VirtualBox

source: vbox/trunk/src/libs/openssl-3.3.2/NOTES-NONSTOP.md

最後變更 在這個檔案是 108206,由 vboxsync 提交於 4 週 前

openssl-3.3.2: Exported all files to OSE and removed .scm-settings ​bugref:10757

  • 屬性 svn:eol-style 設為 native
  • 屬性 svn:keywords 設為 Author Date Id Revision
檔案大小: 10.5 KB
 
1NOTES FOR THE HPE NONSTOP PLATFORM
2==============================
3
4Requirement details
5-------------------
6
7In addition to the requirements and instructions listed
8in [INSTALL.md](INSTALL.md), the following are required as well:
9
10 * The TNS/X platform supports hardware randomization.
11 Specify the `--with-rand-seed=rdcpu` option to the `./Configure` script.
12 This is recommended but not required. `egd` is supported at 3.0 but cannot
13 be used if FIPS is selected.
14 * The TNS/E platform does not support hardware randomization, so
15 specify the `--with-rand-seed=egd` option to the `./Configure` script.
16
17About c99 compiler
18------------------
19
20The c99 compiler is required for building OpenSSL from source. While c11
21may work, it has not been broadly tested. c99 is the only compiler
22prerequisite needed to build OpenSSL 3.0 on this platform.
23
24Threading Models
25----------------
26
27OpenSSL can be built either using the POSIX User Threads (PUT) threading model,
28or with threading support disabled. Select the following build configuration
29for each on the TNS/X (L-Series) platform:
30
31 * `nonstop-nsx` or default will select an unthreaded 32-bit build.
32 * `nonstop-nsx_64` selects an unthreaded 64-bit memory and file length build.
33 * `nonstop-nsx_put` selects the PUT build.
34 * `nonstop-nsx_64_put` selects the 64-bit memory and file length PUT build.
35
36The SPT threading model is no longer supported as of OpenSSL 3.2.
37
38The PUT model is incompatible with the QUIC capability. This capability should
39be disabled when building with PUT.
40
41### TNS/E Considerations
42
43The TNS/E platform is build using the same set of builds specifying `nse`
44instead of `nsx` in the set above.
45
46You cannot build for TNS/E for FIPS, so you must specify the `no-fips`
47option to `./Configure`.
48
49Linking and Loading Considerations
50----------------------------------
51
52Because of how the NonStop Common Runtime Environment (CRE) works, there are
53restrictions on how programs can link and load with OpenSSL libraries.
54On current NonStop platforms, programs cannot both statically link OpenSSL
55libraries and dynamically load OpenSSL shared libraries concurrently. If this
56is done, there is a high probability of encountering a SIGSEGV condition
57relating to `atexit()` processing when a shared library is unloaded and when
58the program terminates. This limitation applies to all OpenSSL shared library
59components.
60
61A control has been added as of 3.3.x to disable calls to `atexit()` within the
62`libcrypto` builds (specifically in `crypto/init.c`). This switch can be
63controlled using `disable-atexit` or `enable-atexit`, and is disabled by default
64for NonStop builds. If you need to have `atexit()` functionality, set
65`enabled-atexit` when configuring OpenSSL to enable the `atexit()` call to
66register `OPENSSL_cleanup()` automatically. Preferably, you can explicitly call
67`OPENSSL_cleanup()` from your application.
68
69About Prefix and OpenSSLDir
70---------------------------
71
72Because there are many potential builds that must co-exist on any given
73NonStop node, managing the location of your build distribution is crucial.
74Keep each destination separate and distinct. Mixing any mode described in
75this document can cause application instability. The recommended approach
76is to specify the OpenSSL version and threading model in your configuration
77options, and keeping your memory and float options consistent, for example:
78
79 * For 1.1 `--prefix=/usr/local-ssl1.1 --openssldir=/usr/local-ssl1.1/ssl`
80 * For 1.1 PUT `--prefix=/usr/local-ssl1.1_put --openssldir=/usr/local-ssl1.1_put/ssl`
81
82As of 3.0, the NonStop configurations use the multilib attribute to distinguish
83between different models:
84
85 * For 3.0 `--prefix=/usr/local-ssl3.0 --openssldir=/usr/local-ssl3.0/ssl`
86
87The PUT model is placed in `${prefix}/lib-put` for 32-bit models and
88`${prefix}/lib64-put` for 64-bit models.
89
90Use the `_RLD_LIB_PATH` environment variable in OSS to select the appropriate
91directory containing `libcrypto.so` and `libssl.so`. In GUARDIAN, use the
92`=_RLD_LIB_PATH` search define to locate the GUARDIAN subvolume where OpenSSL
93is installed.
94
95Float Considerations
96--------------------
97
98OpenSSL is built using IEEE Float mode by default. If you need a different
99IEEE mode, create a new configuration specifying `tfloat-x86-64` (for Tandem
100Float) or `nfloat-x86-64` (for Neutral Float).
101
102Memory Models
103-------------
104
105The current OpenSSL default memory model uses the default platform address
106model. If you need a different address model, you must specify the appropriate
107c99 options for compile (`CFLAGS`) and linkers (`LDFLAGS`).
108
109Cross Compiling on Windows
110--------------------------
111
112To configure and compile OpenSSL, you will need to set up a Cygwin environment.
113The Cygwin tools should include bash, make, and any other normal tools required
114for building programs.
115
116Your `PATH` must include the bin directory for the c99 cross-compiler, as in:
117
118 export PATH=/cygdrive/c/Program\ Files\ \(x86\)/HPE\ NonStop/L16.05/usr/bin:$PATH
119
120This should be set before Configure is run. For the c99 cross-compiler to work
121correctly, you also need the `COMP_ROOT` set, as in:
122
123 export COMP_ROOT="C:\Program Files (x86)\HPE NonStop\L16.05"
124
125`COMP_ROOT` needs to be in Windows form.
126
127`Configure` must specify the `no-makedepend` option otherwise errors will
128result when running the build because the c99 cross-compiler does not support
129the `gcc -MT` option. An example of a `Configure` command to be run from the
130OpenSSL directory is:
131
132 ./Configure nonstop-nsx_64 no-makedepend --with-rand-seed=rdcpu
133
134Do not forget to include any OpenSSL cross-compiling prefix and certificate
135options when creating your libraries.
136
137The OpenSSL test suite will not run on your workstation. In order to verify the
138build, you will need to perform the build and test steps in OSS in your NonStop
139server. You can also build under gcc and run the test suite for Windows but that
140is not equivalent.
141
142**Note:** In the event that you are attempting a FIPS-compliant cross-compile,
143be aware that signatures may not match between builds done under OSS and under
144cross-compiles as the compilers do not necessarily generate identical objects.
145Anything and everything to do with FIPS is outside the scope of this document.
146Refer to the FIPS security policy for more information.
147
148The following build configurations have been successfully attempted at one
149point or another. If you are successful in your cross-compile efforts, please
150update this list:
151
152- nonstop-nsx_64
153- nonstop-nsx_64_put
154
155**Note:** Cross-compile builds for TNS/E have not been attempted, but should
156follow the same considerations as for TNS/X above.
157
158Also see the NSDEE discussion below for more historical information.
159
160Cross Compiling with NSDEE
161--------------------------
162
163**Note:** None of these builds have been tested by the platform maintainer and
164are supplied for historical value. Please submit a Pull Request to OpenSSL
165should these need to be adjusted.
166
167If you are attempting to build OpenSSL with NSDEE, you will need to specify
168the following variables. The following set of compiler defines are required:
169
170 # COMP_ROOT must be a full path for the build system (e.g. windows)
171 COMP_ROOT=$(cygpath -w /path/to/comp_root)
172 # CC must be executable by your shell
173 CC=/path/to/c99
174
175### Optional Build Variables
176
177 DBGFLAG="--debug"
178 CIPHENABLES="enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-rc4"
179
180### Internal Known TNS/X to TNS/E Cross Compile Variables
181
182The following definition is required if you are building on TNS/X for TNS/E
183and have access to a TNS/E machine on your EXPAND network - with an example
184node named `\CS3`:
185
186 SYSTEMLIBS="-L/E/cs3/usr/local/lib"
187
188Version Procedure (VPROC) Considerations
189----------------------------------------
190
191If you require a VPROC entry for platform version identification, use the
192following variables:
193
194### For Itanium
195
196 OPENSSL_VPROC_PREFIX=T0085H06
197
198### For x86
199
200 OPENSSL_VPROC_PREFIX=T0085L01
201
202### Common Definition
203
204 export OPENSSL_VPROC=${OPENSSL_VPROC_PREFIX}_$(
205 . VERSION.dat
206 if [ -n "$PRE_RELEASE_TAG" ]; then
207 PRE_RELEASE_TAG="-$PRE_RELEASE_TAG"
208 fi
209 if [ -n "$BUILD_METADATA" ]; then
210 BUILD_METADATA="+$BUILD_METADATA"
211 fi
212 echo "$MAJOR.$MINOR.$PATCH$PRE_RELEASE_TAG$BUILD_METADATA" |\
213 sed -e 's/[-.+]/_/g'
214 )
215
216Example Configure Targets
217-------------------------
218
219For OSS targets, the main DLL names will be `libssl.so` and `libcrypto.so`.
220For GUARDIAN targets, DLL names will be `ssl` and `crypto`. The following
221assumes that your PWD is set according to your installation standards.
222
223 ./Configure nonstop-nsx --prefix=${PWD} \
224 --openssldir=${PWD}/ssl no-threads \
225 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
226 ./Configure nonstop-nsx_g --prefix=${PWD} \
227 --openssldir=${PWD}/ssl no-threads \
228 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
229 ./Configure nonstop-nsx_put --prefix=${PWD} \
230 --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
231 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
232 ./Configure nonstop-nsx_64 --prefix=${PWD} \
233 --openssldir=${PWD}/ssl no-threads \
234 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
235 ./Configure nonstop-nsx_64_put --prefix=${PWD} \
236 --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
237 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
238 ./Configure nonstop-nsx_g_tandem --prefix=${PWD} \
239 --openssldir=${PWD}/ssl no-threads \
240 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
241
242 ./Configure nonstop-nse --prefix=${PWD} \
243 --openssldir=${PWD}/ssl no-threads \
244 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
245 ./Configure nonstop-nse_g --prefix=${PWD} \
246 --openssldir=${PWD}/ssl no-threads \
247 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
248 ./Configure nonstop-nse_put --prefix=${PWD} \
249 --openssldir=${PWD}/ssl threads "-D_REENTRANT" \
250 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
251 ./Configure nonstop-nse_64 --prefix=${PWD} \
252 --openssldir=${PWD}/ssl no-threads \
253 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
254 ./Configure nonstop-nse_64_put --prefix=${PWD} \
255 --openssldir=${PWD}/ssl threads "-D_REENTRANT"
256 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
257 ./Configure nonstop-nse_g_tandem --prefix=${PWD} \
258 --openssldir=${PWD}/ssl no-threads \
259 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette