X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=INSTALL;h=41c3f32ec2cd35af5b736a0ca88b7c2242e1c98e;hp=6634316cca93ae2b270a93ea5285ec9bdf77aa6f;hb=d10dac1187fbb12fdb44a0386f1619b79b40d264;hpb=c1c971654b24e5917d908c9819fdb22bf58aebda diff --git a/INSTALL b/INSTALL index 6634316cca..41c3f32ec2 100644 --- a/INSTALL +++ b/INSTALL @@ -2,13 +2,17 @@ INSTALLATION ON THE UNIX PLATFORM --------------------------------- - [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described - in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.] + [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X) + and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS, + INSTALL.MacOS and INSTALL.NW. + + This document describes installation on operating systems in the Unix + family.] To install OpenSSL, you will need: * make - * Perl 5 + * Perl 5 with core modules (see 'Note on Perl' further down) * an ANSI C compiler * a development environment in form of development libraries and C header files @@ -53,6 +57,15 @@ This will usually require additional system-dependent options! See "Note on multi-threading" below. + no-zlib Don't try to build with support for zlib compression and + decompression. + + zlib Build with support for zlib compression/decompression. + + zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically + when needed. This is only supported on systems where loading + of shared libraries is supported. This is the default choice. + no-shared Don't try to create shared libraries. shared In addition to the usual static libraries, create shared @@ -62,14 +75,30 @@ no-asm Do not use assembler code. 386 Use the 80386 instruction set only (the default x86 code is - more efficient, but requires at least a 486). + more efficient, but requires at least a 486). Note: Use + compiler flags for any other CPU specific configuration, + e.g. "-m32" to build x86 code on an x64 system. + + no-sse2 Exclude SSE2 code pathes. Normally SSE2 extension is + detected at run-time, but the decision whether or not the + machine code will be executed is taken solely on CPU + capability vector. This means that if you happen to run OS + kernel which does not support SSE2 extension on Intel P4 + processor, then your application might be exposed to + "illegal instruction" exception. There might be a way + to enable support in kernel, e.g. FreeBSD kernel can be + compiled with CPU_ENABLE_SSE, and there is a way to + disengage SSE2 code pathes upon application start-up, + but if you aim for wider "audience" running such kernel, + consider no-sse2. Both 386 and no-asm options above imply + no-sse2. no- Build without the specified cipher (bf, cast, des, dh, dsa, hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha). The crypto/ directory can be removed after running "make depend". - -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will + -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will be passed through to the compiler to allow you to define preprocessor symbols, specify additional libraries, library directories or other compiler options. @@ -112,7 +141,7 @@ generic configurations "cc" or "gcc" should usually work on 32 bit systems. - Configure creates the file Makefile.ssl from Makefile.org and + Configure creates the file Makefile.ssl from Makefile.in and defines various macros in crypto/opensslconf.h (generated from crypto/opensslconf.h.in). @@ -128,8 +157,11 @@ the failure that aren't problems in OpenSSL itself (like missing standard headers). If it is a problem with OpenSSL itself, please report the problem to (note that your - message will be forwarded to a public mailing list). Include the - output of "make report" in your message. + message will be recorded in the request tracker publicly readable + at https://www.openssl.org/community/index.html#bugs and will be + forwarded to a public mailing list). Include the output of "make + report" in your message. Please check out the request tracker. Maybe + the bug was already reported or has already been fixed. [If you encounter assembler error messages, try the "no-asm" configuration option as an immediate fix.] @@ -141,13 +173,38 @@ $ make test - If a test fails, look at the output. There may be reasons for - the failure that isn't a problem in OpenSSL itself (like a missing - or malfunctioning bc). If it is a problem with OpenSSL itself, - try removing any compiler optimization flags from the CFLAGS line - in Makefile.ssl and run "make clean; make". Please send a bug - report to , including the output of - "make report". + If some tests fail, look at the output. There may be reasons for + the failure that isn't a problem in OpenSSL itself (like a + malfunction with Perl). You may want increased verbosity, that + can be accomplished like this: + + $ HARNESS_VERBOSE=yes make test + + Also, you will find logs for all commands the tests have executed + in logs, test/test_*.log, one for each individual test. + + If you want to run just one or a few specific tests, you can use + the make variable TESTS to specify them, like this: + + $ make TESTS='test_rsa test_dsa' test + + And of course, you can combine: + + $ HARNESS_VERBOSE=yes make TESTS='test_rsa test_dsa' test + + You can find the list of available tests like this: + + $ make list-tests + + If you find a problem with OpenSSL itself, try removing any + compiler optimization flags from the CFLAG line in Makefile and + run "make clean; make". + + Please send a bug report to , and when + you do, please run the following and include the output in your + report: + + $ make report 4. If everything tests ok, install OpenSSL with @@ -173,6 +230,10 @@ compile programs with libcrypto or libssl. lib Contains the OpenSSL library files themselves. + Use "make install_sw" to install the software without documentation, + and "install_docs_html" to install HTML renditions of the manual + pages. + Package builders who want to configure the library for standard locations, but have the package installed somewhere else so that it can easily be packaged, can use @@ -249,6 +310,26 @@ with names of the form . + Note on Perl + ------------ + + For our scripts, we rely quite a bit on Perl, and increasingly on + some core Perl modules. These Perl modules are part of the Perl + source, so if you build Perl on your own, you should be set. + + However, if you install Perl as binary packages, the outcome might + differ, and you may have to check that you do get the core modules + installed properly. We do not claim to know them all, but experience + has told us the following: + + - on Linux distributions based on Debian, the package 'perl' will + install the core Perl modules as well, so you will be fine. + - on Linux distributions based on RPMs, you will need to install + 'perl-core' rather than just 'perl'. + + It is highly recommended that you have at least Perl version 5.12 + installed. + Note on multi-threading ----------------------- @@ -269,10 +350,10 @@ Note on shared libraries ------------------------ - Shared library is currently an experimental feature. The only reason to - have them would be to conserve memory on systems where several program - are using OpenSSL. Binary backward compatibility can't be guaranteed - before OpenSSL version 1.0. + Shared libraries have certain caveats. Binary backward compatibility + can't be guaranteed before OpenSSL version 1.0. The only reason to + use them would be to conserve memory on systems where several programs + are using OpenSSL. For some systems, the OpenSSL Configure script knows what is needed to build shared libraries for libcrypto and libssl. On these systems, @@ -281,3 +362,37 @@ targets for shared library creation, like linux-shared. Those targets can currently be used on their own just as well, but this is expected to change in future versions of OpenSSL. + + Note on random number generation + -------------------------------- + + Availability of cryptographically secure random numbers is required for + secret key generation. OpenSSL provides several options to seed the + internal PRNG. If not properly seeded, the internal PRNG will refuse + to deliver random bytes and a "PRNG not seeded error" will occur. + On systems without /dev/urandom (or similar) device, it may be necessary + to install additional support software to obtain random seed. + Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), + and the FAQ for more information. + + Note on support for multiple builds + ----------------------------------- + + OpenSSL is usually built in its source tree. Unfortunately, this doesn't + support building for multiple platforms from the same source tree very well. + It is however possible to build in a separate tree through the use of lots + of symbolic links, which should be prepared like this: + + mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" + cd objtree/"`uname -s`-`uname -r`-`uname -m`" + (cd $OPENSSL_SOURCE; find . -type f) | while read F; do + mkdir -p `dirname $F` + rm -f $F; ln -s $OPENSSL_SOURCE/$F $F + echo $F '->' $OPENSSL_SOURCE/$F + done + make -f Makefile.in clean + + OPENSSL_SOURCE is an environment variable that contains the absolute (this + is important!) path to the OpenSSL source tree. + + Also, operations like 'make update' should still be made in the source tree.