Installing OpenSSL/Tongsuo

Install OpenSSL of a supported version before installing and using the KAE encryption and decryption module. The OpenSSL version must be 1.1.1x, 3.0.x, or Tongsuo 8.4.0. OpenSSL 3.0.x and Tongsuo 8.4.0 are available only on KAE 2.0 installed from source code.

If you do not want to use the default OpenSSL/Tongsuo, specify the installation path during OpenSSL/Tongsuo installation and enter the path in step 6 of section "Installation Using Source Code" (KAE 2.0).

Prerequisites

The kernel-devel package matching your OS version has been installed.
Query the current kernel version.
1
uname -r
perl and bzip2 have been installed.
Query their versions:
1 2
perl --version bzip2 --version
The GCC and Make tools have been installed. The performance varies depending on the GCC version. Recommended versions are GCC 7.4.1 or later and Make 3.82 or later.
Query their versions:
1 2
gcc --version make --version
Automake, Autoconf, and libtool have been installed.
Query their versions:
1 2 3
automake --version autoconf --version libtool --version

For software that has not been installed, use the command-line tool of the OS to install it. For example, use Yum for CentOS/EulerOS/openEuler and Zypper for SUSE.

Procedure

Run the openssl version command to query the OpenSSL/Tongsuo version. If the OpenSSL version is 1.1.1x or 3.0.x, or the Tongsuo version is 8.4.0, you can skip the following OpenSSL/Tongsuo installation steps.

Use SSH to copy the OpenSSL/Tongsuo source package to a custom directory.
Download the OpenSSL/Tongsuo source package OpenSSL 1.1.1x, OpenSSL 3.0.x, or Tongsuo 8.4.0.

If Tongsuo calls a custom engine by running the speed command, related resources cannot be released after the encryption and decryption tasks are complete, and a segmentation fault is reported. This issue has been submitted to the upstream community. Apply the patch before source code compilation.
Compile and install OpenSSL/Tongsuo in the OpenSSL/Tongsuo source code directory.
If the installed OpenSSL/Tongsuo version is different from the default OpenSSL version of the OS, you are advised to specify another directory, for example, /usr/local/ssl3_0_14, to prevent version conflicts.
- Use the default installation directory /usr/local.
  1
  ./config
- Specify another installation path.
  - OpenSSL
    1
    ./config --prefix=/usr/local/ssl1_1_1a
  - Tongsuo
    1
    ./config --prefix=/opt/tongsuo
This step automatically generates a Makefile based on the compilation platform and environment. You can use ./config --prefix to specify the installation path and use -Wl and -rpath to specify the paths to the libcrypto and libssl libraries on which OpenSSL depends.
1 2
make make install
OpenSSL/Tongsuo is installed in /usr/local by default. For details, see the README file in the source code directory.

Verification

Set the PATH environment variable to make the openssl command available globally.
1
export PATH=/usr/local/bin:$PATH
Check the OpenSSL version.
1
openssl version
If information similar to the following is displayed, the installation is complete (OpenSSL 1.1.1a is used as an example).
1
OpenSSL 1.1.1a 20 Nov 2018

Parent topic: Environment Deployment