diff options
author | Jack Lloyd <[email protected]> | 2017-03-19 15:13:12 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-03-19 15:13:12 -0400 |
commit | eea97459a6044e83897d8d5eb4a3111d0dc6aae9 (patch) | |
tree | 0b7c51ce44155d9ed10d58e8440c585b7097ef16 | |
parent | 6817d1a2332b822e7f12e8904ad8e27081d6c827 (diff) | |
parent | 780dd7c611c53b66ed4ceb6614ae806941883fcc (diff) |
Merge GH #924 Add note about RNGs and minimized builds
-rw-r--r-- | doc/manual/building.rst | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/doc/manual/building.rst b/doc/manual/building.rst index d13cabd35..804b421f0 100644 --- a/doc/manual/building.rst +++ b/doc/manual/building.rst @@ -61,10 +61,11 @@ we might see lines like:: INFO: Skipping, requires external dependency - boost bzip2 lzma sqlite3 tpm The ones that are skipped because they are require an external -depedency have to be explicitly asked for, because they rely on third +dependency have to be explicitly asked for, because they rely on third party libraries which your system might not have or that you might not want the resulting binary to depend on. For instance to enable zlib support, add ``--with-zlib`` to your invocation of ``configure.py``. +All available modules can be listed with ``--list-modules``. You can control which algorithms and modules are built using the options ``--enable-modules=MODS`` and ``--disable-modules=MODS``, for @@ -84,7 +85,16 @@ For instance:: will set up a build that only includes RSA, OAEP, PSS along with any required dependencies. A small subset of core features, including AES, SHA-2, HMAC, and the multiple precision integer library, are always -loaded. +loaded. Note that a minimized build does not include any random number +generator, which is needed for example to generate keys, nonces and IVs. +See :doc:`rng` on which random number generators are available. + +The option ``--module-policy=POL`` enables modules required by and +disables modules prohibited by a text policy in ``src/build-data/policy``. +Additional modules can be enabled if not prohibited by the policy. +Currently available policies include ``bsi``, ``nist`` and ``modern``:: + + $ ./configure.py --module-policy=bsi --enable-modules=tls,xts The script tries to guess what kind of makefile to generate, and it almost always guesses correctly (basically, Visual C++ uses NMAKE with |