]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | |
d2eec3a6 | 2 | OpenSSL 0.9.3 24 May 1999 |
651d0aff | 3 | |
1c308226 | 4 | Copyright (c) 1998-1999 The OpenSSL Project |
058bf559 | 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
651d0aff RE |
6 | All rights reserved. |
7 | ||
dfca822f RE |
8 | DESCRIPTION |
9 | ----------- | |
10 | ||
f1c236f8 | 11 | The OpenSSL Project is a collaborative effort to develop a robust, |
651d0aff | 12 | commercial-grade, fully featured, and Open Source toolkit implementing the |
1c308226 | 13 | Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) |
651d0aff RE |
14 | protocols with full-strength cryptography world-wide. The project is managed |
15 | by a worldwide community of volunteers that use the Internet to communicate, | |
62de8497 | 16 | plan, and develop the OpenSSL toolkit and its related documentation. |
651d0aff | 17 | |
f1c236f8 | 18 | OpenSSL is based on the excellent SSLeay library developed from Eric A. Young |
1c308226 RE |
19 | and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the |
20 | OpenSSL license plus the SSLeay license) situation, which basically means | |
21 | that you are free to get and use it for commercial and non-commercial | |
62de8497 | 22 | purposes as long as you fulfill the conditions of both licenses. |
651d0aff | 23 | |
dfca822f RE |
24 | OVERVIEW |
25 | -------- | |
26 | ||
1c308226 | 27 | The OpenSSL toolkit includes: |
651d0aff RE |
28 | |
29 | libssl.a: | |
30 | Implementation of SSLv2, SSLv3, TLSv1 and the required code to support | |
1c308226 | 31 | both SSLv2, SSLv3 and TLSv1 in the one server and client. |
651d0aff RE |
32 | |
33 | libcrypto.a: | |
1c308226 RE |
34 | General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not |
35 | actually logically part of it. It includes routines for the following: | |
651d0aff RE |
36 | |
37 | Ciphers | |
38 | libdes - EAY's libdes DES encryption package which has been floating | |
39 | around the net for a few years. It includes 15 | |
40 | 'modes/variations' of DES (1, 2 and 3 key versions of ecb, | |
41 | cbc, cfb and ofb; pcbc and a more general form of cfb and | |
42 | ofb) including desx in cbc mode, a fast crypt(3), and | |
43 | routines to read passwords from the keyboard. | |
44 | RC4 encryption, | |
45 | RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
46 | Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
47 | IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
48 | ||
49 | Digests | |
50 | MD5 and MD2 message digest algorithms, fast implementations, | |
51 | SHA (SHA-0) and SHA-1 message digest algorithms, | |
62de8497 | 52 | MDC2 message digest. A DES based hash that is popular on smart cards. |
651d0aff RE |
53 | |
54 | Public Key | |
55 | RSA encryption/decryption/generation. | |
56 | There is no limit on the number of bits. | |
57 | DSA encryption/decryption/generation. | |
58 | There is no limit on the number of bits. | |
59 | Diffie-Hellman key-exchange/key generation. | |
60 | There is no limit on the number of bits. | |
61 | ||
62 | X.509v3 certificates | |
63 | X509 encoding/decoding into/from binary ASN1 and a PEM | |
64 | based ascii-binary encoding which supports encryption with a | |
65 | private key. Program to generate RSA and DSA certificate | |
66 | requests and to generate RSA and DSA certificates. | |
67 | ||
68 | Systems | |
69 | The normal digital envelope routines and base64 encoding. Higher | |
70 | level access to ciphers and digests by name. New ciphers can be | |
71 | loaded at run time. The BIO io system which is a simple non-blocking | |
72 | IO abstraction. Current methods supported are file descriptors, | |
73 | sockets, socket accept, socket connect, memory buffer, buffering, SSL | |
74 | client/server, file pointer, encryption, digest, non-blocking testing | |
75 | and null. | |
76 | ||
77 | Data structures | |
78 | A dynamically growing hashing system | |
79 | A simple stack. | |
80 | A Configuration loader that uses a format similar to MS .ini files. | |
81 | ||
1c308226 RE |
82 | openssl: |
83 | A command line tool which provides the following functions: | |
651d0aff RE |
84 | |
85 | enc - a general encryption program that can encrypt/decrypt using | |
86 | one of 17 different cipher/mode combinations. The | |
87 | input/output can also be converted to/from base64 | |
88 | ascii encoding. | |
89 | dgst - a generate message digesting program that will generate | |
90 | message digests for any of md2, md5, sha (sha-0 or sha-1) | |
91 | or mdc2. | |
92 | asn1parse - parse and display the structure of an asn1 encoded | |
93 | binary file. | |
94 | rsa - Manipulate RSA private keys. | |
95 | dsa - Manipulate DSA private keys. | |
96 | dh - Manipulate Diffie-Hellman parameter files. | |
97 | dsaparam- Manipulate and generate DSA parameter files. | |
98 | crl - Manipulate certificate revocation lists. | |
99 | crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate. | |
100 | x509 - Manipulate x509 certificates, self-sign certificates. | |
101 | req - Manipulate PKCS#10 certificate requests and also | |
102 | generate certificate requests. | |
103 | genrsa - Generates an arbitrary sized RSA private key. | |
058bf559 | 104 | gendsa - Generates DSA parameters. |
651d0aff RE |
105 | gendh - Generates a set of Diffie-Hellman parameters, the prime |
106 | will be a strong prime. | |
107 | ca - Create certificates from PKCS#10 certificate requests. | |
108 | This program also maintains a database of certificates | |
109 | issued. | |
110 | verify - Check x509 certificate signatures. | |
058bf559 | 111 | speed - Benchmark OpenSSL's ciphers. |
651d0aff RE |
112 | s_server- A test SSL server. |
113 | s_client- A test SSL client. | |
114 | s_time - Benchmark SSL performance of SSL server programs. | |
058bf559 RE |
115 | errstr - Convert from OpenSSL hex error codes to a readable form. |
116 | nseq - Netscape certificate sequence utility | |
651d0aff | 117 | |
dfca822f RE |
118 | PATENTS |
119 | ------- | |
120 | ||
121 | Various companies hold various patents for various algorithms in various | |
eee591a4 | 122 | locations around the world. _YOU_ are responsible for ensuring that your use |
62de8497 | 123 | of any algorithms is legal by checking if there are any patents in your |
eee591a4 RE |
124 | country. The file contains some of the patents that we know about or are |
125 | rumoured to exist. This is not a definitive list. | |
dfca822f RE |
126 | |
127 | RSA Data Security holds software patents on the RSA and RC5 algorithms. If | |
128 | their ciphers are used used inside the USA (and Japan?), you must contact RSA | |
62de8497 | 129 | Data Security for licensing conditions. Their web page is |
dfca822f RE |
130 | http://www.rsa.com/. |
131 | ||
132 | RC4 is a trademark of RSA Data Security, so use of this label should perhaps | |
133 | only be used with RSA Data Security's permission. | |
134 | ||
135 | The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, | |
136 | Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should | |
137 | be contacted if that algorithm is to be used, their web page is | |
138 | http://www.ascom.ch/. | |
139 | ||
140 | INSTALLATION | |
141 | ------------ | |
142 | ||
1c308226 | 143 | To install this package under a Unix derivative, read the INSTALL file. For |
7d7d2cbc UM |
144 | a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read |
145 | INSTALL.VMS. | |
651d0aff | 146 | |
1c308226 | 147 | For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s |
b1fe6b43 | 148 | public key library, RSAREF, by configuring OpenSSL with the option "rsaref". |
651d0aff | 149 | |
1c308226 RE |
150 | Read the documentation in the doc/ directory. It is quite rough, but it |
151 | lists the functions, you will probably have to look at the code to work out | |
152 | how to used them. Look at the example programs. | |
d02b48c6 | 153 | |
dfca822f RE |
154 | SUPPORT |
155 | ------- | |
156 | ||
157 | If you have any problems with OpenSSL then please take the following steps | |
158 | first: | |
159 | ||
160 | - Remove ASM versions of libraries | |
161 | - Remove compiler optimisation flags | |
162 | - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer | |
163 | before you try to debug things) | |
164 | ||
165 | If you wish to report a bug then please include the following information in | |
166 | any bug report: | |
167 | ||
168 | OpenSSL Details | |
169 | - Version, most of these details can be got from the | |
170 | 'openssl version -a' command. | |
171 | Operating System Details | |
5612f93f | 172 | - On Unix systems: Output of './config -t' |
b282fdae | 173 | - OS Name, Version |
dfca822f RE |
174 | - Hardware platform |
175 | Compiler Details | |
176 | - Name | |
177 | - Version | |
178 | Application Details | |
179 | - Name | |
180 | - Version | |
181 | Problem Description | |
182 | - include steps that will reproduce the problem (if known) | |
183 | Stack Traceback (if the application dumps core) | |
184 | ||
185 | Report the bug to the OpenSSL project at: | |
186 | ||
b282fdae | 187 | openssl-bugs@openssl.org |
dfca822f | 188 | |
b282fdae UM |
189 | HOW TO CONTRIBUTE TO OpenSSL |
190 | ---------------------------- | |
191 | ||
192 | Development is coordinated on the openssl-dev mailing list (see | |
193 | http://www.openssl.org for information on subscribing). If you | |
194 | would like to submit a patch, send it to openssl-dev@openssl.org. | |
195 | Please be sure to include a textual explanation of what your patch | |
196 | does. | |
197 | ||
198 | The preferred format for changes is "diff -u" output. You might | |
199 | generate it like this: | |
200 | ||
201 | # cd openssl-work | |
202 | # [your changes] | |
203 | # ./Configure dist; make clean | |
204 | # cd .. | |
205 | # diff -urN openssl-orig openssl-work > mydiffs.patch |