= OpenSSL = = OpenSSL = The OpenSSL web site is http://www.openssl.org/. To quote the projects web site ... The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. It is your responsibility to check the [http://www.openssl.org/ OpenSSL] web site for your legal requirements. You need to insure you have meet these legal requirements. To quote the [http://www.openssl.org/ OpenSSL] Title web page ... PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY. = Building OpenSSL = Download the OpenSSL source code from the [http://www.openssl.org/source/ OpenSSL Source] page. The lastest built version is - http://www.openssl.org/source/openssl-0.9.7d.tar.gz This version was built with the following instructions with a 4.6.1 [wiki:Developer/Multilib Multilib RTEMS] for the M68K target. I have built applications with the library on RTEMS and they work and interoperate with Linux software. The [wiki:GoAhead GoAhead] web server also builds with the OpenSSL library. Watch the initialisation of the OpenSLL library when you have the [wiki:GoAhead GoAhead] web server running. Starting a SSL web server will result in the OpenSSL library being initialised. You need to arrange initialisation in one place. The applications tested do not use select, rather threads are used with blocking sockets. This made the code simpler as select requires you handle the need for the SSL code wanting more data. You can find details about this in the OpenSSL API. Change to a scratch work space on your host development machine and untar the source code: {{{ $ tar zxf openssl-0.9.7d.tar.gz $ cd openssl-0.9.7d }}} You need to edit the perl ''Configure'' script. Open it in an editor and locate the following: {{{ my %table=( ###File 'TABLE' (created by 'make TABLE') contains the data from this list, ###formatted for better readability. }}} then scroll down to the end the perl table. For the '''m68k-rtems''' target add the following lines: {{{ #### RTEMS Realtime Embedded Kernel "m68k-rtems", "m68k-rtems-gcc:-O3 -Wall -DTERMIOS -DNO''STRINGS''H=1 -I\$(INSTALLTOP)/m68k-rtems/lib/include::-D_REENTRANT:RTEMS:" }}} Change the target and compiler flags to suit your target. Do not add processor specific flags. These can be added when you run the ''Configure'' script. Note, OpenSSL is built in the source tree. Run the ''Configure'' script by entering a command line similar too this: {{{ $ ./Configure --prefix=/opt/rtems m68k-rtems -m5200 Configuring for m68k-rtems ~IsWindows=0 CC =m68k-rtems-gcc CFLAG =-DOPENSSL''SYSNAME''RTEMS -DOPENSSL''THREADS -D''REENTRANT \ * *******DOPENSSL''NO''KRB5 -m5200 -O3 -Wall -DTERMIOS DNO''STRINGS''H=1 \ * *******I$(INSTALLTOP)/m68k-rtems/lib/include EX_LIBS = BN''ASM =bn''asm.o DES''ENC =des''enc.o fcrypt_b.o BF''ENC =bf''enc.o CAST''ENC =c''enc.o RC4''ENC =rc4''enc.o RC5''ENC =rc5''enc.o MD5''OBJ''ASM = SHA1''OBJ''ASM = RMD160''OBJ''ASM= PROCESSOR = RANLIB =/usr/bin/ranlib ARFLAGS = PERL =/usr/bin/perl THIRTY''TWO''BIT mode RC4_CHUNK is undefined Makefile => Makefile.ssl ..... }}} In this example the library is for the generic Coldfire processor (5200). Once ''Configure'' completes you can check your setup by running: {{{ $ make TABLE (echo 'Output of `Configure TABLE'"':"; \ /usr/bin/perl Configure TABLE) > TABLE }}} The TABLE for the '''m68k-rtems''' target is: {{{ *** m68k-rtems $cc = m68k-rtems-gcc $cflags -O3 -Wall -DTERMIOS -DNO''STRINGS''H1 -I$(INSTALLTOP)/m68k-rtems/lib/include $unistd = $thread''cflag = -D''REENTRANT $sys_id = RTEMS $lflags = $bn_ops = $bn_obj = $des_obj = $bf_obj = $md5_obj = $sha1_obj = $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = $dso_scheme = $shared_target= $shared_cflag = $shared_ldflag = $shared_extension = $ranlib = $arflags = }}} To build the OpenSSL libraries enter the following '''make''' command line overriding the standard build directories This stops the building of OpenSSL applications that will not link cleanly: {{{ $ make DIRS="crypto ssl" all install }}} OpenSSL installs to paths that are typically used when building for a native library rather than a cross-compiler multilib target. For the RTEMS M68K multilib target with the -m5200 compiler option the include and library paths are: [[BR]] /opt/rtems/m68k-rtems/include[[BR]] /opt/rtems/m68k-rtems/lib/m5200[[BR]] while OpenSSL will install the files into: [[BR]] /opt/rtems/include/openssl/*.h[[BR]] /opt/rtems/lib/libcrypto.a[[BR]] /opt/rtems/lib/libssl.a[[BR]] A possible work around is to use the ''INSTALL''PREFIX'' argument to ''make_ to install into a scratch location and then to move the header files and libraries into the expected RTEMS locations. It is recommended the header files are placed in $prefix/m68k-rtems/include so the following autoconf test can be used to detect OpenSSL has been installed: AC_CHECK_HEADER([openssl/ssl.h])