#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
#
Build Layout
---
OpenSSL build is run three times. Once for 1.0.0 non-fips, once for 0.9.8
fips-140, and once for 0.9.8 FIPS-140 canister (in the openssl-fips component)
needed to build 0.9.8 FIPS-140 certified libraries. All builds are done for 32
and 64 bits. So, in total, OpenSSL is built six times.
See also comments in all three Makefiles for more information.
The non-fips Build.
---
The non-fips build is the main build of OpenSSL and includes the regular
binaries, libraries, man pages, and header files.
Patches
---
08-6193522.patch
Give CA.pl better defaults. See 6193522 for more information.
11-6546806.patch
Make sure the HMAC_CTX_init(3) man page gets delivered. See 6546806 for
more information.
14-manpage_openssl.patch
Force openssl to install man pages into man[1357]openssl instead of man[1357].
15-pkcs11_engine-0.9.8a.patch
Patch which adds the pkcs11 engine. See also the pkcs11-engine/
sub-directory.
18-compiler_opts.patch
Adds four Solaris specific configurations (both 32bit and 64bit for both sparc
and x86) to Configure which are then explicitly used by the Makefiles.
Care should be taken if modifying this patch as changes to compile-time options
can change the ABI. One example of this is the use of RC4_INT vs RC4_CHAR.
20-remove_rpath.patch
Prevent build binaries having an unnecessary runpath (/lib).
23-noexstack.patch
Build with non-executable stacks and non-executable data (x86).
27-6978791.patch
Modifies Makefile.shared so that libssl is built with -znodelete.
28-enginesdir.patch
Adds a new "enginesdir" option to the Configure script which allows a user to
specify the engines directory.
29-devcrypto_engine.patch
Modifies engines/Makefile so that the devcrypto engine will be built in the
"engines" directory.
openssl-1.0.0d-aesni-v4.i386-patch
X86-only patch.
Add a built-in engine, aesni, to support X86 AES-NI instructions, along with
files engines/aesni/aesni-x86[_64].pl.
This patch is for OpenSSL 1.0.0d. For newer OpenSSL versions, a newer patch
may be needed.
openssl-1.0.0d-t4-engine.sparc-patch
SPARC-only patch.
Add a built-in engine, t4, to support SPARC T4 crypto instructions.
along with files in directory engines/t4.
opensslconf.patch
Modifies opensslconf.h so that it is suitable for both 32bit and 64bit installs.
OpenSSL either builds for 32bit or 64bit - it doesn't allow for combined 32bit
and 64bit builds.
The fips Build
---
FIPS-140 certified libraries for Solaris private use. We wait for OpenSSL 1.0.0
to be FIPS-140 certified in which time we can ship only 1.0.0 with S11 and make
it a public interface.
Patches
---
All the patches from 1.0.0 are used in 0.9.8 as well aside from
14-manpage_openssl.patch which is not needed since we do not deliver 0.9.8 man
pages. Additional patches:
01-7009105.patch
Fixing a bug introduces in 0.9.8q and fixed in 0.9.8r.
sparc-01-ccwrap.patch
Workaround so that fingerprinting the canister during runtime and comparing it
with the saved fingerprint works correctly.