OpenSSL

Note
Please see the talk page for the status of this book. You may wish to visit the OpenSSL Foundation Wiki instead. (aka the OpenSSL wiki).

OpenSSL
OpenSSL is an open-source library for Transport Layer Security and general-purpose Cryptography.

Overview
OpenSSL consists of two separate libraries: libcrypto and libssl. libcrypto is a general-purpose cryptography library which can be used alone. libssl is a TLS library which depends on libcrypto. OpenSSL also comes with an "openssl" command-line program, which can be used to exercise much of the functionality of the library from the command line.

libcrypto
libcrypto is the portion of OpenSSL for performing general-purpose cryptography, which can be used without libssl.

{|width="100%" cellspacing="0" cellpadding="15" valign="top" style="margin:0.8em 0;border:1px solid MediumAquamarine;background:honeydew"


 * valign="top" style="border-right: 1px dashed MediumAquamarine;border-bottom: 1px dashed MediumAquamarine"|

Introduction to libcrypto

 * Initialization
 * Random numbers
 * Error handling
 * Reference counting


 * valign="top" style="border-right: 1px dashed MediumAquamarine;border-bottom: 1px dashed MediumAquamarine"|

BIO

 * Using BIOs
 * Pre-defined BIOs
 * Writing your own BIOs


 * valign="top" style="border-right: 1px dashed MediumAquamarine;border-bottom: 1px dashed MediumAquamarine"|

EVP

 * Digests
 * Symmetric ciphers
 * Signatures
 * Public key


 * valign="top" style="border-bottom: 1px dashed MediumAquamarine"|

Keys and Certificates

 * PEM
 * ASN.1
 * X509
 * OCSP


 * valign="top" style="border-right: 1px dashed MediumAquamarine"|
 * valign="top" style="border-right: 1px dashed MediumAquamarine"|

Elliptic Curve Cryptography

 * Introduction
 * EC_GROUP_new
 * EC_GROUP_copy
 * EC_POINT_new
 * EC_POINT_add
 * EC_KEY_new
 * EC_GFp_simple_method
 * d2i_ECPKParameters


 * valign="top" style="border-right: 1px dashed MediumAquamarine"|

Engines

 * Engine architecture
 * Using engines
 * Supplied engines
 * Writing your own engines


 * valign="top" style="border-right: 1px dashed MediumAquamarine"|

More libcrypto

 * Diffie-Hellman
 * Bignum
 * Windows
 * Configuration


 * }

libssl
libssl is the portion of OpenSSL which supports TLS, and depends on libcrypto.

{|width="100%" cellspacing="0" cellpadding="15" valign="top" style="margin:0.8em 0; border: 1px solid SlateBlue; background:#F7F7FF"


 * valign="top" style="border-right: 1px dashed SlateBlue"|

Introduction to libssl

 * Contexts
 * Connections


 * valign="top" style="border-right:1px dashed SlateBlue"|

Configuration

 * Options
 * Cipher suites
 * Diffie-Hellman parameters


 * valign="top" style="border-right:1px dashed SlateBlue"|

Certificate Validation

 * Verify locations
 * Verify callbacks
 * Hostname validation


 * valign="top"|

More libssl

 * Session resumption
 * DTLS
 * Alternative key exchange


 * }

command line programs
The "openssl" command line program contains a variety of sub-programs.

TODO: document all of them!

Appendices

 * /FIPS/

About the book

 * /Notes for contributors/