[openssl] master update
Richard Levitte
levitte at openssl.org
Wed Oct 28 16:19:22 UTC 2020
The branch master has been updated
via 648cf9249e6ec60e0af50d5d903e05244b837cb0 (commit)
from 28e1d588f14404d480cc2bd38827ecd587625643 (commit)
- Log -----------------------------------------------------------------
commit 648cf9249e6ec60e0af50d5d903e05244b837cb0
Author: Randall S. Becker <rsbecker at nexbridge.com>
Date: Sat Oct 24 17:58:27 2020 -0400
Rewrite the HPE NonStop Notes file in Markdown with more explanations.
CLA: Permission is granted by the author to the OpenSSL team to use
these modifications.
Fixes #13237
Signed-off-by: Randall S. Becker <rsbecker at nexbridge.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13238)
-----------------------------------------------------------------------
Summary of changes:
NOTES-NONSTOP.md | 183 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
NOTES.HPNS | 42 -------------
2 files changed, 183 insertions(+), 42 deletions(-)
create mode 100644 NOTES-NONSTOP.md
delete mode 100644 NOTES.HPNS
diff --git a/NOTES-NONSTOP.md b/NOTES-NONSTOP.md
new file mode 100644
index 0000000000..0ad09bae8d
--- /dev/null
+++ b/NOTES-NONSTOP.md
@@ -0,0 +1,183 @@
+NOTES FOR THE HPE NONSTOP PLATFORM
+==============================
+
+Requirement details
+-------------------
+
+In addition to the requirements and instructions listed
+in [INSTALL.md](INSTALL.md), the following are required as well:
+
+ * The TNS/X platform supports hardware randomization.
+ Specify the `--with-rand-seed=rdcpu` option to the `./Configure` script.
+ This is recommended but not required. `egd` is supported at 3.0 but cannot
+ be used if FIPS is selected.
+ * The TNS/E platform does not support hardware randomization, so
+ specify the `--with-rand-seed=egd` option to the `./Configure` script.
+
+About c99 compiler
+------------------
+
+The c99 compiler is required for building OpenSSL from source. While c11
+may work, it has not been broadly tested. c99 is the only compiler
+prerequisite needed to build OpenSSL 3.0 on this platform. You should also
+have the FLOSS package installed on your system. The ITUGLIB FLOSS package
+is the only FLOSS variant that has been broadly tested.
+
+Threading Models
+----------------
+
+OpenSSL can be built using unthreaded, POSIX User Threads (PUT), or Standard
+POSIX Threads (SPT). Select the following build configuration for each on
+the TNS/X (L-Series) platform:
+
+ * `nonstop-nsx` or default will select an unthreaded build.
+ * `nonstop-nsx_put` selects the PUT build.
+ * `nonstop-nsx_64_put` selects the 64 bit file length PUT build.
+ * `nonstop-nsx_spt_floss` selects the SPT build with FLOSS. FLOSS is
+ required for SPT builds because of a known hang when using SPT on its own.
+
+### TNS/E Considerations
+
+The TNS/E platform is build using the same set of builds specifying `nse`
+instead of `nsx` in the set above.
+
+You cannot build for TNS/E for FIPS, so you must specify the `no-fips`
+option to `./Configure`
+
+About Prefix and OpenSSLDir
+---------------------------
+
+Because there are many potential builds that must co-exist on any given
+NonStop node, managing the location of your build distribution is crucial.
+Keep each destination separate and distinct. Mixing any mode described in
+this document can cause application instability. The recommended approach
+is to specify the OpenSSL version and threading model in your configuration
+options, and keeping your memory and float options consistent, for example:
+
+ * For 1.1 `--prefix=/usr/local-ssl1.1 --openssldir=/usr/local-ssl1.1/ssl`
+ * For 1.1 PUT `--prefix=/usr/local-ssl1.1_put --openssldir=/usr/local-ssl1.1_put/ssl`
+ * For 3.0 `--prefix=/usr/local-ssl3.0 --openssldir=/usr/local-ssl3.0/ssl`
+ * For 3.0 PUT `--prefix=/usr/local-ssl3.0_put --openssldir=/usr/local-ssl3.0_put/ssl`
+
+Use the `_RLD_LIB_PATH` environment variable in OSS to select the appropriate
+directory containing `libcrypto.so` and `libssl.so`. In GUARDIAN, use the
+`=_RLD_LIB_PATH` search define to locate the GUARDIAN subvolume where OpenSSL
+is installed.
+
+Float Considerations
+--------------------
+
+OpenSSL is built using IEEE Float mode by default. If you need a different
+IEEE mode, create a new configuration specifying `tfloat-x86-64` (for Tandem
+Float) or `nfloat-x86-64` (for Neutral Float).
+
+Memory Models
+-------------
+
+The current OpenSSL default memory model uses the default platform address
+model. If you need a different address model, you must specify the appropriate
+c99 options for compile (`CFLAGS`) and linkers (`LDFLAGS`).
+
+Cross Compiling with NSDEE
+--------------------------
+
+**Note:** None of these builds have been tested by the platform maintainer and are
+supplied for historical value. Please submit a Pull Request to OpenSSL should
+these need to be adjusted.
+
+If you are attempting to build OpenSSL with NSDEE, you will need to specify
+the following variables. The following set of compiler defines are required:
+
+ # COMP_ROOT must be a full path for the build system (e.g. windows)
+ COMP_ROOT=$(cygpath -w /path/to/comp_root)
+ # CC must be executable by your shell
+ CC=/path/to/c99
+
+### Optional Build Variables
+
+ DBGFLAG="--debug"
+ CIPHENABLES="enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-rc4"
+
+### Internal Known TNS/X to TNS/E Cross Compile Variables
+
+The following definition is required if you are building on TNS/X for TNS/E
+and have access to a TNS/E machine on your EXPAND network - with an example
+node named `\CS3`:
+
+ SYSTEMLIBS="-L/E/cs3/usr/local/lib"
+
+Version Procedure (VPROC) Considerations
+----------------------------------------
+
+If you require a VPROC entry for platform version identification, use the
+following variables:
+
+### For Itanium
+
+ OPENSSL_VPROC_PREFIX=T0085H06
+
+### For x86
+
+ OPENSSL_VPROC_PREFIX=T0085L01
+
+### Common Definition
+
+ export OPENSSL_VPROC=${OPENSSL_VPROC_PREFIX}_$(
+ . VERSION.dat
+ if [ -n "$PRE_RELEASE_TAG" ]; then
+ PRE_RELEASE_TAG="-$PRE_RELEASE_TAG"
+ fi
+ echo "$MAJOR.$MINOR.$PATCH$PRE_RELEASE_TAG$BUILD_METADATA" |\
+ sed -e 's/[-.+]/_/g'
+ )
+
+Example Configure Targets
+-------------------------
+
+For OSS targets, the main DLL names will be `libssl.so` and `libcrypto.so`.
+For GUARDIAN targets, DLL names will be `ssl` and `crypto`. The following
+assumes that your PWD is set according to your installation standards.
+
+ ./Configure nonstop-nsx --prefix=${PWD} \
+ --openssldir=${PWD}/ssl no-threads \
+ --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
+ ./Configure nonstop-nsx_g --prefix=${PWD} \
+ --openssldir=${PWD}/ssl no-threads \
+ --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
+ ./Configure nonstop-nsx_put --prefix=${PWD} \
+ --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
+ --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
+ ./Configure nonstop-nsx_spt_floss --prefix=${PWD} \
+ --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
+ --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
+ ./Configure nonstop-nsx_64 --prefix=${PWD} \
+ --openssldir=${PWD}/ssl no-threads \
+ --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
+ ./Configure nonstop-nsx_64_put --prefix=${PWD} \
+ --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
+ --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
+ ./Configure nonstop-nsx_g_tandem --prefix=${PWD} \
+ --openssldir=${PWD}/ssl no-threads \
+ --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
+
+ ./Configure nonstop-nse --prefix=${PWD} \
+ --openssldir=${PWD}/ssl no-threads \
+ --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
+ ./Configure nonstop-nse_g --prefix=${PWD} \
+ --openssldir=${PWD}/ssl no-threads \
+ --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
+ ./Configure nonstop-nse_put --prefix=${PWD} \
+ --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
+ --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
+ ./Configure nonstop-nse_spt_floss --prefix=${PWD} \
+ --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
+ --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
+ ./Configure nonstop-nse_64 --prefix=${PWD} \
+ --openssldir=${PWD}/ssl no-threads \
+ --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
+ ./Configure nonstop-nse_64_put --prefix=${PWD} \
+ --openssldir=${PWD}/ssl threads "-D_REENTRANT"
+ --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
+ ./Configure nonstop-nse_g_tandem --prefix=${PWD} \
+ --openssldir=${PWD}/ssl no-threads \
+ --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
diff --git a/NOTES.HPNS b/NOTES.HPNS
deleted file mode 100644
index 359f18b3a8..0000000000
--- a/NOTES.HPNS
+++ /dev/null
@@ -1,42 +0,0 @@
-## Probably have to be set:
-# COMP_ROOT=$(cygpath -w /path/to/comp_rooot) # must be path format for system (ie windows)
-# CC=/path/to/c99 # must be executable by shell
-
-## Optionally
-# DBGFLAG="--debug"
-# CIPHENABLES="enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-rc4"
-# onplatform cross compile (nsx->nsi): SYSTEMLIBS="-L/E/cs3/usr/local/lib"
-## VPROC
-## For Itanium:
-# OPENSSL_VPROC_PREFIX=T0085H06
-## For X86:
-# OPENSSL_VPROC_PREFIX=T0085L01
-# export OPENSSL_VPROC=${OPENSSL_VPROC_PREFIX}_$(cat include/openssl/opensslv.h |\
-# sed -n -e 's/^ *# *define *OPENSSL_VERSION_TEXT[^"]*"\([^"]*\)"/\1/p' |\
-# sed -e 's/[. ]/_/g' -e 's/[.-]/_/g' |\
-# grep -v fips \
-# )
-
-## Current Configure targets
-# Guardian targets' libraries will have so-names 'ssl' and 'crypto'
-./Configure nonstop-nsx --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine no-threads --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-./Configure nonstop-nsx_g --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine no-threads --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-./Configure nonstop-nsx_put --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine threads "-D_REENTRANT" --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-./Configure nonstop-nsx_spt --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine threads "-D_REENTRANT" --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-./Configure nonstop-nsx_64 --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine no-threads --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-./Configure nonstop-nsx_64_put --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine threads "-D_REENTRANT" --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-./Configure nonstop-nsx_g_tandem --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine no-threads --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-
-./Configure nonstop-nse --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine no-threads --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-./Configure nonstop-nse_g --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine no-threads --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-./Configure nonstop-nse_put --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine threads "-D_REENTRANT" --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-./Configure nonstop-nse_spt --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine threads "-D_REENTRANT" --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-./Configure nonstop-nse_64 --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine no-threads --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-./Configure nonstop-nse_64_put --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine threads "-D_REENTRANT" --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-./Configure nonstop-nse_g_tandem --prefix=${PWD}/install --openssldir=${PWD}/install no-dynamic-engine no-threads --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
-
-## Build loop:
-# Configure <...>
-# Make
-# ...
-# Make install
More information about the openssl-commits
mailing list