- OpenSSL 0.9.2 06-Mar-1999
+ OpenSSL 0.9.8-dev XX xxx XXXX
- Copyright (c) 1998-1999 The OpenSSL Project
+ Copyright (c) 1998-2002 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, fully featured, and Open Source toolkit implementing the
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
- protocols with full-strength cryptography world-wide. The project is managed
- by a worldwide community of volunteers that use the Internet to communicate,
- plan, and develop the OpenSSL tookit and its related documentation.
+ protocols as well as a full-strength general purpose cryptography library.
+ The project is managed by a worldwide community of volunteers that use the
+ Internet to communicate, plan, and develop the OpenSSL toolkit and its
+ related documentation.
OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
OpenSSL license plus the SSLeay license) situation, which basically means
that you are free to get and use it for commercial and non-commercial
- purposes as long as you fullfill the conditions of both licenses.
+ purposes as long as you fulfill the conditions of both licenses.
OVERVIEW
--------
Digests
MD5 and MD2 message digest algorithms, fast implementations,
SHA (SHA-0) and SHA-1 message digest algorithms,
- MDC2 message digest. A DES based hash that is polular on smart cards.
+ MDC2 message digest. A DES based hash that is popular on smart cards.
Public Key
RSA encryption/decryption/generation.
X.509v3 certificates
X509 encoding/decoding into/from binary ASN1 and a PEM
- based ascii-binary encoding which supports encryption with a
+ based ASCII-binary encoding which supports encryption with a
private key. Program to generate RSA and DSA certificate
requests and to generate RSA and DSA certificates.
A Configuration loader that uses a format similar to MS .ini files.
openssl:
- A command line tool which provides the following functions:
-
- enc - a general encryption program that can encrypt/decrypt using
- one of 17 different cipher/mode combinations. The
- input/output can also be converted to/from base64
- ascii encoding.
- dgst - a generate message digesting program that will generate
- message digests for any of md2, md5, sha (sha-0 or sha-1)
- or mdc2.
- asn1parse - parse and display the structure of an asn1 encoded
- binary file.
- rsa - Manipulate RSA private keys.
- dsa - Manipulate DSA private keys.
- dh - Manipulate Diffie-Hellman parameter files.
- dsaparam- Manipulate and generate DSA parameter files.
- crl - Manipulate certificate revocation lists.
- crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
- x509 - Manipulate x509 certificates, self-sign certificates.
- req - Manipulate PKCS#10 certificate requests and also
- generate certificate requests.
- genrsa - Generates an arbitrary sized RSA private key.
- gendsa - Generates DSA parameters.
- gendh - Generates a set of Diffie-Hellman parameters, the prime
- will be a strong prime.
- ca - Create certificates from PKCS#10 certificate requests.
- This program also maintains a database of certificates
- issued.
- verify - Check x509 certificate signatures.
- speed - Benchmark OpenSSL's ciphers.
- s_server- A test SSL server.
- s_client- A test SSL client.
- s_time - Benchmark SSL performance of SSL server programs.
- errstr - Convert from OpenSSL hex error codes to a readable form.
- nseq - Netscape certificate sequence utility
+ A command line tool that can be used for:
+ Creation of RSA, DH and DSA key parameters
+ Creation of X.509 certificates, CSRs and CRLs
+ Calculation of Message Digests
+ Encryption and Decryption with Ciphers
+ SSL/TLS Client and Server Tests
+ Handling of S/MIME signed or encrypted mail
+
PATENTS
-------
Various companies hold various patents for various algorithms in various
- locations around the world. YOU are responsible for ensuring that your use of
- any algorithms is legel by checking if there are any patents in your country.
- The file contains some of the patents that we know about or are rumoured to
- exist. This is not a definitive list.
+ locations around the world. _YOU_ are responsible for ensuring that your use
+ of any algorithms is legal by checking if there are any patents in your
+ country. The file contains some of the patents that we know about or are
+ rumored to exist. This is not a definitive list.
- RSA Data Security holds software patents on the RSA and RC5 algorithms. If
- their ciphers are used used inside the USA (and Japan?), you must contact RSA
- Data Security for licencing conditions. Their web page is
- http://www.rsa.com/.
+ RSA Security holds software patents on the RC5 algorithm. If you
+ intend to use this cipher, you must contact RSA Security for
+ licensing conditions. Their web page is http://www.rsasecurity.com/.
- RC4 is a trademark of RSA Data Security, so use of this label should perhaps
- only be used with RSA Data Security's permission.
+ RC4 is a trademark of RSA Security, so use of this label should perhaps
+ only be used with RSA Security's permission.
The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
- Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should
- be contacted if that algorithm is to be used, their web page is
+ Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
+ should be contacted if that algorithm is to be used; their web page is
http://www.ascom.ch/.
INSTALLATION
------------
To install this package under a Unix derivative, read the INSTALL file. For
- a Win32 platform, read the INSTALL.W32 file.
-
- For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
- public key library, RSAref. Read doc/ssleay.txt under 'rsaref.doc' on how to
- build with RSAref.
+ a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
+ INSTALL.VMS.
Read the documentation in the doc/ directory. It is quite rough, but it
- lists the functions, you will probably have to look at the code to work out
- how to used them. Look at the example programs.
+ lists the functions; you will probably have to look at the code to work out
+ how to use them. Look at the example programs.
+
+ PROBLEMS
+ --------
+
+ For some platforms, there are some known problems that may affect the user
+ or application author. We try to collect those in doc/PROBLEMS, with current
+ thoughts on how they should be solved in a future of OpenSSL.
SUPPORT
-------
If you have any problems with OpenSSL then please take the following steps
first:
+ - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
+ to see if the problem has already been addressed
- Remove ASM versions of libraries
- Remove compiler optimisation flags
- - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer
- before you try to debug things)
If you wish to report a bug then please include the following information in
any bug report:
- OpenSSL Details
- - Version, most of these details can be got from the
- 'openssl version -a' command.
- Operating System Details
- - OS Name
- - OS Version
- - Hardware platform
- Compiler Details
- - Name
- - Version
- Application Details
- - Name
- - Version
- Problem Description
- - include steps that will reproduce the problem (if known)
- Stack Traceback (if the application dumps core)
-
- Report the bug to the OpenSSL project at:
-
- openssl-users@openssl.org
-
+ - On Unix systems:
+ Self-test report generated by 'make report'
+ - On other systems:
+ OpenSSL version: output of 'openssl version -a'
+ OS Name, Version, Hardware platform
+ Compiler Details (name, version)
+ - Application Details (name, version)
+ - Problem Description (steps that will reproduce the problem, if known)
+ - Stack Traceback (if the application dumps core)
+
+ Report the bug to the OpenSSL project via the Request Tracker
+ (http://www.openssl.org/rt2.html) by mail to:
+
+ openssl-bugs@openssl.org
+
+ Note that mail to openssl-bugs@openssl.org is recorded in the publicly
+ readable request tracker database and is forwarded to a public
+ mailing list. Confidential mail may be sent to openssl-security@openssl.org
+ (PGP key available from the key servers).
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ Development is coordinated on the openssl-dev mailing list (see
+ http://www.openssl.org for information on subscribing). If you
+ would like to submit a patch, send it to openssl-dev@openssl.org with
+ the string "[PATCH]" in the subject. Please be sure to include a
+ textual explanation of what your patch does.
+
+ Note: For legal reasons, contributions from the US can be accepted only
+ if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
+ see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
+ and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
+
+ The preferred format for changes is "diff -u" output. You might
+ generate it like this:
+
+ # cd openssl-work
+ # [your changes]
+ # ./Configure dist; make clean
+ # cd ..
+ # diff -ur openssl-orig openssl-work > mydiffs.patch