From 780dd7c611c53b66ed4ceb6614ae806941883fcc Mon Sep 17 00:00:00 2001 From: René Korthaus Date: Fri, 17 Mar 2017 22:49:14 +0100 Subject: Add a note that no RNG is part of the minimized build Also adds a description for the --list-modules and --module-policy option. --- doc/manual/building.rst | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/manual/building.rst b/doc/manual/building.rst index d13cabd35..804b421f0 100644 --- a/doc/manual/building.rst +++ b/doc/manual/building.rst @@ -61,10 +61,11 @@ we might see lines like:: INFO: Skipping, requires external dependency - boost bzip2 lzma sqlite3 tpm The ones that are skipped because they are require an external -depedency have to be explicitly asked for, because they rely on third +dependency have to be explicitly asked for, because they rely on third party libraries which your system might not have or that you might not want the resulting binary to depend on. For instance to enable zlib support, add ``--with-zlib`` to your invocation of ``configure.py``. +All available modules can be listed with ``--list-modules``. You can control which algorithms and modules are built using the options ``--enable-modules=MODS`` and ``--disable-modules=MODS``, for @@ -84,7 +85,16 @@ For instance:: will set up a build that only includes RSA, OAEP, PSS along with any required dependencies. A small subset of core features, including AES, SHA-2, HMAC, and the multiple precision integer library, are always -loaded. +loaded. Note that a minimized build does not include any random number +generator, which is needed for example to generate keys, nonces and IVs. +See :doc:`rng` on which random number generators are available. + +The option ``--module-policy=POL`` enables modules required by and +disables modules prohibited by a text policy in ``src/build-data/policy``. +Additional modules can be enabled if not prohibited by the policy. +Currently available policies include ``bsi``, ``nist`` and ``modern``:: + + $ ./configure.py --module-policy=bsi --enable-modules=tls,xts The script tries to guess what kind of makefile to generate, and it almost always guesses correctly (basically, Visual C++ uses NMAKE with -- cgit v1.2.3