diff --git a/INSTALL b/INSTALL index 31d88574cf0c49318b27ac39723707d6d9cb4c1b..eed3e22bffe260b5bc35511bb5a2890ae3d19b82 100644 --- a/INSTALL +++ b/INSTALL @@ -2,12 +2,12 @@ INSTALLATION ON THE UNIX PLATFORM --------------------------------- - [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X) - and NetWare is described in INSTALL.DJGPP, INSTALL.WIN, INSTALL.VMS, - INSTALL.MacOS and INSTALL.NW. + [Installation on DOS (with djgpp), Windows, MacOS (before MacOS X) + and NetWare is described in INSTALL.DJGPP, INSTALL.WIN, INSTALL.MacOS + and INSTALL.NW. - This document describes installation on operating systems in the Unix - family.] + This document describes installation on the main supported operating + systems, currently the Unix family and OpenVMS.] To install OpenSSL, you will need: @@ -17,25 +17,49 @@ * an ANSI C compiler * a development environment in form of development libraries and C header files - * a supported Unix operating system + * a supported operating system + + For more details regarding specific platforms, there are these notes + available: + + * NOTES.VMS Quick Start ----------- If you want to just get on with it, do: - $ ./config - $ make - $ make test - $ make install + on Unix: + + $ ./config + $ make + $ make test + $ make install + + on OpenVMS: + + $ @config + $ mms + $ mms test + $ mms install [If any of these steps fails, see section Installation in Detail below.] - This will build and install OpenSSL in the default location, which is (for - historical reasons) /usr/local/ssl. If you want to install it anywhere else, - run config like this: + This will build and install OpenSSL in the default location, which is: + + Unix: normal installation directories under /usr/local + OpenVMS: SYS$COMMON:[OPENSSL-'version'...], where 'version' is the + OpenSSL version number ('major'_'minor'). + + If you want to install it anywhere else, run config like this: - $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl + On Unix: + + $ ./config --prefix=/opt/openssl --openssldir=/usr/local/ssl + + On OpenVMS: + + $ @config --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL] Configuration Options @@ -44,12 +68,16 @@ There are several options to ./config (or ./Configure) to customize the build: - --prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl. - Configuration files used by OpenSSL will be in DIR/ssl - or the directory specified by --openssldir. + --prefix=DIR The top of the installation directory tree. Defaults are: - --openssldir=DIR Directory for OpenSSL files. If no prefix is specified, - the library files and binaries are also installed there. + Unix: /usr/local + OpenVMS: SYS$COMMON:[OPENSSL-'version'] + + --openssldir=DIR Directory for OpenSSL configuration files, and also the + default certificate and key store. Defaults are: + + Unix: PREFIX/ssl (PREFIX is given by --prefix) + OpenVMS: SYS$COMMON:[SSL] no-autoalginit Don't automatically load all supported ciphers and digests. Typically OpenSSL will make available all of its supported @@ -88,10 +116,11 @@ no-asm Do not use assembler code. - 386 Use the 80386 instruction set only (the default x86 code is - more efficient, but requires at least a 486). Note: Use - compiler flags for any other CPU specific configuration, - e.g. "-m32" to build x86 code on an x64 system. + 386 On Intel hardware, use the 80386 instruction set only + (the default x86 code is more efficient, but requires at + least a 486). Note: Use compiler flags for any other CPU + specific configuration, e.g. "-m32" to build x86 code on + an x64 system. no-sse2 Exclude SSE2 code pathes. Normally SSE2 extension is detected at run-time, but the decision whether or not the @@ -123,7 +152,14 @@ 1a. Configure OpenSSL for your operation system automatically: - $ ./config [options] + $ ./config [options] # Unix + + or + + $ @config [options] ! OpenVMS + + For the remainder of this text, the Unix form will be used in all + examples, please use the appropriate form for your platform. This guesses at your operating system (and compiler, if necessary) and configures OpenSSL based on this guess. Run ./config -t to see @@ -140,12 +176,19 @@ OpenSSL knows about a range of different operating system, hardware and compiler combinations. To see the ones it knows about, run - $ ./Configure + $ ./Configure # Unix + + or + + $ perl Configure # All other platforms + + For the remainder of this text, the Unix form will be used in all + examples, please use the appropriate form for your platform. Pick a suitable name from the list that matches your system. For most operating systems there is a choice between using "cc" or "gcc". When you have identified your system (and if necessary compiler) use this name - as the argument to ./Configure. For example, a "linux-elf" user would + as the argument to Configure. For example, a "linux-elf" user would run: $ ./Configure linux-elf [options] @@ -159,20 +202,53 @@ defines various macros in crypto/opensslconf.h (generated from crypto/opensslconf.h.in). + 1c. Configure OpenSSL for building outside of the source tree. + + OpenSSL can be configured to build in a build directory separate from + the directory with the source code. It's done by placing yourself in + some other directory and invoking the configuration commands from + there. + + Unix example: + + $ mkdir /var/tmp/openssl-build + $ cd /var/tmp/openssl-build + $ /PATH/TO/OPENSSL/SOURCE/config [options] + + or + + $ /PATH/TO/OPENSSL/SOURCE/Configure [target] [options] + + OpenVMS example: + + $ set default sys$login: + $ create/dir [.tmp.openssl-build] + $ set default [.tmp.openssl-build] + $ @[PATH.TO.OPENSSL.SOURCE]config {options} + + or + + $ @[PATH.TO.OPENSSL.SOURCE]Configure {target} {options} + + Paths can be relative just as well as absolute. Configure will + do its best to translate them to relative paths whenever possible. + 2. Build OpenSSL by running: - $ make + $ make # Unix + $ mms ! (or mmk) OpenVMS - This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the - OpenSSL binary ("openssl"). The libraries will be built in the top-level - directory, and the binary will be in the "apps" directory. + This will build the OpenSSL libraries (libcrypto.a and libssl.a on + Unix, corresponding on other platforms) and the OpenSSL binary + ("openssl"). The libraries will be built in the top-level directory, + and the binary will be in the "apps" subdirectory. - If "make" fails, look at the output. There may be reasons for + If the build fails, look at the output. There may be reasons for the failure that aren't problems in OpenSSL itself (like missing standard headers). If it is a problem with OpenSSL itself, please - report the problem to (note that your - message will be recorded in the request tracker publicly readable - at https://www.openssl.org/community/index.html#bugs and will be + report the problem to (note that your message + will be recorded in the request tracker publicly readable at + https://www.openssl.org/community/index.html#bugs and will be forwarded to a public mailing list). Include the output of "make report" in your message. Please check out the request tracker. Maybe the bug was already reported or has already been fixed. @@ -185,34 +261,40 @@ 3. After a successful build, the libraries should be tested. Run: - $ make test + $ make test # Unix + $ mms test ! OpenVMS If some tests fail, look at the output. There may be reasons for the failure that isn't a problem in OpenSSL itself (like a malfunction with Perl). You may want increased verbosity, that can be accomplished like this: - $ HARNESS_VERBOSE=yes make test + $ HARNESS_VERBOSE=yes make test # Unix + + $ DEFINE HARNESS_VERBOSE YES + $ mms test ! OpenVMS If you want to run just one or a few specific tests, you can use the make variable TESTS to specify them, like this: - $ make TESTS='test_rsa test_dsa' test + $ make TESTS='test_rsa test_dsa' test # Unix + $ mms/macro="TESTS=test_rsa test_dsa" test ! OpenVMS - And of course, you can combine: + And of course, you can combine (Unix example shown): $ HARNESS_VERBOSE=yes make TESTS='test_rsa test_dsa' test You can find the list of available tests like this: - $ make list-tests + $ make list-tests # Unix + $ make list-tests ! OpenVMS Have a look at the manual for the perl module Test::Harness to see what other HARNESS_* variables there are. If you find a problem with OpenSSL itself, try removing any - compiler optimization flags from the CFLAG line in Makefile and - run "make clean; make". + compiler optimization flags from the CFLAGS line in Makefile and + run "make clean; make" or corresponding. Please send a bug report to , and when you do, please run the following and include the output in your @@ -222,105 +304,85 @@ 4. If everything tests ok, install OpenSSL with - $ make install - - This will create the installation directory (if it does not exist) and - then the following subdirectories: - - certs Initially empty, this is the default location - for certificate files. - man/man1 Manual pages for the 'openssl' command line tool - man/man3 Manual pages for the libraries (very incomplete) - misc Various scripts. - private Initially empty, this is the default location - for private key files. - - If you didn't choose a different installation prefix, the - following additional subdirectories will be created: - - bin Contains the openssl binary and a few other - utility programs. - include/openssl Contains the header files needed if you want to - compile programs with libcrypto or libssl. - lib Contains the OpenSSL library files themselves. - - Use "make install_sw" to install the software without documentation, - and "install_docs_html" to install HTML renditions of the manual - pages. + $ make install # Unix + $ mms install ! OpenVMS + + This will install all the software components in this directory + tree under PREFIX (the directory given with --prefix or its + default): + + Unix: + + bin/ Contains the openssl binary and a few other + utility scripts. + include/openssl + Contains the header files needed if you want + to build your own programs that use libcrypto + or libssl. + lib Contains the OpenSSL library files. + lib/engines Contains the OpenSSL dynamically loadable engines. + share/man/{man1,man3,man5,man7} + Contains the OpenSSL man-pages. + share/doc/openssl/html{man1,man3,man5,man7} + Contains the HTML rendition of the man-pages. + + OpenVMS ('arch' is replaced with the architecture name, "Alpha" + or "ia64"): + + [.EXE.'arch'] Contains the openssl binary and a few other + utility scripts. + [.include.openssl] + Contains the header files needed if you want + to build your own programs that use libcrypto + or libssl. + [.LIB.'arch'] Contains the OpenSSL library files. + [.ENGINES.'arch'] + Contains the OpenSSL dynamically loadable engines. + [.SYS$STARTUP] Contains startup, login and shutdown scripts. + These define appropriate logical names and + command symbols. + + + Additionally, install will add the following directories under + OPENSSLDIR (the directory given with --openssldir or its default) + for you convenience: + + certs Initially empty, this is the default location + for certificate files. + private Initially empty, this is the default location + for private key files. + misc Various scripts. Package builders who want to configure the library for standard locations, but have the package installed somewhere else so that it can easily be packaged, can use - $ make DESTDIR=/tmp/package-root install + $ make DESTDIR=/tmp/package-root install # Unix + $ mms/macro="DESTDIR=TMP:[PACKAGE-ROOT]" install ! OpenVMS The specified destination directory will be prepended to all - installation target filenames. - - - NOTE: The header files used to reside directly in the include - directory, but have now been moved to include/openssl so that - OpenSSL can co-exist with other libraries which use some of the - same filenames. This means that applications that use OpenSSL - should now use C preprocessor directives of the form - - #include - - instead of "#include ", which was used with library versions - up to OpenSSL 0.9.2b. + installation target paths. - If you install a new version of OpenSSL over an old library version, - you should delete the old header files in the include directory. - - Compatibility issues: + Compatibility issues with previous OpenSSL versions: * COMPILING existing applications - To compile an application that uses old filenames -- e.g. - "#include " --, it will usually be enough to find - the CFLAGS definition in the application's Makefile and - add a C option such as - - -I/usr/local/ssl/include/openssl - - to it. - - But don't delete the existing -I option that points to - the ..../include directory! Otherwise, OpenSSL header files - could not #include each other. - - * WRITING applications - - To write an application that is able to handle both the new - and the old directory layout, so that it can still be compiled - with library versions up to OpenSSL 0.9.2b without bothering - the user, you can proceed as follows: - - - Always use the new filename of OpenSSL header files, - e.g. #include . + OpenSSL 1.1 hides a number of structures that were previously + open. This includes all internal libssl structures and a number + of EVP types. Accessor functions have been added to allow + controlled access to the structures' data. - - Create a directory "incl" that contains only a symbolic - link named "openssl", which points to the "include" directory - of OpenSSL. - For example, your application's Makefile might contain the - following rule, if OPENSSLDIR is a pathname (absolute or - relative) of the directory where OpenSSL resides: + This means that some software needs to be rewritten to adapt to + the new ways of doing things. This often amounts to allocating + an instance of a structure explicitly where you could previously + allocate them on the stack as automatic variables, and using the + provided accessor functions where you would previously access a + structure's field directly. - incl/openssl: - -mkdir incl - cd $(OPENSSLDIR) # Check whether the directory really exists - -ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl + - You will have to add "incl/openssl" to the dependencies - of those C files that include some OpenSSL header file. - - - Add "-Iincl" to your CFLAGS. - - With these additions, the OpenSSL header files will be available - under both name variants if an old library version is used: - Your application can reach them under names like , - while the header files still are able to #include each other - with names of the form . + Some APIs have changed as well. However, older APIs have been + preserved when possible. Note on multi-threading @@ -372,24 +434,3 @@ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), and the FAQ for more information. - Note on support for multiple builds - ----------------------------------- - - OpenSSL is usually built in its source tree. Unfortunately, this doesn't - support building for multiple platforms from the same source tree very well. - It is however possible to build in a separate tree through the use of lots - of symbolic links, which should be prepared like this: - - mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" - cd objtree/"`uname -s`-`uname -r`-`uname -m`" - (cd $OPENSSL_SOURCE; find . -type f) | while read F; do - mkdir -p `dirname $F` - rm -f $F; ln -s $OPENSSL_SOURCE/$F $F - echo $F '->' $OPENSSL_SOURCE/$F - done - make -f Makefile.in clean - - OPENSSL_SOURCE is an environment variable that contains the absolute (this - is important!) path to the OpenSSL source tree. - - Also, operations like 'make update' should still be made in the source tree. diff --git a/INSTALL.VMS b/INSTALL.VMS deleted file mode 100644 index 01f2ee78154b69a1a62a2ca0836d512a222ca1aa..0000000000000000000000000000000000000000 --- a/INSTALL.VMS +++ /dev/null @@ -1,66 +0,0 @@ - - INSTALLATION ON THE VMS PLATFORM - -------------------------------- - - Intro - ----- - - This file is divided in the following parts: - - Requirements - Mandatory reading. - Cheking the distribution - Mandatory reading. - Quick start - Test - Installation - Backward portability - Possible bugs and quirks - - - Requirements - ------------ - - To build and install OpenSSL, you will need: - - * Perl 5 with core modules (please read README.PERL) - * The perl module Text::Template (please read README.PERL) - * DEC C or some other ANSI C compiler. VAX C is *not* supported. - [Note: OpenSSL has only been tested with DEC C. Compiling with - a different ANSI C compiler may require some work] - - Checking the distribution - ------------------------- - - There have been reports of places where the distribution didn't quite - get through, for example if you've copied the tree from a NFS-mounted - Unix mount point. - - The easiest way to check if everything got through as it should is to - check for one of the following files: - - [.crypto]opensslconf^.h.in - - The best way to get a correct distribution is to download the gzipped - tar file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress - it and use VMSTAR to unpack the resulting tar file. - - GUNZIP is available {FIXME: where is it available?} - - VMSTAR is available {FIXME: where is it available?} - - - Quick start - ----------- - - If you want to just get on with it, do this: - - $ @config - $ mms - $ mms test - $ mmm install - - This will buidl and install OpenSSL in the default location, which is - SYS$COMMON:[OPENSSL-'VERSION']. If you want it to be anywhere else, - run config.com like this: - - $ @config --prefix=PROGRAM:[OPENSSL] - diff --git a/NOTES.VMS b/NOTES.VMS new file mode 100644 index 0000000000000000000000000000000000000000..2c7b80b58fcfd944d670197b9817363521178b21 --- /dev/null +++ b/NOTES.VMS @@ -0,0 +1,47 @@ + + NOTES FOR THE OPENVMS PLATFORM + ============================== + + Requirement details + ------------------- + + In addition to the requirements listed in INSTALL, these are required + as well: + + * At least ODS-5 disk organization for source and build. + Installation can be done on any existing disk organization. + + + About ANSI C compiler + --------------------- + + An ANSI C compiled is needed among other things. This means that VAX C + is not and will not be supported. + + We have only tested with DEC C (a.k.a HP VMS C / VSI C), compiling with + a different ANSI C compiler may require some work. + + + Checking the distribution + ------------------------- + + There have been reports of places where the distribution didn't quite + get through, for example if you've copied the tree from a NFS-mounted + Unix mount point. + + The easiest way to check if everything got through as it should is to + check for one of the following files: + + [.crypto]opensslconf^.h.in + + The best way to get a correct distribution is to download the gzipped + tar file from ftp://ftp.openssl.org/source/, use GZIP -d to uncompress + it and VMSTAR to unpack the resulting tar file. + + Gzip and VMSTAR are available here: + + http://antinode.info/dec/index.html#Software + + Should you need it, you can find UnZip for VMS here: + + http://www.info-zip.org/UnZip.html