README revision 55714
155714Skris 255714Skris OpenSSL 0.9.4 09 Aug 1999 355714Skris 455714Skris Copyright (c) 1998-1999 The OpenSSL Project 555714Skris Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson 655714Skris All rights reserved. 755714Skris 855714Skris DESCRIPTION 955714Skris ----------- 1055714Skris 1155714Skris The OpenSSL Project is a collaborative effort to develop a robust, 1255714Skris commercial-grade, fully featured, and Open Source toolkit implementing the 1355714Skris Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) 1455714Skris protocols with full-strength cryptography world-wide. The project is managed 1555714Skris by a worldwide community of volunteers that use the Internet to communicate, 1655714Skris plan, and develop the OpenSSL toolkit and its related documentation. 1755714Skris 1855714Skris OpenSSL is based on the excellent SSLeay library developed from Eric A. Young 1955714Skris and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the 2055714Skris OpenSSL license plus the SSLeay license) situation, which basically means 2155714Skris that you are free to get and use it for commercial and non-commercial 2255714Skris purposes as long as you fulfill the conditions of both licenses. 2355714Skris 2455714Skris OVERVIEW 2555714Skris -------- 2655714Skris 2755714Skris The OpenSSL toolkit includes: 2855714Skris 2955714Skris libssl.a: 3055714Skris Implementation of SSLv2, SSLv3, TLSv1 and the required code to support 3155714Skris both SSLv2, SSLv3 and TLSv1 in the one server and client. 3255714Skris 3355714Skris libcrypto.a: 3455714Skris General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not 3555714Skris actually logically part of it. It includes routines for the following: 3655714Skris 3755714Skris Ciphers 3855714Skris libdes - EAY's libdes DES encryption package which has been floating 3955714Skris around the net for a few years. It includes 15 4055714Skris 'modes/variations' of DES (1, 2 and 3 key versions of ecb, 4155714Skris cbc, cfb and ofb; pcbc and a more general form of cfb and 4255714Skris ofb) including desx in cbc mode, a fast crypt(3), and 4355714Skris routines to read passwords from the keyboard. 4455714Skris RC4 encryption, 4555714Skris RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. 4655714Skris Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. 4755714Skris IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. 4855714Skris 4955714Skris Digests 5055714Skris MD5 and MD2 message digest algorithms, fast implementations, 5155714Skris SHA (SHA-0) and SHA-1 message digest algorithms, 5255714Skris MDC2 message digest. A DES based hash that is popular on smart cards. 5355714Skris 5455714Skris Public Key 5555714Skris RSA encryption/decryption/generation. 5655714Skris There is no limit on the number of bits. 5755714Skris DSA encryption/decryption/generation. 5855714Skris There is no limit on the number of bits. 5955714Skris Diffie-Hellman key-exchange/key generation. 6055714Skris There is no limit on the number of bits. 6155714Skris 6255714Skris X.509v3 certificates 6355714Skris X509 encoding/decoding into/from binary ASN1 and a PEM 6455714Skris based ascii-binary encoding which supports encryption with a 6555714Skris private key. Program to generate RSA and DSA certificate 6655714Skris requests and to generate RSA and DSA certificates. 6755714Skris 6855714Skris Systems 6955714Skris The normal digital envelope routines and base64 encoding. Higher 7055714Skris level access to ciphers and digests by name. New ciphers can be 7155714Skris loaded at run time. The BIO io system which is a simple non-blocking 7255714Skris IO abstraction. Current methods supported are file descriptors, 7355714Skris sockets, socket accept, socket connect, memory buffer, buffering, SSL 7455714Skris client/server, file pointer, encryption, digest, non-blocking testing 7555714Skris and null. 7655714Skris 7755714Skris Data structures 7855714Skris A dynamically growing hashing system 7955714Skris A simple stack. 8055714Skris A Configuration loader that uses a format similar to MS .ini files. 8155714Skris 8255714Skris openssl: 8355714Skris A command line tool which provides the following functions: 8455714Skris 8555714Skris enc - a general encryption program that can encrypt/decrypt using 8655714Skris one of 17 different cipher/mode combinations. The 8755714Skris input/output can also be converted to/from base64 8855714Skris ascii encoding. 8955714Skris dgst - a generate message digesting program that will generate 9055714Skris message digests for any of md2, md5, sha (sha-0 or sha-1) 9155714Skris or mdc2. 9255714Skris asn1parse - parse and display the structure of an asn1 encoded 9355714Skris binary file. 9455714Skris rsa - Manipulate RSA private keys. 9555714Skris dsa - Manipulate DSA private keys. 9655714Skris dh - Manipulate Diffie-Hellman parameter files. 9755714Skris dsaparam- Manipulate and generate DSA parameter files. 9855714Skris crl - Manipulate certificate revocation lists. 9955714Skris crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate. 10055714Skris x509 - Manipulate x509 certificates, self-sign certificates. 10155714Skris req - Manipulate PKCS#10 certificate requests and also 10255714Skris generate certificate requests. 10355714Skris genrsa - Generates an arbitrary sized RSA private key. 10455714Skris gendsa - Generates DSA parameters. 10555714Skris gendh - Generates a set of Diffie-Hellman parameters, the prime 10655714Skris will be a strong prime. 10755714Skris ca - Create certificates from PKCS#10 certificate requests. 10855714Skris This program also maintains a database of certificates 10955714Skris issued. 11055714Skris verify - Check x509 certificate signatures. 11155714Skris speed - Benchmark OpenSSL's ciphers. 11255714Skris s_server- A test SSL server. 11355714Skris s_client- A test SSL client. 11455714Skris s_time - Benchmark SSL performance of SSL server programs. 11555714Skris errstr - Convert from OpenSSL hex error codes to a readable form. 11655714Skris nseq - Netscape certificate sequence utility 11755714Skris 11855714Skris PATENTS 11955714Skris ------- 12055714Skris 12155714Skris Various companies hold various patents for various algorithms in various 12255714Skris locations around the world. _YOU_ are responsible for ensuring that your use 12355714Skris of any algorithms is legal by checking if there are any patents in your 12455714Skris country. The file contains some of the patents that we know about or are 12555714Skris rumoured to exist. This is not a definitive list. 12655714Skris 12755714Skris RSA Data Security holds software patents on the RSA and RC5 algorithms. If 12855714Skris their ciphers are used used inside the USA (and Japan?), you must contact RSA 12955714Skris Data Security for licensing conditions. Their web page is 13055714Skris http://www.rsa.com/. 13155714Skris 13255714Skris RC4 is a trademark of RSA Data Security, so use of this label should perhaps 13355714Skris only be used with RSA Data Security's permission. 13455714Skris 13555714Skris The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, 13655714Skris Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should 13755714Skris be contacted if that algorithm is to be used, their web page is 13855714Skris http://www.ascom.ch/. 13955714Skris 14055714Skris INSTALLATION 14155714Skris ------------ 14255714Skris 14355714Skris To install this package under a Unix derivative, read the INSTALL file. For 14455714Skris a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read 14555714Skris INSTALL.VMS. 14655714Skris 14755714Skris For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s 14855714Skris public key library, RSAREF, by configuring OpenSSL with the option "rsaref". 14955714Skris 15055714Skris Read the documentation in the doc/ directory. It is quite rough, but it 15155714Skris lists the functions, you will probably have to look at the code to work out 15255714Skris how to used them. Look at the example programs. 15355714Skris 15455714Skris SUPPORT 15555714Skris ------- 15655714Skris 15755714Skris If you have any problems with OpenSSL then please take the following steps 15855714Skris first: 15955714Skris 16055714Skris - Remove ASM versions of libraries 16155714Skris - Remove compiler optimisation flags 16255714Skris - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer 16355714Skris before you try to debug things) 16455714Skris 16555714Skris If you wish to report a bug then please include the following information in 16655714Skris any bug report: 16755714Skris 16855714Skris OpenSSL Details 16955714Skris - Version, most of these details can be got from the 17055714Skris 'openssl version -a' command. 17155714Skris Operating System Details 17255714Skris - On Unix systems: Output of './config -t' 17355714Skris - OS Name, Version 17455714Skris - Hardware platform 17555714Skris Compiler Details 17655714Skris - Name 17755714Skris - Version 17855714Skris Application Details 17955714Skris - Name 18055714Skris - Version 18155714Skris Problem Description 18255714Skris - include steps that will reproduce the problem (if known) 18355714Skris Stack Traceback (if the application dumps core) 18455714Skris 18555714Skris Report the bug to the OpenSSL project at: 18655714Skris 18755714Skris openssl-bugs@openssl.org 18855714Skris 18955714Skris HOW TO CONTRIBUTE TO OpenSSL 19055714Skris ---------------------------- 19155714Skris 19255714Skris Development is coordinated on the openssl-dev mailing list (see 19355714Skris http://www.openssl.org for information on subscribing). If you 19455714Skris would like to submit a patch, send it to openssl-dev@openssl.org. 19555714Skris Please be sure to include a textual explanation of what your patch 19655714Skris does. 19755714Skris 19855714Skris The preferred format for changes is "diff -u" output. You might 19955714Skris generate it like this: 20055714Skris 20155714Skris # cd openssl-work 20255714Skris # [your changes] 20355714Skris # ./Configure dist; make clean 20455714Skris # cd .. 20555714Skris # diff -urN openssl-orig openssl-work > mydiffs.patch 206