| # An OpenSSL Glossary |
| |
| It can be difficult for someone not steeped in cryptographic lore to understand |
| which parts of OpenSSL do what, and which are needed and which aren't. As I did |
| a bunch of searches to figure this out, it made sense to collect this information |
| somewhere where we might reference it in the future. |
| |
| OpenSSL uses terse key acronyms to organize its code. Here is a list of such |
| abbreviations, what they translate into, and a subjective assessment of how |
| critical they are to contemporary HTTPS requirements. This is not yet canonical, |
| but covers a lot of them. |
| |
| * `aes` : Advanced Encryption Standard / Rijndael. Very used. |
| * `asn1` : Abstract Syntax Notation One. Used to encode certs and stuff. |
| * `bf` : Blowfish. An alternate symmetrical algorithm. Not Used. |
| * `bio` : Buffer Input/Output. Partially used. |
| * `bn` : "Big Number" library. Definitely used. |
| * `buffer` : More buffer code, required. |
| * `cmac` : Cipher-based Message Authentication Code. Signing method. Used. |
| * `cms` : Cryptographic Message Syntax. Not used. |
| * `des` : Data Encryption Standard. Used, but not sure if it should be. |
| * `dh` : Diffie-Helman key exchange, pretty core to SSL. |
| * `dsa` : Digital Signature Algorithm. Used. |
| * `dso` : Dynamic Shared Objects. Not used by Cobalt/Starboard. |
| * `dtls` : TLS over UDP. Not be used by Cobalt, or QUIC, apparently. |
| * `ec` : Elliptic Curve cryptograph, an approach to public-key cryptography |
| * `ecdes` : Elliptic Curve Data Encryption Standard. See "des". |
| * `ecdh` : Elliptic Curve Diffie-Helman. See "dh". |
| * `evp` : Envelope. Thoroughly used. |
| * `hmac` : Hash-based Message Authentication Code. Signing method. Used. |
| * `kssl` : Kernel SSL. Not used. |
| * `lhash` : A Hash Table implementation. AKA "lh". Used. |
| * `md4` : Message Digest 4. A hashing function. Not used. |
| * `md5` : Message Digest 5. Used, but we should deprecate. |
| * `mem` : A memory allocation abstraction. Used. |
| * `ocsp` : Online Certificate Status Protocol. Used to check for revocations. |
| * `pem` : Privacy Enhanced Mail. Mainly important for its cert format. |
| * `pkcs` : Public-Key Cryptography Standards. 7 and 12 seem commonly used. |
| * `rc` : Rivest Cypher. Predecessors to AES. Not used. |
| * `rsa` : Rivest-Shamir-Adleman. Famous asymmetric encryption. Used. |
| * `sha` : Secure Hash Alogrithm. Used, but we should disable SHA-1 eventually. |
| * `x509` : A variety of cert standards. Super used. |