Configuration "packages"

From OpenSSLWiki
Revision as of 08:47, 31 July 2020 by Matt (talk | contribs) (→‎Files to add: Apply changed suggested in https://github.com/openssl/openssl/issues/12542)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

If you're missing a configuration for you platform, you may find a "package" here, which may be drop in files just as well as suggestions on what to change in the OpenSSL source to accommodate it.

z/OS [OpenSSL 1.1.1][edit]

OpenSSL 1.1.1 isn't supported on z/OS.

However, if you want to build OpenSSL on z/OS anyway, here are a few hints on how to do that. Though these hints are intended to be helpful, they might not work for you at all, depending on your build environment.

Files to add[edit]

These files can be added in the OpenSSL source tree, in Configurations/ or in a separate directory. In the latter case, set the environment variable OPENSSL_LOCAL_CONFIG_DIR to that directory's name to tell OpenSSL's Configure where they are.

00-base-zos.conf:

# Feel free to experiment by uncommenting
zos_asm => {
    template             => 1,
    # cpuid_asm_src      => "s390xcap.c # s390xcpuid.s",
    bn_asm_src           => "bn_asm.c", # s390x-gf2m.s
    # ec_asm_src         => "ecp_s390x_nistp.c",
    # aes_asm_src        => "aes-s390x.s aes-ctr.fake aes-xts.fake",
    # sha1_asm_src       => "sha1-s390x.s sha256-s390x.s sha512-s390x.s",
    # rc4_asm_src        => "rc4-s390x.s",
    # modes_asm_src      => "ghash-s390x.s",
    # chacha_asm_src     => "chacha-s390x.s",
    # poly1305_asm_src   => "poly1305-s390x.s",
    # keccak1600_asm_src => "keccak1600-s390x.s",
}

zos-unix.conf

"OS390-Unix" => {
    inherit_from     => [ "BASE_unix", asm("zos_asm") ],
    cc               => "/PATH/TO/c99.sh",
    cflags           => "-O -Wc,dll,XPLINK,exportall,hgpr,lp64 -Wa,'GOFF,SYSPARM(USE_XPLINK)' -qlongname -qlanglvl=extc99 -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE -D_OPEN_THREADS=2 -D_POSIX_SOURCE  -D_OPEN_MSGQ_EXT",
    module_ldflags   => "-Wl,XPLINK,LP64",
    shared_ldflags   => "-Wl,dll,XPLINK,LP64",
    shared_target    => "OS390-shared",
    bn_ops           => "THIRTY_TWO_BIT RC4_CHAR",
    thread_scheme    => "(unknown)",
    perlasm_scheme   => "zOS64",
},

/PATH/TO/c99.sh

#!/bin/sh -k
#
# Re-order arguments so that -L comes first.
#
opts=""
lopts=""

for arg in $* ; do
  case $arg in
    -L*) lopts="$lopts $arg" ;;
    *) opts="$opts $arg" ;;
  esac
done

c99 -Wl,dll $lopts $opts

Note that if you add c99.sh in OpenSSL's util/ directory, you can set the following in zos-unix.conf:

    cc               => "\$(SRCDIR)/util/c99.sh",

Building OpenSSL 1.1.1[edit]

(with xplink linkage, 64 bit, from EBCDIC sources)

  1. get a working EBCDIC perl version.
  2. gunzip the .tar file.
  3. use pax to extract from .tar. Example: pax -ofrom=ISO8859-1,to=IBM-1047 -rvf openssl-1.1.1e.tar
  4. Configure: ./Configure OS390-Unix
  5. Build: make