Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Installing OpenSSL/Tongsuo

Install OpenSSL of a supported version before installing and using the KAE encryption and decryption module. The OpenSSL version must be 1.1.1x, 3.0.x, or Tongsuo 8.4.0. In addition, OpenSSL 3.0.x and Tongsuo 8.4.0 are available only on KAE 2.0 installed form source code.

If you do not want to use the default OpenSSL/Tongsuo, specify the installation path during OpenSSL/Tongsuo installation and transfer the path in the 6 step in section "Installation Using Source Code (KAE 2.0)."

Prerequisites

  • The kernel-devel matching your OS version has been installed.

    Query the current kernel version.

    1
    uname -r
  • perl and bzip2 have been installed.

    Query the version numbers of perl and bzip2.

    1
2
    perl --version
bzip2 --version
  • The GCC and Make tools have been installed. The performance data varies with the GCC version. Recommended versions are GCC 7.4.1 or later and Make 3.82 or later.

    Query the versions of GCC and Make.

    1
2
    gcc --version
make --version
  • Automake, Autoconf, and Libtool have been installed.

    Query the versions of Automake, Autoconf, and Libtool.

    1
2
3
    automake --version
autoconf --version
libtool --version

For details about how to install required software, see the following operations.

The default commands used to install software vary depending on the OS used. CentOS and EulerOS use Yum, and SUSE uses Zypper. Ensure that the system has been connected to the network or the image source has been configured. The following uses SUSE as an example to describe how to install GCC. The installation method is the same for other OSs.

  1. Mount the OS image.
    1
    mount -o loop /dev/sr0 /mnt
  2. Configure the local Zypper image source.
    1
    zypper ar file:///mnt local
  3. Install GCC.
    1
    zypper install gcc

Run the openssl version command to query the OpenSSL/Tongsuo version. If the OpenSSL version is 1.1.1x or 3.0.x or the Tongsuo version is 8.4.0, you can skip the following OpenSSL installation steps.

Procedure

  1. Use SSH to copy the OpenSSL source package to a custom directory.
  2. Use an SSH tool to remotely log in to the Linux CLI.
  3. Compile and install OpenSSL in the OpenSSL source code directory.

    If the installed OpenSSL version is different from the default OpenSSL version of the OS, you are advised to specify another directory, for example, /usr/local/ssl3_0_14, to prevent version conflicts.

    • Use the default installation directory /usr/local.
      1
      ./config -Wl,-rpath,/usr/local/lib
    • Specify another installation path.
      • OpenSSL
        1
        ./config --prefix=/usr/local/ssl3_0_14
      • Tongsuo
        1
        ./config --prefix=/opt/tongsuo

    This step automatically generates a Makefile based on the compilation platform and environment. You can use ./config --prefix to specify the installation path and use -Wl and -rpath to specify the paths of the libcrypto and libssl libraries on which OpenSSL depends.

    1
2
    make
make install

    OpenSSL is installed in /usr/local by default. For details, see the README file in the OpenSSL source code directory.

Verifying the Installation

  1. Enable the openssl command to be used globally.
    1
    export PATH=/usr/local/bin:$PATH
  2. Check the OpenSSL version.
    1
    openssl version

    If information similar to the following is displayed, the installation is complete (OpenSSL 1.1.1a is used as an example).

    1
    OpenSSL 1.1.1a 20 Nov 2018
Parent topic: Installing KAE