blog_freecoder_openssl_images

How to Build and Compile OpenSSL from Source

During this article, we will try to see how to compile and build the source of the OpenSSL library in order to generate both static and dynamic libraries and deployed in second time on our linux server machine.

#1. What’s OpenSSL ?

OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.Wikipedia

#2. How To Check Openssl Library Version In Linux ? 

In order to confirm well that the openSSL is not already installed into our machine, we can execute this following command and see what it returns :

openssl version

As we can see on the output terminal that the openSSL is not found and by the way not installed on our machine:

➜  ~ openssl version
zsh: command not found: openssl

#3. How To Install OpenSSL Library Into Linux ? 

In order to install the OpenSSL package that provides libraries and headers files for libssl and libcrypto, the following command shall be used:

– Debian/Ubuntu

sudo apt-get install openssl

As we can see bellow the result of the command:

➜  ~ apt-get install openssl  
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
  ca-certificates
The following NEW packages will be installed:
  openssl
0 upgraded, 1 newly installed, 0 to remove and 21 not upgraded.
Need to get 850 kB of archives.
After this operation, 1500 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 openssl amd64 1.1.1k-1 [850 kB]
Fetched 850 kB in 0s (2208 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package openssl.
(Reading database ... 26705 files and directories currently installed.)
Preparing to unpack .../openssl_1.1.1k-1_amd64.deb ...
Unpacking openssl (1.1.1k-1) ...
Setting up openssl (1.1.1k-1) ...
➜  ~ openssl version       
OpenSSL 1.1.1k  25 Mar 2021

– RHEL/CentOs

sudo yum install openssl

As we can see bellow the result of the command:

➜  ~ openssl version       
OpenSSL 1.1.1k  25 Mar 2021

#4. How Build And Compile The Source Of Openssl Library ?

In order to build and compile the OpenSSL from source, you need to go to the official OpenSSL website and pick the latest library release ( openssl-3.0.0)

➜  ~ wget https://www.openssl.org/source/openssl-3.0.0.tar.gz

After typing the command, the openssl package is downloaded as you can see bellow:

➜  ~ wget https://www.openssl.org/source/openssl-3.0.0.tar.gz
--2021-10-08 18:11:50--  https://www.openssl.org/source/openssl-3.0.0.tar.gz
Resolving www.openssl.org (www.openssl.org)... 23.61.93.14, 2a02:26f0:9100:28d::c1e, 2a02:26f0:9100:288::c1e
Connecting to www.openssl.org (www.openssl.org)|23.61.93.14|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14978663 (14M) [application/x-gzip]
Saving to: 'openssl-3.0.0.tar.gz'
openssl-3.0.0.tar.gz      100%[=====================================>]  14.28M  12.0MB/s    in 1.2s    
2021-10-08 18:11:51 (12.0 MB/s) - 'openssl-3.0.0.tar.gz' saved [14978663/14978663]
➜  ~ ll
total 15M
-rw-r--r-- 1 root root 15M Sep  7 12:00 openssl-3.0.0.tar.gz

At the beginning we unzip the downloaded package and navigate to the openssl directory:

➜  ~ tar xzf openssl-3.0.0.tar.gz
➜  ~ ll                          
total 15M
drwxrwxr-x 20 root root 4.0K Sep  7 11:46 openssl-3.0.0
-rwxrwxrwx  1 root root  15M Sep  7 12:00 openssl-3.0.0.tar.gz
➜  ~ cd openssl-3.0.0            
➜  openssl-3.0.0 pwd                         
/root/openssl-3.0.0
➜  openssl-3.0.0 ll
total 1.3M
-rw-rw-r--  1 root root  157 Sep  7 11:46 ACKNOWLEDGEMENTS.md
-rw-rw-r--  1 root root  990 Sep  7 11:46 AUTHORS.md
-rw-rw-r--  1 root root 699K Sep  7 11:46 CHANGES.md
-rw-rw-r--  1 root root 4.3K Sep  7 11:46 CONTRIBUTING.md
drwxrwxr-x  3 root root 4.0K Sep  7 11:46 Configurations
-rwxrwxr-x  1 root root 133K Sep  7 11:46 Configure
-rw-rw-r--  1 root root  197 Sep  7 11:46 FAQ.md
-rw-rw-r--  1 root root 1.2K Sep  7 11:46 HACKING.md
-rw-rw-r--  1 root root  62K Sep  7 11:46 INSTALL.md
-rw-rw-r--  1 root root  10K Sep  7 11:46 LICENSE.txt
-rw-rw-r--  1 root root  68K Sep  7 11:46 NEWS.md
-rw-rw-r--  1 root root 4.5K Sep  7 11:46 NOTES-ANDROID.md
-rw-rw-r--  1 root root 2.1K Sep  7 11:46 NOTES-DJGPP.md
-rw-rw-r--  1 root root 9.9K Sep  7 11:46 NOTES-NONSTOP.md
-rw-rw-r--  1 root root 4.9K Sep  7 11:46 NOTES-PERL.md
-rw-rw-r--  1 root root 5.6K Sep  7 11:46 NOTES-UNIX.md
-rw-rw-r--  1 root root 2.7K Sep  7 11:46 NOTES-VALGRIND.md
-rw-rw-r--  1 root root 4.1K Sep  7 11:46 NOTES-VMS.md
-rw-rw-r--  1 root root 8.9K Sep  7 11:46 NOTES-WINDOWS.md
-rw-rw-r--  1 root root  16K Sep  7 11:46 README-ENGINES.md
-rw-rw-r--  1 root root 2.8K Sep  7 11:46 README-FIPS.md
-rw-rw-r--  1 root root 5.4K Sep  7 11:46 README-PROVIDERS.md
-rw-rw-r--  1 root root 6.5K Sep  7 11:46 README.md
-rw-rw-r--  1 root root 3.7K Sep  7 11:46 SUPPORT.md
-rw-rw-r--  1 root root   99 Sep  7 11:46 VERSION.dat
drwxrwxr-x  2 root root 4.0K Sep  7 11:46 VMS
drwxrwxr-x  5 root root 4.0K Sep  7 11:46 apps
-rw-rw-r--  1 root root 2.0K Sep  7 11:46 appveyor.yml
-rw-rw-r--  1 root root 3.6K Sep  7 11:46 build.info
-rwxrwxr-x  1 root root  378 Sep  7 11:46 config
-rw-rw-r--  1 root root 2.5K Sep  7 11:46 config.com
-rw-rw-r--  1 root root  15K Sep  7 11:46 configdata.pm.in
drwxrwxr-x 69 root root 4.0K Sep  7 11:46 crypto
drwxrwxr-x 13 root root 4.0K Sep  7 11:46 demos
drwxrwxr-x 10 root root 4.0K Sep  7 11:46 doc
-rw-rw-r--  1 root root  13K Sep  7 11:46 e_os.h
drwxrwxr-x  3 root root 4.0K Sep  7 11:46 engines
drwxrwxr-x  3 root root 4.0K Sep  7 11:46 external
drwxrwxr-x  2 root root 4.0K Sep  7 11:46 fuzz
drwxrwxr-x  5 root root 4.0K Sep  7 11:46 include
drwxrwxr-x  2 root root 4.0K Sep  7 11:46 ms
drwxrwxr-x  2 root root 4.0K Sep  7 11:46 os-dep
drwxrwxr-x  5 root root 4.0K Sep  7 11:46 providers
drwxrwxr-x  4 root root 4.0K Sep  7 11:46 ssl
drwxrwxr-x 11 root root  12K Sep  7 11:46 test
drwxrwxr-x  2 root root 4.0K Sep  7 11:46 tools
drwxrwxr-x  3 root root 4.0K Sep  7 11:46 util
drwxrwxr-x  2 root root 4.0K Sep  7 11:46 wycheproof

– Build OpenSSL static library

Through these steps, we will build a static library from the OpenSSL source:

  • Configure and compile OpenSSL with commands below:
➜  openssl-3.0.0 ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl -static zlib

Note:

–prefix and –openssldir = Set the output path of the OpenSSL.

static = force to create a static library.

zlib = enable the compression using zlib library.

After command finishing execution you shall get the result bellow:

➜  openssl-3.0.0 ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl -static zlib
Configuring OpenSSL version 3.0.0 for target linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Running configdata.pm
Creating Makefile.in
Creating Makefile
**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL.md file first)      ***
***                                                                ***
**********************************************************************

Launch the OpenSSL compilation by executing the make command bellow:

➜  openssl-3.0.0 make

This is the result when compilation finished:

➜  openssl-3.0.0 make                                                                     
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/crypto/bn_conf.h.in > include/crypto/bn_conf.h
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/crypto/dso_conf.h.in > include/crypto/dso_conf.h
...
...

As you can see the static libraries libcrypto.a and libssl.a are well generated.

In order to go fast in compilation, you can try to compile using multicore of your processor using this command bellow:

make -j(number of core)

– Build OpenSSL shared library

Through these steps, we will build a shared library from the OpenSSL source:

  • Configure and compile OpenSSL with commands below:
➜  openssl-3.0.0 ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib

Note:

–prefix and –openssldir = Set the output path of the OpenSSL.

shared = force to create a shared library.

zlib = enable the compression using zlib library.

After command finishing execution you shall get the result bellow:

➜  openssl-3.0.0 ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib 
Configuring OpenSSL version 3.0.0 for target linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Running configdata.pm
Creating Makefile.in
Creating Makefile
**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL.md file first)      ***
***                                                                ***
**********************************************************************

Launch the OpenSSL compilation by executing the make command bellow:

➜  openssl-3.0.0 make

This is the result when compilation finished:

➜  openssl-3.0.0 make                                                                     
...
...
gcc  -Iinclude -Iapps/include  -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_BUILDING_OPENSSL -DZLIB -DNDEBUG  -MMD -MF test/x509aux-bin-x509aux.d.tmp -MT test/x509aux-bin-x509aux.o -c -o test/x509aux-bin-x509aux.o test/x509aux.c
rm -f test/x509aux
${LDCMD:-gcc} -pthread -m64 -Wa,--noexecstack -Wall -O3 -L.   \
        -o test/x509aux \
        test/x509aux-bin-x509aux.o \
        test/libtestutil.a -lcrypto -lz -ldl -pthread 
rm -f "apps/CA.pl"
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
    "-oMakefile" apps/CA.pl.in > "apps/CA.pl"
chmod a+x apps/CA.pl
rm -f "apps/tsget.pl"
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
    "-oMakefile" apps/tsget.in > "apps/tsget.pl"
chmod a+x apps/tsget.pl
rm -f "tools/c_rehash"
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
    "-oMakefile" tools/c_rehash.in > "tools/c_rehash"
chmod a+x tools/c_rehash
rm -f "util/shlib_wrap.sh"
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
    "-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh"
chmod a+x util/shlib_wrap.sh
rm -f "util/wrap.pl"
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
    "-oMakefile" util/wrap.pl.in > "util/wrap.pl"
chmod a+x util/wrap.pl
make[1]: Leaving directory '/root/openssl-3.0.0'

As you can see the static libraries libcrypto.so and libssl.so are well generated.

In order to go fast in compilation, you can try to compile using multicore of your processor using this command bellow:

make -j(number of core)
  • Launch the installation OpenSSL by executing this command bellow:
➜  openssl-3.0.0 sudo make install

After finishing the installation you can verify the version as shown bellow:

➜  openssl-3.0.0 /usr/local/ssl/bin/openssl version
OpenSSL 3.0.0 7 sep 2021 (Library: OpenSSL 3.0.0 7 sep 2021)

Start building and compiling the OpenSSL using the CMake as shown bellow:

#. Use CMake to compile OpenSSL

cmake_minimum_required(VERSION 3.19.3)
### Project Information ###
project( STATIC_Libs
VERSION 0.1.1
LANGUAGES C
DESCRIPTION “Static Libraries”
)
#—————————————————–
# CMake instructions to build the Openssl static lib
#—————————————————–
set(OPENSSL_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/openssl-3.0.0/)
set(OPENSSL_BIN_DIR ${CMAKE_CURRENT_SOURCE_DIR}/Bin/)
add_custom_target( Openssl
DEPENDS libssl.a
)
add_custom_command( OUTPUT libssl.a
WORKING_DIRECTORY ${OPENSSL_SOURCE_DIR}
COMMAND ./config no-shared
COMMAND make
#COMMAND sudo make install
COMMAND cp libssl.a libcrypto.a ${OPENSSL_BIN_DIR}
COMMAND make clean
)
➜  ~ ll
total 15M
drwxr-xr-x  2 root root 4.0K Oct  9 13:56 Bin
-rw-r--r--  1 root root 1017 Oct  9 12:59 CMakeLists.txt
drwxrwxr-x 20 root root 4.0K Oct  8 22:44 openssl-3.0.0
-rwxrwxrwx  1 root root  15M Sep  7 12:00 openssl-3.0.0.tar.gz
➜  ~ cmake .                                                      
-- The C compiler identification is GNU 11.1.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: /usr/bin/cc - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Configuring done
-- Generating done
-- Build files have been written to: /root
➜  ~ ll
total 15M
drwxr-xr-x  2 root root 4.0K Oct  9 13:56 Bin
-rw-r--r--  1 root root  13K Oct  9 13:03 CMakeCache.txt
drwxr-xr-x  5 root root 4.0K Oct  9 13:03 CMakeFiles
-rw-r--r--  1 root root 1017 Oct  9 12:59 CMakeLists.txt
-rw-r--r--  1 root root 4.3K Oct  9 13:03 Makefile
-rw-r--r--  1 root root 1.6K Oct  9 13:03 cmake_install.cmake
drwxrwxr-x 20 root root 4.0K Oct  8 22:44 openssl-3.0.0
-rwxrwxrwx  1 root root  15M Sep  7 12:00 openssl-3.0.0.tar.gz
➜  ~ cmake --build . --target Openssl
[100%] Generating libssl.a
Configuring OpenSSL version 3.0.0 for target linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Running configdata.pm
Creating Makefile.in
Creating Makefile
**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL.md file first)      ***
***                                                                ***
**********************************************************************

Conclusion

OpenSSL is a robust, complex, and comprehensive network library. Although this article only covers a the compilation and deployment of the library into a linux machine. In an other article, we covered advanced approaches and use cases of this library to generate signed certificate and public keys.

Default image
@freecoder

I have been working as an embedded developer for over 15 years and I am very passionate about what I do.
My goal is to write good, clean code that is easy to maintain and extend. I believe that code should be well-tested, readable, and concise.

Articles: 13