A local copy of OpenSSL from GitHub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

183 lines
7.5 KiB

  1. NOTES FOR THE HPE NONSTOP PLATFORM
  2. ==============================
  3. Requirement details
  4. -------------------
  5. In addition to the requirements and instructions listed
  6. in [INSTALL.md](INSTALL.md), the following are required as well:
  7. * The TNS/X platform supports hardware randomization.
  8. Specify the `--with-rand-seed=rdcpu` option to the `./Configure` script.
  9. This is recommended but not required. `egd` is supported at 3.0 but cannot
  10. be used if FIPS is selected.
  11. * The TNS/E platform does not support hardware randomization, so
  12. specify the `--with-rand-seed=egd` option to the `./Configure` script.
  13. About c99 compiler
  14. ------------------
  15. The c99 compiler is required for building OpenSSL from source. While c11
  16. may work, it has not been broadly tested. c99 is the only compiler
  17. prerequisite needed to build OpenSSL 3.0 on this platform. You should also
  18. have the FLOSS package installed on your system. The ITUGLIB FLOSS package
  19. is the only FLOSS variant that has been broadly tested.
  20. Threading Models
  21. ----------------
  22. OpenSSL can be built using unthreaded, POSIX User Threads (PUT), or Standard
  23. POSIX Threads (SPT). Select the following build configuration for each on
  24. the TNS/X (L-Series) platform:
  25. * `nonstop-nsx` or default will select an unthreaded build.
  26. * `nonstop-nsx_put` selects the PUT build.
  27. * `nonstop-nsx_64_put` selects the 64 bit file length PUT build.
  28. * `nonstop-nsx_spt_floss` selects the SPT build with FLOSS. FLOSS is
  29. required for SPT builds because of a known hang when using SPT on its own.
  30. ### TNS/E Considerations
  31. The TNS/E platform is build using the same set of builds specifying `nse`
  32. instead of `nsx` in the set above.
  33. You cannot build for TNS/E for FIPS, so you must specify the `no-fips`
  34. option to `./Configure`
  35. About Prefix and OpenSSLDir
  36. ---------------------------
  37. Because there are many potential builds that must co-exist on any given
  38. NonStop node, managing the location of your build distribution is crucial.
  39. Keep each destination separate and distinct. Mixing any mode described in
  40. this document can cause application instability. The recommended approach
  41. is to specify the OpenSSL version and threading model in your configuration
  42. options, and keeping your memory and float options consistent, for example:
  43. * For 1.1 `--prefix=/usr/local-ssl1.1 --openssldir=/usr/local-ssl1.1/ssl`
  44. * For 1.1 PUT `--prefix=/usr/local-ssl1.1_put --openssldir=/usr/local-ssl1.1_put/ssl`
  45. * For 3.0 `--prefix=/usr/local-ssl3.0 --openssldir=/usr/local-ssl3.0/ssl`
  46. * For 3.0 PUT `--prefix=/usr/local-ssl3.0_put --openssldir=/usr/local-ssl3.0_put/ssl`
  47. Use the `_RLD_LIB_PATH` environment variable in OSS to select the appropriate
  48. directory containing `libcrypto.so` and `libssl.so`. In GUARDIAN, use the
  49. `=_RLD_LIB_PATH` search define to locate the GUARDIAN subvolume where OpenSSL
  50. is installed.
  51. Float Considerations
  52. --------------------
  53. OpenSSL is built using IEEE Float mode by default. If you need a different
  54. IEEE mode, create a new configuration specifying `tfloat-x86-64` (for Tandem
  55. Float) or `nfloat-x86-64` (for Neutral Float).
  56. Memory Models
  57. -------------
  58. The current OpenSSL default memory model uses the default platform address
  59. model. If you need a different address model, you must specify the appropriate
  60. c99 options for compile (`CFLAGS`) and linkers (`LDFLAGS`).
  61. Cross Compiling with NSDEE
  62. --------------------------
  63. **Note:** None of these builds have been tested by the platform maintainer and are
  64. supplied for historical value. Please submit a Pull Request to OpenSSL should
  65. these need to be adjusted.
  66. If you are attempting to build OpenSSL with NSDEE, you will need to specify
  67. the following variables. The following set of compiler defines are required:
  68. # COMP_ROOT must be a full path for the build system (e.g. windows)
  69. COMP_ROOT=$(cygpath -w /path/to/comp_root)
  70. # CC must be executable by your shell
  71. CC=/path/to/c99
  72. ### Optional Build Variables
  73. DBGFLAG="--debug"
  74. CIPHENABLES="enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-rc4"
  75. ### Internal Known TNS/X to TNS/E Cross Compile Variables
  76. The following definition is required if you are building on TNS/X for TNS/E
  77. and have access to a TNS/E machine on your EXPAND network - with an example
  78. node named `\CS3`:
  79. SYSTEMLIBS="-L/E/cs3/usr/local/lib"
  80. Version Procedure (VPROC) Considerations
  81. ----------------------------------------
  82. If you require a VPROC entry for platform version identification, use the
  83. following variables:
  84. ### For Itanium
  85. OPENSSL_VPROC_PREFIX=T0085H06
  86. ### For x86
  87. OPENSSL_VPROC_PREFIX=T0085L01
  88. ### Common Definition
  89. export OPENSSL_VPROC=${OPENSSL_VPROC_PREFIX}_$(
  90. . VERSION.dat
  91. if [ -n "$PRE_RELEASE_TAG" ]; then
  92. PRE_RELEASE_TAG="-$PRE_RELEASE_TAG"
  93. fi
  94. echo "$MAJOR.$MINOR.$PATCH$PRE_RELEASE_TAG$BUILD_METADATA" |\
  95. sed -e 's/[-.+]/_/g'
  96. )
  97. Example Configure Targets
  98. -------------------------
  99. For OSS targets, the main DLL names will be `libssl.so` and `libcrypto.so`.
  100. For GUARDIAN targets, DLL names will be `ssl` and `crypto`. The following
  101. assumes that your PWD is set according to your installation standards.
  102. ./Configure nonstop-nsx --prefix=${PWD} \
  103. --openssldir=${PWD}/ssl no-threads \
  104. --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
  105. ./Configure nonstop-nsx_g --prefix=${PWD} \
  106. --openssldir=${PWD}/ssl no-threads \
  107. --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
  108. ./Configure nonstop-nsx_put --prefix=${PWD} \
  109. --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
  110. --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
  111. ./Configure nonstop-nsx_spt_floss --prefix=${PWD} \
  112. --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
  113. --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
  114. ./Configure nonstop-nsx_64 --prefix=${PWD} \
  115. --openssldir=${PWD}/ssl no-threads \
  116. --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
  117. ./Configure nonstop-nsx_64_put --prefix=${PWD} \
  118. --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
  119. --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
  120. ./Configure nonstop-nsx_g_tandem --prefix=${PWD} \
  121. --openssldir=${PWD}/ssl no-threads \
  122. --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
  123. ./Configure nonstop-nse --prefix=${PWD} \
  124. --openssldir=${PWD}/ssl no-threads \
  125. --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
  126. ./Configure nonstop-nse_g --prefix=${PWD} \
  127. --openssldir=${PWD}/ssl no-threads \
  128. --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
  129. ./Configure nonstop-nse_put --prefix=${PWD} \
  130. --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
  131. --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
  132. ./Configure nonstop-nse_spt_floss --prefix=${PWD} \
  133. --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
  134. --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
  135. ./Configure nonstop-nse_64 --prefix=${PWD} \
  136. --openssldir=${PWD}/ssl no-threads \
  137. --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
  138. ./Configure nonstop-nse_64_put --prefix=${PWD} \
  139. --openssldir=${PWD}/ssl threads "-D_REENTRANT"
  140. --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
  141. ./Configure nonstop-nse_g_tandem --prefix=${PWD} \
  142. --openssldir=${PWD}/ssl no-threads \
  143. --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}