Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssl/README
changeset 363 9c0cad004039
child 419 a926b383669b
equal deleted inserted replaced
362:e1cadde52f4c 363:9c0cad004039 
       
     1 #
 
       
     2 # CDDL HEADER START
 
       
     3 #
 
       
     4 # The contents of this file are subject to the terms of the
 
       
     5 # Common Development and Distribution License (the "License").
 
       
     6 # You may not use this file except in compliance with the License.
 
       
     7 #
 
       
     8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 
       
     9 # or http://www.opensolaris.org/os/licensing.
 
       
    10 # See the License for the specific language governing permissions
 
       
    11 # and limitations under the License.
 
       
    12 #
 
       
    13 # When distributing Covered Code, include this CDDL HEADER in each
 
       
    14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 
       
    15 # If applicable, add the following below this CDDL HEADER, with the
 
       
    16 # fields enclosed by brackets "[]" replaced with your own identifying
 
       
    17 # information: Portions Copyright [yyyy] [name of copyright owner]
 
       
    18 #
 
       
    19 # CDDL HEADER END
 
       
    20 #
 
       
    21 # Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
 
       
    22 #
 
       
    23 
       
    24 Build Layout
 
       
    25 ---
 
       
    26 
       
    27 OpenSSL build is run three times. Once for 1.0.0 non-fips, once for 0.9.8
 
       
    28 fips-140, and once for 0.9.8 FIPS-140 canister (in the openssl-fips component)
 
       
    29 needed to build 0.9.8 FIPS-140 certified libraries. All builds are done for 32
 
       
    30 and 64 bits. So, in total, OpenSSL is built six times.
 
       
    31 
       
    32 See also comments in all three Makefiles for more information.
 
       
    33 
       
    34 The non-fips Build.
 
       
    35 ---
 
       
    36 
       
    37 The non-fips build is the main build of OpenSSL and includes the regular
 
       
    38 binaries, libraries, man pages, and header files.
 
       
    39 
       
    40 Patches
 
       
    41 ---
 
       
    42 
       
    43 08-6193522.patch
 
       
    44 Give CA.pl better defaults. See 6193522 for more information.
 
       
    45 
       
    46 11-6546806.patch
 
       
    47 Make sure the HMAC_CTX_init(3) man page gets delivered. See 6546806 for
 
       
    48 more information.
 
       
    49 
       
    50 14-manpage_openssl.patch
 
       
    51 Force openssl to install man pages into man[1357]openssl instead of man[1357].
 
       
    52 
       
    53 15-pkcs11_engine-0.9.8a.patch
 
       
    54 Patch which adds the pkcs11 engine. See also the pkcs11-engine/
 
       
    55 sub-directory. 
       
    56 
       
    57 18-compiler_opts.patch
 
       
    58 Adds four Solaris specific configurations (both 32bit and 64bit for both sparc
 
       
    59 and x86) to Configure which are then explicitly used by the Makefiles.
 
       
    60 
       
    61 Care should be taken if modifying this patch as changes to compile-time options
 
       
    62 can change the ABI. One example of this is the use of RC4_INT vs RC4_CHAR.
 
       
    63 
       
    64 20-remove_rpath.patch
 
       
    65 Prevent build binaries having an unnecessary runpath (/lib).
 
       
    66 
       
    67 23-noexstack.patch
 
       
    68 Build with non-executable stacks and non-executable data (x86).
 
       
    69 
       
    70 27-6978791.patch
 
       
    71 Modifies Makefile.shared so that libssl is built with -znodelete.
 
       
    72 
       
    73 28-enginesdir.patch
 
       
    74 Adds a new "enginesdir" option to the Configure script which allows a user to
 
       
    75 specify the engines directory.
 
       
    76 
       
    77 29-devcrypto_engine.patch
 
       
    78 Modifies engines/Makefile so that the devcrypto engine will be built in the
 
       
    79 "engines" directory. 
       
    80 
       
    81 opensslconf.patch
 
       
    82 Modifies opensslconf.h so that it is suitable for both 32bit and 64bit installs.
 
       
    83 OpenSSL either builds for 32bit or 64bit - it doesn't allow for combined 32bit
 
       
    84 and 64bit builds.
 
       
    85 
       
    86 The fips Build
 
       
    87 ---
 
       
    88 
       
    89 FIPS-140 certified libraries for Solaris private use. We wait for OpenSSL 1.0.0
 
       
    90 to be FIPS-140 certified in which time we can ship only 1.0.0 with S11 and make
 
       
    91 it a public interface.
 
       
    92 
       
    93 Patches
 
       
    94 ---
 
       
    95 
       
    96 All the patches from 1.0.0 are used in 0.9.8 as well aside from
 
       
    97 14-manpage_openssl.patch which is not needed since we do not deliver 0.9.8 man
 
       
    98 pages. Additional patches:
 
       
    99 
       
   100 01-7009105.patch
 
       
   101 Fixing a bug introduces in 0.9.8q and fixed in 0.9.8r.
 
       
   102 
       
   103 sparc-01-ccwrap.patch
 
       
   104 Workaround so that fingerprinting the canister during runtime and comparing it
 
       
   105 with the saved fingerprint works correctly.
upstream/oracle/userland-gate