X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=INSTALL;h=fcdbfc0a6ee00bfdebec74e95ceb1dd1fe3b5f8a;hb=ec91c3db211c071248ef3a0b6dd9ef5ebdca5ab5;hp=cc8c38aed8c236d42c1a3c748ac0724a2538dcfe;hpb=e452de9d8753d1fc6ba8cd26eb035988ea2635e9;p=oweals%2Fopenssl.git diff --git a/INSTALL b/INSTALL index cc8c38aed8..fcdbfc0a6e 100644 --- a/INSTALL +++ b/INSTALL @@ -2,8 +2,12 @@ INSTALLATION ON THE UNIX PLATFORM --------------------------------- - [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described - in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.] + [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X) + and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS, + INSTALL.MacOS and INSTALL.NW. + + This document describes installation on operating systems in the Unix + family.] To install OpenSSL, you will need: @@ -60,7 +64,7 @@ zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically when needed. This is only supported on systems where loading - of shared libraries is supported. + of shared libraries is supported. This is the default choice. no-shared Don't try to create shared libraries. @@ -70,19 +74,48 @@ no-asm Do not use assembler code. - 386 Use the 80386 instruction set only (the default x86 code is - more efficient, but requires at least a 486). + 386 In 32-bit x86 builds, when generating assembly modules, + use the 80386 instruction set only (the default x86 code + is more efficient, but requires at least a 486). Note: + This doesn't affect code generated by compiler, you're + likely to complement configuration command line with + suitable compiler-specific option. + + no-sse2 Exclude SSE2 code paths from 32-bit x86 assembly modules. + Normally SSE2 extension is detected at run-time, but the + decision whether or not the machine code will be executed + is taken solely on CPU capability vector. This means that + if you happen to run OS kernel which does not support SSE2 + extension on Intel P4 processor, then your application + might be exposed to "illegal instruction" exception. + There might be a way to enable support in kernel, e.g. + FreeBSD kernel can be compiled with CPU_ENABLE_SSE, and + there is a way to disengage SSE2 code paths upon application + start-up, but if you aim for wider "audience" running + such kernel, consider no-sse2. Both the 386 and + no-asm options imply no-sse2. no- Build without the specified cipher (bf, cast, des, dh, dsa, hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha). The crypto/ directory can be removed after running "make depend". - -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will + -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will be passed through to the compiler to allow you to define preprocessor symbols, specify additional libraries, - library directories or other compiler options. - + library directories or other compiler options. It might be + worth noting that some compilers generate code specifically + for processor the compiler currently executes on. This is + not necessarily what you might have in mind, since it might + be unsuitable for execution on other, typically older, + processor. Consult your compiler documentation. + + -DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using + BSD. Useful if you are running ocf-linux or something + similar. Once enabled you can also enable the use of + cryptodev digests, which is usually slower unless you have + large amounts data. Use -DUSE_CRYPTODEV_DIGESTS to force + it. Installation in Detail ---------------------- @@ -133,15 +166,18 @@ OpenSSL binary ("openssl"). The libraries will be built in the top-level directory, and the binary will be in the "apps" directory. - If "make" fails, look at the output. There may be reasons for - the failure that aren't problems in OpenSSL itself (like missing - standard headers). If it is a problem with OpenSSL itself, please - report the problem to (note that your - message will be forwarded to a public mailing list). Include the - output of "make report" in your message. + If the build fails, look at the output. There may be reasons + for the failure that aren't problems in OpenSSL itself (like + missing standard headers). If you are having problems you can + get help by sending an email to the openssl-users email list (see + https://www.openssl.org/community/mailinglists.html for details). If + it is a bug with OpenSSL itself, please open an issue on GitHub, at + https://github.com/openssl/openssl/issues. Please review the existing + ones first; maybe the bug was already reported or has already been + fixed. - [If you encounter assembler error messages, try the "no-asm" - configuration option as an immediate fix.] + (If you encounter assembler error messages, try the "no-asm" + configuration option as an immediate fix.) Compiling parts of OpenSSL with gcc and others with the system compiler will result in unresolved symbols on some systems. @@ -153,10 +189,9 @@ If a test fails, look at the output. There may be reasons for the failure that isn't a problem in OpenSSL itself (like a missing or malfunctioning bc). If it is a problem with OpenSSL itself, - try removing any compiler optimization flags from the CFLAGS line - in Makefile.ssl and run "make clean; make". Please send a bug - report to , including the output of - "make report". + try removing any compiler optimization flags from the CFLAG line + in Makefile.ssl and run "make clean; make". To report a bug please open an + issue on GitHub, at https://github.com/openssl/openssl/issues. 4. If everything tests ok, install OpenSSL with @@ -182,6 +217,10 @@ compile programs with libcrypto or libssl. lib Contains the OpenSSL library files themselves. + Use "make install_sw" to install the software without documentation, + and "install_docs_html" to install HTML renditions of the manual + pages. + Package builders who want to configure the library for standard locations, but have the package installed somewhere else so that it can easily be packaged, can use @@ -278,10 +317,10 @@ Note on shared libraries ------------------------ - Shared library is currently an experimental feature. The only reason to - have them would be to conserve memory on systems where several program - are using OpenSSL. Binary backward compatibility can't be guaranteed - before OpenSSL version 1.0. + Shared libraries have certain caveats. Binary backward compatibility + can't be guaranteed before OpenSSL version 1.0. The only reason to + use them would be to conserve memory on systems where several programs + are using OpenSSL. For some systems, the OpenSSL Configure script knows what is needed to build shared libraries for libcrypto and libssl. On these systems, @@ -290,3 +329,37 @@ targets for shared library creation, like linux-shared. Those targets can currently be used on their own just as well, but this is expected to change in future versions of OpenSSL. + + Note on random number generation + -------------------------------- + + Availability of cryptographically secure random numbers is required for + secret key generation. OpenSSL provides several options to seed the + internal PRNG. If not properly seeded, the internal PRNG will refuse + to deliver random bytes and a "PRNG not seeded error" will occur. + On systems without /dev/urandom (or similar) device, it may be necessary + to install additional support software to obtain random seed. + Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), + and the FAQ for more information. + + Note on support for multiple builds + ----------------------------------- + + OpenSSL is usually built in its source tree. Unfortunately, this doesn't + support building for multiple platforms from the same source tree very well. + It is however possible to build in a separate tree through the use of lots + of symbolic links, which should be prepared like this: + + mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" + cd objtree/"`uname -s`-`uname -r`-`uname -m`" + (cd $OPENSSL_SOURCE; find . -type f) | while read F; do + mkdir -p `dirname $F` + rm -f $F; ln -s $OPENSSL_SOURCE/$F $F + echo $F '->' $OPENSSL_SOURCE/$F + done + make -f Makefile.org clean + + OPENSSL_SOURCE is an environment variable that contains the absolute (this + is important!) path to the OpenSSL source tree. + + Also, operations like 'make update' should still be made in the source tree.