Lines Matching +full:build +full:- +full:linux +full:- +full:gcc

1 Build and Install
5 systems: the Unix/Linux family (including macOS), OpenVMS,
11 - [Prerequisites](#prerequisites)
12 - [Notational Conventions](#notational-conventions)
13 - [Quick Installation Guide](#quick-installation-guide)
14 - [Building OpenSSL](#building-openssl)
15 - [Installing OpenSSL](#installing-openssl)
16 - [Configuration Options](#configuration-options)
17 - [API Level](#api-level)
18 - [Cross Compile Prefix](#cross-compile-prefix)
19 - [Build Type](#build-type)
20 - [Directories](#directories)
21 - [Compiler Warnings](#compiler-warnings)
22 - [ZLib Flags](#zlib-flags)
23 - [Seeding the Random Generator](#seeding-the-random-generator)
24 - [Setting the FIPS HMAC key](#setting-the-FIPS-HMAC-key)
25 - [Enable and Disable Features](#enable-and-disable-features)
26 - [Displaying configuration data](#displaying-configuration-data)
27 - [Installation Steps in Detail](#installation-steps-in-detail)
28 - [Configure](#configure-openssl)
29 - [Build](#build-openssl)
30 - [Test](#test-openssl)
31 - [Install](#install-openssl)
32 - [Advanced Build Options](#advanced-build-options)
33 - [Environment Variables](#environment-variables)
34 - [Makefile Targets](#makefile-targets)
35 - [Running Selected Tests](#running-selected-tests)
36 - [Troubleshooting](#troubleshooting)
37 - [Configuration Problems](#configuration-problems)
38 - [Build Failures](#build-failures)
39 - [Test Failures](#test-failures)
40 - [Notes](#notes)
41 - [Notes on multi-threading](#notes-on-multi-threading)
42 - [Notes on shared libraries](#notes-on-shared-libraries)
43 - [Notes on random number generation](#notes-on-random-number-generation)
44 - [Notes on assembler modules compilation](#notes-on-assembler-modules-compilation)
52 * Perl 5 with core modules (please read [NOTES-PERL.md](NOTES-PERL.md))
53 * The Perl module `Text::Template` (please read [NOTES-PERL.md](NOTES-PERL.md))
62 * [Notes for UNIX-like platforms](NOTES-UNIX.md)
63 * [Notes for Android platforms](NOTES-ANDROID.md)
64 * [Notes for Windows platforms](NOTES-WINDOWS.md)
65 * [Notes for the DOS platform with DJGPP](NOTES-DJGPP.md)
66 * [Notes for the OpenVMS platform](NOTES-VMS.md)
67 * [Notes on Perl](NOTES-PERL.md)
68 * [Notes on Valgrind](NOTES-VALGRIND.md)
76 --------
86 -------
97 - or -
99 - or -
113 - or -
115 - or -
117 - or -
121 ---------
143 about the details, here is the short version of how to build and install
145 [Installation in Detail](#installation-steps-in-detail) section below.
148 ----------------
150 Use the following commands to configure, build and test OpenSSL.
154 ### Unix / Linux / macOS
162 Use the following commands to build OpenSSL:
171 issue the following commands to build OpenSSL.
180 Most likely you will be using the `VC-WIN64A` target for 64bit Windows
181 binaries (AMD64) or `VC-WIN32` for 32bit Windows binaries (X86).
182 The other two options are `VC-WIN64I` (Intel IA64, Itanium) and
183 `VC-CE` (Windows CE) are rather uncommon nowadays.
186 ------------------
204 [different location](#installing-to-a-different-location) which is not in
208 [Post-installation Notes](#post-installation-notes) further down.
210 ### Unix / Linux / macOS
228 depending on the file type, as it is custom on Unix-like operating systems.
266 The options `--prefix` and `--openssldir` are explained in further detail in
271 $ ./Configure --prefix=/opt/openssl --openssldir=/usr/local/ssl
275 $ perl Configure --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL]
278 you've read more than just this Quick Start, such as relevant `NOTES-*` files,
285 There are several options to `./Configure` to customize the build (note that
286 for Windows, the defaults for `--prefix` and `--openssldir` depend on what
288 For more information, see the [Notes for Windows platforms](NOTES-WINDOWS.md).
291 ---------
293 --api=x.y[.z]
295 Build the OpenSSL libraries to support the API for the specified version.
296 If [no-deprecated](#no-deprecated) is also given, don't build with support
300 --api=1.1.0 no-deprecated
305 entirely, just specify [no-deprecated](#no-deprecated).
306 If `--api` isn't given, it defaults to the current (minor) OpenSSL version.
309 --------------------
311 --cross-compile-prefix=<PREFIX>
315 It is likely to have to end with dash, e.g. `a-b-c-` would invoke GNU compiler
316 as `a-b-c-gcc`, etc. Unfortunately cross-compiling is too case-specific to put
317 together one-size-fits-all instructions. You might have to pass more flags or
319 are discussed in corresponding `Configurations/15-*.conf` files. But there are
320 cases when this option alone is sufficient. For example to build the mingw64
321 target on Linux `--cross-compile-prefix=x86_64-w64-mingw32-` works. Naturally
323 have option to install a number of prepackaged cross-compilers along with
324 corresponding run-time and development packages for "alien" hardware. To give
325 another example `--cross-compile-prefix=mipsel-linux-gnu-` suffices in such
328 For cross compilation, you must [configure manually](#manual-configuration).
329 Also, note that `--openssldir` refers to target's file system, not one you are
332 Build Type
333 ----------
335 --debug
337 Build OpenSSL with debugging symbols and zero optimization level.
339 --release
341 Build OpenSSL without debugging symbols. This is the default.
344 -----------
348 --libdir=DIR
351 (see the `--prefix` option) where libraries will be installed. By default
356 Some build targets have a multilib postfix set in the build configuration.
357 For these targets the default libdir is `lib<multilib-postfix>`. Please use
358 `--libdir=lib` to override the libdir if adding the postfix is undesirable.
362 --openssldir=DIR
369 OpenVMS: SYS$COMMON:[OPENSSL-COMMON]
376 --prefix=DIR
385 -----------------
387 --strict-warnings
390 for OpenSSL development. It only works when using gcc or clang as the compiler.
395 ----------
397 ### with-zlib-include
399 --with-zlib-include=DIR
405 ### with-zlib-lib
407 --with-zlib-lib=LIB
414 [zlib-dynamic](#zlib-dynamic) option is not also used. If `zlib-dynamic` is used
422 ----------------------------
424 --with-rand-seed=seed1[,seed2,...]
438 Use the [getrandom(2)][man-getrandom] or equivalent system call.
440 [man-getrandom]: http://man7.org/linux/man-pages/man2/getrandom.2.html
449 on most unix-ish operating systems.
474 [rng]: #notes-on-random-number-generation
477 -------------------------
479 --fips-key=value
481 As part of its self-test validation, the FIPS module must verify itself
482 by performing a SHA-256 HMAC computation on itself. The default key is
490 ---------------------------
495 [ enable-xxxx | no-xxxx ]
498 In the following list, always the non-default variant is documented: if
499 feature `xxxx` is disabled by default then `enable-xxxx` is documented and
500 if feature `xxxx` is enabled by default then `no-xxxx` is documented.
502 ### no-afalgeng
504 Don't build the AFALG engine.
508 ### enable-ktls
510 Build with Kernel TLS support.
512 This option will enable the use of the Kernel TLS data-path, which can improve
516 Kernel TLS data-path.
518 ### enable-asan
520 Build with the Address sanitiser.
524 gcc or clang and should be used in conjunction with the [no-shared](#no-shared)
527 ### enable-acvp-tests
529 Build support for Automated Cryptographic Validation Protocol (ACVP)
537 ### no-asm
545 ### no-async
547 Do not build support for async operations.
549 ### no-atexit
556 ### no-autoalginit
564 if this option is used. This option will force a non-shared build.
566 ### no-autoerrinit
574 ### no-autoload-config
581 ### enable-buildtest-c++
588 the C++ compiler. If not, the C++ build test will most likely break. As an
591 ### --banner=text
596 ### --w
598 On platforms where the choice of 32-bit or 64-bit architecture
603 ### no-bulk
605 Build only some minimal set of features.
606 This is a developer option used internally for CI build tests of the project.
608 ### no-cached-fetch
612 this option will reduce run-time memory usage but it also introduces a
616 ### no-capieng
618 Don't build the CAPI engine.
622 ### no-cmp
624 Don't build support for Certificate Management Protocol (CMP)
627 ### no-cms
629 Don't build support for Cryptographic Message Syntax (CMS).
631 ### no-comp
633 Don't build support for SSL/TLS compression.
636 the zlib or `zlib-dynamic` options are also chosen.
638 ### enable-crypto-mdebug
640 This now only enables the `failed-malloc` feature.
642 ### enable-crypto-mdebug-backtrace
644 This is a no-op; the project uses the compiler's address/leak sanitizer instead.
646 ### no-ct
648 Don't build support for Certificate Transparency (CT).
650 ### no-deprecated
652 Don't build with support for deprecated APIs up until and including the version
653 given with `--api` (or the current version, if `--api` wasn't specified).
655 ### no-dgram
657 Don't build support for datagram based BIOs.
661 ### no-dso
663 Don't build support for loading Dynamic Shared Objects (DSO)
665 ### enable-devcryptoeng
667 Build the `/dev/crypto` engine.
670 be disabled with `no-devcryptoeng`.
672 ### no-dynamic-engine
674 Don't build the dynamically loaded engines.
676 This only has an effect in a shared build.
678 ### no-ec
680 Don't build support for Elliptic Curves.
682 ### no-ec2m
684 Don't build support for binary Elliptic Curves
686 ### enable-ec_nistp_64_gcc_128
693 - with little-endian storage of non-byte types
694 - that tolerate misaligned memory references
695 - where the compiler:
696 - supports the non-standard type `__uint128_t`
697 - defines the built-in macro `__SIZEOF_INT128__`
699 ### enable-egd
701 Build support for gathering entropy from the Entropy Gathering Daemon (EGD).
703 ### no-engine
705 Don't build support for loading engines.
707 ### no-err
711 ### enable-external-tests
718 - GOST engine test suite
719 - Python PYCA/Cryptography test suite
720 - krb5 test suite
722 See the file [test/README-external.md](test/README-external.md)
725 ### no-filenames
730 ### enable-fips
732 Build (and install) the FIPS provider
734 ### no-fips-securitychecks
736 Don't perform FIPS module run-time checks related to enforcement of security
739 ### enable-fuzz-libfuzzer, enable-fuzz-afl
741 Build with support for fuzzing using either libfuzzer or AFL.
748 ### no-gost
750 Don't build support for GOST based ciphersuites.
756 ### no-legacy
758 Don't build the legacy provider.
762 ### no-makedepend
766 ### no-module
768 Don't build any dynamically loadable engines.
770 This also implies `no-dynamic-engine`.
772 ### no-multiblock
774 Don't build support for writing multiple records in one go in libssl
778 ### no-nextprotoneg
780 Don't build support for the Next Protocol Negotiation (NPN) TLS extension.
782 ### no-ocsp
784 Don't build support for Online Certificate Status Protocol (OCSP).
786 ### no-padlockeng
788 Don't build the padlock engine.
790 ### no-hw-padlock
792 As synonym for `no-padlockeng`. Deprecated and should not be used.
794 ### no-pic
796 Don't build with support for Position Independent Code.
798 ### no-pinshared
815 i.e., `no-shared` does not imply `no-pinshared`. This may come as a surprise when
816 linking libcrypto statically into a shared third-party library, because in this
818 configure the static build using `no-shared` and `no-pinshared` together.
824 ### no-posix-io
828 ### no-psk
830 Don't build support for Pre-Shared Key based ciphersuites.
832 ### no-rdrand
836 ### no-rfc3779
838 Don't build support for RFC3779, "X.509 Extensions for IP Addresses and
843 Build support for Stream Control Transmission Protocol (SCTP).
845 ### no-shared
849 See [Notes on shared libraries](#notes-on-shared-libraries) below.
851 ### no-sock
853 Don't build support for socket BIOs.
855 ### no-srp
857 Don't build support for Secure Remote Password (SRP) protocol or
860 ### no-srtp
862 Don't build Secure Real-Time Transport Protocol (SRTP) support.
864 ### no-sse2
866 Exclude SSE2 code paths from 32-bit x86 assembly modules.
868 Normally SSE2 extension is detected at run-time, but the decision whether or not
874 disengage SSE2 code paths upon application start-up, but if you aim for wider
875 "audience" running such kernel, consider `no-sse2`. Both the `386` and `no-asm`
876 options imply `no-sse2`.
878 ### no-ssl-trace
880 Don't build with SSL Trace capabilities.
882 This removes the `-trace` option from `s_client` and `s_server`, and omits the
885 Disabling `ssl-trace` may provide a small reduction in libssl binary size.
887 ### no-static-engine
889 Don't build the statically linked engines.
893 ### no-stdio
900 ### no-tests
902 Don't build test programs or run any tests.
904 ### no-threads
906 Don't build with support for multi-threaded applications.
910 Build with support for multi-threaded applications. Most platforms will enable
912 will usually require additional system-dependent options!
914 See [Notes on multi-threading](#notes-on-multi-threading) below.
916 ### enable-trace
918 Build with support for the integrated tracing api.
922 ### no-ts
924 Don't build Time Stamping (TS) Authority support.
926 ### enable-ubsan
928 Build with the Undefined Behaviour sanitiser (UBSAN).
932 gcc or clang and should be used in conjunction with the `-DPEDANTIC` option
933 (or the `--strict-warnings` option).
935 ### no-ui-console
937 Don't build with the User Interface (UI) console method
941 ### enable-unit-test
947 ### no-uplink
949 Don't build support for UPLINK interface.
951 ### enable-weak-ssl-ciphers
953 Build support for SSL/TLS ciphers that are considered "weak"
959 Build with support for zlib compression/decompression.
961 ### zlib-dynamic
970 In 32-bit x86 builds, use the 80386 instruction set only in assembly modules
974 accompanied by a corresponding compiler-specific option.
976 ### no-{protocol}
978 no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2}
980 Don't build support for negotiating the specified SSL/TLS protocol.
982 If `no-tls` is selected then all of `tls1`, `tls1_1`, `tls1_2` and `tls1_3`
984 Similarly `no-dtls` will disable `dtls1` and `dtls1_2`. The `no-ssl` option is
985 synonymous with `no-ssl3`. Note this only affects version negotiation.
989 ### no-{protocol}-method
991 no-{ssl3|tls1|tls1_1|tls1_2|dtls1|dtls1_2}-method
993 Analogous to `no-{protocol}` but in addition do not build the methods for
995 is no `no-tls1_3-method` option because there is no application method for
1001 ### enable-{algorithm}
1003 enable-{md2|rc5}
1005 Build with support for the specified algorithm.
1007 ### no-{algorithm}
1009 no-{aria|bf|blake2|camellia|cast|chacha|cmac|
1014 Build without support for the specified algorithm.
1018 ### Compiler-specific options
1020 -Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static
1030 Take note of the [Environment Variables](#environment-variables) documentation
1033 -xxx, +xxx, /xxx
1036 they are to the compiler as well. Unix-style options beginning with a
1037 `-` or `+` and Windows-style options beginning with a `/` are recognized.
1040 If the option contains arguments separated by spaces, then the URL-style
1042 to quote the option. For example, `-opt%20arg` gets expanded to `-opt arg`.
1046 Take note of the [Environment Variables](#environment-variables) documentation
1078 -D (or what corresponds to that on your
1082 be used instead of -I (or what corresponds
1104 $ ./Configure -DFOO CPPFLAGS=-DBAR -DCOOKIE
1114 For example, the following command will not see `-DBAR`:
1116 $ CPPFLAGS=-DBAR ./Configure -DCOOKIE
1120 $ CC=gcc CROSS_COMPILE=x86_64-w64-mingw32- ./Configure -DCOOKIE
1124 `enable-external-tests` and `enable-buildtest-c++`.
1143 -----------------------------
1152 $ ./configdata.pm --help # Unix
1156 $ perl configdata.pm --help # Windows and VMS
1162 -----------------
1170 #### Unix / Linux / macOS
1197 operating systems there is a choice between using cc or gcc.
1199 name as the argument to `Configure`. For example, a `linux-elf` user would
1202 $ ./Configure linux-elf [[ options ]]
1210 [Configurations/README-design.md](Configurations/README-design.md)
1213 The generic configurations `cc` or `gcc` should usually work on 32 bit
1214 Unix-like systems.
1216 `Configure` creates a build file (`Makefile` on Unix, `makefile` on Windows
1221 If none of the generated build files suit your purpose, it's possible to
1222 write your own build file template and give its name through the environment
1223 variable `BUILDFILE`. For example, Ninja build files could be supported by
1224 writing `Configurations/build.ninja.tmpl` and then configure with `BUILDFILE`
1227 $ BUILDFILE=build.ninja perl Configure [options...]
1231 OpenSSL can be configured to build in a build directory separate from the
1237 $ mkdir /var/tmp/openssl-build
1238 $ cd /var/tmp/openssl-build
1244 $ create/dir [.tmp.openssl-build]
1245 $ set default [.tmp.openssl-build]
1251 $ mkdir \temp-openssl
1252 $ cd \temp-openssl
1258 Build OpenSSL
1259 -------------
1261 Build OpenSSL by running:
1267 This will build the OpenSSL libraries (`libcrypto.a` and `libssl.a` on
1269 (`openssl`). The libraries will be built in the top-level directory,
1272 If the build fails, take a look at the [Build Failures](#build-failures)
1276 ------------
1278 After a successful build, and before installing, the libraries should
1290 See [test/README-dev.md](test/README-dev.md) for guidelines on adding tests.
1293 ---------------
1305 directory tree under `<PREFIX>` (the directory given with `--prefix` or
1308 ### Unix / Linux / macOS
1314 to build your own programs that use libcrypto
1319 share/man/man1 Contains the OpenSSL command line man-pages.
1320 share/man/man3 Contains the OpenSSL library calls man-pages.
1321 share/man/man5 Contains the OpenSSL configuration format man-pages.
1322 share/man/man7 Contains the OpenSSL other misc man-pages.
1328 Contains the HTML rendition of the man-pages.
1340 to build your own programs that use libcrypto
1354 OPENSSLDIR (the directory given with `--openssldir` or its default)
1365 install engines. If you already have a pre-installed version of OpenSSL as
1373 $ make DESTDIR=/tmp/package-root install # Unix
1374 $ mms/macro="DESTDIR=TMP:[PACKAGE-ROOT]" install ! OpenVMS
1380 ---------------------------------------------------
1398 Post-installation Notes
1399 -----------------------
1402 needs some post-installation attention, without which it will not be usable.
1407 See the openssl-fipsinstall(1) manual for details and examples.
1409 Advanced Build Options
1413 ---------------------
1416 over the build process. Typically these should be defined prior to running
1423 Use a different build file name than the platform default
1424 ("Makefile" on Unix-like platforms, "makefile" on native Windows,
1426 corresponding build file template.
1434 to use, e.g. gcc or clang.
1438 "--cross-compile-prefix" Configure flag described above. If both
1446 on all platforms, but it's only relevant on Unix-like platforms.
1458 should be built on different platforms as well as build file
1460 ".conf" files in the Configurations directory. The build
1491 ----------------
1499 The target to build all the software components and
1503 Build all the software components.
1507 Build all documentation components.
1510 Remove all build artefacts and return the directory to a "clean"
1535 list-tests
1539 Build and run the OpenSSL self tests.
1546 Re-run the configuration process, as exactly as the last time
1556 ----------------------
1562 test/README.md](test/README.md#running-selected-tests).
1568 ----------------------
1576 Operating system: x86-whatever-minix
1585 The main configuration file is [10-main.conf], which contains all targets that
1592 "target-name" => {
1593 inherit_from => [ "base-target" ],
1604 `Configurations/` directory. For example the `android-x86_64` can be found in
1605 [Configurations/15-android.conf](Configurations/15-android.conf).
1610 - [Configurations/README.md](Configurations/README.md)
1611 - [Configurations/README-design.md](Configurations/README-design.md)
1613 If you need further help, try to search the [openssl-users] mailing list
1640 Build Failures
1641 --------------
1643 If the build fails, look carefully at the output. Try to locate and understand
1650 If the build succeeded previously, but fails after a source or configuration
1651 change, it might be helpful to clean the build tree before attempting another
1652 build. Use this command:
1658 Assembler error messages can sometimes be sidestepped by using the `no-asm`
1659 configuration option. See also [notes](#notes-on-assembler-modules-compilation).
1661 Compiling parts of OpenSSL with gcc and others with the system compiler will
1664 If you are still having problems, try to search the [openssl-users] mailing
1671 -------------
1677 section [Test Failures of test/README.md](test/README.md#test-failures).
1681 Selected Tests of test/README.md](test/README.md#running-selected-tests).
1693 Notes on multi-threading
1694 ------------------------
1697 are needed to generate a library that is suitable for multi-threaded
1698 applications. On these systems, support for multi-threading is enabled
1699 by default; use the `no-threads` option to disable (this should never be
1702 On other systems, to enable support for multi-threading, you will have
1703 to specify at least two options: `threads`, and a system-dependent option.
1704 (The latter is `-D_REENTRANT` on various systems.) The default in this
1705 case, obviously, is not to include support for multi-threading (but
1706 you can still use `no-threads` to suppress an annoying warning message
1709 OpenSSL provides built-in support for two threading models: pthreads (found on
1710 most UNIX/Linux systems), and Windows threads. No other threading models are
1712 you should use `Configure` with the `no-threads` option.
1714 For pthreads, all locks are non-recursive. In addition, in a debug build,
1717 `-DOPENSSL_NO_MUTEX_ERRORCHECK` to your `Configure` invocation.
1718 (On Linux `PTHREAD_MUTEX_ERRORCHECK` is an enum value, so a built-in
1722 -------------------------
1725 build shared libraries for libcrypto and libssl. On these systems
1727 only static libraries created by using the `no-shared` option. On systems
1728 where OpenSSL does not know how to build shared libraries the `no-shared`
1739 on Cygwin, shared libraries are named `cygcrypto-1.1.dll` and `cygssl-1.1.dll`
1742 On Windows build with MSVC or using MingW, shared libraries are named
1743 `libcrypto-1_1.dll` and `libssl-1_1.dll` for 32-bit Windows,
1744 `libcrypto-1_1-x64.dll` and `libssl-1_1-x64.dll` for 64-bit x86_64 Windows,
1745 and `libcrypto-1_1-ia64.dll` and `libssl-1_1-ia64.dll` for IA64 Windows.
1751 OpenSSL is specifically built for 32-bit pointers, the shareable images
1753 instead, and when built for 64-bit pointers, they are named
1757 ---------------------------------
1764 The seeding method can be configured using the `--with-rand-seed` option,
1774 randomness sources. This corresponds to the option `--with-rand-seed=os`.
1777 and reseeding is disabled (`--with-rand-seed=none`) and it may be necessary
1783 --------------------------------------
1787 that use the AES-NI, PCLMULQDQ, SSSE3, and SHA extensions are always assembled.
1792 |---------------|--------|--------|---------|
1800 ---
1803 an explicit -march flag was apparently required to compile assembly modules. But
1804 then the compiler generates processor-specific code, which in turn contradicts
1805 the idea of performing dispatch at run-time, which is facilitated by the special
1807 around the problem by forcing the build procedure to use the following script:
1810 exec clang -no-integrated-as "$@"
1815 ---
1817 <!-- Links -->
1819 [openssl-users]:
1820 <https://mta.openssl.org/mailman/listinfo/openssl-users>
1831 [10-main.conf]:
1832 Configurations/10-main.conf