VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.7/NOTES-NONSTOP.md@ 106165

最後變更 在這個檔案從106165是 105949,由 vboxsync 提交於 2 月 前

openssl-3.1.7: Applied and adjusted our OpenSSL changes to 3.1.7. bugref:10757

檔案大小: 10.6 KB
 
1NOTES FOR THE HPE NONSTOP PLATFORM
2==============================
3
4Requirement details
5-------------------
6
7In addition to the requirements and instructions listed
8in [INSTALL.md](INSTALL.md), the following are required as well:
9
10 * The TNS/X platform supports hardware randomization.
11 Specify the `--with-rand-seed=rdcpu` option to the `./Configure` script.
12 This is recommended but not required. `egd` is supported at 3.0 but cannot
13 be used if FIPS is selected.
14 * The TNS/E platform does not support hardware randomization, so
15 specify the `--with-rand-seed=egd` option to the `./Configure` script.
16
17About c99 compiler
18------------------
19
20The c99 compiler is required for building OpenSSL from source. While c11
21may work, it has not been broadly tested. c99 is the only compiler
22prerequisite needed to build OpenSSL 3.0 on this platform. You should also
23have the FLOSS package installed on your system. The ITUGLIB FLOSS package
24is the only FLOSS variant that has been broadly tested.
25
26Threading Models
27----------------
28
29OpenSSL can be built using unthreaded, POSIX User Threads (PUT), or Standard
30POSIX Threads (SPT). Select the following build configuration for each on
31the TNS/X (L-Series) platform:
32
33 * `nonstop-nsx` or default will select an unthreaded build.
34 * `nonstop-nsx_put` selects the PUT build.
35 * `nonstop-nsx_64_put` selects the 64 bit file length PUT build.
36 * `nonstop-nsx_spt_floss` selects the SPT build with FLOSS. FLOSS is
37 required for SPT builds because of a known hang when using SPT on its own.
38
39### TNS/E Considerations
40
41The TNS/E platform is build using the same set of builds specifying `nse`
42instead of `nsx` in the set above.
43
44You cannot build for TNS/E for FIPS, so you must specify the `no-fips`
45option to `./Configure`.
46
47Linking and Loading Considerations
48----------------------------------
49
50Because of how the NonStop Common Runtime Environment (CRE) works, there are
51restrictions on how programs can link and load with OpenSSL libraries.
52On current NonStop platforms, programs cannot both statically link OpenSSL
53libraries and dynamically load OpenSSL shared libraries concurrently. If this
54is done, there is a high probability of encountering a SIGSEGV condition
55relating to `atexit()` processing when a shared library is unloaded and when
56the program terminates. This limitation applies to all OpenSSL shared library
57components.
58
59A resolution to this situation is under investigation.
60
61About Prefix and OpenSSLDir
62---------------------------
63
64Because there are many potential builds that must co-exist on any given
65NonStop node, managing the location of your build distribution is crucial.
66Keep each destination separate and distinct. Mixing any mode described in
67this document can cause application instability. The recommended approach
68is to specify the OpenSSL version and threading model in your configuration
69options, and keeping your memory and float options consistent, for example:
70
71 * For 1.1 `--prefix=/usr/local-ssl1.1 --openssldir=/usr/local-ssl1.1/ssl`
72 * For 1.1 PUT `--prefix=/usr/local-ssl1.1_put --openssldir=/usr/local-ssl1.1_put/ssl`
73
74As of 3.0, the NonStop configurations use the multilib attribute to distinguish
75between different models:
76
77 * For 3.0 `--prefix=/usr/local-ssl3.0 --openssldir=/usr/local-ssl3.0/ssl`
78
79The PUT model is placed in `${prefix}/lib-put` for 32-bit models and
80`${prefix}/lib64-put` for 64-bit models.
81
82Use the `_RLD_LIB_PATH` environment variable in OSS to select the appropriate
83directory containing `libcrypto.so` and `libssl.so`. In GUARDIAN, use the
84`=_RLD_LIB_PATH` search define to locate the GUARDIAN subvolume where OpenSSL
85is installed.
86
87Float Considerations
88--------------------
89
90OpenSSL is built using IEEE Float mode by default. If you need a different
91IEEE mode, create a new configuration specifying `tfloat-x86-64` (for Tandem
92Float) or `nfloat-x86-64` (for Neutral Float).
93
94Memory Models
95-------------
96
97The current OpenSSL default memory model uses the default platform address
98model. If you need a different address model, you must specify the appropriate
99c99 options for compile (`CFLAGS`) and linkers (`LDFLAGS`).
100
101Cross Compiling on Windows
102--------------------------
103
104To configure and compile OpenSSL, you will need to set up a Cygwin environment.
105The Cygwin tools should include bash, make, and any other normal tools required
106for building programs.
107
108Your `PATH` must include the bin directory for the c99 cross-compiler, as in:
109
110 export PATH=/cygdrive/c/Program\ Files\ \(x86\)/HPE\ NonStop/L16.05/usr/bin:$PATH
111
112This should be set before Configure is run. For the c99 cross-compiler to work
113correctly, you also need the `COMP_ROOT` set, as in:
114
115 export COMP_ROOT="C:\Program Files (x86)\HPE NonStop\L16.05"
116
117`COMP_ROOT` needs to be in Windows form.
118
119`Configure` must specify the `no-makedepend` option otherwise errors will
120result when running the build because the c99 cross-compiler does not support
121the `gcc -MT` option. An example of a `Configure` command to be run from the
122OpenSSL directory is:
123
124 ./Configure nonstop-nsx_64 no-makedepend --with-rand-seed=rdcpu
125
126Do not forget to include any OpenSSL cross-compiling prefix and certificate
127options when creating your libraries.
128
129The OpenSSL test suite will not run on your workstation. In order to verify the
130build, you will need to perform the build and test steps in OSS in your NonStop
131server. You can also build under gcc and run the test suite for Windows but that
132is not equivalent.
133
134**Note:** In the event that you are attempting a FIPS-compliant cross-compile,
135be aware that signatures may not match between builds done under OSS and under
136cross-compiles as the compilers do not necessarily generate identical objects.
137Anything and everything to do with FIPS is outside the scope of this document.
138Refer to the FIPS security policy for more information.
139
140The following build configurations have been successfully attempted at one
141point or another. If you are successful in your cross-compile efforts, please
142update this list:
143
144- nonstop-nsx_64
145- nonstop-nsx_64_put
146
147**Note:** Cross-compile builds for TNS/E have not been attempted, but should
148follow the same considerations as for TNS/X above. SPT builds generally require
149FLOSS, which is not available for workstation builds. As a result, SPT builds
150of OpenSSL cannot be cross-compiled.
151
152Also see the NSDEE discussion below for more historical information.
153
154Cross Compiling with NSDEE
155--------------------------
156
157**Note:** None of these builds have been tested by the platform maintainer and
158are supplied for historical value. Please submit a Pull Request to OpenSSL
159should these need to be adjusted.
160
161If you are attempting to build OpenSSL with NSDEE, you will need to specify
162the following variables. The following set of compiler defines are required:
163
164 # COMP_ROOT must be a full path for the build system (e.g. windows)
165 COMP_ROOT=$(cygpath -w /path/to/comp_root)
166 # CC must be executable by your shell
167 CC=/path/to/c99
168
169### Optional Build Variables
170
171 DBGFLAG="--debug"
172 CIPHENABLES="enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-rc4"
173
174### Internal Known TNS/X to TNS/E Cross Compile Variables
175
176The following definition is required if you are building on TNS/X for TNS/E
177and have access to a TNS/E machine on your EXPAND network - with an example
178node named `\CS3`:
179
180 SYSTEMLIBS="-L/E/cs3/usr/local/lib"
181
182Version Procedure (VPROC) Considerations
183----------------------------------------
184
185If you require a VPROC entry for platform version identification, use the
186following variables:
187
188### For Itanium
189
190 OPENSSL_VPROC_PREFIX=T0085H06
191
192### For x86
193
194 OPENSSL_VPROC_PREFIX=T0085L01
195
196### Common Definition
197
198 export OPENSSL_VPROC=${OPENSSL_VPROC_PREFIX}_$(
199 . VERSION.dat
200 if [ -n "$PRE_RELEASE_TAG" ]; then
201 PRE_RELEASE_TAG="-$PRE_RELEASE_TAG"
202 fi
203 if [ -n "$BUILD_METADATA" ]; then
204 BUILD_METADATA="+$BUILD_METADATA"
205 fi
206 echo "$MAJOR.$MINOR.$PATCH$PRE_RELEASE_TAG$BUILD_METADATA" |\
207 sed -e 's/[-.+]/_/g'
208 )
209
210Example Configure Targets
211-------------------------
212
213For OSS targets, the main DLL names will be `libssl.so` and `libcrypto.so`.
214For GUARDIAN targets, DLL names will be `ssl` and `crypto`. The following
215assumes that your PWD is set according to your installation standards.
216
217 ./Configure nonstop-nsx --prefix=${PWD} \
218 --openssldir=${PWD}/ssl no-threads \
219 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
220 ./Configure nonstop-nsx_g --prefix=${PWD} \
221 --openssldir=${PWD}/ssl no-threads \
222 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
223 ./Configure nonstop-nsx_put --prefix=${PWD} \
224 --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
225 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
226 ./Configure nonstop-nsx_spt_floss --prefix=${PWD} \
227 --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
228 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
229 ./Configure nonstop-nsx_64 --prefix=${PWD} \
230 --openssldir=${PWD}/ssl no-threads \
231 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
232 ./Configure nonstop-nsx_64_put --prefix=${PWD} \
233 --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
234 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
235 ./Configure nonstop-nsx_g_tandem --prefix=${PWD} \
236 --openssldir=${PWD}/ssl no-threads \
237 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
238
239 ./Configure nonstop-nse --prefix=${PWD} \
240 --openssldir=${PWD}/ssl no-threads \
241 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
242 ./Configure nonstop-nse_g --prefix=${PWD} \
243 --openssldir=${PWD}/ssl no-threads \
244 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
245 ./Configure nonstop-nse_put --prefix=${PWD} \
246 --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
247 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
248 ./Configure nonstop-nse_spt_floss --prefix=${PWD} \
249 --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
250 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
251 ./Configure nonstop-nse_64 --prefix=${PWD} \
252 --openssldir=${PWD}/ssl no-threads \
253 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
254 ./Configure nonstop-nse_64_put --prefix=${PWD} \
255 --openssldir=${PWD}/ssl threads "-D_REENTRANT"
256 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
257 ./Configure nonstop-nse_g_tandem --prefix=${PWD} \
258 --openssldir=${PWD}/ssl no-threads \
259 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette