head	1.3;
access;
symbols
	RELENG_8_4:1.3.0.2
	RELENG_9_1_0_RELEASE:1.2
	RELENG_9_1:1.2.0.16
	RELENG_9_1_BP:1.2
	RELENG_8_3_0_RELEASE:1.2
	RELENG_8_3:1.2.0.14
	RELENG_8_3_BP:1.2
	RELENG_9_0_0_RELEASE:1.2
	RELENG_9_0:1.2.0.12
	RELENG_9_0_BP:1.2
	RELENG_9:1.2.0.10
	RELENG_9_BP:1.2
	RELENG_7_4_0_RELEASE:1.1.1.11.2.1
	RELENG_8_2_0_RELEASE:1.2
	RELENG_7_4:1.1.1.11.2.1.0.2
	RELENG_7_4_BP:1.1.1.11.2.1
	RELENG_8_2:1.2.0.8
	RELENG_8_2_BP:1.2
	RELENG_8_1_0_RELEASE:1.2
	RELENG_8_1:1.2.0.6
	RELENG_8_1_BP:1.2
	RELENG_7_3_0_RELEASE:1.1.1.11
	RELENG_7_3:1.1.1.11.0.10
	RELENG_7_3_BP:1.1.1.11
	RELENG_8_0_0_RELEASE:1.2
	RELENG_8_0:1.2.0.4
	RELENG_8_0_BP:1.2
	RELENG_8:1.2.0.2
	RELENG_8_BP:1.2
	RELENG_7_2_0_RELEASE:1.1.1.11
	RELENG_7_2:1.1.1.11.0.8
	RELENG_7_2_BP:1.1.1.11
	RELENG_7_1_0_RELEASE:1.1.1.11
	RELENG_6_4_0_RELEASE:1.1.1.9
	RELENG_7_1:1.1.1.11.0.6
	RELENG_7_1_BP:1.1.1.11
	RELENG_6_4:1.1.1.9.0.12
	RELENG_6_4_BP:1.1.1.9
	RELENG_7_0_0_RELEASE:1.1.1.11
	RELENG_6_3_0_RELEASE:1.1.1.9
	RELENG_7_0:1.1.1.11.0.4
	RELENG_7_0_BP:1.1.1.11
	RELENG_6_3:1.1.1.9.0.10
	RELENG_6_3_BP:1.1.1.9
	RELENG_7:1.1.1.11.0.2
	RELENG_7_BP:1.1.1.11
	v0_9_8e:1.1.1.11
	RELENG_6_2_0_RELEASE:1.1.1.9
	RELENG_6_2:1.1.1.9.0.8
	RELENG_6_2_BP:1.1.1.9
	v0_9_8d:1.1.1.10
	v0_9_8b:1.1.1.10
	RELENG_5_5_0_RELEASE:1.1.1.8.6.1
	RELENG_5_5:1.1.1.8.6.1.0.4
	RELENG_5_5_BP:1.1.1.8.6.1
	RELENG_6_1_0_RELEASE:1.1.1.9
	RELENG_6_1:1.1.1.9.0.6
	RELENG_6_1_BP:1.1.1.9
	RELENG_6_0_0_RELEASE:1.1.1.9
	RELENG_6_0:1.1.1.9.0.4
	RELENG_6_0_BP:1.1.1.9
	RELENG_6:1.1.1.9.0.2
	RELENG_6_BP:1.1.1.9
	RELENG_5_4_0_RELEASE:1.1.1.8.6.1
	RELENG_5_4:1.1.1.8.6.1.0.2
	RELENG_5_4_BP:1.1.1.8.6.1
	v0_9_7e:1.1.1.9
	RELENG_4_11_0_RELEASE:1.1.1.1.2.5
	RELENG_4_11:1.1.1.1.2.5.0.8
	RELENG_4_11_BP:1.1.1.1.2.5
	RELENG_5_3_0_RELEASE:1.1.1.8
	RELENG_5_3:1.1.1.8.0.8
	RELENG_5_3_BP:1.1.1.8
	RELENG_5:1.1.1.8.0.6
	RELENG_5_BP:1.1.1.8
	RELENG_4_10_0_RELEASE:1.1.1.1.2.5
	RELENG_4_10:1.1.1.1.2.5.0.6
	RELENG_4_10_BP:1.1.1.1.2.5
	v0_9_7d:1.1.1.8
	RELENG_5_2_1_RELEASE:1.1.1.8
	RELENG_5_2_0_RELEASE:1.1.1.8
	RELENG_5_2:1.1.1.8.0.4
	RELENG_5_2_BP:1.1.1.8
	RELENG_4_9_0_RELEASE:1.1.1.1.2.5
	RELENG_4_9:1.1.1.1.2.5.0.4
	RELENG_4_9_BP:1.1.1.1.2.5
	v0_9_7c:1.1.1.8
	RELENG_5_1_0_RELEASE:1.1.1.8
	RELENG_5_1:1.1.1.8.0.2
	RELENG_5_1_BP:1.1.1.8
	RELENG_4_8_0_RELEASE:1.1.1.1.2.5
	RELENG_4_8:1.1.1.1.2.5.0.2
	RELENG_4_8_BP:1.1.1.1.2.5
	v0_9_7a:1.1.1.8
	v0_9_7:1.1.1.7
	RELENG_5_0_0_RELEASE:1.1.1.6
	RELENG_5_0:1.1.1.6.0.2
	RELENG_5_0_BP:1.1.1.6
	RELENG_4_7_0_RELEASE:1.1.1.1.2.3
	RELENG_4_7:1.1.1.1.2.3.0.2
	RELENG_4_7_BP:1.1.1.1.2.3
	RELENG_4_6_2_RELEASE:1.1.1.1.2.2.8.1
	v0_9_6g:1.1.1.6
	v0_9_6f:1.1.1.6
	v0_9_6e:1.1.1.6
	v0_9_6d:1.1.1.5
	RELENG_4_6_1_RELEASE:1.1.1.1.2.2
	RELENG_4_6_0_RELEASE:1.1.1.1.2.2
	RELENG_4_6:1.1.1.1.2.2.0.8
	RELENG_4_6_BP:1.1.1.1.2.2
	RELENG_4_5_0_RELEASE:1.1.1.1.2.2
	v0_9_6c:1.1.1.4
	RELENG_4_5:1.1.1.1.2.2.0.6
	RELENG_4_5_BP:1.1.1.1.2.2
	RELENG_4_4_0_RELEASE:1.1.1.1.2.2
	RELENG_4_4:1.1.1.1.2.2.0.4
	RELENG_4_4_BP:1.1.1.1.2.2
	v0_9_6b:1.1.1.4
	v0_9_6a:1.1.1.3
	RELENG_4_3_0_RELEASE:1.1.1.1.2.2
	RELENG_4_3:1.1.1.1.2.2.0.2
	RELENG_4_3_BP:1.1.1.1.2.2
	v0_9_6_2001_02_10:1.1.1.3
	RELENG_4_2_0_RELEASE:1.1.1.1.2.1
	v0_9_6:1.1.1.3
	RELENG_4_1_1_RELEASE:1.1.1.1.2.1
	PRE_SMPNG:1.1.1.2
	RELENG_4_1_0_RELEASE:1.1.1.1
	v0_9_5a:1.1.1.2
	RELENG_4_0_0_RELEASE:1.1.1.1
	RELENG_4:1.1.1.1.0.2
	RELENG_4_BP:1.1.1.1
	v0_9_4:1.1.1.1
	OPENSSL:1.1.1;
locks; strict;
comment	@# @;


1.3
date	2012.07.12.19.30.53;	author jkim;	state Exp;
branches
	1.3.2.1;
next	1.2;

1.2
date	2009.06.14.19.45.16;	author simon;	state Exp;
branches;
next	1.1;

1.1
date	2000.01.10.06.21.17;	author kris;	state Exp;
branches
	1.1.1.1;
next	;

1.3.2.1
date	2012.07.12.19.30.53;	author svnexp;	state dead;
branches;
next	1.3.2.2;

1.3.2.2
date	2013.03.28.13.02.27;	author svnexp;	state Exp;
branches;
next	;

1.1.1.1
date	2000.01.10.06.21.17;	author kris;	state Exp;
branches
	1.1.1.1.2.1;
next	1.1.1.2;

1.1.1.2
date	2000.04.13.06.24.48;	author kris;	state Exp;
branches;
next	1.1.1.3;

1.1.1.3
date	2000.11.13.00.54.36;	author kris;	state Exp;
branches;
next	1.1.1.4;

1.1.1.4
date	2001.07.19.19.57.19;	author kris;	state Exp;
branches;
next	1.1.1.5;

1.1.1.5
date	2002.07.30.12.43.17;	author nectar;	state Exp;
branches;
next	1.1.1.6;

1.1.1.6
date	2002.07.30.13.37.24;	author nectar;	state Exp;
branches
	1.1.1.6.2.1;
next	1.1.1.7;

1.1.1.7
date	2003.01.28.21.10.00;	author markm;	state Exp;
branches;
next	1.1.1.8;

1.1.1.8
date	2003.02.19.23.11.01;	author nectar;	state Exp;
branches
	1.1.1.8.6.1;
next	1.1.1.9;

1.1.1.9
date	2005.02.25.05.32.17;	author nectar;	state Exp;
branches;
next	1.1.1.10;

1.1.1.10
date	2006.07.29.19.10.15;	author simon;	state Exp;
branches;
next	1.1.1.11;

1.1.1.11
date	2007.03.15.20.02.18;	author simon;	state Exp;
branches
	1.1.1.11.2.1;
next	;

1.1.1.1.2.1
date	2000.08.20.08.45.57;	author kris;	state Exp;
branches;
next	1.1.1.1.2.2;

1.1.1.1.2.2
date	2000.11.26.11.32.45;	author kris;	state Exp;
branches
	1.1.1.1.2.2.4.1
	1.1.1.1.2.2.6.1
	1.1.1.1.2.2.8.1;
next	1.1.1.1.2.3;

1.1.1.1.2.3
date	2002.07.30.22.04.59;	author nectar;	state Exp;
branches
	1.1.1.1.2.3.2.1;
next	1.1.1.1.2.4;

1.1.1.1.2.4
date	2003.02.14.22.37.37;	author nectar;	state Exp;
branches;
next	1.1.1.1.2.5;

1.1.1.1.2.5
date	2003.02.20.15.07.20;	author nectar;	state Exp;
branches;
next	;

1.1.1.1.2.2.4.1
date	2002.07.31.16.40.31;	author nectar;	state Exp;
branches;
next	;

1.1.1.1.2.2.6.1
date	2002.07.31.14.04.46;	author nectar;	state Exp;
branches;
next	;

1.1.1.1.2.2.8.1
date	2002.07.31.02.54.37;	author nectar;	state Exp;
branches;
next	1.1.1.1.2.2.8.2;

1.1.1.1.2.2.8.2
date	2003.02.21.16.32.47;	author nectar;	state Exp;
branches;
next	;

1.1.1.1.2.3.2.1
date	2003.02.20.20.42.05;	author nectar;	state Exp;
branches;
next	;

1.1.1.6.2.1
date	2003.02.20.17.14.09;	author nectar;	state Exp;
branches;
next	;

1.1.1.8.6.1
date	2005.03.01.16.47.24;	author nectar;	state Exp;
branches;
next	;

1.1.1.11.2.1
date	2010.11.28.13.45.51;	author simon;	state Exp;
branches;
next	;


desc
@@


1.3
log
@SVN rev 238405 on 2012-07-12 19:30:53Z by jkim

Merge OpenSSL 1.0.1c.

Approved by:	benl (maintainer)
@
text
@
 INSTALLATION ON THE UNIX PLATFORM
 ---------------------------------

 [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
  and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
  INSTALL.MacOS and INSTALL.NW.
  
  This document describes installation on operating systems in the Unix
  family.]

 To install OpenSSL, you will need:

  * make
  * Perl 5
  * an ANSI C compiler
  * a development environment in form of development libraries and C
    header files
  * a supported Unix operating system

 Quick Start
 -----------

 If you want to just get on with it, do:

  $ ./config
  $ make
  $ make test
  $ make install

 [If any of these steps fails, see section Installation in Detail below.]

 This will build and install OpenSSL in the default location, which is (for
 historical reasons) /usr/local/ssl. If you want to install it anywhere else,
 run config like this:

  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl


 Configuration Options
 ---------------------

 There are several options to ./config (or ./Configure) to customize
 the build:

  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
	        Configuration files used by OpenSSL will be in DIR/ssl
                or the directory specified by --openssldir.

  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
                the library files and binaries are also installed there.

  no-threads    Don't try to build with support for multi-threaded
                applications.

  threads       Build with support for multi-threaded applications.
                This will usually require additional system-dependent options!
                See "Note on multi-threading" below.

  no-zlib       Don't try to build with support for zlib compression and
                decompression.

  zlib          Build with support for zlib compression/decompression.

  zlib-dynamic  Like "zlib", but has OpenSSL load the zlib library dynamically
                when needed.  This is only supported on systems where loading
                of shared libraries is supported.  This is the default choice.

  no-shared     Don't try to create shared libraries.

  shared        In addition to the usual static libraries, create shared
                libraries on platforms where it's supported.  See "Note on
                shared libraries" below.

  no-asm        Do not use assembler code.

  386           Use the 80386 instruction set only (the default x86 code is
                more efficient, but requires at least a 486). Note: Use
                compiler flags for any other CPU specific configuration,
                e.g. "-m32" to build x86 code on an x64 system.

  no-sse2	Exclude SSE2 code pathes. Normally SSE2 extention is
		detected at run-time, but the decision whether or not the
		machine code will be executed is taken solely on CPU
		capability vector. This means that if you happen to run OS
		kernel which does not support SSE2 extension on Intel P4
		processor, then your application might be exposed to
		"illegal instruction" exception. There might be a way
		to enable support in kernel, e.g. FreeBSD kernel can be
		compiled with CPU_ENABLE_SSE, and there is a way to
		disengage SSE2 code pathes upon application start-up,
		but if you aim for wider "audience" running such kernel,
		consider no-sse2. Both 386 and no-asm options above imply
		no-sse2.

  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,
                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
                The crypto/<cipher> directory can be removed after running
                "make depend".

  -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will
                be passed through to the compiler to allow you to
                define preprocessor symbols, specify additional libraries,
                library directories or other compiler options.

  -DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using
		BSD. Useful if you are running ocf-linux or something
		similar. Once enabled you can also enable the use of
		cryptodev digests, which is usually slower unless you have
		large amounts data. Use -DUSE_CRYPTODEV_DIGESTS to force
		it.

 Installation in Detail
 ----------------------

 1a. Configure OpenSSL for your operation system automatically:

       $ ./config [options]

     This guesses at your operating system (and compiler, if necessary) and
     configures OpenSSL based on this guess. Run ./config -t to see
     if it guessed correctly. If you want to use a different compiler, you
     are cross-compiling for another platform, or the ./config guess was
     wrong for other reasons, go to step 1b. Otherwise go to step 2.

     On some systems, you can include debugging information as follows:

       $ ./config -d [options]

 1b. Configure OpenSSL for your operating system manually

     OpenSSL knows about a range of different operating system, hardware and
     compiler combinations. To see the ones it knows about, run

       $ ./Configure

     Pick a suitable name from the list that matches your system. For most
     operating systems there is a choice between using "cc" or "gcc".  When
     you have identified your system (and if necessary compiler) use this name
     as the argument to ./Configure. For example, a "linux-elf" user would
     run:

       $ ./Configure linux-elf [options]

     If your system is not available, you will have to edit the Configure
     program and add the correct configuration for your system. The
     generic configurations "cc" or "gcc" should usually work on 32 bit
     systems.

     Configure creates the file Makefile.ssl from Makefile.org and
     defines various macros in crypto/opensslconf.h (generated from
     crypto/opensslconf.h.in).

  2. Build OpenSSL by running:

       $ make

     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
     OpenSSL binary ("openssl"). The libraries will be built in the top-level
     directory, and the binary will be in the "apps" directory.

     If "make" fails, look at the output.  There may be reasons for
     the failure that aren't problems in OpenSSL itself (like missing
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@@openssl.org> (note that your
     message will be recorded in the request tracker publicly readable
     via http://www.openssl.org/support/rt.html and will be forwarded to a
     public mailing list). Include the output of "make report" in your message.
     Please check out the request tracker. Maybe the bug was already
     reported or has already been fixed.

     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]

     Compiling parts of OpenSSL with gcc and others with the system
     compiler will result in unresolved symbols on some systems.

  3. After a successful build, the libraries should be tested. Run:

       $ make test

     If a test fails, look at the output.  There may be reasons for
     the failure that isn't a problem in OpenSSL itself (like a missing
     or malfunctioning bc).  If it is a problem with OpenSSL itself,
     try removing any compiler optimization flags from the CFLAG line
     in Makefile.ssl and run "make clean; make". Please send a bug
     report to <openssl-bugs@@openssl.org>, including the output of
     "make report" in order to be added to the request tracker at
     http://www.openssl.org/support/rt.html.

  4. If everything tests ok, install OpenSSL with

       $ make install

     This will create the installation directory (if it does not exist) and
     then the following subdirectories:

       certs           Initially empty, this is the default location
                       for certificate files.
       man/man1        Manual pages for the 'openssl' command line tool
       man/man3        Manual pages for the libraries (very incomplete)
       misc            Various scripts.
       private         Initially empty, this is the default location
                       for private key files.

     If you didn't choose a different installation prefix, the
     following additional subdirectories will be created:

       bin             Contains the openssl binary and a few other 
                       utility programs. 
       include/openssl Contains the header files needed if you want to
                       compile programs with libcrypto or libssl.
       lib             Contains the OpenSSL library files themselves.

     Use "make install_sw" to install the software without documentation,
     and "install_docs_html" to install HTML renditions of the manual
     pages.

     Package builders who want to configure the library for standard
     locations, but have the package installed somewhere else so that
     it can easily be packaged, can use

       $ make INSTALL_PREFIX=/tmp/package-root install

     (or specify "--install_prefix=/tmp/package-root" as a configure
     option).  The specified prefix will be prepended to all
     installation target filenames.


  NOTE: The header files used to reside directly in the include
  directory, but have now been moved to include/openssl so that
  OpenSSL can co-exist with other libraries which use some of the
  same filenames.  This means that applications that use OpenSSL
  should now use C preprocessor directives of the form

       #include <openssl/ssl.h>

  instead of "#include <ssl.h>", which was used with library versions
  up to OpenSSL 0.9.2b.

  If you install a new version of OpenSSL over an old library version,
  you should delete the old header files in the include directory.

  Compatibility issues:

  *  COMPILING existing applications

     To compile an application that uses old filenames -- e.g.
     "#include <ssl.h>" --, it will usually be enough to find
     the CFLAGS definition in the application's Makefile and
     add a C option such as

          -I/usr/local/ssl/include/openssl

     to it.

     But don't delete the existing -I option that points to
     the ..../include directory!  Otherwise, OpenSSL header files
     could not #include each other.

  *  WRITING applications

     To write an application that is able to handle both the new
     and the old directory layout, so that it can still be compiled
     with library versions up to OpenSSL 0.9.2b without bothering
     the user, you can proceed as follows:

     -  Always use the new filename of OpenSSL header files,
        e.g. #include <openssl/ssl.h>.

     -  Create a directory "incl" that contains only a symbolic
        link named "openssl", which points to the "include" directory
        of OpenSSL.
        For example, your application's Makefile might contain the
        following rule, if OPENSSLDIR is a pathname (absolute or
        relative) of the directory where OpenSSL resides:

        incl/openssl:
        	-mkdir incl
        	cd $(OPENSSLDIR) # Check whether the directory really exists
        	-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl

        You will have to add "incl/openssl" to the dependencies
        of those C files that include some OpenSSL header file.

     -  Add "-Iincl" to your CFLAGS.

     With these additions, the OpenSSL header files will be available
     under both name variants if an old library version is used:
     Your application can reach them under names like <openssl/foo.h>,
     while the header files still are able to #include each other
     with names of the form <foo.h>.


 Note on multi-threading
 -----------------------

 For some systems, the OpenSSL Configure script knows what compiler options
 are needed to generate a library that is suitable for multi-threaded
 applications.  On these systems, support for multi-threading is enabled
 by default; use the "no-threads" option to disable (this should never be
 necessary).

 On other systems, to enable support for multi-threading, you will have
 to specify at least two options: "threads", and a system-dependent option.
 (The latter is "-D_REENTRANT" on various systems.)  The default in this
 case, obviously, is not to include support for multi-threading (but
 you can still use "no-threads" to suppress an annoying warning message
 from the Configure script.)


 Note on shared libraries
 ------------------------

 Shared libraries have certain caveats.  Binary backward compatibility
 can't be guaranteed before OpenSSL version 1.0.  The only reason to
 use them would be to conserve memory on systems where several programs
 are using OpenSSL.

 For some systems, the OpenSSL Configure script knows what is needed to
 build shared libraries for libcrypto and libssl.  On these systems,
 the shared libraries are currently not created by default, but giving
 the option "shared" will get them created.  This method supports Makefile
 targets for shared library creation, like linux-shared.  Those targets
 can currently be used on their own just as well, but this is expected
 to change in future versions of OpenSSL.

 Note on random number generation
 --------------------------------

 Availability of cryptographically secure random numbers is required for
 secret key generation. OpenSSL provides several options to seed the
 internal PRNG. If not properly seeded, the internal PRNG will refuse
 to deliver random bytes and a "PRNG not seeded error" will occur.
 On systems without /dev/urandom (or similar) device, it may be necessary
 to install additional support software to obtain random seed.
 Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
 and the FAQ for more information.

 Note on support for multiple builds
 -----------------------------------

 OpenSSL is usually built in its source tree.  Unfortunately, this doesn't
 support building for multiple platforms from the same source tree very well.
 It is however possible to build in a separate tree through the use of lots
 of symbolic links, which should be prepared like this:

	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
		mkdir -p `dirname $F`
		rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
		echo $F '->' $OPENSSL_SOURCE/$F
	done
	make -f Makefile.org clean

 OPENSSL_SOURCE is an environment variable that contains the absolute (this
 is important!) path to the OpenSSL source tree.

 Also, operations like 'make update' should still be made in the source tree.
@


1.3.2.1
log
@file INSTALL was added on branch RELENG_8_4 on 2013-03-28 13:02:27 +0000
@
text
@d1 360
@


1.3.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 350

 INSTALLATION ON THE UNIX PLATFORM
 ---------------------------------

 [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
  and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
  INSTALL.MacOS and INSTALL.NW.
  
  This document describes installation on operating systems in the Unix
  family.]

 To install OpenSSL, you will need:

  * make
  * Perl 5
  * an ANSI C compiler
  * a development environment in form of development libraries and C
    header files
  * a supported Unix operating system

 Quick Start
 -----------

 If you want to just get on with it, do:

  $ ./config
  $ make
  $ make test
  $ make install

 [If any of these steps fails, see section Installation in Detail below.]

 This will build and install OpenSSL in the default location, which is (for
 historical reasons) /usr/local/ssl. If you want to install it anywhere else,
 run config like this:

  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl


 Configuration Options
 ---------------------

 There are several options to ./config (or ./Configure) to customize
 the build:

  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
	        Configuration files used by OpenSSL will be in DIR/ssl
                or the directory specified by --openssldir.

  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
                the library files and binaries are also installed there.

  no-threads    Don't try to build with support for multi-threaded
                applications.

  threads       Build with support for multi-threaded applications.
                This will usually require additional system-dependent options!
                See "Note on multi-threading" below.

  no-zlib       Don't try to build with support for zlib compression and
                decompression.

  zlib          Build with support for zlib compression/decompression.

  zlib-dynamic  Like "zlib", but has OpenSSL load the zlib library dynamically
                when needed.  This is only supported on systems where loading
                of shared libraries is supported.  This is the default choice.

  no-shared     Don't try to create shared libraries.

  shared        In addition to the usual static libraries, create shared
                libraries on platforms where it's supported.  See "Note on
                shared libraries" below.

  no-asm        Do not use assembler code.

  386           Use the 80386 instruction set only (the default x86 code is
                more efficient, but requires at least a 486). Note: Use
                compiler flags for any other CPU specific configuration,
                e.g. "-m32" to build x86 code on an x64 system.

  no-sse2	Exclude SSE2 code pathes. Normally SSE2 extention is
		detected at run-time, but the decision whether or not the
		machine code will be executed is taken solely on CPU
		capability vector. This means that if you happen to run OS
		kernel which does not support SSE2 extension on Intel P4
		processor, then your application might be exposed to
		"illegal instruction" exception. There might be a way
		to enable support in kernel, e.g. FreeBSD kernel can be
		compiled with CPU_ENABLE_SSE, and there is a way to
		disengage SSE2 code pathes upon application start-up,
		but if you aim for wider "audience" running such kernel,
		consider no-sse2. Both 386 and no-asm options above imply
		no-sse2.

  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,
                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
                The crypto/<cipher> directory can be removed after running
                "make depend".

  -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will
                be passed through to the compiler to allow you to
                define preprocessor symbols, specify additional libraries,
                library directories or other compiler options.


 Installation in Detail
 ----------------------

 1a. Configure OpenSSL for your operation system automatically:

       $ ./config [options]

     This guesses at your operating system (and compiler, if necessary) and
     configures OpenSSL based on this guess. Run ./config -t to see
     if it guessed correctly. If you want to use a different compiler, you
     are cross-compiling for another platform, or the ./config guess was
     wrong for other reasons, go to step 1b. Otherwise go to step 2.

     On some systems, you can include debugging information as follows:

       $ ./config -d [options]

 1b. Configure OpenSSL for your operating system manually

     OpenSSL knows about a range of different operating system, hardware and
     compiler combinations. To see the ones it knows about, run

       $ ./Configure

     Pick a suitable name from the list that matches your system. For most
     operating systems there is a choice between using "cc" or "gcc".  When
     you have identified your system (and if necessary compiler) use this name
     as the argument to ./Configure. For example, a "linux-elf" user would
     run:

       $ ./Configure linux-elf [options]

     If your system is not available, you will have to edit the Configure
     program and add the correct configuration for your system. The
     generic configurations "cc" or "gcc" should usually work on 32 bit
     systems.

     Configure creates the file Makefile.ssl from Makefile.org and
     defines various macros in crypto/opensslconf.h (generated from
     crypto/opensslconf.h.in).

  2. Build OpenSSL by running:

       $ make

     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
     OpenSSL binary ("openssl"). The libraries will be built in the top-level
     directory, and the binary will be in the "apps" directory.

     If "make" fails, look at the output.  There may be reasons for
     the failure that aren't problems in OpenSSL itself (like missing
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@@openssl.org> (note that your
     message will be recorded in the request tracker publicly readable
     via http://www.openssl.org/support/rt.html and will be forwarded to a
     public mailing list). Include the output of "make report" in your message.
     Please check out the request tracker. Maybe the bug was already
     reported or has already been fixed.

     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]

     Compiling parts of OpenSSL with gcc and others with the system
     compiler will result in unresolved symbols on some systems.

  3. After a successful build, the libraries should be tested. Run:

       $ make test

     If a test fails, look at the output.  There may be reasons for
     the failure that isn't a problem in OpenSSL itself (like a missing
     or malfunctioning bc).  If it is a problem with OpenSSL itself,
     try removing any compiler optimization flags from the CFLAG line
     in Makefile.ssl and run "make clean; make". Please send a bug
     report to <openssl-bugs@@openssl.org>, including the output of
     "make report" in order to be added to the request tracker at
     http://www.openssl.org/support/rt.html.

  4. If everything tests ok, install OpenSSL with

       $ make install

     This will create the installation directory (if it does not exist) and
     then the following subdirectories:

       certs           Initially empty, this is the default location
                       for certificate files.
       man/man1        Manual pages for the 'openssl' command line tool
       man/man3        Manual pages for the libraries (very incomplete)
       misc            Various scripts.
       private         Initially empty, this is the default location
                       for private key files.

     If you didn't choose a different installation prefix, the
     following additional subdirectories will be created:

       bin             Contains the openssl binary and a few other 
                       utility programs. 
       include/openssl Contains the header files needed if you want to
                       compile programs with libcrypto or libssl.
       lib             Contains the OpenSSL library files themselves.

     Package builders who want to configure the library for standard
     locations, but have the package installed somewhere else so that
     it can easily be packaged, can use

       $ make INSTALL_PREFIX=/tmp/package-root install

     (or specify "--install_prefix=/tmp/package-root" as a configure
     option).  The specified prefix will be prepended to all
     installation target filenames.


  NOTE: The header files used to reside directly in the include
  directory, but have now been moved to include/openssl so that
  OpenSSL can co-exist with other libraries which use some of the
  same filenames.  This means that applications that use OpenSSL
  should now use C preprocessor directives of the form

       #include <openssl/ssl.h>

  instead of "#include <ssl.h>", which was used with library versions
  up to OpenSSL 0.9.2b.

  If you install a new version of OpenSSL over an old library version,
  you should delete the old header files in the include directory.

  Compatibility issues:

  *  COMPILING existing applications

     To compile an application that uses old filenames -- e.g.
     "#include <ssl.h>" --, it will usually be enough to find
     the CFLAGS definition in the application's Makefile and
     add a C option such as

          -I/usr/local/ssl/include/openssl

     to it.

     But don't delete the existing -I option that points to
     the ..../include directory!  Otherwise, OpenSSL header files
     could not #include each other.

  *  WRITING applications

     To write an application that is able to handle both the new
     and the old directory layout, so that it can still be compiled
     with library versions up to OpenSSL 0.9.2b without bothering
     the user, you can proceed as follows:

     -  Always use the new filename of OpenSSL header files,
        e.g. #include <openssl/ssl.h>.

     -  Create a directory "incl" that contains only a symbolic
        link named "openssl", which points to the "include" directory
        of OpenSSL.
        For example, your application's Makefile might contain the
        following rule, if OPENSSLDIR is a pathname (absolute or
        relative) of the directory where OpenSSL resides:

        incl/openssl:
        	-mkdir incl
        	cd $(OPENSSLDIR) # Check whether the directory really exists
        	-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl

        You will have to add "incl/openssl" to the dependencies
        of those C files that include some OpenSSL header file.

     -  Add "-Iincl" to your CFLAGS.

     With these additions, the OpenSSL header files will be available
     under both name variants if an old library version is used:
     Your application can reach them under names like <openssl/foo.h>,
     while the header files still are able to #include each other
     with names of the form <foo.h>.


 Note on multi-threading
 -----------------------

 For some systems, the OpenSSL Configure script knows what compiler options
 are needed to generate a library that is suitable for multi-threaded
 applications.  On these systems, support for multi-threading is enabled
 by default; use the "no-threads" option to disable (this should never be
 necessary).

 On other systems, to enable support for multi-threading, you will have
 to specify at least two options: "threads", and a system-dependent option.
 (The latter is "-D_REENTRANT" on various systems.)  The default in this
 case, obviously, is not to include support for multi-threading (but
 you can still use "no-threads" to suppress an annoying warning message
 from the Configure script.)


 Note on shared libraries
 ------------------------

 Shared libraries have certain caveats.  Binary backward compatibility
 can't be guaranteed before OpenSSL version 1.0.  The only reason to
 use them would be to conserve memory on systems where several programs
 are using OpenSSL.

 For some systems, the OpenSSL Configure script knows what is needed to
 build shared libraries for libcrypto and libssl.  On these systems,
 the shared libraries are currently not created by default, but giving
 the option "shared" will get them created.  This method supports Makefile
 targets for shared library creation, like linux-shared.  Those targets
 can currently be used on their own just as well, but this is expected
 to change in future versions of OpenSSL.

 Note on random number generation
 --------------------------------

 Availability of cryptographically secure random numbers is required for
 secret key generation. OpenSSL provides several options to seed the
 internal PRNG. If not properly seeded, the internal PRNG will refuse
 to deliver random bytes and a "PRNG not seeded error" will occur.
 On systems without /dev/urandom (or similar) device, it may be necessary
 to install additional support software to obtain random seed.
 Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
 and the FAQ for more information.

 Note on support for multiple builds
 -----------------------------------

 OpenSSL is usually built in its source tree.  Unfortunately, this doesn't
 support building for multiple platforms from the same source tree very well.
 It is however possible to build in a separate tree through the use of lots
 of symbolic links, which should be prepared like this:

	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
		mkdir -p `dirname $F`
		rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
		echo $F '->' $OPENSSL_SOURCE/$F
	done
	make -f Makefile.org clean

 OPENSSL_SOURCE is an environment variable that contains the absolute (this
 is important!) path to the OpenSSL source tree.

 Also, operations like 'make update' should still be made in the source tree.
@


1.2
log
@SVN rev 194206 on 2009-06-14 19:45:16Z by simon

Merge OpenSSL 0.9.8k into head.

Approved by:	re
@
text
@d101 1
a101 1
  -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will
d106 6
d215 4
@


1.1
log
@Initial revision
@
text
@d5 6
a10 2
 [See INSTALL.W32 for instructions for compiling OpenSSL on Windows systems,
  and INSTALL.VMS for installing on OpenVMS systems.]
d14 1
d17 2
d43 2
a44 1
 There are several options to ./config to customize the build:
a52 3
  rsaref        Build with RSADSI's RSAREF toolkit (this assumes that
                librsaref.a is in the library search path).

d60 15
d78 17
a94 1
                more efficient, but requires at least a 486).
d101 1
a101 1
  -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
d116 3
a118 2
     if it guessed correctly. If it did not get it correct or you want to
     use a different compiler then go to step 1b. Otherwise go to step 2.
d141 2
a142 1
     generic configurations "cc" or "gcc" should usually work.
d156 9
a164 3
     If "make" fails, please report the problem to <openssl-bugs@@openssl.org>.
     Include the output of "./config -t" and the OpenSSL version
     number in your message.
d167 1
a167 3
     configuration option as an immediate fix.  Note that on Solaris x86
     (not on Sparcs!) you may have to install the GNU assembler to use
     OpenSSL assembler code -- /usr/ccs/bin/as won't do.]
d176 8
a183 4
    If a test fails, try removing any compiler optimization flags from
    the CFLAGS line in Makefile.ssl and run "make clean; make". Please
    send a bug report to <openssl-bugs@@openssl.org>, including the
    output of "openssl version -a" and of the failed test.
d194 2
d200 1
a200 1
     If you didn't chose a different installation prefix, the
d302 49
a350 134
--------------------------------------------------------------------------------
The orignal Unix build instructions from SSLeay follow. 
Note: some of this may be out of date and no longer applicable
--------------------------------------------------------------------------------

# When bringing the SSLeay distribution back from the evil intel world
# of Windows NT, do the following to make it nice again under unix :-)
# You don't normally need to run this.
sh util/fixNT.sh	# This only works for NT now - eay - 21-Jun-1996

# If you have perl, and it is not in /usr/local/bin, you can run
perl util/perlpath.pl /new/path
# and this will fix the paths in all the scripts.  DO NOT put
# /new/path/perl, just /new/path. The build
# environment always run scripts as 'perl perlscript.pl' but some of the
# 'applications' are easier to usr with the path fixed.

# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
# to set the install locations if you don't like
# the default location of /usr/local/ssl
# Do this by running
perl util/ssldir.pl /new/ssl/home
# if you have perl, or by hand if not.

# If things have been stuffed up with the sym links, run
make -f Makefile.ssl links
# This will re-populate lib/include with symlinks and for each
# directory, link Makefile to Makefile.ssl

# Setup the machine dependent stuff for the top level makefile
# and some select .h files
# If you don't have perl, this will bomb, in which case just edit the
# top level Makefile.ssl
./Configure 'system type'

# The 'Configure' command contains default configuration parameters
# for lots of machines.  Configure edits 5 lines in the top level Makefile
# It modifies the following values in the following files
Makefile.ssl		CC CFLAG EX_LIBS BN_MULW
crypto/des/des.h	DES_LONG
crypto/des/des_locl.h	DES_PTR
crypto/md2/md2.h	MD2_INT
crypto/rc4/rc4.h	RC4_INT
crypto/rc4/rc4_enc.c	RC4_INDEX
crypto/rc2/rc2.h	RC2_INT
crypto/bf/bf_locl.h	BF_INT
crypto/idea/idea.h	IDEA_INT
crypto/bn/bn.h		BN_LLONG (and defines one of SIXTY_FOUR_BIT,
				  SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
				  SIXTEEN_BIT or EIGHT_BIT)
Please remember that all these files are actually copies of the file with
a .org extention.  So if you change crypto/des/des.h, the next time
you run Configure, it will be runover by a 'configured' version of
crypto/des/des.org.  So to make the changer the default, change the .org
files.  The reason these files have to be edited is because most of
these modifications change the size of fundamental data types.
While in theory this stuff is optional, it often makes a big
difference in performance and when using assember, it is importaint
for the 'Bignum bits' match those required by the assember code.
A warning for people using gcc with sparc cpu's.  Gcc needs the -mv8
flag to use the hardware multiply instruction which was not present in
earlier versions of the sparc CPU.  I define it by default.  If you
have an old sparc, and it crashes, try rebuilding with this flag
removed.  I am leaving this flag on by default because it makes
things run 4 times faster :-)

# clean out all the old stuff
make clean

# Do a make depend only if you have the makedepend command installed
# This is not needed but it does make things nice when developing.
make depend

# make should build everything
make

# fix up the demo certificate hash directory if it has been stuffed up.
make rehash

# test everything
make test

# install the lot
make install

# It is worth noting that all the applications are built into the one
# program, ssleay, which is then has links from the other programs
# names to it.
# The applicatons can be built by themselves, just don't define the
# 'MONOLITH' flag.  So to build the 'enc' program stand alone,
gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a

# Other useful make options are
make makefile.one
# which generate a 'makefile.one' file which will build the complete
# SSLeay distribution with temp. files in './tmp' and 'installable' files
# in './out'

# Have a look at running
perl util/mk1mf.pl help
# this can be used to generate a single makefile and is about the only
# way to generate makefiles for windows.

# There is actually a final way of building SSLeay.
gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
gcc -O2 -c -Issl -Iinclude ssl/ssl.c
# and you now have the 2 libraries as single object files :-).
# If you want to use the assember code for your particular platform
# (DEC alpha/x86 are the main ones, the other assember is just the
# output from gcc) you will need to link the assember with the above generated
# object file and also do the above compile as
gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c

This last option is probably the best way to go when porting to another
platform or building shared libraries.  It is not good for development so
I don't normally use it.

To build shared libararies under unix, have a look in shlib, basically 
you are on your own, but it is quite easy and all you have to do
is compile 2 (or 3) files.

For mult-threading, have a read of doc/threads.doc.  Again it is quite
easy and normally only requires some extra callbacks to be defined
by the application.
The examples for solaris and windows NT/95 are in the mt directory.

have fun

eric 25-Jun-1997

IRIX 5.x will build as a 32 bit system with mips1 assember.
IRIX 6.x will build as a 64 bit system with mips3 assember.  It conforms
to n32 standards. In theory you can compile the 64 bit assember under
IRIX 5.x but you will have to have the correct system software installed.
@


1.1.1.1
log
@Initial import of OpenSSL 0.9.4, sans IDEA and RSA code for patent
infringement reasons.
@
text
@@


1.1.1.1.2.1
log
@MFC: OpenSSL 0.9.5a
@
text
@d5 2
a6 2
 [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
  in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
d36 1
a36 2
 There are several options to ./config (or ./Configure) to customize
 the build:
d80 2
a81 3
     if it guessed correctly. If you want to use a different compiler, you
     are cross-compiling for another platform, or the ./config guess was
     wrong for other reasons, go to step 1b. Otherwise go to step 2.
d104 1
a104 2
     generic configurations "cc" or "gcc" should usually work on 32 bit
     systems.
d118 3
a120 3
     If "make" fails, please report the problem to <openssl-bugs@@openssl.org>
     (note that your message will be forwarded to a public mailing list).
     Include the output of "make report" in your message.
d123 3
a125 1
     configuration option as an immediate fix.]
d137 1
a137 1
    output of "make report".
a147 2
       man/man1        Manual pages for the 'openssl' command line tool
       man/man3        Manual pages for the libraries (very incomplete)
d152 1
a152 1
     If you didn't choose a different installation prefix, the
d253 135
@


1.1.1.1.2.2
log
@MFC: OpenSSL 0.9.6
@
text
@a55 6
  no-shared     Don't try to create shared libraries.

  shared        In addition to the usual static libraries, create shared
                libraries on platforms where it's supported.  See "Note on
                shared libraries" below.

d121 3
a123 6
     If "make" fails, look at the output.  There may be reasons for
     the failure that isn't a problem in OpenSSL itself (like missing
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@@openssl.org> (note that your
     message will be forwarded to a public mailing list).  Include the
     output of "make report" in your message.
d135 4
a138 7
     If a test fails, look at the output.  There may be reasons for
     the failure that isn't a problem in OpenSSL itself (like a missing
     or malfunctioning bc).  If it is a problem with OpenSSL itself,
     try removing any compiler optimization flags from the CFLAGS line
     in Makefile.ssl and run "make clean; make". Please send a bug
     report to <openssl-bugs@@openssl.org>, including the output of
     "make report".
a255 11

 Note on shared libraries
 ------------------------

 For some systems, the OpenSSL Configure script knows what is needed to
 build shared libraries for libcrypto and libssl.  On these systems,
 the shared libraries are currently not created by default, but giving
 the option "shared" will get them created.  This method supports Makefile
 targets for shared library creation, like linux-shared.  Those targets
 can currently be used on their own just as well, but this is expected
 to change in future versions of OpenSSL.
@


1.1.1.1.2.2.4.1
log
@MFC: OpenSSL 0.9.6e
@
text
@a9 1
  * make
a11 2
  * a development environment in form of development libraries and C
    header files
d46 3
d128 1
a128 1
     the failure that aren't problems in OpenSSL itself (like missing
d131 2
a132 5
     message will be recorded in the request tracker publicly readable
     via http://www.openssl.org/rt2.html and will be forwarded to a public
     mailing list). Include the output of "make report" in your message.
     Please check out the request tracker. Maybe the bug was already
     reported or has already been fixed.
d150 1
a150 2
     "make report" in order to be added to the request tracker at
     http://www.openssl.org/rt2.html.
a270 5

 Shared library is currently an experimental feature.  The only reason to
 have them would be to conserve memory on systems where several program
 are using OpenSSL.  Binary backward compatibility can't be guaranteed
 before OpenSSL version 1.0.
@


1.1.1.1.2.2.6.1
log
@MFC: OpenSSL 0.9.6e
@
text
@a9 1
  * make
a11 2
  * a development environment in form of development libraries and C
    header files
d46 3
d128 1
a128 1
     the failure that aren't problems in OpenSSL itself (like missing
d131 2
a132 5
     message will be recorded in the request tracker publicly readable
     via http://www.openssl.org/rt2.html and will be forwarded to a public
     mailing list). Include the output of "make report" in your message.
     Please check out the request tracker. Maybe the bug was already
     reported or has already been fixed.
d150 1
a150 2
     "make report" in order to be added to the request tracker at
     http://www.openssl.org/rt2.html.
a270 5

 Shared library is currently an experimental feature.  The only reason to
 have them would be to conserve memory on systems where several program
 are using OpenSSL.  Binary backward compatibility can't be guaranteed
 before OpenSSL version 1.0.
@


1.1.1.1.2.2.8.1
log
@MFC: OpenSSL 0.9.6e
@
text
@a9 1
  * make
a11 2
  * a development environment in form of development libraries and C
    header files
d46 3
d128 1
a128 1
     the failure that aren't problems in OpenSSL itself (like missing
d131 2
a132 5
     message will be recorded in the request tracker publicly readable
     via http://www.openssl.org/rt2.html and will be forwarded to a public
     mailing list). Include the output of "make report" in your message.
     Please check out the request tracker. Maybe the bug was already
     reported or has already been fixed.
d150 1
a150 2
     "make report" in order to be added to the request tracker at
     http://www.openssl.org/rt2.html.
a270 5

 Shared library is currently an experimental feature.  The only reason to
 have them would be to conserve memory on systems where several program
 are using OpenSSL.  Binary backward compatibility can't be guaranteed
 before OpenSSL version 1.0.
@


1.1.1.1.2.2.8.2
log
@Merge from RELENG_4_7: Update to OpenSSL 0.9.6i.
@
text
@d132 2
a133 2
     via http://www.openssl.org/support/rt2.html and will be forwarded to a
     public mailing list). Include the output of "make report" in your message.
d154 1
a154 1
     http://www.openssl.org/support/rt2.html.
a287 12

 Note on random number generation
 --------------------------------

 Availability of cryptographically secure random numbers is required for
 secret key generation. OpenSSL provides several options to seed the
 internal PRNG. If not properly seeded, the internal PRNG will refuse
 to deliver random bytes and a "PRNG not seeded error" will occur.
 On systems without /dev/urandom (or similar) device, it may be necessary
 to install additional support software to obtain random seed.
 Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
 and the FAQ for more information.
@


1.1.1.1.2.3
log
@MFC: OpenSSL 0.9.6e
@
text
@a9 1
  * make
a11 2
  * a development environment in form of development libraries and C
    header files
d46 3
d128 1
a128 1
     the failure that aren't problems in OpenSSL itself (like missing
d131 2
a132 5
     message will be recorded in the request tracker publicly readable
     via http://www.openssl.org/rt2.html and will be forwarded to a public
     mailing list). Include the output of "make report" in your message.
     Please check out the request tracker. Maybe the bug was already
     reported or has already been fixed.
d150 1
a150 2
     "make report" in order to be added to the request tracker at
     http://www.openssl.org/rt2.html.
a270 5

 Shared library is currently an experimental feature.  The only reason to
 have them would be to conserve memory on systems where several program
 are using OpenSSL.  Binary backward compatibility can't be guaranteed
 before OpenSSL version 1.0.
@


1.1.1.1.2.3.2.1
log
@Merge from RELENG_5_0: Update to OpenSSL 0.9.6i.
@
text
@d132 2
a133 2
     via http://www.openssl.org/support/rt2.html and will be forwarded to a
     public mailing list). Include the output of "make report" in your message.
d154 1
a154 1
     http://www.openssl.org/support/rt2.html.
a287 12

 Note on random number generation
 --------------------------------

 Availability of cryptographically secure random numbers is required for
 secret key generation. OpenSSL provides several options to seed the
 internal PRNG. If not properly seeded, the internal PRNG will refuse
 to deliver random bytes and a "PRNG not seeded error" will occur.
 On systems without /dev/urandom (or similar) device, it may be necessary
 to install additional support software to obtain random seed.
 Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
 and the FAQ for more information.
@


1.1.1.1.2.4
log
@MFC OpenSSL 0.9.7
@
text
@d5 2
a6 4
 [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X)
  is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.
  This document describes installation on operating systems in the Unix
  family.]
a55 9
  no-zlib       Don't try to build with support for zlib compression and
                decompression.

  zlib          Build with support for zlib compression/decompression.

  zlib-dynamic  Like "zlib", but has OpenSSL load the zlib library dynamically
                when needed.  This is only supported on systems where loading
                of shared libraries is supported.  This is the default choice.

d132 2
a133 2
     via http://www.openssl.org/support/rt2.html and will be forwarded to a
     public mailing list). Include the output of "make report" in your message.
d154 1
a154 1
     http://www.openssl.org/support/rt2.html.
a287 12

 Note on random number generation
 --------------------------------

 Availability of cryptographically secure random numbers is required for
 secret key generation. OpenSSL provides several options to seed the
 internal PRNG. If not properly seeded, the internal PRNG will refuse
 to deliver random bytes and a "PRNG not seeded error" will occur.
 On systems without /dev/urandom (or similar) device, it may be necessary
 to install additional support software to obtain random seed.
 Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
 and the FAQ for more information.
@


1.1.1.1.2.5
log
@MFC OpenSSL 0.9.7a.

Approved by:	re (murray)
@
text
@d161 1
a161 1
     try removing any compiler optimization flags from the CFLAG line
a310 22

 Note on support for multiple builds
 -----------------------------------

 OpenSSL is usually built in it's source tree.  Unfortunately, this doesn't
 support building for multiple platforms from the same source tree very well.
 It is however possible to build in a separate tree through the use of lots
 of symbolic links, which should be prepared like this:

	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
		mkdir -p `dirname $F`
		rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
		echo $F '->' $OPENSSL_SOURCE/$F
	done
	make -f Makefile.org clean

 OPENSSL_SOURCE is an environment variable that contains the absolute (this
 is important!) path to the OpenSSL source tree.

 Also, operations like 'make update' should still be made in the source tree.
@


1.1.1.2
log
@Initial import of OpenSSL 0.9.5a
@
text
@d5 2
a6 2
 [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described
  in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.]
d36 1
a36 2
 There are several options to ./config (or ./Configure) to customize
 the build:
d80 2
a81 3
     if it guessed correctly. If you want to use a different compiler, you
     are cross-compiling for another platform, or the ./config guess was
     wrong for other reasons, go to step 1b. Otherwise go to step 2.
d104 1
a104 2
     generic configurations "cc" or "gcc" should usually work on 32 bit
     systems.
d118 3
a120 3
     If "make" fails, please report the problem to <openssl-bugs@@openssl.org>
     (note that your message will be forwarded to a public mailing list).
     Include the output of "make report" in your message.
d123 3
a125 1
     configuration option as an immediate fix.]
d137 1
a137 1
    output of "make report".
a147 2
       man/man1        Manual pages for the 'openssl' command line tool
       man/man3        Manual pages for the libraries (very incomplete)
d152 1
a152 1
     If you didn't choose a different installation prefix, the
d253 135
@


1.1.1.3
log
@Initial import of OpenSSL 0.9.6
@
text
@a55 6
  no-shared     Don't try to create shared libraries.

  shared        In addition to the usual static libraries, create shared
                libraries on platforms where it's supported.  See "Note on
                shared libraries" below.

d121 3
a123 6
     If "make" fails, look at the output.  There may be reasons for
     the failure that isn't a problem in OpenSSL itself (like missing
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@@openssl.org> (note that your
     message will be forwarded to a public mailing list).  Include the
     output of "make report" in your message.
d135 4
a138 7
     If a test fails, look at the output.  There may be reasons for
     the failure that isn't a problem in OpenSSL itself (like a missing
     or malfunctioning bc).  If it is a problem with OpenSSL itself,
     try removing any compiler optimization flags from the CFLAGS line
     in Makefile.ssl and run "make clean; make". Please send a bug
     report to <openssl-bugs@@openssl.org>, including the output of
     "make report".
a255 11

 Note on shared libraries
 ------------------------

 For some systems, the OpenSSL Configure script knows what is needed to
 build shared libraries for libcrypto and libssl.  On these systems,
 the shared libraries are currently not created by default, but giving
 the option "shared" will get them created.  This method supports Makefile
 targets for shared library creation, like linux-shared.  Those targets
 can currently be used on their own just as well, but this is expected
 to change in future versions of OpenSSL.
@


1.1.1.4
log
@Initial import of OpenSSL 0.9.6b
@
text
@a9 1
  * make
a11 2
  * a development environment in form of development libraries and C
    header files
d46 3
d128 1
a128 1
     the failure that aren't problems in OpenSSL itself (like missing
@


1.1.1.5
log
@Import of OpenSSL 0.9.6d.
@
text
@a271 5
 Shared library is currently an experimental feature.  The only reason to
 have them would be to conserve memory on systems where several program
 are using OpenSSL.  Binary backward compatibility can't be guaranteed
 before OpenSSL version 1.0.

@


1.1.1.6
log
@Import of OpenSSL 0.9.6e.
@
text
@d131 2
a132 5
     message will be recorded in the request tracker publicly readable
     via http://www.openssl.org/rt2.html and will be forwarded to a public
     mailing list). Include the output of "make report" in your message.
     Please check out the request tracker. Maybe the bug was already
     reported or has already been fixed.
d150 1
a150 2
     "make report" in order to be added to the request tracker at
     http://www.openssl.org/rt2.html.
@


1.1.1.6.2.1
log
@Update to OpenSSL 0.9.6i.
@
text
@d132 2
a133 2
     via http://www.openssl.org/support/rt2.html and will be forwarded to a
     public mailing list). Include the output of "make report" in your message.
d154 1
a154 1
     http://www.openssl.org/support/rt2.html.
a287 12

 Note on random number generation
 --------------------------------

 Availability of cryptographically secure random numbers is required for
 secret key generation. OpenSSL provides several options to seed the
 internal PRNG. If not properly seeded, the internal PRNG will refuse
 to deliver random bytes and a "PRNG not seeded error" will occur.
 On systems without /dev/urandom (or similar) device, it may be necessary
 to install additional support software to obtain random seed.
 Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
 and the FAQ for more information.
@


1.1.1.7
log
@Vendor import of OpenSSL release 0.9.7. This release includes
support for AES and OpenBSD's hardware crypto.
@
text
@d5 2
a6 4
 [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X)
  is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.
  This document describes installation on operating systems in the Unix
  family.]
a55 9
  no-zlib       Don't try to build with support for zlib compression and
                decompression.

  zlib          Build with support for zlib compression/decompression.

  zlib-dynamic  Like "zlib", but has OpenSSL load the zlib library dynamically
                when needed.  This is only supported on systems where loading
                of shared libraries is supported.  This is the default choice.

d132 2
a133 2
     via http://www.openssl.org/support/rt2.html and will be forwarded to a
     public mailing list). Include the output of "make report" in your message.
d154 1
a154 1
     http://www.openssl.org/support/rt2.html.
a287 12

 Note on random number generation
 --------------------------------

 Availability of cryptographically secure random numbers is required for
 secret key generation. OpenSSL provides several options to seed the
 internal PRNG. If not properly seeded, the internal PRNG will refuse
 to deliver random bytes and a "PRNG not seeded error" will occur.
 On systems without /dev/urandom (or similar) device, it may be necessary
 to install additional support software to obtain random seed.
 Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
 and the FAQ for more information.
@


1.1.1.8
log
@Vendor import of OpenSSL 0.9.7a.
@
text
@d161 1
a161 1
     try removing any compiler optimization flags from the CFLAG line
a310 22

 Note on support for multiple builds
 -----------------------------------

 OpenSSL is usually built in it's source tree.  Unfortunately, this doesn't
 support building for multiple platforms from the same source tree very well.
 It is however possible to build in a separate tree through the use of lots
 of symbolic links, which should be prepared like this:

	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
		mkdir -p `dirname $F`
		rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
		echo $F '->' $OPENSSL_SOURCE/$F
	done
	make -f Makefile.org clean

 OPENSSL_SOURCE is an environment variable that contains the absolute (this
 is important!) path to the OpenSSL source tree.

 Also, operations like 'make update' should still be made in the source tree.
@


1.1.1.8.6.1
log
@MFC update OpenSSL 0.9.7d -> 0.9.7e.
@
text
@d126 1
a126 1
     Configure creates the file Makefile from Makefile.org and
d162 1
a162 1
     in Makefile and run "make clean; make". Please send a bug
@


1.1.1.9
log
@Vendor import of OpenSSL 0.9.7e.
@
text
@d126 1
a126 1
     Configure creates the file Makefile from Makefile.org and
d162 1
a162 1
     in Makefile and run "make clean; make". Please send a bug
@


1.1.1.10
log
@Vendor import of OpenSSL 0.9.8b
@
text
@d5 2
a6 4
 [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
  and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
  INSTALL.MacOS and INSTALL.NW.
  
d76 1
a76 17
                more efficient, but requires at least a 486). Note: Use
                compiler flags for any other CPU specific configuration,
                e.g. "-m32" to build x86 code on an x64 system.

  no-sse2	Exclude SSE2 code pathes. Normally SSE2 extention is
		detected at run-time, but the decision whether or not the
		machine code will be executed is taken solely on CPU
		capability vector. This means that if you happen to run OS
		kernel which does not support SSE2 extension on Intel P4
		processor, then your application might be exposed to
		"illegal instruction" exception. There might be a way
		to enable support in kernel, e.g. FreeBSD kernel can be
		compiled with CPU_ENABLE_SSE, and there is a way to
		disengage SSE2 code pathes upon application start-up,
		but if you aim for wider "audience" running such kernel,
		consider no-sse2. Both 386 and no-asm options above imply
		no-sse2.
d83 1
a83 1
  -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will
d126 1
a126 1
     Configure creates the file Makefile.ssl from Makefile.org and
d162 1
a162 1
     in Makefile.ssl and run "make clean; make". Please send a bug
d315 1
a315 1
 OpenSSL is usually built in its source tree.  Unfortunately, this doesn't
@


1.1.1.11
log
@Vendor import of OpenSSL 0.9.8e.
@
text
@d305 4
a308 4
 Shared libraries have certain caveats.  Binary backward compatibility
 can't be guaranteed before OpenSSL version 1.0.  The only reason to
 use them would be to conserve memory on systems where several programs
 are using OpenSSL.
@


1.1.1.11.2.1
log
@SVN rev 215997 on 2010-11-28 13:45:51Z by simon

Merge OpenSSL 0.9.8p into stable/7.

This merges up to and including head/crypto/openssl/ r215697; and
head/secure/lib/libcrypto/, head/secure/lib/libssl/,
head/secure/usr.bin/openssl/ r215698.

To make the merge simpler, a hack was added to set MACHINE_CPUARCH.

A few old OpenSSL security fixes are still the stable/7 tree - these
will be backed out to the vendor version shortly.

Security:	CVE-2010-2939, CVE-2010-3864
Security:	http://www.openssl.org/news/secadv_20101116.txt
Security:	FreeBSD-SA-10:10.openssl
Approved by:	re (implicitly - they did not object of the general idea
		of OpenSSL update)
@
text
@d161 1
a161 1
     via http://www.openssl.org/support/rt.html and will be forwarded to a
d183 1
a183 1
     http://www.openssl.org/support/rt.html.
@


