Lines Matching +full:libssl +full:- +full:dev
11 - [Prerequisites](#prerequisites)
12 - [Notational Conventions](#notational-conventions)
13 - [Quick Installation Guide](#quick-installation-guide)
14 - [Building OpenSSL](#building-openssl)
15 - [Installing OpenSSL](#installing-openssl)
16 - [Configuration Options](#configuration-options)
17 - [API Level](#api-level)
18 - [Cross Compile Prefix](#cross-compile-prefix)
19 - [Build Type](#build-type)
20 - [Directories](#directories)
21 - [Compiler Warnings](#compiler-warnings)
22 - [ZLib Flags](#zlib-flags)
23 - [Seeding the Random Generator](#seeding-the-random-generator)
24 - [Setting the FIPS HMAC key](#setting-the-FIPS-HMAC-key)
25 - [Enable and Disable Features](#enable-and-disable-features)
26 - [Displaying configuration data](#displaying-configuration-data)
27 - [Installation Steps in Detail](#installation-steps-in-detail)
28 - [Configure](#configure-openssl)
29 - [Build](#build-openssl)
30 - [Test](#test-openssl)
31 - [Install](#install-openssl)
32 - [Advanced Build Options](#advanced-build-options)
33 - [Environment Variables](#environment-variables)
34 - [Makefile Targets](#makefile-targets)
35 - [Running Selected Tests](#running-selected-tests)
36 - [Troubleshooting](#troubleshooting)
37 - [Configuration Problems](#configuration-problems)
38 - [Build Failures](#build-failures)
39 - [Test Failures](#test-failures)
40 - [Notes](#notes)
41 - [Notes on multi-threading](#notes-on-multi-threading)
42 - [Notes on shared libraries](#notes-on-shared-libraries)
43 - [Notes on random number generation](#notes-on-random-number-generation)
44 - [Notes on assembler modules compilation](#notes-on-assembler-modules-compilation)
52 * Perl 5 with core modules (please read [NOTES-PERL.md](NOTES-PERL.md))
53 * The Perl module `Text::Template` (please read [NOTES-PERL.md](NOTES-PERL.md))
62 * [Notes for UNIX-like platforms](NOTES-UNIX.md)
63 * [Notes for Android platforms](NOTES-ANDROID.md)
64 * [Notes for Windows platforms](NOTES-WINDOWS.md)
65 * [Notes for the DOS platform with DJGPP](NOTES-DJGPP.md)
66 * [Notes for the OpenVMS platform](NOTES-VMS.md)
67 * [Notes on Perl](NOTES-PERL.md)
68 * [Notes on Valgrind](NOTES-VALGRIND.md)
76 --------
86 -------
97 - or -
99 - or -
113 - or -
115 - or -
117 - or -
121 ---------
145 [Installation in Detail](#installation-steps-in-detail) section below.
148 ----------------
180 Most likely you will be using the `VC-WIN64A` target for 64bit Windows
181 binaries (AMD64) or `VC-WIN32` for 32bit Windows binaries (X86).
182 The other two options are `VC-WIN64I` (Intel IA64, Itanium) and
183 `VC-CE` (Windows CE) are rather uncommon nowadays.
186 ------------------
204 [different location](#installing-to-a-different-location) which is not in
208 [Post-installation Notes](#post-installation-notes) further down.
228 depending on the file type, as it is custom on Unix-like operating systems.
266 The options `--prefix` and `--openssldir` are explained in further detail in
271 $ ./Configure --prefix=/opt/openssl --openssldir=/usr/local/ssl
275 $ perl Configure --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL]
278 you've read more than just this Quick Start, such as relevant `NOTES-*` files,
286 for Windows, the defaults for `--prefix` and `--openssldir` depend on what
288 For more information, see the [Notes for Windows platforms](NOTES-WINDOWS.md).
291 ---------
293 --api=x.y[.z]
296 If [no-deprecated](#no-deprecated) is also given, don't build with support
300 --api=1.1.0 no-deprecated
305 entirely, just specify [no-deprecated](#no-deprecated).
306 If `--api` isn't given, it defaults to the current (minor) OpenSSL version.
309 --------------------
311 --cross-compile-prefix=<PREFIX>
315 It is likely to have to end with dash, e.g. `a-b-c-` would invoke GNU compiler
316 as `a-b-c-gcc`, etc. Unfortunately cross-compiling is too case-specific to put
317 together one-size-fits-all instructions. You might have to pass more flags or
319 are discussed in corresponding `Configurations/15-*.conf` files. But there are
321 target on Linux `--cross-compile-prefix=x86_64-w64-mingw32-` works. Naturally
323 have option to install a number of prepackaged cross-compilers along with
324 corresponding run-time and development packages for "alien" hardware. To give
325 another example `--cross-compile-prefix=mipsel-linux-gnu-` suffices in such
328 For cross compilation, you must [configure manually](#manual-configuration).
329 Also, note that `--openssldir` refers to target's file system, not one you are
333 ----------
335 --debug
339 --release
344 -----------
348 --libdir=DIR
351 (see the `--prefix` option) where libraries will be installed. By default
357 For these targets the default libdir is `lib<multilib-postfix>`. Please use
358 `--libdir=lib` to override the libdir if adding the postfix is undesirable.
362 --openssldir=DIR
369 OpenVMS: SYS$COMMON:[OPENSSL-COMMON]
376 --prefix=DIR
385 -----------------
387 --strict-warnings
395 ----------
397 ### with-zlib-include
399 --with-zlib-include=DIR
405 ### with-zlib-lib
407 --with-zlib-lib=LIB
414 [zlib-dynamic](#zlib-dynamic) option is not also used. If `zlib-dynamic` is used
422 ----------------------------
424 --with-rand-seed=seed1[,seed2,...]
438 Use the [getrandom(2)][man-getrandom] or equivalent system call.
440 [man-getrandom]: http://man7.org/linux/man-pages/man2/getrandom.2.html
447 "/dev/urandom","/dev/random","/dev/srandom"
449 on most unix-ish operating systems.
474 [rng]: #notes-on-random-number-generation
477 -------------------------
479 --fips-key=value
481 As part of its self-test validation, the FIPS module must verify itself
482 by performing a SHA-256 HMAC computation on itself. The default key is
490 ---------------------------
495 [ enable-xxxx | no-xxxx ]
498 In the following list, always the non-default variant is documented: if
499 feature `xxxx` is disabled by default then `enable-xxxx` is documented and
500 if feature `xxxx` is enabled by default then `no-xxxx` is documented.
502 ### no-afalgeng
508 ### enable-ktls
512 This option will enable the use of the Kernel TLS data-path, which can improve
516 Kernel TLS data-path.
518 ### enable-asan
524 gcc or clang and should be used in conjunction with the [no-shared](#no-shared)
527 ### enable-acvp-tests
537 ### no-asm
545 ### no-async
549 ### no-atexit
556 ### no-autoalginit
564 if this option is used. This option will force a non-shared build.
566 ### no-autoerrinit
568 Don't automatically load all libcrypto/libssl error strings.
574 ### no-autoload-config
581 ### enable-buildtest-c++
591 ### --banner=text
596 ### --w
598 On platforms where the choice of 32-bit or 64-bit architecture
603 ### no-bulk
608 ### no-cached-fetch
612 this option will reduce run-time memory usage but it also introduces a
616 ### no-capieng
622 ### no-cmp
627 ### no-cms
631 ### no-comp
636 the zlib or `zlib-dynamic` options are also chosen.
638 ### enable-crypto-mdebug
640 This now only enables the `failed-malloc` feature.
642 ### enable-crypto-mdebug-backtrace
644 This is a no-op; the project uses the compiler's address/leak sanitizer instead.
646 ### no-ct
650 ### no-deprecated
653 given with `--api` (or the current version, if `--api` wasn't specified).
655 ### no-dgram
661 ### no-dso
665 ### enable-devcryptoeng
667 Build the `/dev/crypto` engine.
670 be disabled with `no-devcryptoeng`.
672 ### no-dynamic-engine
678 ### no-ec
682 ### no-ec2m
686 ### enable-ec_nistp_64_gcc_128
693 - with little-endian storage of non-byte types
694 - that tolerate misaligned memory references
695 - where the compiler:
696 - supports the non-standard type `__uint128_t`
697 - defines the built-in macro `__SIZEOF_INT128__`
699 ### enable-egd
703 ### no-engine
707 ### no-err
711 ### enable-external-tests
718 - GOST engine test suite
719 - Python PYCA/Cryptography test suite
720 - krb5 test suite
722 See the file [test/README-external.md](test/README-external.md)
725 ### no-filenames
730 ### enable-fips
734 ### no-fips-securitychecks
736 Don't perform FIPS module run-time checks related to enforcement of security
739 ### enable-fuzz-libfuzzer, enable-fuzz-afl
748 ### no-gost
756 ### no-legacy
762 ### no-makedepend
766 ### no-module
770 This also implies `no-dynamic-engine`.
772 ### no-multiblock
774 Don't build support for writing multiple records in one go in libssl
778 ### no-nextprotoneg
782 ### no-ocsp
786 ### no-padlockeng
790 ### no-hw-padlock
792 As synonym for `no-padlockeng`. Deprecated and should not be used.
794 ### no-pic
798 ### no-pinshared
803 This is so that libcrypto and libssl can be properly cleaned up automatically
809 process exits. This could lead to crashes if either libcrypto or libssl have
811 platform which calls `atexit()` on unload of the library, and libssl is unloaded
815 i.e., `no-shared` does not imply `no-pinshared`. This may come as a surprise when
816 linking libcrypto statically into a shared third-party library, because in this
818 configure the static build using `no-shared` and `no-pinshared` together.
824 ### no-posix-io
828 ### no-psk
830 Don't build support for Pre-Shared Key based ciphersuites.
832 ### no-rdrand
836 ### no-rfc3779
845 ### no-shared
849 See [Notes on shared libraries](#notes-on-shared-libraries) below.
851 ### no-sock
855 ### no-srp
860 ### no-srtp
862 Don't build Secure Real-Time Transport Protocol (SRTP) support.
864 ### no-sse2
866 Exclude SSE2 code paths from 32-bit x86 assembly modules.
868 Normally SSE2 extension is detected at run-time, but the decision whether or not
874 disengage SSE2 code paths upon application start-up, but if you aim for wider
875 "audience" running such kernel, consider `no-sse2`. Both the `386` and `no-asm`
876 options imply `no-sse2`.
878 ### no-ssl-trace
882 This removes the `-trace` option from `s_client` and `s_server`, and omits the
883 `SSL_trace()` function from libssl.
885 Disabling `ssl-trace` may provide a small reduction in libssl binary size.
887 ### no-static-engine
893 ### no-stdio
896 type. Only libcrypto and libssl can be built in this way. Using this option will
900 ### no-tests
904 ### no-threads
906 Don't build with support for multi-threaded applications.
910 Build with support for multi-threaded applications. Most platforms will enable
912 will usually require additional system-dependent options!
914 See [Notes on multi-threading](#notes-on-multi-threading) below.
916 ### enable-trace
922 ### no-ts
926 ### enable-ubsan
932 gcc or clang and should be used in conjunction with the `-DPEDANTIC` option
933 (or the `--strict-warnings` option).
935 ### no-ui-console
941 ### enable-unit-test
947 ### no-uplink
951 ### enable-weak-ssl-ciphers
961 ### zlib-dynamic
970 In 32-bit x86 builds, use the 80386 instruction set only in assembly modules
974 accompanied by a corresponding compiler-specific option.
976 ### no-{protocol}
978 no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2}
982 If `no-tls` is selected then all of `tls1`, `tls1_1`, `tls1_2` and `tls1_3`
984 Similarly `no-dtls` will disable `dtls1` and `dtls1_2`. The `no-ssl` option is
985 synonymous with `no-ssl3`. Note this only affects version negotiation.
989 ### no-{protocol}-method
991 no-{ssl3|tls1|tls1_1|tls1_2|dtls1|dtls1_2}-method
993 Analogous to `no-{protocol}` but in addition do not build the methods for
995 is no `no-tls1_3-method` option because there is no application method for
1001 ### enable-{algorithm}
1003 enable-{md2|rc5}
1007 ### no-{algorithm}
1009 no-{aria|bf|blake2|camellia|cast|chacha|cmac|
1018 ### Compiler-specific options
1020 -Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static
1030 Take note of the [Environment Variables](#environment-variables) documentation
1033 -xxx, +xxx, /xxx
1036 they are to the compiler as well. Unix-style options beginning with a
1037 `-` or `+` and Windows-style options beginning with a `/` are recognized.
1040 If the option contains arguments separated by spaces, then the URL-style
1042 to quote the option. For example, `-opt%20arg` gets expanded to `-opt arg`.
1046 Take note of the [Environment Variables](#environment-variables) documentation
1078 -D (or what corresponds to that on your
1082 be used instead of -I (or what corresponds
1104 $ ./Configure -DFOO CPPFLAGS=-DBAR -DCOOKIE
1114 For example, the following command will not see `-DBAR`:
1116 $ CPPFLAGS=-DBAR ./Configure -DCOOKIE
1120 $ CC=gcc CROSS_COMPILE=x86_64-w64-mingw32- ./Configure -DCOOKIE
1124 `enable-external-tests` and `enable-buildtest-c++`.
1143 -----------------------------
1152 $ ./configdata.pm --help # Unix
1156 $ perl configdata.pm --help # Windows and VMS
1162 -----------------
1199 name as the argument to `Configure`. For example, a `linux-elf` user would
1202 $ ./Configure linux-elf [[ options ]]
1210 [Configurations/README-design.md](Configurations/README-design.md)
1214 Unix-like systems.
1237 $ mkdir /var/tmp/openssl-build
1238 $ cd /var/tmp/openssl-build
1244 $ create/dir [.tmp.openssl-build]
1245 $ set default [.tmp.openssl-build]
1251 $ mkdir \temp-openssl
1252 $ cd \temp-openssl
1259 -------------
1267 This will build the OpenSSL libraries (`libcrypto.a` and `libssl.a` on
1269 (`openssl`). The libraries will be built in the top-level directory,
1272 If the build fails, take a look at the [Build Failures](#build-failures)
1276 ------------
1290 See [test/README-dev.md](test/README-dev.md) for guidelines on adding tests.
1293 ---------------
1305 directory tree under `<PREFIX>` (the directory given with `--prefix` or
1315 or libssl.
1319 share/man/man1 Contains the OpenSSL command line man-pages.
1320 share/man/man3 Contains the OpenSSL library calls man-pages.
1321 share/man/man5 Contains the OpenSSL configuration format man-pages.
1322 share/man/man7 Contains the OpenSSL other misc man-pages.
1328 Contains the HTML rendition of the man-pages.
1341 or libssl.
1354 OPENSSLDIR (the directory given with `--openssldir` or its default)
1365 install engines. If you already have a pre-installed version of OpenSSL as
1373 $ make DESTDIR=/tmp/package-root install # Unix
1374 $ mms/macro="DESTDIR=TMP:[PACKAGE-ROOT]" install ! OpenVMS
1380 ---------------------------------------------------
1385 previously open. This includes all internal libssl structures and a number
1398 Post-installation Notes
1399 -----------------------
1402 needs some post-installation attention, without which it will not be usable.
1407 See the openssl-fipsinstall(1) manual for details and examples.
1413 ---------------------
1424 ("Makefile" on Unix-like platforms, "makefile" on native Windows,
1438 "--cross-compile-prefix" Configure flag described above. If both
1446 on all platforms, but it's only relevant on Unix-like platforms.
1491 ----------------
1535 list-tests
1546 Re-run the configuration process, as exactly as the last time
1556 ----------------------
1562 test/README.md](test/README.md#running-selected-tests).
1568 ----------------------
1576 Operating system: x86-whatever-minix
1585 The main configuration file is [10-main.conf], which contains all targets that
1592 "target-name" => {
1593 inherit_from => [ "base-target" ],
1604 `Configurations/` directory. For example the `android-x86_64` can be found in
1605 [Configurations/15-android.conf](Configurations/15-android.conf).
1610 - [Configurations/README.md](Configurations/README.md)
1611 - [Configurations/README-design.md](Configurations/README-design.md)
1613 If you need further help, try to search the [openssl-users] mailing list
1641 --------------
1658 Assembler error messages can sometimes be sidestepped by using the `no-asm`
1659 configuration option. See also [notes](#notes-on-assembler-modules-compilation).
1664 If you are still having problems, try to search the [openssl-users] mailing
1671 -------------
1677 section [Test Failures of test/README.md](test/README.md#test-failures).
1681 Selected Tests of test/README.md](test/README.md#running-selected-tests).
1693 Notes on multi-threading
1694 ------------------------
1697 are needed to generate a library that is suitable for multi-threaded
1698 applications. On these systems, support for multi-threading is enabled
1699 by default; use the `no-threads` option to disable (this should never be
1702 On other systems, to enable support for multi-threading, you will have
1703 to specify at least two options: `threads`, and a system-dependent option.
1704 (The latter is `-D_REENTRANT` on various systems.) The default in this
1705 case, obviously, is not to include support for multi-threading (but
1706 you can still use `no-threads` to suppress an annoying warning message
1709 OpenSSL provides built-in support for two threading models: pthreads (found on
1712 you should use `Configure` with the `no-threads` option.
1714 For pthreads, all locks are non-recursive. In addition, in a debug build,
1717 `-DOPENSSL_NO_MUTEX_ERRORCHECK` to your `Configure` invocation.
1718 (On Linux `PTHREAD_MUTEX_ERRORCHECK` is an enum value, so a built-in
1722 -------------------------
1725 build shared libraries for libcrypto and libssl. On these systems
1727 only static libraries created by using the `no-shared` option. On systems
1728 where OpenSSL does not know how to build shared libraries the `no-shared`
1737 and `libssl.so.1.1`.
1739 on Cygwin, shared libraries are named `cygcrypto-1.1.dll` and `cygssl-1.1.dll`
1740 with import libraries `libcrypto.dll.a` and `libssl.dll.a`.
1743 `libcrypto-1_1.dll` and `libssl-1_1.dll` for 32-bit Windows,
1744 `libcrypto-1_1-x64.dll` and `libssl-1_1-x64.dll` for 64-bit x86_64 Windows,
1745 and `libcrypto-1_1-ia64.dll` and `libssl-1_1-ia64.dll` for IA64 Windows.
1746 With MSVC, the import libraries are named `libcrypto.lib` and `libssl.lib`,
1747 while with MingW, they are named `libcrypto.dll.a` and `libssl.dll.a`.
1751 OpenSSL is specifically built for 32-bit pointers, the shareable images
1753 instead, and when built for 64-bit pointers, they are named
1757 ---------------------------------
1764 The seeding method can be configured using the `--with-rand-seed` option,
1774 randomness sources. This corresponds to the option `--with-rand-seed=os`.
1777 and reseeding is disabled (`--with-rand-seed=none`) and it may be necessary
1783 --------------------------------------
1787 that use the AES-NI, PCLMULQDQ, SSSE3, and SHA extensions are always assembled.
1792 |---------------|--------|--------|---------|
1800 ---
1803 an explicit -march flag was apparently required to compile assembly modules. But
1804 then the compiler generates processor-specific code, which in turn contradicts
1805 the idea of performing dispatch at run-time, which is facilitated by the special
1810 exec clang -no-integrated-as "$@"
1815 ---
1817 <!-- Links -->
1819 [openssl-users]:
1820 <https://mta.openssl.org/mailman/listinfo/openssl-users>
1831 [10-main.conf]:
1832 Configurations/10-main.conf