]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | |
28e4fe34 | 2 | OpenSSL 0.9.9-dev XX xxx XXXX |
651d0aff | 3 | |
aa16a286 | 4 | Copyright (c) 1998-2005 The OpenSSL Project |
058bf559 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
651d0aff RE |
6 | All rights reserved. |
7 | ||
dfca822f RE |
8 | DESCRIPTION |
9 | ----------- | |
10 | ||
f1c236f8 | 11 | The OpenSSL Project is a collaborative effort to develop a robust, |
651d0aff | 12 | commercial-grade, fully featured, and Open Source toolkit implementing the |
1c308226 | 13 | Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) |
24282b87 UM |
14 | protocols as well as a full-strength general purpose cryptography library. |
15 | The project is managed by a worldwide community of volunteers that use the | |
16 | Internet to communicate, plan, and develop the OpenSSL toolkit and its | |
99efc0f5 | 17 | related documentation. |
651d0aff | 18 | |
f1c236f8 | 19 | OpenSSL is based on the excellent SSLeay library developed from Eric A. Young |
1c308226 RE |
20 | and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the |
21 | OpenSSL license plus the SSLeay license) situation, which basically means | |
22 | that you are free to get and use it for commercial and non-commercial | |
99efc0f5 | 23 | purposes as long as you fulfill the conditions of both licenses. |
651d0aff | 24 | |
dfca822f RE |
25 | OVERVIEW |
26 | -------- | |
27 | ||
1c308226 | 28 | The OpenSSL toolkit includes: |
651d0aff RE |
29 | |
30 | libssl.a: | |
31 | Implementation of SSLv2, SSLv3, TLSv1 and the required code to support | |
1c308226 | 32 | both SSLv2, SSLv3 and TLSv1 in the one server and client. |
651d0aff RE |
33 | |
34 | libcrypto.a: | |
1c308226 RE |
35 | General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not |
36 | actually logically part of it. It includes routines for the following: | |
651d0aff RE |
37 | |
38 | Ciphers | |
39 | libdes - EAY's libdes DES encryption package which has been floating | |
40 | around the net for a few years. It includes 15 | |
41 | 'modes/variations' of DES (1, 2 and 3 key versions of ecb, | |
42 | cbc, cfb and ofb; pcbc and a more general form of cfb and | |
43 | ofb) including desx in cbc mode, a fast crypt(3), and | |
44 | routines to read passwords from the keyboard. | |
45 | RC4 encryption, | |
46 | RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
47 | Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
48 | IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
49 | ||
50 | Digests | |
51 | MD5 and MD2 message digest algorithms, fast implementations, | |
52 | SHA (SHA-0) and SHA-1 message digest algorithms, | |
62de8497 | 53 | MDC2 message digest. A DES based hash that is popular on smart cards. |
651d0aff RE |
54 | |
55 | Public Key | |
99efc0f5 | 56 | RSA encryption/decryption/generation. |
651d0aff | 57 | There is no limit on the number of bits. |
99efc0f5 | 58 | DSA encryption/decryption/generation. |
651d0aff | 59 | There is no limit on the number of bits. |
b22c7a1c | 60 | Diffie-Hellman key-exchange/key generation. |
651d0aff RE |
61 | There is no limit on the number of bits. |
62 | ||
63 | X.509v3 certificates | |
64 | X509 encoding/decoding into/from binary ASN1 and a PEM | |
3b80e3aa | 65 | based ASCII-binary encoding which supports encryption with a |
651d0aff RE |
66 | private key. Program to generate RSA and DSA certificate |
67 | requests and to generate RSA and DSA certificates. | |
68 | ||
69 | Systems | |
70 | The normal digital envelope routines and base64 encoding. Higher | |
71 | level access to ciphers and digests by name. New ciphers can be | |
72 | loaded at run time. The BIO io system which is a simple non-blocking | |
73 | IO abstraction. Current methods supported are file descriptors, | |
74 | sockets, socket accept, socket connect, memory buffer, buffering, SSL | |
75 | client/server, file pointer, encryption, digest, non-blocking testing | |
76 | and null. | |
77 | ||
78 | Data structures | |
79 | A dynamically growing hashing system | |
80 | A simple stack. | |
81 | A Configuration loader that uses a format similar to MS .ini files. | |
82 | ||
a2c96d88 | 83 | openssl: |
d7f0ab5f UM |
84 | A command line tool that can be used for: |
85 | Creation of RSA, DH and DSA key parameters | |
a2c96d88 | 86 | Creation of X.509 certificates, CSRs and CRLs |
d7f0ab5f UM |
87 | Calculation of Message Digests |
88 | Encryption and Decryption with Ciphers | |
89 | SSL/TLS Client and Server Tests | |
90 | Handling of S/MIME signed or encrypted mail | |
91 | ||
a2c96d88 | 92 | |
dfca822f RE |
93 | PATENTS |
94 | ------- | |
95 | ||
96 | Various companies hold various patents for various algorithms in various | |
eee591a4 | 97 | locations around the world. _YOU_ are responsible for ensuring that your use |
62de8497 | 98 | of any algorithms is legal by checking if there are any patents in your |
eee591a4 | 99 | country. The file contains some of the patents that we know about or are |
3b80e3aa | 100 | rumored to exist. This is not a definitive list. |
dfca822f | 101 | |
26b0d156 BM |
102 | RSA Security holds software patents on the RC5 algorithm. If you |
103 | intend to use this cipher, you must contact RSA Security for | |
104 | licensing conditions. Their web page is http://www.rsasecurity.com/. | |
dfca822f | 105 | |
26b0d156 | 106 | RC4 is a trademark of RSA Security, so use of this label should perhaps |
a2c96d88 | 107 | only be used with RSA Security's permission. |
dfca822f RE |
108 | |
109 | The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, | |
9020b862 RL |
110 | Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They |
111 | should be contacted if that algorithm is to be used; their web page is | |
dfca822f RE |
112 | http://www.ascom.ch/. |
113 | ||
af1048c2 BM |
114 | The MDC2 algorithm is patented by IBM. |
115 | ||
dfca822f RE |
116 | INSTALLATION |
117 | ------------ | |
118 | ||
1c308226 | 119 | To install this package under a Unix derivative, read the INSTALL file. For |
7d7d2cbc UM |
120 | a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read |
121 | INSTALL.VMS. | |
651d0aff | 122 | |
1c308226 | 123 | Read the documentation in the doc/ directory. It is quite rough, but it |
9020b862 RL |
124 | lists the functions; you will probably have to look at the code to work out |
125 | how to use them. Look at the example programs. | |
d02b48c6 | 126 | |
80e1495b RL |
127 | PROBLEMS |
128 | -------- | |
129 | ||
130 | For some platforms, there are some known problems that may affect the user | |
131 | or application author. We try to collect those in doc/PROBLEMS, with current | |
132 | thoughts on how they should be solved in a future of OpenSSL. | |
133 | ||
a2c96d88 | 134 | SUPPORT |
dfca822f RE |
135 | ------- |
136 | ||
137 | If you have any problems with OpenSSL then please take the following steps | |
138 | first: | |
139 | ||
d7f0ab5f UM |
140 | - Download the current snapshot from ftp://ftp.openssl.org/snapshot/ |
141 | to see if the problem has already been addressed | |
dfca822f | 142 | - Remove ASM versions of libraries |
a2c96d88 | 143 | - Remove compiler optimisation flags |
dfca822f RE |
144 | |
145 | If you wish to report a bug then please include the following information in | |
146 | any bug report: | |
147 | ||
d7f0ab5f UM |
148 | - On Unix systems: |
149 | Self-test report generated by 'make report' | |
150 | - On other systems: | |
151 | OpenSSL version: output of 'openssl version -a' | |
152 | OS Name, Version, Hardware platform | |
153 | Compiler Details (name, version) | |
154 | - Application Details (name, version) | |
155 | - Problem Description (steps that will reproduce the problem, if known) | |
156 | - Stack Traceback (if the application dumps core) | |
dfca822f | 157 | |
7650934f | 158 | Report the bug to the OpenSSL project via the Request Tracker |
a2c96d88 | 159 | (http://www.openssl.org/support/rt2.html) by mail to: |
dfca822f | 160 | |
b282fdae | 161 | openssl-bugs@openssl.org |
dfca822f | 162 | |
7650934f LJ |
163 | Note that mail to openssl-bugs@openssl.org is recorded in the publicly |
164 | readable request tracker database and is forwarded to a public | |
a5ec86d1 | 165 | mailing list. Confidential mail may be sent to openssl-security@openssl.org |
d7f0ab5f | 166 | (PGP key available from the key servers). |
a5ec86d1 | 167 | |
b282fdae UM |
168 | HOW TO CONTRIBUTE TO OpenSSL |
169 | ---------------------------- | |
170 | ||
171 | Development is coordinated on the openssl-dev mailing list (see | |
172 | http://www.openssl.org for information on subscribing). If you | |
a5ec86d1 UM |
173 | would like to submit a patch, send it to openssl-dev@openssl.org with |
174 | the string "[PATCH]" in the subject. Please be sure to include a | |
175 | textual explanation of what your patch does. | |
b282fdae | 176 | |
51012a09 | 177 | Note: For legal reasons, contributions from the US can be accepted only |
235dee14 BM |
178 | if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov |
179 | (formerly BXA) with a copy to the ENC Encryption Request Coordinator; | |
180 | please take some time to look at | |
181 | http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic] | |
182 | and | |
183 | http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)) | |
184 | for the details. If "your encryption source code is too large to serve as | |
ca74b76f | 185 | an email attachment", they are glad to receive it by fax instead; hope you |
235dee14 BM |
186 | have a cheap long-distance plan. |
187 | ||
188 | Our preferred format for changes is "diff -u" output. You might | |
b282fdae UM |
189 | generate it like this: |
190 | ||
191 | # cd openssl-work | |
192 | # [your changes] | |
193 | # ./Configure dist; make clean | |
194 | # cd .. | |
5b774c67 | 195 | # diff -ur openssl-orig openssl-work > mydiffs.patch |
d979d09c | 196 |