diff options
author | kris <kris@FreeBSD.org> | 2000-01-10 06:22:05 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-01-10 06:22:05 +0000 |
commit | 2e467dc342d6641955ef59a1a671ff929444d45b (patch) | |
tree | b5683ff3d44c93978826763313683673904c6bd9 /crypto/openssl/README | |
parent | e829abb179a8846d90fb31e1bcab4ea0aec4590f (diff) | |
download | FreeBSD-src-2e467dc342d6641955ef59a1a671ff929444d45b.zip FreeBSD-src-2e467dc342d6641955ef59a1a671ff929444d45b.tar.gz |
Initial import of OpenSSL 0.9.4, sans IDEA and RSA code for patent
infringement reasons.
Diffstat (limited to 'crypto/openssl/README')
-rw-r--r-- | crypto/openssl/README | 205 |
1 files changed, 205 insertions, 0 deletions
diff --git a/crypto/openssl/README b/crypto/openssl/README new file mode 100644 index 0000000..d7682e8 --- /dev/null +++ b/crypto/openssl/README @@ -0,0 +1,205 @@ + + OpenSSL 0.9.4 09 Aug 1999 + + Copyright (c) 1998-1999 The OpenSSL Project + Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson + All rights reserved. + + DESCRIPTION + ----------- + + The OpenSSL Project is a collaborative effort to develop a robust, + commercial-grade, fully featured, and Open Source toolkit implementing the + Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) + protocols with full-strength cryptography world-wide. The project is managed + by a worldwide community of volunteers that use the Internet to communicate, + plan, and develop the OpenSSL toolkit and its related documentation. + + OpenSSL is based on the excellent SSLeay library developed from Eric A. Young + and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the + OpenSSL license plus the SSLeay license) situation, which basically means + that you are free to get and use it for commercial and non-commercial + purposes as long as you fulfill the conditions of both licenses. + + OVERVIEW + -------- + + The OpenSSL toolkit includes: + + libssl.a: + Implementation of SSLv2, SSLv3, TLSv1 and the required code to support + both SSLv2, SSLv3 and TLSv1 in the one server and client. + + libcrypto.a: + General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not + actually logically part of it. It includes routines for the following: + + Ciphers + libdes - EAY's libdes DES encryption package which has been floating + around the net for a few years. It includes 15 + 'modes/variations' of DES (1, 2 and 3 key versions of ecb, + cbc, cfb and ofb; pcbc and a more general form of cfb and + ofb) including desx in cbc mode, a fast crypt(3), and + routines to read passwords from the keyboard. + RC4 encryption, + RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. + Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. + IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. + + Digests + MD5 and MD2 message digest algorithms, fast implementations, + SHA (SHA-0) and SHA-1 message digest algorithms, + MDC2 message digest. A DES based hash that is popular on smart cards. + + Public Key + RSA encryption/decryption/generation. + There is no limit on the number of bits. + DSA encryption/decryption/generation. + There is no limit on the number of bits. + Diffie-Hellman key-exchange/key generation. + There is no limit on the number of bits. + + X.509v3 certificates + X509 encoding/decoding into/from binary ASN1 and a PEM + based ascii-binary encoding which supports encryption with a + private key. Program to generate RSA and DSA certificate + requests and to generate RSA and DSA certificates. + + Systems + The normal digital envelope routines and base64 encoding. Higher + level access to ciphers and digests by name. New ciphers can be + loaded at run time. The BIO io system which is a simple non-blocking + IO abstraction. Current methods supported are file descriptors, + sockets, socket accept, socket connect, memory buffer, buffering, SSL + client/server, file pointer, encryption, digest, non-blocking testing + and null. + + Data structures + A dynamically growing hashing system + A simple stack. + A Configuration loader that uses a format similar to MS .ini files. + + openssl: + A command line tool which provides the following functions: + + enc - a general encryption program that can encrypt/decrypt using + one of 17 different cipher/mode combinations. The + input/output can also be converted to/from base64 + ascii encoding. + dgst - a generate message digesting program that will generate + message digests for any of md2, md5, sha (sha-0 or sha-1) + or mdc2. + asn1parse - parse and display the structure of an asn1 encoded + binary file. + rsa - Manipulate RSA private keys. + dsa - Manipulate DSA private keys. + dh - Manipulate Diffie-Hellman parameter files. + dsaparam- Manipulate and generate DSA parameter files. + crl - Manipulate certificate revocation lists. + crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate. + x509 - Manipulate x509 certificates, self-sign certificates. + req - Manipulate PKCS#10 certificate requests and also + generate certificate requests. + genrsa - Generates an arbitrary sized RSA private key. + gendsa - Generates DSA parameters. + gendh - Generates a set of Diffie-Hellman parameters, the prime + will be a strong prime. + ca - Create certificates from PKCS#10 certificate requests. + This program also maintains a database of certificates + issued. + verify - Check x509 certificate signatures. + speed - Benchmark OpenSSL's ciphers. + s_server- A test SSL server. + s_client- A test SSL client. + s_time - Benchmark SSL performance of SSL server programs. + errstr - Convert from OpenSSL hex error codes to a readable form. + nseq - Netscape certificate sequence utility + + PATENTS + ------- + + Various companies hold various patents for various algorithms in various + locations around the world. _YOU_ are responsible for ensuring that your use + of any algorithms is legal by checking if there are any patents in your + country. The file contains some of the patents that we know about or are + rumoured to exist. This is not a definitive list. + + RSA Data Security holds software patents on the RSA and RC5 algorithms. If + their ciphers are used used inside the USA (and Japan?), you must contact RSA + Data Security for licensing conditions. Their web page is + http://www.rsa.com/. + + RC4 is a trademark of RSA Data Security, so use of this label should perhaps + only be used with RSA Data Security's permission. + + The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, + Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should + be contacted if that algorithm is to be used, their web page is + http://www.ascom.ch/. + + INSTALLATION + ------------ + + To install this package under a Unix derivative, read the INSTALL file. For + a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read + INSTALL.VMS. + + For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s + public key library, RSAREF, by configuring OpenSSL with the option "rsaref". + + Read the documentation in the doc/ directory. It is quite rough, but it + lists the functions, you will probably have to look at the code to work out + how to used them. Look at the example programs. + + SUPPORT + ------- + + If you have any problems with OpenSSL then please take the following steps + first: + + - Remove ASM versions of libraries + - Remove compiler optimisation flags + - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer + before you try to debug things) + + If you wish to report a bug then please include the following information in + any bug report: + + OpenSSL Details + - Version, most of these details can be got from the + 'openssl version -a' command. + Operating System Details + - On Unix systems: Output of './config -t' + - OS Name, Version + - Hardware platform + Compiler Details + - Name + - Version + Application Details + - Name + - Version + Problem Description + - include steps that will reproduce the problem (if known) + Stack Traceback (if the application dumps core) + + Report the bug to the OpenSSL project at: + + openssl-bugs@openssl.org + + HOW TO CONTRIBUTE TO OpenSSL + ---------------------------- + + Development is coordinated on the openssl-dev mailing list (see + http://www.openssl.org for information on subscribing). If you + would like to submit a patch, send it to openssl-dev@openssl.org. + Please be sure to include a textual explanation of what your patch + does. + + The preferred format for changes is "diff -u" output. You might + generate it like this: + + # cd openssl-work + # [your changes] + # ./Configure dist; make clean + # cd .. + # diff -urN openssl-orig openssl-work > mydiffs.patch |