- SSLeay 0.8.1b 29-Jun-1998
- Copyright (c) 1997, Eric Young
- All rights reserved.
-
-This directory contains Eric Young's (eay@cryptsoft.com) implementation
-of SSL and supporting libraries.
-
-The current version of this library is available from
- ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
-
-There are patches to a number of internet applications which can be found in
- ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
-
-A Web page containing the SSLeay FAQ written by Tim Hudson <tjh@cryptsoft.com>
-can be found at
- http://www.psy.uq.oz.au/~ftp/Crypto
-
-Additional documentation is being slowly written by Eric Young, and is being
-added to http://www.cryptsoft.com/ssleay/doc. It will normally also be
-available on http://www.psy.uq.oz.au/~ftp/Crypto/ssleay
-
-This Library and programs are FREE for commercial and non-commercial
-usage. The only restriction is that I must be attributed with the
-development of this code. See the COPYRIGHT file for more details.
-Donations would still be accepted :-).
-
-THIS LIBRARY IS NOT %100 COMPATABLE WITH SSLeay 0.6.6
-
-The package includes
-
-libssl.a:
- My implementation of SSLv2, SSLv3 and the required code to support
- both SSLv2 and SSLv3 in the one server.
-
-libcrypto.a:
- General encryption and X509 stuff needed by SSL but not
- actually logically part of it. It includes routines for the following:
-
- Ciphers
- libdes - My libdes DES encryption package which has been floating
- around the net for a few years. It includes 15
- 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
- cbc, cfb and ofb; pcbc and a more general form of cfb and ofb)
- including desx in cbc mode,
- a fast crypt(3), and routines to read passwords from the
- keyboard.
- RC4 encryption,
- RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
- Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
- IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
-
- Digests
- MD5 and MD2 message digest algorithms, fast implementations,
- SHA (SHA-0) and SHA-1 message digest algorithms,
- MDC2 message digest. A DES based hash that is polular on smart cards.
-
- Public Key
- RSA encryption/decryption/generation. There is no limit
- on the number of bits.
- DSA encryption/decryption/generation. There is no limit on the
- number of bits.
- Diffie-Hellman key-exchange/key generation. There is no limit
- on the number of bits.
-
- X509v3 certificates
- X509 encoding/decoding into/from binary ASN1 and a PEM
- based ascii-binary encoding which supports encryption with
- a private key.
- Program to generate RSA and DSA certificate requests and to
- generate RSA and DSA certificates.
-
- Systems
- The normal digital envelope routines and base64 encoding.
- Higher level access to ciphers and digests by name. New ciphers can be
- loaded at run time.
- The BIO io system which is a simple non-blocking IO abstraction.
- Current methods supported are file descriptors, sockets,
- socket accept, socket connect, memory buffer, buffering,
- SSL client/server, file pointer, encryption, digest,
- non-blocking testing and null.
- Data structures
- A dynamically growing hashing system
- A simple stack.
- A Configuration loader that uses a format similar to MS .ini files.
-
-Programs in this package include
- enc - a general encryption program that can encrypt/decrypt using
- one of 17 different cipher/mode combinations. The
- input/output can also be converted to/from base64
- ascii encoding.
- dgst - a generate message digesting program that will generate
- message digests for any of md2, md5, sha (sha-0 or sha-1)
- or mdc2.
- asn1parse - parse and display the structure of an asn1 encoded
- binary file.
- rsa - Manipulate RSA private keys.
- dsa - Manipulate DSA private keys.
- dh - Manipulate Diffie-Hellman parameter files.
- dsaparam- Manipulate and generate DSA parameter files.
- crl - Manipulate certificate revocation lists.
- crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
- x509 - Manipulate x509 certificates, self-sign certificates.
- req - Manipulate PKCS#10 certificate requests and also
- generate certificate requests.
- genrsa - Generates an arbitrary sized RSA private key.
- gendh - Generates a set of Diffie-Hellman parameters, the prime
- will be a strong prime.
- ca - Create certificates from PKCS#10 certificate requests.
- This program also maintains a database of certificates
- issued.
- verify - Check x509 certificate signatures.
- speed - Benchmark SSLeay's ciphers.
- s_server- A test SSL server.
- s_client- A test SSL client.
- s_time - Benchmark SSL performance of SSL server programs.
- errstr - Convert from SSLeay hex error codes to a readable form.
-
-Documents avaliable are
- A Postscript and html reference manual
- (written by Tim Hudson tjh@cryptsoft.com).
-
- A list of text protocol references I used.
- An initial version of the library manual.
-
-To install this package, read the INSTALL file.
-For the Microsoft word, read MICROSOFT
-This library has been compiled and tested on Solaris 2.[34] (sparc and x86),
-SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5(?), IRIX 5.[23],
-LINUX, NeXT (intel), linux, Windows NT, Windows 3.1, MSDOS 6.22.
-
-Multithreading has been tested under Windows NT and Solaris 2.5.1
-
-Due to time constraints, the current release has only be rigorously tested
-on Solaris 2.[45], Linux and Windows NT.
-
-For people in the USA, it is possible to compile SSLeay to use RSA
-Inc.'s public key library, RSAref. From my understanding, it is
-claimed by RSA Inc. to be illegal to use my public key routines inside the USA.
-Read doc/rsaref.doc on how to build with RSAref.
-
-Read the documentation in the doc directory. It is quite rough,
-but it lists the functions, you will probably have to look at
-the code to work out how to used them. I will be working on
-documentation. Look at the example programs.
-
-There should be a SSL reference manual which is being put together by
-Tim Hudson (tjh@cryptsoft.com) in the same location as this
-distribution. This contains a lot more information that is very
-useful. For a description of X509 Certificates, their use, and
-certification, read rfc1421, rfc1422, rfc1423 and rfc1424. ssl/README
-also goes over the mechanism.
-
-We have setup some mailing lists for use by people that are interested
-in helping develop this code and/or ask questions.
- ssl-bugs@mincom.oz.au
- ssl-users@mincom.oz.au
- ssl-bugs-request@mincom.oz.au
- ssl-users-request@mincom.oz.au
-
-I have recently read about a new form of software, that which is in
-a permanent state of beta release. Linux and Netscape are 2 good
-examples of this, and I would also add SSLeay to this category.
-The Current stable release is 0.6.6. It has a few minor problems.
-0.8.0 is not call compatable so make sure you have the correct version
-of SSLeay to link with.
-
-eric (Jun 1997)
-
-Eric Young (eay@cryptsoft.com)
-86 Taunton St.
-Annerley 4103.
-Australia.
+ OpenSSL 0.9.3 24 May 1999
+
+ Copyright (c) 1998-1999 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
+ DESCRIPTION
+ -----------
+
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+ protocols with full-strength cryptography world-wide. The project is managed
+ by a worldwide community of volunteers that use the Internet to communicate,
+ plan, and develop the OpenSSL toolkit and its related documentation.
+
+ OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
+ and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license) situation, which basically means
+ that you are free to get and use it for commercial and non-commercial
+ purposes as long as you fulfill the conditions of both licenses.
+
+ OVERVIEW
+ --------
+
+ The OpenSSL toolkit includes:
+
+ libssl.a:
+ Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
+ both SSLv2, SSLv3 and TLSv1 in the one server and client.
+
+ libcrypto.a:
+ General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
+ actually logically part of it. It includes routines for the following:
+
+ Ciphers
+ libdes - EAY's libdes DES encryption package which has been floating
+ around the net for a few years. It includes 15
+ 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
+ cbc, cfb and ofb; pcbc and a more general form of cfb and
+ ofb) including desx in cbc mode, a fast crypt(3), and
+ routines to read passwords from the keyboard.
+ RC4 encryption,
+ RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
+ Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
+ IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
+
+ Digests
+ MD5 and MD2 message digest algorithms, fast implementations,
+ SHA (SHA-0) and SHA-1 message digest algorithms,
+ MDC2 message digest. A DES based hash that is popular on smart cards.
+
+ Public Key
+ RSA encryption/decryption/generation.
+ There is no limit on the number of bits.
+ DSA encryption/decryption/generation.
+ There is no limit on the number of bits.
+ Diffie-Hellman key-exchange/key generation.
+ There is no limit on the number of bits.
+
+ X.509v3 certificates
+ X509 encoding/decoding into/from binary ASN1 and a PEM
+ based ascii-binary encoding which supports encryption with a
+ private key. Program to generate RSA and DSA certificate
+ requests and to generate RSA and DSA certificates.
+
+ Systems
+ The normal digital envelope routines and base64 encoding. Higher
+ level access to ciphers and digests by name. New ciphers can be
+ loaded at run time. The BIO io system which is a simple non-blocking
+ IO abstraction. Current methods supported are file descriptors,
+ sockets, socket accept, socket connect, memory buffer, buffering, SSL
+ client/server, file pointer, encryption, digest, non-blocking testing
+ and null.
+
+ Data structures
+ A dynamically growing hashing system
+ A simple stack.
+ A Configuration loader that uses a format similar to MS .ini files.
+
+ openssl:
+ A command line tool which provides the following functions:
+
+ enc - a general encryption program that can encrypt/decrypt using
+ one of 17 different cipher/mode combinations. The
+ input/output can also be converted to/from base64
+ ascii encoding.
+ dgst - a generate message digesting program that will generate
+ message digests for any of md2, md5, sha (sha-0 or sha-1)
+ or mdc2.
+ asn1parse - parse and display the structure of an asn1 encoded
+ binary file.
+ rsa - Manipulate RSA private keys.
+ dsa - Manipulate DSA private keys.
+ dh - Manipulate Diffie-Hellman parameter files.
+ dsaparam- Manipulate and generate DSA parameter files.
+ crl - Manipulate certificate revocation lists.
+ crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
+ x509 - Manipulate x509 certificates, self-sign certificates.
+ req - Manipulate PKCS#10 certificate requests and also
+ generate certificate requests.
+ genrsa - Generates an arbitrary sized RSA private key.
+ gendsa - Generates DSA parameters.
+ gendh - Generates a set of Diffie-Hellman parameters, the prime
+ will be a strong prime.
+ ca - Create certificates from PKCS#10 certificate requests.
+ This program also maintains a database of certificates
+ issued.
+ verify - Check x509 certificate signatures.
+ speed - Benchmark OpenSSL's ciphers.
+ s_server- A test SSL server.
+ s_client- A test SSL client.
+ s_time - Benchmark SSL performance of SSL server programs.
+ errstr - Convert from OpenSSL hex error codes to a readable form.
+ nseq - Netscape certificate sequence utility
+
+ PATENTS
+ -------
+
+ Various companies hold various patents for various algorithms in various
+ locations around the world. _YOU_ are responsible for ensuring that your use
+ of any algorithms is legal by checking if there are any patents in your
+ country. The file contains some of the patents that we know about or are
+ rumoured to exist. This is not a definitive list.
+
+ RSA Data Security holds software patents on the RSA and RC5 algorithms. If
+ their ciphers are used used inside the USA (and Japan?), you must contact RSA
+ Data Security for licensing conditions. Their web page is
+ http://www.rsa.com/.
+
+ RC4 is a trademark of RSA Data Security, so use of this label should perhaps
+ only be used with RSA Data Security's permission.
+
+ The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+ Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should
+ be contacted if that algorithm is to be used, their web page is
+ http://www.ascom.ch/.
+
+ INSTALLATION
+ ------------
+
+ To install this package under a Unix derivative, read the INSTALL file. For
+ a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
+ INSTALL.VMS.
+
+ For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s
+ public key library, RSAREF, by configuring OpenSSL with the option "rsaref".
+
+ Read the documentation in the doc/ directory. It is quite rough, but it
+ lists the functions, you will probably have to look at the code to work out
+ how to used them. Look at the example programs.
+
+ SUPPORT
+ -------
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+ - Remove ASM versions of libraries
+ - Remove compiler optimisation flags
+ - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer
+ before you try to debug things)
+
+ If you wish to report a bug then please include the following information in
+ any bug report:
+
+ OpenSSL Details
+ - Version, most of these details can be got from the
+ 'openssl version -a' command.
+ Operating System Details
+ - On Unix systems: Output of './config -t'
+ - OS Name, Version
+ - Hardware platform
+ Compiler Details
+ - Name
+ - Version
+ Application Details
+ - Name
+ - Version
+ Problem Description
+ - include steps that will reproduce the problem (if known)
+ Stack Traceback (if the application dumps core)
+
+ Report the bug to the OpenSSL project at:
+
+ openssl-bugs@openssl.org
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ Development is coordinated on the openssl-dev mailing list (see
+ http://www.openssl.org for information on subscribing). If you
+ would like to submit a patch, send it to openssl-dev@openssl.org.
+ Please be sure to include a textual explanation of what your patch
+ does.
+
+ The preferred format for changes is "diff -u" output. You might
+ generate it like this:
+
+ # cd openssl-work
+ # [your changes]
+ # ./Configure dist; make clean
+ # cd ..
+ # diff -urN openssl-orig openssl-work > mydiffs.patch
projects / openssl.git / blobdiff