OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.
© Copyright 2010, 2012 Hewlett-Packard Development Company, L.P. Legal Notices Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Contents 1 OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.003............4 Announcement.........................................................................................................................4 OpenSSL A.00.09.07m and A.00.09.08w features.......................................................................5 Ciphers..............................................................................................................................5 Message digest.........................
1 OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.003 This document contains the most recent product information for OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.003 supported on HP-UX 11i V1, HP-UX 11i V2, and HP-UX 11i V3, respectively. This document contains the following information: • OpenSSL Features • Installing OpenSSL • Using the OpenSSL command-line Tool • Frequently Asked Questions (FAQs) Announcement This version of OpenSSL is based on the open source OpenSSL 0.9.
./Configure threads zlib shared no-rc5 no-idea no-krb5 --openssldir=/opt/openssl hpux-cc FIPS Capable OpenSSL (based on OpenSSL A.00.09.07m and linked against FIPS-1.1.2 module) is built with the following options: ./Configure threads zlib shared no-rc5 no-idea no-krb5 no-mdc2 --openssldir=/opt/openssl hpux-cc FIPS Capable OpenSSL (based on OpenSSL A.00.09.08w and linked against FIPS-1.2 module) is built with the following options: .
• Data Encryption Standard Extension (DESX) • Rivest Cipher 2 (RC2) • Rivest Cipher 4 (RC4) Message digest A message digest is a piece of data that can be used to verify that the contents of the message has not been altered during transit. When a message is sent over a network, the sender computes a message digest by performing a one-way hash function using a secret key known only to the sender and recipient.
• Privacy Enhanced Mail (PEM) – Stores keys, certificates, and encrypted files. • Public-Key Cryptography Standard 7 (PKCS#7) – Stores digitally signed files. • Public-Key Cryptography Standard 8 (PKCS#8) – Stores private keys. • Public-Key Cryptography Standard 12 (PKCS#12) – Stores keys and certificates in browsers. FIPS Federal Information Processing Standard (FIPS) 140-2 OpenSSL is now added to the OpenSSL product. For more information about FIPS 140-2, see the following web address: http://www.
The following sections discuss these components in detail. OpenSSL libraries OpenSSL A.00.09.07m and A.00.09.08w contain two libraries: libcrypto and libssl. The libcrypto library contains all the cryptographic functions used for creating and managing ciphers, digests, certificates, public key encryption, and encoding. The libssl library contains all the functions used for managing secure connections between SSL-enabled clients and the corresponding SSL-enabled servers. OpenSSL A.00.09.07m and A.00.09.
Table 2 OpenSSL A.00.09.07m PA-RISC libraries Library Library Name/Location Symbolic Link 32-bit static /opt/openssl/0.9.7/lib/ libssl.0.9.7m.a • /usr/lib/libssl.a * • /opt/openssl/lib/libssl.a * • /opt/openssl/0.9.7/lib/libssl.a • /opt/openssl/0.9.8/lib/libssl.0.9.7m.a /opt/openssl/0.9.7/lib/ libcrypto.0.9.7m.a • /usr/lib/libcrypto.a * • /opt/openssl/lib/libcrypto.a * • /opt/openssl/0.9.7/lib/libcrypto.a • /opt/openssl/0.9.8/lib/libcrypto.0.9.7m.a 32-bit shared /opt/openssl/0.9.7/lib/ libssl.sl.
Table 2 OpenSSL A.00.09.07m PA-RISC libraries (continued) Library Library Name/Location Symbolic Link • /opt/openssl/0.9.8/lib/pa20_64/ libcrypto.sl.0 NOTE: Symbolic links marked * are applicable only if the default version is OpenSSL A.00.09.07m. 10 OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.
Table 3 OpenSSL A.00.09.07m Intel Itanium®® libraries Library Library Name/Location Symbolic Link 32-bit static /opt/openssl/0.9.7/lib/ hpux32/libssl.0.9.7m.a • /usr/lib/hpux32/libssl.a * • /opt/openssl/lib/hpux32/libssl.a * • /opt/openssl/0.9.7/lib/hpux32/libssl.a • /opt/openssl/0.9.8/lib/hpux32/ libssl.0.9.7m.a /opt/openssl/0.9.7/lib/ hpux32/libcrypto.0.9.7m.a • /usr/lib/hpux32/libcrypto.a * • /opt/openssl/lib/hpux32/libcrypto.a * • /opt/openssl/0.9.7/lib/hpux32/libcrypto.a • /opt/openssl/0.9.
Table 3 OpenSSL A.00.09.07m Intel Itanium®® libraries (continued) Library Library Name/Location Symbolic Link • /opt/openssl/lib/hpux64/libcrypto.a * • /opt/openssl/0.9.7/lib/hpux64/libcrypto.a • /opt/openssl/0.9.8/lib/hpux64/ libcrypto.0.9.7m.a 64-bit shared /opt/openssl/0.9.7/lib/ hpux64/libssl.so.0 • /usr/lib/hpux64/libssl.so * • /usr/lib/hpux64/libssl.so.0 • /opt/openssl/lib/hpux64/libssl.so * • /opt/openssl/lib/hpux64/libssl.so.0 • /opt/openssl/0.9.7/lib/hpux64/libssl.so • /opt/openssl/0.9.
Table 4 OpenSSL A.00.09.08w PA-RISC libraries Library Library Name/Location Symbolic Link 32-bit static /opt/openssl/0.9.8/lib/ libssl.0.9.8w.a • /usr/lib/libssl.a * • /opt/openssl/lib/libssl.a * • /opt/openssl/0.9.8/lib/libssl.a • /opt/openssl/0.9.7/lib/libssl.0.9.8w.a /opt/openssl/0.9.8/lib/ libcrypto.0.9.8w.a • /usr/lib/libcrypto.a * • /opt/openssl/lib/libcrypto.a * • /opt/openssl/0.9.8/lib/libcrypto.a • /opt/openssl/0.9.7/lib/libcrypto.0.9.8w.a 32-bit shared /opt/openssl/0.9.8/lib/ libssl.sl.
Table 4 OpenSSL A.00.09.08w PA-RISC libraries (continued) Library Library Name/Location Symbolic Link • /opt/openssl/0.9.7/lib/pa20_64/ libcrypto.sl.1 NOTE: Symbolic links marked * are applicable only if the default version is OpenSSL A.00.09.08w. 14 OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.
Table 5 OpenSSL A.00.09.08w Intel Itanium libraries Library Library Name/Location Symbolic Link 32-bit static /opt/openssl/0.9.8/lib/ hpux32/ • /usr/lib/hpux32/libssl.a * libssl.0.9.8w.a • /opt/openssl/lib/hpux32/libssl.a * • /opt/openssl/0.9.8/lib/hpux32/libssl.a • /opt/openssl/0.9.7/lib/hpux32/ libssl.0.9.8w.a /opt/openssl/0.9.8/lib/ hpux32/ • /usr/lib/hpux32/libcrypto.a * libcrypto.0.9.8w.a • /opt/openssl/lib/hpux32/libcrypto.a * • /opt/openssl/0.9.8/lib/hpux32/libcrypto.a • /opt/openssl/0.9.
Table 5 OpenSSL A.00.09.08w Intel Itanium libraries (continued) Library Library Name/Location Symbolic Link • /opt/openssl/lib/hpux64/libcrypto.a * • /opt/openssl/0.9.8/lib/hpux64/libcrypto.a • /opt/openssl/0.9.7/lib/hpux64/ libcrypto.0.9.8w.a 64-bit shared /opt/openssl/0.9.8/lib/ hpux64/ • /usr/lib/hpux64/libssl.so * libssl.so.1 • /usr/lib/hpux64/libssl.so.1 • /opt/openssl/lib/hpux64/libssl.so * • /opt/openssl/lib/hpux64/libssl.so.1 • /opt/openssl/0.9.8/lib/hpux64/libssl.so • /opt/openssl/0.9.
• Creating and viewing RSA, DSA, and DH public keys • Encrypting or decrypting a file using a public key or private key, respectively • Creating X.509 certificates, certificate requests, and Certificate Revocation Lists (CRL) • Managing the Certificate Authority (CA) Strong random number generator for HP-UX 11i V1 OpenSSL A.00.09.07m requires a strong random number generator to provide secure and non reproducible keys and certificates. OpenSSL A.00.09.
Known problems There are no known problems in OpenSSL A.00.09.08w. In OpenSSL A.00.09.07m, due to the nonperformance of MD5, SHA1 is used as the default Message-Digest Algorithm (md). Compatibility information and installation requirements This section lists the system and patch requirements for OpenSSL A.00.09.07m and A.00.09.08w. System requirements Table 6 specifies the minimum system requirements for installing OpenSSL A.00.09.07m, and A.00.09.08w. Table 6 System requirements for installing OpenSSL A.
1. 2. 3. Log in as root. Insert the software CD into the appropriate drive if you are installing from the Application Release CD. If you are downloading the software package from the Software Depot, download the depot and follow the instructions provided in the installation page for OpenSSL. Run the following command: $swinstall -s 4. 5. 6. 7. 8. 9. Enter the drive mount point in the Source Depot Path box and click OK. Change the Source Host Name if needed.
Table 9 The Openssl command-line options (continued) Option Name Description verify X.509 certificate verification x509 X.509 certificate data management For more information on openssl command-line options, refer to openssl(1). Using Openssl This section explains the use of the openssl command-line tool with examples. For more information, see the openssl(1) manpage.
Creating an RSA certificate request Following is the syntax to create a new certificate request: # openssl req -new -nodes -out -keyout -subj Where: specifies the file to which the certificate request is written. specifies the file to which the RSA public and private key pair for the certificate is written specifies the subject name of the certificate. For example: # openssl req -new -nodes -out cert.txt -keyout key.
• The Transport Layer Security (TLS) Internet Engineering Task Force (IETF) Working Groups at: http://www.ietf.org/html.charters/wg-dir.html#Security%20Area • OpenSSL APIs at: http://www.opensslbook.com/api/index.html OpenSSL A.00.09.08w.001, A.00.09.08w.002, and A.00.09.08w.003 Release Notes is available at the following locations: • The HTML and pdf versions are available at: The Business Support Center • A text version of the README.hp readme file in the /opt/openssl directory.
7 8 No. OpenSSL contains application libraries and a command-line tool. It does not require a kernel rebuild or system reboot. How can I install OpenSSL A.00.09.07m or A.00.09.08w? You can install OpenSSL A.00.09.07m or A.00.09.08w from the application CD or the Web using the swinstall command. How can I uninstall OpenSSL A.00.09.07m or A.00.09.08w? Use the following command to uninstall OpenSSL: # swremove OpenSSL 9 I have already got the supported version A.00.09.
product. If you attempt to install OpenSSL A.00.09.07m or A.00.09.08w on a system without removing the HP-UX Internet Express OpenSSL product, the OpenSSL A.00.09.07m and A.00.09.08w installation fails with an error message. If you have HP-UX Internet Express OpenSSL 0.9.7c installed on your system, use the following command to remove it: # swremove ixOpenSSL 14 I have already built Open Source OpenSSL 0.9.7m or A.0.9.8g by downloading the source code directly from http://www.openssl.org.
Example 4 When an old version of OpenSSL from Internet Express is installed on the system # what /usr/bin/openssl OpenSSL A.02.00-0.9.7c Example 5 If you are running OpenSSL A.00.09.08w.003 on HP-UX 11i V3 # what /usr/bin/openssl /usr/bin/openssl: $OpenSSL A.00.09.08w.003, Zlib: v1.2.3 $ $OpenSSL A.00.09.08w.003, Zlib: v1.2.3 $ $OpenSSL A.00.09.08w.003, Zlib: v1.2.3 $ Example 6 When OpenSSL A.00.09.07m.
A version of the OpenSSL product that is suitable for reference by an application along with the FIPS object module is a FIPS compatible OpenSSL which links against FIPS Object Module 1.1.2 or FIPS Object Module 1.2. When the FIPS object module and a FIPS compatible OpenSSL are separately built and installed on a system, the combination is referred to as a FIPS capable OpenSSL.