]>
Commit | Line | Data |
---|---|---|
1 | ||
2 | OpenSSL 0.9.8zf-dev | |
3 | ||
4 | Copyright (c) 1998-2011 The OpenSSL Project | |
5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson | |
6 | All rights reserved. | |
7 | ||
8 | DESCRIPTION | |
9 | ----------- | |
10 | ||
11 | The OpenSSL Project is a collaborative effort to develop a robust, | |
12 | commercial-grade, fully featured, and Open Source toolkit implementing the | |
13 | Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) | |
14 | protocols as well as a full-strength general purpose cryptography library. | |
15 | The project is managed by a worldwide community of volunteers that use the | |
16 | Internet to communicate, plan, and develop the OpenSSL toolkit and its | |
17 | related documentation. | |
18 | ||
19 | OpenSSL is based on the excellent SSLeay library developed from Eric A. Young | |
20 | and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the | |
21 | OpenSSL license plus the SSLeay license) situation, which basically means | |
22 | that you are free to get and use it for commercial and non-commercial | |
23 | purposes as long as you fulfill the conditions of both licenses. | |
24 | ||
25 | OVERVIEW | |
26 | -------- | |
27 | ||
28 | The OpenSSL toolkit includes: | |
29 | ||
30 | libssl.a: | |
31 | Implementation of SSLv2, SSLv3, TLSv1 and the required code to support | |
32 | both SSLv2, SSLv3 and TLSv1 in the one server and client. | |
33 | ||
34 | libcrypto.a: | |
35 | General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not | |
36 | actually logically part of it. It includes routines for the following: | |
37 | ||
38 | Ciphers | |
39 | libdes - EAY's libdes DES encryption package which was floating | |
40 | around the net for a few years, and was then relicensed by | |
41 | him as part of SSLeay. It includes 15 'modes/variations' | |
42 | of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb; | |
43 | pcbc and a more general form of cfb and ofb) including desx | |
44 | in cbc mode, a fast crypt(3), and routines to read | |
45 | passwords from the keyboard. | |
46 | RC4 encryption, | |
47 | RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
48 | Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
49 | IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
50 | ||
51 | Digests | |
52 | MD5 and MD2 message digest algorithms, fast implementations, | |
53 | SHA (SHA-0) and SHA-1 message digest algorithms, | |
54 | MDC2 message digest. A DES based hash that is popular on smart cards. | |
55 | ||
56 | Public Key | |
57 | RSA encryption/decryption/generation. | |
58 | There is no limit on the number of bits. | |
59 | DSA encryption/decryption/generation. | |
60 | There is no limit on the number of bits. | |
61 | Diffie-Hellman key-exchange/key generation. | |
62 | There is no limit on the number of bits. | |
63 | ||
64 | X.509v3 certificates | |
65 | X509 encoding/decoding into/from binary ASN1 and a PEM | |
66 | based ASCII-binary encoding which supports encryption with a | |
67 | private key. Program to generate RSA and DSA certificate | |
68 | requests and to generate RSA and DSA certificates. | |
69 | ||
70 | Systems | |
71 | The normal digital envelope routines and base64 encoding. Higher | |
72 | level access to ciphers and digests by name. New ciphers can be | |
73 | loaded at run time. The BIO io system which is a simple non-blocking | |
74 | IO abstraction. Current methods supported are file descriptors, | |
75 | sockets, socket accept, socket connect, memory buffer, buffering, SSL | |
76 | client/server, file pointer, encryption, digest, non-blocking testing | |
77 | and null. | |
78 | ||
79 | Data structures | |
80 | A dynamically growing hashing system | |
81 | A simple stack. | |
82 | A Configuration loader that uses a format similar to MS .ini files. | |
83 | ||
84 | openssl: | |
85 | A command line tool that can be used for: | |
86 | Creation of RSA, DH and DSA key parameters | |
87 | Creation of X.509 certificates, CSRs and CRLs | |
88 | Calculation of Message Digests | |
89 | Encryption and Decryption with Ciphers | |
90 | SSL/TLS Client and Server Tests | |
91 | Handling of S/MIME signed or encrypted mail | |
92 | ||
93 | ||
94 | PATENTS | |
95 | ------- | |
96 | ||
97 | Various companies hold various patents for various algorithms in various | |
98 | locations around the world. _YOU_ are responsible for ensuring that your use | |
99 | of any algorithms is legal by checking if there are any patents in your | |
100 | country. The file contains some of the patents that we know about or are | |
101 | rumored to exist. This is not a definitive list. | |
102 | ||
103 | RSA Security holds software patents on the RC5 algorithm. If you | |
104 | intend to use this cipher, you must contact RSA Security for | |
105 | licensing conditions. Their web page is http://www.rsasecurity.com/. | |
106 | ||
107 | RC4 is a trademark of RSA Security, so use of this label should perhaps | |
108 | only be used with RSA Security's permission. | |
109 | ||
110 | The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, | |
111 | Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They | |
112 | should be contacted if that algorithm is to be used; their web page is | |
113 | http://www.ascom.ch/. | |
114 | ||
115 | NTT and Mitsubishi have patents and pending patents on the Camellia | |
116 | algorithm, but allow use at no charge without requiring an explicit | |
117 | licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html | |
118 | ||
119 | INSTALLATION | |
120 | ------------ | |
121 | ||
122 | To install this package under a Unix derivative, read the INSTALL file. For | |
123 | a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read | |
124 | INSTALL.VMS. | |
125 | ||
126 | Read the documentation in the doc/ directory. It is quite rough, but it | |
127 | lists the functions; you will probably have to look at the code to work out | |
128 | how to use them. Look at the example programs. | |
129 | ||
130 | PROBLEMS | |
131 | -------- | |
132 | ||
133 | For some platforms, there are some known problems that may affect the user | |
134 | or application author. We try to collect those in doc/PROBLEMS, with current | |
135 | thoughts on how they should be solved in a future of OpenSSL. | |
136 | ||
137 | SUPPORT | |
138 | ------- | |
139 | ||
140 | See the OpenSSL website www.openssl.org for details of how to obtain | |
141 | commercial technical support. | |
142 | ||
143 | If you have any problems with OpenSSL then please take the following steps | |
144 | first: | |
145 | ||
146 | - Download the current snapshot from ftp://ftp.openssl.org/snapshot/ | |
147 | to see if the problem has already been addressed | |
148 | - Remove ASM versions of libraries | |
149 | - Remove compiler optimisation flags | |
150 | ||
151 | If you wish to report a bug then please include the following information in | |
152 | any bug report: | |
153 | ||
154 | - On Unix systems: | |
155 | Self-test report generated by 'make report' | |
156 | - On other systems: | |
157 | OpenSSL version: output of 'openssl version -a' | |
158 | OS Name, Version, Hardware platform | |
159 | Compiler Details (name, version) | |
160 | - Application Details (name, version) | |
161 | - Problem Description (steps that will reproduce the problem, if known) | |
162 | - Stack Traceback (if the application dumps core) | |
163 | ||
164 | Report the bug to the OpenSSL project via the Request Tracker | |
165 | (http://www.openssl.org/support/rt.html) by mail to: | |
166 | ||
167 | openssl-bugs@openssl.org | |
168 | ||
169 | Note that the request tracker should NOT be used for general assistance | |
170 | or support queries. Just because something doesn't work the way you expect | |
171 | does not mean it is necessarily a bug in OpenSSL. | |
172 | ||
173 | Note that mail to openssl-bugs@openssl.org is recorded in the publicly | |
174 | readable request tracker database and is forwarded to a public | |
175 | mailing list. Confidential mail may be sent to openssl-security@openssl.org | |
176 | (PGP key available from the key servers). | |
177 | ||
178 | HOW TO CONTRIBUTE TO OpenSSL | |
179 | ---------------------------- | |
180 | ||
181 | Development is coordinated on the openssl-dev mailing list (see | |
182 | http://www.openssl.org for information on subscribing). If you | |
183 | would like to submit a patch, send it to openssl-bugs@openssl.org with | |
184 | the string "[PATCH]" in the subject. Please be sure to include a | |
185 | textual explanation of what your patch does. | |
186 | ||
187 | If you are unsure as to whether a feature will be useful for the general | |
188 | OpenSSL community please discuss it on the openssl-dev mailing list first. | |
189 | Someone may be already working on the same thing or there may be a good | |
190 | reason as to why that feature isn't implemented. | |
191 | ||
192 | Patches should be as up to date as possible, preferably relative to the | |
193 | current Git or the last snapshot. They should follow the coding style of | |
194 | OpenSSL and compile without warnings. Some of the core team developer targets | |
195 | can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL | |
196 | compiles on many varied platforms: try to ensure you only use portable | |
197 | features. | |
198 | ||
199 | Note: For legal reasons, contributions from the US can be accepted only | |
200 | if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov | |
201 | (formerly BXA) with a copy to the ENC Encryption Request Coordinator; | |
202 | please take some time to look at | |
203 | http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic] | |
204 | and | |
205 | http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)) | |
206 | for the details. If "your encryption source code is too large to serve as | |
207 | an email attachment", they are glad to receive it by fax instead; hope you | |
208 | have a cheap long-distance plan. | |
209 | ||
210 | Our preferred format for changes is "diff -u" output. You might | |
211 | generate it like this: | |
212 | ||
213 | # cd openssl-work | |
214 | # [your changes] | |
215 | # ./Configure dist; make clean | |
216 | # cd .. | |
217 | # diff -ur openssl-orig openssl-work > mydiffs.patch | |
218 |