1998-12-21 19:00:56 +08:00
|
|
|
SSLeay 0.9.1a 06-Jul-1998
|
1998-12-21 18:52:47 +08:00
|
|
|
Copyright (c) 1997, Eric Young
|
|
|
|
All rights reserved.
|
|
|
|
|
|
|
|
This directory contains Eric Young's (eay@cryptsoft.com) implementation
|
|
|
|
of SSL and supporting libraries.
|
|
|
|
|
|
|
|
The current version of this library is available from
|
|
|
|
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
|
|
|
|
|
|
|
|
There are patches to a number of internet applications which can be found in
|
|
|
|
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
|
|
|
|
|
|
|
|
A Web page containing the SSLeay FAQ written by Tim Hudson <tjh@cryptsoft.com>
|
|
|
|
can be found at
|
|
|
|
http://www.psy.uq.oz.au/~ftp/Crypto
|
|
|
|
|
|
|
|
Additional documentation is being slowly written by Eric Young, and is being
|
|
|
|
added to http://www.cryptsoft.com/ssleay/doc. It will normally also be
|
|
|
|
available on http://www.psy.uq.oz.au/~ftp/Crypto/ssleay
|
|
|
|
|
|
|
|
This Library and programs are FREE for commercial and non-commercial
|
|
|
|
usage. The only restriction is that I must be attributed with the
|
|
|
|
development of this code. See the COPYRIGHT file for more details.
|
|
|
|
Donations would still be accepted :-).
|
|
|
|
|
|
|
|
THIS LIBRARY IS NOT %100 COMPATABLE WITH SSLeay 0.6.6
|
|
|
|
|
|
|
|
The package includes
|
|
|
|
|
|
|
|
libssl.a:
|
|
|
|
My implementation of SSLv2, SSLv3 and the required code to support
|
|
|
|
both SSLv2 and SSLv3 in the one server.
|
|
|
|
|
|
|
|
libcrypto.a:
|
|
|
|
General encryption and X509 stuff needed by SSL but not
|
|
|
|
actually logically part of it. It includes routines for the following:
|
|
|
|
|
|
|
|
Ciphers
|
|
|
|
libdes - My libdes DES encryption package which has been floating
|
|
|
|
around the net for a few years. It includes 15
|
|
|
|
'modes/variations' of DES (1, 2 and 3 key versions of ecb,
|
|
|
|
cbc, cfb and ofb; pcbc and a more general form of cfb and ofb)
|
|
|
|
including desx in cbc mode,
|
|
|
|
a fast crypt(3), and routines to read passwords from the
|
|
|
|
keyboard.
|
|
|
|
RC4 encryption,
|
|
|
|
RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
|
|
|
|
Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
|
|
|
|
IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
|
|
|
|
|
|
|
|
Digests
|
|
|
|
MD5 and MD2 message digest algorithms, fast implementations,
|
|
|
|
SHA (SHA-0) and SHA-1 message digest algorithms,
|
|
|
|
MDC2 message digest. A DES based hash that is polular on smart cards.
|
|
|
|
|
|
|
|
Public Key
|
|
|
|
RSA encryption/decryption/generation. There is no limit
|
|
|
|
on the number of bits.
|
|
|
|
DSA encryption/decryption/generation. There is no limit on the
|
|
|
|
number of bits.
|
|
|
|
Diffie-Hellman key-exchange/key generation. There is no limit
|
|
|
|
on the number of bits.
|
|
|
|
|
|
|
|
X509v3 certificates
|
|
|
|
X509 encoding/decoding into/from binary ASN1 and a PEM
|
|
|
|
based ascii-binary encoding which supports encryption with
|
|
|
|
a private key.
|
|
|
|
Program to generate RSA and DSA certificate requests and to
|
|
|
|
generate RSA and DSA certificates.
|
|
|
|
|
|
|
|
Systems
|
|
|
|
The normal digital envelope routines and base64 encoding.
|
|
|
|
Higher level access to ciphers and digests by name. New ciphers can be
|
|
|
|
loaded at run time.
|
|
|
|
The BIO io system which is a simple non-blocking IO abstraction.
|
|
|
|
Current methods supported are file descriptors, sockets,
|
|
|
|
socket accept, socket connect, memory buffer, buffering,
|
|
|
|
SSL client/server, file pointer, encryption, digest,
|
|
|
|
non-blocking testing and null.
|
|
|
|
Data structures
|
|
|
|
A dynamically growing hashing system
|
|
|
|
A simple stack.
|
|
|
|
A Configuration loader that uses a format similar to MS .ini files.
|
|
|
|
|
|
|
|
Programs in this package include
|
|
|
|
enc - a general encryption program that can encrypt/decrypt using
|
|
|
|
one of 17 different cipher/mode combinations. The
|
|
|
|
input/output can also be converted to/from base64
|
|
|
|
ascii encoding.
|
|
|
|
dgst - a generate message digesting program that will generate
|
|
|
|
message digests for any of md2, md5, sha (sha-0 or sha-1)
|
|
|
|
or mdc2.
|
|
|
|
asn1parse - parse and display the structure of an asn1 encoded
|
|
|
|
binary file.
|
|
|
|
rsa - Manipulate RSA private keys.
|
|
|
|
dsa - Manipulate DSA private keys.
|
|
|
|
dh - Manipulate Diffie-Hellman parameter files.
|
|
|
|
dsaparam- Manipulate and generate DSA parameter files.
|
|
|
|
crl - Manipulate certificate revocation lists.
|
|
|
|
crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
|
|
|
|
x509 - Manipulate x509 certificates, self-sign certificates.
|
|
|
|
req - Manipulate PKCS#10 certificate requests and also
|
|
|
|
generate certificate requests.
|
|
|
|
genrsa - Generates an arbitrary sized RSA private key.
|
|
|
|
gendh - Generates a set of Diffie-Hellman parameters, the prime
|
|
|
|
will be a strong prime.
|
|
|
|
ca - Create certificates from PKCS#10 certificate requests.
|
|
|
|
This program also maintains a database of certificates
|
|
|
|
issued.
|
|
|
|
verify - Check x509 certificate signatures.
|
|
|
|
speed - Benchmark SSLeay's ciphers.
|
|
|
|
s_server- A test SSL server.
|
|
|
|
s_client- A test SSL client.
|
|
|
|
s_time - Benchmark SSL performance of SSL server programs.
|
|
|
|
errstr - Convert from SSLeay hex error codes to a readable form.
|
|
|
|
|
|
|
|
Documents avaliable are
|
|
|
|
A Postscript and html reference manual
|
|
|
|
(written by Tim Hudson tjh@cryptsoft.com).
|
|
|
|
|
|
|
|
A list of text protocol references I used.
|
|
|
|
An initial version of the library manual.
|
|
|
|
|
|
|
|
To install this package, read the INSTALL file.
|
|
|
|
For the Microsoft word, read MICROSOFT
|
|
|
|
This library has been compiled and tested on Solaris 2.[34] (sparc and x86),
|
|
|
|
SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5(?), IRIX 5.[23],
|
|
|
|
LINUX, NeXT (intel), linux, Windows NT, Windows 3.1, MSDOS 6.22.
|
|
|
|
|
|
|
|
Multithreading has been tested under Windows NT and Solaris 2.5.1
|
|
|
|
|
|
|
|
Due to time constraints, the current release has only be rigorously tested
|
|
|
|
on Solaris 2.[45], Linux and Windows NT.
|
|
|
|
|
|
|
|
For people in the USA, it is possible to compile SSLeay to use RSA
|
|
|
|
Inc.'s public key library, RSAref. From my understanding, it is
|
|
|
|
claimed by RSA Inc. to be illegal to use my public key routines inside the USA.
|
|
|
|
Read doc/rsaref.doc on how to build with RSAref.
|
|
|
|
|
|
|
|
Read the documentation in the doc directory. It is quite rough,
|
|
|
|
but it lists the functions, you will probably have to look at
|
|
|
|
the code to work out how to used them. I will be working on
|
|
|
|
documentation. Look at the example programs.
|
|
|
|
|
|
|
|
There should be a SSL reference manual which is being put together by
|
|
|
|
Tim Hudson (tjh@cryptsoft.com) in the same location as this
|
|
|
|
distribution. This contains a lot more information that is very
|
|
|
|
useful. For a description of X509 Certificates, their use, and
|
|
|
|
certification, read rfc1421, rfc1422, rfc1423 and rfc1424. ssl/README
|
|
|
|
also goes over the mechanism.
|
|
|
|
|
|
|
|
We have setup some mailing lists for use by people that are interested
|
|
|
|
in helping develop this code and/or ask questions.
|
|
|
|
ssl-bugs@mincom.oz.au
|
|
|
|
ssl-users@mincom.oz.au
|
|
|
|
ssl-bugs-request@mincom.oz.au
|
|
|
|
ssl-users-request@mincom.oz.au
|
|
|
|
|
|
|
|
I have recently read about a new form of software, that which is in
|
|
|
|
a permanent state of beta release. Linux and Netscape are 2 good
|
|
|
|
examples of this, and I would also add SSLeay to this category.
|
|
|
|
The Current stable release is 0.6.6. It has a few minor problems.
|
|
|
|
0.8.0 is not call compatable so make sure you have the correct version
|
|
|
|
of SSLeay to link with.
|
|
|
|
|
|
|
|
eric (Jun 1997)
|
|
|
|
|
|
|
|
Eric Young (eay@cryptsoft.com)
|
|
|
|
86 Taunton St.
|
|
|
|
Annerley 4103.
|
|
|
|
Australia.
|
|
|
|
|