X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=INSTALL;h=31d88574cf0c49318b27ac39723707d6d9cb4c1b;hp=af86485e00fe8127481e54624635e8618446a2d7;hb=a66ec57c6e5c303e288b9bee7272319375ce25ae;hpb=7650934f21d43fe024d7a7958bab1be7f7864b29 diff --git a/INSTALL b/INSTALL index af86485e00..31d88574cf 100644 --- a/INSTALL +++ b/INSTALL @@ -2,15 +2,18 @@ INSTALLATION ON THE UNIX PLATFORM --------------------------------- - [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X) - is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS. + [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X) + and NetWare is described in INSTALL.DJGPP, INSTALL.WIN, INSTALL.VMS, + INSTALL.MacOS and INSTALL.NW. + This document describes installation on operating systems in the Unix family.] To install OpenSSL, you will need: * make - * Perl 5 + * Perl 5 with core modules (please read README.PERL) + * The perl module Text::Template (please read README.PERL) * an ANSI C compiler * a development environment in form of development libraries and C header files @@ -48,6 +51,19 @@ --openssldir=DIR Directory for OpenSSL files. If no prefix is specified, the library files and binaries are also installed there. + no-autoalginit Don't automatically load all supported ciphers and digests. + Typically OpenSSL will make available all of its supported + ciphers and digests. For a statically linked application this + may be undesirable if small executable size is an objective. + This only affects libcrypto. Ciphers and digests will have to be + loaded manually using EVP_add_cipher() and EVP_add_digest() if + this option is used. + + no-autoerrinit Don't automatically load all libcrypto/libssl error strings. + Typically OpenSSL will automatically load human readable error + strings. For a statically linked application this may be + undesirable if small executable size is an objective. + no-threads Don't try to build with support for multi-threaded applications. @@ -73,14 +89,30 @@ no-asm Do not use assembler code. 386 Use the 80386 instruction set only (the default x86 code is - more efficient, but requires at least a 486). + more efficient, but requires at least a 486). Note: Use + compiler flags for any other CPU specific configuration, + e.g. "-m32" to build x86 code on an x64 system. + + no-sse2 Exclude SSE2 code pathes. Normally SSE2 extension is + detected at run-time, but the decision whether or not the + machine code will be executed is taken solely on CPU + capability vector. This means that if you happen to run OS + kernel which does not support SSE2 extension on Intel P4 + processor, then your application might be exposed to + "illegal instruction" exception. There might be a way + to enable support in kernel, e.g. FreeBSD kernel can be + compiled with CPU_ENABLE_SSE, and there is a way to + disengage SSE2 code pathes upon application start-up, + but if you aim for wider "audience" running such kernel, + consider no-sse2. Both 386 and no-asm options above imply + no-sse2. no- Build without the specified cipher (bf, cast, des, dh, dsa, hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha). The crypto/ directory can be removed after running "make depend". - -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will + -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will be passed through to the compiler to allow you to define preprocessor symbols, specify additional libraries, library directories or other compiler options. @@ -123,7 +155,7 @@ generic configurations "cc" or "gcc" should usually work on 32 bit systems. - Configure creates the file Makefile.ssl from Makefile.org and + Configure creates the file Makefile.ssl from Makefile.in and defines various macros in crypto/opensslconf.h (generated from crypto/opensslconf.h.in). @@ -140,10 +172,10 @@ standard headers). If it is a problem with OpenSSL itself, please report the problem to (note that your message will be recorded in the request tracker publicly readable - via http://www.openssl.org/rt2.html and will be forwarded to a public - mailing list). Include the output of "make report" in your message. - Please check out the request tracker. Maybe the bug was already - reported or has already been fixed. + at https://www.openssl.org/community/index.html#bugs and will be + forwarded to a public mailing list). Include the output of "make + report" in your message. Please check out the request tracker. Maybe + the bug was already reported or has already been fixed. [If you encounter assembler error messages, try the "no-asm" configuration option as an immediate fix.] @@ -155,14 +187,38 @@ $ make test - If a test fails, look at the output. There may be reasons for - the failure that isn't a problem in OpenSSL itself (like a missing - or malfunctioning bc). If it is a problem with OpenSSL itself, - try removing any compiler optimization flags from the CFLAGS line - in Makefile.ssl and run "make clean; make". Please send a bug - report to , including the output of - "make report" in order to be added to the request tracker at - http://www.openssl.org/rt2.html. + If some tests fail, look at the output. There may be reasons for + the failure that isn't a problem in OpenSSL itself (like a + malfunction with Perl). You may want increased verbosity, that + can be accomplished like this: + + $ HARNESS_VERBOSE=yes make test + + If you want to run just one or a few specific tests, you can use + the make variable TESTS to specify them, like this: + + $ make TESTS='test_rsa test_dsa' test + + And of course, you can combine: + + $ HARNESS_VERBOSE=yes make TESTS='test_rsa test_dsa' test + + You can find the list of available tests like this: + + $ make list-tests + + Have a look at the manual for the perl module Test::Harness to + see what other HARNESS_* variables there are. + + If you find a problem with OpenSSL itself, try removing any + compiler optimization flags from the CFLAG line in Makefile and + run "make clean; make". + + Please send a bug report to , and when + you do, please run the following and include the output in your + report: + + $ make report 4. If everything tests ok, install OpenSSL with @@ -188,14 +244,17 @@ compile programs with libcrypto or libssl. lib Contains the OpenSSL library files themselves. + Use "make install_sw" to install the software without documentation, + and "install_docs_html" to install HTML renditions of the manual + pages. + Package builders who want to configure the library for standard locations, but have the package installed somewhere else so that it can easily be packaged, can use - $ make INSTALL_PREFIX=/tmp/package-root install + $ make DESTDIR=/tmp/package-root install - (or specify "--install_prefix=/tmp/package-root" as a configure - option). The specified prefix will be prepended to all + The specified destination directory will be prepended to all installation target filenames. @@ -280,14 +339,18 @@ you can still use "no-threads" to suppress an annoying warning message from the Configure script.) + OpenSSL provides built-in support for two threading models: pthreads (found on + most UNIX/Linux systems), and Windows threads. No other threading models are + supported. If your platform does not provide pthreads or Windows threads then + you should Configure with the "no-threads" option. Note on shared libraries ------------------------ - Shared library is currently an experimental feature. The only reason to - have them would be to conserve memory on systems where several program - are using OpenSSL. Binary backward compatibility can't be guaranteed - before OpenSSL version 1.0. + Shared libraries have certain caveats. Binary backward compatibility + can't be guaranteed before OpenSSL version 1.0. The only reason to + use them would be to conserve memory on systems where several programs + are using OpenSSL. For some systems, the OpenSSL Configure script knows what is needed to build shared libraries for libcrypto and libssl. On these systems, @@ -296,3 +359,37 @@ targets for shared library creation, like linux-shared. Those targets can currently be used on their own just as well, but this is expected to change in future versions of OpenSSL. + + Note on random number generation + -------------------------------- + + Availability of cryptographically secure random numbers is required for + secret key generation. OpenSSL provides several options to seed the + internal PRNG. If not properly seeded, the internal PRNG will refuse + to deliver random bytes and a "PRNG not seeded error" will occur. + On systems without /dev/urandom (or similar) device, it may be necessary + to install additional support software to obtain random seed. + Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), + and the FAQ for more information. + + Note on support for multiple builds + ----------------------------------- + + OpenSSL is usually built in its source tree. Unfortunately, this doesn't + support building for multiple platforms from the same source tree very well. + It is however possible to build in a separate tree through the use of lots + of symbolic links, which should be prepared like this: + + mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" + cd objtree/"`uname -s`-`uname -r`-`uname -m`" + (cd $OPENSSL_SOURCE; find . -type f) | while read F; do + mkdir -p `dirname $F` + rm -f $F; ln -s $OPENSSL_SOURCE/$F $F + echo $F '->' $OPENSSL_SOURCE/$F + done + make -f Makefile.in clean + + OPENSSL_SOURCE is an environment variable that contains the absolute (this + is important!) path to the OpenSSL source tree. + + Also, operations like 'make update' should still be made in the source tree.