL_free [[Manual:SSL_set_shutdown(3)]]<br><br />
SSL_free [[Manual:SSL_shutdown(3)]]<br><br />
SSL_get1_session [[Manual:SSL_get_session(3)]]<br><br />
SSL_get1_session [[Manual:SSL_SESSION_free(3)]]<br><br />
SSL_get_certificate [[Manual:ssl(3)]]<br><br />
SSL_get_cipher_list [[Manual:ssl(3)]]<br><br />
SSL_get_cipher_list '''[[Manual:SSL_get_ciphers(3)]]'''<br><br />
SSL_get_ciphers [[Manual:ssl(3)]]<br><br />
SSL_get_ciphers [[Manual:SSL_CIPHER_get_name(3)]]<br><br />
SSL_get_ciphers [[Manual:SSL_CTX_set_cipher_list(3)]]<br><br />
SSL_get_ciphers '''[[Manual:SSL_get_ciphers(3)]]'''<br><br />
SSL_get_client_CA_list [[Manual:ssl(3)]]<br><br />
SSL_get_client_CA_list [[Manual:SSL_CTX_load_verify_locations(3)]]<br><br />
SSL_get_client_CA_list [[Manual:SSL_CTX_set_client_CA_list(3)]]<br><br />
SSL_get_client_CA_list [[Manual:SSL_CTX_set_client_cert_cb(3)]]<br><br />
SSL_get_client_CA_list '''[[Manual:SSL_get_client_CA_list(3)]]'''<br><br />
SSL_get_current_cipher [[Manual:ssl(3)]]<br><br />
SSL_get_current_cipher [[Manual:SSL_CIPHER_get_name(3)]]<br><br />
SSL_get_current_cipher '''[[Manual:SSL_get_current_cipher(3)]]'''<br><br />
SSL_get_default_timeout [[Manual:ssl(3)]]<br><br />
SSL_get_default_timeout [[Manual:SSL_CTX_set_timeout(3)]]<br><br />
SSL_get_default_timeout '''[[Manual:SSL_get_default_timeout(3)]]'''<br><br />
SSL_get_default_timeout [[Manual:SSL_SESSION_get_time(3)]]<br><br />
SSL_get_error [[Manual:ssl(3)]]<br><br />
SSL_get_error [[Manual:SSL_accept(3)]]<br><br />
SSL_get_error [[Manual:SSL_connect(3)]]<br><br />
SSL_get_error [[Manual:SSL_CTX_set_client_cert_cb(3)]]<br><br />
SSL_get_error [[Manual:SSL_do_handshake(3)]]<br><br />
SSL_get_error '''[[Manual:SSL_get_error(3)]]'''<br><br />
SSL_get_error [[Manual:SSL_read(3)]]<br><br />
SSL_get_error [[Manual:SSL_shutdown(3)]]<br><br />
SSL_get_error [[Manual:SSL_want(3)]]<br><br />
SSL_get_error [[Manual:SSL_write(3)]]<br><br />
SSL_get_ex_data [[Manual:ssl(3)]]<br><br />
SSL_get_ex_data [[Manual:SSL_CTX_set_verify(3)]]<br><br />
SSL_get_ex_data '''[[Manual:SSL_get_ex_new_index(3)]]'''<br><br />
SSL_get_ex_data_X509_STORE_CTX_idx [[Manual:ssl(3)]]<br><br />
SSL_get_ex_data_X509_STORE_CTX_idx [[Manual:SSL_CTX_set_verify(3)]]<br><br />
SSL_get_ex_data_X509_STORE_CTX_idx '''[[Manual:SSL_get_ex_data_X509_STORE_CTX_idx(3)]]'''<br><br />
SSL_get_ex_new_index [[Manual:ssl(3)]]<br><br />
SSL_get_ex_new_index [[Manual:SSL_CTX_set_verify(3)]]<br><br />
SSL_get_ex_new_index '''[[Manual:SSL_get_ex_new_index(3)]]'''<br><br />
SSL_get_fd [[Manual:ssl(3)]]<br><br />
SSL_get_fd '''[[Manual:SSL_get_fd(3)]]'''<br><br />
SSL_get_fd [[Manual:SSL_set_fd(3)]]<br><br />
SSL_get_info_callback [[Manual:ssl(3)]]<br><br />
SSL_get_info_callback '''[[Manual:SSL_CTX_set_info_callback(3)]]'''<br><br />
SSL_get_peer_cert_chain [[Manual:ssl(3)]]<br><br />
SSL_get_peer_cert_chain '''[[Manual:SSL_get_peer_cert_chain(3)]]'''<br><br />
SSL_get_peer_certificate [[Manual:ssl(3)]]<br><br />
SSL_get_peer_certificate [[Manual:SSL_CTX_set_verify(3)]]<br><br />
SSL_get_peer_certificate [[Manual:SSL_get_peer_cert_chain(3)]]<br><br />
SSL_get_peer_certificate '''[[Manual:SSL_get_peer_certificate(3)]]'''<br><br />
SSL_get_peer_certificate [[Manual:SSL_get_verify_result(3)]]<br><br />
SSL_get_peer_certificate [[Manual:SSL_set_verify_result(3)]]<br><br />
SSL_get_privatekey [[Manual:ssl(3)]]<br><br />
SSL_get_psk_identity_hint [[Manual:ssl(3)]]<br><br />
SSL_get_psk_identity_hint '''[[Manual:SSL_get_psk_identity(3)]]'''<br><br />
SSL_get_psk_identity [[Manual:ssl(3)]]<br><br />
SSL_get_psk_identity '''[[Manual:SSL_get_psk_identity(3)]]'''<br><br />
SSL_get_quiet_shutdown [[Manual:ssl(3)]]<br><br />
SSL_get_quiet_shutdown '''[[Manual:SSL_CTX_set_quiet_shutdown(3)]]'''<br><br />
SSL_get_rbio [[Manual:ssl(3)]]<br><br />
SSL_get_rbio '''[[Manual:SSL_get_rbio(3)]]'''<br><br />
SSL_get_rbio [[Manual:SSL_set_bio(3)]]<br><br />
SSL_get_read_ahead [[Manual:ssl(3)]]<br><br />
SSL_get_rfd [[Manual:SSL_get_fd(3)]]<br><br />
SSL_get_session [[Manual:ssl(3)]]<br><br />
SSL_get_session [[Manual:SSL_clear(3)]]<br><br />
SSL_get_session '''[[Manual:SSL_get_session(3)]]'''<br><br />
SSL_get_session [[Manual:SSL_SESSION_free(3)]]<br><br />
SSL_get_session [[Manual:SSL_set_session(3)]]<br><br />
SSL_get_shared_ciphers [[Manual:ssl(3)]]<br><br />
SSL_get_shutdown [[Manual:ssl(3)]]<br><br />
SSL_get_shutdown '''[[Manual:SSL_set_shutdown(3)]]'''<br><br />
SSL_get_shutdown [[Manual:SSL_shutdown(3)]]<br><br />
SSL_get_SSL_CTX [[Manual:ssl(3)]]<br><br />
SSL_get_SSL_CTX '''[[Manual:SSL_get_SSL_CTX(3)]]'''<br><br />
SSL_get_SSL_CTX [[Manual:SSL_new(3)]]<br><br />
SSL_get_ssl_method [[Manual:ssl(3)]]<br><br />
SSL_get_ssl_method '''[[Manual:SSL_CTX_set_ssl_version(3)]]'''<br><br />
SSL_get_verify_callback [[Manual:ssl(3)]]<br><br />
SSL_get_verify_callback '''[[Manual:SSL_CTX_get_verify_mode(3)]]'''<br><br />
SSL_get_verify_depth '''[[Manual:SSL_CTX_get_verify_mode(3)]]'''<br><br />
SSL_get_verify_mode [[Manual:ssl(3)]]<br><br />
SSL_get_verify_mode '''[[Manual:SSL_CTX_get_verify_mode(3)]]'''<br><br />
SSL_get_verify_result [[Manual:ssl(3)]]<br><br />
SSL_get_verify_result [[Manual:SSL_CTX_set_cert_verify_callback(3)]]<br><br />
SSL_get_verify_result [[Manual:SSL_CTX_set_verify(3)]]<br><br />
SSL_get_verify_result [[Manual:SSL_get_peer_certificate(3)]]<br><br />
SSL_get_verify_result '''[[Manual:SSL_get_verify_result(3)]]'''<br><br />
SSL_get_verify_result [[Manual:SSL_set_verify_result(3)]]<br><br />
SSL_get_version [[Manual:ssl(3)]]<br><br />
SSL_get_version [[Manual:SSL_CTX_set_generate_session_id(3)]]<br><br />
SSL_get_version '''[[Manual:SSL_get_version(3)]]'''<br><br />
SSL_get_wbio [[Manual:ssl(3)]]<br><br />
SSL_get_wbio [[Manual:SSL_get_rbio(3)]]<br><br />
SSL_get_wfd [[Manual:SSL_get_fd(3)]]<br><br />
SSL_has_matching_session_id '''[[Manual:SSL_CTX_set_generate_session_id(3)]]'''<br><br />
SSL_library_init [[Manual:ssl(3)]]<br><br />
SSL_library_init '''[[Manual:SSL_library_init(3)]]'''<br><br />
SSL_load_client_CA_file [[Manual:ssl(3)]]<br><br />
SSL_load_client_CA_file [[Manual:SSL_CTX_set_client_CA_list(3)]]<br><br />
SSL_load_client_CA_file '''[[Manual:SSL_load_client_CA_file(3)]]'''<br><br />
SSL_load_error_strings [[Manual:ssl(3)]]<br><br />
SSL_load_error_strings [[Manual:SSL_library_init(3)]]<br><br />
SSL_new [[Manual:ssl(3)]]<br><br />
SSL_new [[Manual:SSL_clear(3)]]<br><br />
SSL_new [[Manual:SSL_CTX_set_cert_verify_callback(3)]]<br><br />
SSL_new [[Manual:SSL_CTX_set_max_cert_list(3)]]<br><br />
SSL_new [[Manual:SSL_CTX_set_msg_callback(3)]]<br><br />
SSL_new [[Manual:SSL_CTX_set_options(3)]]<br><br />
SSL_new [[Manual:SSL_CTX_set_quiet_shutdown(3)]]<br><br />
SSL_new [[Manual:SSL_CTX_set_ssl_version(3)]]<br><br />
SSL_new [[Manual:SSL_CTX_set_tmp_rsa_callback(3)]]<br><br />
SSL_new [[Manual:SSL_CTX_set_verify(3)]]<br><br />
SSL_new [[Manual:SSL_CTX_use_certificate(3)]]<br><br />
SSL_new [[Manual:SSL_free(3)]]<br><br />
SSL_new [[Manual:SSL_get_SSL_CTX(3)]]<br><br />
SSL_new '''[[Manual:SSL_new(3)]]'''<br><br />
SSL_new [[Manual:SSL_set_connect_state(3)]]<br><br />
SSL_peek [[Manual:ssl(3)]]<br><br />
SSL_peek [[Manual:SSL_get_error(3)]]<br><br />
SSL_pending [[Manual:ssl(3)]]<br><br />
SSL_pending '''[[Manual:SSL_pending(3)]]'''<br><br />
SSL_pending [[Manual:SSL_read(3)]]<br><br />
SSL_read [[Manual:ssl(3)]]<br><br />
SSL_read [[Manual:SSL_CTX_set_mode(3)]]<br><br />
SSL_read [[Manual:SSL_get_error(3)]]<br><br />
SSL_read [[Manual:SSL_pending(3)]]<br><br />
SSL_read '''[[Manual:SSL_read(3)]]'''<br><br />
SSL_read [[Manual:SSL_set_connect_state(3)]]<br><br />
SSL_read [[Manual:SSL_shutdown(3)]]<br><br />
SSL_read [[Manual:SSL_write(3)]]<br><br />
SSL_renegotiate [[Manual:ssl(3)]]<br><br />
SSL_rstate_string_long [[Manual:ssl(3)]]<br><br />
SSL_rstate_string_long '''[[Manual:SSL_rstate_string(3)]]'''<br><br />
SSL_rstate_string [[Manual:ssl(3)]]<br><br />
SSL_rstate_string '''[[Manual:SSL_rstate_string(3)]]'''<br><br />
SSL_SESSION_free [[Manual:d2i_SSL_SESSION(3)]]<br><br />
SSL_SESSION_free [[Manual:ssl(3)]]<br><br />
SSL_SESSION_free [[Manual:SSL_CTX_add_session(3)]]<br><br />
SSL_SESSION_free [[Manual:SSL_CTX_sess_set_get_cb(3)]]<br><br />
SSL_SESSION_free [[Manual:SSL_get_session(3)]]<br><br />
SSL_SESSION_free '''[[Manual:SSL_SESSION_free(3)]]'''<br><br />
SSL_SESSION_free [[Manual:SSL_set_session(3)]]<br><br />
SSL_SESSION_get_ex_data [[Manual:ssl(3)]]<br><br />
SSL_SESSION_get_ex_data '''[[Manual:SSL_SESSION_get_ex_new_index(3)]]'''<br><br />
SSL_SESSION_get_ex_new_index [[Manual:ssl(3)]]<br><br />
SSL_SESSION_get_ex_new_index '''[[Manual:SSL_SESSION_get_ex_new_index(3)]]'''<br><br />
SSL_SESSION_get_time [[Manual:ssl(3)]]<br><br />
SSL_SESSION_get_time [[Manual:SSL_CTX_set_timeout(3)]]<br><br />
SSL_SESSION_get_time [[Manual:SSL_get_default_timeout(3)]]<br><br />
SSL_SESSION_get_time '''[[Manual:SSL_SESSION_get_time(3)]]'''<br><br />
SSL_SESSION_get_timeout [[Manual:ssl(3)]]<br><br />
SSL_SESSION_get_timeout '''[[Manual:SSL_SESSION_get_time(3)]]'''<br><br />
SSL_SESSION_new [[Manual:ssl(3)]]<br><br />
SSL_SESSION_print_fp [[Manual:ssl(3)]]<br><br />
SSL_SESSION_print [[Manual:ssl(3)]]<br><br />
SSL_SESSION_set_ex_data [[Manual:ssl(3)]]<br><br />
SSL_SESSION_set_ex_data '''[[Manual:SSL_SESSION_get_ex_new_index(3)]]'''<br><br />
SSL_SESSION_set_time [[Manual:ssl(3)]]<br><br />
SSL_SESSION_set_time '''[[Manual:SSL_SESSION_get_time(3)]]'''<br><br />
SSL_SESSION_set_timeout [[Manual:ssl(3)]]<br><br />
SSL_SESSION_set_timeout '''[[Manual:SSL_SESSION_get_time(3)]]'''<br><br />
SSL_set_accept_state [[Manual:ssl(3)]]<br><br />
SSL_set_accept_state [[Manual:SSL_do_handshake(3)]]<br><br />
SSL_set_accept_state [[Manual:SSL_read(3)]]<br><br />
SSL_set_accept_state [[Manual:SSL_set_connect_state(3)]]<br><br />
SSL_set_accept_state [[Manual:SSL_write(3)]]<br><br />
SSL_set_bio [[Manual:ssl(3)]]<br><br />
SSL_set_bio [[Manual:SSL_get_rbio(3)]]<br><br />
SSL_set_bio '''[[Manual:SSL_set_bio(3)]]'''<br><br />
SSL_set_bio [[Manual:SSL_set_fd(3)]]<br><br />
SSL_set_cipher_list [[Manual:ssl(3)]]<br><br />
SSL_set_cipher_list '''[[Manual:SSL_CTX_set_cipher_list(3)]]'''<br><br />
SSL_set_client_CA_list [[Manual:ssl(3)]]<br><br />
SSL_set_client_CA_list '''[[Manual:SSL_CTX_set_client_CA_list(3)]]'''<br><br />
SSL_set_client_CA_list [[Manual:SSL_get_client_CA_list(3)]]<br><br />
SSL_set_connect_state [[Manual:ssl(3)]]<br><br />
SSL_set_connect_state [[Manual:SSL_accept(3)]]<br><br />
SSL_set_connect_state [[Manual:SSL_connect(3)]]<br><br />
SSL_set_connect_state [[Manual:SSL_CTX_new(3)]]<br><br />
SSL_set_connect_state [[Manual:SSL_CTX_set_ssl_version(3)]]<br><br />
SSL_set_connect_state [[Manual:SSL_do_handshake(3)]]<br><br />
SSL_set_connect_state [[Manual:SSL_read(3)]]<br><br />
SSL_set_connect_state '''[[Manual:SSL_set_connect_state(3)]]'''<br><br />
SSL_set_connect_state [[Manual:SSL_write(3)]]<br><br />
SSL_set_ex_data [[Manual:ssl(3)]]<br><br />
SSL_set_ex_data [[Manual:SSL_CTX_set_verify(3)]]<br><br />
SSL_set_ex_data '''[[Manual:SSL_get_ex_new_index(3)]]'''<br><br />
SSL_set_fd [[Manual:ssl(3)]]<br><br />
SSL_set_fd [[Manual:SSL_get_error(3)]]<br><br />
SSL_set_fd [[Manual:SSL_get_fd(3)]]<br><br />
SSL_set_fd '''[[Manual:SSL_set_fd(3)]]'''<br><br />
SSL_set_generate_session_id '''[[Manual:SSL_CTX_set_generate_session_id(3)]]'''<br><br />
SSL_set_info_callback [[Manual:ssl(3)]]<br><br />
SSL_set_info_callback '''[[Manual:SSL_CTX_set_info_callback(3)]]'''<br><br />
SSL_set_info_callback [[Manual:SSL_state_string(3)]]<br><br />
SSL_set_msg_callback [[Manual:ssl(3)]]<br><br />
SSL_set_msg_callback '''[[Manual:SSL_CTX_set_msg_callback(3)]]'''<br><br />
SSL_set_psk_client_callback [[Manual:ssl(3)]]<br><br />
SSL_set_psk_client_callback '''[[Manual:SSL_CTX_set_psk_client_callback(3)]]'''<br><br />
SSL_set_psk_server_callback [[Manual:ssl(3)]]<br><br />
SSL_set_psk_server_callback '''[[Manual:SSL_CTX_use_psk_identity_hint(3)]]'''<br><br />
SSL_set_quiet_shutdown [[Manual:ssl(3)]]<br><br />
SSL_set_quiet_shutdown '''[[Manual:SSL_CTX_set_quiet_shutdown(3)]]'''<br><br />
SSL_set_read_ahead [[Manual:ssl(3)]]<br><br />
SSL_set_rfd [[Manual:ssl(3)]]<br><br />
SSL_set_rfd [[Manual:SSL_set_fd(3)]]<br><br />
SSL_set_session_id_context '''[[Manual:SSL_CTX_set_session_id_context(3)]]'''<br><br />
SSL_set_session [[Manual:ssl(3)]]<br><br />
SSL_set_session [[Manual:SSL_clear(3)]]<br><br />
SSL_set_session [[Manual:SSL_CTX_sess_number(3)]]<br><br />
SSL_set_session [[Manual:SSL_CTX_set_session_cache_mode(3)]]<br><br />
SSL_set_session [[Manual:SSL_session_reused(3)]]<br><br />
SSL_set_session '''[[Manual:SSL_set_session(3)]]'''<br><br />
SSL_set_shutdown [[Manual:ssl(3)]]<br><br />
SSL_set_shutdown [[Manual:SSL_clear(3)]]<br><br />
SSL_set_shutdown [[Manual:SSL_CTX_set_quiet_shutdown(3)]]<br><br />
SSL_set_shutdown [[Manual:SSL_free(3)]]<br><br />
SSL_set_shutdown [[Manual:SSL_read(3)]]<br><br />
SSL_set_shutdown '''[[Manual:SSL_set_shutdown(3)]]'''<br><br />
SSL_set_shutdown [[Manual:SSL_shutdown(3)]]<br><br />
SSL_set_ssl_method [[Manual:ssl(3)]]<br><br />
SSL_set_ssl_method '''[[Manual:SSL_CTX_set_ssl_version(3)]]'''<br><br />
SSL_set_ssl_method [[Manual:SSL_set_connect_state(3)]]<br><br />
SSL_set_tmp_dh_callback '''[[Manual:SSL_CTX_set_tmp_dh_callback(3)]]'''<br><br />
SSL_set_tmp_rsa_callback [[Manual:ssl(3)]]<br><br />
SSL_set_tmp_rsa_callback '''[[Manual:SSL_CTX_set_tmp_rsa_callback(3)]]'''<br><br />
SSL_set_verify_depth '''[[Manual:SSL_CTX_set_verify(3)]]'''<br><br />
SSL_set_verify [[Manual:ssl(3)]]<br><br />
SSL_set_verify '''[[Manual:SSL_CTX_set_verify(3)]]'''<br><br />
SSL_set_verify_result [[Manual:ssl(3)]]<br><br />
SSL_set_verify_result [[Manual:SSL_get_verify_result(3)]]<br><br />
SSL_set_verify_result '''[[Manual:SSL_set_verify_result(3)]]'''<br><br />
SSL_set_wfd [[Manual:ssl(3)]]<br><br />
SSL_set_wfd [[Manual:SSL_set_fd(3)]]<br><br />
SSL_shutdown [[Manual:ssl(3)]]<br><br />
SSL_shutdown [[Manual:SSL_accept(3)]]<br><br />
SSL_shutdown [[Manual:SSL_clear(3)]]<br><br />
SSL_shutdown [[Manual:SSL_connect(3)]]<br><br />
SSL_shutdown [[Manual:SSL_CTX_set_quiet_shutdown(3)]]<br><br />
SSL_shutdown [[Manual:SSL_free(3)]]<br><br />
SSL_shutdown [[Manual:SSL_read(3)]]<br><br />
SSL_shutdown [[Manual:SSL_set_bio(3)]]<br><br />
SSL_shutdown [[Manual:SSL_set_fd(3)]]<br><br />
SSL_shutdown [[Manual:SSL_set_shutdown(3)]]<br><br />
SSL_shutdown '''[[Manual:SSL_shutdown(3)]]'''<br><br />
SSL_state [[Manual:ssl(3)]]<br><br />
SSL_state_string_long [[Manual:ssl(3)]]<br><br />
SSL_state_string_long [[Manual:SSL_CTX_set_info_callback(3)]]<br><br />
SSL_state_string_long '''[[Manual:SSL_state_string(3)]]'''<br><br />
SSL_state_string [[Manual:ssl(3)]]<br><br />
SSL_state_string [[Manual:SSL_CTX_set_info_callback(3)]]<br><br />
SSL_state_string '''[[Manual:SSL_state_string(3)]]'''<br><br />
SSL_use_certificate_ASN1 [[Manual:ssl(3)]]<br><br />
SSL_use_certificate_ASN1 '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_use_certificate_file [[Manual:ssl(3)]]<br><br />
SSL_use_certificate_file '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_use_certificate [[Manual:ssl(3)]]<br><br />
SSL_use_certificate [[Manual:SSL_CTX_set_client_cert_cb(3)]]<br><br />
SSL_use_certificate '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_use_PrivateKey_ASN1 [[Manual:ssl(3)]]<br><br />
SSL_use_PrivateKey_ASN1 '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_use_PrivateKey_file [[Manual:ssl(3)]]<br><br />
SSL_use_PrivateKey_file '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_use_PrivateKey [[Manual:ssl(3)]]<br><br />
SSL_use_PrivateKey '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_use_psk_identity_hint [[Manual:ssl(3)]]<br><br />
SSL_use_psk_identity_hint '''[[Manual:SSL_CTX_use_psk_identity_hint(3)]]'''<br><br />
SSL_use_RSAPrivateKey_ASN1 [[Manual:ssl(3)]]<br><br />
SSL_use_RSAPrivateKey_ASN1 '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_use_RSAPrivateKey_file [[Manual:ssl(3)]]<br><br />
SSL_use_RSAPrivateKey_file '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSL_use_RSAPrivateKey [[Manual:ssl(3)]]<br><br />
SSL_use_RSAPrivateKey '''[[Manual:SSL_CTX_use_certificate(3)]]'''<br><br />
SSLv23_client_method [[Manual:SSL_CTX_new(3)]]<br><br />
SSLv23_method [[Manual:SSL_CTX_new(3)]]<br><br />
SSLv23_server_method [[Manual:SSL_CTX_new(3)]]<br><br />
SSLv2_client_method [[Manual:ssl(3)]]<br><br />
SSLv2_client_method [[Manual:SSL_CTX_new(3)]]<br><br />
SSLv2_method [[Manual:ssl(3)]]<br><br />
SSLv2_method [[Manual:SSL_CTX_new(3)]]<br><br />
SSLv2_server_method [[Manual:ssl(3)]]<br><br />
SSLv2_server_method [[Manual:SSL_CTX_new(3)]]<br><br />
SSLv3_client_method [[Manual:ssl(3)]]<br><br />
SSLv3_client_method [[Manual:SSL_CTX_new(3)]]<br><br />
SSLv3_method [[Manual:ssl(3)]]<br><br />
SSLv3_method [[Manual:SSL_CTX_new(3)]]<br><br />
SSLv3_server_method [[Manual:ssl(3)]]<br><br />
SSLv3_server_method [[Manual:SSL_CTX_new(3)]]<br><br />
SSL_version [[Manual:ssl(3)]]<br><br />
SSL_want [[Manual:ssl(3)]]<br><br />
SSL_want '''[[Manual:SSL_want(3)]]'''<br><br />
SSL_write [[Manual:ssl(3)]]<br><br />
SSL_write [[Manual:SSL_CTX_set_mode(3)]]<br><br />
SSL_write [[Manual:SSL_get_error(3)]]<br><br />
SSL_write [[Manual:SSL_read(3)]]<br><br />
SSL_write [[Manual:SSL_set_connect_state(3)]]<br><br />
SSL_write '''[[Manual:SSL_write(3)]]'''<br><br />
TLSv1_1_client_method [[Manual:SSL_CTX_new(3)]]<br><br />
TLSv1_1_method [[Manual:SSL_CTX_new(3)]]<br><br />
TLSv1_1_server_method [[Manual:SSL_CTX_new(3)]]<br><br />
TLSv1_client_method [[Manual:ssl(3)]]<br><br />
TLSv1_client_method [[Manual:SSL_CTX_new(3)]]<br><br />
TLSv1_method [[Manual:ssl(3)]]<br><br />
TLSv1_method [[Manual:SSL_CTX_new(3)]]<br><br />
TLSv1_server_method [[Manual:ssl(3)]]<br><br />
TLSv1_server_method [[Manual:SSL_CTX_new(3)]]<br><br />
UI_add_error_string '''[[Manual:ui(3)]]'''<br><br />
UI_add_info_string '''[[Manual:ui(3)]]'''<br><br />
UI_add_input_boolean '''[[Manual:ui(3)]]'''<br><br />
UI_add_input_string '''[[Manual:ui(3)]]'''<br><br />
UI_add_user_data '''[[Manual:ui(3)]]'''<br><br />
UI_add_verify_string '''[[Manual:ui(3)]]'''<br><br />
UI_construct_prompt '''[[Manual:ui(3)]]'''<br><br />
UI_ctrl '''[[Manual:ui(3)]]'''<br><br />
UI_dup_error_string '''[[Manual:ui(3)]]'''<br><br />
UI_dup_info_string '''[[Manual:ui(3)]]'''<br><br />
UI_dup_input_boolean '''[[Manual:ui(3)]]'''<br><br />
UI_dup_input_string '''[[Manual:ui(3)]]'''<br><br />
UI_dup_verify_string '''[[Manual:ui(3)]]'''<br><br />
UI_free '''[[Manual:ui(3)]]'''<br><br />
UI_get0_result '''[[Manual:ui(3)]]'''<br><br />
UI_get0_user_data '''[[Manual:ui(3)]]'''<br><br />
UI_get_default_method '''[[Manual:ui(3)]]'''<br><br />
UI_get_method '''[[Manual:ui(3)]]'''<br><br />
UI_new '''[[Manual:ui(3)]]'''<br><br />
UI_new_method '''[[Manual:ui(3)]]'''<br><br />
UI_OpenSSL '''[[Manual:ui(3)]]'''<br><br />
UI_process '''[[Manual:ui(3)]]'''<br><br />
UI_set_default_method '''[[Manual:ui(3)]]'''<br><br />
UI_set_method '''[[Manual:ui(3)]]'''<br><br />
witness [[Manual:DSA_generate_parameters(3)]]<br><br />
X509_add1_trust_object [[Manual:crypto(3)]]<br><br />
X509_check_email '''[[Manual:X509_check_host(3)]]'''<br><br />
X509_check_host '''[[Manual:X509_check_host(3)]]'''<br><br />
X509_check_ip_asc '''[[Manual:X509_check_host(3)]]'''<br><br />
X509_check_ip '''[[Manual:X509_check_host(3)]]'''<br><br />
X509_CRL_add0_revoked [[Manual:crypto(3)]]<br><br />
X509_free [[Manual:pem(3)]]<br><br />
X509_free '''[[Manual:X509_new(3)]]'''<br><br />
X509_free [[Manual:X509_STORE_CTX_get_error(3)]]<br><br />
X509_get_issuer_name [[Manual:X509_STORE_CTX_set_verify_cb(3)]]<br><br />
X509_get_subject_name [[Manual:X509_STORE_CTX_set_verify_cb(3)]]<br><br />
X509_NAME_add_entry_by_NID [[Manual:x509(3)]]<br><br />
X509_NAME_add_entry_by_NID '''[[Manual:X509_NAME_add_entry_by_txt(3)]]'''<br><br />
X509_NAME_add_entry_by_OBJ '''[[Manual:X509_NAME_add_entry_by_txt(3)]]'''<br><br />
X509_NAME_add_entry_by_txt [[Manual:x509(3)]]<br><br />
X509_NAME_add_entry_by_txt '''[[Manual:X509_NAME_add_entry_by_txt(3)]]'''<br><br />
X509_NAME_add_entry_by_txt [[Manual:X509_NAME_ENTRY_get_object(3)]]<br><br />
X509_NAME_add_entry '''[[Manual:X509_NAME_add_entry_by_txt(3)]]'''<br><br />
X509_NAME_delete_entry '''[[Manual:X509_NAME_add_entry_by_txt(3)]]'''<br><br />
X509_NAME_entry_count '''[[Manual:X509_NAME_get_index_by_NID(3)]]'''<br><br />
X509_NAME_ENTRY_create_by_NID '''[[Manual:X509_NAME_ENTRY_get_object(3)]]'''<br><br />
X509_NAME_ENTRY_create_by_OBJ '''[[Manual:X509_NAME_ENTRY_get_object(3)]]'''<br><br />
X509_NAME_ENTRY_create_by_txt '''[[Manual:X509_NAME_ENTRY_get_object(3)]]'''<br><br />
X509_NAME_ENTRY_get_data '''[[Manual:X509_NAME_ENTRY_get_object(3)]]'''<br><br />
X509_NAME_ENTRY_get_object [[Manual:x509(3)]]<br><br />
X509_NAME_ENTRY_get_object '''[[Manual:X509_NAME_ENTRY_get_object(3)]]'''<br><br />
X509_NAME_ENTRY_set_data '''[[Manual:X509_NAME_ENTRY_get_object(3)]]'''<br><br />
X509_NAME_ENTRY_set_object '''[[Manual:X509_NAME_ENTRY_get_object(3)]]'''<br><br />
X509_NAME_get_entry [[Manual:X509_NAME_ENTRY_get_object(3)]]<br><br />
X509_NAME_get_entry '''[[Manual:X509_NAME_get_index_by_NID(3)]]'''<br><br />
X509_NAME_get_index_by_NID '''[[Manual:X509_NAME_get_index_by_NID(3)]]'''<br><br />
X509_NAME_get_index_by_OBJ '''[[Manual:X509_NAME_get_index_by_NID(3)]]'''<br><br />
X509_NAME_get_text_by_NID '''[[Manual:X509_NAME_get_index_by_NID(3)]]'''<br><br />
X509_NAME_get_text_by_OBJ '''[[Manual:X509_NAME_get_index_by_NID(3)]]'''<br><br />
X509_NAME_new [[Manual:x509(3)]]<br><br />
X509_NAME_new [[Manual:X509_NAME_add_entry_by_txt(3)]]<br><br />
X509_NAME_oneline '''[[Manual:X509_NAME_print_ex(3)]]'''<br><br />
X509_NAME_print_ex_fp '''[[Manual:X509_NAME_print_ex(3)]]'''<br><br />
X509_NAME_print_ex [[Manual:ASN1_STRING_print_ex(3)]]<br><br />
X509_NAME_print_ex [[Manual:x509(3)]]<br><br />
X509_NAME_print_ex '''[[Manual:X509_NAME_print_ex(3)]]'''<br><br />
X509_NAME_print_ex [[Manual:X509_STORE_CTX_set_verify_cb(3)]]<br><br />
X509_NAME_print '''[[Manual:X509_NAME_print_ex(3)]]'''<br><br />
X509_new [[Manual:d2i_X509(3)]]<br><br />
X509_new '''[[Manual:X509_new(3)]]'''<br><br />
X509_STORE_CTX_cleanup '''[[Manual:X509_STORE_CTX_new(3)]]'''<br><br />
X509_STORE_CTX_free '''[[Manual:X509_STORE_CTX_new(3)]]'''<br><br />
X509_STORE_CTX_get0_param '''[[Manual:X509_STORE_CTX_new(3)]]'''<br><br />
X509_STORE_CTX_get1_chain '''[[Manual:X509_STORE_CTX_get_error(3)]]'''<br><br />
X509_STORE_CTX_get_current_cert '''[[Manual:X509_STORE_CTX_get_error(3)]]'''<br><br />
X509_STORE_CTX_get_current_cert [[Manual:X509_STORE_CTX_set_verify_cb(3)]]<br><br />
X509_STORE_CTX_get_error_depth '''[[Manual:X509_STORE_CTX_get_error(3)]]'''<br><br />
X509_STORE_CTX_get_error_depth [[Manual:X509_STORE_CTX_set_verify_cb(3)]]<br><br />
X509_STORE_CTX_get_error '''[[Manual:X509_STORE_CTX_get_error(3)]]'''<br><br />
X509_STORE_CTX_get_error [[Manual:X509_STORE_CTX_set_verify_cb(3)]]<br><br />
X509_STORE_CTX_get_error [[Manual:X509_verify_cert(3)]]<br><br />
X509_STORE_CTX_get_ex_data '''[[Manual:X509_STORE_CTX_get_ex_new_index(3)]]'''<br><br />
X509_STORE_CTX_get_ex_new_index '''[[Manual:X509_STORE_CTX_get_ex_new_index(3)]]'''<br><br />
X509_STORE_CTX_get_ex_new_index [[Manual:X509_STORE_CTX_set_verify_cb(3)]]<br><br />
X509_STORE_CTX_init '''[[Manual:X509_STORE_CTX_new(3)]]'''<br><br />
X509_STORE_CTX_new '''[[Manual:X509_STORE_CTX_new(3)]]'''<br><br />
X509_STORE_CTX_set0_crls '''[[Manual:X509_STORE_CTX_new(3)]]'''<br><br />
X509_STORE_CTX_set0_param '''[[Manual:X509_STORE_CTX_new(3)]]'''<br><br />
X509_STORE_CTX_set_cert '''[[Manual:X509_STORE_CTX_new(3)]]'''<br><br />
X509_STORE_CTX_set_chain '''[[Manual:X509_STORE_CTX_new(3)]]'''<br><br />
X509_STORE_CTX_set_default '''[[Manual:X509_STORE_CTX_new(3)]]'''<br><br />
X509_STORE_CTX_set_error '''[[Manual:X509_STORE_CTX_get_error(3)]]'''<br><br />
X509_STORE_CTX_set_ex_data '''[[Manual:X509_STORE_CTX_get_ex_new_index(3)]]'''<br><br />
X509_STORE_CTX_set_flags [[Manual:X509_VERIFY_PARAM_set_flags(3)]]<br><br />
X509_STORE_CTX_set_verify_cb '''[[Manual:X509_STORE_CTX_set_verify_cb(3)]]'''<br><br />
X509_STORE_CTX_set_verify_cb [[Manual:X509_STORE_set_verify_cb_func(3)]]<br><br />
X509_STORE_CTX_trusted_stack '''[[Manual:X509_STORE_CTX_new(3)]]'''<br><br />
X509_STORE_set_verify_cb [[Manual:X509_STORE_CTX_set_verify_cb(3)]]<br><br />
X509_STORE_set_verify_cb '''[[Manual:X509_STORE_set_verify_cb_func(3)]]'''<br><br />
X509_verify_cert_error_string '''[[Manual:X509_STORE_CTX_get_error(3)]]'''<br><br />
X509_verify_cert_error_string [[Manual:X509_STORE_CTX_set_verify_cb(3)]]<br><br />
X509_verify_cert [[Manual:X509_STORE_CTX_get_error(3)]]<br><br />
X509_verify_cert [[Manual:X509_STORE_CTX_new(3)]]<br><br />
X509_verify_cert '''[[Manual:X509_verify_cert(3)]]'''<br><br />
X509_verify_cert [[Manual:X509_VERIFY_PARAM_set_flags(3)]]<br><br />
X509_VERIFY_PARAM_add0_policy '''[[Manual:X509_VERIFY_PARAM_set_flags(3)]]'''<br><br />
X509_VERIFY_PARAM_clear_flags '''[[Manual:X509_VERIFY_PARAM_set_flags(3)]]'''<br><br />
X509_VERIFY_PARAM_free [[Manual:X509_VERIFY_PARAM_set_flags(3)]]<br><br />
X509_VERIFY_PARAM_get_depth '''[[Manual:X509_VERIFY_PARAM_set_flags(3)]]'''<br><br />
X509_VERIFY_PARAM_get_flags '''[[Manual:X509_VERIFY_PARAM_set_flags(3)]]'''<br><br />
X509_VERIFY_PARAM_lookup [[Manual:X509_STORE_CTX_new(3)]]<br><br />
X509_VERIFY_PARAM_new [[Manual:X509_VERIFY_PARAM_set_flags(3)]]<br><br />
X509_VERIFY_PARAM_set1_policies '''[[Manual:X509_VERIFY_PARAM_set_flags(3)]]'''<br><br />
X509_VERIFY_PARAM_set_depth '''[[Manual:X509_VERIFY_PARAM_set_flags(3)]]'''<br><br />
X509_VERIFY_PARAM_set_flags [[Manual:X509_STORE_CTX_new(3)]]<br><br />
X509_VERIFY_PARAM_set_flags '''[[Manual:X509_VERIFY_PARAM_set_flags(3)]]'''<br><br />
X509_VERIFY_PARAM_set_purpose '''[[Manual:X509_VERIFY_PARAM_set_flags(3)]]'''<br><br />
X509_VERIFY_PARAM_set_time '''[[Manual:X509_VERIFY_PARAM_set_flags(3)]]'''<br><br />
X509_VERIFY_PARAM_set_trust '''[[Manual:X509_VERIFY_PARAM_set_flags(3)]]'''<br></div>Bernardhhttps://wiki.openssl.org/index.php?title=Command_Line_Utilities&diff=1928Command Line Utilities2014-09-01T13:37:24Z<p>Bernardh: /* ASN.1 */</p>
<hr />
<div>[http://www.openssl.org/docs/apps/openssl.html OpenSSL site command line tools]<br />
<br />
=== Getting started with your openssl toolkit ===<br />
<br />
When installed on your system openssl binary (usually /usr/bin/openssl on linux) is an entry point for many functions. You call it following the pattern<br />
<pre><br />
$ openssl command [ command_opts ] [ command_args ] <br />
</pre><br />
<br />
Alternatively you can call it without arguments to enter the interactive mode with an 'OpenSSL>' prompt. Then you can directly type your commands. You can leave the interactive mode with Ctrl+C or Ctrl+D or by typing 'quit':<br />
<pre><br />
OpenSSL> quit<br />
</pre><br />
<br />
There are three different kinds of commands. These are [[standard commands]], [[cipher commands]], and [[message-digest commands]]. In the following an overview over some commands is given. These are grouped by purpose and not necessarily by the classification just mentioned.<br />
<br />
=== Learn about your installation ===<br />
<br />
==== List commands by type ====<br />
<br />
You can get a list of available commands by calling<br />
<br />
<pre><br />
$ openssl list-standard-commands<br />
$ openssl list-cipher-commands<br />
$ openssl list-message-digest-commands<br />
</pre><br />
<br />
==== version ====<br />
<br />
OpenSSL> version<br />
OpenSSL 1.0.1e 11 Feb 2013<br />
<br />
==== ciphers ====<br />
<br />
returns SSL/TLS ciphers supported.<br />
<br />
<pre><br />
OpenSSL> ciphers<br />
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5<br />
</pre><br />
<br />
openssl list-cipher-algorithms<br />
<br />
openssl list-public-key-algorithms<br />
<pre><br />
Name: OpenSSL RSA method<br />
Type: Builtin Algorithm<br />
OID: rsaEncryption<br />
PEM string: RSA<br />
Name: rsa<br />
Type: Alias to rsaEncryption<br />
Name: OpenSSL PKCS#3 DH method<br />
Type: Builtin Algorithm<br />
OID: dhKeyAgreement<br />
PEM string: DH<br />
Name: dsaWithSHA<br />
Type: Alias to dsaEncryption<br />
Name: dsaEncryption-old<br />
Type: Alias to dsaEncryption<br />
Name: dsaWithSHA1-old<br />
Type: Alias to dsaEncryption<br />
Name: dsaWithSHA1<br />
Type: Alias to dsaEncryption<br />
Name: OpenSSL DSA method<br />
Type: Builtin Algorithm<br />
OID: dsaEncryption<br />
PEM string: DSA<br />
Name: OpenSSL EC algorithm<br />
Type: Builtin Algorithm<br />
OID: id-ecPublicKey<br />
PEM string: EC<br />
Name: OpenSSL HMAC method<br />
Type: Builtin Algorithm<br />
OID: hmac<br />
PEM string: HMAC<br />
Name: OpenSSL CMAC method<br />
Type: Builtin Algorithm<br />
OID: cmac<br />
PEM string: CMAC<br />
</pre><br />
<br />
==== engine ====<br />
<br />
OpenSSL> engine<br />
(rsax) RSAX engine support<br />
(dynamic) Dynamic engine loading support<br />
<br />
==== speed ====<br />
<br />
returns informations of toolkit performance on cryptographic functions computations.<br />
<br />
( Ex: on Linux 3.1.0-1-amd64 #1 SMP x86_64 GNU/Linux, HP dv7 i7 4Gb )<br />
<br />
<pre><br />
Doing md4 for 3s on 16 size blocks: 12430613 md4's in 3.00s<br />
...<br />
Doing md5 for 3s on 16 size blocks: 8943943 md5's in 2.99s<br />
Doing md5 for 3s on 64 size blocks: 6560162 md5's in 3.00s<br />
Doing md5 for 3s on 256 size blocks: 3674563 md5's in 3.00s<br />
Doing md5 for 3s on 1024 size blocks: 1325803 md5's in 3.00s<br />
Doing md5 for 3s on 8192 size blocks: 190271 md5's in 3.00s<br />
Doing hmac(md5) for 3s on 16 size blocks: 7289025 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 64 size blocks: 5519732 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 256 size blocks: 3319123 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 1024 size blocks: 1275475 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 8192 size blocks: 187134 hmac(md5)'s in 3.00s<br />
Doing sha1 for 3s on 16 size blocks: 10089842 sha1's in 2.99s<br />
Doing sha1 for 3s on 64 size blocks: 7033355 sha1's in 3.00s<br />
Doing sha1 for 3s on 256 size blocks: 3919372 sha1's in 3.00s<br />
Doing sha1 for 3s on 1024 size blocks: 1374314 sha1's in 3.00s<br />
Doing sha1 for 3s on 8192 size blocks: 198808 sha1's in 3.00s<br />
Doing sha256 for 3s on 16 size blocks: 6462822 sha256's in 3.00s<br />
Doing sha256 for 3s on 64 size blocks: 3504641 sha256's in 3.00s<br />
Doing sha256 for 3s on 256 size blocks: 1486771 sha256's in 3.00s<br />
Doing sha256 for 3s on 1024 size blocks: 440613 sha256's in 3.00s<br />
Doing sha256 for 3s on 8192 size blocks: 58418 sha256's in 3.00s<br />
Doing sha512 for 3s on 16 size blocks: 5040453 sha512's in 2.99s<br />
Doing sha512 for 3s on 64 size blocks: 5089425 sha512's in 3.00s<br />
Doing sha512 for 3s on 256 size blocks: 1865240 sha512's in 3.00s<br />
Doing sha512 for 3s on 1024 size blocks: 643708 sha512's in 3.00s<br />
Doing sha512 for 3s on 8192 size blocks: 90615 sha512's in 3.00s<br />
...<br />
Doing whirlpool for 3s on 8192 size blocks: 33204 whirlpool's in 3.00s<br />
...<br />
Doing rmd160 for 3s on 8192 size blocks: 66719 rmd160's in 3.00s<br />
...<br />
Doing rc4 for 3s on 8192 size blocks: 238972 rc4's in 3.00s<br />
...<br />
Doing des cbc for 3s on 8192 size blocks: 19837 des cbc's in 3.00s<br />
...<br />
Doing des ede3 for 3s on 8192 size blocks: 7706 des ede3's in 3.00s<br />
...<br />
Doing aes-128 cbc for 3s on 8192 size blocks: 35217 aes-128 cbc's in 3.00s<br />
...<br />
Doing aes-192 cbc for 3s on 8192 size blocks: 29225 aes-192 cbc's in 3.01s<br />
...<br />
Doing aes-256 cbc for 3s on 8192 size blocks: 24414 aes-256 cbc's in 3.00s<br />
...<br />
Doing aes-256 ige for 3s on 8192 size blocks: 23331 aes-256 ige's in 2.99s<br />
...<br />
</pre><br />
<br />
=== Basic encryption ===<br />
<br />
The command for symmetric encryption/decryption operations is [[enc|openssl enc]].<br />
<br />
For public key asymmetric encryption/decryption/sign/verify operations, use [[pkeyutl]] or the older RSA-specific [[rsautl]].<br />
<br />
==== Basic file ====<br />
<br />
to cipher a file or data to protect and share it protected by a shared key.<br />
<br />
symetric cipher :<br />
[[AES]] [[Blowfish]] [[RC4]] [[3DES]] [[RC2]] [[DES]] [[CAST5]] [[SEED]]<br />
<br />
block to stream conversion :<br />
[[ECB]] [[CBC]] [[OFB]] [[CFB]] [[CTR]] [[XTS]] [[GCM]]<br />
<br />
compression :<br />
[[ZLIB]]<br />
<br />
<pre><br />
Cipher commands (see the `enc' command for more details)<br />
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb <br />
aes-256-cbc aes-256-ecb base64 bf <br />
bf-cbc bf-cfb bf-ecb bf-ofb <br />
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb <br />
camellia-256-cbc camellia-256-ecb cast cast-cbc <br />
cast5-cbc cast5-cfb cast5-ecb cast5-ofb <br />
des des-cbc des-cfb des-ecb <br />
des-ede des-ede-cbc des-ede-cfb des-ede-ofb <br />
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb <br />
des-ofb des3 desx rc2 <br />
rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb <br />
rc2-ecb rc2-ofb rc4 rc4-40 <br />
seed seed-cbc seed-cfb seed-ecb <br />
seed-ofb zlib<br />
</pre><br />
<br />
<pre><br />
openssl enc --help<br />
unknown option '--help'<br />
options are<br />
-in <file> input file<br />
-out <file> output file<br />
-pass <arg> pass phrase source<br />
-e encrypt<br />
-d decrypt<br />
-a/-base64 base64 encode/decode, depending on encryption flag<br />
-k passphrase is the next argument<br />
-kfile passphrase is the first line of the file argument<br />
-md the next argument is the md to use to create a key<br />
from a passphrase. One of md2, md5, sha or sha1<br />
-S salt in hex is the next argument<br />
-K/-iv key/iv in hex is the next argument<br />
-[pP] print the iv/key (then exit if -P)<br />
-bufsize <n> buffer size<br />
-nopad disable standard block padding<br />
-engine e use engine e, possibly a hardware device.<br />
Cipher Types<br />
-aes-128-cbc -aes-128-cfb -aes-128-cfb1 <br />
-aes-128-cfb8 -aes-128-ctr -aes-128-ecb <br />
-aes-128-gcm -aes-128-ofb -aes-128-xts <br />
-aes-192-cbc -aes-192-cfb -aes-192-cfb1 <br />
-aes-192-cfb8 -aes-192-ctr -aes-192-ecb <br />
-aes-192-gcm -aes-192-ofb -aes-256-cbc <br />
-aes-256-cfb -aes-256-cfb1 -aes-256-cfb8 <br />
-aes-256-ctr -aes-256-ecb -aes-256-gcm <br />
-aes-256-ofb -aes-256-xts -aes128 <br />
-aes192 -aes256 -bf <br />
-bf-cbc -bf-cfb -bf-ecb <br />
-bf-ofb -blowfish -camellia-128-cbc <br />
-camellia-128-cfb -camellia-128-cfb1 -camellia-128-cfb8 <br />
-camellia-128-ecb -camellia-128-ofb -camellia-192-cbc <br />
-camellia-192-cfb -camellia-192-cfb1 -camellia-192-cfb8 <br />
-camellia-192-ecb -camellia-192-ofb -camellia-256-cbc <br />
-camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8 <br />
-camellia-256-ecb -camellia-256-ofb -camellia128 <br />
-camellia192 -camellia256 -cast <br />
-cast-cbc -cast5-cbc -cast5-cfb <br />
-cast5-ecb -cast5-ofb -des <br />
-des-cbc -des-cfb -des-cfb1 <br />
-des-cfb8 -des-ecb -des-ede <br />
-des-ede-cbc -des-ede-cfb -des-ede-ofb <br />
-des-ede3 -des-ede3-cbc -des-ede3-cfb <br />
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ofb <br />
-des-ofb -des3 -desx <br />
-desx-cbc -id-aes128-GCM -id-aes192-GCM <br />
-id-aes256-GCM -rc2 -rc2-40-cbc <br />
-rc2-64-cbc -rc2-cbc -rc2-cfb <br />
-rc2-ecb -rc2-ofb -rc4 <br />
-rc4-40 -rc4-hmac-md5 -seed <br />
-seed-cbc -seed-cfb -seed-ecb <br />
-seed-ofb <br />
</pre><br />
<br />
==== Mail / SMIME ====<br />
<br />
===== smime v2 pkcs7 1.5 =====<br />
<br />
<pre><br />
openssl smime --help<br />
Usage smime [options] cert.pem ...<br />
where options are<br />
-encrypt encrypt message<br />
-decrypt decrypt encrypted message<br />
-sign sign message<br />
-verify verify signed message<br />
-pk7out output PKCS#7 structure<br />
-des3 encrypt with triple DES<br />
-des encrypt with DES<br />
-seed encrypt with SEED<br />
-rc2-40 encrypt with RC2-40 (default)<br />
-rc2-64 encrypt with RC2-64<br />
-rc2-128 encrypt with RC2-128<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-nointern don't search certificates in message for signer<br />
-nosigs don't verify message signature<br />
-noverify don't verify signers certificate<br />
-nocerts don't include signers certificate when signing<br />
-nodetach use opaque signing<br />
-noattr don't include any signed attributes<br />
-binary don't translate message to text<br />
-certfile file other certificates file<br />
-signer file signer certificate file<br />
-recip file recipient certificate file for decryption<br />
-in file input file<br />
-inform arg input format SMIME (default), PEM or DER<br />
-inkey file input private key (if not signer or recipient)<br />
-keyform arg input private key format (PEM or ENGINE)<br />
-out file output file<br />
-outform arg output format SMIME (default), PEM or DER<br />
-content file supply or override content for detached signature<br />
-to addr to address<br />
-from ad from address<br />
-subject s subject<br />
-text include or delete text MIME headers<br />
-CApath dir trusted certificates directory<br />
-CAfile file trusted certificates file<br />
-crl_check check revocation status of signer's certificate using CRLs<br />
-crl_check_all check revocation status of signer's certificate chain using CRLs<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg input file pass phrase source<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
cert.pem recipient certificate(s) for encryption<br />
</pre><br />
<br />
===== smime v3 cms =====<br />
<br />
<pre><br />
openssl cms --help<br />
Usage cms [options] cert.pem ...<br />
where options are<br />
-encrypt encrypt message<br />
-decrypt decrypt encrypted message<br />
-sign sign message<br />
-verify verify signed message<br />
-cmsout output CMS structure<br />
-des3 encrypt with triple DES<br />
-des encrypt with DES<br />
-seed encrypt with SEED<br />
-rc2-40 encrypt with RC2-40 (default)<br />
-rc2-64 encrypt with RC2-64<br />
-rc2-128 encrypt with RC2-128<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-nointern don't search certificates in message for signer<br />
-nosigs don't verify message signature<br />
-noverify don't verify signers certificate<br />
-nocerts don't include signers certificate when signing<br />
-nodetach use opaque signing<br />
-noattr don't include any signed attributes<br />
-binary don't translate message to text<br />
-certfile file other certificates file<br />
-certsout file certificate output file<br />
-signer file signer certificate file<br />
-recip file recipient certificate file for decryption<br />
-keyid use subject key identifier<br />
-in file input file<br />
-inform arg input format SMIME (default), PEM or DER<br />
-inkey file input private key (if not signer or recipient)<br />
-keyform arg input private key format (PEM or ENGINE)<br />
-out file output file<br />
-outform arg output format SMIME (default), PEM or DER<br />
-content file supply or override content for detached signature<br />
-to addr to address<br />
-from ad from address<br />
-subject s subject<br />
-text include or delete text MIME headers<br />
-CApath dir trusted certificates directory<br />
-CAfile file trusted certificates file<br />
-crl_check check revocation status of signer's certificate using CRLs<br />
-crl_check_all check revocation status of signer's certificate chain using CRLs<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg input file pass phrase source<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
cert.pem recipient certificate(s) for encryption<br />
</pre><br />
<br />
==== Public Key Cryptographic Operations ====<br />
<br />
<pre><br />
openssl pkeyutl --help<br />
Usage: pkeyutl [options]<br />
-in file input file<br />
-out file output file<br />
-sigfile file signature file (verify operation only)<br />
-inkey file input key<br />
-keyform arg private key format - default PEM<br />
-pubin input is a public key<br />
-certin input is a certificate carrying a public key<br />
-pkeyopt X:Y public key options<br />
-sign sign with private key<br />
-verify verify with public key<br />
-verifyrecover verify with public key, recover original data<br />
-encrypt encrypt with public key<br />
-decrypt decrypt with private key<br />
-derive derive shared secret<br />
-hexdump hex dump output<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg pass phrase source<br />
</pre><br />
<br />
Legacy RSA command:<br />
<pre><br />
openssl rsautl --help<br />
Usage: rsautl [options]<br />
-in file input file<br />
-out file output file<br />
-inkey file input key<br />
-keyform arg private key format - default PEM<br />
-pubin input is an RSA public<br />
-certin input is a certificate carrying an RSA public key<br />
-ssl use SSL v2 padding<br />
-raw use no padding<br />
-pkcs use PKCS#1 v1.5 padding (default)<br />
-oaep use PKCS#1 OAEP<br />
-sign sign with private key<br />
-verify verify with public key<br />
-encrypt encrypt with public key<br />
-decrypt decrypt with private key<br />
-hexdump hex dump output<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg pass phrase source<br />
</pre><br />
<br />
=== Create / Handle Public Key Certificates ===<br />
<br />
This requires you have a knowledge of what PKI is ( Certificate Authorities, Certificate Request, Certificate, Public Key, Private Key )<br />
<br />
Classical use case is to obtain a valid Certificate for a Secured Web site ( https protocol ).<br />
First you create a Private Key ( will be created together with Public key ).<br />
Then create a Certificate Request for that private key with some informations for purpose of future Certificate.<br />
Then send that Certificate Request to a Certificate Authority ( CA ) that will issue a Certificate that CA signed. For well known CA you need to pay. <br />
Up to you to install your Private key together with the received Certificate on your system. <br />
<br />
It exists graphical front-end to operate openssl wihtin a GUI : [http://xca.sourceforge.net/ XCA]<br />
<br />
==== Key Generation ====<br />
<br />
===== rsa / genrsa =====<br />
<br />
RSA is the most common type of Public/Private Key.<br />
Private Key part should never be disclosed while public key part is ... public.<br />
<br />
<pre><br />
openssl genrsa --help<br />
usage: genrsa [args] [numbits]<br />
-des encrypt the generated key with DES in cbc mode<br />
-des3 encrypt the generated key with DES in ede cbc mode (168 bit key)<br />
-seed<br />
encrypt PEM output with cbc seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-out file output the key to 'file<br />
-passout arg output file pass phrase source<br />
-f4 use F4 (0x10001) for the E value<br />
-3 use 3 for the E value<br />
-engine e use engine e, possibly a hardware device.<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
</pre><br />
<br />
<pre><br />
rsa help<br />
unknown option help<br />
rsa [options] <infile >outfile<br />
where options are<br />
-inform arg input format - one of DER NET PEM<br />
-outform arg output format - one of DER NET PEM<br />
-in arg input file<br />
-sgckey Use IIS SGC key format<br />
-passin arg input file pass phrase source<br />
-out arg output file<br />
-passout arg output file pass phrase source<br />
-des encrypt PEM output with cbc des<br />
-des3 encrypt PEM output with ede cbc des using 168 bit key<br />
-seed encrypt PEM output with cbc seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-text print the key in text<br />
-noout don't print key out<br />
-modulus print the RSA key modulus<br />
-check verify key consistency<br />
-pubin expect a public key in input file<br />
-pubout output a public key<br />
-engine e use engine e, possibly a hardware device.<br />
error in rsa<br />
</pre><br />
<br />
===== dsa / gendsa=====<br />
<br />
dsa is a less common Public/Private key scheme, but can be seen anyway, so ...<br />
<br />
<pre><br />
openssl gendsa<br />
usage: gendsa [args] dsaparam-file<br />
-out file - output the key to 'file'<br />
-des - encrypt the generated key with DES in cbc mode<br />
-des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)<br />
-seed<br />
encrypt PEM output with cbc seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-engine e - use engine e, possibly a hardware device.<br />
-rand file:file:...<br />
- load the file (or the files in the directory) into<br />
the random number generator<br />
dsaparam-file<br />
- a DSA parameter file as generated by the dsaparam command<br />
<br />
</pre><br />
<br />
<pre><br />
OpenSSL> dsa help<br />
unknown option help<br />
dsa [options] <infile >outfile<br />
where options are<br />
-inform arg input format - DER or PEM<br />
-outform arg output format - DER or PEM<br />
-in arg input file<br />
-passin arg input file pass phrase source<br />
-out arg output file<br />
-passout arg output file pass phrase source<br />
-engine e use engine e, possibly a hardware device.<br />
-des encrypt PEM output with cbc des<br />
-des3 encrypt PEM output with ede cbc des using 168 bit key<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-seed encrypt PEM output with cbc seed<br />
-text print the key in text<br />
-noout don't print key out<br />
-modulus print the DSA public value<br />
error in dsa<br />
</pre><br />
<br />
===== Elliptic Curves / ec ecparam =====<br />
<br />
[[Elliptic_Curve_Cryptography]]<br />
<br />
See [[Command Line Elliptic Curve Operations]] for a description of these commands.<br />
<br />
<pre><br />
openssl ecparam --help<br />
unknown option --help<br />
ecparam [options] <infile >outfile<br />
where options are<br />
-inform arg input format - default PEM (DER or PEM)<br />
-outform arg output format - default PEM<br />
-in arg input file - default stdin<br />
-out arg output file - default stdout<br />
-noout do not print the ec parameter<br />
-text print the ec parameters in text form<br />
-check validate the ec parameters<br />
-C print a 'C' function creating the parameters<br />
-name arg use the ec parameters with 'short name' name<br />
-list_curves prints a list of all currently available curve 'short names'<br />
-conv_form arg specifies the point conversion form <br />
possible values: compressed<br />
uncompressed (default)<br />
hybrid<br />
-param_enc arg specifies the way the ec parameters are encoded<br />
in the asn1 der encoding<br />
possible values: named_curve (default)<br />
explicit<br />
-no_seed if 'explicit' parameters are chosen do not use the seed<br />
-genkey generate ec key<br />
-rand file files to use for random number input<br />
-engine e use engine e, possibly a hardware device<br />
</pre><br />
<br />
<pre><br />
ec [options] <infile >outfile<br />
where options are<br />
-inform arg input format - DER or PEM<br />
-outform arg output format - DER or PEM<br />
-in arg input file<br />
-passin arg input file pass phrase source<br />
-out arg output file<br />
-passout arg output file pass phrase source<br />
-engine e use engine e, possibly a hardware device.<br />
-des encrypt PEM output, instead of 'des' every other <br />
cipher supported by OpenSSL can be used<br />
-text print the key<br />
-noout don't print key out<br />
-param_out print the elliptic curve parameters<br />
-conv_form arg specifies the point conversion form <br />
possible values: compressed<br />
uncompressed (default)<br />
hybrid<br />
-param_enc arg specifies the way the ec parameters are encoded<br />
in the asn1 der encoding<br />
possible values: named_curve (default)<br />
explicit<br />
</pre><br />
<br />
==== Certificate Authority / ca ====<br />
<br />
When you want to act as a Certificate Authority.<br />
<br />
OpenSSL> ca<br />
Using configuration from /usr/lib/ssl/openssl.cnf<br />
Error opening CA private key ./demoCA/private/cakey.pem<br />
140492277311144:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('./demoCA/private/cakey.pem','r')<br />
140492277311144:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:<br />
unable to load CA private key<br />
error in ca<br />
<br />
By default you don't have ca created...<br />
<br />
==== Certificate Request / pkcs10 / req ====<br />
<br />
OpenSSL> req ?<br />
unknown option ?<br />
req [options] <infile >outfile<br />
where options are<br />
-inform arg input format - DER or PEM<br />
-outform arg output format - DER or PEM<br />
-in arg input file<br />
-out arg output file<br />
-text text form of request<br />
-pubkey output public key<br />
-noout do not output REQ<br />
-verify verify signature on REQ<br />
-modulus RSA modulus<br />
-nodes don't encrypt the output key<br />
-engine e use engine e, possibly a hardware device<br />
-subject output the request's subject<br />
-passin private key password source<br />
-key file use the private key contained in file<br />
-keyform arg key file format<br />
-keyout arg file to send the key to<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
-newkey rsa:bits generate a new RSA key of 'bits' in size<br />
-newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'<br />
-newkey ec:file generate a new EC key, parameters taken from CA in 'file'<br />
-[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)<br />
-config file request template file.<br />
-subj arg set or modify request subject<br />
-multivalue-rdn enable support for multivalued RDNs<br />
-new new request.<br />
-batch do not ask anything during request generation<br />
-x509 output a x509 structure instead of a cert. req.<br />
-days number of days a certificate generated by -x509 is valid for.<br />
-set_serial serial number to use for a certificate generated by -x509.<br />
-newhdr output "NEW" in the header lines<br />
-asn1-kludge Output the 'request' in a format that is wrong but some CA's<br />
have been reported as requiring<br />
-extensions .. specify certificate extension section (override value in config file)<br />
-reqexts .. specify request extension section (override value in config file)<br />
-utf8 input characters are UTF8 (default ASCII)<br />
-nameopt arg - various certificate name options<br />
-reqopt arg - various request text options<br />
<br />
error in req<br />
<br />
==== Certificates AKA x509 ====<br />
<br />
x509 command allows you to display content of a x509 certificate and to convert it from/to [[PEM]], [[NET]] or [[DER]] formats.<br />
<br />
OpenSSL> x509 help<br />
unknown option help<br />
usage: x509 args<br />
-inform arg - input format - default PEM (one of DER, NET or PEM)<br />
-outform arg - output format - default PEM (one of DER, NET or PEM)<br />
-keyform arg - private key format - default PEM<br />
-CAform arg - CA format - default PEM<br />
-CAkeyform arg - CA key format - default PEM<br />
-in arg - input file - default stdin<br />
-out arg - output file - default stdout<br />
-passin arg - private key password source<br />
-serial - print serial number value<br />
-subject_hash - print subject hash value<br />
-subject_hash_old - print old-style (MD5) subject hash value<br />
-issuer_hash - print issuer hash value<br />
-issuer_hash_old - print old-style (MD5) issuer hash value<br />
-hash - synonym for -subject_hash<br />
-subject - print subject DN<br />
-issuer - print issuer DN<br />
-email - print email address(es)<br />
-startdate - notBefore field<br />
-enddate - notAfter field<br />
-purpose - print out certificate purposes<br />
-dates - both Before and After dates<br />
-modulus - print the RSA key modulus<br />
-pubkey - output the public key<br />
-fingerprint - print the certificate fingerprint<br />
-alias - output certificate alias<br />
-noout - no certificate output<br />
-ocspid - print OCSP hash values for the subject name and public key<br />
-ocsp_uri - print OCSP Responder URL(s)<br />
-trustout - output a "trusted" certificate<br />
-clrtrust - clear all trusted purposes<br />
-clrreject - clear all rejected purposes<br />
-addtrust arg - trust certificate for a given purpose<br />
-addreject arg - reject certificate for a given purpose<br />
-setalias arg - set certificate alias<br />
-days arg - How long till expiry of a signed certificate - def 30 days<br />
-checkend arg - check whether the cert expires in the next arg seconds<br />
exit 1 if so, 0 if not<br />
-signkey arg - self sign cert with arg<br />
-x509toreq - output a certification request object<br />
-req - input is a certificate request, sign and output.<br />
-CA arg - set the CA certificate, must be PEM format.<br />
-CAkey arg - set the CA key, must be PEM format<br />
missing, it is assumed to be in the CA file.<br />
-CAcreateserial - create serial number file if it does not exist<br />
-CAserial arg - serial file<br />
-set_serial - serial number to use<br />
-text - print the certificate in text form<br />
-C - print out C code forms<br />
-md2/-md5/-sha1/-mdc2 - digest to use<br />
-extfile - configuration file with X509V3 extensions to add<br />
-extensions - section from config file with X509V3 extensions to add<br />
-clrext - delete extensions before signing and input certificate<br />
-nameopt arg - various certificate name options<br />
-engine e - use engine e, possibly a hardware device.<br />
-certopt arg - various certificate text options<br />
<br />
==== Client Certificates AKA pkcs12 ====<br />
<br />
Client Certificate is a language abuse, but anyway it is kind of file you need to install on your system when SSL/TLS server require Client Authentication.<br />
Those kind of certificates credentials are known with .'''pkcs12''' or .'''pfx''' file extension.<br />
They contains a x509 Certificate and the public/private key of client. Those files are then very sensible to handle with same security as a private key.<br />
<br />
<pre><br />
Usage: pkcs12 [options]<br />
where options are<br />
-export output PKCS12 file<br />
-chain add certificate chain<br />
-inkey file private key if not infile<br />
-certfile f add all certs in f<br />
-CApath arg - PEM format directory of CA's<br />
-CAfile arg - PEM format file of CA's<br />
-name "name" use name as friendly name<br />
-caname "nm" use nm as CA friendly name (can be used more than once).<br />
-in infile input filename<br />
-out outfile output filename<br />
-noout don't output anything, just verify.<br />
-nomacver don't verify MAC.<br />
-nocerts don't output certificates.<br />
-clcerts only output client certificates.<br />
-cacerts only output CA certificates.<br />
-nokeys don't output private keys.<br />
-info give info about PKCS#12 structure.<br />
-des encrypt private keys with DES<br />
-des3 encrypt private keys with triple DES (default)<br />
-seed encrypt private keys with seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-nodes don't encrypt private keys<br />
-noiter don't use encryption iteration<br />
-nomaciter don't use MAC iteration<br />
-maciter use MAC iteration<br />
-nomac don't generate MAC<br />
-twopass separate MAC, encryption passwords<br />
-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)<br />
-certpbe alg specify certificate PBE algorithm (default RC2-40)<br />
-keypbe alg specify private key PBE algorithm (default 3DES)<br />
-macalg alg digest algorithm used in MAC (default SHA1)<br />
-keyex set MS key exchange type<br />
-keysig set MS key signature type<br />
-password p set import/export password source<br />
-passin p input file pass phrase source<br />
-passout p output file pass phrase source<br />
-engine e use engine e, possibly a hardware device.<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
-CSP name Microsoft CSP name<br />
-LMK Add local machine keyset attribute to private key<br />
</pre><br />
<br />
=== SSL/TLS and Certificates ONLINE services ===<br />
<br />
==== s_server ====<br />
<br />
This implements a generic SSL/TLS server. <br />
<br />
<pre><br />
openssl s_server<br />
Error opening server certificate private key file server.pem<br />
139811478357672:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('server.pem','r')<br />
139811478357672:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:<br />
unable to load server certificate private key file<br />
</pre><br />
<br />
'''you need to provide certificate and private key to be able to run SSL/TLS server.'''<br />
<br />
<pre><br />
openssl s_server --help<br />
unknown option --help<br />
usage: s_server [args ...]<br />
<br />
-accept arg - port to accept on (default is 4433)<br />
-context arg - set session ID context<br />
-verify arg - turn on peer certificate verification<br />
-Verify arg - turn on peer certificate verification, must have a cert.<br />
-cert arg - certificate file to use<br />
(default is server.pem)<br />
-crl_check - check the peer certificate has not been revoked by its CA.<br />
The CRL(s) are appended to the certificate file<br />
-crl_check_all - check the peer certificate has not been revoked by its CA<br />
or any other CRL in the CA chain. CRL(s) are appened to the<br />
the certificate file.<br />
-certform arg - certificate format (PEM or DER) PEM default<br />
-key arg - Private Key file to use, in cert file if<br />
not specified (default is server.pem)<br />
-keyform arg - key format (PEM, DER or ENGINE) PEM default<br />
-pass arg - private key file pass phrase source<br />
-dcert arg - second certificate file to use (usually for DSA)<br />
-dcertform x - second certificate format (PEM or DER) PEM default<br />
-dkey arg - second private key file to use (usually for DSA)<br />
-dkeyform arg - second key format (PEM, DER or ENGINE) PEM default<br />
-dpass arg - second private key file pass phrase source<br />
-dhparam arg - DH parameter file to use, in cert file if not specified<br />
or a default set of parameters is used<br />
-named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.<br />
Use "openssl ecparam -list_curves" for all names<br />
(default is nistp256).<br />
-nbio - Run with non-blocking IO<br />
-nbio_test - test with the non-blocking test bio<br />
-crlf - convert LF from terminal into CRLF<br />
-debug - Print more output<br />
-msg - Show protocol messages<br />
-state - Print the SSL states<br />
-CApath arg - PEM format directory of CA's<br />
-CAfile arg - PEM format file of CA's<br />
-nocert - Don't use any certificates (Anon-DH)<br />
-cipher arg - play with 'openssl ciphers' to see what goes here<br />
-serverpref - Use server's cipher preferences<br />
-quiet - No server output<br />
-no_tmp_rsa - Do not generate a tmp RSA key<br />
-psk_hint arg - PSK identity hint to use<br />
-psk arg - PSK in hex (without 0x)<br />
-srpvfile file - The verifier file for SRP<br />
-srpuserseed string - A seed string for a default user salt.<br />
-ssl2 - Just talk SSLv2<br />
-ssl3 - Just talk SSLv3<br />
-tls1_2 - Just talk TLSv1.2<br />
-tls1_1 - Just talk TLSv1.1<br />
-tls1 - Just talk TLSv1<br />
-dtls1 - Just talk DTLSv1<br />
-timeout - Enable timeouts<br />
-mtu - Set link layer MTU<br />
-chain - Read a certificate chain<br />
-no_ssl2 - Just disable SSLv2<br />
-no_ssl3 - Just disable SSLv3<br />
-no_tls1 - Just disable TLSv1<br />
-no_tls1_1 - Just disable TLSv1.1<br />
-no_tls1_2 - Just disable TLSv1.2<br />
-no_dhe - Disable ephemeral DH<br />
-no_ecdhe - Disable ephemeral ECDH<br />
-bugs - Turn on SSL bug compatibility<br />
-www - Respond to a 'GET /' with a status page<br />
-WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path><br />
-HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path><br />
with the assumption it contains a complete HTTP response.<br />
-engine id - Initialise and use the specified engine<br />
-id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'<br />
-rand file:file:...<br />
-servername host - servername for HostName TLS extension<br />
-servername_fatal - on mismatch send fatal alert (default warning alert)<br />
-cert2 arg - certificate file to use for servername<br />
(default is server2.pem)<br />
-key2 arg - Private Key file to use for servername, in cert file if<br />
not specified (default is server2.pem)<br />
-tlsextdebug - hex dump of all TLS extensions received<br />
-no_ticket - disable use of RFC4507bis session tickets<br />
-legacy_renegotiation - enable use of legacy renegotiation (dangerous)<br />
-nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)<br />
-use_srtp profiles - Offer SRTP key management with a colon-separated profile list<br />
-keymatexport label - Export keying material using label<br />
-keymatexportlen len - Export len bytes of keying material (default 20)<br />
</pre><br />
<br />
==== s_client ====<br />
<br />
This implements a generic SSL/TLS client<br />
<br />
<pre><br />
unknown option --help<br />
usage: s_client args<br />
<br />
-host host - use -connect instead<br />
-port port - use -connect instead<br />
-connect host:port - who to connect to (default is localhost:4433)<br />
-verify arg - turn on peer certificate verification<br />
-cert arg - certificate file to use, PEM format assumed<br />
-certform arg - certificate format (PEM or DER) PEM default<br />
-key arg - Private key file to use, in cert file if<br />
not specified but cert file is.<br />
-keyform arg - key format (PEM or DER) PEM default<br />
-pass arg - private key file pass phrase source<br />
-CApath arg - PEM format directory of CA's<br />
-CAfile arg - PEM format file of CA's<br />
-reconnect - Drop and re-make the connection with the same Session-ID<br />
-pause - sleep(1) after each read(2) and write(2) system call<br />
-showcerts - show all certificates in the chain<br />
-debug - extra output<br />
-msg - Show protocol messages<br />
-nbio_test - more ssl protocol testing<br />
-state - print the 'ssl' states<br />
-nbio - Run with non-blocking IO<br />
-crlf - convert LF from terminal into CRLF<br />
-quiet - no s_client output<br />
-ign_eof - ignore input eof (default when -quiet)<br />
-no_ign_eof - don't ignore input eof<br />
-psk_identity arg - PSK identity<br />
-psk arg - PSK in hex (without 0x)<br />
-srpuser user - SRP authentification for 'user'<br />
-srppass arg - password for 'user'<br />
-srp_lateuser - SRP username into second ClientHello message<br />
-srp_moregroups - Tolerate other than the known g N values.<br />
-srp_strength int - minimal mength in bits for N (default 1024).<br />
-ssl2 - just use SSLv2<br />
-ssl3 - just use SSLv3<br />
-tls1_2 - just use TLSv1.2<br />
-tls1_1 - just use TLSv1.1<br />
-tls1 - just use TLSv1<br />
-dtls1 - just use DTLSv1<br />
-mtu - set the link layer MTU<br />
-no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol<br />
-bugs - Switch on all SSL implementation bug workarounds<br />
-serverpref - Use server's cipher preferences (only SSLv2)<br />
-cipher - preferred cipher to use, use the 'openssl ciphers'<br />
command to see what is available<br />
-starttls prot - use the STARTTLS command before starting TLS<br />
for those protocols that support it, where<br />
'prot' defines which one to assume. Currently,<br />
only "smtp", "pop3", "imap", "ftp" and "xmpp"<br />
are supported.<br />
-engine id - Initialise and use the specified engine<br />
-rand file:file:...<br />
-sess_out arg - file to write SSL session to<br />
-sess_in arg - file to read SSL session from<br />
-servername host - Set TLS extension servername in ClientHello<br />
-tlsextdebug - hex dump of all TLS extensions received<br />
-status - request certificate status from server<br />
-no_ticket - disable use of RFC4507bis session tickets<br />
-nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)<br />
-legacy_renegotiation - enable use of legacy renegotiation (dangerous)<br />
-use_srtp profiles - Offer SRTP key management with a colon-separated profile list<br />
-keymatexport label - Export keying material using label<br />
-keymatexportlen len - Export len bytes of keying material (default 20)<br />
</pre><br />
<br />
==== ocsp ====<br />
<br />
<br />
=== Signing / Digest and Timestamping ===<br />
<br />
==== Signing / Digest ====<br />
<br />
<pre><br />
openssl dgst --help<br />
unknown option '--help'<br />
options are<br />
-c to output the digest with separating colons<br />
-r to output the digest in coreutils format<br />
-d to output debug info<br />
-hex output as hex dump<br />
-binary output in binary form<br />
-hmac arg set the HMAC key to arg<br />
-non-fips-allow allow use of non FIPS digest<br />
-sign file sign digest using private key in file<br />
-verify file verify a signature using public key in file<br />
-prverify file verify a signature using private key in file<br />
-keyform arg key file format (PEM or ENGINE)<br />
-out filename output to filename rather than stdout<br />
-signature file signature to verify<br />
-sigopt nm:v signature parameter<br />
-hmac key create hashed MAC with key<br />
-mac algorithm create MAC (not neccessarily HMAC)<br />
-macopt nm:v MAC algorithm parameters or key<br />
-engine e use engine e, possibly a hardware device.<br />
-md4 to use the md4 message digest algorithm<br />
-md5 to use the md5 message digest algorithm<br />
-ripemd160 to use the ripemd160 message digest algorithm<br />
-sha to use the sha message digest algorithm<br />
-sha1 to use the sha1 message digest algorithm<br />
-sha224 to use the sha224 message digest algorithm<br />
-sha256 to use the sha256 message digest algorithm<br />
-sha384 to use the sha384 message digest algorithm<br />
-sha512 to use the sha512 message digest algorithm<br />
-whirlpool to use the whirlpool message digest algorithm<br />
</pre><br />
==== timestamping ====<br />
<br />
openssl ts<br />
<br />
<pre><br />
usage:<br />
ts -query [-rand file:file:...] [-config configfile] [-data file_to_hash] [-digest digest_bytes][-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] [-policy object_id] [-no_nonce] [-cert] [-in request.tsq] [-out request.tsq] [-text]<br />
or<br />
ts -reply [-config configfile] [-section tsa_section] [-queryfile request.tsq] [-passin password] [-signer tsa_cert.pem] [-inkey private_key.pem] [-chain certs_file.pem] [-policy object_id] [-in response.tsr] [-token_in] [-out response.tsr] [-token_out] [-text] [-engine id]<br />
or<br />
ts -verify [-data file_to_hash] [-digest digest_bytes] [-queryfile request.tsq] -in response.tsr [-token_in] -CApath ca_path -CAfile ca_file.pem -untrusted cert_file.pem<br />
</pre><br />
<br />
=== Data handling ===<br />
<br />
==== ASN.1 ====<br />
<br />
[[DER]] decoding <br />
<br />
<pre><br />
openssl asn1parse --help<br />
unknown option --help<br />
asn1parse [options] <infile<br />
where options are<br />
-inform arg input format - one of DER PEM<br />
-in arg input file<br />
-out arg output file (output format is always DER<br />
-noout arg don't produce any output<br />
-offset arg offset into file<br />
-length arg length of section in file<br />
-i indent entries<br />
-dump dump unknown data in hex form<br />
-dlimit arg dump the first arg bytes of unknown data in hex form<br />
-oid file file of extra oid definitions<br />
-strparse offset<br />
a series of these can be used to 'dig' into multiple<br />
ASN1 blob wrappings<br />
-genstr str string to generate ASN1 structure from<br />
-genconf file file to generate ASN1 structure from<br />
</pre><br />
<br />
==== Base64 ====<br />
<br />
base64 encoding / decoding<br />
<br />
[[Base64]]<br />
<br />
===== a String =====<br />
<br />
<pre><br />
openssl base64 -e <<< 'Welcome to openssl wiki'<br />
V2VsY29tZSB0byBvcGVuc3NsIHdpa2kK<br />
openssl base64 -d <<< 'V2VsY29tZSB0byBvcGVuc3NsIHdpa2kK'<br />
Welcome to openssl wiki<br />
</pre><br />
<br />
warning '''base64 line length is limited to 76 characters by default in openssl''' ( and generated with 64 characters / line ).<br />
<br />
<pre><br />
openssl base64 -e <<< 'Welcome to openssl wiki with a very long line that splits...'<br />
V2VsY29tZSB0byBvcGVuc3NsIHdpa2kgd2l0aCBhIHZlcnkgbG9uZyBsaW5lIHRo<br />
YXQgc3BsaXRzLi4uCg==<br />
openssl base64 -d <<< 'V2VsY29tZSB0byBvcGVuc3NsIHdpa2kgd2l0aCBhIHZlcnkgbG9uZyBsaW5lIHRoYXQgc3BsaXRzLi4uCg=='<br />
</pre><br />
=> NOTHING !<br />
<br />
to be able to decode a base64 line without line feed that exceed 76 characters use -A option :<br />
<br />
<pre><br />
openssl base64 -d -A <<< 'V2VsY29tZSB0byBvcGVuc3NsIHdpa2kgd2l0aCBhIHZlcnkgbG9uZyBsaW5lIHRoYXQgc3BsaXRzLi4uCg=='<br />
Welcome to openssl wiki with a very long line that splits...<br />
</pre><br />
<br />
This is anyway better to actualy split base64 result in 64 characters lines since -A option is BUGGY ( limit with long files ).<br />
<br />
==== DER <-> PEM conversion ====<br />
<br />
on each command handling PEM and DER format an '''inform''' and '''outform''' options are provided to specify it.<br />
Then it is easy to read it in format and write it in another<br />
<br />
==== pkcs8 / pkcs5 ====<br />
<br />
pkcs8 is a format to store private keys.<br />
pkcs8 uses various pkcs5 version as subformat.<br />
<br />
<pre><br />
openssl pkcs8 --help<br />
Usage pkcs8 [options]<br />
where options are<br />
-in file input file<br />
-inform X input format (DER or PEM)<br />
-passin arg input file pass phrase source<br />
-outform X output format (DER or PEM)<br />
-out file output file<br />
-passout arg output file pass phrase source<br />
-topk8 output PKCS8 file<br />
-nooct use (nonstandard) no octet format<br />
-embed use (nonstandard) embedded DSA parameters format<br />
-nsdb use (nonstandard) DSA Netscape DB format<br />
-noiter use 1 as iteration count<br />
-nocrypt use or expect unencrypted private key<br />
-v2 alg use PKCS#5 v2.0 and cipher "alg"<br />
-v1 obj use PKCS#5 v1.5 and cipher "alg"<br />
-engine e use engine e, possibly a hardware device.<br />
</pre><br />
<br />
=== Diagnostics ===<br />
<br />
==== SSL/TLS session information ====<br />
<br />
<pre><br />
openssl sess_id --help<br />
unknown option --help<br />
usage: sess_id args<br />
<br />
-inform arg - input format - default PEM (DER or PEM)<br />
-outform arg - output format - default PEM<br />
-in arg - input file - default stdin<br />
-out arg - output file - default stdout<br />
-text - print ssl session id details<br />
-cert - output certificate <br />
-noout - no CRL output<br />
-context arg - set the session ID context<br />
</pre><br />
<br />
[[Category:Shell level]]</div>Bernardhhttps://wiki.openssl.org/index.php?title=Command_Line_Utilities&diff=1927Command Line Utilities2014-09-01T11:21:38Z<p>Bernardh: /* Public Key Cryptographic Operations */</p>
<hr />
<div>[http://www.openssl.org/docs/apps/openssl.html OpenSSL site command line tools]<br />
<br />
=== Getting started with your openssl toolkit ===<br />
<br />
When installed on your system openssl binary (usually /usr/bin/openssl on linux) is an entry point for many functions. You call it following the pattern<br />
<pre><br />
$ openssl command [ command_opts ] [ command_args ] <br />
</pre><br />
<br />
Alternatively you can call it without arguments to enter the interactive mode with an 'OpenSSL>' prompt. Then you can directly type your commands. You can leave the interactive mode with Ctrl+C or Ctrl+D or by typing 'quit':<br />
<pre><br />
OpenSSL> quit<br />
</pre><br />
<br />
There are three different kinds of commands. These are [[standard commands]], [[cipher commands]], and [[message-digest commands]]. In the following an overview over some commands is given. These are grouped by purpose and not necessarily by the classification just mentioned.<br />
<br />
=== Learn about your installation ===<br />
<br />
==== List commands by type ====<br />
<br />
You can get a list of available commands by calling<br />
<br />
<pre><br />
$ openssl list-standard-commands<br />
$ openssl list-cipher-commands<br />
$ openssl list-message-digest-commands<br />
</pre><br />
<br />
==== version ====<br />
<br />
OpenSSL> version<br />
OpenSSL 1.0.1e 11 Feb 2013<br />
<br />
==== ciphers ====<br />
<br />
returns SSL/TLS ciphers supported.<br />
<br />
<pre><br />
OpenSSL> ciphers<br />
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5<br />
</pre><br />
<br />
openssl list-cipher-algorithms<br />
<br />
openssl list-public-key-algorithms<br />
<pre><br />
Name: OpenSSL RSA method<br />
Type: Builtin Algorithm<br />
OID: rsaEncryption<br />
PEM string: RSA<br />
Name: rsa<br />
Type: Alias to rsaEncryption<br />
Name: OpenSSL PKCS#3 DH method<br />
Type: Builtin Algorithm<br />
OID: dhKeyAgreement<br />
PEM string: DH<br />
Name: dsaWithSHA<br />
Type: Alias to dsaEncryption<br />
Name: dsaEncryption-old<br />
Type: Alias to dsaEncryption<br />
Name: dsaWithSHA1-old<br />
Type: Alias to dsaEncryption<br />
Name: dsaWithSHA1<br />
Type: Alias to dsaEncryption<br />
Name: OpenSSL DSA method<br />
Type: Builtin Algorithm<br />
OID: dsaEncryption<br />
PEM string: DSA<br />
Name: OpenSSL EC algorithm<br />
Type: Builtin Algorithm<br />
OID: id-ecPublicKey<br />
PEM string: EC<br />
Name: OpenSSL HMAC method<br />
Type: Builtin Algorithm<br />
OID: hmac<br />
PEM string: HMAC<br />
Name: OpenSSL CMAC method<br />
Type: Builtin Algorithm<br />
OID: cmac<br />
PEM string: CMAC<br />
</pre><br />
<br />
==== engine ====<br />
<br />
OpenSSL> engine<br />
(rsax) RSAX engine support<br />
(dynamic) Dynamic engine loading support<br />
<br />
==== speed ====<br />
<br />
returns informations of toolkit performance on cryptographic functions computations.<br />
<br />
( Ex: on Linux 3.1.0-1-amd64 #1 SMP x86_64 GNU/Linux, HP dv7 i7 4Gb )<br />
<br />
<pre><br />
Doing md4 for 3s on 16 size blocks: 12430613 md4's in 3.00s<br />
...<br />
Doing md5 for 3s on 16 size blocks: 8943943 md5's in 2.99s<br />
Doing md5 for 3s on 64 size blocks: 6560162 md5's in 3.00s<br />
Doing md5 for 3s on 256 size blocks: 3674563 md5's in 3.00s<br />
Doing md5 for 3s on 1024 size blocks: 1325803 md5's in 3.00s<br />
Doing md5 for 3s on 8192 size blocks: 190271 md5's in 3.00s<br />
Doing hmac(md5) for 3s on 16 size blocks: 7289025 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 64 size blocks: 5519732 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 256 size blocks: 3319123 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 1024 size blocks: 1275475 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 8192 size blocks: 187134 hmac(md5)'s in 3.00s<br />
Doing sha1 for 3s on 16 size blocks: 10089842 sha1's in 2.99s<br />
Doing sha1 for 3s on 64 size blocks: 7033355 sha1's in 3.00s<br />
Doing sha1 for 3s on 256 size blocks: 3919372 sha1's in 3.00s<br />
Doing sha1 for 3s on 1024 size blocks: 1374314 sha1's in 3.00s<br />
Doing sha1 for 3s on 8192 size blocks: 198808 sha1's in 3.00s<br />
Doing sha256 for 3s on 16 size blocks: 6462822 sha256's in 3.00s<br />
Doing sha256 for 3s on 64 size blocks: 3504641 sha256's in 3.00s<br />
Doing sha256 for 3s on 256 size blocks: 1486771 sha256's in 3.00s<br />
Doing sha256 for 3s on 1024 size blocks: 440613 sha256's in 3.00s<br />
Doing sha256 for 3s on 8192 size blocks: 58418 sha256's in 3.00s<br />
Doing sha512 for 3s on 16 size blocks: 5040453 sha512's in 2.99s<br />
Doing sha512 for 3s on 64 size blocks: 5089425 sha512's in 3.00s<br />
Doing sha512 for 3s on 256 size blocks: 1865240 sha512's in 3.00s<br />
Doing sha512 for 3s on 1024 size blocks: 643708 sha512's in 3.00s<br />
Doing sha512 for 3s on 8192 size blocks: 90615 sha512's in 3.00s<br />
...<br />
Doing whirlpool for 3s on 8192 size blocks: 33204 whirlpool's in 3.00s<br />
...<br />
Doing rmd160 for 3s on 8192 size blocks: 66719 rmd160's in 3.00s<br />
...<br />
Doing rc4 for 3s on 8192 size blocks: 238972 rc4's in 3.00s<br />
...<br />
Doing des cbc for 3s on 8192 size blocks: 19837 des cbc's in 3.00s<br />
...<br />
Doing des ede3 for 3s on 8192 size blocks: 7706 des ede3's in 3.00s<br />
...<br />
Doing aes-128 cbc for 3s on 8192 size blocks: 35217 aes-128 cbc's in 3.00s<br />
...<br />
Doing aes-192 cbc for 3s on 8192 size blocks: 29225 aes-192 cbc's in 3.01s<br />
...<br />
Doing aes-256 cbc for 3s on 8192 size blocks: 24414 aes-256 cbc's in 3.00s<br />
...<br />
Doing aes-256 ige for 3s on 8192 size blocks: 23331 aes-256 ige's in 2.99s<br />
...<br />
</pre><br />
<br />
=== Basic encryption ===<br />
<br />
The command for symmetric encryption/decryption operations is [[enc|openssl enc]].<br />
<br />
For public key asymmetric encryption/decryption/sign/verify operations, use [[pkeyutl]] or the older RSA-specific [[rsautl]].<br />
<br />
==== Basic file ====<br />
<br />
to cipher a file or data to protect and share it protected by a shared key.<br />
<br />
symetric cipher :<br />
[[AES]] [[Blowfish]] [[RC4]] [[3DES]] [[RC2]] [[DES]] [[CAST5]] [[SEED]]<br />
<br />
block to stream conversion :<br />
[[ECB]] [[CBC]] [[OFB]] [[CFB]] [[CTR]] [[XTS]] [[GCM]]<br />
<br />
compression :<br />
[[ZLIB]]<br />
<br />
<pre><br />
Cipher commands (see the `enc' command for more details)<br />
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb <br />
aes-256-cbc aes-256-ecb base64 bf <br />
bf-cbc bf-cfb bf-ecb bf-ofb <br />
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb <br />
camellia-256-cbc camellia-256-ecb cast cast-cbc <br />
cast5-cbc cast5-cfb cast5-ecb cast5-ofb <br />
des des-cbc des-cfb des-ecb <br />
des-ede des-ede-cbc des-ede-cfb des-ede-ofb <br />
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb <br />
des-ofb des3 desx rc2 <br />
rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb <br />
rc2-ecb rc2-ofb rc4 rc4-40 <br />
seed seed-cbc seed-cfb seed-ecb <br />
seed-ofb zlib<br />
</pre><br />
<br />
<pre><br />
openssl enc --help<br />
unknown option '--help'<br />
options are<br />
-in <file> input file<br />
-out <file> output file<br />
-pass <arg> pass phrase source<br />
-e encrypt<br />
-d decrypt<br />
-a/-base64 base64 encode/decode, depending on encryption flag<br />
-k passphrase is the next argument<br />
-kfile passphrase is the first line of the file argument<br />
-md the next argument is the md to use to create a key<br />
from a passphrase. One of md2, md5, sha or sha1<br />
-S salt in hex is the next argument<br />
-K/-iv key/iv in hex is the next argument<br />
-[pP] print the iv/key (then exit if -P)<br />
-bufsize <n> buffer size<br />
-nopad disable standard block padding<br />
-engine e use engine e, possibly a hardware device.<br />
Cipher Types<br />
-aes-128-cbc -aes-128-cfb -aes-128-cfb1 <br />
-aes-128-cfb8 -aes-128-ctr -aes-128-ecb <br />
-aes-128-gcm -aes-128-ofb -aes-128-xts <br />
-aes-192-cbc -aes-192-cfb -aes-192-cfb1 <br />
-aes-192-cfb8 -aes-192-ctr -aes-192-ecb <br />
-aes-192-gcm -aes-192-ofb -aes-256-cbc <br />
-aes-256-cfb -aes-256-cfb1 -aes-256-cfb8 <br />
-aes-256-ctr -aes-256-ecb -aes-256-gcm <br />
-aes-256-ofb -aes-256-xts -aes128 <br />
-aes192 -aes256 -bf <br />
-bf-cbc -bf-cfb -bf-ecb <br />
-bf-ofb -blowfish -camellia-128-cbc <br />
-camellia-128-cfb -camellia-128-cfb1 -camellia-128-cfb8 <br />
-camellia-128-ecb -camellia-128-ofb -camellia-192-cbc <br />
-camellia-192-cfb -camellia-192-cfb1 -camellia-192-cfb8 <br />
-camellia-192-ecb -camellia-192-ofb -camellia-256-cbc <br />
-camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8 <br />
-camellia-256-ecb -camellia-256-ofb -camellia128 <br />
-camellia192 -camellia256 -cast <br />
-cast-cbc -cast5-cbc -cast5-cfb <br />
-cast5-ecb -cast5-ofb -des <br />
-des-cbc -des-cfb -des-cfb1 <br />
-des-cfb8 -des-ecb -des-ede <br />
-des-ede-cbc -des-ede-cfb -des-ede-ofb <br />
-des-ede3 -des-ede3-cbc -des-ede3-cfb <br />
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ofb <br />
-des-ofb -des3 -desx <br />
-desx-cbc -id-aes128-GCM -id-aes192-GCM <br />
-id-aes256-GCM -rc2 -rc2-40-cbc <br />
-rc2-64-cbc -rc2-cbc -rc2-cfb <br />
-rc2-ecb -rc2-ofb -rc4 <br />
-rc4-40 -rc4-hmac-md5 -seed <br />
-seed-cbc -seed-cfb -seed-ecb <br />
-seed-ofb <br />
</pre><br />
<br />
==== Mail / SMIME ====<br />
<br />
===== smime v2 pkcs7 1.5 =====<br />
<br />
<pre><br />
openssl smime --help<br />
Usage smime [options] cert.pem ...<br />
where options are<br />
-encrypt encrypt message<br />
-decrypt decrypt encrypted message<br />
-sign sign message<br />
-verify verify signed message<br />
-pk7out output PKCS#7 structure<br />
-des3 encrypt with triple DES<br />
-des encrypt with DES<br />
-seed encrypt with SEED<br />
-rc2-40 encrypt with RC2-40 (default)<br />
-rc2-64 encrypt with RC2-64<br />
-rc2-128 encrypt with RC2-128<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-nointern don't search certificates in message for signer<br />
-nosigs don't verify message signature<br />
-noverify don't verify signers certificate<br />
-nocerts don't include signers certificate when signing<br />
-nodetach use opaque signing<br />
-noattr don't include any signed attributes<br />
-binary don't translate message to text<br />
-certfile file other certificates file<br />
-signer file signer certificate file<br />
-recip file recipient certificate file for decryption<br />
-in file input file<br />
-inform arg input format SMIME (default), PEM or DER<br />
-inkey file input private key (if not signer or recipient)<br />
-keyform arg input private key format (PEM or ENGINE)<br />
-out file output file<br />
-outform arg output format SMIME (default), PEM or DER<br />
-content file supply or override content for detached signature<br />
-to addr to address<br />
-from ad from address<br />
-subject s subject<br />
-text include or delete text MIME headers<br />
-CApath dir trusted certificates directory<br />
-CAfile file trusted certificates file<br />
-crl_check check revocation status of signer's certificate using CRLs<br />
-crl_check_all check revocation status of signer's certificate chain using CRLs<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg input file pass phrase source<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
cert.pem recipient certificate(s) for encryption<br />
</pre><br />
<br />
===== smime v3 cms =====<br />
<br />
<pre><br />
openssl cms --help<br />
Usage cms [options] cert.pem ...<br />
where options are<br />
-encrypt encrypt message<br />
-decrypt decrypt encrypted message<br />
-sign sign message<br />
-verify verify signed message<br />
-cmsout output CMS structure<br />
-des3 encrypt with triple DES<br />
-des encrypt with DES<br />
-seed encrypt with SEED<br />
-rc2-40 encrypt with RC2-40 (default)<br />
-rc2-64 encrypt with RC2-64<br />
-rc2-128 encrypt with RC2-128<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-nointern don't search certificates in message for signer<br />
-nosigs don't verify message signature<br />
-noverify don't verify signers certificate<br />
-nocerts don't include signers certificate when signing<br />
-nodetach use opaque signing<br />
-noattr don't include any signed attributes<br />
-binary don't translate message to text<br />
-certfile file other certificates file<br />
-certsout file certificate output file<br />
-signer file signer certificate file<br />
-recip file recipient certificate file for decryption<br />
-keyid use subject key identifier<br />
-in file input file<br />
-inform arg input format SMIME (default), PEM or DER<br />
-inkey file input private key (if not signer or recipient)<br />
-keyform arg input private key format (PEM or ENGINE)<br />
-out file output file<br />
-outform arg output format SMIME (default), PEM or DER<br />
-content file supply or override content for detached signature<br />
-to addr to address<br />
-from ad from address<br />
-subject s subject<br />
-text include or delete text MIME headers<br />
-CApath dir trusted certificates directory<br />
-CAfile file trusted certificates file<br />
-crl_check check revocation status of signer's certificate using CRLs<br />
-crl_check_all check revocation status of signer's certificate chain using CRLs<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg input file pass phrase source<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
cert.pem recipient certificate(s) for encryption<br />
</pre><br />
<br />
==== Public Key Cryptographic Operations ====<br />
<br />
<pre><br />
openssl pkeyutl --help<br />
Usage: pkeyutl [options]<br />
-in file input file<br />
-out file output file<br />
-sigfile file signature file (verify operation only)<br />
-inkey file input key<br />
-keyform arg private key format - default PEM<br />
-pubin input is a public key<br />
-certin input is a certificate carrying a public key<br />
-pkeyopt X:Y public key options<br />
-sign sign with private key<br />
-verify verify with public key<br />
-verifyrecover verify with public key, recover original data<br />
-encrypt encrypt with public key<br />
-decrypt decrypt with private key<br />
-derive derive shared secret<br />
-hexdump hex dump output<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg pass phrase source<br />
</pre><br />
<br />
Legacy RSA command:<br />
<pre><br />
openssl rsautl --help<br />
Usage: rsautl [options]<br />
-in file input file<br />
-out file output file<br />
-inkey file input key<br />
-keyform arg private key format - default PEM<br />
-pubin input is an RSA public<br />
-certin input is a certificate carrying an RSA public key<br />
-ssl use SSL v2 padding<br />
-raw use no padding<br />
-pkcs use PKCS#1 v1.5 padding (default)<br />
-oaep use PKCS#1 OAEP<br />
-sign sign with private key<br />
-verify verify with public key<br />
-encrypt encrypt with public key<br />
-decrypt decrypt with private key<br />
-hexdump hex dump output<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg pass phrase source<br />
</pre><br />
<br />
=== Create / Handle Public Key Certificates ===<br />
<br />
This requires you have a knowledge of what PKI is ( Certificate Authorities, Certificate Request, Certificate, Public Key, Private Key )<br />
<br />
Classical use case is to obtain a valid Certificate for a Secured Web site ( https protocol ).<br />
First you create a Private Key ( will be created together with Public key ).<br />
Then create a Certificate Request for that private key with some informations for purpose of future Certificate.<br />
Then send that Certificate Request to a Certificate Authority ( CA ) that will issue a Certificate that CA signed. For well known CA you need to pay. <br />
Up to you to install your Private key together with the received Certificate on your system. <br />
<br />
It exists graphical front-end to operate openssl wihtin a GUI : [http://xca.sourceforge.net/ XCA]<br />
<br />
==== Key Generation ====<br />
<br />
===== rsa / genrsa =====<br />
<br />
RSA is the most common type of Public/Private Key.<br />
Private Key part should never be disclosed while public key part is ... public.<br />
<br />
<pre><br />
openssl genrsa --help<br />
usage: genrsa [args] [numbits]<br />
-des encrypt the generated key with DES in cbc mode<br />
-des3 encrypt the generated key with DES in ede cbc mode (168 bit key)<br />
-seed<br />
encrypt PEM output with cbc seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-out file output the key to 'file<br />
-passout arg output file pass phrase source<br />
-f4 use F4 (0x10001) for the E value<br />
-3 use 3 for the E value<br />
-engine e use engine e, possibly a hardware device.<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
</pre><br />
<br />
<pre><br />
rsa help<br />
unknown option help<br />
rsa [options] <infile >outfile<br />
where options are<br />
-inform arg input format - one of DER NET PEM<br />
-outform arg output format - one of DER NET PEM<br />
-in arg input file<br />
-sgckey Use IIS SGC key format<br />
-passin arg input file pass phrase source<br />
-out arg output file<br />
-passout arg output file pass phrase source<br />
-des encrypt PEM output with cbc des<br />
-des3 encrypt PEM output with ede cbc des using 168 bit key<br />
-seed encrypt PEM output with cbc seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-text print the key in text<br />
-noout don't print key out<br />
-modulus print the RSA key modulus<br />
-check verify key consistency<br />
-pubin expect a public key in input file<br />
-pubout output a public key<br />
-engine e use engine e, possibly a hardware device.<br />
error in rsa<br />
</pre><br />
<br />
===== dsa / gendsa=====<br />
<br />
dsa is a less common Public/Private key scheme, but can be seen anyway, so ...<br />
<br />
<pre><br />
openssl gendsa<br />
usage: gendsa [args] dsaparam-file<br />
-out file - output the key to 'file'<br />
-des - encrypt the generated key with DES in cbc mode<br />
-des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)<br />
-seed<br />
encrypt PEM output with cbc seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-engine e - use engine e, possibly a hardware device.<br />
-rand file:file:...<br />
- load the file (or the files in the directory) into<br />
the random number generator<br />
dsaparam-file<br />
- a DSA parameter file as generated by the dsaparam command<br />
<br />
</pre><br />
<br />
<pre><br />
OpenSSL> dsa help<br />
unknown option help<br />
dsa [options] <infile >outfile<br />
where options are<br />
-inform arg input format - DER or PEM<br />
-outform arg output format - DER or PEM<br />
-in arg input file<br />
-passin arg input file pass phrase source<br />
-out arg output file<br />
-passout arg output file pass phrase source<br />
-engine e use engine e, possibly a hardware device.<br />
-des encrypt PEM output with cbc des<br />
-des3 encrypt PEM output with ede cbc des using 168 bit key<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-seed encrypt PEM output with cbc seed<br />
-text print the key in text<br />
-noout don't print key out<br />
-modulus print the DSA public value<br />
error in dsa<br />
</pre><br />
<br />
===== Elliptic Curves / ec ecparam =====<br />
<br />
[[Elliptic_Curve_Cryptography]]<br />
<br />
See [[Command Line Elliptic Curve Operations]] for a description of these commands.<br />
<br />
<pre><br />
openssl ecparam --help<br />
unknown option --help<br />
ecparam [options] <infile >outfile<br />
where options are<br />
-inform arg input format - default PEM (DER or PEM)<br />
-outform arg output format - default PEM<br />
-in arg input file - default stdin<br />
-out arg output file - default stdout<br />
-noout do not print the ec parameter<br />
-text print the ec parameters in text form<br />
-check validate the ec parameters<br />
-C print a 'C' function creating the parameters<br />
-name arg use the ec parameters with 'short name' name<br />
-list_curves prints a list of all currently available curve 'short names'<br />
-conv_form arg specifies the point conversion form <br />
possible values: compressed<br />
uncompressed (default)<br />
hybrid<br />
-param_enc arg specifies the way the ec parameters are encoded<br />
in the asn1 der encoding<br />
possible values: named_curve (default)<br />
explicit<br />
-no_seed if 'explicit' parameters are chosen do not use the seed<br />
-genkey generate ec key<br />
-rand file files to use for random number input<br />
-engine e use engine e, possibly a hardware device<br />
</pre><br />
<br />
<pre><br />
ec [options] <infile >outfile<br />
where options are<br />
-inform arg input format - DER or PEM<br />
-outform arg output format - DER or PEM<br />
-in arg input file<br />
-passin arg input file pass phrase source<br />
-out arg output file<br />
-passout arg output file pass phrase source<br />
-engine e use engine e, possibly a hardware device.<br />
-des encrypt PEM output, instead of 'des' every other <br />
cipher supported by OpenSSL can be used<br />
-text print the key<br />
-noout don't print key out<br />
-param_out print the elliptic curve parameters<br />
-conv_form arg specifies the point conversion form <br />
possible values: compressed<br />
uncompressed (default)<br />
hybrid<br />
-param_enc arg specifies the way the ec parameters are encoded<br />
in the asn1 der encoding<br />
possible values: named_curve (default)<br />
explicit<br />
</pre><br />
<br />
==== Certificate Authority / ca ====<br />
<br />
When you want to act as a Certificate Authority.<br />
<br />
OpenSSL> ca<br />
Using configuration from /usr/lib/ssl/openssl.cnf<br />
Error opening CA private key ./demoCA/private/cakey.pem<br />
140492277311144:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('./demoCA/private/cakey.pem','r')<br />
140492277311144:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:<br />
unable to load CA private key<br />
error in ca<br />
<br />
By default you don't have ca created...<br />
<br />
==== Certificate Request / pkcs10 / req ====<br />
<br />
OpenSSL> req ?<br />
unknown option ?<br />
req [options] <infile >outfile<br />
where options are<br />
-inform arg input format - DER or PEM<br />
-outform arg output format - DER or PEM<br />
-in arg input file<br />
-out arg output file<br />
-text text form of request<br />
-pubkey output public key<br />
-noout do not output REQ<br />
-verify verify signature on REQ<br />
-modulus RSA modulus<br />
-nodes don't encrypt the output key<br />
-engine e use engine e, possibly a hardware device<br />
-subject output the request's subject<br />
-passin private key password source<br />
-key file use the private key contained in file<br />
-keyform arg key file format<br />
-keyout arg file to send the key to<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
-newkey rsa:bits generate a new RSA key of 'bits' in size<br />
-newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'<br />
-newkey ec:file generate a new EC key, parameters taken from CA in 'file'<br />
-[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)<br />
-config file request template file.<br />
-subj arg set or modify request subject<br />
-multivalue-rdn enable support for multivalued RDNs<br />
-new new request.<br />
-batch do not ask anything during request generation<br />
-x509 output a x509 structure instead of a cert. req.<br />
-days number of days a certificate generated by -x509 is valid for.<br />
-set_serial serial number to use for a certificate generated by -x509.<br />
-newhdr output "NEW" in the header lines<br />
-asn1-kludge Output the 'request' in a format that is wrong but some CA's<br />
have been reported as requiring<br />
-extensions .. specify certificate extension section (override value in config file)<br />
-reqexts .. specify request extension section (override value in config file)<br />
-utf8 input characters are UTF8 (default ASCII)<br />
-nameopt arg - various certificate name options<br />
-reqopt arg - various request text options<br />
<br />
error in req<br />
<br />
==== Certificates AKA x509 ====<br />
<br />
x509 command allows you to display content of a x509 certificate and to convert it from/to [[PEM]], [[NET]] or [[DER]] formats.<br />
<br />
OpenSSL> x509 help<br />
unknown option help<br />
usage: x509 args<br />
-inform arg - input format - default PEM (one of DER, NET or PEM)<br />
-outform arg - output format - default PEM (one of DER, NET or PEM)<br />
-keyform arg - private key format - default PEM<br />
-CAform arg - CA format - default PEM<br />
-CAkeyform arg - CA key format - default PEM<br />
-in arg - input file - default stdin<br />
-out arg - output file - default stdout<br />
-passin arg - private key password source<br />
-serial - print serial number value<br />
-subject_hash - print subject hash value<br />
-subject_hash_old - print old-style (MD5) subject hash value<br />
-issuer_hash - print issuer hash value<br />
-issuer_hash_old - print old-style (MD5) issuer hash value<br />
-hash - synonym for -subject_hash<br />
-subject - print subject DN<br />
-issuer - print issuer DN<br />
-email - print email address(es)<br />
-startdate - notBefore field<br />
-enddate - notAfter field<br />
-purpose - print out certificate purposes<br />
-dates - both Before and After dates<br />
-modulus - print the RSA key modulus<br />
-pubkey - output the public key<br />
-fingerprint - print the certificate fingerprint<br />
-alias - output certificate alias<br />
-noout - no certificate output<br />
-ocspid - print OCSP hash values for the subject name and public key<br />
-ocsp_uri - print OCSP Responder URL(s)<br />
-trustout - output a "trusted" certificate<br />
-clrtrust - clear all trusted purposes<br />
-clrreject - clear all rejected purposes<br />
-addtrust arg - trust certificate for a given purpose<br />
-addreject arg - reject certificate for a given purpose<br />
-setalias arg - set certificate alias<br />
-days arg - How long till expiry of a signed certificate - def 30 days<br />
-checkend arg - check whether the cert expires in the next arg seconds<br />
exit 1 if so, 0 if not<br />
-signkey arg - self sign cert with arg<br />
-x509toreq - output a certification request object<br />
-req - input is a certificate request, sign and output.<br />
-CA arg - set the CA certificate, must be PEM format.<br />
-CAkey arg - set the CA key, must be PEM format<br />
missing, it is assumed to be in the CA file.<br />
-CAcreateserial - create serial number file if it does not exist<br />
-CAserial arg - serial file<br />
-set_serial - serial number to use<br />
-text - print the certificate in text form<br />
-C - print out C code forms<br />
-md2/-md5/-sha1/-mdc2 - digest to use<br />
-extfile - configuration file with X509V3 extensions to add<br />
-extensions - section from config file with X509V3 extensions to add<br />
-clrext - delete extensions before signing and input certificate<br />
-nameopt arg - various certificate name options<br />
-engine e - use engine e, possibly a hardware device.<br />
-certopt arg - various certificate text options<br />
<br />
==== Client Certificates AKA pkcs12 ====<br />
<br />
Client Certificate is a language abuse, but anyway it is kind of file you need to install on your system when SSL/TLS server require Client Authentication.<br />
Those kind of certificates credentials are known with .'''pkcs12''' or .'''pfx''' file extension.<br />
They contains a x509 Certificate and the public/private key of client. Those files are then very sensible to handle with same security as a private key.<br />
<br />
<pre><br />
Usage: pkcs12 [options]<br />
where options are<br />
-export output PKCS12 file<br />
-chain add certificate chain<br />
-inkey file private key if not infile<br />
-certfile f add all certs in f<br />
-CApath arg - PEM format directory of CA's<br />
-CAfile arg - PEM format file of CA's<br />
-name "name" use name as friendly name<br />
-caname "nm" use nm as CA friendly name (can be used more than once).<br />
-in infile input filename<br />
-out outfile output filename<br />
-noout don't output anything, just verify.<br />
-nomacver don't verify MAC.<br />
-nocerts don't output certificates.<br />
-clcerts only output client certificates.<br />
-cacerts only output CA certificates.<br />
-nokeys don't output private keys.<br />
-info give info about PKCS#12 structure.<br />
-des encrypt private keys with DES<br />
-des3 encrypt private keys with triple DES (default)<br />
-seed encrypt private keys with seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-nodes don't encrypt private keys<br />
-noiter don't use encryption iteration<br />
-nomaciter don't use MAC iteration<br />
-maciter use MAC iteration<br />
-nomac don't generate MAC<br />
-twopass separate MAC, encryption passwords<br />
-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)<br />
-certpbe alg specify certificate PBE algorithm (default RC2-40)<br />
-keypbe alg specify private key PBE algorithm (default 3DES)<br />
-macalg alg digest algorithm used in MAC (default SHA1)<br />
-keyex set MS key exchange type<br />
-keysig set MS key signature type<br />
-password p set import/export password source<br />
-passin p input file pass phrase source<br />
-passout p output file pass phrase source<br />
-engine e use engine e, possibly a hardware device.<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
-CSP name Microsoft CSP name<br />
-LMK Add local machine keyset attribute to private key<br />
</pre><br />
<br />
=== SSL/TLS and Certificates ONLINE services ===<br />
<br />
==== s_server ====<br />
<br />
This implements a generic SSL/TLS server. <br />
<br />
<pre><br />
openssl s_server<br />
Error opening server certificate private key file server.pem<br />
139811478357672:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('server.pem','r')<br />
139811478357672:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:<br />
unable to load server certificate private key file<br />
</pre><br />
<br />
'''you need to provide certificate and private key to be able to run SSL/TLS server.'''<br />
<br />
<pre><br />
openssl s_server --help<br />
unknown option --help<br />
usage: s_server [args ...]<br />
<br />
-accept arg - port to accept on (default is 4433)<br />
-context arg - set session ID context<br />
-verify arg - turn on peer certificate verification<br />
-Verify arg - turn on peer certificate verification, must have a cert.<br />
-cert arg - certificate file to use<br />
(default is server.pem)<br />
-crl_check - check the peer certificate has not been revoked by its CA.<br />
The CRL(s) are appended to the certificate file<br />
-crl_check_all - check the peer certificate has not been revoked by its CA<br />
or any other CRL in the CA chain. CRL(s) are appened to the<br />
the certificate file.<br />
-certform arg - certificate format (PEM or DER) PEM default<br />
-key arg - Private Key file to use, in cert file if<br />
not specified (default is server.pem)<br />
-keyform arg - key format (PEM, DER or ENGINE) PEM default<br />
-pass arg - private key file pass phrase source<br />
-dcert arg - second certificate file to use (usually for DSA)<br />
-dcertform x - second certificate format (PEM or DER) PEM default<br />
-dkey arg - second private key file to use (usually for DSA)<br />
-dkeyform arg - second key format (PEM, DER or ENGINE) PEM default<br />
-dpass arg - second private key file pass phrase source<br />
-dhparam arg - DH parameter file to use, in cert file if not specified<br />
or a default set of parameters is used<br />
-named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.<br />
Use "openssl ecparam -list_curves" for all names<br />
(default is nistp256).<br />
-nbio - Run with non-blocking IO<br />
-nbio_test - test with the non-blocking test bio<br />
-crlf - convert LF from terminal into CRLF<br />
-debug - Print more output<br />
-msg - Show protocol messages<br />
-state - Print the SSL states<br />
-CApath arg - PEM format directory of CA's<br />
-CAfile arg - PEM format file of CA's<br />
-nocert - Don't use any certificates (Anon-DH)<br />
-cipher arg - play with 'openssl ciphers' to see what goes here<br />
-serverpref - Use server's cipher preferences<br />
-quiet - No server output<br />
-no_tmp_rsa - Do not generate a tmp RSA key<br />
-psk_hint arg - PSK identity hint to use<br />
-psk arg - PSK in hex (without 0x)<br />
-srpvfile file - The verifier file for SRP<br />
-srpuserseed string - A seed string for a default user salt.<br />
-ssl2 - Just talk SSLv2<br />
-ssl3 - Just talk SSLv3<br />
-tls1_2 - Just talk TLSv1.2<br />
-tls1_1 - Just talk TLSv1.1<br />
-tls1 - Just talk TLSv1<br />
-dtls1 - Just talk DTLSv1<br />
-timeout - Enable timeouts<br />
-mtu - Set link layer MTU<br />
-chain - Read a certificate chain<br />
-no_ssl2 - Just disable SSLv2<br />
-no_ssl3 - Just disable SSLv3<br />
-no_tls1 - Just disable TLSv1<br />
-no_tls1_1 - Just disable TLSv1.1<br />
-no_tls1_2 - Just disable TLSv1.2<br />
-no_dhe - Disable ephemeral DH<br />
-no_ecdhe - Disable ephemeral ECDH<br />
-bugs - Turn on SSL bug compatibility<br />
-www - Respond to a 'GET /' with a status page<br />
-WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path><br />
-HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path><br />
with the assumption it contains a complete HTTP response.<br />
-engine id - Initialise and use the specified engine<br />
-id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'<br />
-rand file:file:...<br />
-servername host - servername for HostName TLS extension<br />
-servername_fatal - on mismatch send fatal alert (default warning alert)<br />
-cert2 arg - certificate file to use for servername<br />
(default is server2.pem)<br />
-key2 arg - Private Key file to use for servername, in cert file if<br />
not specified (default is server2.pem)<br />
-tlsextdebug - hex dump of all TLS extensions received<br />
-no_ticket - disable use of RFC4507bis session tickets<br />
-legacy_renegotiation - enable use of legacy renegotiation (dangerous)<br />
-nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)<br />
-use_srtp profiles - Offer SRTP key management with a colon-separated profile list<br />
-keymatexport label - Export keying material using label<br />
-keymatexportlen len - Export len bytes of keying material (default 20)<br />
</pre><br />
<br />
==== s_client ====<br />
<br />
This implements a generic SSL/TLS client<br />
<br />
<pre><br />
unknown option --help<br />
usage: s_client args<br />
<br />
-host host - use -connect instead<br />
-port port - use -connect instead<br />
-connect host:port - who to connect to (default is localhost:4433)<br />
-verify arg - turn on peer certificate verification<br />
-cert arg - certificate file to use, PEM format assumed<br />
-certform arg - certificate format (PEM or DER) PEM default<br />
-key arg - Private key file to use, in cert file if<br />
not specified but cert file is.<br />
-keyform arg - key format (PEM or DER) PEM default<br />
-pass arg - private key file pass phrase source<br />
-CApath arg - PEM format directory of CA's<br />
-CAfile arg - PEM format file of CA's<br />
-reconnect - Drop and re-make the connection with the same Session-ID<br />
-pause - sleep(1) after each read(2) and write(2) system call<br />
-showcerts - show all certificates in the chain<br />
-debug - extra output<br />
-msg - Show protocol messages<br />
-nbio_test - more ssl protocol testing<br />
-state - print the 'ssl' states<br />
-nbio - Run with non-blocking IO<br />
-crlf - convert LF from terminal into CRLF<br />
-quiet - no s_client output<br />
-ign_eof - ignore input eof (default when -quiet)<br />
-no_ign_eof - don't ignore input eof<br />
-psk_identity arg - PSK identity<br />
-psk arg - PSK in hex (without 0x)<br />
-srpuser user - SRP authentification for 'user'<br />
-srppass arg - password for 'user'<br />
-srp_lateuser - SRP username into second ClientHello message<br />
-srp_moregroups - Tolerate other than the known g N values.<br />
-srp_strength int - minimal mength in bits for N (default 1024).<br />
-ssl2 - just use SSLv2<br />
-ssl3 - just use SSLv3<br />
-tls1_2 - just use TLSv1.2<br />
-tls1_1 - just use TLSv1.1<br />
-tls1 - just use TLSv1<br />
-dtls1 - just use DTLSv1<br />
-mtu - set the link layer MTU<br />
-no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol<br />
-bugs - Switch on all SSL implementation bug workarounds<br />
-serverpref - Use server's cipher preferences (only SSLv2)<br />
-cipher - preferred cipher to use, use the 'openssl ciphers'<br />
command to see what is available<br />
-starttls prot - use the STARTTLS command before starting TLS<br />
for those protocols that support it, where<br />
'prot' defines which one to assume. Currently,<br />
only "smtp", "pop3", "imap", "ftp" and "xmpp"<br />
are supported.<br />
-engine id - Initialise and use the specified engine<br />
-rand file:file:...<br />
-sess_out arg - file to write SSL session to<br />
-sess_in arg - file to read SSL session from<br />
-servername host - Set TLS extension servername in ClientHello<br />
-tlsextdebug - hex dump of all TLS extensions received<br />
-status - request certificate status from server<br />
-no_ticket - disable use of RFC4507bis session tickets<br />
-nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)<br />
-legacy_renegotiation - enable use of legacy renegotiation (dangerous)<br />
-use_srtp profiles - Offer SRTP key management with a colon-separated profile list<br />
-keymatexport label - Export keying material using label<br />
-keymatexportlen len - Export len bytes of keying material (default 20)<br />
</pre><br />
<br />
==== ocsp ====<br />
<br />
<br />
=== Signing / Digest and Timestamping ===<br />
<br />
==== Signing / Digest ====<br />
<br />
<pre><br />
openssl dgst --help<br />
unknown option '--help'<br />
options are<br />
-c to output the digest with separating colons<br />
-r to output the digest in coreutils format<br />
-d to output debug info<br />
-hex output as hex dump<br />
-binary output in binary form<br />
-hmac arg set the HMAC key to arg<br />
-non-fips-allow allow use of non FIPS digest<br />
-sign file sign digest using private key in file<br />
-verify file verify a signature using public key in file<br />
-prverify file verify a signature using private key in file<br />
-keyform arg key file format (PEM or ENGINE)<br />
-out filename output to filename rather than stdout<br />
-signature file signature to verify<br />
-sigopt nm:v signature parameter<br />
-hmac key create hashed MAC with key<br />
-mac algorithm create MAC (not neccessarily HMAC)<br />
-macopt nm:v MAC algorithm parameters or key<br />
-engine e use engine e, possibly a hardware device.<br />
-md4 to use the md4 message digest algorithm<br />
-md5 to use the md5 message digest algorithm<br />
-ripemd160 to use the ripemd160 message digest algorithm<br />
-sha to use the sha message digest algorithm<br />
-sha1 to use the sha1 message digest algorithm<br />
-sha224 to use the sha224 message digest algorithm<br />
-sha256 to use the sha256 message digest algorithm<br />
-sha384 to use the sha384 message digest algorithm<br />
-sha512 to use the sha512 message digest algorithm<br />
-whirlpool to use the whirlpool message digest algorithm<br />
</pre><br />
==== timestamping ====<br />
<br />
openssl ts<br />
<br />
<pre><br />
usage:<br />
ts -query [-rand file:file:...] [-config configfile] [-data file_to_hash] [-digest digest_bytes][-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] [-policy object_id] [-no_nonce] [-cert] [-in request.tsq] [-out request.tsq] [-text]<br />
or<br />
ts -reply [-config configfile] [-section tsa_section] [-queryfile request.tsq] [-passin password] [-signer tsa_cert.pem] [-inkey private_key.pem] [-chain certs_file.pem] [-policy object_id] [-in response.tsr] [-token_in] [-out response.tsr] [-token_out] [-text] [-engine id]<br />
or<br />
ts -verify [-data file_to_hash] [-digest digest_bytes] [-queryfile request.tsq] -in response.tsr [-token_in] -CApath ca_path -CAfile ca_file.pem -untrusted cert_file.pem<br />
</pre><br />
<br />
=== Data handling ===<br />
<br />
==== ASN.1 ====<br />
<br />
[[DER]] decoding <br />
<br />
openssl asn1parse<br />
<br />
==== Base64 ====<br />
<br />
base64 encoding / decoding<br />
<br />
[[Base64]]<br />
<br />
===== a String =====<br />
<br />
<pre><br />
openssl base64 -e <<< 'Welcome to openssl wiki'<br />
V2VsY29tZSB0byBvcGVuc3NsIHdpa2kK<br />
openssl base64 -d <<< 'V2VsY29tZSB0byBvcGVuc3NsIHdpa2kK'<br />
Welcome to openssl wiki<br />
</pre><br />
<br />
warning '''base64 line length is limited to 76 characters by default in openssl''' ( and generated with 64 characters / line ).<br />
<br />
<pre><br />
openssl base64 -e <<< 'Welcome to openssl wiki with a very long line that splits...'<br />
V2VsY29tZSB0byBvcGVuc3NsIHdpa2kgd2l0aCBhIHZlcnkgbG9uZyBsaW5lIHRo<br />
YXQgc3BsaXRzLi4uCg==<br />
openssl base64 -d <<< 'V2VsY29tZSB0byBvcGVuc3NsIHdpa2kgd2l0aCBhIHZlcnkgbG9uZyBsaW5lIHRoYXQgc3BsaXRzLi4uCg=='<br />
</pre><br />
=> NOTHING !<br />
<br />
to be able to decode a base64 line without line feed that exceed 76 characters use -A option :<br />
<br />
<pre><br />
openssl base64 -d -A <<< 'V2VsY29tZSB0byBvcGVuc3NsIHdpa2kgd2l0aCBhIHZlcnkgbG9uZyBsaW5lIHRoYXQgc3BsaXRzLi4uCg=='<br />
Welcome to openssl wiki with a very long line that splits...<br />
</pre><br />
<br />
This is anyway better to actualy split base64 result in 64 characters lines since -A option is BUGGY ( limit with long files ).<br />
<br />
==== DER <-> PEM conversion ====<br />
<br />
on each command handling PEM and DER format an '''inform''' and '''outform''' options are provided to specify it.<br />
Then it is easy to read it in format and write it in another<br />
<br />
==== pkcs8 / pkcs5 ====<br />
<br />
pkcs8 is a format to store private keys.<br />
pkcs8 uses various pkcs5 version as subformat.<br />
<br />
<pre><br />
openssl pkcs8 --help<br />
Usage pkcs8 [options]<br />
where options are<br />
-in file input file<br />
-inform X input format (DER or PEM)<br />
-passin arg input file pass phrase source<br />
-outform X output format (DER or PEM)<br />
-out file output file<br />
-passout arg output file pass phrase source<br />
-topk8 output PKCS8 file<br />
-nooct use (nonstandard) no octet format<br />
-embed use (nonstandard) embedded DSA parameters format<br />
-nsdb use (nonstandard) DSA Netscape DB format<br />
-noiter use 1 as iteration count<br />
-nocrypt use or expect unencrypted private key<br />
-v2 alg use PKCS#5 v2.0 and cipher "alg"<br />
-v1 obj use PKCS#5 v1.5 and cipher "alg"<br />
-engine e use engine e, possibly a hardware device.<br />
</pre><br />
<br />
=== Diagnostics ===<br />
<br />
==== SSL/TLS session information ====<br />
<br />
<pre><br />
openssl sess_id --help<br />
unknown option --help<br />
usage: sess_id args<br />
<br />
-inform arg - input format - default PEM (DER or PEM)<br />
-outform arg - output format - default PEM<br />
-in arg - input file - default stdin<br />
-out arg - output file - default stdout<br />
-text - print ssl session id details<br />
-cert - output certificate <br />
-noout - no CRL output<br />
-context arg - set the session ID context<br />
</pre><br />
<br />
[[Category:Shell level]]</div>Bernardhhttps://wiki.openssl.org/index.php?title=Command_Line_Utilities&diff=1926Command Line Utilities2014-09-01T10:59:17Z<p>Bernardh: /* Basic encryption */</p>
<hr />
<div>[http://www.openssl.org/docs/apps/openssl.html OpenSSL site command line tools]<br />
<br />
=== Getting started with your openssl toolkit ===<br />
<br />
When installed on your system openssl binary (usually /usr/bin/openssl on linux) is an entry point for many functions. You call it following the pattern<br />
<pre><br />
$ openssl command [ command_opts ] [ command_args ] <br />
</pre><br />
<br />
Alternatively you can call it without arguments to enter the interactive mode with an 'OpenSSL>' prompt. Then you can directly type your commands. You can leave the interactive mode with Ctrl+C or Ctrl+D or by typing 'quit':<br />
<pre><br />
OpenSSL> quit<br />
</pre><br />
<br />
There are three different kinds of commands. These are [[standard commands]], [[cipher commands]], and [[message-digest commands]]. In the following an overview over some commands is given. These are grouped by purpose and not necessarily by the classification just mentioned.<br />
<br />
=== Learn about your installation ===<br />
<br />
==== List commands by type ====<br />
<br />
You can get a list of available commands by calling<br />
<br />
<pre><br />
$ openssl list-standard-commands<br />
$ openssl list-cipher-commands<br />
$ openssl list-message-digest-commands<br />
</pre><br />
<br />
==== version ====<br />
<br />
OpenSSL> version<br />
OpenSSL 1.0.1e 11 Feb 2013<br />
<br />
==== ciphers ====<br />
<br />
returns SSL/TLS ciphers supported.<br />
<br />
<pre><br />
OpenSSL> ciphers<br />
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5<br />
</pre><br />
<br />
openssl list-cipher-algorithms<br />
<br />
openssl list-public-key-algorithms<br />
<pre><br />
Name: OpenSSL RSA method<br />
Type: Builtin Algorithm<br />
OID: rsaEncryption<br />
PEM string: RSA<br />
Name: rsa<br />
Type: Alias to rsaEncryption<br />
Name: OpenSSL PKCS#3 DH method<br />
Type: Builtin Algorithm<br />
OID: dhKeyAgreement<br />
PEM string: DH<br />
Name: dsaWithSHA<br />
Type: Alias to dsaEncryption<br />
Name: dsaEncryption-old<br />
Type: Alias to dsaEncryption<br />
Name: dsaWithSHA1-old<br />
Type: Alias to dsaEncryption<br />
Name: dsaWithSHA1<br />
Type: Alias to dsaEncryption<br />
Name: OpenSSL DSA method<br />
Type: Builtin Algorithm<br />
OID: dsaEncryption<br />
PEM string: DSA<br />
Name: OpenSSL EC algorithm<br />
Type: Builtin Algorithm<br />
OID: id-ecPublicKey<br />
PEM string: EC<br />
Name: OpenSSL HMAC method<br />
Type: Builtin Algorithm<br />
OID: hmac<br />
PEM string: HMAC<br />
Name: OpenSSL CMAC method<br />
Type: Builtin Algorithm<br />
OID: cmac<br />
PEM string: CMAC<br />
</pre><br />
<br />
==== engine ====<br />
<br />
OpenSSL> engine<br />
(rsax) RSAX engine support<br />
(dynamic) Dynamic engine loading support<br />
<br />
==== speed ====<br />
<br />
returns informations of toolkit performance on cryptographic functions computations.<br />
<br />
( Ex: on Linux 3.1.0-1-amd64 #1 SMP x86_64 GNU/Linux, HP dv7 i7 4Gb )<br />
<br />
<pre><br />
Doing md4 for 3s on 16 size blocks: 12430613 md4's in 3.00s<br />
...<br />
Doing md5 for 3s on 16 size blocks: 8943943 md5's in 2.99s<br />
Doing md5 for 3s on 64 size blocks: 6560162 md5's in 3.00s<br />
Doing md5 for 3s on 256 size blocks: 3674563 md5's in 3.00s<br />
Doing md5 for 3s on 1024 size blocks: 1325803 md5's in 3.00s<br />
Doing md5 for 3s on 8192 size blocks: 190271 md5's in 3.00s<br />
Doing hmac(md5) for 3s on 16 size blocks: 7289025 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 64 size blocks: 5519732 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 256 size blocks: 3319123 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 1024 size blocks: 1275475 hmac(md5)'s in 3.00s<br />
Doing hmac(md5) for 3s on 8192 size blocks: 187134 hmac(md5)'s in 3.00s<br />
Doing sha1 for 3s on 16 size blocks: 10089842 sha1's in 2.99s<br />
Doing sha1 for 3s on 64 size blocks: 7033355 sha1's in 3.00s<br />
Doing sha1 for 3s on 256 size blocks: 3919372 sha1's in 3.00s<br />
Doing sha1 for 3s on 1024 size blocks: 1374314 sha1's in 3.00s<br />
Doing sha1 for 3s on 8192 size blocks: 198808 sha1's in 3.00s<br />
Doing sha256 for 3s on 16 size blocks: 6462822 sha256's in 3.00s<br />
Doing sha256 for 3s on 64 size blocks: 3504641 sha256's in 3.00s<br />
Doing sha256 for 3s on 256 size blocks: 1486771 sha256's in 3.00s<br />
Doing sha256 for 3s on 1024 size blocks: 440613 sha256's in 3.00s<br />
Doing sha256 for 3s on 8192 size blocks: 58418 sha256's in 3.00s<br />
Doing sha512 for 3s on 16 size blocks: 5040453 sha512's in 2.99s<br />
Doing sha512 for 3s on 64 size blocks: 5089425 sha512's in 3.00s<br />
Doing sha512 for 3s on 256 size blocks: 1865240 sha512's in 3.00s<br />
Doing sha512 for 3s on 1024 size blocks: 643708 sha512's in 3.00s<br />
Doing sha512 for 3s on 8192 size blocks: 90615 sha512's in 3.00s<br />
...<br />
Doing whirlpool for 3s on 8192 size blocks: 33204 whirlpool's in 3.00s<br />
...<br />
Doing rmd160 for 3s on 8192 size blocks: 66719 rmd160's in 3.00s<br />
...<br />
Doing rc4 for 3s on 8192 size blocks: 238972 rc4's in 3.00s<br />
...<br />
Doing des cbc for 3s on 8192 size blocks: 19837 des cbc's in 3.00s<br />
...<br />
Doing des ede3 for 3s on 8192 size blocks: 7706 des ede3's in 3.00s<br />
...<br />
Doing aes-128 cbc for 3s on 8192 size blocks: 35217 aes-128 cbc's in 3.00s<br />
...<br />
Doing aes-192 cbc for 3s on 8192 size blocks: 29225 aes-192 cbc's in 3.01s<br />
...<br />
Doing aes-256 cbc for 3s on 8192 size blocks: 24414 aes-256 cbc's in 3.00s<br />
...<br />
Doing aes-256 ige for 3s on 8192 size blocks: 23331 aes-256 ige's in 2.99s<br />
...<br />
</pre><br />
<br />
=== Basic encryption ===<br />
<br />
The command for symmetric encryption/decryption operations is [[enc|openssl enc]].<br />
<br />
For public key asymmetric encryption/decryption/sign/verify operations, use [[pkeyutl]] or the older RSA-specific [[rsautl]].<br />
<br />
==== Basic file ====<br />
<br />
to cipher a file or data to protect and share it protected by a shared key.<br />
<br />
symetric cipher :<br />
[[AES]] [[Blowfish]] [[RC4]] [[3DES]] [[RC2]] [[DES]] [[CAST5]] [[SEED]]<br />
<br />
block to stream conversion :<br />
[[ECB]] [[CBC]] [[OFB]] [[CFB]] [[CTR]] [[XTS]] [[GCM]]<br />
<br />
compression :<br />
[[ZLIB]]<br />
<br />
<pre><br />
Cipher commands (see the `enc' command for more details)<br />
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb <br />
aes-256-cbc aes-256-ecb base64 bf <br />
bf-cbc bf-cfb bf-ecb bf-ofb <br />
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb <br />
camellia-256-cbc camellia-256-ecb cast cast-cbc <br />
cast5-cbc cast5-cfb cast5-ecb cast5-ofb <br />
des des-cbc des-cfb des-ecb <br />
des-ede des-ede-cbc des-ede-cfb des-ede-ofb <br />
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb <br />
des-ofb des3 desx rc2 <br />
rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb <br />
rc2-ecb rc2-ofb rc4 rc4-40 <br />
seed seed-cbc seed-cfb seed-ecb <br />
seed-ofb zlib<br />
</pre><br />
<br />
<pre><br />
openssl enc --help<br />
unknown option '--help'<br />
options are<br />
-in <file> input file<br />
-out <file> output file<br />
-pass <arg> pass phrase source<br />
-e encrypt<br />
-d decrypt<br />
-a/-base64 base64 encode/decode, depending on encryption flag<br />
-k passphrase is the next argument<br />
-kfile passphrase is the first line of the file argument<br />
-md the next argument is the md to use to create a key<br />
from a passphrase. One of md2, md5, sha or sha1<br />
-S salt in hex is the next argument<br />
-K/-iv key/iv in hex is the next argument<br />
-[pP] print the iv/key (then exit if -P)<br />
-bufsize <n> buffer size<br />
-nopad disable standard block padding<br />
-engine e use engine e, possibly a hardware device.<br />
Cipher Types<br />
-aes-128-cbc -aes-128-cfb -aes-128-cfb1 <br />
-aes-128-cfb8 -aes-128-ctr -aes-128-ecb <br />
-aes-128-gcm -aes-128-ofb -aes-128-xts <br />
-aes-192-cbc -aes-192-cfb -aes-192-cfb1 <br />
-aes-192-cfb8 -aes-192-ctr -aes-192-ecb <br />
-aes-192-gcm -aes-192-ofb -aes-256-cbc <br />
-aes-256-cfb -aes-256-cfb1 -aes-256-cfb8 <br />
-aes-256-ctr -aes-256-ecb -aes-256-gcm <br />
-aes-256-ofb -aes-256-xts -aes128 <br />
-aes192 -aes256 -bf <br />
-bf-cbc -bf-cfb -bf-ecb <br />
-bf-ofb -blowfish -camellia-128-cbc <br />
-camellia-128-cfb -camellia-128-cfb1 -camellia-128-cfb8 <br />
-camellia-128-ecb -camellia-128-ofb -camellia-192-cbc <br />
-camellia-192-cfb -camellia-192-cfb1 -camellia-192-cfb8 <br />
-camellia-192-ecb -camellia-192-ofb -camellia-256-cbc <br />
-camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8 <br />
-camellia-256-ecb -camellia-256-ofb -camellia128 <br />
-camellia192 -camellia256 -cast <br />
-cast-cbc -cast5-cbc -cast5-cfb <br />
-cast5-ecb -cast5-ofb -des <br />
-des-cbc -des-cfb -des-cfb1 <br />
-des-cfb8 -des-ecb -des-ede <br />
-des-ede-cbc -des-ede-cfb -des-ede-ofb <br />
-des-ede3 -des-ede3-cbc -des-ede3-cfb <br />
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ofb <br />
-des-ofb -des3 -desx <br />
-desx-cbc -id-aes128-GCM -id-aes192-GCM <br />
-id-aes256-GCM -rc2 -rc2-40-cbc <br />
-rc2-64-cbc -rc2-cbc -rc2-cfb <br />
-rc2-ecb -rc2-ofb -rc4 <br />
-rc4-40 -rc4-hmac-md5 -seed <br />
-seed-cbc -seed-cfb -seed-ecb <br />
-seed-ofb <br />
</pre><br />
<br />
==== Mail / SMIME ====<br />
<br />
===== smime v2 pkcs7 1.5 =====<br />
<br />
<pre><br />
openssl smime --help<br />
Usage smime [options] cert.pem ...<br />
where options are<br />
-encrypt encrypt message<br />
-decrypt decrypt encrypted message<br />
-sign sign message<br />
-verify verify signed message<br />
-pk7out output PKCS#7 structure<br />
-des3 encrypt with triple DES<br />
-des encrypt with DES<br />
-seed encrypt with SEED<br />
-rc2-40 encrypt with RC2-40 (default)<br />
-rc2-64 encrypt with RC2-64<br />
-rc2-128 encrypt with RC2-128<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-nointern don't search certificates in message for signer<br />
-nosigs don't verify message signature<br />
-noverify don't verify signers certificate<br />
-nocerts don't include signers certificate when signing<br />
-nodetach use opaque signing<br />
-noattr don't include any signed attributes<br />
-binary don't translate message to text<br />
-certfile file other certificates file<br />
-signer file signer certificate file<br />
-recip file recipient certificate file for decryption<br />
-in file input file<br />
-inform arg input format SMIME (default), PEM or DER<br />
-inkey file input private key (if not signer or recipient)<br />
-keyform arg input private key format (PEM or ENGINE)<br />
-out file output file<br />
-outform arg output format SMIME (default), PEM or DER<br />
-content file supply or override content for detached signature<br />
-to addr to address<br />
-from ad from address<br />
-subject s subject<br />
-text include or delete text MIME headers<br />
-CApath dir trusted certificates directory<br />
-CAfile file trusted certificates file<br />
-crl_check check revocation status of signer's certificate using CRLs<br />
-crl_check_all check revocation status of signer's certificate chain using CRLs<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg input file pass phrase source<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
cert.pem recipient certificate(s) for encryption<br />
</pre><br />
<br />
===== smime v3 cms =====<br />
<br />
<pre><br />
openssl cms --help<br />
Usage cms [options] cert.pem ...<br />
where options are<br />
-encrypt encrypt message<br />
-decrypt decrypt encrypted message<br />
-sign sign message<br />
-verify verify signed message<br />
-cmsout output CMS structure<br />
-des3 encrypt with triple DES<br />
-des encrypt with DES<br />
-seed encrypt with SEED<br />
-rc2-40 encrypt with RC2-40 (default)<br />
-rc2-64 encrypt with RC2-64<br />
-rc2-128 encrypt with RC2-128<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-nointern don't search certificates in message for signer<br />
-nosigs don't verify message signature<br />
-noverify don't verify signers certificate<br />
-nocerts don't include signers certificate when signing<br />
-nodetach use opaque signing<br />
-noattr don't include any signed attributes<br />
-binary don't translate message to text<br />
-certfile file other certificates file<br />
-certsout file certificate output file<br />
-signer file signer certificate file<br />
-recip file recipient certificate file for decryption<br />
-keyid use subject key identifier<br />
-in file input file<br />
-inform arg input format SMIME (default), PEM or DER<br />
-inkey file input private key (if not signer or recipient)<br />
-keyform arg input private key format (PEM or ENGINE)<br />
-out file output file<br />
-outform arg output format SMIME (default), PEM or DER<br />
-content file supply or override content for detached signature<br />
-to addr to address<br />
-from ad from address<br />
-subject s subject<br />
-text include or delete text MIME headers<br />
-CApath dir trusted certificates directory<br />
-CAfile file trusted certificates file<br />
-crl_check check revocation status of signer's certificate using CRLs<br />
-crl_check_all check revocation status of signer's certificate chain using CRLs<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg input file pass phrase source<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
cert.pem recipient certificate(s) for encryption<br />
</pre><br />
<br />
==== Public Key Cryptographic Operations ====<br />
<br />
<pre><br />
C:\Utils\OpenSSL-Win32\bin>openssl pkeyutl --help<br />
Usage: pkeyutl [options]<br />
-in file input file<br />
-out file output file<br />
-sigfile file signature file (verify operation only)<br />
-inkey file input key<br />
-keyform arg private key format - default PEM<br />
-pubin input is a public key<br />
-certin input is a certificate carrying a public key<br />
-pkeyopt X:Y public key options<br />
-sign sign with private key<br />
-verify verify with public key<br />
-verifyrecover verify with public key, recover original data<br />
-encrypt encrypt with public key<br />
-decrypt decrypt with private key<br />
-derive derive shared secret<br />
-hexdump hex dump output<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg pass phrase source<br />
</pre><br />
<br />
Legacy RSA command:<br />
<pre><br />
C:\Utils\OpenSSL-Win32\bin>openssl rsautl --help<br />
Usage: rsautl [options]<br />
-in file input file<br />
-out file output file<br />
-inkey file input key<br />
-keyform arg private key format - default PEM<br />
-pubin input is an RSA public<br />
-certin input is a certificate carrying an RSA public key<br />
-ssl use SSL v2 padding<br />
-raw use no padding<br />
-pkcs use PKCS#1 v1.5 padding (default)<br />
-oaep use PKCS#1 OAEP<br />
-sign sign with private key<br />
-verify verify with public key<br />
-encrypt encrypt with public key<br />
-decrypt decrypt with private key<br />
-hexdump hex dump output<br />
-engine e use engine e, possibly a hardware device.<br />
-passin arg pass phrase source<br />
</pre><br />
<br />
=== Create / Handle Public Key Certificates ===<br />
<br />
This requires you have a knowledge of what PKI is ( Certificate Authorities, Certificate Request, Certificate, Public Key, Private Key )<br />
<br />
Classical use case is to obtain a valid Certificate for a Secured Web site ( https protocol ).<br />
First you create a Private Key ( will be created together with Public key ).<br />
Then create a Certificate Request for that private key with some informations for purpose of future Certificate.<br />
Then send that Certificate Request to a Certificate Authority ( CA ) that will issue a Certificate that CA signed. For well known CA you need to pay. <br />
Up to you to install your Private key together with the received Certificate on your system. <br />
<br />
It exists graphical front-end to operate openssl wihtin a GUI : [http://xca.sourceforge.net/ XCA]<br />
<br />
==== Key Generation ====<br />
<br />
===== rsa / genrsa =====<br />
<br />
RSA is the most common type of Public/Private Key.<br />
Private Key part should never be disclosed while public key part is ... public.<br />
<br />
<pre><br />
openssl genrsa --help<br />
usage: genrsa [args] [numbits]<br />
-des encrypt the generated key with DES in cbc mode<br />
-des3 encrypt the generated key with DES in ede cbc mode (168 bit key)<br />
-seed<br />
encrypt PEM output with cbc seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-out file output the key to 'file<br />
-passout arg output file pass phrase source<br />
-f4 use F4 (0x10001) for the E value<br />
-3 use 3 for the E value<br />
-engine e use engine e, possibly a hardware device.<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
</pre><br />
<br />
<pre><br />
rsa help<br />
unknown option help<br />
rsa [options] <infile >outfile<br />
where options are<br />
-inform arg input format - one of DER NET PEM<br />
-outform arg output format - one of DER NET PEM<br />
-in arg input file<br />
-sgckey Use IIS SGC key format<br />
-passin arg input file pass phrase source<br />
-out arg output file<br />
-passout arg output file pass phrase source<br />
-des encrypt PEM output with cbc des<br />
-des3 encrypt PEM output with ede cbc des using 168 bit key<br />
-seed encrypt PEM output with cbc seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-text print the key in text<br />
-noout don't print key out<br />
-modulus print the RSA key modulus<br />
-check verify key consistency<br />
-pubin expect a public key in input file<br />
-pubout output a public key<br />
-engine e use engine e, possibly a hardware device.<br />
error in rsa<br />
</pre><br />
<br />
===== dsa / gendsa=====<br />
<br />
dsa is a less common Public/Private key scheme, but can be seen anyway, so ...<br />
<br />
<pre><br />
openssl gendsa<br />
usage: gendsa [args] dsaparam-file<br />
-out file - output the key to 'file'<br />
-des - encrypt the generated key with DES in cbc mode<br />
-des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)<br />
-seed<br />
encrypt PEM output with cbc seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-engine e - use engine e, possibly a hardware device.<br />
-rand file:file:...<br />
- load the file (or the files in the directory) into<br />
the random number generator<br />
dsaparam-file<br />
- a DSA parameter file as generated by the dsaparam command<br />
<br />
</pre><br />
<br />
<pre><br />
OpenSSL> dsa help<br />
unknown option help<br />
dsa [options] <infile >outfile<br />
where options are<br />
-inform arg input format - DER or PEM<br />
-outform arg output format - DER or PEM<br />
-in arg input file<br />
-passin arg input file pass phrase source<br />
-out arg output file<br />
-passout arg output file pass phrase source<br />
-engine e use engine e, possibly a hardware device.<br />
-des encrypt PEM output with cbc des<br />
-des3 encrypt PEM output with ede cbc des using 168 bit key<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-seed encrypt PEM output with cbc seed<br />
-text print the key in text<br />
-noout don't print key out<br />
-modulus print the DSA public value<br />
error in dsa<br />
</pre><br />
<br />
===== Elliptic Curves / ec ecparam =====<br />
<br />
[[Elliptic_Curve_Cryptography]]<br />
<br />
See [[Command Line Elliptic Curve Operations]] for a description of these commands.<br />
<br />
<pre><br />
openssl ecparam --help<br />
unknown option --help<br />
ecparam [options] <infile >outfile<br />
where options are<br />
-inform arg input format - default PEM (DER or PEM)<br />
-outform arg output format - default PEM<br />
-in arg input file - default stdin<br />
-out arg output file - default stdout<br />
-noout do not print the ec parameter<br />
-text print the ec parameters in text form<br />
-check validate the ec parameters<br />
-C print a 'C' function creating the parameters<br />
-name arg use the ec parameters with 'short name' name<br />
-list_curves prints a list of all currently available curve 'short names'<br />
-conv_form arg specifies the point conversion form <br />
possible values: compressed<br />
uncompressed (default)<br />
hybrid<br />
-param_enc arg specifies the way the ec parameters are encoded<br />
in the asn1 der encoding<br />
possible values: named_curve (default)<br />
explicit<br />
-no_seed if 'explicit' parameters are chosen do not use the seed<br />
-genkey generate ec key<br />
-rand file files to use for random number input<br />
-engine e use engine e, possibly a hardware device<br />
</pre><br />
<br />
<pre><br />
ec [options] <infile >outfile<br />
where options are<br />
-inform arg input format - DER or PEM<br />
-outform arg output format - DER or PEM<br />
-in arg input file<br />
-passin arg input file pass phrase source<br />
-out arg output file<br />
-passout arg output file pass phrase source<br />
-engine e use engine e, possibly a hardware device.<br />
-des encrypt PEM output, instead of 'des' every other <br />
cipher supported by OpenSSL can be used<br />
-text print the key<br />
-noout don't print key out<br />
-param_out print the elliptic curve parameters<br />
-conv_form arg specifies the point conversion form <br />
possible values: compressed<br />
uncompressed (default)<br />
hybrid<br />
-param_enc arg specifies the way the ec parameters are encoded<br />
in the asn1 der encoding<br />
possible values: named_curve (default)<br />
explicit<br />
</pre><br />
<br />
==== Certificate Authority / ca ====<br />
<br />
When you want to act as a Certificate Authority.<br />
<br />
OpenSSL> ca<br />
Using configuration from /usr/lib/ssl/openssl.cnf<br />
Error opening CA private key ./demoCA/private/cakey.pem<br />
140492277311144:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('./demoCA/private/cakey.pem','r')<br />
140492277311144:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:<br />
unable to load CA private key<br />
error in ca<br />
<br />
By default you don't have ca created...<br />
<br />
==== Certificate Request / pkcs10 / req ====<br />
<br />
OpenSSL> req ?<br />
unknown option ?<br />
req [options] <infile >outfile<br />
where options are<br />
-inform arg input format - DER or PEM<br />
-outform arg output format - DER or PEM<br />
-in arg input file<br />
-out arg output file<br />
-text text form of request<br />
-pubkey output public key<br />
-noout do not output REQ<br />
-verify verify signature on REQ<br />
-modulus RSA modulus<br />
-nodes don't encrypt the output key<br />
-engine e use engine e, possibly a hardware device<br />
-subject output the request's subject<br />
-passin private key password source<br />
-key file use the private key contained in file<br />
-keyform arg key file format<br />
-keyout arg file to send the key to<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
-newkey rsa:bits generate a new RSA key of 'bits' in size<br />
-newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'<br />
-newkey ec:file generate a new EC key, parameters taken from CA in 'file'<br />
-[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)<br />
-config file request template file.<br />
-subj arg set or modify request subject<br />
-multivalue-rdn enable support for multivalued RDNs<br />
-new new request.<br />
-batch do not ask anything during request generation<br />
-x509 output a x509 structure instead of a cert. req.<br />
-days number of days a certificate generated by -x509 is valid for.<br />
-set_serial serial number to use for a certificate generated by -x509.<br />
-newhdr output "NEW" in the header lines<br />
-asn1-kludge Output the 'request' in a format that is wrong but some CA's<br />
have been reported as requiring<br />
-extensions .. specify certificate extension section (override value in config file)<br />
-reqexts .. specify request extension section (override value in config file)<br />
-utf8 input characters are UTF8 (default ASCII)<br />
-nameopt arg - various certificate name options<br />
-reqopt arg - various request text options<br />
<br />
error in req<br />
<br />
==== Certificates AKA x509 ====<br />
<br />
x509 command allows you to display content of a x509 certificate and to convert it from/to [[PEM]], [[NET]] or [[DER]] formats.<br />
<br />
OpenSSL> x509 help<br />
unknown option help<br />
usage: x509 args<br />
-inform arg - input format - default PEM (one of DER, NET or PEM)<br />
-outform arg - output format - default PEM (one of DER, NET or PEM)<br />
-keyform arg - private key format - default PEM<br />
-CAform arg - CA format - default PEM<br />
-CAkeyform arg - CA key format - default PEM<br />
-in arg - input file - default stdin<br />
-out arg - output file - default stdout<br />
-passin arg - private key password source<br />
-serial - print serial number value<br />
-subject_hash - print subject hash value<br />
-subject_hash_old - print old-style (MD5) subject hash value<br />
-issuer_hash - print issuer hash value<br />
-issuer_hash_old - print old-style (MD5) issuer hash value<br />
-hash - synonym for -subject_hash<br />
-subject - print subject DN<br />
-issuer - print issuer DN<br />
-email - print email address(es)<br />
-startdate - notBefore field<br />
-enddate - notAfter field<br />
-purpose - print out certificate purposes<br />
-dates - both Before and After dates<br />
-modulus - print the RSA key modulus<br />
-pubkey - output the public key<br />
-fingerprint - print the certificate fingerprint<br />
-alias - output certificate alias<br />
-noout - no certificate output<br />
-ocspid - print OCSP hash values for the subject name and public key<br />
-ocsp_uri - print OCSP Responder URL(s)<br />
-trustout - output a "trusted" certificate<br />
-clrtrust - clear all trusted purposes<br />
-clrreject - clear all rejected purposes<br />
-addtrust arg - trust certificate for a given purpose<br />
-addreject arg - reject certificate for a given purpose<br />
-setalias arg - set certificate alias<br />
-days arg - How long till expiry of a signed certificate - def 30 days<br />
-checkend arg - check whether the cert expires in the next arg seconds<br />
exit 1 if so, 0 if not<br />
-signkey arg - self sign cert with arg<br />
-x509toreq - output a certification request object<br />
-req - input is a certificate request, sign and output.<br />
-CA arg - set the CA certificate, must be PEM format.<br />
-CAkey arg - set the CA key, must be PEM format<br />
missing, it is assumed to be in the CA file.<br />
-CAcreateserial - create serial number file if it does not exist<br />
-CAserial arg - serial file<br />
-set_serial - serial number to use<br />
-text - print the certificate in text form<br />
-C - print out C code forms<br />
-md2/-md5/-sha1/-mdc2 - digest to use<br />
-extfile - configuration file with X509V3 extensions to add<br />
-extensions - section from config file with X509V3 extensions to add<br />
-clrext - delete extensions before signing and input certificate<br />
-nameopt arg - various certificate name options<br />
-engine e - use engine e, possibly a hardware device.<br />
-certopt arg - various certificate text options<br />
<br />
==== Client Certificates AKA pkcs12 ====<br />
<br />
Client Certificate is a language abuse, but anyway it is kind of file you need to install on your system when SSL/TLS server require Client Authentication.<br />
Those kind of certificates credentials are known with .'''pkcs12''' or .'''pfx''' file extension.<br />
They contains a x509 Certificate and the public/private key of client. Those files are then very sensible to handle with same security as a private key.<br />
<br />
<pre><br />
Usage: pkcs12 [options]<br />
where options are<br />
-export output PKCS12 file<br />
-chain add certificate chain<br />
-inkey file private key if not infile<br />
-certfile f add all certs in f<br />
-CApath arg - PEM format directory of CA's<br />
-CAfile arg - PEM format file of CA's<br />
-name "name" use name as friendly name<br />
-caname "nm" use nm as CA friendly name (can be used more than once).<br />
-in infile input filename<br />
-out outfile output filename<br />
-noout don't output anything, just verify.<br />
-nomacver don't verify MAC.<br />
-nocerts don't output certificates.<br />
-clcerts only output client certificates.<br />
-cacerts only output CA certificates.<br />
-nokeys don't output private keys.<br />
-info give info about PKCS#12 structure.<br />
-des encrypt private keys with DES<br />
-des3 encrypt private keys with triple DES (default)<br />
-seed encrypt private keys with seed<br />
-aes128, -aes192, -aes256<br />
encrypt PEM output with cbc aes<br />
-camellia128, -camellia192, -camellia256<br />
encrypt PEM output with cbc camellia<br />
-nodes don't encrypt private keys<br />
-noiter don't use encryption iteration<br />
-nomaciter don't use MAC iteration<br />
-maciter use MAC iteration<br />
-nomac don't generate MAC<br />
-twopass separate MAC, encryption passwords<br />
-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)<br />
-certpbe alg specify certificate PBE algorithm (default RC2-40)<br />
-keypbe alg specify private key PBE algorithm (default 3DES)<br />
-macalg alg digest algorithm used in MAC (default SHA1)<br />
-keyex set MS key exchange type<br />
-keysig set MS key signature type<br />
-password p set import/export password source<br />
-passin p input file pass phrase source<br />
-passout p output file pass phrase source<br />
-engine e use engine e, possibly a hardware device.<br />
-rand file:file:...<br />
load the file (or the files in the directory) into<br />
the random number generator<br />
-CSP name Microsoft CSP name<br />
-LMK Add local machine keyset attribute to private key<br />
</pre><br />
<br />
=== SSL/TLS and Certificates ONLINE services ===<br />
<br />
==== s_server ====<br />
<br />
This implements a generic SSL/TLS server. <br />
<br />
<pre><br />
openssl s_server<br />
Error opening server certificate private key file server.pem<br />
139811478357672:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('server.pem','r')<br />
139811478357672:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:<br />
unable to load server certificate private key file<br />
</pre><br />
<br />
'''you need to provide certificate and private key to be able to run SSL/TLS server.'''<br />
<br />
<pre><br />
openssl s_server --help<br />
unknown option --help<br />
usage: s_server [args ...]<br />
<br />
-accept arg - port to accept on (default is 4433)<br />
-context arg - set session ID context<br />
-verify arg - turn on peer certificate verification<br />
-Verify arg - turn on peer certificate verification, must have a cert.<br />
-cert arg - certificate file to use<br />
(default is server.pem)<br />
-crl_check - check the peer certificate has not been revoked by its CA.<br />
The CRL(s) are appended to the certificate file<br />
-crl_check_all - check the peer certificate has not been revoked by its CA<br />
or any other CRL in the CA chain. CRL(s) are appened to the<br />
the certificate file.<br />
-certform arg - certificate format (PEM or DER) PEM default<br />
-key arg - Private Key file to use, in cert file if<br />
not specified (default is server.pem)<br />
-keyform arg - key format (PEM, DER or ENGINE) PEM default<br />
-pass arg - private key file pass phrase source<br />
-dcert arg - second certificate file to use (usually for DSA)<br />
-dcertform x - second certificate format (PEM or DER) PEM default<br />
-dkey arg - second private key file to use (usually for DSA)<br />
-dkeyform arg - second key format (PEM, DER or ENGINE) PEM default<br />
-dpass arg - second private key file pass phrase source<br />
-dhparam arg - DH parameter file to use, in cert file if not specified<br />
or a default set of parameters is used<br />
-named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.<br />
Use "openssl ecparam -list_curves" for all names<br />
(default is nistp256).<br />
-nbio - Run with non-blocking IO<br />
-nbio_test - test with the non-blocking test bio<br />
-crlf - convert LF from terminal into CRLF<br />
-debug - Print more output<br />
-msg - Show protocol messages<br />
-state - Print the SSL states<br />
-CApath arg - PEM format directory of CA's<br />
-CAfile arg - PEM format file of CA's<br />
-nocert - Don't use any certificates (Anon-DH)<br />
-cipher arg - play with 'openssl ciphers' to see what goes here<br />
-serverpref - Use server's cipher preferences<br />
-quiet - No server output<br />
-no_tmp_rsa - Do not generate a tmp RSA key<br />
-psk_hint arg - PSK identity hint to use<br />
-psk arg - PSK in hex (without 0x)<br />
-srpvfile file - The verifier file for SRP<br />
-srpuserseed string - A seed string for a default user salt.<br />
-ssl2 - Just talk SSLv2<br />
-ssl3 - Just talk SSLv3<br />
-tls1_2 - Just talk TLSv1.2<br />
-tls1_1 - Just talk TLSv1.1<br />
-tls1 - Just talk TLSv1<br />
-dtls1 - Just talk DTLSv1<br />
-timeout - Enable timeouts<br />
-mtu - Set link layer MTU<br />
-chain - Read a certificate chain<br />
-no_ssl2 - Just disable SSLv2<br />
-no_ssl3 - Just disable SSLv3<br />
-no_tls1 - Just disable TLSv1<br />
-no_tls1_1 - Just disable TLSv1.1<br />
-no_tls1_2 - Just disable TLSv1.2<br />
-no_dhe - Disable ephemeral DH<br />
-no_ecdhe - Disable ephemeral ECDH<br />
-bugs - Turn on SSL bug compatibility<br />
-www - Respond to a 'GET /' with a status page<br />
-WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path><br />
-HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path><br />
with the assumption it contains a complete HTTP response.<br />
-engine id - Initialise and use the specified engine<br />
-id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'<br />
-rand file:file:...<br />
-servername host - servername for HostName TLS extension<br />
-servername_fatal - on mismatch send fatal alert (default warning alert)<br />
-cert2 arg - certificate file to use for servername<br />
(default is server2.pem)<br />
-key2 arg - Private Key file to use for servername, in cert file if<br />
not specified (default is server2.pem)<br />
-tlsextdebug - hex dump of all TLS extensions received<br />
-no_ticket - disable use of RFC4507bis session tickets<br />
-legacy_renegotiation - enable use of legacy renegotiation (dangerous)<br />
-nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)<br />
-use_srtp profiles - Offer SRTP key management with a colon-separated profile list<br />
-keymatexport label - Export keying material using label<br />
-keymatexportlen len - Export len bytes of keying material (default 20)<br />
</pre><br />
<br />
==== s_client ====<br />
<br />
This implements a generic SSL/TLS client<br />
<br />
<pre><br />
unknown option --help<br />
usage: s_client args<br />
<br />
-host host - use -connect instead<br />
-port port - use -connect instead<br />
-connect host:port - who to connect to (default is localhost:4433)<br />
-verify arg - turn on peer certificate verification<br />
-cert arg - certificate file to use, PEM format assumed<br />
-certform arg - certificate format (PEM or DER) PEM default<br />
-key arg - Private key file to use, in cert file if<br />
not specified but cert file is.<br />
-keyform arg - key format (PEM or DER) PEM default<br />
-pass arg - private key file pass phrase source<br />
-CApath arg - PEM format directory of CA's<br />
-CAfile arg - PEM format file of CA's<br />
-reconnect - Drop and re-make the connection with the same Session-ID<br />
-pause - sleep(1) after each read(2) and write(2) system call<br />
-showcerts - show all certificates in the chain<br />
-debug - extra output<br />
-msg - Show protocol messages<br />
-nbio_test - more ssl protocol testing<br />
-state - print the 'ssl' states<br />
-nbio - Run with non-blocking IO<br />
-crlf - convert LF from terminal into CRLF<br />
-quiet - no s_client output<br />
-ign_eof - ignore input eof (default when -quiet)<br />
-no_ign_eof - don't ignore input eof<br />
-psk_identity arg - PSK identity<br />
-psk arg - PSK in hex (without 0x)<br />
-srpuser user - SRP authentification for 'user'<br />
-srppass arg - password for 'user'<br />
-srp_lateuser - SRP username into second ClientHello message<br />
-srp_moregroups - Tolerate other than the known g N values.<br />
-srp_strength int - minimal mength in bits for N (default 1024).<br />
-ssl2 - just use SSLv2<br />
-ssl3 - just use SSLv3<br />
-tls1_2 - just use TLSv1.2<br />
-tls1_1 - just use TLSv1.1<br />
-tls1 - just use TLSv1<br />
-dtls1 - just use DTLSv1<br />
-mtu - set the link layer MTU<br />
-no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol<br />
-bugs - Switch on all SSL implementation bug workarounds<br />
-serverpref - Use server's cipher preferences (only SSLv2)<br />
-cipher - preferred cipher to use, use the 'openssl ciphers'<br />
command to see what is available<br />
-starttls prot - use the STARTTLS command before starting TLS<br />
for those protocols that support it, where<br />
'prot' defines which one to assume. Currently,<br />
only "smtp", "pop3", "imap", "ftp" and "xmpp"<br />
are supported.<br />
-engine id - Initialise and use the specified engine<br />
-rand file:file:...<br />
-sess_out arg - file to write SSL session to<br />
-sess_in arg - file to read SSL session from<br />
-servername host - Set TLS extension servername in ClientHello<br />
-tlsextdebug - hex dump of all TLS extensions received<br />
-status - request certificate status from server<br />
-no_ticket - disable use of RFC4507bis session tickets<br />
-nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)<br />
-legacy_renegotiation - enable use of legacy renegotiation (dangerous)<br />
-use_srtp profiles - Offer SRTP key management with a colon-separated profile list<br />
-keymatexport label - Export keying material using label<br />
-keymatexportlen len - Export len bytes of keying material (default 20)<br />
</pre><br />
<br />
==== ocsp ====<br />
<br />
<br />
=== Signing / Digest and Timestamping ===<br />
<br />
==== Signing / Digest ====<br />
<br />
<pre><br />
openssl dgst --help<br />
unknown option '--help'<br />
options are<br />
-c to output the digest with separating colons<br />
-r to output the digest in coreutils format<br />
-d to output debug info<br />
-hex output as hex dump<br />
-binary output in binary form<br />
-hmac arg set the HMAC key to arg<br />
-non-fips-allow allow use of non FIPS digest<br />
-sign file sign digest using private key in file<br />
-verify file verify a signature using public key in file<br />
-prverify file verify a signature using private key in file<br />
-keyform arg key file format (PEM or ENGINE)<br />
-out filename output to filename rather than stdout<br />
-signature file signature to verify<br />
-sigopt nm:v signature parameter<br />
-hmac key create hashed MAC with key<br />
-mac algorithm create MAC (not neccessarily HMAC)<br />
-macopt nm:v MAC algorithm parameters or key<br />
-engine e use engine e, possibly a hardware device.<br />
-md4 to use the md4 message digest algorithm<br />
-md5 to use the md5 message digest algorithm<br />
-ripemd160 to use the ripemd160 message digest algorithm<br />
-sha to use the sha message digest algorithm<br />
-sha1 to use the sha1 message digest algorithm<br />
-sha224 to use the sha224 message digest algorithm<br />
-sha256 to use the sha256 message digest algorithm<br />
-sha384 to use the sha384 message digest algorithm<br />
-sha512 to use the sha512 message digest algorithm<br />
-whirlpool to use the whirlpool message digest algorithm<br />
</pre><br />
==== timestamping ====<br />
<br />
openssl ts<br />
<br />
<pre><br />
usage:<br />
ts -query [-rand file:file:...] [-config configfile] [-data file_to_hash] [-digest digest_bytes][-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] [-policy object_id] [-no_nonce] [-cert] [-in request.tsq] [-out request.tsq] [-text]<br />
or<br />
ts -reply [-config configfile] [-section tsa_section] [-queryfile request.tsq] [-passin password] [-signer tsa_cert.pem] [-inkey private_key.pem] [-chain certs_file.pem] [-policy object_id] [-in response.tsr] [-token_in] [-out response.tsr] [-token_out] [-text] [-engine id]<br />
or<br />
ts -verify [-data file_to_hash] [-digest digest_bytes] [-queryfile request.tsq] -in response.tsr [-token_in] -CApath ca_path -CAfile ca_file.pem -untrusted cert_file.pem<br />
</pre><br />
<br />
=== Data handling ===<br />
<br />
==== ASN.1 ====<br />
<br />
[[DER]] decoding <br />
<br />
openssl asn1parse<br />
<br />
==== Base64 ====<br />
<br />
base64 encoding / decoding<br />
<br />
[[Base64]]<br />
<br />
===== a String =====<br />
<br />
<pre><br />
openssl base64 -e <<< 'Welcome to openssl wiki'<br />
V2VsY29tZSB0byBvcGVuc3NsIHdpa2kK<br />
openssl base64 -d <<< 'V2VsY29tZSB0byBvcGVuc3NsIHdpa2kK'<br />
Welcome to openssl wiki<br />
</pre><br />
<br />
warning '''base64 line length is limited to 76 characters by default in openssl''' ( and generated with 64 characters / line ).<br />
<br />
<pre><br />
openssl base64 -e <<< 'Welcome to openssl wiki with a very long line that splits...'<br />
V2VsY29tZSB0byBvcGVuc3NsIHdpa2kgd2l0aCBhIHZlcnkgbG9uZyBsaW5lIHRo<br />
YXQgc3BsaXRzLi4uCg==<br />
openssl base64 -d <<< 'V2VsY29tZSB0byBvcGVuc3NsIHdpa2kgd2l0aCBhIHZlcnkgbG9uZyBsaW5lIHRoYXQgc3BsaXRzLi4uCg=='<br />
</pre><br />
=> NOTHING !<br />
<br />
to be able to decode a base64 line without line feed that exceed 76 characters use -A option :<br />
<br />
<pre><br />
openssl base64 -d -A <<< 'V2VsY29tZSB0byBvcGVuc3NsIHdpa2kgd2l0aCBhIHZlcnkgbG9uZyBsaW5lIHRoYXQgc3BsaXRzLi4uCg=='<br />
Welcome to openssl wiki with a very long line that splits...<br />
</pre><br />
<br />
This is anyway better to actualy split base64 result in 64 characters lines since -A option is BUGGY ( limit with long files ).<br />
<br />
==== DER <-> PEM conversion ====<br />
<br />
on each command handling PEM and DER format an '''inform''' and '''outform''' options are provided to specify it.<br />
Then it is easy to read it in format and write it in another<br />
<br />
==== pkcs8 / pkcs5 ====<br />
<br />
pkcs8 is a format to store private keys.<br />
pkcs8 uses various pkcs5 version as subformat.<br />
<br />
<pre><br />
openssl pkcs8 --help<br />
Usage pkcs8 [options]<br />
where options are<br />
-in file input file<br />
-inform X input format (DER or PEM)<br />
-passin arg input file pass phrase source<br />
-outform X output format (DER or PEM)<br />
-out file output file<br />
-passout arg output file pass phrase source<br />
-topk8 output PKCS8 file<br />
-nooct use (nonstandard) no octet format<br />
-embed use (nonstandard) embedded DSA parameters format<br />
-nsdb use (nonstandard) DSA Netscape DB format<br />
-noiter use 1 as iteration count<br />
-nocrypt use or expect unencrypted private key<br />
-v2 alg use PKCS#5 v2.0 and cipher "alg"<br />
-v1 obj use PKCS#5 v1.5 and cipher "alg"<br />
-engine e use engine e, possibly a hardware device.<br />
</pre><br />
<br />
=== Diagnostics ===<br />
<br />
==== SSL/TLS session information ====<br />
<br />
<pre><br />
openssl sess_id --help<br />
unknown option --help<br />
usage: sess_id args<br />
<br />
-inform arg - input format - default PEM (DER or PEM)<br />
-outform arg - output format - default PEM<br />
-in arg - input file - default stdin<br />
-out arg - output file - default stdout<br />
-text - print ssl session id details<br />
-cert - output certificate <br />
-noout - no CRL output<br />
-context arg - set the session ID context<br />
</pre><br />
<br />
[[Category:Shell level]]</div>Bernardhhttps://wiki.openssl.org/index.php?title=Main_Page&diff=1882Main Page2014-08-23T22:46:22Z<p>Bernardh: </p>
<hr />
<div>If this is your first visit or to get an account please see the [[Welcome]] page. Your participation and [[Contributions]] are valued.<br />
<br />
This wiki is intended as a place for collecting, organizing, and refining useful information about OpenSSL that is currently strewn among multiple locations and formats.<br />
<br />
== OpenSSL Quick Links ==<br />
<br />
<TABLE border=0><br />
<TR><br />
<TD>[[OpenSSL Overview]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Compilation and Installation]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Internals]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Mailing Lists]] </TD><br />
</TR><br />
<TR><br />
<TD>[[libcrypto API]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[libssl API]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Examples]] </TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Documentation Index|Index of all API functions]]</TD><br />
</TR><br />
<TR><br />
<TD>[[License]] </TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Command Line Utilities]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Related Links]]</TD><br />
</TR><br />
</TABLE><br />
<br />
== Administrivia ==<br />
Site guidelines, legal and admininstrative issues.<br />
:* [[Basic rules]], [[Commercial Product Disclaimer]], [[Contributions]], [[Copyright]], [[License]]<br />
:* Using This Wiki<br />
:: [http://meta.wikimedia.org/wiki/Help:Contents Wiki User's Guide], [http://www.mediawiki.org/wiki/Manual:Configuration_settings Configuration settings list], [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ], [https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce MediaWiki Mailing List]<br />
<br />
== Reference ==<br />
This section contains the automagically generated man pages from the OpenSSL git repository, and similar "man" style reference documentation. The man pages are automatically imported from the OpenSSL git repository and local wiki modifications are submitted as patches.<br />
:* OpenSSL Manual Pages<br />
::* [[Manual:Openssl(1)]], [[Manual:Ssl(3)]], [[Manual:Crypto(3)]], [[Documentation Index]]<br />
:: If you wish to edit any of the Manual page content please refer to the [[Guidelines for Manual Page Authors]] page.<br />
:* [[API]], [[Libcrypto API]], [[Libssl API]]<br />
:* [[FIPS mode()]], [[FIPS_mode_set()]]<br />
<br />
== Usage and Programming ==<br />
This section has discussions of practical issues in using OpenSSL<br />
:* Building from Source<br />
:: Where to find it, the different versions, how to build and install it.<br />
:* [[OpenSSL Overview]]<br />
:* [[Versioning]]<br />
:* [[Compilation and Installation]]<br />
:* [[EVP]]<br />
:: Programming techniques and example code<br />
:: Use of EVP is preferred for most applications and circumstances<br />
::* [[EVP Asymmetric Encryption and Decryption of an Envelope]]<br />
::* [[EVP Authenticated Encryption and Decryption]]<br />
::* [[EVP Symmetric Encryption and Decryption]]<br />
::* [[EVP Key and Parameter Generation]]<br />
::* [[EVP Key Agreement]]<br />
::* [[EVP Message Digests]]<br />
::* [[EVP Key Derivation]]<br />
::* [[EVP Signing and Verifying|EVP Signing and Verifying (including MAC codes)]]<br />
:* [[STACK API]]<br />
:* Low Level APIs<br />
:: More specialized non-EVP usage<br />
::* [[Diffie-Hellman parameters]]<br />
:* [[FIPS Mode]]<br />
<br />
== Concepts and Theory ==<br />
Discussions of basic cryptographic theory and concepts<br />
Discussions of common operational issues<br />
:* [[Base64]]<br />
:* [http://wiki.openssl.org/index.php/Category:FIPS_140 FIPS 140-2]<br />
:* [[Random Numbers]]<br />
:* [[Diffie Hellman]]<br />
:* [[Elliptic Curve Diffie Hellman]]<br />
:* [[Elliptic Curve Cryptography]]<br />
<br />
== Security Advisories ==<br />
:* [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List]<br />
:* [[Security_Advisories|Security Advisories Additional Information]]<br />
<br />
== Feedback and Contributions ==<br />
:* [https://www.openssl.org/support/faq.html#BUILD18 Notification of suspected security vulnerabilities]<br />
:* [https://www.openssl.org/support/rt.html Contributing bug reports, other than for suspected vulnerabilities]<br />
:* [[Contributions|General background on source and documentation contributions - '''must read''']]<br />
:* Contributing code fixes, other than for suspected vulnerabilities, as well as fixes and other improvements to manual pages<br />
::* Follow the [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|instructions for accessing source code]] in the appropriate branches<br />
:::* Note that manual pages and the FAQ are maintained with the source code.<br />
::* If you are unsure as to whether a feature will be useful for the general OpenSSL community please discuss it on the [https://www.openssl.org/support/community.html openssl-dev mailing list] first. Someone may be already working on the same thing or there may be a good reason as to why that feature isn't implemented.<br />
::* Submit a pull request for each separate fix (also documented [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|there]])<br />
::* Submit a bug report for the issue and reference the pull request<br />
:* Contributing fixes and other improvements to the web site<br />
::* Follow the [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|instructions for accessing web site sources]]<br />
::* Create a patch (also documented [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|there]])<br />
::* Submit a bug report and add the patch as an attachment<br />
:* [[KnownPatches|Known patches not part of OpenSSL]]<br />
:* [[Welcome|Contributing to this wiki]]<br />
<br />
== Internals and Development ==<br />
This section is for internal details of primary interest to OpenSSL maintainers and power users<br />
:* [[Internals]]<br />
:* [[Code Quality]]<br />
:* [[Static and Dynamic Analysis]]<br />
:* [[OCB|OCB Licence details]]<br />
:* [[Defect and Feature Review Process]]<br />
:* [[Unit Testing]] (includes other automated testing information)</div>Bernardhhttps://wiki.openssl.org/index.php?title=Main_Page&diff=1881Main Page2014-08-23T22:43:10Z<p>Bernardh: /* OpenSSL Quick Links */</p>
<hr />
<div>If this is your first visit or to get an account please see the [[Welcome]] page. Your participation and [[Contributions]] are valued.<br />
<br />
This wiki is intended as a place for collecting, organizing, and refining useful information about OpenSSL that is currently strewn among multiple locations and formats.<br />
<br />
== OpenSSL Quick Links ==<br />
<br />
<TABLE border=0><br />
<TR><br />
<TD>[[OpenSSL Overview]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Compilation and Installation]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Internals]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Mailing Lists]] </TD><br />
</TR><br />
<TR><br />
<TD>[[libcrypto API]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[libssl API]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Examples]] </TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Index of all API functions]]</TD><br />
</TR><br />
<TR><br />
<TD>[[License]] </TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Command Line Utilities]]</TD><br />
<TD>[[Image:HTAB.png]][[Image:HTAB.png]]</TD><br />
<TD>[[Related Links]]</TD><br />
</TR><br />
</TABLE><br />
<br />
== Administrivia ==<br />
Site guidelines, legal and admininstrative issues.<br />
:* [[Basic rules]], [[Commercial Product Disclaimer]], [[Contributions]], [[Copyright]], [[License]]<br />
:* Using This Wiki<br />
:: [http://meta.wikimedia.org/wiki/Help:Contents Wiki User's Guide], [http://www.mediawiki.org/wiki/Manual:Configuration_settings Configuration settings list], [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ], [https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce MediaWiki Mailing List]<br />
<br />
== Reference ==<br />
This section contains the automagically generated man pages from the OpenSSL git repository, and similar "man" style reference documentation. The man pages are automatically imported from the OpenSSL git repository and local wiki modifications are submitted as patches.<br />
:* OpenSSL Manual Pages<br />
::* [[Manual:Openssl(1)]], [[Manual:Ssl(3)]], [[Manual:Crypto(3)]], [[Documentation Index]]<br />
:: If you wish to edit any of the Manual page content please refer to the [[Guidelines for Manual Page Authors]] page.<br />
:* [[API]], [[Libcrypto API]], [[Libssl API]]<br />
:* [[FIPS mode()]], [[FIPS_mode_set()]]<br />
<br />
== Usage and Programming ==<br />
This section has discussions of practical issues in using OpenSSL<br />
:* Building from Source<br />
:: Where to find it, the different versions, how to build and install it.<br />
:* [[OpenSSL Overview]]<br />
:* [[Versioning]]<br />
:* [[Compilation and Installation]]<br />
:* [[EVP]]<br />
:: Programming techniques and example code<br />
:: Use of EVP is preferred for most applications and circumstances<br />
::* [[EVP Asymmetric Encryption and Decryption of an Envelope]]<br />
::* [[EVP Authenticated Encryption and Decryption]]<br />
::* [[EVP Symmetric Encryption and Decryption]]<br />
::* [[EVP Key and Parameter Generation]]<br />
::* [[EVP Key Agreement]]<br />
::* [[EVP Message Digests]]<br />
::* [[EVP Key Derivation]]<br />
::* [[EVP Signing and Verifying|EVP Signing and Verifying (including MAC codes)]]<br />
:* [[STACK API]]<br />
:* Low Level APIs<br />
:: More specialized non-EVP usage<br />
::* [[Diffie-Hellman parameters]]<br />
:* [[FIPS Mode]]<br />
<br />
== Concepts and Theory ==<br />
Discussions of basic cryptographic theory and concepts<br />
Discussions of common operational issues<br />
:* [[Base64]]<br />
:* [http://wiki.openssl.org/index.php/Category:FIPS_140 FIPS 140-2]<br />
:* [[Random Numbers]]<br />
:* [[Diffie Hellman]]<br />
:* [[Elliptic Curve Diffie Hellman]]<br />
:* [[Elliptic Curve Cryptography]]<br />
<br />
== Security Advisories ==<br />
:* [https://www.openssl.org/news/vulnerabilities.html OpenSSL Vulnerabilities List]<br />
:* [[Security_Advisories|Security Advisories Additional Information]]<br />
<br />
== Feedback and Contributions ==<br />
:* [https://www.openssl.org/support/faq.html#BUILD18 Notification of suspected security vulnerabilities]<br />
:* [https://www.openssl.org/support/rt.html Contributing bug reports, other than for suspected vulnerabilities]<br />
:* [[Contributions|General background on source and documentation contributions - '''must read''']]<br />
:* Contributing code fixes, other than for suspected vulnerabilities, as well as fixes and other improvements to manual pages<br />
::* Follow the [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|instructions for accessing source code]] in the appropriate branches<br />
:::* Note that manual pages and the FAQ are maintained with the source code.<br />
::* If you are unsure as to whether a feature will be useful for the general OpenSSL community please discuss it on the [https://www.openssl.org/support/community.html openssl-dev mailing list] first. Someone may be already working on the same thing or there may be a good reason as to why that feature isn't implemented.<br />
::* Submit a pull request for each separate fix (also documented [[Use of Git#Use_of_Git_with_OpenSSL_source_tree|there]])<br />
::* Submit a bug report for the issue and reference the pull request<br />
:* Contributing fixes and other improvements to the web site<br />
::* Follow the [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|instructions for accessing web site sources]]<br />
::* Create a patch (also documented [[Use_of_Git#Use_of_Git_with_the_OpenSSL_web_site|there]])<br />
::* Submit a bug report and add the patch as an attachment<br />
:* [[KnownPatches|Known patches not part of OpenSSL]]<br />
:* [[Welcome|Contributing to this wiki]]<br />
<br />
== Internals and Development ==<br />
This section is for internal details of primary interest to OpenSSL maintainers and power users<br />
:* [[Internals]]<br />
:* [[Code Quality]]<br />
:* [[Static and Dynamic Analysis]]<br />
:* [[OCB|OCB Licence details]]<br />
:* [[Defect and Feature Review Process]]<br />
:* [[Unit Testing]] (includes other automated testing information)</div>Bernardhhttps://wiki.openssl.org/index.php?title=Libcrypto_API&diff=1879Libcrypto API2014-08-23T22:18:42Z<p>Bernardh: /* Getting Started */</p>
<hr />
<div>OpenSSL provides two primary libraries: [[Libssl API|libssl]] and libcrypto. The libcrypto library provides the fundamental cryptographic routines used by [[Libssl API|libssl]]. You can however use libcrypto without using [[Libssl API|libssl]].<br />
<br />
==Getting Started==<br />
<br />
In order to use libcrypto it must first (typically) be initialised:<br />
<br />
#include <openssl/conf.h><br />
#include <openssl/evp.h><br />
<br />
int main(int arc, char *argv[])<br />
{ <br />
/* Load the human readable error strings for libcrypto */<br />
ERR_load_crypto_strings();<br />
<br />
/* Load all digest and cipher algorithms */<br />
OpenSSL_add_all_algorithms();<br />
<br />
/* Load config file, and other important initialisation */<br />
OPENSSL_config(NULL);<br />
<br />
/* ... Do some crypto stuff here ... */<br />
<br />
/* Clean up */<br />
<br />
/* Removes all digests and ciphers */<br />
EVP_cleanup();<br />
<br />
/* if you omit the next, a small leak may be left when you make use of the BIO (low level API) for e.g. base64 transformations */<br />
CRYPTO_cleanup_all_ex_data();<br />
<br />
/* Remove error strings */<br />
ERR_free_strings();<br />
<br />
return 0;<br />
}<br />
<br />
==High Level and Low Level Interfaces==<br />
<br />
For most uses, users should use the high level interface that is provided for performing cryptographic operations. This is known as the [[EVP]] interface (short for Envelope). This interface provides a suite of functions for performing encryption/decryption (both symmetric and asymmetric), signing/verifying, as well as generating hashes and MAC codes, across the full range of OpenSSL supported algorithms and modes. Working with the high level interface means that a lot of the complexity of performing cryptographic operations is hidden from view. A single consistent API is provided. In the event that you need to change your code to use a different algorithm (for example), then this is a simple change when using the high level interface. In addition low level issues such as padding and encryption modes are all handled for you.<br />
<br />
Refer to [[EVP]] for further information on the high level interface.<br />
<br />
In addition to the high level interface, OpenSSL also provides low level interfaces for working directly with the individual algorithms. These low level interfaces are not recommended for the novice user, but provide a degree of control that may not be possible when using only the high level interface. Note that many low-level interfaces are not available if you are running in [[FIPS 140-2|FIPS]] mode.<br />
<br />
==Error Handling==<br />
<br />
Most OpenSSL functions will return an integer to indicate success or failure. Typically a function will return 1 on success or 0 on error. All return codes should be checked and handled as appropriate.<br />
<br />
It is common to see errors handled in a way similar to the following:<br />
<br />
if(1 != EVP_xxx()) goto err;<br />
if(1 != EVP_yyy()) goto err;<br />
<br />
/* ... do some stuff ... */<br />
<br />
err:<br />
ERR_print_errors_fp(stderr);<br />
<br />
Note that not all of the libcrypto functions return 0 for error and 1 for success. There '''are''' exceptions which can trip up the unwary. For example if you want to check a signature with some functions you get 1 if the signature is correct, 0 if it is not correct and -1 if something bad happened like a memory allocation failure. So if you do:<br />
<br />
<pre><br />
if (some_verify_function())<br />
/* signature successful */<br />
</pre><br />
<br />
and someone can induce the "something bad happened" condition you end up behaving as though a bad signature is good. This one cropped up in the library internals at one point and was fixed in a security release. Currently you should check the manual pages or the source to be sure.<br />
<br />
One way to avoid being bitten by this potential problem is to always use this idiom to check for errors when calling an OpenSSL function:<br />
<br />
<pre><br />
if (1 != some_openssl_function())<br />
/* handle error */<br />
</pre><br />
<br />
Refer to the [[Library Errors]] page for more information about OpenSSL errors.<br />
<br />
== Thread Safety ==<br />
<br />
OpenSSL currently is thread-NOT-safe by default. In order to make it thread-safe the caller has to provide various callbacks for locking, atomic integer addition, and thread ID determination (this last has reasonable defaults). This makes it difficult to use OpenSSL from multiple distinct objects in one multi-threaded process: one of them had better provide these callbacks, but only one of them should.<br />
<br />
Currently the only moderately safe way for libraries using OpenSSL to handle thread safety is to do the following as early as possible, possible in .init or DllMain:<br />
<br />
* Check if the locking callback has been set, then set it if not;<br />
* CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK), set the remaining callbacks (threadid, dynlock, and add_lock) if not already set, then CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);<br />
<br />
In the future we hope that OpenSSL will self-initialize thread-safely to use native threading where available.<br />
<br />
== Fork Safety ==<br />
: ''main article: [[Random fork-safety]]''<br />
<br />
OpenSSL library functions are generally not async-signal-safe, therefore:<br />
<br />
* do not call OpenSSL functions from signal handlers<br />
* do not call OpenSSL functions on the child-side of fork() (exec or _exit)<br />
* do not call OpenSSL functions from pthread_atfork() handlers (fork() itself is and must be and remain async-signal-safe)<br />
<br />
If you have an application for which using OpenSSL on the parent and child sides of fork() (without exec'ing) and it does not blow up naturally, then you should arrange to call RAND_poll() on the child-side of fork() before using any other RAND functions.<br />
<br />
== Further libcrypto information ==<br />
<br />
There are a number of other pages that cover specific aspects of working with libcrypto:<br />
* [[EVP|EVP High level interface for cryptographic operations]]<br />
* [[Cryptographic Algorithms]]<br />
* [[Random Numbers|Handling Random Numbers]]<br />
* [[BIO|Working with BIOs]]<br />
* [[Elliptic Curve Cryptography]]<br />
<br />
==See also==<br />
* [[Libssl API]]<br />
<br />
[[Category:crypto API]]<br />
[[Category:C level]]<br />
[[Category:Examples]]</div>Bernardhhttps://wiki.openssl.org/index.php?title=Compilation_and_Installation&diff=1866Compilation and Installation2014-08-11T11:47:38Z<p>Bernardh: /* W64 */</p>
<hr />
<div>== Retrieve source code ==<br />
<br />
The OpenSSL source code can be downloaded from [http://www.openssl.org/source/ www.openssl.org/source/] or any suitable [http://www.openssl.org/source/mirror.html ftp mirror]. There are various versions including stable as well as unstable versions. <br />
<br />
The source code is manged via Git, the repository is<br />
<br />
: git://git.openssl.org/openssl.git<br />
<br />
The source is also available via a [https://github.com/openssl/openssl GitHub] mirror. This repository is updated every 15 minutes.<br />
<br />
* [[Use_of_Git|Accessing OpenSSL source code via Git]]<br />
<br />
== Configuration ==<br />
<br />
OpenSSL is configured for a particular platform with protocol and behavior options using <tt>Configure</tt> and <tt>config</tt>.<br />
<br />
=== Configure & Config ===<br />
<br />
You use <tt>Configure</tt> and <tt>config</tt> to tune the compile and installation process through options and switches. The difference between is <tt>Configure</tt> properly handles the host-arch-compiler triplet, and <tt>config</tt> does not. <tt>config</tt> attempts to guess the triplet, so its a lot like autotool's <tt>config.guess</tt>.<br />
<br />
You can usually use <tt>config</tt> and it will do the right thing (from Ubuntu 13.04, x64):<br />
<br />
<pre>$ ./config <br />
Operating system: x86_64-whatever-linux2<br />
Configuring for linux-x86_64<br />
Configuring for linux-x86_64<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
Mac OSX is a problem (its often a neglected platform), and you will have to use <tt>Configure</tt>:<br />
<br />
<pre> ./Configure darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default]<br />
...</pre><br />
<br />
Running the same command with <tt>config</tt> results in:<br />
<br />
<pre>$ ./config darwin64-x86_64-cc<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
WARNING! If you wish to build 64-bit library, then you have to<br />
invoke './Configure darwin64-x86_64-cc' *manually*.<br />
You have about 5 seconds to press Ctrl-C to abort.<br />
Configuring for darwin-i386-cc<br />
target already defined - darwin-i386-cc (offending arg: darwin64-x86_64-cc)</pre><br />
<br />
You can also configure on Darwin by exporting <tt>KERNEL_BITS</tt>:<br />
<br />
<pre>$ export KERNEL_BITS=64<br />
$ ./config shared no-ssl2 enable-ec_nistp_64_gcc_128 --openssldir=/usr/local/ssl/macosx-x64/<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
Configuring for darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-psk [option] OPENSSL_NO_PSK (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-srp [option] OPENSSL_NO_SRP (skip dir)<br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
If you provide a option not known to configure or ask for help, then you get a brief help message:<br />
<br />
<pre>$ ./Configure --help<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]</pre><br />
<br />
And if you supply an unknown triplet: <br />
<br />
<pre>$ ./Configure darwin64-x86_64-clang<br />
Configuring for darwin64-x86_64-clang<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]<br />
<br />
pick os/compiler from:<br />
BC-32 BS2000-OSD BSD-generic32 BSD-generic64 BSD-ia64 BSD-sparc64 BSD-sparcv8 <br />
BSD-x86 BSD-x86-elf BSD-x86_64 Cygwin Cygwin-pre1.3 DJGPP MPE/iX-gcc OS2-EMX <br />
OS390-Unix QNX6 QNX6-i386 ReliantUNIX SINIX SINIX-N UWIN VC-CE VC-WIN32 <br />
VC-WIN64A VC-WIN64I aix-cc aix-gcc aix3-cc aix64-cc aix64-gcc android <br />
android-armv7 android-x86 aux3-gcc beos-x86-bone beos-x86-r5 bsdi-elf-gcc cc <br />
cray-j90 cray-t3e darwin-i386-cc darwin-ppc-cc darwin64-ppc-cc <br />
darwin64-x86_64-cc dgux-R3-gcc dgux-R4-gcc dgux-R4-x86-gcc dist gcc hpux-cc <br />
hpux-gcc hpux-ia64-cc hpux-ia64-gcc hpux-parisc-cc hpux-parisc-cc-o4 <br />
hpux-parisc-gcc hpux-parisc1_1-cc hpux-parisc1_1-gcc hpux-parisc2-cc <br />
hpux-parisc2-gcc hpux64-ia64-cc hpux64-ia64-gcc hpux64-parisc2-cc <br />
hpux64-parisc2-gcc hurd-x86 iphoneos-cross irix-cc irix-gcc irix-mips3-cc <br />
irix-mips3-gcc irix64-mips4-cc irix64-mips4-gcc linux-alpha+bwx-ccc <br />
linux-alpha+bwx-gcc linux-alpha-ccc linux-alpha-gcc linux-aout linux-armv4 <br />
linux-elf linux-generic32 linux-generic64 linux-ia32-icc linux-ia64 <br />
linux-ia64-ecc linux-ia64-icc linux-ppc linux-ppc64 linux-sparcv8 <br />
linux-sparcv9 linux-x86_64 linux32-s390x linux64-s390x linux64-sparcv9 mingw <br />
mingw64 ncr-scde netware-clib netware-clib-bsdsock netware-clib-bsdsock-gcc <br />
...<br />
<br />
NOTE: If in doubt, on Unix-ish systems use './config'.</pre><br />
<br />
Finally, to delete a configuration and start anew, run <tt>make dclean</tt>.<br />
<br />
=== Configure Options ===<br />
<br />
OpenSSL has been around a long time, and it carries around a lot of cruft. For example, from above, SSLv2 is enabled by default. SSLv2 is completely broken, and you should disable it during configuration. You can disable protocols and provide other options through <tt>Configure</tt> and <tt>config</tt>, and the following lists some of them.<br />
<br />
'''Note''': if you specify a non-existent option, then the configure scripts will proceed without warning. For example, if you inadvertently specify '''no-sslv2''' rather than '''no-ssl2''', the script will configure ''with'' SSLv2 and ''without'' warning for the unknown no-sslv2.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Library Options<br />
|-<br />
! scope="col" width="150px" | Option<br />
! scope="col" class="unsortable" | Description<br />
|-<br />
| --openssldir=XXX || The installation directory. If not specified, the library will be installed at <tt>/usr/local/ssl</tt>. Header will be located at <tt>/usr/local/ssl/include/openssl</tt>, and libraries located at <tt>/usr/local/ssl/lib</tt>.<br />
|-<br />
| shared || Build a shared object in addition to the static archive<br />
|-<br />
| enable-ec_nistp_64_gcc_128 || Use on x64 platforms when GCC supports <tt>__uint128_t</tt>. ECDH is about 2 to 4 times faster. Not enabled by default because <tt>Configure</tt> can't determine it.<br />
|-<br />
| no-ssl2 || Disables SSLv2<br />
|-<br />
| no-ssl3 || Disables SSLv3<br />
|-<br />
| no-comp || Disables compression independent of <tt>zlib</tt><br />
|-<br />
| no-idea || Disables IDEA algorithm. Unlike RC5 and MDC2, IDEA is enabled by default<br />
|-<br />
| no-asm || Disables assembly language routines (and uses C routines)<br />
|-<br />
| no-dtls || Disables DTLS (useful on mobile devices since carriers often block UDP)<br />
|-<br />
| no-shared || Disables shared objects (only a static library is created)<br />
|-<br />
| no-hw || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-engines || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-threads || Disables threading support<br />
|-<br />
| no-dso || Disables the OpenSSL DSO API (the library offers a shared object abstraction layer)<br />
|-<br />
| no-err || Removes all error function names and error reason text to reduce footprint<br />
|-<br />
| no-npn || Disables Next Protocol Negotiation (NPN)<br />
|-<br />
| no-psk || Disables Preshared Key (PSK). PSK provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-srp || Disables Secure Remote Password (SRP). SRP provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-ec2m || Used when configuring FIPS Capable Library with a FIPS Object Module that only includes prime curves. That is, use this switch if you use <tt>openssl-fips-ecp-2.0.5</tt>.<br />
|-<br />
| -DXXX || Defines XXX. For example, <tt>-DOPENSSL_NO_HEARTBEATS</tt>.<br />
|}<br />
<br />
After disabling an option, your configure output will look similar to below (notice the lack of SSLv2 and SSLv3 support).<br />
<br />
<pre>$ ./Configure darwin64-x86_64-cc no-ssl2 no-ssl3<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-ssl3 [option] OPENSSL_NO_SSL3 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
=== Compile Time Checking ===<br />
<br />
If you disable an option during configure, you can check if it's available through <tt>OPENSSL_NO_*</tt> defines. OpenSSL writes the configure options to <tt><openssl/opensslconf.h></tt>. For example, if you want to know if SSLv3 is available, then you would perform the following in your code:<br />
<br />
<pre>#include <openssl/opensslconf.h><br />
...<br />
<br />
#if !defined(OPENSSL_NO_SSL3)<br />
/* SSLv3 is available */<br />
#endif</pre><br />
<br />
=== Modifying Build Settings ===<br />
<br />
Sometimes you need to work around OpenSSL's selections for building the library. For example, you might want to use <tt>-Os</tt> for a mobile device (rather than <tt>-O3</tt>), or you might want to use the <tt>clang</tt> compiler (rather than <tt>gcc</tt>).<br />
<br />
In case like these, its often easier to modify <tt>Configure</tt> and <tt>Makefile.org</tt> rather than trying to add targets to the configure scripts. Below is a patch that modifies <tt>Configure</tt> and <tt>Makefile.org</tt> for use under the iOS 7.0 SDK (which lacks <tt>gcc</tt> in <tt>/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/</tt>):<br />
<br />
* Modifies <tt>Configure</tt> to use <tt>clang</tt><br />
* Modifies <tt>Makefile.org</tt> to use <tt>clang</tt><br />
* Modifies <tt>CFLAG</tt> to use <tt>-Os</tt><br />
* Modifies <tt>MAKEDEPPROG</tt> to use <tt>$(CC) -M</tt><br />
<br />
Setting and resetting of <tt>LANG</tt> is required on Mac OSX to work around a <tt>sed</tt> bug or limitation.<br />
<br />
<pre>OLD_LANG=$LANG<br />
unset LANG<br />
<br />
sed -i "" 's|\"iphoneos-cross\"\,\"llvm-gcc\:-O3|\"iphoneos-cross\"\,\"clang\:-Os|g' Configure<br />
sed -i "" 's/CC= cc/CC= clang/g' Makefile.org<br />
sed -i "" 's/CFLAG= -O/CFLAG= -Os/g' Makefile.org<br />
sed -i "" 's/MAKEDEPPROG=makedepend/MAKEDEPPROG=$(CC) -M/g' Makefile.org<br />
<br />
export LANG=$OLD_LANG</pre><br />
<br />
After modification, be sure to dclean and configure again so the new settings are picked up:<br />
<br />
<pre>make dclean<br />
<br />
./config<br />
make depend<br />
make all<br />
...</pre><br />
<br />
=== Fedora and Red Hat ===<br />
<br />
On Fedora and Red Hat systems, be sure to export <tt>CFLAGS="-fPIC"</tt> and explicitly specify <tt>shared</tt> to <tt>config</tt>. Failing to do so will result in static libraries only.That is, you will be missing the shared objects and engines. The commands would look similar to below.<br />
<br />
<pre>$ export CFLAGS="-fPIC"<br />
$ ./config shared no-ssl2 no-ssl3 --openssldir=/usr/local/ssl<br />
...<br />
$ make depend<br />
...<br />
$ make all<br />
...<br />
$ sudo -E make install</pre><br />
<br />
=== FIPS Capable Library ===<br />
<br />
If you want to use FIPS validated cryptography, you download, build and install the FIPS Object Module (<tt>openssl-fips-2.0.5.tar.gz</tt>) according to the [https://www.openssl.org/docs/fips/UserGuide-2.0.pdf FIPS User Guide 2.0] and [https://www.openssl.org/docs/fips/SecurityPolicy-2.0.pdf FIPS 140-2 Security Policy]. You then download, build and install the FIPS Capable Library (<tt>openssl-1.0.1e.tar.gz</tt>).<br />
<br />
When configuring the FIPS Capable Library, you must use <tt>fips</tt> as an option:<br />
<br />
<pre>./config fips <other options ...></pre><br />
<br />
If you are configuring the FIPS Capable Library with only prime curves (<tt>openssl-fips-ecp-2.0.5.tar.gz</tt>), then you must configure with <tt>no-ec2m</tt>:<br />
<br />
<pre>./config fips no-ec2m <other options ...></pre><br />
<br />
== Compilation ==<br />
<br />
Once you untar the source files (or fetched them from source control), its a good idea to look at README provided in it.<br />
<br />
cat README<br />
<br />
where you will understand that you have to read another file INSTALL :<br />
<br />
cat INSTALL <br />
<br />
Depending on your platform you will have to pick up the right INSTALL by example INSTALL.W64.<br />
Default is for Unix based systems.<br />
<br />
==== Quick ====<br />
<br />
<pre>./config <nowiki><options ...></nowiki><br />
make depend<br />
make<br />
make test<br />
make install</pre><br />
<br />
Various options can be found examining the <tt>Configure</tt> file (there is a well commented block at its top). OpenSSL ships with SSLv2, SSLv3 and Compression enabled by default (see <tt>my $disabled</tt>), so you might want to use <tt>no-ssl2</tt>, <tt>no-ssl3</tt>, and <tt>no-comp</tt>.<br />
<br />
== Platfom specific ==<br />
<br />
=== Linux ===<br />
<br />
==== Intel ====<br />
<br />
==== ARM ====<br />
<br />
=== Windows ===<br />
3noch wrote a VERY good guide [http://developer.covenanteyes.com/building-openssl-for-visual-studio/ here].<br />
Like he said in his article, make absolutely sure to create separate directories for 32 and 64 bit versions.<br />
<br />
==== W32 / Windows NT - Windows 9x ====<br />
<br />
type INSTALL.W32<br />
<br />
* you need Perl for Win32. Unless you will build on Cygwin, you will need ActiveState Perl, available from http://www.activestate.com/ActivePerl.<br />
* one of the following C compilers:<br />
** Visual C++<br />
** Borland C<br />
** GNU C (Cygwin or MinGW)<br />
* Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/ is required if you intend to utilize assembler modules. Note that NASM is now the only supported assembler.<br />
<br />
==== W64 ====<br />
<br />
Read first the INSTALL.W64 documentation note containing some specific 64bits information.<br />
See also INSTALL.W32 that still provides additonnal build information common to both the 64 and 32 bit versions.<br />
<br />
You may be surprised: the 64bit artefacts are indeed output in the out32* sub-directories and bear names ending *32.dll. Fact is the 64 bit compile target is so far an incremental change over the legacy 32bit windows target. Numerous compile flags are still labelled "32" although those do apply to both 32 and 64bit targets.<br />
<br />
The important pre-requisites are to have PERL available (for essential file processing so as to prepare sources and scripts for the target OS) and of course a C compiler like Microsoft Visual Studio for C/C++.<br />
<br />
Using MS Visual Studio:<br />
# launch a Visual Studio tool x64 Cross Tools Command prompt<br />
# change to the directory where you have copied openssl sources <code>cd c:\myPath\openssl</code><br />
# configure for the target OS with the command <code>perl Configure VC-WIN64A</code>. You may also be interested to set more configuration options as documented in the general INSTALL note (for UNIX targets). For instance: <code>perl Configure no-asm VC-WIN64A</code>.<br />
# prepare the target environment with the command: <code>ms\do_win64a</code><br />
# ensure you start afresh and notably without linkable products from a previous 32bit compile (as 32 and 64 bits compiling still share common directories) with the command: <code>nmake -f ms\ntdll.mak clean</code> for the DLL target and <code>nmake -f ms\nt.mak clean</code> for static libraries.<br />
# build the code with: <code>nmake -f ms\ntdll.mak</code> (respectively <code>nmake -f ms\nt.mak</code> )<br />
# the artefacts will be found in sub directories out32dll and out32dll.dbg (respectively out32 and out32.dbg for static libraries). The libcrypto and ssl libraries are still named libeay32.lib and ssleay32.lib, and associated includes in inc32 ! You may check this is true 64bit code using the Visual Studio tool 'dumbin'. For instance <code>dumpbin /headers out32dll/libeay32.lib | more</code>, and look at the FILE HEADER section.<br />
# test the code using the various *test.exe programs in out32dll. Use the 'test' make target to run all tests as in <code>nmake -f ms\ntdll.mak test</code><br />
# we recommend that you move/copy needed includes and libraries from the "32" directories under a new explicit directory tree for 64bit applications from where you will import and link your target applications, similar to that explained in INSTALL.W32.<br />
<br />
==== Windows CE ====<br />
<br />
=== Mac ===<br />
<br />
=== iOS ===<br />
<br />
=== Android ===<br />
<br />
Visit [[Android]] and [[FIPS Library and Android]].<br />
<br />
=== More ===<br />
<br />
==== VAX/VMS ====<br />
<br />
I you wonder what are files ending with .com like test/testca.com those are VAX/VMX scripts.<br />
This code is still maintained.<br />
<br />
==== OS/2 ====<br />
<br />
==== NetWare ====<br />
5.x 6.x<br />
<br />
==== HP-UX ====<br />
[[HP-UX Itanium FIPS and OpenSSL build]]<br />
<br />
[[Category:Shell level]]<br />
[[Category:Installation]]<br />
[[Category:Compilation]]</div>Bernardhhttps://wiki.openssl.org/index.php?title=Compilation_and_Installation&diff=1865Compilation and Installation2014-08-11T10:37:49Z<p>Bernardh: /* W64 */</p>
<hr />
<div>== Retrieve source code ==<br />
<br />
The OpenSSL source code can be downloaded from [http://www.openssl.org/source/ www.openssl.org/source/] or any suitable [http://www.openssl.org/source/mirror.html ftp mirror]. There are various versions including stable as well as unstable versions. <br />
<br />
The source code is manged via Git, the repository is<br />
<br />
: git://git.openssl.org/openssl.git<br />
<br />
The source is also available via a [https://github.com/openssl/openssl GitHub] mirror. This repository is updated every 15 minutes.<br />
<br />
* [[Use_of_Git|Accessing OpenSSL source code via Git]]<br />
<br />
== Configuration ==<br />
<br />
OpenSSL is configured for a particular platform with protocol and behavior options using <tt>Configure</tt> and <tt>config</tt>.<br />
<br />
=== Configure & Config ===<br />
<br />
You use <tt>Configure</tt> and <tt>config</tt> to tune the compile and installation process through options and switches. The difference between is <tt>Configure</tt> properly handles the host-arch-compiler triplet, and <tt>config</tt> does not. <tt>config</tt> attempts to guess the triplet, so its a lot like autotool's <tt>config.guess</tt>.<br />
<br />
You can usually use <tt>config</tt> and it will do the right thing (from Ubuntu 13.04, x64):<br />
<br />
<pre>$ ./config <br />
Operating system: x86_64-whatever-linux2<br />
Configuring for linux-x86_64<br />
Configuring for linux-x86_64<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
Mac OSX is a problem (its often a neglected platform), and you will have to use <tt>Configure</tt>:<br />
<br />
<pre> ./Configure darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default]<br />
...</pre><br />
<br />
Running the same command with <tt>config</tt> results in:<br />
<br />
<pre>$ ./config darwin64-x86_64-cc<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
WARNING! If you wish to build 64-bit library, then you have to<br />
invoke './Configure darwin64-x86_64-cc' *manually*.<br />
You have about 5 seconds to press Ctrl-C to abort.<br />
Configuring for darwin-i386-cc<br />
target already defined - darwin-i386-cc (offending arg: darwin64-x86_64-cc)</pre><br />
<br />
You can also configure on Darwin by exporting <tt>KERNEL_BITS</tt>:<br />
<br />
<pre>$ export KERNEL_BITS=64<br />
$ ./config shared no-ssl2 enable-ec_nistp_64_gcc_128 --openssldir=/usr/local/ssl/macosx-x64/<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
Configuring for darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-psk [option] OPENSSL_NO_PSK (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-srp [option] OPENSSL_NO_SRP (skip dir)<br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
If you provide a option not known to configure or ask for help, then you get a brief help message:<br />
<br />
<pre>$ ./Configure --help<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]</pre><br />
<br />
And if you supply an unknown triplet: <br />
<br />
<pre>$ ./Configure darwin64-x86_64-clang<br />
Configuring for darwin64-x86_64-clang<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]<br />
<br />
pick os/compiler from:<br />
BC-32 BS2000-OSD BSD-generic32 BSD-generic64 BSD-ia64 BSD-sparc64 BSD-sparcv8 <br />
BSD-x86 BSD-x86-elf BSD-x86_64 Cygwin Cygwin-pre1.3 DJGPP MPE/iX-gcc OS2-EMX <br />
OS390-Unix QNX6 QNX6-i386 ReliantUNIX SINIX SINIX-N UWIN VC-CE VC-WIN32 <br />
VC-WIN64A VC-WIN64I aix-cc aix-gcc aix3-cc aix64-cc aix64-gcc android <br />
android-armv7 android-x86 aux3-gcc beos-x86-bone beos-x86-r5 bsdi-elf-gcc cc <br />
cray-j90 cray-t3e darwin-i386-cc darwin-ppc-cc darwin64-ppc-cc <br />
darwin64-x86_64-cc dgux-R3-gcc dgux-R4-gcc dgux-R4-x86-gcc dist gcc hpux-cc <br />
hpux-gcc hpux-ia64-cc hpux-ia64-gcc hpux-parisc-cc hpux-parisc-cc-o4 <br />
hpux-parisc-gcc hpux-parisc1_1-cc hpux-parisc1_1-gcc hpux-parisc2-cc <br />
hpux-parisc2-gcc hpux64-ia64-cc hpux64-ia64-gcc hpux64-parisc2-cc <br />
hpux64-parisc2-gcc hurd-x86 iphoneos-cross irix-cc irix-gcc irix-mips3-cc <br />
irix-mips3-gcc irix64-mips4-cc irix64-mips4-gcc linux-alpha+bwx-ccc <br />
linux-alpha+bwx-gcc linux-alpha-ccc linux-alpha-gcc linux-aout linux-armv4 <br />
linux-elf linux-generic32 linux-generic64 linux-ia32-icc linux-ia64 <br />
linux-ia64-ecc linux-ia64-icc linux-ppc linux-ppc64 linux-sparcv8 <br />
linux-sparcv9 linux-x86_64 linux32-s390x linux64-s390x linux64-sparcv9 mingw <br />
mingw64 ncr-scde netware-clib netware-clib-bsdsock netware-clib-bsdsock-gcc <br />
...<br />
<br />
NOTE: If in doubt, on Unix-ish systems use './config'.</pre><br />
<br />
Finally, to delete a configuration and start anew, run <tt>make dclean</tt>.<br />
<br />
=== Configure Options ===<br />
<br />
OpenSSL has been around a long time, and it carries around a lot of cruft. For example, from above, SSLv2 is enabled by default. SSLv2 is completely broken, and you should disable it during configuration. You can disable protocols and provide other options through <tt>Configure</tt> and <tt>config</tt>, and the following lists some of them.<br />
<br />
'''Note''': if you specify a non-existent option, then the configure scripts will proceed without warning. For example, if you inadvertently specify '''no-sslv2''' rather than '''no-ssl2''', the script will configure ''with'' SSLv2 and ''without'' warning for the unknown no-sslv2.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Library Options<br />
|-<br />
! scope="col" width="150px" | Option<br />
! scope="col" class="unsortable" | Description<br />
|-<br />
| --openssldir=XXX || The installation directory. If not specified, the library will be installed at <tt>/usr/local/ssl</tt>. Header will be located at <tt>/usr/local/ssl/include/openssl</tt>, and libraries located at <tt>/usr/local/ssl/lib</tt>.<br />
|-<br />
| shared || Build a shared object in addition to the static archive<br />
|-<br />
| enable-ec_nistp_64_gcc_128 || Use on x64 platforms when GCC supports <tt>__uint128_t</tt>. ECDH is about 2 to 4 times faster. Not enabled by default because <tt>Configure</tt> can't determine it.<br />
|-<br />
| no-ssl2 || Disables SSLv2<br />
|-<br />
| no-ssl3 || Disables SSLv3<br />
|-<br />
| no-comp || Disables compression independent of <tt>zlib</tt><br />
|-<br />
| no-idea || Disables IDEA algorithm. Unlike RC5 and MDC2, IDEA is enabled by default<br />
|-<br />
| no-asm || Disables assembly language routines (and uses C routines)<br />
|-<br />
| no-dtls || Disables DTLS (useful on mobile devices since carriers often block UDP)<br />
|-<br />
| no-shared || Disables shared objects (only a static library is created)<br />
|-<br />
| no-hw || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-engines || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-threads || Disables threading support<br />
|-<br />
| no-dso || Disables the OpenSSL DSO API (the library offers a shared object abstraction layer)<br />
|-<br />
| no-err || Removes all error function names and error reason text to reduce footprint<br />
|-<br />
| no-npn || Disables Next Protocol Negotiation (NPN)<br />
|-<br />
| no-psk || Disables Preshared Key (PSK). PSK provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-srp || Disables Secure Remote Password (SRP). SRP provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-ec2m || Used when configuring FIPS Capable Library with a FIPS Object Module that only includes prime curves. That is, use this switch if you use <tt>openssl-fips-ecp-2.0.5</tt>.<br />
|-<br />
| -DXXX || Defines XXX. For example, <tt>-DOPENSSL_NO_HEARTBEATS</tt>.<br />
|}<br />
<br />
After disabling an option, your configure output will look similar to below (notice the lack of SSLv2 and SSLv3 support).<br />
<br />
<pre>$ ./Configure darwin64-x86_64-cc no-ssl2 no-ssl3<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-ssl3 [option] OPENSSL_NO_SSL3 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
=== Compile Time Checking ===<br />
<br />
If you disable an option during configure, you can check if it's available through <tt>OPENSSL_NO_*</tt> defines. OpenSSL writes the configure options to <tt><openssl/opensslconf.h></tt>. For example, if you want to know if SSLv3 is available, then you would perform the following in your code:<br />
<br />
<pre>#include <openssl/opensslconf.h><br />
...<br />
<br />
#if !defined(OPENSSL_NO_SSL3)<br />
/* SSLv3 is available */<br />
#endif</pre><br />
<br />
=== Modifying Build Settings ===<br />
<br />
Sometimes you need to work around OpenSSL's selections for building the library. For example, you might want to use <tt>-Os</tt> for a mobile device (rather than <tt>-O3</tt>), or you might want to use the <tt>clang</tt> compiler (rather than <tt>gcc</tt>).<br />
<br />
In case like these, its often easier to modify <tt>Configure</tt> and <tt>Makefile.org</tt> rather than trying to add targets to the configure scripts. Below is a patch that modifies <tt>Configure</tt> and <tt>Makefile.org</tt> for use under the iOS 7.0 SDK (which lacks <tt>gcc</tt> in <tt>/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/</tt>):<br />
<br />
* Modifies <tt>Configure</tt> to use <tt>clang</tt><br />
* Modifies <tt>Makefile.org</tt> to use <tt>clang</tt><br />
* Modifies <tt>CFLAG</tt> to use <tt>-Os</tt><br />
* Modifies <tt>MAKEDEPPROG</tt> to use <tt>$(CC) -M</tt><br />
<br />
Setting and resetting of <tt>LANG</tt> is required on Mac OSX to work around a <tt>sed</tt> bug or limitation.<br />
<br />
<pre>OLD_LANG=$LANG<br />
unset LANG<br />
<br />
sed -i "" 's|\"iphoneos-cross\"\,\"llvm-gcc\:-O3|\"iphoneos-cross\"\,\"clang\:-Os|g' Configure<br />
sed -i "" 's/CC= cc/CC= clang/g' Makefile.org<br />
sed -i "" 's/CFLAG= -O/CFLAG= -Os/g' Makefile.org<br />
sed -i "" 's/MAKEDEPPROG=makedepend/MAKEDEPPROG=$(CC) -M/g' Makefile.org<br />
<br />
export LANG=$OLD_LANG</pre><br />
<br />
After modification, be sure to dclean and configure again so the new settings are picked up:<br />
<br />
<pre>make dclean<br />
<br />
./config<br />
make depend<br />
make all<br />
...</pre><br />
<br />
=== Fedora and Red Hat ===<br />
<br />
On Fedora and Red Hat systems, be sure to export <tt>CFLAGS="-fPIC"</tt> and explicitly specify <tt>shared</tt> to <tt>config</tt>. Failing to do so will result in static libraries only.That is, you will be missing the shared objects and engines. The commands would look similar to below.<br />
<br />
<pre>$ export CFLAGS="-fPIC"<br />
$ ./config shared no-ssl2 no-ssl3 --openssldir=/usr/local/ssl<br />
...<br />
$ make depend<br />
...<br />
$ make all<br />
...<br />
$ sudo -E make install</pre><br />
<br />
=== FIPS Capable Library ===<br />
<br />
If you want to use FIPS validated cryptography, you download, build and install the FIPS Object Module (<tt>openssl-fips-2.0.5.tar.gz</tt>) according to the [https://www.openssl.org/docs/fips/UserGuide-2.0.pdf FIPS User Guide 2.0] and [https://www.openssl.org/docs/fips/SecurityPolicy-2.0.pdf FIPS 140-2 Security Policy]. You then download, build and install the FIPS Capable Library (<tt>openssl-1.0.1e.tar.gz</tt>).<br />
<br />
When configuring the FIPS Capable Library, you must use <tt>fips</tt> as an option:<br />
<br />
<pre>./config fips <other options ...></pre><br />
<br />
If you are configuring the FIPS Capable Library with only prime curves (<tt>openssl-fips-ecp-2.0.5.tar.gz</tt>), then you must configure with <tt>no-ec2m</tt>:<br />
<br />
<pre>./config fips no-ec2m <other options ...></pre><br />
<br />
== Compilation ==<br />
<br />
Once you untar the source files (or fetched them from source control), its a good idea to look at README provided in it.<br />
<br />
cat README<br />
<br />
where you will understand that you have to read another file INSTALL :<br />
<br />
cat INSTALL <br />
<br />
Depending on your platform you will have to pick up the right INSTALL by example INSTALL.W64.<br />
Default is for Unix based systems.<br />
<br />
==== Quick ====<br />
<br />
<pre>./config <nowiki><options ...></nowiki><br />
make depend<br />
make<br />
make test<br />
make install</pre><br />
<br />
Various options can be found examining the <tt>Configure</tt> file (there is a well commented block at its top). OpenSSL ships with SSLv2, SSLv3 and Compression enabled by default (see <tt>my $disabled</tt>), so you might want to use <tt>no-ssl2</tt>, <tt>no-ssl3</tt>, and <tt>no-comp</tt>.<br />
<br />
== Platfom specific ==<br />
<br />
=== Linux ===<br />
<br />
==== Intel ====<br />
<br />
==== ARM ====<br />
<br />
=== Windows ===<br />
3noch wrote a VERY good guide [http://developer.covenanteyes.com/building-openssl-for-visual-studio/ here].<br />
Like he said in his article, make absolutely sure to create separate directories for 32 and 64 bit versions.<br />
<br />
==== W32 / Windows NT - Windows 9x ====<br />
<br />
type INSTALL.W32<br />
<br />
* you need Perl for Win32. Unless you will build on Cygwin, you will need ActiveState Perl, available from http://www.activestate.com/ActivePerl.<br />
* one of the following C compilers:<br />
** Visual C++<br />
** Borland C<br />
** GNU C (Cygwin or MinGW)<br />
* Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/ is required if you intend to utilize assembler modules. Note that NASM is now the only supported assembler.<br />
<br />
==== W64 ====<br />
<br />
Read first the INSTALL.W64 documentation note containing some specific 64bits information.<br />
See also INSTALL.W32 that still provides additonnal build information common to both the 64 and 32 bit versions.<br />
<br />
You may be surprised: the 64bit artefacts are indeed output in the out32* sub-directories and bear names ending *32.dll. Fact is the 64 bit compile target is so far an incremental change over the legacy 32bit windows target. Numerous compile flags are still labelled "32" although those do apply to both 32 and 64bit targets.<br />
<br />
The important pre-requisites are to have PERL available (for essential file processing so as to prepare sources and scripts for the target OS) and of course a C compiler like Microsoft Visual Studio for C/C++.<br />
<br />
Using MS Visual Studio:<br />
# launch a Visual Studio tool x64 Cross Tools Command prompt<br />
# change to the directory where you have copied openssl sources <code>cd c:\myPath\openssl</code><br />
# configure for the target OS with the command <code>perl Configure VC-WIN64A</code>. You may also be interested to set more configuration options as documented in the general INSTALL note (for UNIX targets). For instance: <code>perl Configure no-asm VC-WIN64A</code>.<br />
# prepare the target environment with the command: <code>ms\do_win64a</code><br />
# ensure you start afresh and notably without linkable products from a previous 32bit compile (as 32 and 64 bits compiling still share common directories) with the command: <code>nmake -f ms\ntdll.mak clean</code> for the DLL target and <code>nmake -f ms\nt.mak clean</code> for static libraries.<br />
# build the code with: <code>nmake -f ms\ntdll.mak</code> (respectively <code>nmake -f ms\nt.mak</code> )<br />
# the artefacts will be found in sub directories out32dll and out32dll.dbg (respectively out32 and out32.dbg for static libraries). The libcrypto and ssl libraries are still named libeay32.lib and ssleay32.lib, and associated includes in inc32 ! You may check this is true 64bit code using the Visual Studio tool 'dumbin'. For instance <code>dumpbin /headers out32dll/libeay32.lib | more</code>, and look at the FILE HEADER section.<br />
# test the code using the various *test.exe programs in out32dll. Use the 'test' make target to run all tests as in <code>nmake -f ms\ntdll.mak test</code><br />
# we recommend that you move/copy needed includes and libraries under the "32" directories under a new explicit directory tree for 64bit applications from where you will import and link your target applications, similar to that explained in INSTALL.W32.<br />
<br />
==== Windows CE ====<br />
<br />
=== Mac ===<br />
<br />
=== iOS ===<br />
<br />
=== Android ===<br />
<br />
Visit [[Android]] and [[FIPS Library and Android]].<br />
<br />
=== More ===<br />
<br />
==== VAX/VMS ====<br />
<br />
I you wonder what are files ending with .com like test/testca.com those are VAX/VMX scripts.<br />
This code is still maintained.<br />
<br />
==== OS/2 ====<br />
<br />
==== NetWare ====<br />
5.x 6.x<br />
<br />
==== HP-UX ====<br />
[[HP-UX Itanium FIPS and OpenSSL build]]<br />
<br />
[[Category:Shell level]]<br />
[[Category:Installation]]<br />
[[Category:Compilation]]</div>Bernardhhttps://wiki.openssl.org/index.php?title=Compilation_and_Installation&diff=1864Compilation and Installation2014-08-11T10:28:05Z<p>Bernardh: /* W64 */</p>
<hr />
<div>== Retrieve source code ==<br />
<br />
The OpenSSL source code can be downloaded from [http://www.openssl.org/source/ www.openssl.org/source/] or any suitable [http://www.openssl.org/source/mirror.html ftp mirror]. There are various versions including stable as well as unstable versions. <br />
<br />
The source code is manged via Git, the repository is<br />
<br />
: git://git.openssl.org/openssl.git<br />
<br />
The source is also available via a [https://github.com/openssl/openssl GitHub] mirror. This repository is updated every 15 minutes.<br />
<br />
* [[Use_of_Git|Accessing OpenSSL source code via Git]]<br />
<br />
== Configuration ==<br />
<br />
OpenSSL is configured for a particular platform with protocol and behavior options using <tt>Configure</tt> and <tt>config</tt>.<br />
<br />
=== Configure & Config ===<br />
<br />
You use <tt>Configure</tt> and <tt>config</tt> to tune the compile and installation process through options and switches. The difference between is <tt>Configure</tt> properly handles the host-arch-compiler triplet, and <tt>config</tt> does not. <tt>config</tt> attempts to guess the triplet, so its a lot like autotool's <tt>config.guess</tt>.<br />
<br />
You can usually use <tt>config</tt> and it will do the right thing (from Ubuntu 13.04, x64):<br />
<br />
<pre>$ ./config <br />
Operating system: x86_64-whatever-linux2<br />
Configuring for linux-x86_64<br />
Configuring for linux-x86_64<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
Mac OSX is a problem (its often a neglected platform), and you will have to use <tt>Configure</tt>:<br />
<br />
<pre> ./Configure darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default]<br />
...</pre><br />
<br />
Running the same command with <tt>config</tt> results in:<br />
<br />
<pre>$ ./config darwin64-x86_64-cc<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
WARNING! If you wish to build 64-bit library, then you have to<br />
invoke './Configure darwin64-x86_64-cc' *manually*.<br />
You have about 5 seconds to press Ctrl-C to abort.<br />
Configuring for darwin-i386-cc<br />
target already defined - darwin-i386-cc (offending arg: darwin64-x86_64-cc)</pre><br />
<br />
You can also configure on Darwin by exporting <tt>KERNEL_BITS</tt>:<br />
<br />
<pre>$ export KERNEL_BITS=64<br />
$ ./config shared no-ssl2 enable-ec_nistp_64_gcc_128 --openssldir=/usr/local/ssl/macosx-x64/<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
Configuring for darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-psk [option] OPENSSL_NO_PSK (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-srp [option] OPENSSL_NO_SRP (skip dir)<br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
If you provide a option not known to configure or ask for help, then you get a brief help message:<br />
<br />
<pre>$ ./Configure --help<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]</pre><br />
<br />
And if you supply an unknown triplet: <br />
<br />
<pre>$ ./Configure darwin64-x86_64-clang<br />
Configuring for darwin64-x86_64-clang<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]<br />
<br />
pick os/compiler from:<br />
BC-32 BS2000-OSD BSD-generic32 BSD-generic64 BSD-ia64 BSD-sparc64 BSD-sparcv8 <br />
BSD-x86 BSD-x86-elf BSD-x86_64 Cygwin Cygwin-pre1.3 DJGPP MPE/iX-gcc OS2-EMX <br />
OS390-Unix QNX6 QNX6-i386 ReliantUNIX SINIX SINIX-N UWIN VC-CE VC-WIN32 <br />
VC-WIN64A VC-WIN64I aix-cc aix-gcc aix3-cc aix64-cc aix64-gcc android <br />
android-armv7 android-x86 aux3-gcc beos-x86-bone beos-x86-r5 bsdi-elf-gcc cc <br />
cray-j90 cray-t3e darwin-i386-cc darwin-ppc-cc darwin64-ppc-cc <br />
darwin64-x86_64-cc dgux-R3-gcc dgux-R4-gcc dgux-R4-x86-gcc dist gcc hpux-cc <br />
hpux-gcc hpux-ia64-cc hpux-ia64-gcc hpux-parisc-cc hpux-parisc-cc-o4 <br />
hpux-parisc-gcc hpux-parisc1_1-cc hpux-parisc1_1-gcc hpux-parisc2-cc <br />
hpux-parisc2-gcc hpux64-ia64-cc hpux64-ia64-gcc hpux64-parisc2-cc <br />
hpux64-parisc2-gcc hurd-x86 iphoneos-cross irix-cc irix-gcc irix-mips3-cc <br />
irix-mips3-gcc irix64-mips4-cc irix64-mips4-gcc linux-alpha+bwx-ccc <br />
linux-alpha+bwx-gcc linux-alpha-ccc linux-alpha-gcc linux-aout linux-armv4 <br />
linux-elf linux-generic32 linux-generic64 linux-ia32-icc linux-ia64 <br />
linux-ia64-ecc linux-ia64-icc linux-ppc linux-ppc64 linux-sparcv8 <br />
linux-sparcv9 linux-x86_64 linux32-s390x linux64-s390x linux64-sparcv9 mingw <br />
mingw64 ncr-scde netware-clib netware-clib-bsdsock netware-clib-bsdsock-gcc <br />
...<br />
<br />
NOTE: If in doubt, on Unix-ish systems use './config'.</pre><br />
<br />
Finally, to delete a configuration and start anew, run <tt>make dclean</tt>.<br />
<br />
=== Configure Options ===<br />
<br />
OpenSSL has been around a long time, and it carries around a lot of cruft. For example, from above, SSLv2 is enabled by default. SSLv2 is completely broken, and you should disable it during configuration. You can disable protocols and provide other options through <tt>Configure</tt> and <tt>config</tt>, and the following lists some of them.<br />
<br />
'''Note''': if you specify a non-existent option, then the configure scripts will proceed without warning. For example, if you inadvertently specify '''no-sslv2''' rather than '''no-ssl2''', the script will configure ''with'' SSLv2 and ''without'' warning for the unknown no-sslv2.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Library Options<br />
|-<br />
! scope="col" width="150px" | Option<br />
! scope="col" class="unsortable" | Description<br />
|-<br />
| --openssldir=XXX || The installation directory. If not specified, the library will be installed at <tt>/usr/local/ssl</tt>. Header will be located at <tt>/usr/local/ssl/include/openssl</tt>, and libraries located at <tt>/usr/local/ssl/lib</tt>.<br />
|-<br />
| shared || Build a shared object in addition to the static archive<br />
|-<br />
| enable-ec_nistp_64_gcc_128 || Use on x64 platforms when GCC supports <tt>__uint128_t</tt>. ECDH is about 2 to 4 times faster. Not enabled by default because <tt>Configure</tt> can't determine it.<br />
|-<br />
| no-ssl2 || Disables SSLv2<br />
|-<br />
| no-ssl3 || Disables SSLv3<br />
|-<br />
| no-comp || Disables compression independent of <tt>zlib</tt><br />
|-<br />
| no-idea || Disables IDEA algorithm. Unlike RC5 and MDC2, IDEA is enabled by default<br />
|-<br />
| no-asm || Disables assembly language routines (and uses C routines)<br />
|-<br />
| no-dtls || Disables DTLS (useful on mobile devices since carriers often block UDP)<br />
|-<br />
| no-shared || Disables shared objects (only a static library is created)<br />
|-<br />
| no-hw || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-engines || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-threads || Disables threading support<br />
|-<br />
| no-dso || Disables the OpenSSL DSO API (the library offers a shared object abstraction layer)<br />
|-<br />
| no-err || Removes all error function names and error reason text to reduce footprint<br />
|-<br />
| no-npn || Disables Next Protocol Negotiation (NPN)<br />
|-<br />
| no-psk || Disables Preshared Key (PSK). PSK provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-srp || Disables Secure Remote Password (SRP). SRP provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-ec2m || Used when configuring FIPS Capable Library with a FIPS Object Module that only includes prime curves. That is, use this switch if you use <tt>openssl-fips-ecp-2.0.5</tt>.<br />
|-<br />
| -DXXX || Defines XXX. For example, <tt>-DOPENSSL_NO_HEARTBEATS</tt>.<br />
|}<br />
<br />
After disabling an option, your configure output will look similar to below (notice the lack of SSLv2 and SSLv3 support).<br />
<br />
<pre>$ ./Configure darwin64-x86_64-cc no-ssl2 no-ssl3<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-ssl3 [option] OPENSSL_NO_SSL3 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
=== Compile Time Checking ===<br />
<br />
If you disable an option during configure, you can check if it's available through <tt>OPENSSL_NO_*</tt> defines. OpenSSL writes the configure options to <tt><openssl/opensslconf.h></tt>. For example, if you want to know if SSLv3 is available, then you would perform the following in your code:<br />
<br />
<pre>#include <openssl/opensslconf.h><br />
...<br />
<br />
#if !defined(OPENSSL_NO_SSL3)<br />
/* SSLv3 is available */<br />
#endif</pre><br />
<br />
=== Modifying Build Settings ===<br />
<br />
Sometimes you need to work around OpenSSL's selections for building the library. For example, you might want to use <tt>-Os</tt> for a mobile device (rather than <tt>-O3</tt>), or you might want to use the <tt>clang</tt> compiler (rather than <tt>gcc</tt>).<br />
<br />
In case like these, its often easier to modify <tt>Configure</tt> and <tt>Makefile.org</tt> rather than trying to add targets to the configure scripts. Below is a patch that modifies <tt>Configure</tt> and <tt>Makefile.org</tt> for use under the iOS 7.0 SDK (which lacks <tt>gcc</tt> in <tt>/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/</tt>):<br />
<br />
* Modifies <tt>Configure</tt> to use <tt>clang</tt><br />
* Modifies <tt>Makefile.org</tt> to use <tt>clang</tt><br />
* Modifies <tt>CFLAG</tt> to use <tt>-Os</tt><br />
* Modifies <tt>MAKEDEPPROG</tt> to use <tt>$(CC) -M</tt><br />
<br />
Setting and resetting of <tt>LANG</tt> is required on Mac OSX to work around a <tt>sed</tt> bug or limitation.<br />
<br />
<pre>OLD_LANG=$LANG<br />
unset LANG<br />
<br />
sed -i "" 's|\"iphoneos-cross\"\,\"llvm-gcc\:-O3|\"iphoneos-cross\"\,\"clang\:-Os|g' Configure<br />
sed -i "" 's/CC= cc/CC= clang/g' Makefile.org<br />
sed -i "" 's/CFLAG= -O/CFLAG= -Os/g' Makefile.org<br />
sed -i "" 's/MAKEDEPPROG=makedepend/MAKEDEPPROG=$(CC) -M/g' Makefile.org<br />
<br />
export LANG=$OLD_LANG</pre><br />
<br />
After modification, be sure to dclean and configure again so the new settings are picked up:<br />
<br />
<pre>make dclean<br />
<br />
./config<br />
make depend<br />
make all<br />
...</pre><br />
<br />
=== Fedora and Red Hat ===<br />
<br />
On Fedora and Red Hat systems, be sure to export <tt>CFLAGS="-fPIC"</tt> and explicitly specify <tt>shared</tt> to <tt>config</tt>. Failing to do so will result in static libraries only.That is, you will be missing the shared objects and engines. The commands would look similar to below.<br />
<br />
<pre>$ export CFLAGS="-fPIC"<br />
$ ./config shared no-ssl2 no-ssl3 --openssldir=/usr/local/ssl<br />
...<br />
$ make depend<br />
...<br />
$ make all<br />
...<br />
$ sudo -E make install</pre><br />
<br />
=== FIPS Capable Library ===<br />
<br />
If you want to use FIPS validated cryptography, you download, build and install the FIPS Object Module (<tt>openssl-fips-2.0.5.tar.gz</tt>) according to the [https://www.openssl.org/docs/fips/UserGuide-2.0.pdf FIPS User Guide 2.0] and [https://www.openssl.org/docs/fips/SecurityPolicy-2.0.pdf FIPS 140-2 Security Policy]. You then download, build and install the FIPS Capable Library (<tt>openssl-1.0.1e.tar.gz</tt>).<br />
<br />
When configuring the FIPS Capable Library, you must use <tt>fips</tt> as an option:<br />
<br />
<pre>./config fips <other options ...></pre><br />
<br />
If you are configuring the FIPS Capable Library with only prime curves (<tt>openssl-fips-ecp-2.0.5.tar.gz</tt>), then you must configure with <tt>no-ec2m</tt>:<br />
<br />
<pre>./config fips no-ec2m <other options ...></pre><br />
<br />
== Compilation ==<br />
<br />
Once you untar the source files (or fetched them from source control), its a good idea to look at README provided in it.<br />
<br />
cat README<br />
<br />
where you will understand that you have to read another file INSTALL :<br />
<br />
cat INSTALL <br />
<br />
Depending on your platform you will have to pick up the right INSTALL by example INSTALL.W64.<br />
Default is for Unix based systems.<br />
<br />
==== Quick ====<br />
<br />
<pre>./config <nowiki><options ...></nowiki><br />
make depend<br />
make<br />
make test<br />
make install</pre><br />
<br />
Various options can be found examining the <tt>Configure</tt> file (there is a well commented block at its top). OpenSSL ships with SSLv2, SSLv3 and Compression enabled by default (see <tt>my $disabled</tt>), so you might want to use <tt>no-ssl2</tt>, <tt>no-ssl3</tt>, and <tt>no-comp</tt>.<br />
<br />
== Platfom specific ==<br />
<br />
=== Linux ===<br />
<br />
==== Intel ====<br />
<br />
==== ARM ====<br />
<br />
=== Windows ===<br />
3noch wrote a VERY good guide [http://developer.covenanteyes.com/building-openssl-for-visual-studio/ here].<br />
Like he said in his article, make absolutely sure to create separate directories for 32 and 64 bit versions.<br />
<br />
==== W32 / Windows NT - Windows 9x ====<br />
<br />
type INSTALL.W32<br />
<br />
* you need Perl for Win32. Unless you will build on Cygwin, you will need ActiveState Perl, available from http://www.activestate.com/ActivePerl.<br />
* one of the following C compilers:<br />
** Visual C++<br />
** Borland C<br />
** GNU C (Cygwin or MinGW)<br />
* Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/ is required if you intend to utilize assembler modules. Note that NASM is now the only supported assembler.<br />
<br />
==== W64 ====<br />
<br />
Read first the INSTALL.W64 documentation note containing some specific 64bits information.<br />
See also INSTALL.W32 that still provides additonnal build information common to both the 64 and 32 bit versions.<br />
<br />
You may be surprised: the 64bit artefacts are indeed output in the out32* sub-directories and bear names ending *32.dll. Fact is the 64 bit compile target is so far an incremental change over the legacy 32bit windows target. Numerous compile flags are still labelled "32" although those do apply to both 32 and 64bit targets.<br />
<br />
The important pre-requisites are to have PERL available (for essential file processing so as to prepare sources and scripts for the target OS) and of course a C compiler like Microsoft Visual Studio for C/C++.<br />
<br />
Using MS Visual Studio:<br />
# launch a Visual Studio tool x64 Cross Tools Command prompt<br />
# change to the directory where you have copied openssl sources <code>cd c:\myPath\openssl</code><br />
# configure for the target OS with the command <code>perl Configure VC-WIN64A</code>. You may also be interested to set more configuration options as documented in the general INSTALL note (for UNIX targets). For instance: <code>perl Configure no-asm VC-WIN64A</code>.<br />
# prepare the target environment with the command: <code>ms\do_win64a</code><br />
# ensure you start afresh and notably without linkable products from a previous 32bit compile (as 32 and 64 bits compiling still share common directories) with the command: <code>nmake -f ms\ntdll.mak clean</code> for the DLL target and <code>nmake -f ms\nt.mak clean</code> for static libraries.<br />
# build the code with: <code>nmake -f ms\ntdll.mak</code> (respectively <code>nmake -f ms\nt.mak</code> )<br />
# the artefacts will be found in sub directories out32dll and out32dll.dbg (respectively out32 and out32.dbg for static libraries). The libcrypto and ssl libraries are still named libeay32.lib and ssleay32.lib, and associated includes in inc32 ! You may check this is true 64bit code using the Visual Studio tool 'dumbin'. For instance <code>dumpbin /headers out32dll/libeay32.lib | more</code>, and look at the FILE HEADER section.<br />
# test the code using the various *test.exe programs in out32dll. <br />
# we recommend that you move/copy needed includes and libraries under the "32" directories under a new explicit directory tree for 64bit applications from where you will import and link your target applications, similar to that explained in INSTALL.W32.<br />
<br />
==== Windows CE ====<br />
<br />
=== Mac ===<br />
<br />
=== iOS ===<br />
<br />
=== Android ===<br />
<br />
Visit [[Android]] and [[FIPS Library and Android]].<br />
<br />
=== More ===<br />
<br />
==== VAX/VMS ====<br />
<br />
I you wonder what are files ending with .com like test/testca.com those are VAX/VMX scripts.<br />
This code is still maintained.<br />
<br />
==== OS/2 ====<br />
<br />
==== NetWare ====<br />
5.x 6.x<br />
<br />
==== HP-UX ====<br />
[[HP-UX Itanium FIPS and OpenSSL build]]<br />
<br />
[[Category:Shell level]]<br />
[[Category:Installation]]<br />
[[Category:Compilation]]</div>Bernardhhttps://wiki.openssl.org/index.php?title=Compilation_and_Installation&diff=1863Compilation and Installation2014-08-11T09:35:05Z<p>Bernardh: /* W64 */</p>
<hr />
<div>== Retrieve source code ==<br />
<br />
The OpenSSL source code can be downloaded from [http://www.openssl.org/source/ www.openssl.org/source/] or any suitable [http://www.openssl.org/source/mirror.html ftp mirror]. There are various versions including stable as well as unstable versions. <br />
<br />
The source code is manged via Git, the repository is<br />
<br />
: git://git.openssl.org/openssl.git<br />
<br />
The source is also available via a [https://github.com/openssl/openssl GitHub] mirror. This repository is updated every 15 minutes.<br />
<br />
* [[Use_of_Git|Accessing OpenSSL source code via Git]]<br />
<br />
== Configuration ==<br />
<br />
OpenSSL is configured for a particular platform with protocol and behavior options using <tt>Configure</tt> and <tt>config</tt>.<br />
<br />
=== Configure & Config ===<br />
<br />
You use <tt>Configure</tt> and <tt>config</tt> to tune the compile and installation process through options and switches. The difference between is <tt>Configure</tt> properly handles the host-arch-compiler triplet, and <tt>config</tt> does not. <tt>config</tt> attempts to guess the triplet, so its a lot like autotool's <tt>config.guess</tt>.<br />
<br />
You can usually use <tt>config</tt> and it will do the right thing (from Ubuntu 13.04, x64):<br />
<br />
<pre>$ ./config <br />
Operating system: x86_64-whatever-linux2<br />
Configuring for linux-x86_64<br />
Configuring for linux-x86_64<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
Mac OSX is a problem (its often a neglected platform), and you will have to use <tt>Configure</tt>:<br />
<br />
<pre> ./Configure darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default]<br />
...</pre><br />
<br />
Running the same command with <tt>config</tt> results in:<br />
<br />
<pre>$ ./config darwin64-x86_64-cc<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
WARNING! If you wish to build 64-bit library, then you have to<br />
invoke './Configure darwin64-x86_64-cc' *manually*.<br />
You have about 5 seconds to press Ctrl-C to abort.<br />
Configuring for darwin-i386-cc<br />
target already defined - darwin-i386-cc (offending arg: darwin64-x86_64-cc)</pre><br />
<br />
You can also configure on Darwin by exporting <tt>KERNEL_BITS</tt>:<br />
<br />
<pre>$ export KERNEL_BITS=64<br />
$ ./config shared no-ssl2 enable-ec_nistp_64_gcc_128 --openssldir=/usr/local/ssl/macosx-x64/<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
Configuring for darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-psk [option] OPENSSL_NO_PSK (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-srp [option] OPENSSL_NO_SRP (skip dir)<br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
If you provide a option not known to configure or ask for help, then you get a brief help message:<br />
<br />
<pre>$ ./Configure --help<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]</pre><br />
<br />
And if you supply an unknown triplet: <br />
<br />
<pre>$ ./Configure darwin64-x86_64-clang<br />
Configuring for darwin64-x86_64-clang<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]<br />
<br />
pick os/compiler from:<br />
BC-32 BS2000-OSD BSD-generic32 BSD-generic64 BSD-ia64 BSD-sparc64 BSD-sparcv8 <br />
BSD-x86 BSD-x86-elf BSD-x86_64 Cygwin Cygwin-pre1.3 DJGPP MPE/iX-gcc OS2-EMX <br />
OS390-Unix QNX6 QNX6-i386 ReliantUNIX SINIX SINIX-N UWIN VC-CE VC-WIN32 <br />
VC-WIN64A VC-WIN64I aix-cc aix-gcc aix3-cc aix64-cc aix64-gcc android <br />
android-armv7 android-x86 aux3-gcc beos-x86-bone beos-x86-r5 bsdi-elf-gcc cc <br />
cray-j90 cray-t3e darwin-i386-cc darwin-ppc-cc darwin64-ppc-cc <br />
darwin64-x86_64-cc dgux-R3-gcc dgux-R4-gcc dgux-R4-x86-gcc dist gcc hpux-cc <br />
hpux-gcc hpux-ia64-cc hpux-ia64-gcc hpux-parisc-cc hpux-parisc-cc-o4 <br />
hpux-parisc-gcc hpux-parisc1_1-cc hpux-parisc1_1-gcc hpux-parisc2-cc <br />
hpux-parisc2-gcc hpux64-ia64-cc hpux64-ia64-gcc hpux64-parisc2-cc <br />
hpux64-parisc2-gcc hurd-x86 iphoneos-cross irix-cc irix-gcc irix-mips3-cc <br />
irix-mips3-gcc irix64-mips4-cc irix64-mips4-gcc linux-alpha+bwx-ccc <br />
linux-alpha+bwx-gcc linux-alpha-ccc linux-alpha-gcc linux-aout linux-armv4 <br />
linux-elf linux-generic32 linux-generic64 linux-ia32-icc linux-ia64 <br />
linux-ia64-ecc linux-ia64-icc linux-ppc linux-ppc64 linux-sparcv8 <br />
linux-sparcv9 linux-x86_64 linux32-s390x linux64-s390x linux64-sparcv9 mingw <br />
mingw64 ncr-scde netware-clib netware-clib-bsdsock netware-clib-bsdsock-gcc <br />
...<br />
<br />
NOTE: If in doubt, on Unix-ish systems use './config'.</pre><br />
<br />
Finally, to delete a configuration and start anew, run <tt>make dclean</tt>.<br />
<br />
=== Configure Options ===<br />
<br />
OpenSSL has been around a long time, and it carries around a lot of cruft. For example, from above, SSLv2 is enabled by default. SSLv2 is completely broken, and you should disable it during configuration. You can disable protocols and provide other options through <tt>Configure</tt> and <tt>config</tt>, and the following lists some of them.<br />
<br />
'''Note''': if you specify a non-existent option, then the configure scripts will proceed without warning. For example, if you inadvertently specify '''no-sslv2''' rather than '''no-ssl2''', the script will configure ''with'' SSLv2 and ''without'' warning for the unknown no-sslv2.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Library Options<br />
|-<br />
! scope="col" width="150px" | Option<br />
! scope="col" class="unsortable" | Description<br />
|-<br />
| --openssldir=XXX || The installation directory. If not specified, the library will be installed at <tt>/usr/local/ssl</tt>. Header will be located at <tt>/usr/local/ssl/include/openssl</tt>, and libraries located at <tt>/usr/local/ssl/lib</tt>.<br />
|-<br />
| shared || Build a shared object in addition to the static archive<br />
|-<br />
| enable-ec_nistp_64_gcc_128 || Use on x64 platforms when GCC supports <tt>__uint128_t</tt>. ECDH is about 2 to 4 times faster. Not enabled by default because <tt>Configure</tt> can't determine it.<br />
|-<br />
| no-ssl2 || Disables SSLv2<br />
|-<br />
| no-ssl3 || Disables SSLv3<br />
|-<br />
| no-comp || Disables compression independent of <tt>zlib</tt><br />
|-<br />
| no-idea || Disables IDEA algorithm. Unlike RC5 and MDC2, IDEA is enabled by default<br />
|-<br />
| no-asm || Disables assembly language routines (and uses C routines)<br />
|-<br />
| no-dtls || Disables DTLS (useful on mobile devices since carriers often block UDP)<br />
|-<br />
| no-shared || Disables shared objects (only a static library is created)<br />
|-<br />
| no-hw || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-engines || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-threads || Disables threading support<br />
|-<br />
| no-dso || Disables the OpenSSL DSO API (the library offers a shared object abstraction layer)<br />
|-<br />
| no-err || Removes all error function names and error reason text to reduce footprint<br />
|-<br />
| no-npn || Disables Next Protocol Negotiation (NPN)<br />
|-<br />
| no-psk || Disables Preshared Key (PSK). PSK provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-srp || Disables Secure Remote Password (SRP). SRP provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-ec2m || Used when configuring FIPS Capable Library with a FIPS Object Module that only includes prime curves. That is, use this switch if you use <tt>openssl-fips-ecp-2.0.5</tt>.<br />
|-<br />
| -DXXX || Defines XXX. For example, <tt>-DOPENSSL_NO_HEARTBEATS</tt>.<br />
|}<br />
<br />
After disabling an option, your configure output will look similar to below (notice the lack of SSLv2 and SSLv3 support).<br />
<br />
<pre>$ ./Configure darwin64-x86_64-cc no-ssl2 no-ssl3<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-ssl3 [option] OPENSSL_NO_SSL3 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
=== Compile Time Checking ===<br />
<br />
If you disable an option during configure, you can check if it's available through <tt>OPENSSL_NO_*</tt> defines. OpenSSL writes the configure options to <tt><openssl/opensslconf.h></tt>. For example, if you want to know if SSLv3 is available, then you would perform the following in your code:<br />
<br />
<pre>#include <openssl/opensslconf.h><br />
...<br />
<br />
#if !defined(OPENSSL_NO_SSL3)<br />
/* SSLv3 is available */<br />
#endif</pre><br />
<br />
=== Modifying Build Settings ===<br />
<br />
Sometimes you need to work around OpenSSL's selections for building the library. For example, you might want to use <tt>-Os</tt> for a mobile device (rather than <tt>-O3</tt>), or you might want to use the <tt>clang</tt> compiler (rather than <tt>gcc</tt>).<br />
<br />
In case like these, its often easier to modify <tt>Configure</tt> and <tt>Makefile.org</tt> rather than trying to add targets to the configure scripts. Below is a patch that modifies <tt>Configure</tt> and <tt>Makefile.org</tt> for use under the iOS 7.0 SDK (which lacks <tt>gcc</tt> in <tt>/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/</tt>):<br />
<br />
* Modifies <tt>Configure</tt> to use <tt>clang</tt><br />
* Modifies <tt>Makefile.org</tt> to use <tt>clang</tt><br />
* Modifies <tt>CFLAG</tt> to use <tt>-Os</tt><br />
* Modifies <tt>MAKEDEPPROG</tt> to use <tt>$(CC) -M</tt><br />
<br />
Setting and resetting of <tt>LANG</tt> is required on Mac OSX to work around a <tt>sed</tt> bug or limitation.<br />
<br />
<pre>OLD_LANG=$LANG<br />
unset LANG<br />
<br />
sed -i "" 's|\"iphoneos-cross\"\,\"llvm-gcc\:-O3|\"iphoneos-cross\"\,\"clang\:-Os|g' Configure<br />
sed -i "" 's/CC= cc/CC= clang/g' Makefile.org<br />
sed -i "" 's/CFLAG= -O/CFLAG= -Os/g' Makefile.org<br />
sed -i "" 's/MAKEDEPPROG=makedepend/MAKEDEPPROG=$(CC) -M/g' Makefile.org<br />
<br />
export LANG=$OLD_LANG</pre><br />
<br />
After modification, be sure to dclean and configure again so the new settings are picked up:<br />
<br />
<pre>make dclean<br />
<br />
./config<br />
make depend<br />
make all<br />
...</pre><br />
<br />
=== Fedora and Red Hat ===<br />
<br />
On Fedora and Red Hat systems, be sure to export <tt>CFLAGS="-fPIC"</tt> and explicitly specify <tt>shared</tt> to <tt>config</tt>. Failing to do so will result in static libraries only.That is, you will be missing the shared objects and engines. The commands would look similar to below.<br />
<br />
<pre>$ export CFLAGS="-fPIC"<br />
$ ./config shared no-ssl2 no-ssl3 --openssldir=/usr/local/ssl<br />
...<br />
$ make depend<br />
...<br />
$ make all<br />
...<br />
$ sudo -E make install</pre><br />
<br />
=== FIPS Capable Library ===<br />
<br />
If you want to use FIPS validated cryptography, you download, build and install the FIPS Object Module (<tt>openssl-fips-2.0.5.tar.gz</tt>) according to the [https://www.openssl.org/docs/fips/UserGuide-2.0.pdf FIPS User Guide 2.0] and [https://www.openssl.org/docs/fips/SecurityPolicy-2.0.pdf FIPS 140-2 Security Policy]. You then download, build and install the FIPS Capable Library (<tt>openssl-1.0.1e.tar.gz</tt>).<br />
<br />
When configuring the FIPS Capable Library, you must use <tt>fips</tt> as an option:<br />
<br />
<pre>./config fips <other options ...></pre><br />
<br />
If you are configuring the FIPS Capable Library with only prime curves (<tt>openssl-fips-ecp-2.0.5.tar.gz</tt>), then you must configure with <tt>no-ec2m</tt>:<br />
<br />
<pre>./config fips no-ec2m <other options ...></pre><br />
<br />
== Compilation ==<br />
<br />
Once you untar the source files (or fetched them from source control), its a good idea to look at README provided in it.<br />
<br />
cat README<br />
<br />
where you will understand that you have to read another file INSTALL :<br />
<br />
cat INSTALL <br />
<br />
Depending on your platform you will have to pick up the right INSTALL by example INSTALL.W64.<br />
Default is for Unix based systems.<br />
<br />
==== Quick ====<br />
<br />
<pre>./config <nowiki><options ...></nowiki><br />
make depend<br />
make<br />
make test<br />
make install</pre><br />
<br />
Various options can be found examining the <tt>Configure</tt> file (there is a well commented block at its top). OpenSSL ships with SSLv2, SSLv3 and Compression enabled by default (see <tt>my $disabled</tt>), so you might want to use <tt>no-ssl2</tt>, <tt>no-ssl3</tt>, and <tt>no-comp</tt>.<br />
<br />
== Platfom specific ==<br />
<br />
=== Linux ===<br />
<br />
==== Intel ====<br />
<br />
==== ARM ====<br />
<br />
=== Windows ===<br />
3noch wrote a VERY good guide [http://developer.covenanteyes.com/building-openssl-for-visual-studio/ here].<br />
Like he said in his article, make absolutely sure to create separate directories for 32 and 64 bit versions.<br />
<br />
==== W32 / Windows NT - Windows 9x ====<br />
<br />
type INSTALL.W32<br />
<br />
* you need Perl for Win32. Unless you will build on Cygwin, you will need ActiveState Perl, available from http://www.activestate.com/ActivePerl.<br />
* one of the following C compilers:<br />
** Visual C++<br />
** Borland C<br />
** GNU C (Cygwin or MinGW)<br />
* Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/ is required if you intend to utilize assembler modules. Note that NASM is now the only supported assembler.<br />
<br />
==== W64 ====<br />
<br />
Read first the INSTALL.W64 documentation note containing some specific 64bits information.<br />
See also INSTALL.W32 that still provides additonnal build information common to both the 64 and 32 bit versions.<br />
<br />
You may be surprised: the 64bit artefacts are indeed output in the out32* sub-directories and bear names ending *32.dll. Fact is the 64 bit compile target is so far an incremental change over the legacy 32bit windows target. Numerous compile flags are still labelled "32" although those do apply to both 32 and 64bit targets.<br />
<br />
The important pre-requisites are to have PERL available (for essential file processing so as to prepare sources and scripts for the target OS) and of course a C compiler like Microsoft Visual Studio for C/C++.<br />
<br />
Using MS Visual Studio:<br />
# launch a Visual Studio tool x64 Cross Tools Command prompt<br />
# change to the directory where you have copied openssl sources <code>cd c:\myPath\openssl</code><br />
# configure for the target OS with the command <code>perl Configure VC-WIN64A</code>. You may also be interested to set more configuration options as documented in the general INSTALL note (for UNIX targets). For instance: <code>perl Configure no-asm VC-WIN64A</code>.<br />
# prepare the target environment with the command: <code>ms\do_win64a</code><br />
# ensure you start afresh and notably without linkable products from a previous 32bit compile (as 32 and 64 bits compiling still share common directories) with the command: <code>nmake -f ms\ntdll.mak clean</code><br />
# build the code with: <code>nmake -f ms\ntdll.mak</code><br />
# the artefacts will be found in sub directories out32dll and out32dll.dbg. The libcrypto and ssl libraries are still named libeay32.lib and ssleay32.lib, and associated includes in inc32 ! You may check this is true 64bit code using the Visual Studio tool 'dumbin'. For instance <code>dumpbin /headers out32dll/libeay32.lib | more</code>, and look at the FILE HEADER section.<br />
# test the code using the various *test.exe programs in out32dll. <br />
# we recommend that you move/copy needed includes and libraries under the "32" directories under a new explicit directory tree for 64bit applications from where you will import and link your target applications, similar to that explained in INSTALL.W32.<br />
<br />
==== Windows CE ====<br />
<br />
=== Mac ===<br />
<br />
=== iOS ===<br />
<br />
=== Android ===<br />
<br />
Visit [[Android]] and [[FIPS Library and Android]].<br />
<br />
=== More ===<br />
<br />
==== VAX/VMS ====<br />
<br />
I you wonder what are files ending with .com like test/testca.com those are VAX/VMX scripts.<br />
This code is still maintained.<br />
<br />
==== OS/2 ====<br />
<br />
==== NetWare ====<br />
5.x 6.x<br />
<br />
==== HP-UX ====<br />
[[HP-UX Itanium FIPS and OpenSSL build]]<br />
<br />
[[Category:Shell level]]<br />
[[Category:Installation]]<br />
[[Category:Compilation]]</div>Bernardhhttps://wiki.openssl.org/index.php?title=Compilation_and_Installation&diff=1862Compilation and Installation2014-08-11T09:31:38Z<p>Bernardh: /* W64 */</p>
<hr />
<div>== Retrieve source code ==<br />
<br />
The OpenSSL source code can be downloaded from [http://www.openssl.org/source/ www.openssl.org/source/] or any suitable [http://www.openssl.org/source/mirror.html ftp mirror]. There are various versions including stable as well as unstable versions. <br />
<br />
The source code is manged via Git, the repository is<br />
<br />
: git://git.openssl.org/openssl.git<br />
<br />
The source is also available via a [https://github.com/openssl/openssl GitHub] mirror. This repository is updated every 15 minutes.<br />
<br />
* [[Use_of_Git|Accessing OpenSSL source code via Git]]<br />
<br />
== Configuration ==<br />
<br />
OpenSSL is configured for a particular platform with protocol and behavior options using <tt>Configure</tt> and <tt>config</tt>.<br />
<br />
=== Configure & Config ===<br />
<br />
You use <tt>Configure</tt> and <tt>config</tt> to tune the compile and installation process through options and switches. The difference between is <tt>Configure</tt> properly handles the host-arch-compiler triplet, and <tt>config</tt> does not. <tt>config</tt> attempts to guess the triplet, so its a lot like autotool's <tt>config.guess</tt>.<br />
<br />
You can usually use <tt>config</tt> and it will do the right thing (from Ubuntu 13.04, x64):<br />
<br />
<pre>$ ./config <br />
Operating system: x86_64-whatever-linux2<br />
Configuring for linux-x86_64<br />
Configuring for linux-x86_64<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
Mac OSX is a problem (its often a neglected platform), and you will have to use <tt>Configure</tt>:<br />
<br />
<pre> ./Configure darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default]<br />
...</pre><br />
<br />
Running the same command with <tt>config</tt> results in:<br />
<br />
<pre>$ ./config darwin64-x86_64-cc<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
WARNING! If you wish to build 64-bit library, then you have to<br />
invoke './Configure darwin64-x86_64-cc' *manually*.<br />
You have about 5 seconds to press Ctrl-C to abort.<br />
Configuring for darwin-i386-cc<br />
target already defined - darwin-i386-cc (offending arg: darwin64-x86_64-cc)</pre><br />
<br />
You can also configure on Darwin by exporting <tt>KERNEL_BITS</tt>:<br />
<br />
<pre>$ export KERNEL_BITS=64<br />
$ ./config shared no-ssl2 enable-ec_nistp_64_gcc_128 --openssldir=/usr/local/ssl/macosx-x64/<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
Configuring for darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-psk [option] OPENSSL_NO_PSK (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-srp [option] OPENSSL_NO_SRP (skip dir)<br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
If you provide a option not known to configure or ask for help, then you get a brief help message:<br />
<br />
<pre>$ ./Configure --help<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]</pre><br />
<br />
And if you supply an unknown triplet: <br />
<br />
<pre>$ ./Configure darwin64-x86_64-clang<br />
Configuring for darwin64-x86_64-clang<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]<br />
<br />
pick os/compiler from:<br />
BC-32 BS2000-OSD BSD-generic32 BSD-generic64 BSD-ia64 BSD-sparc64 BSD-sparcv8 <br />
BSD-x86 BSD-x86-elf BSD-x86_64 Cygwin Cygwin-pre1.3 DJGPP MPE/iX-gcc OS2-EMX <br />
OS390-Unix QNX6 QNX6-i386 ReliantUNIX SINIX SINIX-N UWIN VC-CE VC-WIN32 <br />
VC-WIN64A VC-WIN64I aix-cc aix-gcc aix3-cc aix64-cc aix64-gcc android <br />
android-armv7 android-x86 aux3-gcc beos-x86-bone beos-x86-r5 bsdi-elf-gcc cc <br />
cray-j90 cray-t3e darwin-i386-cc darwin-ppc-cc darwin64-ppc-cc <br />
darwin64-x86_64-cc dgux-R3-gcc dgux-R4-gcc dgux-R4-x86-gcc dist gcc hpux-cc <br />
hpux-gcc hpux-ia64-cc hpux-ia64-gcc hpux-parisc-cc hpux-parisc-cc-o4 <br />
hpux-parisc-gcc hpux-parisc1_1-cc hpux-parisc1_1-gcc hpux-parisc2-cc <br />
hpux-parisc2-gcc hpux64-ia64-cc hpux64-ia64-gcc hpux64-parisc2-cc <br />
hpux64-parisc2-gcc hurd-x86 iphoneos-cross irix-cc irix-gcc irix-mips3-cc <br />
irix-mips3-gcc irix64-mips4-cc irix64-mips4-gcc linux-alpha+bwx-ccc <br />
linux-alpha+bwx-gcc linux-alpha-ccc linux-alpha-gcc linux-aout linux-armv4 <br />
linux-elf linux-generic32 linux-generic64 linux-ia32-icc linux-ia64 <br />
linux-ia64-ecc linux-ia64-icc linux-ppc linux-ppc64 linux-sparcv8 <br />
linux-sparcv9 linux-x86_64 linux32-s390x linux64-s390x linux64-sparcv9 mingw <br />
mingw64 ncr-scde netware-clib netware-clib-bsdsock netware-clib-bsdsock-gcc <br />
...<br />
<br />
NOTE: If in doubt, on Unix-ish systems use './config'.</pre><br />
<br />
Finally, to delete a configuration and start anew, run <tt>make dclean</tt>.<br />
<br />
=== Configure Options ===<br />
<br />
OpenSSL has been around a long time, and it carries around a lot of cruft. For example, from above, SSLv2 is enabled by default. SSLv2 is completely broken, and you should disable it during configuration. You can disable protocols and provide other options through <tt>Configure</tt> and <tt>config</tt>, and the following lists some of them.<br />
<br />
'''Note''': if you specify a non-existent option, then the configure scripts will proceed without warning. For example, if you inadvertently specify '''no-sslv2''' rather than '''no-ssl2''', the script will configure ''with'' SSLv2 and ''without'' warning for the unknown no-sslv2.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Library Options<br />
|-<br />
! scope="col" width="150px" | Option<br />
! scope="col" class="unsortable" | Description<br />
|-<br />
| --openssldir=XXX || The installation directory. If not specified, the library will be installed at <tt>/usr/local/ssl</tt>. Header will be located at <tt>/usr/local/ssl/include/openssl</tt>, and libraries located at <tt>/usr/local/ssl/lib</tt>.<br />
|-<br />
| shared || Build a shared object in addition to the static archive<br />
|-<br />
| enable-ec_nistp_64_gcc_128 || Use on x64 platforms when GCC supports <tt>__uint128_t</tt>. ECDH is about 2 to 4 times faster. Not enabled by default because <tt>Configure</tt> can't determine it.<br />
|-<br />
| no-ssl2 || Disables SSLv2<br />
|-<br />
| no-ssl3 || Disables SSLv3<br />
|-<br />
| no-comp || Disables compression independent of <tt>zlib</tt><br />
|-<br />
| no-idea || Disables IDEA algorithm. Unlike RC5 and MDC2, IDEA is enabled by default<br />
|-<br />
| no-asm || Disables assembly language routines (and uses C routines)<br />
|-<br />
| no-dtls || Disables DTLS (useful on mobile devices since carriers often block UDP)<br />
|-<br />
| no-shared || Disables shared objects (only a static library is created)<br />
|-<br />
| no-hw || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-engines || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-threads || Disables threading support<br />
|-<br />
| no-dso || Disables the OpenSSL DSO API (the library offers a shared object abstraction layer)<br />
|-<br />
| no-err || Removes all error function names and error reason text to reduce footprint<br />
|-<br />
| no-npn || Disables Next Protocol Negotiation (NPN)<br />
|-<br />
| no-psk || Disables Preshared Key (PSK). PSK provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-srp || Disables Secure Remote Password (SRP). SRP provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-ec2m || Used when configuring FIPS Capable Library with a FIPS Object Module that only includes prime curves. That is, use this switch if you use <tt>openssl-fips-ecp-2.0.5</tt>.<br />
|-<br />
| -DXXX || Defines XXX. For example, <tt>-DOPENSSL_NO_HEARTBEATS</tt>.<br />
|}<br />
<br />
After disabling an option, your configure output will look similar to below (notice the lack of SSLv2 and SSLv3 support).<br />
<br />
<pre>$ ./Configure darwin64-x86_64-cc no-ssl2 no-ssl3<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-ssl3 [option] OPENSSL_NO_SSL3 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
=== Compile Time Checking ===<br />
<br />
If you disable an option during configure, you can check if it's available through <tt>OPENSSL_NO_*</tt> defines. OpenSSL writes the configure options to <tt><openssl/opensslconf.h></tt>. For example, if you want to know if SSLv3 is available, then you would perform the following in your code:<br />
<br />
<pre>#include <openssl/opensslconf.h><br />
...<br />
<br />
#if !defined(OPENSSL_NO_SSL3)<br />
/* SSLv3 is available */<br />
#endif</pre><br />
<br />
=== Modifying Build Settings ===<br />
<br />
Sometimes you need to work around OpenSSL's selections for building the library. For example, you might want to use <tt>-Os</tt> for a mobile device (rather than <tt>-O3</tt>), or you might want to use the <tt>clang</tt> compiler (rather than <tt>gcc</tt>).<br />
<br />
In case like these, its often easier to modify <tt>Configure</tt> and <tt>Makefile.org</tt> rather than trying to add targets to the configure scripts. Below is a patch that modifies <tt>Configure</tt> and <tt>Makefile.org</tt> for use under the iOS 7.0 SDK (which lacks <tt>gcc</tt> in <tt>/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/</tt>):<br />
<br />
* Modifies <tt>Configure</tt> to use <tt>clang</tt><br />
* Modifies <tt>Makefile.org</tt> to use <tt>clang</tt><br />
* Modifies <tt>CFLAG</tt> to use <tt>-Os</tt><br />
* Modifies <tt>MAKEDEPPROG</tt> to use <tt>$(CC) -M</tt><br />
<br />
Setting and resetting of <tt>LANG</tt> is required on Mac OSX to work around a <tt>sed</tt> bug or limitation.<br />
<br />
<pre>OLD_LANG=$LANG<br />
unset LANG<br />
<br />
sed -i "" 's|\"iphoneos-cross\"\,\"llvm-gcc\:-O3|\"iphoneos-cross\"\,\"clang\:-Os|g' Configure<br />
sed -i "" 's/CC= cc/CC= clang/g' Makefile.org<br />
sed -i "" 's/CFLAG= -O/CFLAG= -Os/g' Makefile.org<br />
sed -i "" 's/MAKEDEPPROG=makedepend/MAKEDEPPROG=$(CC) -M/g' Makefile.org<br />
<br />
export LANG=$OLD_LANG</pre><br />
<br />
After modification, be sure to dclean and configure again so the new settings are picked up:<br />
<br />
<pre>make dclean<br />
<br />
./config<br />
make depend<br />
make all<br />
...</pre><br />
<br />
=== Fedora and Red Hat ===<br />
<br />
On Fedora and Red Hat systems, be sure to export <tt>CFLAGS="-fPIC"</tt> and explicitly specify <tt>shared</tt> to <tt>config</tt>. Failing to do so will result in static libraries only.That is, you will be missing the shared objects and engines. The commands would look similar to below.<br />
<br />
<pre>$ export CFLAGS="-fPIC"<br />
$ ./config shared no-ssl2 no-ssl3 --openssldir=/usr/local/ssl<br />
...<br />
$ make depend<br />
...<br />
$ make all<br />
...<br />
$ sudo -E make install</pre><br />
<br />
=== FIPS Capable Library ===<br />
<br />
If you want to use FIPS validated cryptography, you download, build and install the FIPS Object Module (<tt>openssl-fips-2.0.5.tar.gz</tt>) according to the [https://www.openssl.org/docs/fips/UserGuide-2.0.pdf FIPS User Guide 2.0] and [https://www.openssl.org/docs/fips/SecurityPolicy-2.0.pdf FIPS 140-2 Security Policy]. You then download, build and install the FIPS Capable Library (<tt>openssl-1.0.1e.tar.gz</tt>).<br />
<br />
When configuring the FIPS Capable Library, you must use <tt>fips</tt> as an option:<br />
<br />
<pre>./config fips <other options ...></pre><br />
<br />
If you are configuring the FIPS Capable Library with only prime curves (<tt>openssl-fips-ecp-2.0.5.tar.gz</tt>), then you must configure with <tt>no-ec2m</tt>:<br />
<br />
<pre>./config fips no-ec2m <other options ...></pre><br />
<br />
== Compilation ==<br />
<br />
Once you untar the source files (or fetched them from source control), its a good idea to look at README provided in it.<br />
<br />
cat README<br />
<br />
where you will understand that you have to read another file INSTALL :<br />
<br />
cat INSTALL <br />
<br />
Depending on your platform you will have to pick up the right INSTALL by example INSTALL.W64.<br />
Default is for Unix based systems.<br />
<br />
==== Quick ====<br />
<br />
<pre>./config <nowiki><options ...></nowiki><br />
make depend<br />
make<br />
make test<br />
make install</pre><br />
<br />
Various options can be found examining the <tt>Configure</tt> file (there is a well commented block at its top). OpenSSL ships with SSLv2, SSLv3 and Compression enabled by default (see <tt>my $disabled</tt>), so you might want to use <tt>no-ssl2</tt>, <tt>no-ssl3</tt>, and <tt>no-comp</tt>.<br />
<br />
== Platfom specific ==<br />
<br />
=== Linux ===<br />
<br />
==== Intel ====<br />
<br />
==== ARM ====<br />
<br />
=== Windows ===<br />
3noch wrote a VERY good guide [http://developer.covenanteyes.com/building-openssl-for-visual-studio/ here].<br />
Like he said in his article, make absolutely sure to create separate directories for 32 and 64 bit versions.<br />
<br />
==== W32 / Windows NT - Windows 9x ====<br />
<br />
type INSTALL.W32<br />
<br />
* you need Perl for Win32. Unless you will build on Cygwin, you will need ActiveState Perl, available from http://www.activestate.com/ActivePerl.<br />
* one of the following C compilers:<br />
** Visual C++<br />
** Borland C<br />
** GNU C (Cygwin or MinGW)<br />
* Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/ is required if you intend to utilize assembler modules. Note that NASM is now the only supported assembler.<br />
<br />
==== W64 ====<br />
<br />
Read first the INSTALL.W64 documentation note containing some specific 64bits information.<br />
See also INSTALL.W32 that still provides additonnal build information common to both the 64 and 32 bit versions.<br />
<br />
You may be surprised: the 64bit artefacts are indeed output in the out32* sub-directories and bear names ending *32.dll. Fact is the 64 bit compile target is so far an incremental change over the legacy 32bit windows target. Numerous compile flags are still labelled "32" although those do apply to both 32 and 64bit targets.<br />
<br />
The important pre-requisites are to have PERL available (for essential file processing so as to prepare sources and scripts for the target OS) and of course a C compiler like Microsoft Visual Studio for C/C++.<br />
<br />
Using MS Visual Studio:<br />
# launch a Visual Studio tool x64 Cross Tools Command prompt<br />
# change to the directory where you have copied openssl sources <code>cd c:\myPath\openssl</code><br />
# configure for the target OS with the command <code>perl Configure VC-WIN64A</code>. You may also be interested to set more configuration options as documented in the general INSTALL note (for UNIX targets). For instance: <code>perl Configure no-asm VC-WIN64A</code>.<br />
# prepare the target environment with the command: <code>ms\do_win64a</code><br />
# ensure you start afresh and notably without linkable products from a previous 32bit compile (as 32 and 64 bits compiling still share common directories) with the command: <quote>nmake -f ms\ntdll.mak clean</quote><br />
# build the code with: <code>nmake -f ms\ntdll.mak</code><br />
# the artefacts will be found in sub directories out32dll and out32dll.dbg. The libcrypto and ssl libraries are still named libeay32.lib and ssleay32.lib, and associated includes in inc32 ! You may check this is true 64bit code using the Visual Studio tool 'dumbin'. For instance <code>dumpbin /headers out32dll/libeay32.lib | more</code>, and look at the FILE HEADER section.<br />
# test the code using the various *test.exe programs in out32dll. <br />
# we recommend that you move/copy needed includes and libraries under the "32" directories under a new explicit directory tree for 64bit applications from where you will import and link your target applications, similar to that explained in INSTALL.W32.<br />
<br />
==== Windows CE ====<br />
<br />
=== Mac ===<br />
<br />
=== iOS ===<br />
<br />
=== Android ===<br />
<br />
Visit [[Android]] and [[FIPS Library and Android]].<br />
<br />
=== More ===<br />
<br />
==== VAX/VMS ====<br />
<br />
I you wonder what are files ending with .com like test/testca.com those are VAX/VMX scripts.<br />
This code is still maintained.<br />
<br />
==== OS/2 ====<br />
<br />
==== NetWare ====<br />
5.x 6.x<br />
<br />
==== HP-UX ====<br />
[[HP-UX Itanium FIPS and OpenSSL build]]<br />
<br />
[[Category:Shell level]]<br />
[[Category:Installation]]<br />
[[Category:Compilation]]</div>Bernardhhttps://wiki.openssl.org/index.php?title=Compilation_and_Installation&diff=1861Compilation and Installation2014-08-11T09:30:55Z<p>Bernardh: /* W64 */</p>
<hr />
<div>== Retrieve source code ==<br />
<br />
The OpenSSL source code can be downloaded from [http://www.openssl.org/source/ www.openssl.org/source/] or any suitable [http://www.openssl.org/source/mirror.html ftp mirror]. There are various versions including stable as well as unstable versions. <br />
<br />
The source code is manged via Git, the repository is<br />
<br />
: git://git.openssl.org/openssl.git<br />
<br />
The source is also available via a [https://github.com/openssl/openssl GitHub] mirror. This repository is updated every 15 minutes.<br />
<br />
* [[Use_of_Git|Accessing OpenSSL source code via Git]]<br />
<br />
== Configuration ==<br />
<br />
OpenSSL is configured for a particular platform with protocol and behavior options using <tt>Configure</tt> and <tt>config</tt>.<br />
<br />
=== Configure & Config ===<br />
<br />
You use <tt>Configure</tt> and <tt>config</tt> to tune the compile and installation process through options and switches. The difference between is <tt>Configure</tt> properly handles the host-arch-compiler triplet, and <tt>config</tt> does not. <tt>config</tt> attempts to guess the triplet, so its a lot like autotool's <tt>config.guess</tt>.<br />
<br />
You can usually use <tt>config</tt> and it will do the right thing (from Ubuntu 13.04, x64):<br />
<br />
<pre>$ ./config <br />
Operating system: x86_64-whatever-linux2<br />
Configuring for linux-x86_64<br />
Configuring for linux-x86_64<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
Mac OSX is a problem (its often a neglected platform), and you will have to use <tt>Configure</tt>:<br />
<br />
<pre> ./Configure darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default]<br />
...</pre><br />
<br />
Running the same command with <tt>config</tt> results in:<br />
<br />
<pre>$ ./config darwin64-x86_64-cc<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
WARNING! If you wish to build 64-bit library, then you have to<br />
invoke './Configure darwin64-x86_64-cc' *manually*.<br />
You have about 5 seconds to press Ctrl-C to abort.<br />
Configuring for darwin-i386-cc<br />
target already defined - darwin-i386-cc (offending arg: darwin64-x86_64-cc)</pre><br />
<br />
You can also configure on Darwin by exporting <tt>KERNEL_BITS</tt>:<br />
<br />
<pre>$ export KERNEL_BITS=64<br />
$ ./config shared no-ssl2 enable-ec_nistp_64_gcc_128 --openssldir=/usr/local/ssl/macosx-x64/<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
Configuring for darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-psk [option] OPENSSL_NO_PSK (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-srp [option] OPENSSL_NO_SRP (skip dir)<br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
If you provide a option not known to configure or ask for help, then you get a brief help message:<br />
<br />
<pre>$ ./Configure --help<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]</pre><br />
<br />
And if you supply an unknown triplet: <br />
<br />
<pre>$ ./Configure darwin64-x86_64-clang<br />
Configuring for darwin64-x86_64-clang<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]<br />
<br />
pick os/compiler from:<br />
BC-32 BS2000-OSD BSD-generic32 BSD-generic64 BSD-ia64 BSD-sparc64 BSD-sparcv8 <br />
BSD-x86 BSD-x86-elf BSD-x86_64 Cygwin Cygwin-pre1.3 DJGPP MPE/iX-gcc OS2-EMX <br />
OS390-Unix QNX6 QNX6-i386 ReliantUNIX SINIX SINIX-N UWIN VC-CE VC-WIN32 <br />
VC-WIN64A VC-WIN64I aix-cc aix-gcc aix3-cc aix64-cc aix64-gcc android <br />
android-armv7 android-x86 aux3-gcc beos-x86-bone beos-x86-r5 bsdi-elf-gcc cc <br />
cray-j90 cray-t3e darwin-i386-cc darwin-ppc-cc darwin64-ppc-cc <br />
darwin64-x86_64-cc dgux-R3-gcc dgux-R4-gcc dgux-R4-x86-gcc dist gcc hpux-cc <br />
hpux-gcc hpux-ia64-cc hpux-ia64-gcc hpux-parisc-cc hpux-parisc-cc-o4 <br />
hpux-parisc-gcc hpux-parisc1_1-cc hpux-parisc1_1-gcc hpux-parisc2-cc <br />
hpux-parisc2-gcc hpux64-ia64-cc hpux64-ia64-gcc hpux64-parisc2-cc <br />
hpux64-parisc2-gcc hurd-x86 iphoneos-cross irix-cc irix-gcc irix-mips3-cc <br />
irix-mips3-gcc irix64-mips4-cc irix64-mips4-gcc linux-alpha+bwx-ccc <br />
linux-alpha+bwx-gcc linux-alpha-ccc linux-alpha-gcc linux-aout linux-armv4 <br />
linux-elf linux-generic32 linux-generic64 linux-ia32-icc linux-ia64 <br />
linux-ia64-ecc linux-ia64-icc linux-ppc linux-ppc64 linux-sparcv8 <br />
linux-sparcv9 linux-x86_64 linux32-s390x linux64-s390x linux64-sparcv9 mingw <br />
mingw64 ncr-scde netware-clib netware-clib-bsdsock netware-clib-bsdsock-gcc <br />
...<br />
<br />
NOTE: If in doubt, on Unix-ish systems use './config'.</pre><br />
<br />
Finally, to delete a configuration and start anew, run <tt>make dclean</tt>.<br />
<br />
=== Configure Options ===<br />
<br />
OpenSSL has been around a long time, and it carries around a lot of cruft. For example, from above, SSLv2 is enabled by default. SSLv2 is completely broken, and you should disable it during configuration. You can disable protocols and provide other options through <tt>Configure</tt> and <tt>config</tt>, and the following lists some of them.<br />
<br />
'''Note''': if you specify a non-existent option, then the configure scripts will proceed without warning. For example, if you inadvertently specify '''no-sslv2''' rather than '''no-ssl2''', the script will configure ''with'' SSLv2 and ''without'' warning for the unknown no-sslv2.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Library Options<br />
|-<br />
! scope="col" width="150px" | Option<br />
! scope="col" class="unsortable" | Description<br />
|-<br />
| --openssldir=XXX || The installation directory. If not specified, the library will be installed at <tt>/usr/local/ssl</tt>. Header will be located at <tt>/usr/local/ssl/include/openssl</tt>, and libraries located at <tt>/usr/local/ssl/lib</tt>.<br />
|-<br />
| shared || Build a shared object in addition to the static archive<br />
|-<br />
| enable-ec_nistp_64_gcc_128 || Use on x64 platforms when GCC supports <tt>__uint128_t</tt>. ECDH is about 2 to 4 times faster. Not enabled by default because <tt>Configure</tt> can't determine it.<br />
|-<br />
| no-ssl2 || Disables SSLv2<br />
|-<br />
| no-ssl3 || Disables SSLv3<br />
|-<br />
| no-comp || Disables compression independent of <tt>zlib</tt><br />
|-<br />
| no-idea || Disables IDEA algorithm. Unlike RC5 and MDC2, IDEA is enabled by default<br />
|-<br />
| no-asm || Disables assembly language routines (and uses C routines)<br />
|-<br />
| no-dtls || Disables DTLS (useful on mobile devices since carriers often block UDP)<br />
|-<br />
| no-shared || Disables shared objects (only a static library is created)<br />
|-<br />
| no-hw || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-engines || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-threads || Disables threading support<br />
|-<br />
| no-dso || Disables the OpenSSL DSO API (the library offers a shared object abstraction layer)<br />
|-<br />
| no-err || Removes all error function names and error reason text to reduce footprint<br />
|-<br />
| no-npn || Disables Next Protocol Negotiation (NPN)<br />
|-<br />
| no-psk || Disables Preshared Key (PSK). PSK provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-srp || Disables Secure Remote Password (SRP). SRP provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-ec2m || Used when configuring FIPS Capable Library with a FIPS Object Module that only includes prime curves. That is, use this switch if you use <tt>openssl-fips-ecp-2.0.5</tt>.<br />
|-<br />
| -DXXX || Defines XXX. For example, <tt>-DOPENSSL_NO_HEARTBEATS</tt>.<br />
|}<br />
<br />
After disabling an option, your configure output will look similar to below (notice the lack of SSLv2 and SSLv3 support).<br />
<br />
<pre>$ ./Configure darwin64-x86_64-cc no-ssl2 no-ssl3<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-ssl3 [option] OPENSSL_NO_SSL3 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
=== Compile Time Checking ===<br />
<br />
If you disable an option during configure, you can check if it's available through <tt>OPENSSL_NO_*</tt> defines. OpenSSL writes the configure options to <tt><openssl/opensslconf.h></tt>. For example, if you want to know if SSLv3 is available, then you would perform the following in your code:<br />
<br />
<pre>#include <openssl/opensslconf.h><br />
...<br />
<br />
#if !defined(OPENSSL_NO_SSL3)<br />
/* SSLv3 is available */<br />
#endif</pre><br />
<br />
=== Modifying Build Settings ===<br />
<br />
Sometimes you need to work around OpenSSL's selections for building the library. For example, you might want to use <tt>-Os</tt> for a mobile device (rather than <tt>-O3</tt>), or you might want to use the <tt>clang</tt> compiler (rather than <tt>gcc</tt>).<br />
<br />
In case like these, its often easier to modify <tt>Configure</tt> and <tt>Makefile.org</tt> rather than trying to add targets to the configure scripts. Below is a patch that modifies <tt>Configure</tt> and <tt>Makefile.org</tt> for use under the iOS 7.0 SDK (which lacks <tt>gcc</tt> in <tt>/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/</tt>):<br />
<br />
* Modifies <tt>Configure</tt> to use <tt>clang</tt><br />
* Modifies <tt>Makefile.org</tt> to use <tt>clang</tt><br />
* Modifies <tt>CFLAG</tt> to use <tt>-Os</tt><br />
* Modifies <tt>MAKEDEPPROG</tt> to use <tt>$(CC) -M</tt><br />
<br />
Setting and resetting of <tt>LANG</tt> is required on Mac OSX to work around a <tt>sed</tt> bug or limitation.<br />
<br />
<pre>OLD_LANG=$LANG<br />
unset LANG<br />
<br />
sed -i "" 's|\"iphoneos-cross\"\,\"llvm-gcc\:-O3|\"iphoneos-cross\"\,\"clang\:-Os|g' Configure<br />
sed -i "" 's/CC= cc/CC= clang/g' Makefile.org<br />
sed -i "" 's/CFLAG= -O/CFLAG= -Os/g' Makefile.org<br />
sed -i "" 's/MAKEDEPPROG=makedepend/MAKEDEPPROG=$(CC) -M/g' Makefile.org<br />
<br />
export LANG=$OLD_LANG</pre><br />
<br />
After modification, be sure to dclean and configure again so the new settings are picked up:<br />
<br />
<pre>make dclean<br />
<br />
./config<br />
make depend<br />
make all<br />
...</pre><br />
<br />
=== Fedora and Red Hat ===<br />
<br />
On Fedora and Red Hat systems, be sure to export <tt>CFLAGS="-fPIC"</tt> and explicitly specify <tt>shared</tt> to <tt>config</tt>. Failing to do so will result in static libraries only.That is, you will be missing the shared objects and engines. The commands would look similar to below.<br />
<br />
<pre>$ export CFLAGS="-fPIC"<br />
$ ./config shared no-ssl2 no-ssl3 --openssldir=/usr/local/ssl<br />
...<br />
$ make depend<br />
...<br />
$ make all<br />
...<br />
$ sudo -E make install</pre><br />
<br />
=== FIPS Capable Library ===<br />
<br />
If you want to use FIPS validated cryptography, you download, build and install the FIPS Object Module (<tt>openssl-fips-2.0.5.tar.gz</tt>) according to the [https://www.openssl.org/docs/fips/UserGuide-2.0.pdf FIPS User Guide 2.0] and [https://www.openssl.org/docs/fips/SecurityPolicy-2.0.pdf FIPS 140-2 Security Policy]. You then download, build and install the FIPS Capable Library (<tt>openssl-1.0.1e.tar.gz</tt>).<br />
<br />
When configuring the FIPS Capable Library, you must use <tt>fips</tt> as an option:<br />
<br />
<pre>./config fips <other options ...></pre><br />
<br />
If you are configuring the FIPS Capable Library with only prime curves (<tt>openssl-fips-ecp-2.0.5.tar.gz</tt>), then you must configure with <tt>no-ec2m</tt>:<br />
<br />
<pre>./config fips no-ec2m <other options ...></pre><br />
<br />
== Compilation ==<br />
<br />
Once you untar the source files (or fetched them from source control), its a good idea to look at README provided in it.<br />
<br />
cat README<br />
<br />
where you will understand that you have to read another file INSTALL :<br />
<br />
cat INSTALL <br />
<br />
Depending on your platform you will have to pick up the right INSTALL by example INSTALL.W64.<br />
Default is for Unix based systems.<br />
<br />
==== Quick ====<br />
<br />
<pre>./config <nowiki><options ...></nowiki><br />
make depend<br />
make<br />
make test<br />
make install</pre><br />
<br />
Various options can be found examining the <tt>Configure</tt> file (there is a well commented block at its top). OpenSSL ships with SSLv2, SSLv3 and Compression enabled by default (see <tt>my $disabled</tt>), so you might want to use <tt>no-ssl2</tt>, <tt>no-ssl3</tt>, and <tt>no-comp</tt>.<br />
<br />
== Platfom specific ==<br />
<br />
=== Linux ===<br />
<br />
==== Intel ====<br />
<br />
==== ARM ====<br />
<br />
=== Windows ===<br />
3noch wrote a VERY good guide [http://developer.covenanteyes.com/building-openssl-for-visual-studio/ here].<br />
Like he said in his article, make absolutely sure to create separate directories for 32 and 64 bit versions.<br />
<br />
==== W32 / Windows NT - Windows 9x ====<br />
<br />
type INSTALL.W32<br />
<br />
* you need Perl for Win32. Unless you will build on Cygwin, you will need ActiveState Perl, available from http://www.activestate.com/ActivePerl.<br />
* one of the following C compilers:<br />
** Visual C++<br />
** Borland C<br />
** GNU C (Cygwin or MinGW)<br />
* Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/ is required if you intend to utilize assembler modules. Note that NASM is now the only supported assembler.<br />
<br />
==== W64 ====<br />
<br />
Read first the INSTALL.W64 documentation note containing some specific 64bits information.<br />
See also INSTALL.W32 that still provides additonnal build information common to both the 64 and 32 bit versions.<br />
<br />
You may be surprised: the 64bit artefacts are indeed output in the out32* sub-directories and bear names ending *32.dll. Fact is the 64 bit compile target is so far an incremental change over the legacy 32bit windows target. Numerous compile flags are still labelled "32" although those do apply to both 32 and 64bit targets.<br />
<br />
The important pre-requisites are to have PERL available (for essential file processing so as to prepare sources and scripts for the target OS) and of course a C compiler like Microsoft Visual Studio for C/C++.<br />
<br />
Using MS Visual Studio:<br />
# launch a Visual Studio tool x64 Cross Tools Command prompt<br />
# change to the directory where you have install openssl sources <code>cd c:\myPath\openssl</code><br />
# configure for the target OS with the command <code>perl Configure VC-WIN64A</code>. You may also be interested to set more configuration options as documented in the general INSTALL note (for UNIX targets). For instance: <code>perl Configure no-asm VC-WIN64A</code>.<br />
# prepare the target environment with the command: <code>ms\do_win64a</code><br />
# ensure you start afresh and notably without linkable products from a previous 32bit compile (as 32 and 64 bits compiling still share common directories) with the command: <quote>nmake -f ms\ntdll.mak clean</quote><br />
# build the code with: <code>nmake -f ms\ntdll.mak</code><br />
# the artefacts will be found in sub directories out32dll and out32dll.dbg. The libcrypto and ssl libraries are still named libeay32.lib and ssleay32.lib, and associated includes in inc32 ! You may check this is true 64bit code using the Visual Studio tool 'dumbin'. For instance <code>dumpbin /headers out32dll/libeay32.lib | more</code>, and look at the FILE HEADER section.<br />
# test the code using the various *test.exe programs in out32dll. <br />
# we recommend that you move/copy needed includes and libraries under the "32" directories under a new explicit directory tree for 64bit applications from where you will import and link your target applications, similar to that explained in INSTALL.W32.<br />
<br />
==== Windows CE ====<br />
<br />
=== Mac ===<br />
<br />
=== iOS ===<br />
<br />
=== Android ===<br />
<br />
Visit [[Android]] and [[FIPS Library and Android]].<br />
<br />
=== More ===<br />
<br />
==== VAX/VMS ====<br />
<br />
I you wonder what are files ending with .com like test/testca.com those are VAX/VMX scripts.<br />
This code is still maintained.<br />
<br />
==== OS/2 ====<br />
<br />
==== NetWare ====<br />
5.x 6.x<br />
<br />
==== HP-UX ====<br />
[[HP-UX Itanium FIPS and OpenSSL build]]<br />
<br />
[[Category:Shell level]]<br />
[[Category:Installation]]<br />
[[Category:Compilation]]</div>Bernardhhttps://wiki.openssl.org/index.php?title=Compilation_and_Installation&diff=1860Compilation and Installation2014-08-11T09:14:27Z<p>Bernardh: /* W64 */</p>
<hr />
<div>== Retrieve source code ==<br />
<br />
The OpenSSL source code can be downloaded from [http://www.openssl.org/source/ www.openssl.org/source/] or any suitable [http://www.openssl.org/source/mirror.html ftp mirror]. There are various versions including stable as well as unstable versions. <br />
<br />
The source code is manged via Git, the repository is<br />
<br />
: git://git.openssl.org/openssl.git<br />
<br />
The source is also available via a [https://github.com/openssl/openssl GitHub] mirror. This repository is updated every 15 minutes.<br />
<br />
* [[Use_of_Git|Accessing OpenSSL source code via Git]]<br />
<br />
== Configuration ==<br />
<br />
OpenSSL is configured for a particular platform with protocol and behavior options using <tt>Configure</tt> and <tt>config</tt>.<br />
<br />
=== Configure & Config ===<br />
<br />
You use <tt>Configure</tt> and <tt>config</tt> to tune the compile and installation process through options and switches. The difference between is <tt>Configure</tt> properly handles the host-arch-compiler triplet, and <tt>config</tt> does not. <tt>config</tt> attempts to guess the triplet, so its a lot like autotool's <tt>config.guess</tt>.<br />
<br />
You can usually use <tt>config</tt> and it will do the right thing (from Ubuntu 13.04, x64):<br />
<br />
<pre>$ ./config <br />
Operating system: x86_64-whatever-linux2<br />
Configuring for linux-x86_64<br />
Configuring for linux-x86_64<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
Mac OSX is a problem (its often a neglected platform), and you will have to use <tt>Configure</tt>:<br />
<br />
<pre> ./Configure darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default]<br />
...</pre><br />
<br />
Running the same command with <tt>config</tt> results in:<br />
<br />
<pre>$ ./config darwin64-x86_64-cc<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
WARNING! If you wish to build 64-bit library, then you have to<br />
invoke './Configure darwin64-x86_64-cc' *manually*.<br />
You have about 5 seconds to press Ctrl-C to abort.<br />
Configuring for darwin-i386-cc<br />
target already defined - darwin-i386-cc (offending arg: darwin64-x86_64-cc)</pre><br />
<br />
You can also configure on Darwin by exporting <tt>KERNEL_BITS</tt>:<br />
<br />
<pre>$ export KERNEL_BITS=64<br />
$ ./config shared no-ssl2 enable-ec_nistp_64_gcc_128 --openssldir=/usr/local/ssl/macosx-x64/<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
Configuring for darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-psk [option] OPENSSL_NO_PSK (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-srp [option] OPENSSL_NO_SRP (skip dir)<br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
If you provide a option not known to configure or ask for help, then you get a brief help message:<br />
<br />
<pre>$ ./Configure --help<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]</pre><br />
<br />
And if you supply an unknown triplet: <br />
<br />
<pre>$ ./Configure darwin64-x86_64-clang<br />
Configuring for darwin64-x86_64-clang<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]<br />
<br />
pick os/compiler from:<br />
BC-32 BS2000-OSD BSD-generic32 BSD-generic64 BSD-ia64 BSD-sparc64 BSD-sparcv8 <br />
BSD-x86 BSD-x86-elf BSD-x86_64 Cygwin Cygwin-pre1.3 DJGPP MPE/iX-gcc OS2-EMX <br />
OS390-Unix QNX6 QNX6-i386 ReliantUNIX SINIX SINIX-N UWIN VC-CE VC-WIN32 <br />
VC-WIN64A VC-WIN64I aix-cc aix-gcc aix3-cc aix64-cc aix64-gcc android <br />
android-armv7 android-x86 aux3-gcc beos-x86-bone beos-x86-r5 bsdi-elf-gcc cc <br />
cray-j90 cray-t3e darwin-i386-cc darwin-ppc-cc darwin64-ppc-cc <br />
darwin64-x86_64-cc dgux-R3-gcc dgux-R4-gcc dgux-R4-x86-gcc dist gcc hpux-cc <br />
hpux-gcc hpux-ia64-cc hpux-ia64-gcc hpux-parisc-cc hpux-parisc-cc-o4 <br />
hpux-parisc-gcc hpux-parisc1_1-cc hpux-parisc1_1-gcc hpux-parisc2-cc <br />
hpux-parisc2-gcc hpux64-ia64-cc hpux64-ia64-gcc hpux64-parisc2-cc <br />
hpux64-parisc2-gcc hurd-x86 iphoneos-cross irix-cc irix-gcc irix-mips3-cc <br />
irix-mips3-gcc irix64-mips4-cc irix64-mips4-gcc linux-alpha+bwx-ccc <br />
linux-alpha+bwx-gcc linux-alpha-ccc linux-alpha-gcc linux-aout linux-armv4 <br />
linux-elf linux-generic32 linux-generic64 linux-ia32-icc linux-ia64 <br />
linux-ia64-ecc linux-ia64-icc linux-ppc linux-ppc64 linux-sparcv8 <br />
linux-sparcv9 linux-x86_64 linux32-s390x linux64-s390x linux64-sparcv9 mingw <br />
mingw64 ncr-scde netware-clib netware-clib-bsdsock netware-clib-bsdsock-gcc <br />
...<br />
<br />
NOTE: If in doubt, on Unix-ish systems use './config'.</pre><br />
<br />
Finally, to delete a configuration and start anew, run <tt>make dclean</tt>.<br />
<br />
=== Configure Options ===<br />
<br />
OpenSSL has been around a long time, and it carries around a lot of cruft. For example, from above, SSLv2 is enabled by default. SSLv2 is completely broken, and you should disable it during configuration. You can disable protocols and provide other options through <tt>Configure</tt> and <tt>config</tt>, and the following lists some of them.<br />
<br />
'''Note''': if you specify a non-existent option, then the configure scripts will proceed without warning. For example, if you inadvertently specify '''no-sslv2''' rather than '''no-ssl2''', the script will configure ''with'' SSLv2 and ''without'' warning for the unknown no-sslv2.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Library Options<br />
|-<br />
! scope="col" width="150px" | Option<br />
! scope="col" class="unsortable" | Description<br />
|-<br />
| --openssldir=XXX || The installation directory. If not specified, the library will be installed at <tt>/usr/local/ssl</tt>. Header will be located at <tt>/usr/local/ssl/include/openssl</tt>, and libraries located at <tt>/usr/local/ssl/lib</tt>.<br />
|-<br />
| shared || Build a shared object in addition to the static archive<br />
|-<br />
| enable-ec_nistp_64_gcc_128 || Use on x64 platforms when GCC supports <tt>__uint128_t</tt>. ECDH is about 2 to 4 times faster. Not enabled by default because <tt>Configure</tt> can't determine it.<br />
|-<br />
| no-ssl2 || Disables SSLv2<br />
|-<br />
| no-ssl3 || Disables SSLv3<br />
|-<br />
| no-comp || Disables compression independent of <tt>zlib</tt><br />
|-<br />
| no-idea || Disables IDEA algorithm. Unlike RC5 and MDC2, IDEA is enabled by default<br />
|-<br />
| no-asm || Disables assembly language routines (and uses C routines)<br />
|-<br />
| no-dtls || Disables DTLS (useful on mobile devices since carriers often block UDP)<br />
|-<br />
| no-shared || Disables shared objects (only a static library is created)<br />
|-<br />
| no-hw || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-engines || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-threads || Disables threading support<br />
|-<br />
| no-dso || Disables the OpenSSL DSO API (the library offers a shared object abstraction layer)<br />
|-<br />
| no-err || Removes all error function names and error reason text to reduce footprint<br />
|-<br />
| no-npn || Disables Next Protocol Negotiation (NPN)<br />
|-<br />
| no-psk || Disables Preshared Key (PSK). PSK provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-srp || Disables Secure Remote Password (SRP). SRP provides mutual authentication independent of trusted authorities, but its rarely offered or used<br />
|-<br />
| no-ec2m || Used when configuring FIPS Capable Library with a FIPS Object Module that only includes prime curves. That is, use this switch if you use <tt>openssl-fips-ecp-2.0.5</tt>.<br />
|-<br />
| -DXXX || Defines XXX. For example, <tt>-DOPENSSL_NO_HEARTBEATS</tt>.<br />
|}<br />
<br />
After disabling an option, your configure output will look similar to below (notice the lack of SSLv2 and SSLv3 support).<br />
<br />
<pre>$ ./Configure darwin64-x86_64-cc no-ssl2 no-ssl3<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
no-md2 [default] OPENSSL_NO_MD2 (skip dir)<br />
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)<br />
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)<br />
no-sctp [default] OPENSSL_NO_SCTP (skip dir)<br />
no-shared [default] <br />
no-ssl2 [option] OPENSSL_NO_SSL2 (skip dir)<br />
no-ssl3 [option] OPENSSL_NO_SSL3 (skip dir)<br />
no-store [experimental] OPENSSL_NO_STORE (skip dir)<br />
no-zlib [default] <br />
no-zlib-dynamic [default] <br />
...</pre><br />
<br />
=== Compile Time Checking ===<br />
<br />
If you disable an option during configure, you can check if it's available through <tt>OPENSSL_NO_*</tt> defines. OpenSSL writes the configure options to <tt><openssl/opensslconf.h></tt>. For example, if you want to know if SSLv3 is available, then you would perform the following in your code:<br />
<br />
<pre>#include <openssl/opensslconf.h><br />
...<br />
<br />
#if !defined(OPENSSL_NO_SSL3)<br />
/* SSLv3 is available */<br />
#endif</pre><br />
<br />
=== Modifying Build Settings ===<br />
<br />
Sometimes you need to work around OpenSSL's selections for building the library. For example, you might want to use <tt>-Os</tt> for a mobile device (rather than <tt>-O3</tt>), or you might want to use the <tt>clang</tt> compiler (rather than <tt>gcc</tt>).<br />
<br />
In case like these, its often easier to modify <tt>Configure</tt> and <tt>Makefile.org</tt> rather than trying to add targets to the configure scripts. Below is a patch that modifies <tt>Configure</tt> and <tt>Makefile.org</tt> for use under the iOS 7.0 SDK (which lacks <tt>gcc</tt> in <tt>/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/</tt>):<br />
<br />
* Modifies <tt>Configure</tt> to use <tt>clang</tt><br />
* Modifies <tt>Makefile.org</tt> to use <tt>clang</tt><br />
* Modifies <tt>CFLAG</tt> to use <tt>-Os</tt><br />
* Modifies <tt>MAKEDEPPROG</tt> to use <tt>$(CC) -M</tt><br />
<br />
Setting and resetting of <tt>LANG</tt> is required on Mac OSX to work around a <tt>sed</tt> bug or limitation.<br />
<br />
<pre>OLD_LANG=$LANG<br />
unset LANG<br />
<br />
sed -i "" 's|\"iphoneos-cross\"\,\"llvm-gcc\:-O3|\"iphoneos-cross\"\,\"clang\:-Os|g' Configure<br />
sed -i "" 's/CC= cc/CC= clang/g' Makefile.org<br />
sed -i "" 's/CFLAG= -O/CFLAG= -Os/g' Makefile.org<br />
sed -i "" 's/MAKEDEPPROG=makedepend/MAKEDEPPROG=$(CC) -M/g' Makefile.org<br />
<br />
export LANG=$OLD_LANG</pre><br />
<br />
After modification, be sure to dclean and configure again so the new settings are picked up:<br />
<br />
<pre>make dclean<br />
<br />
./config<br />
make depend<br />
make all<br />
...</pre><br />
<br />
=== Fedora and Red Hat ===<br />
<br />
On Fedora and Red Hat systems, be sure to export <tt>CFLAGS="-fPIC"</tt> and explicitly specify <tt>shared</tt> to <tt>config</tt>. Failing to do so will result in static libraries only.That is, you will be missing the shared objects and engines. The commands would look similar to below.<br />
<br />
<pre>$ export CFLAGS="-fPIC"<br />
$ ./config shared no-ssl2 no-ssl3 --openssldir=/usr/local/ssl<br />
...<br />
$ make depend<br />
...<br />
$ make all<br />
...<br />
$ sudo -E make install</pre><br />
<br />
=== FIPS Capable Library ===<br />
<br />
If you want to use FIPS validated cryptography, you download, build and install the FIPS Object Module (<tt>openssl-fips-2.0.5.tar.gz</tt>) according to the [https://www.openssl.org/docs/fips/UserGuide-2.0.pdf FIPS User Guide 2.0] and [https://www.openssl.org/docs/fips/SecurityPolicy-2.0.pdf FIPS 140-2 Security Policy]. You then download, build and install the FIPS Capable Library (<tt>openssl-1.0.1e.tar.gz</tt>).<br />
<br />
When configuring the FIPS Capable Library, you must use <tt>fips</tt> as an option:<br />
<br />
<pre>./config fips <other options ...></pre><br />
<br />
If you are configuring the FIPS Capable Library with only prime curves (<tt>openssl-fips-ecp-2.0.5.tar.gz</tt>), then you must configure with <tt>no-ec2m</tt>:<br />
<br />
<pre>./config fips no-ec2m <other options ...></pre><br />
<br />
== Compilation ==<br />
<br />
Once you untar the source files (or fetched them from source control), its a good idea to look at README provided in it.<br />
<br />
cat README<br />
<br />
where you will understand that you have to read another file INSTALL :<br />
<br />
cat INSTALL <br />
<br />
Depending on your platform you will have to pick up the right INSTALL by example INSTALL.W64.<br />
Default is for Unix based systems.<br />
<br />
==== Quick ====<br />
<br />
<pre>./config <nowiki><options ...></nowiki><br />
make depend<br />
make<br />
make test<br />
make install</pre><br />
<br />
Various options can be found examining the <tt>Configure</tt> file (there is a well commented block at its top). OpenSSL ships with SSLv2, SSLv3 and Compression enabled by default (see <tt>my $disabled</tt>), so you might want to use <tt>no-ssl2</tt>, <tt>no-ssl3</tt>, and <tt>no-comp</tt>.<br />
<br />
== Platfom specific ==<br />
<br />
=== Linux ===<br />
<br />
==== Intel ====<br />
<br />
==== ARM ====<br />
<br />
=== Windows ===<br />
3noch wrote a VERY good guide [http://developer.covenanteyes.com/building-openssl-for-visual-studio/ here].<br />
Like he said in his article, make absolutely sure to create separate directories for 32 and 64 bit versions.<br />
<br />
==== W32 / Windows NT - Windows 9x ====<br />
<br />
type INSTALL.W32<br />
<br />
* you need Perl for Win32. Unless you will build on Cygwin, you will need ActiveState Perl, available from http://www.activestate.com/ActivePerl.<br />
* one of the following C compilers:<br />
** Visual C++<br />
** Borland C<br />
** GNU C (Cygwin or MinGW)<br />
* Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/ is required if you intend to utilize assembler modules. Note that NASM is now the only supported assembler.<br />
<br />
==== W64 ====<br />
<br />
Read first the INSTALL.W64 documentation note containing some specific 64bits information.<br />
See also INSTALL.W32 that still provides additonnal build information common to both the 64 and 32 bit versions.<br />
<br />
You may be surprised: the 64bit artefacts are indeed output in the out32* sub-directories and bear names ending *32.dll. Fact is the 64 bit compile target is so far an incremental change over the legacy 32bit windows target. Numerous compile flags are still labelled "32" although those do apply to both 32 and 64bit targets.<br />
<br />
The important pre-requisites are to have PERL available (for essential file processing so as to prepare sources and scripts for the target OS) and of course a C compiler like Microsoft Visual Studio for C/C++.<br />
<br />
Using MS Visual Studio:<br />
# launch a Visual Studio tool x64 Cross Tools Command prompt<br />
# configure for the target OS with the command <code>perl Configure VC-WIN64A</code>. You may also be interested to set more configuration options as documented in the general INSTALL note (for UNIX targets). For instance: <code>perl Configure no-asm VC-WIN64A</code>.<br />
# prepare the target environment with the command: <code>ms\do_win64a</code><br />
# ensure you start afresh and notably without linkable products from a previous 32bit compile (as 32 and 64 bits compiling still share common directories) with the command: <quote>nmake -f ms\ntdll.mak clean</quote><br />
# build the code with: <code>nmake -f ms\ntdll.mak</code><br />
# the artefacts will be found in sub directories out32dll and out32dll.dbg. The libcrypto and ssl libraries are still named libeay32.lib and ssleay32.lib, and associated includes in inc32 ! You may check this is true 64bit code using the Visual Studio tool 'dumbin'. For instance <code>dumpbin /headers out32dll/libeay32.lib | more</code>, and look at the FILE HEADER section.<br />
# test the code using the various *test.exe programs in out32dll. <br />
# we recommend that you move/copy needed includes and libraries under the "32" directories under a new explicit directory tree for 64bit applications from where you will import and link your target applications, similar to that explained in INSTALL.W32.<br />
<br />
==== Windows CE ====<br />
<br />
=== Mac ===<br />
<br />
=== iOS ===<br />
<br />
=== Android ===<br />
<br />
Visit [[Android]] and [[FIPS Library and Android]].<br />
<br />
=== More ===<br />
<br />
==== VAX/VMS ====<br />
<br />
I you wonder what are files ending with .com like test/testca.com those are VAX/VMX scripts.<br />
This code is still maintained.<br />
<br />
==== OS/2 ====<br />
<br />
==== NetWare ====<br />
5.x 6.x<br />
<br />
==== HP-UX ====<br />
[[HP-UX Itanium FIPS and OpenSSL build]]<br />
<br />
[[Category:Shell level]]<br />
[[Category:Installation]]<br />
[[Category:Compilation]]</div>Bernardh