README revision 55714
1219019Sgabor 2219019Sgabor OpenSSL 0.9.4 09 Aug 1999 3219019Sgabor 4219019Sgabor Copyright (c) 1998-1999 The OpenSSL Project 5219019Sgabor Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson 6219019Sgabor All rights reserved. 7219019Sgabor 8219019Sgabor DESCRIPTION 9219019Sgabor ----------- 10219019Sgabor 11219019Sgabor The OpenSSL Project is a collaborative effort to develop a robust, 12219019Sgabor commercial-grade, fully featured, and Open Source toolkit implementing the 13219019Sgabor Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) 14219019Sgabor protocols with full-strength cryptography world-wide. The project is managed 15219019Sgabor by a worldwide community of volunteers that use the Internet to communicate, 16219019Sgabor plan, and develop the OpenSSL toolkit and its related documentation. 17219019Sgabor 18219019Sgabor OpenSSL is based on the excellent SSLeay library developed from Eric A. Young 19219019Sgabor and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the 20219019Sgabor OpenSSL license plus the SSLeay license) situation, which basically means 21219019Sgabor that you are free to get and use it for commercial and non-commercial 22219019Sgabor purposes as long as you fulfill the conditions of both licenses. 23219019Sgabor 24219019Sgabor OVERVIEW 25219019Sgabor -------- 26219019Sgabor 27219019Sgabor The OpenSSL toolkit includes: 28219019Sgabor 29219019Sgabor libssl.a: 30219019Sgabor Implementation of SSLv2, SSLv3, TLSv1 and the required code to support 31219019Sgabor both SSLv2, SSLv3 and TLSv1 in the one server and client. 32219019Sgabor 33219019Sgabor libcrypto.a: 34219019Sgabor General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not 35219019Sgabor actually logically part of it. It includes routines for the following: 36219019Sgabor 37219019Sgabor Ciphers 38219019Sgabor libdes - EAY's libdes DES encryption package which has been floating 39219019Sgabor around the net for a few years. It includes 15 40219019Sgabor 'modes/variations' of DES (1, 2 and 3 key versions of ecb, 41219019Sgabor cbc, cfb and ofb; pcbc and a more general form of cfb and 42219019Sgabor ofb) including desx in cbc mode, a fast crypt(3), and 43219019Sgabor routines to read passwords from the keyboard. 44219019Sgabor RC4 encryption, 45219019Sgabor RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. 46219019Sgabor Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. 47219019Sgabor IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. 48219019Sgabor 49219019Sgabor Digests 50219019Sgabor MD5 and MD2 message digest algorithms, fast implementations, 51219019Sgabor SHA (SHA-0) and SHA-1 message digest algorithms, 52219019Sgabor MDC2 message digest. A DES based hash that is popular on smart cards. 53219019Sgabor 54219019Sgabor Public Key 55219019Sgabor RSA encryption/decryption/generation. 56219019Sgabor There is no limit on the number of bits. 57219019Sgabor DSA encryption/decryption/generation. 58219019Sgabor There is no limit on the number of bits. 59219019Sgabor Diffie-Hellman key-exchange/key generation. 60219019Sgabor There is no limit on the number of bits. 61219019Sgabor 62219019Sgabor X.509v3 certificates 63219019Sgabor X509 encoding/decoding into/from binary ASN1 and a PEM 64219019Sgabor based ascii-binary encoding which supports encryption with a 65219019Sgabor private key. Program to generate RSA and DSA certificate 66219019Sgabor requests and to generate RSA and DSA certificates. 67219019Sgabor 68219019Sgabor Systems 69219019Sgabor The normal digital envelope routines and base64 encoding. Higher 70219019Sgabor level access to ciphers and digests by name. New ciphers can be 71219019Sgabor loaded at run time. The BIO io system which is a simple non-blocking 72219019Sgabor IO abstraction. Current methods supported are file descriptors, 73219019Sgabor sockets, socket accept, socket connect, memory buffer, buffering, SSL 74219019Sgabor client/server, file pointer, encryption, digest, non-blocking testing 75219019Sgabor and null. 76219019Sgabor 77219019Sgabor Data structures 78219019Sgabor A dynamically growing hashing system 79219019Sgabor A simple stack. 80219019Sgabor A Configuration loader that uses a format similar to MS .ini files. 81219019Sgabor 82219019Sgabor openssl: 83219019Sgabor A command line tool which provides the following functions: 84219019Sgabor 85219019Sgabor enc - a general encryption program that can encrypt/decrypt using 86219019Sgabor one of 17 different cipher/mode combinations. The 87219019Sgabor input/output can also be converted to/from base64 88219019Sgabor ascii encoding. 89219019Sgabor dgst - a generate message digesting program that will generate 90219019Sgabor message digests for any of md2, md5, sha (sha-0 or sha-1) 91219019Sgabor or mdc2. 92219019Sgabor asn1parse - parse and display the structure of an asn1 encoded 93219019Sgabor binary file. 94219019Sgabor rsa - Manipulate RSA private keys. 95219019Sgabor dsa - Manipulate DSA private keys. 96219019Sgabor dh - Manipulate Diffie-Hellman parameter files. 97219019Sgabor dsaparam- Manipulate and generate DSA parameter files. 98219019Sgabor crl - Manipulate certificate revocation lists. 99219019Sgabor crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate. 100219019Sgabor x509 - Manipulate x509 certificates, self-sign certificates. 101219019Sgabor req - Manipulate PKCS#10 certificate requests and also 102219019Sgabor generate certificate requests. 103219019Sgabor genrsa - Generates an arbitrary sized RSA private key. 104219019Sgabor gendsa - Generates DSA parameters. 105219019Sgabor gendh - Generates a set of Diffie-Hellman parameters, the prime 106219019Sgabor will be a strong prime. 107219019Sgabor ca - Create certificates from PKCS#10 certificate requests. 108219019Sgabor This program also maintains a database of certificates 109219019Sgabor issued. 110219019Sgabor verify - Check x509 certificate signatures. 111219019Sgabor speed - Benchmark OpenSSL's ciphers. 112219019Sgabor s_server- A test SSL server. 113219019Sgabor s_client- A test SSL client. 114219019Sgabor s_time - Benchmark SSL performance of SSL server programs. 115219019Sgabor errstr - Convert from OpenSSL hex error codes to a readable form. 116219019Sgabor nseq - Netscape certificate sequence utility 117219019Sgabor 118219019Sgabor PATENTS 119219019Sgabor ------- 120219019Sgabor 121219019Sgabor Various companies hold various patents for various algorithms in various 122219019Sgabor locations around the world. _YOU_ are responsible for ensuring that your use 123219019Sgabor of any algorithms is legal by checking if there are any patents in your 124219019Sgabor country. The file contains some of the patents that we know about or are 125219019Sgabor rumoured to exist. This is not a definitive list. 126219019Sgabor 127219019Sgabor RSA Data Security holds software patents on the RSA and RC5 algorithms. If 128219019Sgabor their ciphers are used used inside the USA (and Japan?), you must contact RSA 129219019Sgabor Data Security for licensing conditions. Their web page is 130219019Sgabor http://www.rsa.com/. 131219019Sgabor 132219019Sgabor RC4 is a trademark of RSA Data Security, so use of this label should perhaps 133219019Sgabor only be used with RSA Data Security's permission. 134219019Sgabor 135219019Sgabor The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, 136219019Sgabor Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should 137219019Sgabor be contacted if that algorithm is to be used, their web page is 138219019Sgabor http://www.ascom.ch/. 139219019Sgabor 140219019Sgabor INSTALLATION 141219019Sgabor ------------ 142219019Sgabor 143219019Sgabor To install this package under a Unix derivative, read the INSTALL file. For 144219019Sgabor a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read 145219019Sgabor INSTALL.VMS. 146219019Sgabor 147219019Sgabor For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s 148219019Sgabor public key library, RSAREF, by configuring OpenSSL with the option "rsaref". 149219019Sgabor 150219019Sgabor Read the documentation in the doc/ directory. It is quite rough, but it 151219019Sgabor lists the functions, you will probably have to look at the code to work out 152219019Sgabor how to used them. Look at the example programs. 153219019Sgabor 154219019Sgabor SUPPORT 155219019Sgabor ------- 156219019Sgabor 157219019Sgabor If you have any problems with OpenSSL then please take the following steps 158219019Sgabor first: 159219019Sgabor 160219019Sgabor - Remove ASM versions of libraries 161219019Sgabor - Remove compiler optimisation flags 162219019Sgabor - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer 163219019Sgabor before you try to debug things) 164219019Sgabor 165219019Sgabor If you wish to report a bug then please include the following information in 166219019Sgabor any bug report: 167219019Sgabor 168219019Sgabor OpenSSL Details 169219019Sgabor - Version, most of these details can be got from the 170219019Sgabor 'openssl version -a' command. 171219019Sgabor Operating System Details 172219019Sgabor - On Unix systems: Output of './config -t' 173219019Sgabor - OS Name, Version 174219019Sgabor - Hardware platform 175219019Sgabor Compiler Details 176219019Sgabor - Name 177219019Sgabor - Version 178219019Sgabor Application Details 179219019Sgabor - Name 180219019Sgabor - Version 181219019Sgabor Problem Description 182219019Sgabor - include steps that will reproduce the problem (if known) 183219019Sgabor Stack Traceback (if the application dumps core) 184219019Sgabor 185219019Sgabor Report the bug to the OpenSSL project at: 186219019Sgabor 187219019Sgabor openssl-bugs@openssl.org 188219019Sgabor 189219019Sgabor HOW TO CONTRIBUTE TO OpenSSL 190219019Sgabor ---------------------------- 191219019Sgabor 192219019Sgabor Development is coordinated on the openssl-dev mailing list (see 193219019Sgabor http://www.openssl.org for information on subscribing). If you 194219019Sgabor would like to submit a patch, send it to openssl-dev@openssl.org. 195219019Sgabor Please be sure to include a textual explanation of what your patch 196219019Sgabor does. 197219019Sgabor 198219019Sgabor The preferred format for changes is "diff -u" output. You might 199219019Sgabor generate it like this: 200219019Sgabor 201219019Sgabor # cd openssl-work 202219019Sgabor # [your changes] 203219019Sgabor # ./Configure dist; make clean 204219019Sgabor # cd .. 205219019Sgabor # diff -urN openssl-orig openssl-work > mydiffs.patch 206250984Sed