Compile OpenSSL Crypto Only

TL;DR

This guide shows you how to build just the crypto part of OpenSSL, saving time and resources if you don’t need the SSL/TLS functionality. This is useful for applications that only require cryptographic operations like hashing or signing.

Steps

1. Download OpenSSL Source Code
   • Visit the OpenSSL website and download the latest stable source code archive (e.g., a .tar.gz file).
   • Extract the archive using a command like:

   tar -xzf openssl-x.y.z.tar.gz

2. Configure OpenSSL
   • Navigate into the extracted directory:

   cd openssl-x.y.z

   • Run the configure script with specific options to disable SSL/TLS and enable only crypto features. This is the crucial step! Use these flags:
     • --prefix=/path/to/install: Specify where you want to install OpenSSL (replace /path/to/install).
     • -no-ssl: Disable SSL functionality.
     • -no-tls1_3: Disable TLSv1.3 functionality.
     • -shared: Build as a shared library (recommended for most use cases).

   ./config --prefix=/usr/local -no-ssl -no-tls1_3 -shared

3. Build OpenSSL
   • Compile the source code:

   make

   • This will take some time, but it should be faster than a full build.
4. Test (Optional)
   • Run the test suite to verify the crypto part is working correctly:

   make test

   • Note that some tests might fail if SSL/TLS functionality isn’t available, which is expected in this case.
5. Install OpenSSL
   • Install the compiled libraries and headers:

   make install

   • This will copy the files to the directory specified with --prefix during configuration.
6. Configure Your Application
   • Update your application’s build system (e.g., Makefile, CMakeLists.txt) to link against the newly installed OpenSSL libraries. Make sure to include the correct include paths and library paths.
   • For example, in a Makefile:

   CFLAGS = -I/usr/local/include

   LDFLAGS = -L/usr/local/lib -lssl -lcrypto