An OpenSSL Glossary

It can be difficult for someone not steeped in cryptographic lore to understand which parts of OpenSSL do what, and which are needed and which aren't. As I did a bunch of searches to figure this out, it made sense to collect this information somewhere where we might reference it in the future.

OpenSSL uses terse key acronyms to organize its code. Here is a list of such abbreviations, what they translate into, and a subjective assessment of how critical they are to contemporary HTTPS requirements. This is not yet canonical, but covers a lot of them.

  • aes : Advanced Encryption Standard / Rijndael. Very used.
  • asn1 : Abstract Syntax Notation One. Used to encode certs and stuff.
  • bf : Blowfish. An alternate symmetrical algorithm. Not Used.
  • bio : Buffer Input/Output. Partially used.
  • bn : “Big Number” library. Definitely used.
  • buffer : More buffer code, required.
  • cmac : Cipher-based Message Authentication Code. Signing method. Used.
  • cms : Cryptographic Message Syntax. Not used.
  • des : Data Encryption Standard. Used, but not sure if it should be.
  • dh : Diffie-Helman key exchange, pretty core to SSL.
  • dsa : Digital Signature Algorithm. Used.
  • dso : Dynamic Shared Objects. Not used by Cobalt/Starboard.
  • dtls : TLS over UDP. Not be used by Cobalt, or QUIC, apparently.
  • ec : Elliptic Curve cryptograph, an approach to public-key cryptography
  • ecdes : Elliptic Curve Data Encryption Standard. See “des”.
  • ecdh : Elliptic Curve Diffie-Helman. See “dh”.
  • evp : Envelope. Thoroughly used.
  • hmac : Hash-based Message Authentication Code. Signing method. Used.
  • kssl : Kernel SSL. Not used.
  • lhash : A Hash Table implementation. AKA “lh”. Used.
  • md4 : Message Digest 4. A hashing function. Not used.
  • md5 : Message Digest 5. Used, but we should deprecate.
  • mem : A memory allocation abstraction. Used.
  • ocsp : Online Certificate Status Protocol. Used to check for revocations.
  • pem : Privacy Enhanced Mail. Mainly important for its cert format.
  • pkcs : Public-Key Cryptography Standards. 7 and 12 seem commonly used.
  • rc : Rivest Cypher. Predecessors to AES. Not used.
  • rsa : Rivest-Shamir-Adleman. Famous asymmetric encryption. Used.
  • sha : Secure Hash Alogrithm. Used, but we should disable SHA-1 eventually.
  • x509 : A variety of cert standards. Super used.