How to Cross Compile OpenSSL a Step by Step Guide
Introduction
This tutorial will show how to cross compile the OpenSSL software on an GNU Linux embedded platform.
Overview of the project
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.
OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.
To find out more about OpenSSL and its components see the project's website http://www.openssl.org.
Download
OpenSSL software releases can be found at: http://www.openssl.org/source/.
The latest available release by the time of writing of this tutorial is 0.9.8g (October 19th 2007).
To download this release, just type the following command:
wget http://www.openssl.org/source/openssl-0.9.8g.tar.gz
Environment Setup
The host machine will be a PC with a GNU Linux distribution installed.
The embedded platform might be constructed on top of one of the following architectures:
- arm.
- mips.
- mipsel.
- ppc.
- sparc.
Prerequisites
To cross compile the OpenSSL project, you need either a cross compiler, or an emulated Linux running on top of a virtualization software such as QEMU, matching your specific targeted platform.
In order to build yourself such a cross compiler, at crosstool page we introduced the way to build a C,C++ 4.1 GNU compiler for an ARM platform.
Also, hackers will be interested finding all the details to setup an ARM Debian system on their traditional Ubuntun distro following the indications quoted in this other arm-debian-on-ubuntu.
The OpenSSL project does not need any specific dependencies.
The Cross compilation process
Option 1: Using a cross compiler
Assumptions
During the process, we will assume the cross toolchain is called xxx-yyy-linux-gnu, meaning that the gcc, g++, ar, ..., ld utilities are prefixed by xxx-yyy-linux-gnu. For example, for this toolchain the C compiler is called xxx-yyy-linux-gnu-gcc.
We will also assume that the bin, include, lib and libexec folders of the cross toolchain are accessible through the PATH variable environment in order to work with the compilers from any place in the file system.
Finally, we suppose it is intalled in the following folder: /opt/crosstool/gcc-4.1.2-glibc-2.3.2/xxx-yyy-linux-gnu.
Organization
As mentioned above:
- The release being cross compiled is:
0.9.8g
- The tar.gz file will then be extracted under:
/opt/external_packages/openssl/0.9.8g/source
- The results of the compilation will be stored under:
/opt/external_packages/openssl/0.9.8g/compiled/xxx-yyy-linux-gnu
The files resulting from the cross compilation are listed here (the content of the man folder is intentionaly not displayed):
.: total 40 drwxr-xr-x 2 root root 4096 2008-03-07 12:33 bin drwxr-xr-x 2 root root 4096 2008-03-07 12:33 certs drwxr-xr-x 3 root root 4096 2008-03-07 12:33 include drwxr-xr-x 4 root root 4096 2008-03-07 12:33 lib drwxr-xr-x 6 root root 4096 2008-03-07 12:32 man drwxr-xr-x 2 root root 4096 2008-03-07 12:33 misc -rw-r--r-- 1 root root 9374 2008-03-07 12:33 openssl.cnf drwxr-xr-x 2 root root 4096 2008-03-07 12:33 private
./bin: total 1624 -rwxr-xr-x 1 root root 3648 2008-03-07 12:33 c_rehash -rwxr-xr-x 1 root root 1650844 2008-03-07 12:33 openssl
./certs: total 0
./include: total 4 drwxr-xr-x 2 root root 4096 2008-03-07 12:33 openssl
./include/openssl: total 1336 -rw-r--r-- 1 root root 5372 2008-03-07 12:33 aes.h -rw-r--r-- 1 root root 46728 2008-03-07 12:33 asn1.h -rw-r--r-- 1 root root 18956 2008-03-07 12:33 asn1_mac.h -rw-r--r-- 1 root root 27838 2008-03-07 12:33 asn1t.h -rw-r--r-- 1 root root 30772 2008-03-07 12:33 bio.h -rw-r--r-- 1 root root 5073 2008-03-07 12:33 blowfish.h -rw-r--r-- 1 root root 33035 2008-03-07 12:33 bn.h -rw-r--r-- 1 root root 4565 2008-03-07 12:33 buffer.h -rw-r--r-- 1 root root 4349 2008-03-07 12:33 cast.h -rw-r--r-- 1 root root 1601 2008-03-07 12:33 comp.h -rw-r--r-- 1 root root 4080 2008-03-07 12:33 conf_api.h -rw-r--r-- 1 root root 9484 2008-03-07 12:33 conf.h -rw-r--r-- 1 root root 22121 2008-03-07 12:33 crypto.h -rw-r--r-- 1 root root 10724 2008-03-07 12:33 des.h -rw-r--r-- 1 root root 18226 2008-03-07 12:33 des_old.h -rw-r--r-- 1 root root 8372 2008-03-07 12:33 dh.h -rw-r--r-- 1 root root 10474 2008-03-07 12:33 dsa.h -rw-r--r-- 1 root root 16252 2008-03-07 12:33 dso.h -rw-r--r-- 1 root root 6146 2008-03-07 12:33 dtls1.h -rw-r--r-- 1 root root 540 2008-03-07 12:33 ebcdic.h -rw-r--r-- 1 root root 4609 2008-03-07 12:33 ecdh.h -rw-r--r-- 1 root root 10578 2008-03-07 12:33 ecdsa.h -rw-r--r-- 1 root root 21389 2008-03-07 12:33 ec.h -rw-r--r-- 1 root root 37839 2008-03-07 12:33 engine.h -rw-r--r-- 1 root root 9632 2008-03-07 12:33 e_os2.h -rw-r--r-- 1 root root 12493 2008-03-07 12:33 err.h -rw-r--r-- 1 root root 35620 2008-03-07 12:33 evp.h -rw-r--r-- 1 root root 4368 2008-03-07 12:33 hmac.h -rw-r--r-- 1 root root 4364 2008-03-07 12:33 idea.h -rw-r--r-- 1 root root 7642 2008-03-07 12:33 krb5_asn.h -rw-r--r-- 1 root root 5927 2008-03-07 12:33 kssl.h -rw-r--r-- 1 root root 7429 2008-03-07 12:33 lhash.h -rw-r--r-- 1 root root 3897 2008-03-07 12:33 md2.h -rw-r--r-- 1 root root 4661 2008-03-07 12:33 md4.h -rw-r--r-- 1 root root 4661 2008-03-07 12:33 md5.h -rw-r--r-- 1 root root 33396 2008-03-07 12:33 objects.h -rw-r--r-- 1 root root 113729 2008-03-07 12:33 obj_mac.h -rw-r--r-- 1 root root 23795 2008-03-07 12:33 ocsp.h -rw-r--r-- 1 root root 6308 2008-03-07 12:33 opensslconf.h -rw-r--r-- 1 root root 3751 2008-03-07 12:33 opensslv.h -rw-r--r-- 1 root root 6446 2008-03-07 12:33 ossl_typ.h -rw-r--r-- 1 root root 2863 2008-03-07 12:33 pem2.h -rw-r--r-- 1 root root 27927 2008-03-07 12:33 pem.h -rw-r--r-- 1 root root 12677 2008-03-07 12:33 pkcs12.h -rw-r--r-- 1 root root 16333 2008-03-07 12:33 pkcs7.h -rw-r--r-- 1 root root 6150 2008-03-07 12:33 pq_compat.h -rw-r--r-- 1 root root 3519 2008-03-07 12:33 pqueue.h -rw-r--r-- 1 root root 5251 2008-03-07 12:33 rand.h -rw-r--r-- 1 root root 4294 2008-03-07 12:33 rc2.h -rw-r--r-- 1 root root 3707 2008-03-07 12:33 rc4.h -rw-r--r-- 1 root root 4284 2008-03-07 12:33 ripemd.h -rw-r--r-- 1 root root 18202 2008-03-07 12:33 rsa.h -rw-r--r-- 1 root root 126893 2008-03-07 12:33 safestack.h -rw-r--r-- 1 root root 7329 2008-03-07 12:33 sha.h -rw-r--r-- 1 root root 3744 2008-03-07 12:33 ssl23.h -rw-r--r-- 1 root root 10716 2008-03-07 12:33 ssl2.h -rw-r--r-- 1 root root 22283 2008-03-07 12:33 ssl3.h -rw-r--r-- 1 root root 82501 2008-03-07 12:33 ssl.h -rw-r--r-- 1 root root 4418 2008-03-07 12:33 stack.h -rw-r--r-- 1 root root 26481 2008-03-07 12:33 store.h -rw-r--r-- 1 root root 19456 2008-03-07 12:33 symhacks.h -rw-r--r-- 1 root root 18121 2008-03-07 12:33 tls1.h -rw-r--r-- 1 root root 4117 2008-03-07 12:33 tmdiff.h -rw-r--r-- 1 root root 4300 2008-03-07 12:33 txt_db.h -rw-r--r-- 1 root root 3439 2008-03-07 12:33 ui_compat.h -rw-r--r-- 1 root root 16418 2008-03-07 12:33 ui.h -rw-r--r-- 1 root root 47946 2008-03-07 12:33 x509.h -rw-r--r-- 1 root root 29980 2008-03-07 12:33 x509v3.h -rw-r--r-- 1 root root 20782 2008-03-07 12:33 x509_vfy.h
./lib: total 2540 drwxr-xr-x 2 root root 4096 2008-03-07 12:33 engines -rw-r--r-- 1 root root 2200932 2008-03-07 12:33 libcrypto.a -rw-r--r-- 1 root root 379740 2008-03-07 12:33 libssl.a drwxr-xr-x 2 root root 4096 2008-03-07 12:33 pkgconfig
./lib/engines: total 0
./lib/pkgconfig: total 12 -rw-r--r-- 1 root root 278 2008-03-07 12:33 libcrypto.pc -rw-r--r-- 1 root root 293 2008-03-07 12:33 libssl.pc -rw-r--r-- 1 root root 303 2008-03-07 12:33 openssl.pc
./misc: total 28 -rwxr-xr-x 1 root root 5679 2008-03-07 12:33 CA.pl -rwxr-xr-x 1 root root 3758 2008-03-07 12:33 CA.sh -rwxr-xr-x 1 root root 119 2008-03-07 12:33 c_hash -rwxr-xr-x 1 root root 152 2008-03-07 12:33 c_info -rwxr-xr-x 1 root root 112 2008-03-07 12:33 c_issuer -rwxr-xr-x 1 root root 110 2008-03-07 12:33 c_name
./private: total 0
Cross Compiling
Step 1
Install the OpenSSL software by untaring it in /opt/external_packages/openssl/0.9.8g/source
folder and then cd
to this directory.
Note:
All the directories and files listed below must be moved from the openssl-0.9.8g
folder
to its parent folder (/opt/external_packages/openssl/0.9.8g/source
).
Directories and files:
apps Configure include INSTALL.W32 makevms.com PROBLEMS tools bugs crypto INSTALL INSTALL.W64 ms README util certs demos install.com INSTALL.WCE Netware README.ASN1 VMS ChangeLog.0_9_7-stable_not-in-head doc INSTALL.DJGPP LICENSE NEWS README.ENGINE ChangeLog.0_9_7-stable_not-in-head_FIPS engines INSTALL.MacOS MacOS openssl.doxy shlib CHANGES e_os2.h INSTALL.NW Makefile openssl.spec ssl CHANGES.SSLeay e_os.h INSTALL.OS2 Makefile.org os2 test config FAQ INSTALL.VMS Makefile.shared perl times
Step 2
We want to cross compile OpenSSL with the following options:
- NO_CAMELLIA
- NO_GMP
- NO_MDC2
- NO_RC5
- NO_RFC3779
- NO_SEED
- NO_TLSEXT
- IDEA
- RC2, RC4
- DES
- AES
Step 3
There is no need to type configure, a Makefile is already existing. We just need to edit it and change it with way:
INSTALLTOP=/opt/external_packages/openssl/0.9.8g/compiled/xxx-yyy-linux-gnu OPENSSLDIR=/opt/external_packages/openssl/0.9.8g/compiled/xxx-yyy-linux-gnu CC= xxx-yyy-linux-gnu-gcc AR=xxx-yyy-linux-gnu-ar $(ARFLAGS) r RANLIB= xxx-yyy-linux-gnu-ranlib
Step 4
To compile and install the OpenSSL project, type successively make
and make install
. You should find the directories and files listed above under /opt/external_packages/openssl/0.9.8g/compiled/xxx-yyy-linux-gnu/
.
Option 2: Using QEMU
This section is not yet available.
Download
- arm-openssl-0.9.8g-tar.gz
You may consult this section if you want to download the OpenSSL software already cross compiled for your target platform if it is available. You can also contribute to expand the crosscompile.org community by uploading your own results in the case a given platform is not already supported.
Supported platforms
arm-unknown-linux-gnu
Written by David Sayada.