OpenSSL from console commands to fuctions

I’m hobbyst developer that uses iOS/macOS utilities, and I’m struggling with some openssl commands.
I execute an openssl command in macos termninal

openssl smime -sign -signer *certificate.cer* -inkey *miPrivateKey* -out *outFile* -in *inFile* -outform PEM -nodetach

I would like to know the C functions associated with console commands. In particular this one up.
How can I find a reference from terminal commands to the functions that are executed?
Is there a way to know which functions are being called.
I have successfully loaded all the libraries and call methods but I don’t know how to make this one up or which functions to call.
Thanks a lot for your help.

I’m hobbyst developer that uses iOS/macOS utilities …

Apple distributes an ancient version of OpenSSL. Its version 0.9.8. It End-of-Life, and its missing lots og goodies like TLS 1.2, Sever Name Indication, most Elliptic Curve gear, etc.

Usually, you use Homebrew or Macports to install a newer version. For that, see:

  • Update OpenSSL on OS X with Homebrew
  • How to install latest version of openssl OS X El Capitan
  • How to upgrade OpenSSL in OS X?
  • Openssl installation using HomeBrew fails

  • Homebrew refusing to link OpenSSL

  • etc

I execute an openssl command in macos termninal openssl smime…

smime is called a subcommand. OpenSSL has lots of them:

  • enc
  • dec
  • s_client
  • s_server
  • smime
  • etc

I would like to know the C functions associated with console commands. In particular this one up.

The source code for the subcommands are located in the <openssl src>/apps directory. For the smime command see smime.c.

It depends entirely on the parameters, but this is the gist of it for SMIME signing.. For example, I use this for Apple-Wallet signing (removed error checking to make it simpler):

#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
#include <openssl/pem.h>

int main()
    //Setup OpenSSL..

    //Load P12..
    BIO* bio = BIO_new_file("p12", "rb");
    PKCS12* p12 = d2i_PKCS12_bio(bio, nullptr);

    EVP_PKEY* pkey = nullptr;
    X509* certificate = nullptr;
    PKCS12_parse(p12, "password", &pkey, &certificate, nullptr);

    //Load certificate..
    bio = BIO_new_file("pem", "rb");
    X509* cert2 = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
    EVP_PKEY* pkey2 = PEM_read_bio_PrivateKey(bio, nullptr, nullptr, nullptr);

    //Load digest..
    const EVP_MD* md = EVP_get_digestbyname("sha1");

    //Load file to sign..
    bio = BIO_new_file("fileToSign", "rb");

    //Sign the binary..
    PKCS7* pkcs7 = PKCS7_sign(cert2, pkey2, nullptr, bio, PKCS7_BINARY | PKCS7_DETACHED | PKCS7_STREAM);
    PKCS7_sign_add_signer(pkcs7, certificate, pkey, md, PKCS7_BINARY | PKCS7_DETACHED | PKCS7_STREAM);
    PKCS7_add_certificate(pkcs7, cert2);
    PKCS7_final(pkcs7, bio, PKCS7_BINARY | PKCS7_DETACHED | PKCS7_STREAM);


    //Save the signature to a file..
    bio = BIO_new_file("Signature", "rb");
    i2d_PKCS7_bio(bio, pkcs7);

    //Cleanup OpenSSL
    return 0;

It will read your PrivateKey (p12 format), your signer certificate, the file to be signed, sign it, and output in DER format. You can modify it to output in PEM format and remove the PKCS7_DETACH flag for “-nodetach”.

This one signs using the sha1 digest (Apple required it).. You can change the digest if needed.