README revision 142425
155714Skris 2142425Snectar OpenSSL 0.9.7e 25 Oct 2004 355714Skris 4127128Snectar Copyright (c) 1998-2004 The OpenSSL Project 555714Skris Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson 655714Skris All rights reserved. 755714Skris 855714Skris DESCRIPTION 955714Skris ----------- 1055714Skris 1155714Skris The OpenSSL Project is a collaborative effort to develop a robust, 1255714Skris commercial-grade, fully featured, and Open Source toolkit implementing the 1355714Skris Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) 1459191Skris protocols as well as a full-strength general purpose cryptography library. 1559191Skris The project is managed by a worldwide community of volunteers that use the 1659191Skris Internet to communicate, plan, and develop the OpenSSL toolkit and its 1759191Skris related documentation. 1855714Skris 1955714Skris OpenSSL is based on the excellent SSLeay library developed from Eric A. Young 2055714Skris and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the 2155714Skris OpenSSL license plus the SSLeay license) situation, which basically means 2255714Skris that you are free to get and use it for commercial and non-commercial 2355714Skris purposes as long as you fulfill the conditions of both licenses. 2455714Skris 2555714Skris OVERVIEW 2655714Skris -------- 2755714Skris 2855714Skris The OpenSSL toolkit includes: 2955714Skris 3055714Skris libssl.a: 3155714Skris Implementation of SSLv2, SSLv3, TLSv1 and the required code to support 3255714Skris both SSLv2, SSLv3 and TLSv1 in the one server and client. 3355714Skris 3455714Skris libcrypto.a: 3555714Skris General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not 3655714Skris actually logically part of it. It includes routines for the following: 3755714Skris 3855714Skris Ciphers 3955714Skris libdes - EAY's libdes DES encryption package which has been floating 4055714Skris around the net for a few years. It includes 15 4155714Skris 'modes/variations' of DES (1, 2 and 3 key versions of ecb, 4255714Skris cbc, cfb and ofb; pcbc and a more general form of cfb and 4355714Skris ofb) including desx in cbc mode, a fast crypt(3), and 4455714Skris routines to read passwords from the keyboard. 4555714Skris RC4 encryption, 4655714Skris RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. 4755714Skris Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. 4855714Skris IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. 4955714Skris 5055714Skris Digests 5155714Skris MD5 and MD2 message digest algorithms, fast implementations, 5255714Skris SHA (SHA-0) and SHA-1 message digest algorithms, 5355714Skris MDC2 message digest. A DES based hash that is popular on smart cards. 5455714Skris 5555714Skris Public Key 5655714Skris RSA encryption/decryption/generation. 5755714Skris There is no limit on the number of bits. 5855714Skris DSA encryption/decryption/generation. 5955714Skris There is no limit on the number of bits. 6055714Skris Diffie-Hellman key-exchange/key generation. 6155714Skris There is no limit on the number of bits. 6255714Skris 6355714Skris X.509v3 certificates 6455714Skris X509 encoding/decoding into/from binary ASN1 and a PEM 6589837Skris based ASCII-binary encoding which supports encryption with a 6655714Skris private key. Program to generate RSA and DSA certificate 6755714Skris requests and to generate RSA and DSA certificates. 6855714Skris 6955714Skris Systems 7055714Skris The normal digital envelope routines and base64 encoding. Higher 7155714Skris level access to ciphers and digests by name. New ciphers can be 7255714Skris loaded at run time. The BIO io system which is a simple non-blocking 7355714Skris IO abstraction. Current methods supported are file descriptors, 7455714Skris sockets, socket accept, socket connect, memory buffer, buffering, SSL 7555714Skris client/server, file pointer, encryption, digest, non-blocking testing 7655714Skris and null. 7755714Skris 7855714Skris Data structures 7955714Skris A dynamically growing hashing system 8055714Skris A simple stack. 8155714Skris A Configuration loader that uses a format similar to MS .ini files. 8255714Skris 8355714Skris openssl: 8459191Skris A command line tool that can be used for: 8559191Skris Creation of RSA, DH and DSA key parameters 8659191Skris Creation of X.509 certificates, CSRs and CRLs 8759191Skris Calculation of Message Digests 8859191Skris Encryption and Decryption with Ciphers 8959191Skris SSL/TLS Client and Server Tests 9059191Skris Handling of S/MIME signed or encrypted mail 9155714Skris 9255714Skris 9355714Skris PATENTS 9455714Skris ------- 9555714Skris 9655714Skris Various companies hold various patents for various algorithms in various 9755714Skris locations around the world. _YOU_ are responsible for ensuring that your use 9855714Skris of any algorithms is legal by checking if there are any patents in your 9955714Skris country. The file contains some of the patents that we know about or are 10089837Skris rumored to exist. This is not a definitive list. 10155714Skris 10268651Skris RSA Security holds software patents on the RC5 algorithm. If you 10368651Skris intend to use this cipher, you must contact RSA Security for 10468651Skris licensing conditions. Their web page is http://www.rsasecurity.com/. 10555714Skris 10668651Skris RC4 is a trademark of RSA Security, so use of this label should perhaps 10768651Skris only be used with RSA Security's permission. 10855714Skris 10955714Skris The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, 11089837Skris Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They 11189837Skris should be contacted if that algorithm is to be used; their web page is 11255714Skris http://www.ascom.ch/. 11355714Skris 11455714Skris INSTALLATION 11555714Skris ------------ 11655714Skris 11755714Skris To install this package under a Unix derivative, read the INSTALL file. For 11855714Skris a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read 11955714Skris INSTALL.VMS. 12055714Skris 12155714Skris Read the documentation in the doc/ directory. It is quite rough, but it 12289837Skris lists the functions; you will probably have to look at the code to work out 12389837Skris how to use them. Look at the example programs. 12455714Skris 125100936Snectar PROBLEMS 126100936Snectar -------- 127100936Snectar 128100936Snectar For some platforms, there are some known problems that may affect the user 129100936Snectar or application author. We try to collect those in doc/PROBLEMS, with current 130100936Snectar thoughts on how they should be solved in a future of OpenSSL. 131100936Snectar 13255714Skris SUPPORT 13355714Skris ------- 13455714Skris 13555714Skris If you have any problems with OpenSSL then please take the following steps 13655714Skris first: 13755714Skris 13859191Skris - Download the current snapshot from ftp://ftp.openssl.org/snapshot/ 13959191Skris to see if the problem has already been addressed 14055714Skris - Remove ASM versions of libraries 14155714Skris - Remove compiler optimisation flags 14255714Skris 14355714Skris If you wish to report a bug then please include the following information in 14455714Skris any bug report: 14555714Skris 14659191Skris - On Unix systems: 14759191Skris Self-test report generated by 'make report' 14859191Skris - On other systems: 14959191Skris OpenSSL version: output of 'openssl version -a' 15059191Skris OS Name, Version, Hardware platform 15159191Skris Compiler Details (name, version) 15259191Skris - Application Details (name, version) 15359191Skris - Problem Description (steps that will reproduce the problem, if known) 15459191Skris - Stack Traceback (if the application dumps core) 15555714Skris 156100936Snectar Report the bug to the OpenSSL project via the Request Tracker 157109998Smarkm (http://www.openssl.org/support/rt2.html) by mail to: 15855714Skris 15955714Skris openssl-bugs@openssl.org 16055714Skris 161100936Snectar Note that mail to openssl-bugs@openssl.org is recorded in the publicly 162100936Snectar readable request tracker database and is forwarded to a public 16359191Skris mailing list. Confidential mail may be sent to openssl-security@openssl.org 16459191Skris (PGP key available from the key servers). 16559191Skris 16655714Skris HOW TO CONTRIBUTE TO OpenSSL 16755714Skris ---------------------------- 16855714Skris 16955714Skris Development is coordinated on the openssl-dev mailing list (see 17055714Skris http://www.openssl.org for information on subscribing). If you 17159191Skris would like to submit a patch, send it to openssl-dev@openssl.org with 17259191Skris the string "[PATCH]" in the subject. Please be sure to include a 17359191Skris textual explanation of what your patch does. 17455714Skris 17568651Skris Note: For legal reasons, contributions from the US can be accepted only 176142425Snectar if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov 177142425Snectar (formerly BXA) with a copy to the ENC Encryption Request Coordinator; 178142425Snectar please take some time to look at 179142425Snectar http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic] 180142425Snectar and 181142425Snectar http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)) 182142425Snectar for the details. If "your encryption source code is too large to serve as 183142425Snectar an email attachment", they are glad to receive it by fax instead; hope you 184142425Snectar have a cheap long-distance plan. 18568651Skris 186142425Snectar Our preferred format for changes is "diff -u" output. You might 18755714Skris generate it like this: 18855714Skris 18955714Skris # cd openssl-work 19055714Skris # [your changes] 19155714Skris # ./Configure dist; make clean 19255714Skris # cd .. 19368651Skris # diff -ur openssl-orig openssl-work > mydiffs.patch 194