wiki:OpenSSL-1

OpenSSL

DESTDIR

Use INSTALL_PREFIX instead of DESTDIR, it works in the same way.

GCC 4.2

GCC 4.2 doesn't compile OpenSSL 0.9.8e and below. The compilation works, but compiler inserts lots of #UD2 assembler instructions to code it believes to be wrong. This causes the tests, and users of this library to fail with SIGILL.

The compiler shows lots warnings like this:

pem_xaux.c: In function 'PEM_read_bio_X509_AUX':
pem_xaux.c:68: warning: function called through a non-compatible type
pem_xaux.c:68: note: if this code is reached, the program will abort
pem_xaux.c: In function 'PEM_read_X509_AUX':
pem_xaux.c:68: warning: function called through a non-compatible type
pem_xaux.c:68: note: if this code is reached, the program will abort

The solution is to update to 0.9.8f or above.

Multilib Instructions

If your architecture is not listed you can follow the standard BLFS instructions at http://www.linuxfromscratch.org/blfs/view/cvs/postlfs/security.html#openssl

32 Bit Patch for MIPS architecture Support http://www.linuxfromscratch.org/patches/downloads/openssl/openssl-0.9.7i-mips_support-1.patch

Change [TARGET] to one of the following
     linux-x86_64-32 for AMD 64
     linux-sparcv8 for Sparc v8 
     linux-sparcv9 for Sparc v9
     linux-mipsel for MIPS Little Endian
     linux-mips for MIPS Big Endian

patch -Np1 -i ../openssl-0.9.7i-fix_manpages-1.patch
patch -Np1 -i ../openssl-0.9.7i-mips_support-1.patch
./Configure [TARGET] --openssldir=/etc/ssl --prefix=/usr shared
make MANDIR=/usr/share/man
make MANDIR=/usr/share/man install

N32 - MIPS Only

Patch to allow multilib installations http://www.linuxfromscratch.org/patches/downloads/openssl/openssl-0.9.7i-allow_lib64-1.patch

Patch for MIPS architecture Support http://www.linuxfromscratch.org/patches/downloads/openssl/openssl-0.9.7i-mips_support-1.patch

Install OpenSSL by running the following commands
Change [TARGET] to one of the following
     linux-mipsel-n32 for MIPS Little Endian
     linux-mips-n32 for MIPS Big Endian

patch -Np1 -i ../openssl-0.9.7i-fix_manpages-1.patch
patch -Np1 -i ../openssl-0.9.7i-allow_lib64-1.patch
patch -Np1 -i ../openssl-0.9.7i-mips_support-1.patch
./Configure [TARGET] --openssldir=/etc/ssl --prefix=/usr shared
make MANDIR=/usr/share/man LIBDIR=lib32
make MANDIR=/usr/share/man LIBDIR=lib32 install

64 Bit

Patch to allow multilib installations http://www.linuxfromscratch.org/patches/downloads/openssl/openssl-0.9.7i-allow_lib64-1.patch

Patch for MIPS architecture Support http://www.linuxfromscratch.org/patches/downloads/openssl/openssl-0.9.7i-mips_support-1.patch

Install OpenSSL by running the following commands

Change [TARGET] to one of the following
     linux-x86_64-64 for AMD 64
     linux64-sparcv9 for Sparc
     linux-mips64el for MIPS Little Endian
     linux-mips64 for MIPS Big Endian
 
patch -Np1 -i ../openssl-0.9.7i-fix_manpages-1.patch
patch -Np1 -i ../openssl-0.9.7i-allow_lib64-1.patch
patch -Np1 -i ../openssl-0.9.7i-mips_support-1.patch (Only need for MIPS)
./Configure [TARGET] --openssldir=/etc/ssl --prefix=/usr shared
make MANDIR=/usr/share/man LIBDIR=lib64
make MANDIR=/usr/share/man LIBDIR=lib64 install

Optimization Flags

OpenSSL uses a Perl Configure script to set up the package. This script will not respect CFLAGS set in the environment. Instead, you can pass them as an argument to Configure:

./Configure [OPTIONS] $CFLAGS

multilib 0.9.8a on powerpc64

This can be achieved by sed rather than patch

ppc32 - this almost works out of the box, but there is nowhere to pass -m32 to the compiler and I hadn't read the previous entry on this page when I was building it. So, after patching for the man pages,we need the following sed, and then we can configure it

sed -i /linux-ppc\"/'s/-O3/-m32 -O3/' Configure
./Configure linux-ppc --openssldir=/etc/ssl --prefix=/usr shared

ppc64 - the configury is almost completely broken out of the box: look for linux-ppc64 in Configure, read the comment and what they actually put in the options, and weep!

The first thing to do is to take out the -bpowerpc64-linux after the -fPIC (compare the linux-ppc code a few lines above it) and replace the other instance of it by -m64 because the -b flag is only valid as the first flag in the command. This sed will fix this, although it also changes the comment above it.

sed -i -e 's/-fPIC:-bpowerpc64-linux:.so/-fPIC::.so/' \
          -e 's/-bpowerpc64-linux/-m64/' Configure
./Configure linux-ppc64 --openssldir=/etc/ssl --prefix=/usr shared

Now all we have to do is persuade it to install into lib64 instead of lib. Only two of the Makefiles are involved. We have to do this after the Configure has run, because that will set up the correct top-level Makefile. The first of these seds is trivial.

sed -i 's%/lib/%/lib64/%g' engines/Makefile

Unfortunately, the main Makefile is not so easy - there are references to TOP)/lib TOP}/lib, sometimes twice on the same line, and a few other references to /lib which need to be changed, together with a lot more which do not want to be changed. The following instructions fix these.

sed -i -e 's%}/lib%}/lib64%' -e 's%TOP)/lib%TOP)/lib64%g' Makefile

Compiling for a previous generation processor

Just a little note for those who use either of the uname hacks to compile for a previous generation processor. The config script extracts some info from /proc/cpuinfo. If you have access to the target machine, it may be easier to copy the contents from that machine and use on your current. I simply 'cat /proc/cpuinfo > ~/cpuinfo', copy to host machine, and sed the config script to use my copy of the file. This is a simple workaround for the few packages that use /proc/cpuinfo, where openssl is most likely the first encountered in BLFS. I do not know what all is extracted from there and this is probably not needed given the cross arch info above, just my quick workaround.

Up
Top

Last modified 12 years ago Last modified on 11/18/2010 12:41:27 AM
Note: See TracWiki for help on using the wiki.