		 SSLeay v 0.4.2 06/06/95
		 Copyright (c) 1995, Eric Young
		 All rights reserved.

This directory contains Eric Young's (eay@mincom.oz.au) implementation
of SSL and supporting libraries.

The current version of this library is available from
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.xx.tar.gz

There are patches to a number of internet applications which can be found in
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/

This Library and programs are FREE for commercial and non-commercial
usage.  The only restriction is that I must be attributed with the
development of this code.  See the COPYRIGHT file for more details.
Donations would still be accepted :-).

The package includes

libssl.a:
	My implementation of Netscapes SSL protocol.  This library
	implements the SSL protocol.

libcrypto.a:
	General encryption and X509 stuff needed by SSL but not
	actuall logically part of it.  It include routines for the following:
	RC4 encryption,
	IDEA encryption,
	MD5 and MD2 message digest algorithms,
	RSA encryption/decryption/key generation.  There is no limit
		on the number of bits in the key other than your processor
		speed :-).  I have some timing info for 512, 1024,
		2048, 3072 and 4096 bit keys.  The DEC Alpha is about
		the only machine I have tested on that can do 4096 bit keys in
		semi-real time (17sec :-).
	X509 encoding/decoding into/from binary DER, ascii text and a
		PEM based ascii-binary encoding which supports DES
		encryption of the private RSA key.
	lhash - a general purpose hashing packages.

libdes.a:
	My libdes package which has been floating around the net for a
	few years.  It includes 10 'modes/variations' of DES,
	a fast crypt(3), and routines to read passwords from the
	keyboard.

Programs in this package include
	des 	a SunOS des(1) compatible DES encryption/decryption
		program.
	md2	Generates a md2 message digest.
	md5	Generates a md5 message digest.
	genrsa	Generates an arbitrary sized RSA secret key.
	x509	X509 management program, it will self-sign
		certificates and will 'certify' certificates.
	rsa	rsa Private key management program.
	verify	'walks the X509 verification tree' and reports errors.
	make_cert makes a X509 certificate (needs key added and
		signing by a CA, which x509 does).
	der_parse 'parses' der encoded files and reports the
		structure.  More of a general interest program :-).
	ssl_server/ssl_client example programs that talk SSL and can be used
		test authentication.  Read ssl/README for a full
		explination of their use and SSLeay authentication model.
		
Documents included are
	A Postscript and html reference manual
	(written by Tim Hudson tjh@mincom.oz.au).
	A list of text protocol references I used.

To install this package, first have a look in PORTING to see what
flags are suggested for your particular box.
It has been compiled and tested on Solaris 2.x (sparc and x86),
SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX, AIX, IRIX, LINUX.

Edit the top level Makefile, rsa/bn.h (described in PORTING)
and rsa/location.h (described in rsa/README)
make
make test
cd to the ssl directory and read the README.  Then run ssl_server and
ssl_client and make sure they talk to each other.  When you are happy,
make install
and that should be it.

Read the documentation in the doc directory.  It is unfortunaly very
sparse, but it lists the functions, you will probably have to look at
the code to work out how to used them.  I will be working on
documentation.  Look at the example programs.
There should be a SSL reference manual which is being put together by
Tim Hudson (tjh@mincom.oz.au) in the same location as this
distribution.  This contains alot more information that is very
useful.  For a description of X509 Certificates, their use, and
certification, read rfc1421, rfc1422, rfc1423 and rfc1424.  ssl/README
also goes over the mechanism.

We have setup some mailing lists for use by people that are interested
in helping develop this code and/or ask questions.
    ssl-bugs@mincom.oz.au
    ssl-users@mincom.oz.au
    ssl-users-request@mincom.oz.au

This release is definitely an alpha release.  Since the start of April
until now (2 months) I have written 16,000 of the 20,000 lines of code
that make up this package (I had written the DES library a few years
before) outside of my normal work hours.  The most heavily trodden
paths work, but the side tracks are a bit untested :-).  Any feedback
and bug fixes would be greatly appreciated but should be directed to
the above mailing lists.  This library is severely lacking in documentation,
but unless I release it now, I feel it will never get out the door :-).
While documentation is minimal, I will be working on fixing that problem.
Until then all I can say is, read the code and mail to the lists :-).
When you read the code you will also notice a general lack of
comments, this will improve over time.

Look at TODO for a list of thinks I know I still need to do.

PLEASE NOTE - the random number generating is not good in the genrsa
program.  USE AT YOUR OWN RISK (or send me your suggestions on
improvements :-).  This needs to be addressed in an OS dependent fashion.

Currently my RSA code takes about 3 seconds to RSA encrypt a 1024 bit
key on a 80486dx/50MHz (Solaris 2.4).  I don't know how this compares
to other RSA implementations but I am currently using the 'inverse
multiply' algorithm for my mod_mul.  I know there is another probably
faster incremental division but since I don't understand it yet, I have not
had a go at implementing it :-).  I don't intend to do ASM
versions of my mod_mul because it would take too much effort on my
part, but if other people are keen to send me code, or talk about it,
send email to the mailing lists.

eric

Eric Young (eay@mincom.oz.au)
86 Taunton St.
Annerley 4103.
Australia.
