| OpenSSL 0.9.2b 22-Mar-1999 | |
| Copyright (c) 1998-1999 The OpenSSL Project | |
| Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson | |
| All rights reserved. | |
| DESCRIPTION | |
| ----------- | |
| The OpenSSL Project is a collaborative effort to develop a robust, | |
| commercial-grade, fully featured, and Open Source toolkit implementing the | |
| Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) | |
| protocols with full-strength cryptography world-wide. The project is managed | |
| by a worldwide community of volunteers that use the Internet to communicate, | |
| plan, and develop the OpenSSL tookit and its related documentation. | |
| OpenSSL is based on the excellent SSLeay library developed from Eric A. Young | |
| and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the | |
| OpenSSL license plus the SSLeay license) situation, which basically means | |
| that you are free to get and use it for commercial and non-commercial | |
| purposes as long as you fullfill the conditions of both licenses. | |
| OVERVIEW | |
| -------- | |
| The OpenSSL toolkit includes: | |
| libssl.a: | |
| Implementation of SSLv2, SSLv3, TLSv1 and the required code to support | |
| both SSLv2, SSLv3 and TLSv1 in the one server and client. | |
| libcrypto.a: | |
| General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not | |
| actually logically part of it. It includes routines for the following: | |
| Ciphers | |
| libdes - EAY's libdes DES encryption package which has been floating | |
| around the net for a few years. It includes 15 | |
| 'modes/variations' of DES (1, 2 and 3 key versions of ecb, | |
| cbc, cfb and ofb; pcbc and a more general form of cfb and | |
| ofb) including desx in cbc mode, a fast crypt(3), and | |
| routines to read passwords from the keyboard. | |
| RC4 encryption, | |
| RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
| Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
| IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. | |
| Digests | |
| MD5 and MD2 message digest algorithms, fast implementations, | |
| SHA (SHA-0) and SHA-1 message digest algorithms, | |
| MDC2 message digest. A DES based hash that is polular on smart cards. | |
| Public Key | |
| RSA encryption/decryption/generation. | |
| There is no limit on the number of bits. | |
| DSA encryption/decryption/generation. | |
| There is no limit on the number of bits. | |
| Diffie-Hellman key-exchange/key generation. | |
| There is no limit on the number of bits. | |
| X.509v3 certificates | |
| X509 encoding/decoding into/from binary ASN1 and a PEM | |
| based ascii-binary encoding which supports encryption with a | |
| private key. Program to generate RSA and DSA certificate | |
| requests and to generate RSA and DSA certificates. | |
| Systems | |
| The normal digital envelope routines and base64 encoding. Higher | |
| level access to ciphers and digests by name. New ciphers can be | |
| loaded at run time. The BIO io system which is a simple non-blocking | |
| IO abstraction. Current methods supported are file descriptors, | |
| sockets, socket accept, socket connect, memory buffer, buffering, SSL | |
| client/server, file pointer, encryption, digest, non-blocking testing | |
| and null. | |
| Data structures | |
| A dynamically growing hashing system | |
| A simple stack. | |
| A Configuration loader that uses a format similar to MS .ini files. | |
| openssl: | |
| A command line tool which provides the following functions: | |
| enc - a general encryption program that can encrypt/decrypt using | |
| one of 17 different cipher/mode combinations. The | |
| input/output can also be converted to/from base64 | |
| ascii encoding. | |
| dgst - a generate message digesting program that will generate | |
| message digests for any of md2, md5, sha (sha-0 or sha-1) | |
| or mdc2. | |
| asn1parse - parse and display the structure of an asn1 encoded | |
| binary file. | |
| rsa - Manipulate RSA private keys. | |
| dsa - Manipulate DSA private keys. | |
| dh - Manipulate Diffie-Hellman parameter files. | |
| dsaparam- Manipulate and generate DSA parameter files. | |
| crl - Manipulate certificate revocation lists. | |
| crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate. | |
| x509 - Manipulate x509 certificates, self-sign certificates. | |
| req - Manipulate PKCS#10 certificate requests and also | |
| generate certificate requests. | |
| genrsa - Generates an arbitrary sized RSA private key. | |
| gendsa - Generates DSA parameters. | |
| gendh - Generates a set of Diffie-Hellman parameters, the prime | |
| will be a strong prime. | |
| ca - Create certificates from PKCS#10 certificate requests. | |
| This program also maintains a database of certificates | |
| issued. | |
| verify - Check x509 certificate signatures. | |
| speed - Benchmark OpenSSL's ciphers. | |
| s_server- A test SSL server. | |
| s_client- A test SSL client. | |
| s_time - Benchmark SSL performance of SSL server programs. | |
| errstr - Convert from OpenSSL hex error codes to a readable form. | |
| nseq - Netscape certificate sequence utility | |
| PATENTS | |
| ------- | |
| Various companies hold various patents for various algorithms in various | |
| locations around the world. _YOU_ are responsible for ensuring that your use | |
| of any algorithms is legel by checking if there are any patents in your | |
| country. The file contains some of the patents that we know about or are | |
| rumoured to exist. This is not a definitive list. | |
| RSA Data Security holds software patents on the RSA and RC5 algorithms. If | |
| their ciphers are used used inside the USA (and Japan?), you must contact RSA | |
| Data Security for licencing conditions. Their web page is | |
| http://www.rsa.com/. | |
| RC4 is a trademark of RSA Data Security, so use of this label should perhaps | |
| only be used with RSA Data Security's permission. | |
| The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, | |
| Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should | |
| be contacted if that algorithm is to be used, their web page is | |
| http://www.ascom.ch/. | |
| INSTALLATION | |
| ------------ | |
| To install this package under a Unix derivative, read the INSTALL file. For | |
| a Win32 platform, read the INSTALL.W32 file. | |
| For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s | |
| public key library, RSAref. Read doc/ssleay.txt under 'rsaref.doc' on how to | |
| build with RSAref. | |
| Read the documentation in the doc/ directory. It is quite rough, but it | |
| lists the functions, you will probably have to look at the code to work out | |
| how to used them. Look at the example programs. | |
| SUPPORT | |
| ------- | |
| If you have any problems with OpenSSL then please take the following steps | |
| first: | |
| - Remove ASM versions of libraries | |
| - Remove compiler optimisation flags | |
| - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer | |
| before you try to debug things) | |
| If you wish to report a bug then please include the following information in | |
| any bug report: | |
| OpenSSL Details | |
| - Version, most of these details can be got from the | |
| 'openssl version -a' command. | |
| Operating System Details | |
| - OS Name | |
| - OS Version | |
| - Hardware platform | |
| Compiler Details | |
| - Name | |
| - Version | |
| Application Details | |
| - Name | |
| - Version | |
| Problem Description | |
| - include steps that will reproduce the problem (if known) | |
| Stack Traceback (if the application dumps core) | |
| Report the bug to the OpenSSL project at: | |
| openssl-users@openssl.org | |