1998-12-21 18:52:47 +08:00
|
|
|
|
2011-02-09 01:48:57 +08:00
|
|
|
OpenSSL 1.1.0-dev
|
1998-12-22 23:04:48 +08:00
|
|
|
|
2015-07-31 23:52:57 +08:00
|
|
|
Copyright (c) 1998-2015 The OpenSSL Project
|
1999-01-31 19:15:44 +08:00
|
|
|
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
1998-12-22 23:04:48 +08:00
|
|
|
All rights reserved.
|
|
|
|
|
1999-03-06 22:04:40 +08:00
|
|
|
DESCRIPTION
|
|
|
|
-----------
|
|
|
|
|
1998-12-23 15:38:54 +08:00
|
|
|
The OpenSSL Project is a collaborative effort to develop a robust,
|
1998-12-22 23:04:48 +08:00
|
|
|
commercial-grade, fully featured, and Open Source toolkit implementing the
|
1999-03-06 21:35:14 +08:00
|
|
|
Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
|
2000-03-02 01:05:14 +08:00
|
|
|
protocols as well as a full-strength general purpose cryptography library.
|
|
|
|
The project is managed by a worldwide community of volunteers that use the
|
|
|
|
Internet to communicate, plan, and develop the OpenSSL toolkit and its
|
2002-12-10 18:51:18 +08:00
|
|
|
related documentation.
|
1998-12-22 23:04:48 +08:00
|
|
|
|
1998-12-23 15:38:54 +08:00
|
|
|
OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
|
1999-03-06 21:35:14 +08:00
|
|
|
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
|
|
|
|
OpenSSL license plus the SSLeay license) situation, which basically means
|
|
|
|
that you are free to get and use it for commercial and non-commercial
|
2002-12-10 18:51:18 +08:00
|
|
|
purposes as long as you fulfill the conditions of both licenses.
|
1998-12-22 23:04:48 +08:00
|
|
|
|
1999-03-06 22:04:40 +08:00
|
|
|
OVERVIEW
|
|
|
|
--------
|
|
|
|
|
1999-03-06 21:35:14 +08:00
|
|
|
The OpenSSL toolkit includes:
|
1998-12-22 23:04:48 +08:00
|
|
|
|
|
|
|
libssl.a:
|
|
|
|
Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
|
1999-03-06 21:35:14 +08:00
|
|
|
both SSLv2, SSLv3 and TLSv1 in the one server and client.
|
1998-12-22 23:04:48 +08:00
|
|
|
|
|
|
|
libcrypto.a:
|
1999-03-06 21:35:14 +08:00
|
|
|
General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
|
|
|
|
actually logically part of it. It includes routines for the following:
|
1998-12-22 23:04:48 +08:00
|
|
|
|
|
|
|
Ciphers
|
2007-03-21 18:58:45 +08:00
|
|
|
libdes - EAY's libdes DES encryption package which was floating
|
|
|
|
around the net for a few years, and was then relicensed by
|
|
|
|
him as part of SSLeay. It includes 15 'modes/variations'
|
|
|
|
of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
|
|
|
|
pcbc and a more general form of cfb and ofb) including desx
|
|
|
|
in cbc mode, a fast crypt(3), and routines to read
|
|
|
|
passwords from the keyboard.
|
1998-12-22 23:04:48 +08:00
|
|
|
RC4 encryption,
|
|
|
|
RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
|
|
|
|
Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
|
|
|
|
IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
|
|
|
|
|
|
|
|
Digests
|
|
|
|
MD5 and MD2 message digest algorithms, fast implementations,
|
|
|
|
SHA (SHA-0) and SHA-1 message digest algorithms,
|
1999-05-20 03:20:49 +08:00
|
|
|
MDC2 message digest. A DES based hash that is popular on smart cards.
|
1998-12-22 23:04:48 +08:00
|
|
|
|
|
|
|
Public Key
|
2002-12-10 18:51:18 +08:00
|
|
|
RSA encryption/decryption/generation.
|
1998-12-22 23:04:48 +08:00
|
|
|
There is no limit on the number of bits.
|
2002-12-10 18:51:18 +08:00
|
|
|
DSA encryption/decryption/generation.
|
1998-12-22 23:04:48 +08:00
|
|
|
There is no limit on the number of bits.
|
2002-12-10 20:01:39 +08:00
|
|
|
Diffie-Hellman key-exchange/key generation.
|
1998-12-22 23:04:48 +08:00
|
|
|
There is no limit on the number of bits.
|
|
|
|
|
|
|
|
X.509v3 certificates
|
|
|
|
X509 encoding/decoding into/from binary ASN1 and a PEM
|
2001-09-07 14:13:40 +08:00
|
|
|
based ASCII-binary encoding which supports encryption with a
|
1998-12-22 23:04:48 +08:00
|
|
|
private key. Program to generate RSA and DSA certificate
|
|
|
|
requests and to generate RSA and DSA certificates.
|
|
|
|
|
|
|
|
Systems
|
|
|
|
The normal digital envelope routines and base64 encoding. Higher
|
|
|
|
level access to ciphers and digests by name. New ciphers can be
|
|
|
|
loaded at run time. The BIO io system which is a simple non-blocking
|
|
|
|
IO abstraction. Current methods supported are file descriptors,
|
|
|
|
sockets, socket accept, socket connect, memory buffer, buffering, SSL
|
|
|
|
client/server, file pointer, encryption, digest, non-blocking testing
|
|
|
|
and null.
|
|
|
|
|
|
|
|
Data structures
|
|
|
|
A dynamically growing hashing system
|
|
|
|
A simple stack.
|
|
|
|
A Configuration loader that uses a format similar to MS .ini files.
|
|
|
|
|
2005-04-26 05:36:56 +08:00
|
|
|
openssl:
|
2000-02-24 07:47:05 +08:00
|
|
|
A command line tool that can be used for:
|
|
|
|
Creation of RSA, DH and DSA key parameters
|
2005-04-26 05:36:56 +08:00
|
|
|
Creation of X.509 certificates, CSRs and CRLs
|
2000-02-24 07:47:05 +08:00
|
|
|
Calculation of Message Digests
|
|
|
|
Encryption and Decryption with Ciphers
|
|
|
|
SSL/TLS Client and Server Tests
|
|
|
|
Handling of S/MIME signed or encrypted mail
|
|
|
|
|
1999-03-06 22:04:40 +08:00
|
|
|
INSTALLATION
|
|
|
|
------------
|
|
|
|
|
1999-03-06 21:35:14 +08:00
|
|
|
To install this package under a Unix derivative, read the INSTALL file. For
|
1999-05-13 19:37:32 +08:00
|
|
|
a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
|
|
|
|
INSTALL.VMS.
|
1998-12-22 23:04:48 +08:00
|
|
|
|
1999-03-06 21:35:14 +08:00
|
|
|
Read the documentation in the doc/ directory. It is quite rough, but it
|
2001-01-25 22:46:00 +08:00
|
|
|
lists the functions; you will probably have to look at the code to work out
|
|
|
|
how to use them. Look at the example programs.
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2002-07-16 18:04:40 +08:00
|
|
|
PROBLEMS
|
|
|
|
--------
|
|
|
|
|
|
|
|
For some platforms, there are some known problems that may affect the user
|
|
|
|
or application author. We try to collect those in doc/PROBLEMS, with current
|
|
|
|
thoughts on how they should be solved in a future of OpenSSL.
|
|
|
|
|
2005-04-26 05:36:56 +08:00
|
|
|
SUPPORT
|
1999-03-06 22:04:40 +08:00
|
|
|
-------
|
|
|
|
|
2009-08-13 00:44:33 +08:00
|
|
|
See the OpenSSL website www.openssl.org for details of how to obtain
|
|
|
|
commercial technical support.
|
|
|
|
|
1999-03-06 22:04:40 +08:00
|
|
|
If you have any problems with OpenSSL then please take the following steps
|
|
|
|
first:
|
|
|
|
|
2000-02-24 07:47:05 +08:00
|
|
|
- Download the current snapshot from ftp://ftp.openssl.org/snapshot/
|
|
|
|
to see if the problem has already been addressed
|
1999-03-06 22:04:40 +08:00
|
|
|
- Remove ASM versions of libraries
|
2005-04-26 05:36:56 +08:00
|
|
|
- Remove compiler optimisation flags
|
1999-03-06 22:04:40 +08:00
|
|
|
|
|
|
|
If you wish to report a bug then please include the following information in
|
|
|
|
any bug report:
|
|
|
|
|
2000-02-24 07:47:05 +08:00
|
|
|
- On Unix systems:
|
|
|
|
Self-test report generated by 'make report'
|
|
|
|
- On other systems:
|
|
|
|
OpenSSL version: output of 'openssl version -a'
|
|
|
|
OS Name, Version, Hardware platform
|
|
|
|
Compiler Details (name, version)
|
|
|
|
- Application Details (name, version)
|
|
|
|
- Problem Description (steps that will reproduce the problem, if known)
|
|
|
|
- Stack Traceback (if the application dumps core)
|
1999-03-06 22:04:40 +08:00
|
|
|
|
2014-09-10 05:41:46 +08:00
|
|
|
Email the report to:
|
1999-03-06 22:04:40 +08:00
|
|
|
|
2015-07-29 00:41:36 +08:00
|
|
|
rt@openssl.org
|
1999-03-06 22:04:40 +08:00
|
|
|
|
2015-07-29 00:41:36 +08:00
|
|
|
In order to avoid spam, this is a moderated mailing list, and it might
|
|
|
|
take a day for the ticket to show up. (We also scan posts to make sure
|
|
|
|
that security disclosures aren't publically posted by mistake.) Mail to
|
|
|
|
this address is recorded in the public RT (request tracker) database (see
|
|
|
|
https://www.openssl.org/support/rt.html for details) and also forwarded
|
|
|
|
the public openssl-dev mailing list. Confidential mail may be sent to
|
|
|
|
openssl-security@openssl.org (PGP key available from the key servers).
|
2009-08-13 00:44:33 +08:00
|
|
|
|
2015-07-29 00:41:36 +08:00
|
|
|
Please do NOT use this for general assistance or support queries.
|
|
|
|
Just because something doesn't work the way you expect does not mean it
|
|
|
|
is necessarily a bug in OpenSSL.
|
|
|
|
|
|
|
|
You can also make GitHub pull requests. If you do this, please also send
|
|
|
|
mail to rt@openssl.org with a link to the PR so that we can more easily
|
|
|
|
keep track of it.
|
1999-12-16 23:10:29 +08:00
|
|
|
|
1999-05-06 08:40:46 +08:00
|
|
|
HOW TO CONTRIBUTE TO OpenSSL
|
|
|
|
----------------------------
|
|
|
|
|
|
|
|
Development is coordinated on the openssl-dev mailing list (see
|
|
|
|
http://www.openssl.org for information on subscribing). If you
|
2009-08-13 00:44:33 +08:00
|
|
|
would like to submit a patch, send it to openssl-bugs@openssl.org with
|
1999-12-16 23:10:29 +08:00
|
|
|
the string "[PATCH]" in the subject. Please be sure to include a
|
|
|
|
textual explanation of what your patch does.
|
1999-05-06 08:40:46 +08:00
|
|
|
|
2009-08-13 00:44:33 +08:00
|
|
|
If you are unsure as to whether a feature will be useful for the general
|
|
|
|
OpenSSL community please discuss it on the openssl-dev mailing list first.
|
|
|
|
Someone may be already working on the same thing or there may be a good
|
|
|
|
reason as to why that feature isn't implemented.
|
|
|
|
|
|
|
|
Patches should be as up to date as possible, preferably relative to the
|
2015-07-29 00:41:36 +08:00
|
|
|
current Git or the last snapshot. They should follow our coding style
|
|
|
|
(see http://openssl.org/about/codingstyle.txt) and compile without
|
|
|
|
warnings using the --strict-warnings flag. OpenSSL compiles on many
|
|
|
|
varied platforms: try to ensure you only use portable features.
|
2009-08-13 00:44:33 +08:00
|
|
|
|
2000-09-20 04:52:30 +08:00
|
|
|
Note: For legal reasons, contributions from the US can be accepted only
|
2004-07-11 16:58:43 +08:00
|
|
|
if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
|
|
|
|
(formerly BXA) with a copy to the ENC Encryption Request Coordinator;
|
|
|
|
please take some time to look at
|
|
|
|
http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
|
|
|
|
and
|
|
|
|
http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
|
|
|
|
for the details. If "your encryption source code is too large to serve as
|
2004-07-12 14:23:28 +08:00
|
|
|
an email attachment", they are glad to receive it by fax instead; hope you
|
2004-07-11 16:58:43 +08:00
|
|
|
have a cheap long-distance plan.
|
|
|
|
|
|
|
|
Our preferred format for changes is "diff -u" output. You might
|
1999-05-06 08:40:46 +08:00
|
|
|
generate it like this:
|
|
|
|
|
|
|
|
# cd openssl-work
|
|
|
|
# [your changes]
|
|
|
|
# ./Configure dist; make clean
|
|
|
|
# cd ..
|
2000-09-01 17:42:17 +08:00
|
|
|
# diff -ur openssl-orig openssl-work > mydiffs.patch
|
2002-12-10 18:49:22 +08:00
|
|
|
|