- OpenSSL 0.9.5a 1 Apr 2000
+ OpenSSL 1.1.0-dev
- Copyright (c) 1998-2000 The OpenSSL Project
+ Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
protocols as well as a full-strength general purpose cryptography library.
The project is managed by a worldwide community of volunteers that use the
Internet to communicate, plan, and develop the OpenSSL toolkit and its
- related documentation.
+ related documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
OpenSSL license plus the SSLeay license) situation, which basically means
that you are free to get and use it for commercial and non-commercial
- purposes as long as you fulfill the conditions of both licenses.
+ purposes as long as you fulfill the conditions of both licenses.
OVERVIEW
--------
actually logically part of it. It includes routines for the following:
Ciphers
- libdes - EAY's libdes DES encryption package which has been floating
- around the net for a few years. It includes 15
- 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
- cbc, cfb and ofb; pcbc and a more general form of cfb and
- ofb) including desx in cbc mode, a fast crypt(3), and
- routines to read passwords from the keyboard.
+ libdes - EAY's libdes DES encryption package which was floating
+ around the net for a few years, and was then relicensed by
+ him as part of SSLeay. It includes 15 'modes/variations'
+ of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
+ pcbc and a more general form of cfb and ofb) including desx
+ in cbc mode, a fast crypt(3), and routines to read
+ passwords from the keyboard.
RC4 encryption,
RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
MDC2 message digest. A DES based hash that is popular on smart cards.
Public Key
- RSA encryption/decryption/generation.
+ RSA encryption/decryption/generation.
There is no limit on the number of bits.
- DSA encryption/decryption/generation.
+ DSA encryption/decryption/generation.
There is no limit on the number of bits.
- Diffie-Hellman key-exchange/key generation.
+ Diffie-Hellman key-exchange/key generation.
There is no limit on the number of bits.
X.509v3 certificates
X509 encoding/decoding into/from binary ASN1 and a PEM
- based ascii-binary encoding which supports encryption with a
+ based ASCII-binary encoding which supports encryption with a
private key. Program to generate RSA and DSA certificate
requests and to generate RSA and DSA certificates.
A simple stack.
A Configuration loader that uses a format similar to MS .ini files.
- openssl:
+ openssl:
A command line tool that can be used for:
Creation of RSA, DH and DSA key parameters
- Creation of X.509 certificates, CSRs and CRLs
+ Creation of X.509 certificates, CSRs and CRLs
Calculation of Message Digests
Encryption and Decryption with Ciphers
SSL/TLS Client and Server Tests
Handling of S/MIME signed or encrypted mail
-
- PATENTS
- -------
-
- Various companies hold various patents for various algorithms in various
- locations around the world. _YOU_ are responsible for ensuring that your use
- of any algorithms is legal by checking if there are any patents in your
- country. The file contains some of the patents that we know about or are
- rumoured to exist. This is not a definitive list.
-
- RSA Data Security holds software patents on the RSA and RC5 algorithms. If
- their ciphers are used used inside the USA (and Japan?), you must contact RSA
- Data Security for licensing conditions. Their web page is
- http://www.rsa.com/.
-
- RC4 is a trademark of RSA Data Security, so use of this label should perhaps
- only be used with RSA Data Security's permission.
-
- The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
- Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should
- be contacted if that algorithm is to be used, their web page is
- http://www.ascom.ch/.
-
INSTALLATION
------------
a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
INSTALL.VMS.
- For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
- public key library, RSAREF, by configuring OpenSSL with the option "rsaref".
-
Read the documentation in the doc/ directory. It is quite rough, but it
- lists the functions, you will probably have to look at the code to work out
- how to used them. Look at the example programs.
+ lists the functions; you will probably have to look at the code to work out
+ how to use them. Look at the example programs.
- SUPPORT
+ PROBLEMS
+ --------
+
+ For some platforms, there are some known problems that may affect the user
+ or application author. We try to collect those in doc/PROBLEMS, with current
+ thoughts on how they should be solved in a future of OpenSSL.
+
+ SUPPORT
-------
+ See the OpenSSL website www.openssl.org for details of how to obtain
+ commercial technical support.
+
If you have any problems with OpenSSL then please take the following steps
first:
- Download the current snapshot from ftp://ftp.openssl.org/snapshot/
to see if the problem has already been addressed
- Remove ASM versions of libraries
- - Remove compiler optimisation flags
+ - Remove compiler optimisation flags
If you wish to report a bug then please include the following information in
any bug report:
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)
- Report the bug to the OpenSSL project at:
+ Email the report to:
openssl-bugs@openssl.org
- Note that mail to openssl-bugs@openssl.org is forwarded to a public
- mailing list. Confidential mail may be sent to openssl-security@openssl.org
- (PGP key available from the key servers).
+ Note that the request tracker should NOT be used for general assistance
+ or support queries. Just because something doesn't work the way you expect
+ does not mean it is necessarily a bug in OpenSSL.
+
+ Note that mail to openssl-bugs@openssl.org is recorded in the public
+ request tracker database (see https://www.openssl.org/support/rt.html
+ for details) and also forwarded to a public mailing list. Confidential
+ mail may be sent to openssl-security@openssl.org (PGP key available from
+ the key servers).
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
Development is coordinated on the openssl-dev mailing list (see
http://www.openssl.org for information on subscribing). If you
- would like to submit a patch, send it to openssl-dev@openssl.org with
+ would like to submit a patch, send it to openssl-bugs@openssl.org with
the string "[PATCH]" in the subject. Please be sure to include a
textual explanation of what your patch does.
- The preferred format for changes is "diff -u" output. You might
+ If you are unsure as to whether a feature will be useful for the general
+ OpenSSL community please discuss it on the openssl-dev mailing list first.
+ Someone may be already working on the same thing or there may be a good
+ reason as to why that feature isn't implemented.
+
+ Patches should be as up to date as possible, preferably relative to the
+ current Git or the last snapshot. They should follow the coding style of
+ OpenSSL and compile without warnings. Some of the core team developer targets
+ can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
+ compiles on many varied platforms: try to ensure you only use portable
+ features.
+
+ Note: For legal reasons, contributions from the US can be accepted only
+ if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
+ (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
+ please take some time to look at
+ http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
+ and
+ http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
+ for the details. If "your encryption source code is too large to serve as
+ an email attachment", they are glad to receive it by fax instead; hope you
+ have a cheap long-distance plan.
+
+ Our preferred format for changes is "diff -u" output. You might
generate it like this:
# cd openssl-work
# ./Configure dist; make clean
# cd ..
# diff -ur openssl-orig openssl-work > mydiffs.patch
+