1NOTES FOR THE HPE NONSTOP PLATFORM 2============================== 3 4Requirement details 5------------------- 6 7In addition to the requirements and instructions listed 8in [INSTALL.md](INSTALL.md), the following are required as well: 9 10 * The TNS/X platform supports hardware randomization. 11 Specify the `--with-rand-seed=rdcpu` option to the `./Configure` script. 12 This is recommended but not required. `egd` is supported at 3.0 but cannot 13 be used if FIPS is selected. 14 * The TNS/E platform does not support hardware randomization, so 15 specify the `--with-rand-seed=egd` option to the `./Configure` script. 16 17About c99 compiler 18------------------ 19 20The c99 compiler is required for building OpenSSL from source. While c11 21may work, it has not been broadly tested. c99 is the only compiler 22prerequisite needed to build OpenSSL 3.0 on this platform. You should also 23have the FLOSS package installed on your system. The ITUGLIB FLOSS package 24is the only FLOSS variant that has been broadly tested. 25 26Threading Models 27---------------- 28 29OpenSSL can be built using unthreaded, POSIX User Threads (PUT), or Standard 30POSIX Threads (SPT). Select the following build configuration for each on 31the TNS/X (L-Series) platform: 32 33 * `nonstop-nsx` or default will select an unthreaded build. 34 * `nonstop-nsx_put` selects the PUT build. 35 * `nonstop-nsx_64_put` selects the 64 bit file length PUT build. 36 * `nonstop-nsx_spt_floss` selects the SPT build with FLOSS. FLOSS is 37 required for SPT builds because of a known hang when using SPT on its own. 38 39### TNS/E Considerations 40 41The TNS/E platform is build using the same set of builds specifying `nse` 42instead of `nsx` in the set above. 43 44You cannot build for TNS/E for FIPS, so you must specify the `no-fips` 45option to `./Configure`. 46 47About Prefix and OpenSSLDir 48--------------------------- 49 50Because there are many potential builds that must co-exist on any given 51NonStop node, managing the location of your build distribution is crucial. 52Keep each destination separate and distinct. Mixing any mode described in 53this document can cause application instability. The recommended approach 54is to specify the OpenSSL version and threading model in your configuration 55options, and keeping your memory and float options consistent, for example: 56 57 * For 1.1 `--prefix=/usr/local-ssl1.1 --openssldir=/usr/local-ssl1.1/ssl` 58 * For 1.1 PUT `--prefix=/usr/local-ssl1.1_put --openssldir=/usr/local-ssl1.1_put/ssl` 59 60As of 3.0, the NonStop configurations use the multilib attribute to distinguish 61between different models: 62 63 * For 3.0 `--prefix=/usr/local-ssl3.0 --openssldir=/usr/local-ssl3.0/ssl` 64 65The PUT model is placed in `${prefix}/lib-put` for 32-bit models and 66`${prefix}/lib64-put` for 64-bit models. 67 68Use the `_RLD_LIB_PATH` environment variable in OSS to select the appropriate 69directory containing `libcrypto.so` and `libssl.so`. In GUARDIAN, use the 70`=_RLD_LIB_PATH` search define to locate the GUARDIAN subvolume where OpenSSL 71is installed. 72 73Float Considerations 74-------------------- 75 76OpenSSL is built using IEEE Float mode by default. If you need a different 77IEEE mode, create a new configuration specifying `tfloat-x86-64` (for Tandem 78Float) or `nfloat-x86-64` (for Neutral Float). 79 80Memory Models 81------------- 82 83The current OpenSSL default memory model uses the default platform address 84model. If you need a different address model, you must specify the appropriate 85c99 options for compile (`CFLAGS`) and linkers (`LDFLAGS`). 86 87Cross Compiling on Windows 88-------------------------- 89 90To configure and compile OpenSSL, you will need to set up a Cygwin environment. 91The Cygwin tools should include bash, make, and any other normal tools required 92for building programs. 93 94Your `PATH` must include the bin directory for the c99 cross-compiler, as in: 95 96 export PATH=/cygdrive/c/Program\ Files\ \(x86\)/HPE\ NonStop/L16.05/usr/bin:$PATH 97 98This should be set before Configure is run. For the c99 cross-compiler to work 99correctly, you also need the `COMP_ROOT` set, as in: 100 101 export COMP_ROOT="C:\Program Files (x86)\HPE NonStop\L16.05" 102 103`COMP_ROOT` needs to be in Windows form. 104 105`Configure` must specify the `no-makedepend` option otherwise errors will 106result when running the build because the c99 cross-compiler does not support 107the `gcc -MT` option. An example of a `Configure` command to be run from the 108OpenSSL directory is: 109 110 ./Configure nonstop-nsx_64 no-makedepend --with-rand-seed=rdcpu 111 112Do not forget to include any OpenSSL cross-compiling prefix and certificate 113options when creating your libraries. 114 115The OpenSSL test suite will not run on your workstation. In order to verify the 116build, you will need to perform the build and test steps in OSS in your NonStop 117server. You can also build under gcc and run the test suite for Windows but that 118is not equivalent. 119 120**Note:** In the event that you are attempting a FIPS-compliant cross-compile, 121be aware that signatures may not match between builds done under OSS and under 122cross-compiles as the compilers do not necessarily generate identical objects. 123Anything and everything to do with FIPS is outside the scope of this document. 124Refer to the FIPS security policy for more information. 125 126The following build configurations have been successfully attempted at one 127point or another. If you are successful in your cross-compile efforts, please 128update this list: 129 130- nonstop-nsx_64 131- nonstop-nsx_64_put 132 133**Note:** Cross-compile builds for TNS/E have not been attempted, but should 134follow the same considerations as for TNS/X above. SPT builds generally require 135FLOSS, which is not available for workstation builds. As a result, SPT builds 136of OpenSSL cannot be cross-compiled. 137 138Also see the NSDEE discussion below for more historical information. 139 140Cross Compiling with NSDEE 141-------------------------- 142 143**Note:** None of these builds have been tested by the platform maintainer and 144are supplied for historical value. Please submit a Pull Request to OpenSSL 145should these need to be adjusted. 146 147If you are attempting to build OpenSSL with NSDEE, you will need to specify 148the following variables. The following set of compiler defines are required: 149 150 # COMP_ROOT must be a full path for the build system (e.g. windows) 151 COMP_ROOT=$(cygpath -w /path/to/comp_root) 152 # CC must be executable by your shell 153 CC=/path/to/c99 154 155### Optional Build Variables 156 157 DBGFLAG="--debug" 158 CIPHENABLES="enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-rc4" 159 160### Internal Known TNS/X to TNS/E Cross Compile Variables 161 162The following definition is required if you are building on TNS/X for TNS/E 163and have access to a TNS/E machine on your EXPAND network - with an example 164node named `\CS3`: 165 166 SYSTEMLIBS="-L/E/cs3/usr/local/lib" 167 168Version Procedure (VPROC) Considerations 169---------------------------------------- 170 171If you require a VPROC entry for platform version identification, use the 172following variables: 173 174### For Itanium 175 176 OPENSSL_VPROC_PREFIX=T0085H06 177 178### For x86 179 180 OPENSSL_VPROC_PREFIX=T0085L01 181 182### Common Definition 183 184 export OPENSSL_VPROC=${OPENSSL_VPROC_PREFIX}_$( 185 . VERSION.dat 186 if [ -n "$PRE_RELEASE_TAG" ]; then 187 PRE_RELEASE_TAG="-$PRE_RELEASE_TAG" 188 fi 189 echo "$MAJOR.$MINOR.$PATCH$PRE_RELEASE_TAG$BUILD_METADATA" |\ 190 sed -e 's/[-.+]/_/g' 191 ) 192 193Example Configure Targets 194------------------------- 195 196For OSS targets, the main DLL names will be `libssl.so` and `libcrypto.so`. 197For GUARDIAN targets, DLL names will be `ssl` and `crypto`. The following 198assumes that your PWD is set according to your installation standards. 199 200 ./Configure nonstop-nsx --prefix=${PWD} \ 201 --openssldir=${PWD}/ssl no-threads \ 202 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 203 ./Configure nonstop-nsx_g --prefix=${PWD} \ 204 --openssldir=${PWD}/ssl no-threads \ 205 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 206 ./Configure nonstop-nsx_put --prefix=${PWD} \ 207 --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ 208 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 209 ./Configure nonstop-nsx_spt_floss --prefix=${PWD} \ 210 --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ 211 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 212 ./Configure nonstop-nsx_64 --prefix=${PWD} \ 213 --openssldir=${PWD}/ssl no-threads \ 214 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 215 ./Configure nonstop-nsx_64_put --prefix=${PWD} \ 216 --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ 217 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 218 ./Configure nonstop-nsx_g_tandem --prefix=${PWD} \ 219 --openssldir=${PWD}/ssl no-threads \ 220 --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 221 222 ./Configure nonstop-nse --prefix=${PWD} \ 223 --openssldir=${PWD}/ssl no-threads \ 224 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 225 ./Configure nonstop-nse_g --prefix=${PWD} \ 226 --openssldir=${PWD}/ssl no-threads \ 227 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 228 ./Configure nonstop-nse_put --prefix=${PWD} \ 229 --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ 230 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 231 ./Configure nonstop-nse_spt_floss --prefix=${PWD} \ 232 --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ 233 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 234 ./Configure nonstop-nse_64 --prefix=${PWD} \ 235 --openssldir=${PWD}/ssl no-threads \ 236 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 237 ./Configure nonstop-nse_64_put --prefix=${PWD} \ 238 --openssldir=${PWD}/ssl threads "-D_REENTRANT" 239 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 240 ./Configure nonstop-nse_g_tandem --prefix=${PWD} \ 241 --openssldir=${PWD}/ssl no-threads \ 242 --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} 243