wiki:Packages/OpenSSL

Version 4 (modified by Chris Johns, on Dec 11, 2014 at 2:55:28 AM) (diff)

--

OpenSSL

OpenSSL

The OpenSSL web site is http://www.openssl.org/. To quote the projects web site ...

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

It is your responsibility to check the OpenSSL web site for your legal requirements. You need to insure you have meet these legal requirements. To quote the OpenSSL Title web page ...

PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.

Building OpenSSL

Download the OpenSSL source code from the OpenSSL Source page. The lastest built version is -

http://www.openssl.org/source/openssl-0.9.7d.tar.gz

This version was built with the following instructions with a 4.6.1 Multilib RTEMS for the M68K target.

I have built applications with the library on RTEMS and they work and interoperate with Linux software. The GoAhead web server also builds with the OpenSSL library. Watch the initialisation of the OpenSLL library when you have the GoAhead web server running. Starting a SSL web server will result in the OpenSSL library being initialised. You need to arrange initialisation in one place.

The applications tested do not use select, rather threads are used with blocking sockets. This made the code simpler as select requires you handle the need for the SSL code wanting more data. You can find details about this in the OpenSSL API.

Change to a scratch work space on your host development machine and untar the source code:

    $ tar zxf openssl-0.9.7d.tar.gz
    $ cd openssl-0.9.7d

You need to edit the perl Configure script. Open it in an editor and locate the following:

    my %table=(
    File 'TABLE' (created by 'make TABLE') contains the data from this list,
    formatted for better readability.

then scroll down to the end the perl table. For the m68k-rtems target add the following lines:

RTEMS Realtime Embedded Kernel "m68k-rtems", "m68k-rtems-gcc:-O3 -Wall -DTERMIOS -DNOSTRINGSH=1 -I\$(INSTALLTOP)/m68k-rtems/lib/include::-D_REENTRANT:RTEMS:"

Change the target and compiler flags to suit your target. Do not add processor specific flags. These can be added when you run the Configure script. Note, OpenSSL is built in the source tree. Run the Configure script by entering a command line similar too this:

    $ ./Configure --prefix=/opt/rtems m68k-rtems -m5200
    Configuring for m68k-rtems
    ~IsWindows=0
    CC            =m68k-rtems-gcc
    CFLAG         =-DOPENSSL''SYSNAME''RTEMS -DOPENSSL''THREADS -D''REENTRANT \
                    DOPENSSL''NO''KRB5 -m5200 -O3 -Wall -DTERMIOS DNO''STRINGS''H=1 \
                    I$(INSTALLTOP)/m68k-rtems/lib/include
    EX_LIBS       =

    BN''ASM        =bn''asm.o
    DES''ENC       =des''enc.o fcrypt_b.o
    BF''ENC        =bf''enc.o
    CAST''ENC      =c''enc.o
    RC4''ENC       =rc4''enc.o
    RC5''ENC       =rc5''enc.o
    MD5''OBJ''ASM   =

    SHA1''OBJ''ASM  =

    RMD160''OBJ''ASM=

    PROCESSOR     =

    RANLIB        =/usr/bin/ranlib
    ARFLAGS       =

    PERL          =/usr/bin/perl
    THIRTY''TWO''BIT mode
    RC4_CHUNK is undefined
    Makefile => Makefile.ssl
     .....

In this example the library is for the generic Coldfire processor (5200). Once Configure completes you can check your setup by running:

    $ make TABLE
    (echo 'Output of `Configure TABLE'"':"; \
    /usr/bin/perl Configure TABLE) > TABLE

The TABLE for the m68k-rtems target is:

    m68k-rtems
    $cc           = m68k-rtems-gcc
    $cflags       <tt> -O3 -Wall -DTERMIOS -DNO''STRINGS''H</tt>1 -I$(INSTALLTOP)/m68k-rtems/lib/include
    $unistd       =

    $thread''cflag = -D''REENTRANT
    $sys_id       = RTEMS
    $lflags       =

    $bn_ops       =

    $bn_obj       =

    $des_obj      =

    $bf_obj       =

    $md5_obj      =

    $sha1_obj     =

    $cast_obj     =

    $rc4_obj      =

    $rmd160_obj   =

    $rc5_obj      =

    $dso_scheme   =

    $shared_target=

    $shared_cflag =

    $shared_ldflag =

    $shared_extension =

    $ranlib       =

    $arflags      =

To build the OpenSSL libraries enter the following make command line overriding the standard build directories This stops the building of OpenSSL applications that will not link cleanly:

    $ make DIRS="crypto ssl" all install

OpenSSL installs to paths that are typically used when building for a native library rather than a cross-compiler multilib target. For the RTEMS M68K multilib target with the -m5200 compiler option the include and library paths are:


/opt/rtems/m68k-rtems/include
/opt/rtems/m68k-rtems/lib/m5200

while OpenSSL will install the files into:


/opt/rtems/include/openssl/*.h
/opt/rtems/lib/libcrypto.a
/opt/rtems/lib/libssl.a

A possible work around is to use the INSTALLPREFIX argument to make_ to install into a scratch location and then to move the header files and libraries into the expected RTEMS locations.

It is recommended the header files are placed in $prefix/m68k-rtems/include so the following autoconf test can be used to detect OpenSSL has been installed:

AC_CHECK_HEADER([openssl/ssl.h])