[15529] | 1 | |
---|
| 2 | OpenSSL 0.9.6 24 Sep 2000 |
---|
| 3 | |
---|
| 4 | Copyright (c) 1998-2000 The OpenSSL Project |
---|
| 5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson |
---|
| 6 | All rights reserved. |
---|
| 7 | |
---|
| 8 | DESCRIPTION |
---|
| 9 | ----------- |
---|
| 10 | |
---|
| 11 | The OpenSSL Project is a collaborative effort to develop a robust, |
---|
| 12 | commercial-grade, fully featured, and Open Source toolkit implementing the |
---|
| 13 | Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) |
---|
| 14 | protocols as well as a full-strength general purpose cryptography library. |
---|
| 15 | The project is managed by a worldwide community of volunteers that use the |
---|
| 16 | Internet to communicate, plan, and develop the OpenSSL toolkit and its |
---|
| 17 | related documentation. |
---|
| 18 | |
---|
| 19 | OpenSSL is based on the excellent SSLeay library developed from Eric A. Young |
---|
| 20 | and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the |
---|
| 21 | OpenSSL license plus the SSLeay license) situation, which basically means |
---|
| 22 | that you are free to get and use it for commercial and non-commercial |
---|
| 23 | purposes as long as you fulfill the conditions of both licenses. |
---|
| 24 | |
---|
| 25 | OVERVIEW |
---|
| 26 | -------- |
---|
| 27 | |
---|
| 28 | The OpenSSL toolkit includes: |
---|
| 29 | |
---|
| 30 | libssl.a: |
---|
| 31 | Implementation of SSLv2, SSLv3, TLSv1 and the required code to support |
---|
| 32 | both SSLv2, SSLv3 and TLSv1 in the one server and client. |
---|
| 33 | |
---|
| 34 | libcrypto.a: |
---|
| 35 | General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not |
---|
| 36 | actually logically part of it. It includes routines for the following: |
---|
| 37 | |
---|
| 38 | Ciphers |
---|
| 39 | libdes - EAY's libdes DES encryption package which has been floating |
---|
| 40 | around the net for a few years. It includes 15 |
---|
| 41 | 'modes/variations' of DES (1, 2 and 3 key versions of ecb, |
---|
| 42 | cbc, cfb and ofb; pcbc and a more general form of cfb and |
---|
| 43 | ofb) including desx in cbc mode, a fast crypt(3), and |
---|
| 44 | routines to read passwords from the keyboard. |
---|
| 45 | RC4 encryption, |
---|
| 46 | RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. |
---|
| 47 | Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. |
---|
| 48 | IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. |
---|
| 49 | |
---|
| 50 | Digests |
---|
| 51 | MD5 and MD2 message digest algorithms, fast implementations, |
---|
| 52 | SHA (SHA-0) and SHA-1 message digest algorithms, |
---|
| 53 | MDC2 message digest. A DES based hash that is popular on smart cards. |
---|
| 54 | |
---|
| 55 | Public Key |
---|
| 56 | RSA encryption/decryption/generation. |
---|
| 57 | There is no limit on the number of bits. |
---|
| 58 | DSA encryption/decryption/generation. |
---|
| 59 | There is no limit on the number of bits. |
---|
| 60 | Diffie-Hellman key-exchange/key generation. |
---|
| 61 | There is no limit on the number of bits. |
---|
| 62 | |
---|
| 63 | X.509v3 certificates |
---|
| 64 | X509 encoding/decoding into/from binary ASN1 and a PEM |
---|
| 65 | based ascii-binary encoding which supports encryption with a |
---|
| 66 | private key. Program to generate RSA and DSA certificate |
---|
| 67 | requests and to generate RSA and DSA certificates. |
---|
| 68 | |
---|
| 69 | Systems |
---|
| 70 | The normal digital envelope routines and base64 encoding. Higher |
---|
| 71 | level access to ciphers and digests by name. New ciphers can be |
---|
| 72 | loaded at run time. The BIO io system which is a simple non-blocking |
---|
| 73 | IO abstraction. Current methods supported are file descriptors, |
---|
| 74 | sockets, socket accept, socket connect, memory buffer, buffering, SSL |
---|
| 75 | client/server, file pointer, encryption, digest, non-blocking testing |
---|
| 76 | and null. |
---|
| 77 | |
---|
| 78 | Data structures |
---|
| 79 | A dynamically growing hashing system |
---|
| 80 | A simple stack. |
---|
| 81 | A Configuration loader that uses a format similar to MS .ini files. |
---|
| 82 | |
---|
| 83 | openssl: |
---|
| 84 | A command line tool that can be used for: |
---|
| 85 | Creation of RSA, DH and DSA key parameters |
---|
| 86 | Creation of X.509 certificates, CSRs and CRLs |
---|
| 87 | Calculation of Message Digests |
---|
| 88 | Encryption and Decryption with Ciphers |
---|
| 89 | SSL/TLS Client and Server Tests |
---|
| 90 | Handling of S/MIME signed or encrypted mail |
---|
| 91 | |
---|
| 92 | |
---|
| 93 | PATENTS |
---|
| 94 | ------- |
---|
| 95 | |
---|
| 96 | Various companies hold various patents for various algorithms in various |
---|
| 97 | locations around the world. _YOU_ are responsible for ensuring that your use |
---|
| 98 | of any algorithms is legal by checking if there are any patents in your |
---|
| 99 | country. The file contains some of the patents that we know about or are |
---|
| 100 | rumoured to exist. This is not a definitive list. |
---|
| 101 | |
---|
| 102 | RSA Security holds software patents on the RC5 algorithm. If you |
---|
| 103 | intend to use this cipher, you must contact RSA Security for |
---|
| 104 | licensing conditions. Their web page is http://www.rsasecurity.com/. |
---|
| 105 | |
---|
| 106 | RC4 is a trademark of RSA Security, so use of this label should perhaps |
---|
| 107 | only be used with RSA Security's permission. |
---|
| 108 | |
---|
| 109 | The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, |
---|
| 110 | Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should |
---|
| 111 | be contacted if that algorithm is to be used, their web page is |
---|
| 112 | http://www.ascom.ch/. |
---|
| 113 | |
---|
| 114 | INSTALLATION |
---|
| 115 | ------------ |
---|
| 116 | |
---|
| 117 | To install this package under a Unix derivative, read the INSTALL file. For |
---|
| 118 | a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read |
---|
| 119 | INSTALL.VMS. |
---|
| 120 | |
---|
| 121 | Read the documentation in the doc/ directory. It is quite rough, but it |
---|
| 122 | lists the functions, you will probably have to look at the code to work out |
---|
| 123 | how to used them. Look at the example programs. |
---|
| 124 | |
---|
| 125 | SUPPORT |
---|
| 126 | ------- |
---|
| 127 | |
---|
| 128 | If you have any problems with OpenSSL then please take the following steps |
---|
| 129 | first: |
---|
| 130 | |
---|
| 131 | - Download the current snapshot from ftp://ftp.openssl.org/snapshot/ |
---|
| 132 | to see if the problem has already been addressed |
---|
| 133 | - Remove ASM versions of libraries |
---|
| 134 | - Remove compiler optimisation flags |
---|
| 135 | |
---|
| 136 | If you wish to report a bug then please include the following information in |
---|
| 137 | any bug report: |
---|
| 138 | |
---|
| 139 | - On Unix systems: |
---|
| 140 | Self-test report generated by 'make report' |
---|
| 141 | - On other systems: |
---|
| 142 | OpenSSL version: output of 'openssl version -a' |
---|
| 143 | OS Name, Version, Hardware platform |
---|
| 144 | Compiler Details (name, version) |
---|
| 145 | - Application Details (name, version) |
---|
| 146 | - Problem Description (steps that will reproduce the problem, if known) |
---|
| 147 | - Stack Traceback (if the application dumps core) |
---|
| 148 | |
---|
| 149 | Report the bug to the OpenSSL project at: |
---|
| 150 | |
---|
| 151 | openssl-bugs@openssl.org |
---|
| 152 | |
---|
| 153 | Note that mail to openssl-bugs@openssl.org is forwarded to a public |
---|
| 154 | mailing list. Confidential mail may be sent to openssl-security@openssl.org |
---|
| 155 | (PGP key available from the key servers). |
---|
| 156 | |
---|
| 157 | HOW TO CONTRIBUTE TO OpenSSL |
---|
| 158 | ---------------------------- |
---|
| 159 | |
---|
| 160 | Development is coordinated on the openssl-dev mailing list (see |
---|
| 161 | http://www.openssl.org for information on subscribing). If you |
---|
| 162 | would like to submit a patch, send it to openssl-dev@openssl.org with |
---|
| 163 | the string "[PATCH]" in the subject. Please be sure to include a |
---|
| 164 | textual explanation of what your patch does. |
---|
| 165 | |
---|
| 166 | Note: For legal reasons, contributions from the US can be accepted only |
---|
| 167 | if a copy of the patch is sent to crypt@bxa.doc.gov |
---|
| 168 | |
---|
| 169 | The preferred format for changes is "diff -u" output. You might |
---|
| 170 | generate it like this: |
---|
| 171 | |
---|
| 172 | # cd openssl-work |
---|
| 173 | # [your changes] |
---|
| 174 | # ./Configure dist; make clean |
---|
| 175 | # cd .. |
---|
| 176 | # diff -ur openssl-orig openssl-work > mydiffs.patch |
---|