OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.003 Release Notes (5900-2311, May 2012)

ManualsBrandsHP ManualsSoftwareHP-UX OpenSSL Software

OpenSSL A.00.09.08w.001,

A.00.09.08w.002, and A.00.09.08w.003

Release Notes

HP-UX 11i V1, HP-UX 11i V2, and HP-UX 11i V3

HP Part Number: 5900-2311

Published: May 2012

Summary of content (26 pages)

PAGE 1
OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.
PAGE 2
© Copyright 2010, 2012 Hewlett-Packard Development Company, L.P. Legal Notices Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
PAGE 3
Contents 1 OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.003............4 Announcement.........................................................................................................................4 OpenSSL A.00.09.07m and A.00.09.08w features.......................................................................5 Ciphers..............................................................................................................................5 Message digest.........................
PAGE 4
1 OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.003 This document contains the most recent product information for OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.003 supported on HP-UX 11i V1, HP-UX 11i V2, and HP-UX 11i V3, respectively. This document contains the following information: • OpenSSL Features • Installing OpenSSL • Using the OpenSSL command-line Tool • Frequently Asked Questions (FAQs) Announcement This version of OpenSSL is based on the open source OpenSSL 0.9.
PAGE 5
./Configure threads zlib shared no-rc5 no-idea no-krb5 --openssldir=/opt/openssl hpux-cc FIPS Capable OpenSSL (based on OpenSSL A.00.09.07m and linked against FIPS-1.1.2 module) is built with the following options: ./Configure threads zlib shared no-rc5 no-idea no-krb5 no-mdc2 --openssldir=/opt/openssl hpux-cc FIPS Capable OpenSSL (based on OpenSSL A.00.09.08w and linked against FIPS-1.2 module) is built with the following options: .
PAGE 6
• Data Encryption Standard Extension (DESX) • Rivest Cipher 2 (RC2) • Rivest Cipher 4 (RC4) Message digest A message digest is a piece of data that can be used to verify that the contents of the message has not been altered during transit. When a message is sent over a network, the sender computes a message digest by performing a one-way hash function using a secret key known only to the sender and recipient.
PAGE 7
• Privacy Enhanced Mail (PEM) – Stores keys, certificates, and encrypted files. • Public-Key Cryptography Standard 7 (PKCS#7) – Stores digitally signed files. • Public-Key Cryptography Standard 8 (PKCS#8) – Stores private keys. • Public-Key Cryptography Standard 12 (PKCS#12) – Stores keys and certificates in browsers. FIPS Federal Information Processing Standard (FIPS) 140-2 OpenSSL is now added to the OpenSSL product. For more information about FIPS 140-2, see the following web address: http://www.
PAGE 8
The following sections discuss these components in detail. OpenSSL libraries OpenSSL A.00.09.07m and A.00.09.08w contain two libraries: libcrypto and libssl. The libcrypto library contains all the cryptographic functions used for creating and managing ciphers, digests, certificates, public key encryption, and encoding. The libssl library contains all the functions used for managing secure connections between SSL-enabled clients and the corresponding SSL-enabled servers. OpenSSL A.00.09.07m and A.00.09.
PAGE 9
Table 2 OpenSSL A.00.09.07m PA-RISC libraries Library Library Name/Location Symbolic Link 32-bit static /opt/openssl/0.9.7/lib/ libssl.0.9.7m.a • /usr/lib/libssl.a * • /opt/openssl/lib/libssl.a * • /opt/openssl/0.9.7/lib/libssl.a • /opt/openssl/0.9.8/lib/libssl.0.9.7m.a /opt/openssl/0.9.7/lib/ libcrypto.0.9.7m.a • /usr/lib/libcrypto.a * • /opt/openssl/lib/libcrypto.a * • /opt/openssl/0.9.7/lib/libcrypto.a • /opt/openssl/0.9.8/lib/libcrypto.0.9.7m.a 32-bit shared /opt/openssl/0.9.7/lib/ libssl.sl.
PAGE 10
Table 2 OpenSSL A.00.09.07m PA-RISC libraries (continued) Library Library Name/Location Symbolic Link • /opt/openssl/0.9.8/lib/pa20_64/ libcrypto.sl.0 NOTE: Symbolic links marked * are applicable only if the default version is OpenSSL A.00.09.07m. 10 OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.
PAGE 11
Table 3 OpenSSL A.00.09.07m Intel Itanium®® libraries Library Library Name/Location Symbolic Link 32-bit static /opt/openssl/0.9.7/lib/ hpux32/libssl.0.9.7m.a • /usr/lib/hpux32/libssl.a * • /opt/openssl/lib/hpux32/libssl.a * • /opt/openssl/0.9.7/lib/hpux32/libssl.a • /opt/openssl/0.9.8/lib/hpux32/ libssl.0.9.7m.a /opt/openssl/0.9.7/lib/ hpux32/libcrypto.0.9.7m.a • /usr/lib/hpux32/libcrypto.a * • /opt/openssl/lib/hpux32/libcrypto.a * • /opt/openssl/0.9.7/lib/hpux32/libcrypto.a • /opt/openssl/0.9.
PAGE 12
Table 3 OpenSSL A.00.09.07m Intel Itanium®® libraries (continued) Library Library Name/Location Symbolic Link • /opt/openssl/lib/hpux64/libcrypto.a * • /opt/openssl/0.9.7/lib/hpux64/libcrypto.a • /opt/openssl/0.9.8/lib/hpux64/ libcrypto.0.9.7m.a 64-bit shared /opt/openssl/0.9.7/lib/ hpux64/libssl.so.0 • /usr/lib/hpux64/libssl.so * • /usr/lib/hpux64/libssl.so.0 • /opt/openssl/lib/hpux64/libssl.so * • /opt/openssl/lib/hpux64/libssl.so.0 • /opt/openssl/0.9.7/lib/hpux64/libssl.so • /opt/openssl/0.9.
PAGE 13
Table 4 OpenSSL A.00.09.08w PA-RISC libraries Library Library Name/Location Symbolic Link 32-bit static /opt/openssl/0.9.8/lib/ libssl.0.9.8w.a • /usr/lib/libssl.a * • /opt/openssl/lib/libssl.a * • /opt/openssl/0.9.8/lib/libssl.a • /opt/openssl/0.9.7/lib/libssl.0.9.8w.a /opt/openssl/0.9.8/lib/ libcrypto.0.9.8w.a • /usr/lib/libcrypto.a * • /opt/openssl/lib/libcrypto.a * • /opt/openssl/0.9.8/lib/libcrypto.a • /opt/openssl/0.9.7/lib/libcrypto.0.9.8w.a 32-bit shared /opt/openssl/0.9.8/lib/ libssl.sl.
PAGE 14
Table 4 OpenSSL A.00.09.08w PA-RISC libraries (continued) Library Library Name/Location Symbolic Link • /opt/openssl/0.9.7/lib/pa20_64/ libcrypto.sl.1 NOTE: Symbolic links marked * are applicable only if the default version is OpenSSL A.00.09.08w. 14 OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.
PAGE 15
Table 5 OpenSSL A.00.09.08w Intel Itanium libraries Library Library Name/Location Symbolic Link 32-bit static /opt/openssl/0.9.8/lib/ hpux32/ • /usr/lib/hpux32/libssl.a * libssl.0.9.8w.a • /opt/openssl/lib/hpux32/libssl.a * • /opt/openssl/0.9.8/lib/hpux32/libssl.a • /opt/openssl/0.9.7/lib/hpux32/ libssl.0.9.8w.a /opt/openssl/0.9.8/lib/ hpux32/ • /usr/lib/hpux32/libcrypto.a * libcrypto.0.9.8w.a • /opt/openssl/lib/hpux32/libcrypto.a * • /opt/openssl/0.9.8/lib/hpux32/libcrypto.a • /opt/openssl/0.9.
PAGE 16
Table 5 OpenSSL A.00.09.08w Intel Itanium libraries (continued) Library Library Name/Location Symbolic Link • /opt/openssl/lib/hpux64/libcrypto.a * • /opt/openssl/0.9.8/lib/hpux64/libcrypto.a • /opt/openssl/0.9.7/lib/hpux64/ libcrypto.0.9.8w.a 64-bit shared /opt/openssl/0.9.8/lib/ hpux64/ • /usr/lib/hpux64/libssl.so * libssl.so.1 • /usr/lib/hpux64/libssl.so.1 • /opt/openssl/lib/hpux64/libssl.so * • /opt/openssl/lib/hpux64/libssl.so.1 • /opt/openssl/0.9.8/lib/hpux64/libssl.so • /opt/openssl/0.9.
PAGE 17
• Creating and viewing RSA, DSA, and DH public keys • Encrypting or decrypting a file using a public key or private key, respectively • Creating X.509 certificates, certificate requests, and Certificate Revocation Lists (CRL) • Managing the Certificate Authority (CA) Strong random number generator for HP-UX 11i V1 OpenSSL A.00.09.07m requires a strong random number generator to provide secure and non reproducible keys and certificates. OpenSSL A.00.09.
PAGE 18
Known problems There are no known problems in OpenSSL A.00.09.08w. In OpenSSL A.00.09.07m, due to the nonperformance of MD5, SHA1 is used as the default Message-Digest Algorithm (md). Compatibility information and installation requirements This section lists the system and patch requirements for OpenSSL A.00.09.07m and A.00.09.08w. System requirements Table 6 specifies the minimum system requirements for installing OpenSSL A.00.09.07m, and A.00.09.08w. Table 6 System requirements for installing OpenSSL A.
PAGE 19
1. 2. 3. Log in as root. Insert the software CD into the appropriate drive if you are installing from the Application Release CD. If you are downloading the software package from the Software Depot, download the depot and follow the instructions provided in the installation page for OpenSSL. Run the following command: $swinstall -s 4. 5. 6. 7. 8. 9. Enter the drive mount point in the Source Depot Path box and click OK. Change the Source Host Name if needed.
PAGE 20
Table 9 The Openssl command-line options (continued) Option Name Description verify X.509 certificate verification x509 X.509 certificate data management For more information on openssl command-line options, refer to openssl(1). Using Openssl This section explains the use of the openssl command-line tool with examples. For more information, see the openssl(1) manpage.
PAGE 21
Creating an RSA certificate request Following is the syntax to create a new certificate request: # openssl req -new -nodes -out -keyout -subj Where: specifies the file to which the certificate request is written. specifies the file to which the RSA public and private key pair for the certificate is written specifies the subject name of the certificate. For example: # openssl req -new -nodes -out cert.txt -keyout key.
PAGE 22
• The Transport Layer Security (TLS) Internet Engineering Task Force (IETF) Working Groups at: http://www.ietf.org/html.charters/wg-dir.html#Security%20Area • OpenSSL APIs at: http://www.opensslbook.com/api/index.html OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.003 Release Notes is available at the following locations: • The HTML and pdf versions are available at: The Business Support Center • A text version of the README.hp readme file in the /opt/openssl directory.
PAGE 23
7 8 No. OpenSSL contains application libraries and a command-line tool. It does not require a kernel rebuild or system reboot. How can I install OpenSSL A.00.09.07m or A.00.09.08w? You can install OpenSSL A.00.09.07m or A.00.09.08w from the application CD or the Web using the swinstall command. How can I uninstall OpenSSL A.00.09.07m or A.00.09.08w? Use the following command to uninstall OpenSSL: # swremove OpenSSL 9 I have already got the supported version A.00.09.
PAGE 24
product. If you attempt to install OpenSSL A.00.09.07m or A.00.09.08w on a system without removing the HP-UX Internet Express OpenSSL product, the OpenSSL A.00.09.07m and A.00.09.08w installation fails with an error message. If you have HP-UX Internet Express OpenSSL 0.9.7c installed on your system, use the following command to remove it: # swremove ixOpenSSL 14 I have already built Open Source OpenSSL 0.9.7m or A.0.9.8g by downloading the source code directly from http://www.openssl.org.
PAGE 25
Example 4 When an old version of OpenSSL from Internet Express is installed on the system # what /usr/bin/openssl OpenSSL A.02.00-0.9.7c Example 5 If you are running OpenSSL A.00.09.08w.003 on HP-UX 11i V3 # what /usr/bin/openssl /usr/bin/openssl: $OpenSSL A.00.09.08w.003, Zlib: v1.2.3 $ $OpenSSL A.00.09.08w.003, Zlib: v1.2.3 $ $OpenSSL A.00.09.08w.003, Zlib: v1.2.3 $ Example 6 When OpenSSL A.00.09.07m.
PAGE 26
A version of the OpenSSL product that is suitable for reference by an application along with the FIPS object module is a FIPS compatible OpenSSL which links against FIPS Object Module 1.1.2 or FIPS Object Module 1.2. When the FIPS object module and a FIPS compatible OpenSSL are separately built and installed on a system, the combination is referred to as a FIPS capable OpenSSL.