Compile OpenSSL Crypto Only

TL;DR

This guide shows you how to build just the crypto part of OpenSSL, saving time and resources if you don’t need the SSL/TLS functionality. This is useful for applications that only require cryptographic operations like hashing or signing.

Steps

1. Download OpenSSL Source Code
   • Visit the OpenSSL website and download the latest stable source code archive (e.g., a .tar.gz file).
   • Extract the archive using a command like:

   tar -xzf openssl-x.y.z.tar.gz

2. Configure OpenSSL
   • Navigate into the extracted directory:

   cd openssl-x.y.z

3. Run the configure script with specific options to disable SSL/TLS and enable only crypto features. This is the crucial step! Use these flags:
   • --prefix=/path/to/install: Specify where you want to install OpenSSL (replace /path/to/install).
   • -no-ssl: Disable SSL functionality.
   • -no-tls1_3: Disable TLSv1.3 functionality.
   • -shared: Build as a shared library (recommended for most use cases).

./config --prefix=/usr/local -no-ssl -no-tls1_3 -shared

4. Build OpenSSL
   • Compile the source code:

   make

5. This will take some time, but it should be faster than a full build.
6. Test (Optional)
   • Run the test suite to verify the crypto part is working correctly:

   make test

7. Note that some tests might fail if SSL/TLS functionality isn’t available, which is expected in this case.
8. Install OpenSSL
   • Install the compiled libraries and headers:

   make install

9. This will copy the files to the directory specified with --prefix during configuration.
10. Configure Your Application
    • Update your application’s build system (e.g., Makefile, CMakeLists.txt) to link against the newly installed OpenSSL libraries. Make sure to include the correct include paths and library paths.
    • For example, in a Makefile:

    CFLAGS = -I/usr/local/include

    LDFLAGS = -L/usr/local/lib -lssl -lcrypto