Lines Matching +full:zlib +full:- +full:dev
11 - [Prerequisites](#prerequisites)
12 - [Notational Conventions](#notational-conventions)
13 - [Quick Installation Guide](#quick-installation-guide)
14 - [Building OpenSSL](#building-openssl)
15 - [Installing OpenSSL](#installing-openssl)
16 - [Configuration Options](#configuration-options)
17 - [API Level](#api-level)
18 - [Cross Compile Prefix](#cross-compile-prefix)
19 - [Build Type](#build-type)
20 - [Directories](#directories)
21 - [Compiler Warnings](#compiler-warnings)
22 - [ZLib Flags](#zlib-flags)
23 - [Seeding the Random Generator](#seeding-the-random-generator)
24 - [Setting the FIPS HMAC key](#setting-the-FIPS-HMAC-key)
25 - [Enable and Disable Features](#enable-and-disable-features)
26 - [Displaying configuration data](#displaying-configuration-data)
27 - [Installation Steps in Detail](#installation-steps-in-detail)
28 - [Configure](#configure-openssl)
29 - [Build](#build-openssl)
30 - [Test](#test-openssl)
31 - [Install](#install-openssl)
32 - [Advanced Build Options](#advanced-build-options)
33 - [Environment Variables](#environment-variables)
34 - [Makefile Targets](#makefile-targets)
35 - [Running Selected Tests](#running-selected-tests)
36 - [Troubleshooting](#troubleshooting)
37 - [Configuration Problems](#configuration-problems)
38 - [Build Failures](#build-failures)
39 - [Test Failures](#test-failures)
40 - [Notes](#notes)
41 - [Notes on multi-threading](#notes-on-multi-threading)
42 - [Notes on shared libraries](#notes-on-shared-libraries)
43 - [Notes on random number generation](#notes-on-random-number-generation)
44 - [Notes on assembler modules compilation](#notes-on-assembler-modules-compilation)
52 * Perl 5 with core modules (please read [NOTES-PERL.md](NOTES-PERL.md))
53 * The Perl module `Text::Template` (please read [NOTES-PERL.md](NOTES-PERL.md))
62 * [Notes for UNIX-like platforms](NOTES-UNIX.md)
63 * [Notes for Android platforms](NOTES-ANDROID.md)
64 * [Notes for Windows platforms](NOTES-WINDOWS.md)
65 * [Notes for the DOS platform with DJGPP](NOTES-DJGPP.md)
66 * [Notes for the OpenVMS platform](NOTES-VMS.md)
67 * [Notes on Perl](NOTES-PERL.md)
68 * [Notes on Valgrind](NOTES-VALGRIND.md)
76 --------
86 -------
97 - or -
99 - or -
113 - or -
115 - or -
117 - or -
121 ---------
145 [Installation in Detail](#installation-steps-in-detail) section below.
148 ----------------
180 Most likely you will be using the `VC-WIN64A` target for 64bit Windows
181 binaries (AMD64) or `VC-WIN32` for 32bit Windows binaries (X86).
182 The other two options are `VC-WIN64I` (Intel IA64, Itanium) and
183 `VC-CE` (Windows CE) are rather uncommon nowadays.
186 ------------------
204 [different location](#installing-to-a-different-location) which is not in
208 [Post-installation Notes](#post-installation-notes) further down.
228 depending on the file type, as it is custom on Unix-like operating systems.
266 The options `--prefix` and `--openssldir` are explained in further detail in
271 $ ./Configure --prefix=/opt/openssl --openssldir=/usr/local/ssl
275 $ perl Configure --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL]
278 you've read more than just this Quick Start, such as relevant `NOTES-*` files,
286 for Windows, the defaults for `--prefix` and `--openssldir` depend on what
288 For more information, see the [Notes for Windows platforms](NOTES-WINDOWS.md).
291 ---------
293 --api=x.y[.z]
296 If [no-deprecated](#no-deprecated) is also given, don't build with support
300 --api=1.1.0 no-deprecated
305 entirely, just specify [no-deprecated](#no-deprecated).
306 If `--api` isn't given, it defaults to the current (minor) OpenSSL version.
309 --------------------
311 --cross-compile-prefix=<PREFIX>
315 It is likely to have to end with dash, e.g. `a-b-c-` would invoke GNU compiler
316 as `a-b-c-gcc`, etc. Unfortunately cross-compiling is too case-specific to put
317 together one-size-fits-all instructions. You might have to pass more flags or
319 are discussed in corresponding `Configurations/15-*.conf` files. But there are
321 target on Linux `--cross-compile-prefix=x86_64-w64-mingw32-` works. Naturally
323 have option to install a number of prepackaged cross-compilers along with
324 corresponding run-time and development packages for "alien" hardware. To give
325 another example `--cross-compile-prefix=mipsel-linux-gnu-` suffices in such
328 For cross compilation, you must [configure manually](#manual-configuration).
329 Also, note that `--openssldir` refers to target's file system, not one you are
333 ----------
335 --debug
339 --release
344 -----------
348 --libdir=DIR
351 (see the `--prefix` option) where libraries will be installed. By default
357 For these targets the default libdir is `lib<multilib-postfix>`. Please use
358 `--libdir=lib` to override the libdir if adding the postfix is undesirable.
362 --openssldir=DIR
369 OpenVMS: SYS$COMMON:[OPENSSL-COMMON]
376 --prefix=DIR
385 -----------------
387 --strict-warnings
394 ZLib Flags
395 ----------
397 ### with-zlib-include
399 --with-zlib-include=DIR
401 The directory for the location of the zlib include file. This option is only
402 necessary if [zlib](#zlib) is used and the include file is not
405 ### with-zlib-lib
407 --with-zlib-lib=LIB
409 **On Unix**: this is the directory containing the zlib library.
412 **On Windows:** this is the filename of the zlib library (with or
414 [zlib-dynamic](#zlib-dynamic) option is not also used. If `zlib-dynamic` is used
417 **On VMS:** this is the filename of the zlib library (with or without a path).
422 ----------------------------
424 --with-rand-seed=seed1[,seed2,...]
438 Use the [getrandom(2)][man-getrandom] or equivalent system call.
440 [man-getrandom]: http://man7.org/linux/man-pages/man2/getrandom.2.html
447 "/dev/urandom","/dev/random","/dev/srandom"
449 on most unix-ish operating systems.
474 [rng]: #notes-on-random-number-generation
477 -------------------------
479 --fips-key=value
481 As part of its self-test validation, the FIPS module must verify itself
482 by performing a SHA-256 HMAC computation on itself. The default key is
490 ---------------------------
495 [ enable-xxxx | no-xxxx ]
498 In the following list, always the non-default variant is documented: if
499 feature `xxxx` is disabled by default then `enable-xxxx` is documented and
500 if feature `xxxx` is enabled by default then `no-xxxx` is documented.
502 ### no-afalgeng
508 ### enable-ktls
512 This option will enable the use of the Kernel TLS data-path, which can improve
516 Kernel TLS data-path.
518 ### enable-asan
524 gcc or clang and should be used in conjunction with the [no-shared](#no-shared)
527 ### enable-acvp-tests
537 ### no-asm
545 ### no-async
549 ### no-atexit
556 ### no-autoalginit
564 if this option is used. This option will force a non-shared build.
566 ### no-autoerrinit
574 ### no-autoload-config
581 ### enable-buildtest-c++
591 ### --banner=text
596 ### --w
598 On platforms where the choice of 32-bit or 64-bit architecture
603 ### no-bulk
608 ### no-cached-fetch
612 this option will reduce run-time memory usage but it also introduces a
616 ### no-capieng
622 ### no-cmp
627 ### no-cms
631 ### no-comp
636 the zlib or `zlib-dynamic` options are also chosen.
638 ### enable-crypto-mdebug
640 This now only enables the `failed-malloc` feature.
642 ### enable-crypto-mdebug-backtrace
644 This is a no-op; the project uses the compiler's address/leak sanitizer instead.
646 ### no-ct
650 ### no-deprecated
653 given with `--api` (or the current version, if `--api` wasn't specified).
655 ### no-dgram
661 ### no-dso
665 ### enable-devcryptoeng
667 Build the `/dev/crypto` engine.
670 be disabled with `no-devcryptoeng`.
672 ### no-dynamic-engine
678 ### no-ec
682 ### no-ec2m
686 ### enable-ec_nistp_64_gcc_128
693 - with little-endian storage of non-byte types
694 - that tolerate misaligned memory references
695 - where the compiler:
696 - supports the non-standard type `__uint128_t`
697 - defines the built-in macro `__SIZEOF_INT128__`
699 ### enable-egd
703 ### no-engine
707 ### no-err
711 ### enable-external-tests
718 - GOST engine test suite
719 - Python PYCA/Cryptography test suite
720 - krb5 test suite
722 See the file [test/README-external.md](test/README-external.md)
725 ### no-filenames
730 ### enable-fips
734 ### no-fips-securitychecks
736 Don't perform FIPS module run-time checks related to enforcement of security
739 ### enable-fuzz-libfuzzer, enable-fuzz-afl
748 ### no-gost
756 ### no-legacy
762 ### no-makedepend
766 ### no-module
770 This also implies `no-dynamic-engine`.
772 ### no-multiblock
778 ### no-nextprotoneg
782 ### no-ocsp
786 ### no-padlockeng
790 ### no-hw-padlock
792 As synonym for `no-padlockeng`. Deprecated and should not be used.
794 ### no-pic
798 ### no-pinshared
815 i.e., `no-shared` does not imply `no-pinshared`. This may come as a surprise when
816 linking libcrypto statically into a shared third-party library, because in this
818 configure the static build using `no-shared` and `no-pinshared` together.
824 ### no-posix-io
828 ### no-psk
830 Don't build support for Pre-Shared Key based ciphersuites.
832 ### no-rdrand
836 ### no-rfc3779
845 ### no-shared
849 See [Notes on shared libraries](#notes-on-shared-libraries) below.
851 ### no-sock
855 ### no-srp
860 ### no-srtp
862 Don't build Secure Real-Time Transport Protocol (SRTP) support.
864 ### no-sse2
866 Exclude SSE2 code paths from 32-bit x86 assembly modules.
868 Normally SSE2 extension is detected at run-time, but the decision whether or not
874 disengage SSE2 code paths upon application start-up, but if you aim for wider
875 "audience" running such kernel, consider `no-sse2`. Both the `386` and `no-asm`
876 options imply `no-sse2`.
878 ### no-ssl-trace
882 This removes the `-trace` option from `s_client` and `s_server`, and omits the
885 Disabling `ssl-trace` may provide a small reduction in libssl binary size.
887 ### no-static-engine
893 ### no-stdio
900 ### no-tests
904 ### no-threads
906 Don't build with support for multi-threaded applications.
910 Build with support for multi-threaded applications. Most platforms will enable
912 will usually require additional system-dependent options!
914 See [Notes on multi-threading](#notes-on-multi-threading) below.
916 ### enable-trace
922 ### no-ts
926 ### enable-ubsan
932 gcc or clang and should be used in conjunction with the `-DPEDANTIC` option
933 (or the `--strict-warnings` option).
935 ### no-ui-console
941 ### enable-unit-test
947 ### no-uplink
951 ### enable-weak-ssl-ciphers
957 ### zlib subsection
959 Build with support for zlib compression/decompression.
961 ### zlib-dynamic
963 Like the zlib option, but has OpenSSL load the zlib library dynamically
970 In 32-bit x86 builds, use the 80386 instruction set only in assembly modules
974 accompanied by a corresponding compiler-specific option.
976 ### no-{protocol}
978 no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2}
982 If `no-tls` is selected then all of `tls1`, `tls1_1`, `tls1_2` and `tls1_3`
984 Similarly `no-dtls` will disable `dtls1` and `dtls1_2`. The `no-ssl` option is
985 synonymous with `no-ssl3`. Note this only affects version negotiation.
989 ### no-{protocol}-method
991 no-{ssl3|tls1|tls1_1|tls1_2|dtls1|dtls1_2}-method
993 Analogous to `no-{protocol}` but in addition do not build the methods for
995 is no `no-tls1_3-method` option because there is no application method for
1001 ### enable-{algorithm}
1003 enable-{md2|rc5}
1007 ### no-{algorithm}
1009 no-{aria|bf|blake2|camellia|cast|chacha|cmac|
1018 ### Compiler-specific options
1020 -Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static
1030 Take note of the [Environment Variables](#environment-variables) documentation
1033 -xxx, +xxx, /xxx
1036 they are to the compiler as well. Unix-style options beginning with a
1037 `-` or `+` and Windows-style options beginning with a `/` are recognized.
1040 If the option contains arguments separated by spaces, then the URL-style
1042 to quote the option. For example, `-opt%20arg` gets expanded to `-opt arg`.
1046 Take note of the [Environment Variables](#environment-variables) documentation
1078 -D (or what corresponds to that on your
1082 be used instead of -I (or what corresponds
1104 $ ./Configure -DFOO CPPFLAGS=-DBAR -DCOOKIE
1114 For example, the following command will not see `-DBAR`:
1116 $ CPPFLAGS=-DBAR ./Configure -DCOOKIE
1120 $ CC=gcc CROSS_COMPILE=x86_64-w64-mingw32- ./Configure -DCOOKIE
1124 `enable-external-tests` and `enable-buildtest-c++`.
1143 -----------------------------
1152 $ ./configdata.pm --help # Unix
1156 $ perl configdata.pm --help # Windows and VMS
1162 -----------------
1199 name as the argument to `Configure`. For example, a `linux-elf` user would
1202 $ ./Configure linux-elf [[ options ]]
1210 [Configurations/README-design.md](Configurations/README-design.md)
1214 Unix-like systems.
1237 $ mkdir /var/tmp/openssl-build
1238 $ cd /var/tmp/openssl-build
1244 $ create/dir [.tmp.openssl-build]
1245 $ set default [.tmp.openssl-build]
1251 $ mkdir \temp-openssl
1252 $ cd \temp-openssl
1259 -------------
1269 (`openssl`). The libraries will be built in the top-level directory,
1272 If the build fails, take a look at the [Build Failures](#build-failures)
1276 ------------
1290 See [test/README-dev.md](test/README-dev.md) for guidelines on adding tests.
1293 ---------------
1305 directory tree under `<PREFIX>` (the directory given with `--prefix` or
1319 share/man/man1 Contains the OpenSSL command line man-pages.
1320 share/man/man3 Contains the OpenSSL library calls man-pages.
1321 share/man/man5 Contains the OpenSSL configuration format man-pages.
1322 share/man/man7 Contains the OpenSSL other misc man-pages.
1328 Contains the HTML rendition of the man-pages.
1354 OPENSSLDIR (the directory given with `--openssldir` or its default)
1365 install engines. If you already have a pre-installed version of OpenSSL as
1373 $ make DESTDIR=/tmp/package-root install # Unix
1374 $ mms/macro="DESTDIR=TMP:[PACKAGE-ROOT]" install ! OpenVMS
1380 ---------------------------------------------------
1398 Post-installation Notes
1399 -----------------------
1402 needs some post-installation attention, without which it will not be usable.
1407 See the openssl-fipsinstall(1) manual for details and examples.
1413 ---------------------
1424 ("Makefile" on Unix-like platforms, "makefile" on native Windows,
1438 "--cross-compile-prefix" Configure flag described above. If both
1446 on all platforms, but it's only relevant on Unix-like platforms.
1491 ----------------
1535 list-tests
1546 Re-run the configuration process, as exactly as the last time
1556 ----------------------
1562 test/README.md](test/README.md#running-selected-tests).
1568 ----------------------
1576 Operating system: x86-whatever-minix
1585 The main configuration file is [10-main.conf], which contains all targets that
1592 "target-name" => {
1593 inherit_from => [ "base-target" ],
1604 `Configurations/` directory. For example the `android-x86_64` can be found in
1605 [Configurations/15-android.conf](Configurations/15-android.conf).
1610 - [Configurations/README.md](Configurations/README.md)
1611 - [Configurations/README-design.md](Configurations/README-design.md)
1613 If you need further help, try to search the [openssl-users] mailing list
1641 --------------
1658 Assembler error messages can sometimes be sidestepped by using the `no-asm`
1659 configuration option. See also [notes](#notes-on-assembler-modules-compilation).
1664 If you are still having problems, try to search the [openssl-users] mailing
1671 -------------
1677 section [Test Failures of test/README.md](test/README.md#test-failures).
1681 Selected Tests of test/README.md](test/README.md#running-selected-tests).
1693 Notes on multi-threading
1694 ------------------------
1697 are needed to generate a library that is suitable for multi-threaded
1698 applications. On these systems, support for multi-threading is enabled
1699 by default; use the `no-threads` option to disable (this should never be
1702 On other systems, to enable support for multi-threading, you will have
1703 to specify at least two options: `threads`, and a system-dependent option.
1704 (The latter is `-D_REENTRANT` on various systems.) The default in this
1705 case, obviously, is not to include support for multi-threading (but
1706 you can still use `no-threads` to suppress an annoying warning message
1709 OpenSSL provides built-in support for two threading models: pthreads (found on
1712 you should use `Configure` with the `no-threads` option.
1714 For pthreads, all locks are non-recursive. In addition, in a debug build,
1717 `-DOPENSSL_NO_MUTEX_ERRORCHECK` to your `Configure` invocation.
1718 (On Linux `PTHREAD_MUTEX_ERRORCHECK` is an enum value, so a built-in
1722 -------------------------
1727 only static libraries created by using the `no-shared` option. On systems
1728 where OpenSSL does not know how to build shared libraries the `no-shared`
1739 on Cygwin, shared libraries are named `cygcrypto-1.1.dll` and `cygssl-1.1.dll`
1743 `libcrypto-1_1.dll` and `libssl-1_1.dll` for 32-bit Windows,
1744 `libcrypto-1_1-x64.dll` and `libssl-1_1-x64.dll` for 64-bit x86_64 Windows,
1745 and `libcrypto-1_1-ia64.dll` and `libssl-1_1-ia64.dll` for IA64 Windows.
1751 OpenSSL is specifically built for 32-bit pointers, the shareable images
1753 instead, and when built for 64-bit pointers, they are named
1757 ---------------------------------
1764 The seeding method can be configured using the `--with-rand-seed` option,
1774 randomness sources. This corresponds to the option `--with-rand-seed=os`.
1777 and reseeding is disabled (`--with-rand-seed=none`) and it may be necessary
1783 --------------------------------------
1787 that use the AES-NI, PCLMULQDQ, SSSE3, and SHA extensions are always assembled.
1792 |---------------|--------|--------|---------|
1800 ---
1803 an explicit -march flag was apparently required to compile assembly modules. But
1804 then the compiler generates processor-specific code, which in turn contradicts
1805 the idea of performing dispatch at run-time, which is facilitated by the special
1810 exec clang -no-integrated-as "$@"
1815 ---
1817 <!-- Links -->
1819 [openssl-users]:
1820 <https://mta.openssl.org/mailman/listinfo/openssl-users>
1831 [10-main.conf]:
1832 Configurations/10-main.conf