https://wiki.openssl.org/api.php?action=feedcontributions&user=Klaustriendl&feedformat=atomOpenSSLWiki - User contributions [en]2024-03-28T22:01:05ZUser contributionsMediaWiki 1.35.6https://wiki.openssl.org/index.php?title=Binaries&diff=3228Binaries2024-02-01T09:10:03Z<p>Klaustriendl: OpenSSL 1.1.1 binaries are no longer provided by FireDaemon Technologies Limited</p>
<hr />
<div>Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the link is stable and can provide continued support for OpenSSL for a while.<br />
<br />
Note: many Linux distributions come with pre-compiled OpenSSL packages. Those are already well-known among the users of said distributions, and will therefore not be mentioned here. If you are such a user, we ask you to get in touch with your distributor first. This service is primarily for operating systems where there are no pre-compiled OpenSSL packages.<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here.'' '''In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.'''<br />
<br />
'''To make a donation to the project directly go to our [https://github.com/sponsors/openssl github sponsors page]. Alternatively consider becoming a [https://www.openssl.org/support/donations.html corporate sponsor].'''<br />
<br />
Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project.<br />
<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL Related Binary Distributions<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
| OpenSSL for Web (using WebAssembly)<br />
| OpenSSL 3.0 ported to WebAssembly (in October 2021). Uses Emscripten and xterm.js to emulate a terminal in your browser. WASI binaries are supported too. The Wasm execution happens using WebWorkers if the browser supports them. Originally developed for the cryptology playground "CrypTool-Online". Code is open-source on GitHub.<br />
| OpenSSL-React app: https://github.com/cryptool-org/openssl-webterm<br>Basic Wasm terminal: https://github.com/cryptool-org/wasm-webterm<br>Running sample: https://www.cryptool.org/en/cto/openssl<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables.<br />
| https://slproweb.com/products/Win32OpenSSL.html<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.<br />
| https://indy.fulgan.com/SSL/<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Reproducible builds with latest MinGW-w64, 64/32-bit, static/dynamic libs and executable.<br />
| https://github.com/curl/curl-for-win<br />
|-<br />
|-<br />
| OpenSSL for Solaris<br />
| Versions for Solaris 2.5 - 11 SPARC and X86<br />
| http://www.unixpackages.com/<br />
|-<br />
|-<br />
| OpensSSL for Windows, Linux, OSX, Android<br />
| Pre-compiled packages at conan.io package manager:<br>''Windows'' x86/x86_64 (Visual Studio 10, 12, 14, 15) <br>''Linux'' x86/x86_64 (gcc 4.6, 4.8, 4.9, 5, 6, 7) <br>''OSx'' (Apple clang). <br>Cross-building ready recipe: Linux ARM, Android.<br />
| https://www.conan.io<br>https://conan.io/center/openssl<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 1.0.2, 1.1.0, 1.1.1 and 3.0 libraries without external dependencies, primarily built for François Piette's Internet Component Suite (ICS) for Embarcadero (Borland) Delphi and C++ development tools, but may be used for any Windows applications. The OpenSSL DLLs and EXE files are digitally code signed 'Open Source Developer, François PIETTE', so applications can self verify them for corruption. <br />
| http://wiki.overbyte.eu/wiki/index.php/ICS_Download<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| OpenSSL 3.2, 3.1 and 3.0 LTS pre-compiled for Microsoft Windows with no external dependencies. The binary distributions can be used standalone or integrated into any Windows application. Installer, EXEs and DLLs are digitally signed with 'FireDaemon Technologies Limited' Extended Validation (EV) code signing certificate.<br />
| [https://www.firedaemon.com/get-openssl https://www.firedaemon.com/get-openssl]<br />
|-<br />
|-<br />
| OpenSSL for NonStop<br />
| Pre-compiled NonStop ia64/x86 1.0.2, 1.1.1 executables and libraries for the HPE NonStop Operating Systems. Threaded versions are included. The SPT version depends on FLOSS, otherwise there are no other dependencies. 32-bit versions are available. The builds are done by the ITUGLIB Technical Committee as part of Connect.<br />
| [https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml]<br />
|-<br />
|-<br />
|}<br />
<br />
=Engines=<br />
<br />
Some third parties provide OpenSSL compatible engines. As for the binaries above the following disclaimer applies:<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL compatible engines<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
|-<br />
| Intel® QuickAssist Technology engine<br />
| Intel® QuickAssist Technology (http://www.intel.com/content/www/us/en/embedded/technology/quickassist/overview.html) provides acceleration for a number of cryptographic algorithms. QAT_engine adds support for Intel® QuickAssist Technology to OpenSSL-1.1.0 via the ENGINE framework. The definitive list of algorithms exposed into OpenSSL (a subset of those supported in the device) is defined on the associated github page.<br />
| https://github.com/01org/QAT_Engine<br />
|-<br />
| ATECCX08 engine<br />
| Support for the Atmel ATECC508A (http://www.atmel.com/devices/ATECC508A.aspx) hardware to provide secure key storage, ECC cryptographic calculations for the ECC NIST P-256 curve, and FIPS certified hardware Random Number Generator.<br />
| https://github.com/AtmelCSO/cryptoauth-openssl-engine<br />
|-<br />
|-<br />
| GOST engine<br />
| A reference implementation of the Russian GOST crypto algorithms for OpenSSL. The presence of this engine also enables the built-in OpenSSL support for GOST TLS ciphersuites. (Note: this engine is for OpenSSL version 1.1.0 and above. Previous versions of OpenSSL used a built-in GOST engine)<br />
| https://github.com/gost-engine/engine<br />
|-<br />
|-<br />
| ISARA Radiate Solution Suite OpenSSL Connector<br />
| Commercially available engine and source code patch for OpenSSL 1.0.2 branch. The ISARA Radiate OpenSSL Connector lets you implement OpenSSL using quantum safe algorithms. ISARA Radiate (https://www.isara.com/isara-radiate/) gives you the cryptographic building blocks to create applications that will resist attacks by quantum computers.<br />
| https://www.isara.com/openssl/1/<br />
|-<br />
|-<br />
| BEE2EVP engine<br />
| Implements the Belarusian national cryptography: symmetric and public-key encryption, MAC, AEAD, hashing, digital signature. Encapsulates the Bee2 core cryptographic library into OpenSSL using the EVP interface.<br />
| https://github.com/bcrypto/bee2evp<br />
|-<br />
|-<br />
| wolfSSL wolfEngine<br />
| wolfSSL has an OpenSSL engine, wolfEngine. wolfEngine is structured as a separate standalone library which links against wolfSSL (libwolfssl) and OpenSSL. wolfEngine implements and exposes an OpenSSL engine implementation which wraps the wolfCrypt native API internally. Algorithm support matches that as listed on the wolfCrypt FIPS 140-2 certificate #3389.<br />
| https://github.com/wolfSSL/wolfEngine<br />
|-<br />
|-<br />
| wolfSSL wolfProvider<br />
| Similar to the wolfEngine above, the wolfSSL team has also created the wolfProvider. The wolfProvider is structured as a separate standalone library which links against wolfSSL (libwolfssl) and OpenSSL 3.0.0 using the new provider API. Algorithm support matches that as listed on the wolfCrypt FIPS 140-2 certificate #3389.<br />
| https://github.com/wolfSSL/wolfProvider<br />
|-<br />
|-<br />
|}</div>Klaustriendlhttps://wiki.openssl.org/index.php?title=Binaries&diff=3227Binaries2023-11-30T06:55:18Z<p>Klaustriendl: Mention of OpenSSL 3.2, which is now distributed by FireDaemon Technologies Limited</p>
<hr />
<div>Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the link is stable and can provide continued support for OpenSSL for a while.<br />
<br />
Note: many Linux distributions come with pre-compiled OpenSSL packages. Those are already well-known among the users of said distributions, and will therefore not be mentioned here. If you are such a user, we ask you to get in touch with your distributor first. This service is primarily for operating systems where there are no pre-compiled OpenSSL packages.<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here.'' '''In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.'''<br />
<br />
'''To make a donation to the project directly go to our [https://github.com/sponsors/openssl github sponsors page]. Alternatively consider becoming a [https://www.openssl.org/support/donations.html corporate sponsor].'''<br />
<br />
Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project.<br />
<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL Related Binary Distributions<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
| OpenSSL for Web (using WebAssembly)<br />
| OpenSSL 3.0 ported to WebAssembly (in October 2021). Uses Emscripten and xterm.js to emulate a terminal in your browser. WASI binaries are supported too. The Wasm execution happens using WebWorkers if the browser supports them. Originally developed for the cryptology playground "CrypTool-Online". Code is open-source on GitHub.<br />
| OpenSSL-React app: https://github.com/cryptool-org/openssl-webterm<br>Basic Wasm terminal: https://github.com/cryptool-org/wasm-webterm<br>Running sample: https://www.cryptool.org/en/cto/openssl<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables.<br />
| https://slproweb.com/products/Win32OpenSSL.html<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.<br />
| https://indy.fulgan.com/SSL/<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Reproducible builds with latest MinGW-w64, 64/32-bit, static/dynamic libs and executable.<br />
| https://github.com/curl/curl-for-win<br />
|-<br />
|-<br />
| OpenSSL for Solaris<br />
| Versions for Solaris 2.5 - 11 SPARC and X86<br />
| http://www.unixpackages.com/<br />
|-<br />
|-<br />
| OpensSSL for Windows, Linux, OSX, Android<br />
| Pre-compiled packages at conan.io package manager:<br>''Windows'' x86/x86_64 (Visual Studio 10, 12, 14, 15) <br>''Linux'' x86/x86_64 (gcc 4.6, 4.8, 4.9, 5, 6, 7) <br>''OSx'' (Apple clang). <br>Cross-building ready recipe: Linux ARM, Android.<br />
| https://www.conan.io<br>https://conan.io/center/openssl<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 1.0.2, 1.1.0, 1.1.1 and 3.0 libraries without external dependencies, primarily built for François Piette's Internet Component Suite (ICS) for Embarcadero (Borland) Delphi and C++ development tools, but may be used for any Windows applications. The OpenSSL DLLs and EXE files are digitally code signed 'Open Source Developer, François PIETTE', so applications can self verify them for corruption. <br />
| http://wiki.overbyte.eu/wiki/index.php/ICS_Download<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| OpenSSL 3.2, 3.1, 3.0, and 1.1.1 pre-compiled for Microsoft Windows with no external dependencies. The binary distributions can be used standalone or integrated into any Windows application. Installer, EXEs and DLLs are digitally signed with 'FireDaemon Technologies Limited' Extended Validation (EV) code signing certificate.<br />
| [https://www.firedaemon.com/get-openssl https://www.firedaemon.com/get-openssl]<br />
|-<br />
|-<br />
| OpenSSL for NonStop<br />
| Pre-compiled NonStop ia64/x86 1.0.2, 1.1.1 executables and libraries for the HPE NonStop Operating Systems. Threaded versions are included. The SPT version depends on FLOSS, otherwise there are no other dependencies. 32-bit versions are available. The builds are done by the ITUGLIB Technical Committee as part of Connect.<br />
| [https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml]<br />
|-<br />
|-<br />
|}<br />
<br />
=Engines=<br />
<br />
Some third parties provide OpenSSL compatible engines. As for the binaries above the following disclaimer applies:<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL compatible engines<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
|-<br />
| Intel® QuickAssist Technology engine<br />
| Intel® QuickAssist Technology (http://www.intel.com/content/www/us/en/embedded/technology/quickassist/overview.html) provides acceleration for a number of cryptographic algorithms. QAT_engine adds support for Intel® QuickAssist Technology to OpenSSL-1.1.0 via the ENGINE framework. The definitive list of algorithms exposed into OpenSSL (a subset of those supported in the device) is defined on the associated github page.<br />
| https://github.com/01org/QAT_Engine<br />
|-<br />
| ATECCX08 engine<br />
| Support for the Atmel ATECC508A (http://www.atmel.com/devices/ATECC508A.aspx) hardware to provide secure key storage, ECC cryptographic calculations for the ECC NIST P-256 curve, and FIPS certified hardware Random Number Generator.<br />
| https://github.com/AtmelCSO/cryptoauth-openssl-engine<br />
|-<br />
|-<br />
| GOST engine<br />
| A reference implementation of the Russian GOST crypto algorithms for OpenSSL. The presence of this engine also enables the built-in OpenSSL support for GOST TLS ciphersuites. (Note: this engine is for OpenSSL version 1.1.0 and above. Previous versions of OpenSSL used a built-in GOST engine)<br />
| https://github.com/gost-engine/engine<br />
|-<br />
|-<br />
| ISARA Radiate Solution Suite OpenSSL Connector<br />
| Commercially available engine and source code patch for OpenSSL 1.0.2 branch. The ISARA Radiate OpenSSL Connector lets you implement OpenSSL using quantum safe algorithms. ISARA Radiate (https://www.isara.com/isara-radiate/) gives you the cryptographic building blocks to create applications that will resist attacks by quantum computers.<br />
| https://www.isara.com/openssl/1/<br />
|-<br />
|-<br />
| BEE2EVP engine<br />
| Implements the Belarusian national cryptography: symmetric and public-key encryption, MAC, AEAD, hashing, digital signature. Encapsulates the Bee2 core cryptographic library into OpenSSL using the EVP interface.<br />
| https://github.com/bcrypto/bee2evp<br />
|-<br />
|-<br />
| wolfSSL wolfEngine<br />
| wolfSSL has an OpenSSL engine, wolfEngine. wolfEngine is structured as a separate standalone library which links against wolfSSL (libwolfssl) and OpenSSL. wolfEngine implements and exposes an OpenSSL engine implementation which wraps the wolfCrypt native API internally. Algorithm support matches that as listed on the wolfCrypt FIPS 140-2 certificate #3389.<br />
| https://github.com/wolfSSL/wolfEngine<br />
|-<br />
|-<br />
| wolfSSL wolfProvider<br />
| Similar to the wolfEngine above, the wolfSSL team has also created the wolfProvider. The wolfProvider is structured as a separate standalone library which links against wolfSSL (libwolfssl) and OpenSSL 3.0.0 using the new provider API. Algorithm support matches that as listed on the wolfCrypt FIPS 140-2 certificate #3389.<br />
| https://github.com/wolfSSL/wolfProvider<br />
|-<br />
|-<br />
|}</div>Klaustriendlhttps://wiki.openssl.org/index.php?title=Binaries&diff=3226Binaries2023-08-03T20:48:36Z<p>Klaustriendl: Improved description for binary distribution by FireDaemon Technologies Limited</p>
<hr />
<div>Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the link is stable and can provide continued support for OpenSSL for a while.<br />
<br />
Note: many Linux distributions come with pre-compiled OpenSSL packages. Those are already well-known among the users of said distributions, and will therefore not be mentioned here. If you are such a user, we ask you to get in touch with your distributor first. This service is primarily for operating systems where there are no pre-compiled OpenSSL packages.<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here.'' '''In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.'''<br />
<br />
'''To make a donation to the project directly go to our [https://github.com/sponsors/openssl github sponsors page]. Alternatively consider becoming a [https://www.openssl.org/support/donations.html corporate sponsor].'''<br />
<br />
Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project.<br />
<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL Related Binary Distributions<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
| OpenSSL for Web (using WebAssembly)<br />
| OpenSSL 3.0 ported to WebAssembly (in October 2021). Uses Emscripten and xterm.js to emulate a terminal in your browser. WASI binaries are supported too. The Wasm execution happens using WebWorkers if the browser supports them. Originally developed for the cryptology playground "CrypTool-Online". Code is open-source on GitHub.<br />
| OpenSSL-React app: https://github.com/cryptool-org/openssl-webterm<br>Basic Wasm terminal: https://github.com/cryptool-org/wasm-webterm<br>Running sample: https://www.cryptool.org/en/cto/openssl<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables.<br />
| https://slproweb.com/products/Win32OpenSSL.html<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.<br />
| https://indy.fulgan.com/SSL/<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Reproducible builds with latest MinGW-w64, 64/32-bit, static/dynamic libs and executable.<br />
| https://github.com/curl/curl-for-win<br />
|-<br />
|-<br />
| OpenSSL for Solaris<br />
| Versions for Solaris 2.5 - 11 SPARC and X86<br />
| http://www.unixpackages.com/<br />
|-<br />
|-<br />
| OpensSSL for Windows, Linux, OSX, Android<br />
| Pre-compiled packages at conan.io package manager:<br>''Windows'' x86/x86_64 (Visual Studio 10, 12, 14, 15) <br>''Linux'' x86/x86_64 (gcc 4.6, 4.8, 4.9, 5, 6, 7) <br>''OSx'' (Apple clang). <br>Cross-building ready recipe: Linux ARM, Android.<br />
| https://www.conan.io<br>https://conan.io/center/openssl<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 1.0.2, 1.1.0, 1.1.1 and 3.0 libraries without external dependencies, primarily built for François Piette's Internet Component Suite (ICS) for Embarcadero (Borland) Delphi and C++ development tools, but may be used for any Windows applications. The OpenSSL DLLs and EXE files are digitally code signed 'Open Source Developer, François PIETTE', so applications can self verify them for corruption. <br />
| http://wiki.overbyte.eu/wiki/index.php/ICS_Download<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| OpenSSL 3.1, 3.0, and 1.1.1 pre-compiled for Microsoft Windows with no external dependencies. The binary distributions can be used standalone or integrated into any Windows application. Installer, EXEs and DLLs are digitally signed with 'FireDaemon Technologies Limited' Extended Validation (EV) code signing certificate.<br />
| [https://www.firedaemon.com/get-openssl https://www.firedaemon.com/get-openssl]<br />
|-<br />
|-<br />
| OpenSSL for NonStop<br />
| Pre-compiled NonStop ia64/x86 1.0.2, 1.1.1 executables and libraries for the HPE NonStop Operating Systems. Threaded versions are included. The SPT version depends on FLOSS, otherwise there are no other dependencies. 32-bit versions are available. The builds are done by the ITUGLIB Technical Committee as part of Connect.<br />
| [https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml]<br />
|-<br />
|-<br />
|}<br />
<br />
=Engines=<br />
<br />
Some third parties provide OpenSSL compatible engines. As for the binaries above the following disclaimer applies:<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL compatible engines<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
|-<br />
| Intel® QuickAssist Technology engine<br />
| Intel® QuickAssist Technology (http://www.intel.com/content/www/us/en/embedded/technology/quickassist/overview.html) provides acceleration for a number of cryptographic algorithms. QAT_engine adds support for Intel® QuickAssist Technology to OpenSSL-1.1.0 via the ENGINE framework. The definitive list of algorithms exposed into OpenSSL (a subset of those supported in the device) is defined on the associated github page.<br />
| https://github.com/01org/QAT_Engine<br />
|-<br />
| ATECCX08 engine<br />
| Support for the Atmel ATECC508A (http://www.atmel.com/devices/ATECC508A.aspx) hardware to provide secure key storage, ECC cryptographic calculations for the ECC NIST P-256 curve, and FIPS certified hardware Random Number Generator.<br />
| https://github.com/AtmelCSO/cryptoauth-openssl-engine<br />
|-<br />
|-<br />
| GOST engine<br />
| A reference implementation of the Russian GOST crypto algorithms for OpenSSL. The presence of this engine also enables the built-in OpenSSL support for GOST TLS ciphersuites. (Note: this engine is for OpenSSL version 1.1.0 and above. Previous versions of OpenSSL used a built-in GOST engine)<br />
| https://github.com/gost-engine/engine<br />
|-<br />
|-<br />
| ISARA Radiate Solution Suite OpenSSL Connector<br />
| Commercially available engine and source code patch for OpenSSL 1.0.2 branch. The ISARA Radiate OpenSSL Connector lets you implement OpenSSL using quantum safe algorithms. ISARA Radiate (https://www.isara.com/isara-radiate/) gives you the cryptographic building blocks to create applications that will resist attacks by quantum computers.<br />
| https://www.isara.com/openssl/1/<br />
|-<br />
|-<br />
| BEE2EVP engine<br />
| Implements the Belarusian national cryptography: symmetric and public-key encryption, MAC, AEAD, hashing, digital signature. Encapsulates the Bee2 core cryptographic library into OpenSSL using the EVP interface.<br />
| https://github.com/bcrypto/bee2evp<br />
|-<br />
|-<br />
| wolfSSL wolfEngine<br />
| wolfSSL has an OpenSSL engine, wolfEngine. wolfEngine is structured as a separate standalone library which links against wolfSSL (libwolfssl) and OpenSSL. wolfEngine implements and exposes an OpenSSL engine implementation which wraps the wolfCrypt native API internally. Algorithm support matches that as listed on the wolfCrypt FIPS 140-2 certificate #3389.<br />
| https://github.com/wolfSSL/wolfEngine<br />
|-<br />
|-<br />
| wolfSSL wolfProvider<br />
| Similar to the wolfEngine above, the wolfSSL team has also created the wolfProvider. The wolfProvider is structured as a separate standalone library which links against wolfSSL (libwolfssl) and OpenSSL 3.0.0 using the new provider API. Algorithm support matches that as listed on the wolfCrypt FIPS 140-2 certificate #3389.<br />
| https://github.com/wolfSSL/wolfProvider<br />
|-<br />
|-<br />
|}</div>Klaustriendlhttps://wiki.openssl.org/index.php?title=Binaries&diff=3224Binaries2023-02-09T07:58:01Z<p>Klaustriendl: fixed minor typo for FireDaemon binaries</p>
<hr />
<div>Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the link is stable and can provide continued support for OpenSSL for a while.<br />
<br />
Note: many Linux distributions come with pre-compiled OpenSSL packages. Those are already well-known among the users of said distributions, and will therefore not be mentioned here. If you are such a user, we ask you to get in touch with your distributor first. This service is primarily for operating systems where there are no pre-compiled OpenSSL packages.<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here.'' '''In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.'''<br />
<br />
'''To make a donation to the project directly go to our [https://github.com/sponsors/openssl github sponsors page]. Alternatively consider becoming a [https://www.openssl.org/support/donations.html corporate sponsor].'''<br />
<br />
Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project.<br />
<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL Related Binary Distributions<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
| OpenSSL for Web (using WebAssembly)<br />
| OpenSSL 3.0 ported to WebAssembly (in October 2021). Uses Emscripten and xterm.js to emulate a terminal in your browser. WASI binaries are supported too. The Wasm execution happens using WebWorkers if the browser supports them. Originally developed for the cryptology playground "CrypTool-Online". Code is open-source on GitHub.<br />
| OpenSSL-React app: https://github.com/cryptool-org/openssl-webterm<br>Basic Wasm terminal: https://github.com/cryptool-org/wasm-webterm<br>Running sample: https://www.cryptool.org/en/cto/openssl<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables.<br />
| https://slproweb.com/products/Win32OpenSSL.html<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.<br />
| https://indy.fulgan.com/SSL/<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Reproducible builds with latest MinGW-w64, 64/32-bit, static/dynamic libs and executable.<br />
| https://github.com/curl/curl-for-win<br />
|-<br />
|-<br />
| OpenSSL for Solaris<br />
| Versions for Solaris 2.5 - 11 SPARC and X86<br />
| http://www.unixpackages.com/<br />
|-<br />
|-<br />
| OpensSSL for Windows, Linux, OSX, Android<br />
| Pre-compiled packages at conan.io package manager:<br>''Windows'' x86/x86_64 (Visual Studio 10, 12, 14, 15) <br>''Linux'' x86/x86_64 (gcc 4.6, 4.8, 4.9, 5, 6, 7) <br>''OSx'' (Apple clang). <br>Cross-building ready recipe: Linux ARM, Android.<br />
| https://www.conan.io<br>https://conan.io/center/openssl<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 1.0.2, 1.1.0, 1.1.1 and 3.0 libraries without external dependencies, primarily built for François Piette's Internet Component Suite (ICS) for Embarcadero (Borland) Delphi and C++ development tools, but may be used for any Windows applications. The OpenSSL DLLs and EXE files are digitally code signed 'Open Source Developer, François PIETTE', so applications can self verify them for corruption. <br />
| http://wiki.overbyte.eu/wiki/index.php/ICS_Download<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled executables (EXE) and libraries (DLL) for Microsoft Windows Operating Systems with a dependency on the Universal C Runtime only. The distributions can be used standalone or integrated into any Windows application. The EXE and DLL are digitally signed with the 'FireDaemon Technologies Limited' Extended Validation (EV) code signing certificate.<br />
| [https://www.firedaemon.com/get-openssl https://www.firedaemon.com/get-openssl]<br />
|-<br />
|-<br />
| OpenSSL for NonStop<br />
| Pre-compiled NonStop ia64/x86 1.0.2, 1.1.1 executables and libraries for the HPE NonStop Operating Systems. Threaded versions are included. The SPT version depends on FLOSS, otherwise there are no other dependencies. 32-bit versions are available. The builds are done by the ITUGLIB Technical Committee as part of Connect.<br />
| [https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml]<br />
|-<br />
|-<br />
|}<br />
<br />
=Engines=<br />
<br />
Some third parties provide OpenSSL compatible engines. As for the binaries above the following disclaimer applies:<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL compatible engines<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
|-<br />
| Intel® QuickAssist Technology engine<br />
| Intel® QuickAssist Technology (http://www.intel.com/content/www/us/en/embedded/technology/quickassist/overview.html) provides acceleration for a number of cryptographic algorithms. QAT_engine adds support for Intel® QuickAssist Technology to OpenSSL-1.1.0 via the ENGINE framework. The definitive list of algorithms exposed into OpenSSL (a subset of those supported in the device) is defined on the associated github page.<br />
| https://github.com/01org/QAT_Engine<br />
|-<br />
| ATECCX08 engine<br />
| Support for the Atmel ATECC508A (http://www.atmel.com/devices/ATECC508A.aspx) hardware to provide secure key storage, ECC cryptographic calculations for the ECC NIST P-256 curve, and FIPS certified hardware Random Number Generator.<br />
| https://github.com/AtmelCSO/cryptoauth-openssl-engine<br />
|-<br />
|-<br />
| GOST engine<br />
| A reference implementation of the Russian GOST crypto algorithms for OpenSSL. The presence of this engine also enables the built-in OpenSSL support for GOST TLS ciphersuites. (Note: this engine is for OpenSSL version 1.1.0 and above. Previous versions of OpenSSL used a built-in GOST engine)<br />
| https://github.com/gost-engine/engine<br />
|-<br />
|-<br />
| ISARA Radiate Solution Suite OpenSSL Connector<br />
| Commercially available engine and source code patch for OpenSSL 1.0.2 branch. The ISARA Radiate OpenSSL Connector lets you implement OpenSSL using quantum safe algorithms. ISARA Radiate (https://www.isara.com/isara-radiate/) gives you the cryptographic building blocks to create applications that will resist attacks by quantum computers.<br />
| https://www.isara.com/openssl/1/<br />
|-<br />
|-<br />
| BEE2EVP engine<br />
| Implements the Belarusian national cryptography: symmetric and public-key encryption, MAC, AEAD, hashing, digital signature. Encapsulates the Bee2 core cryptographic library into OpenSSL using the EVP interface.<br />
| https://github.com/bcrypto/bee2evp<br />
|-<br />
|-<br />
| wolfSSL wolfEngine<br />
| wolfSSL has an OpenSSL engine, wolfEngine. wolfEngine is structured as a separate standalone library which links against wolfSSL (libwolfssl) and OpenSSL. wolfEngine implements and exposes an OpenSSL engine implementation which wraps the wolfCrypt native API internally. Algorithm support matches that as listed on the wolfCrypt FIPS 140-2 certificate #3389.<br />
| https://github.com/wolfSSL/wolfEngine<br />
|-<br />
|-<br />
| wolfSSL wolfProvider<br />
| Similar to the wolfEngine above, the wolfSSL team has also created the wolfProvider. The wolfProvider is structured as a separate standalone library which links against wolfSSL (libwolfssl) and OpenSSL 3.0.0 using the new provider API. Algorithm support matches that as listed on the wolfCrypt FIPS 140-2 certificate #3389.<br />
| https://github.com/wolfSSL/wolfProvider<br />
|-<br />
|-<br />
|}</div>Klaustriendlhttps://wiki.openssl.org/index.php?title=Binaries&diff=3223Binaries2023-02-08T09:22:07Z<p>Klaustriendl: Updated download link and dependency information of Windows OpenSSL distribution provided by FireDaemon Technology Limited</p>
<hr />
<div>Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the link is stable and can provide continued support for OpenSSL for a while.<br />
<br />
Note: many Linux distributions come with pre-compiled OpenSSL packages. Those are already well-known among the users of said distributions, and will therefore not be mentioned here. If you are such a user, we ask you to get in touch with your distributor first. This service is primarily for operating systems where there are no pre-compiled OpenSSL packages.<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here.'' '''In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.'''<br />
<br />
'''To make a donation to the project directly go to our [https://github.com/sponsors/openssl github sponsors page]. Alternatively consider becoming a [https://www.openssl.org/support/donations.html corporate sponsor].'''<br />
<br />
Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project.<br />
<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL Related Binary Distributions<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
| OpenSSL for Web (using WebAssembly)<br />
| OpenSSL 3.0 ported to WebAssembly (in October 2021). Uses Emscripten and xterm.js to emulate a terminal in your browser. WASI binaries are supported too. The Wasm execution happens using WebWorkers if the browser supports them. Originally developed for the cryptology playground "CrypTool-Online". Code is open-source on GitHub.<br />
| OpenSSL-React app: https://github.com/cryptool-org/openssl-webterm<br>Basic Wasm terminal: https://github.com/cryptool-org/wasm-webterm<br>Running sample: https://www.cryptool.org/en/cto/openssl<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables.<br />
| https://slproweb.com/products/Win32OpenSSL.html<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.<br />
| https://indy.fulgan.com/SSL/<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Reproducible builds with latest MinGW-w64, 64/32-bit, static/dynamic libs and executable.<br />
| https://github.com/curl/curl-for-win<br />
|-<br />
|-<br />
| OpenSSL for Solaris<br />
| Versions for Solaris 2.5 - 11 SPARC and X86<br />
| http://www.unixpackages.com/<br />
|-<br />
|-<br />
| OpensSSL for Windows, Linux, OSX, Android<br />
| Pre-compiled packages at conan.io package manager:<br>''Windows'' x86/x86_64 (Visual Studio 10, 12, 14, 15) <br>''Linux'' x86/x86_64 (gcc 4.6, 4.8, 4.9, 5, 6, 7) <br>''OSx'' (Apple clang). <br>Cross-building ready recipe: Linux ARM, Android.<br />
| https://www.conan.io<br>https://conan.io/center/openssl<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 1.0.2, 1.1.0, 1.1.1 and 3.0 libraries without external dependencies, primarily built for François Piette's Internet Component Suite (ICS) for Embarcadero (Borland) Delphi and C++ development tools, but may be used for any Windows applications. The OpenSSL DLLs and EXE files are digitally code signed 'Open Source Developer, François PIETTE', so applications can self verify them for corruption. <br />
| http://wiki.overbyte.eu/wiki/index.php/ICS_Download<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled executables (EXE) and libraries (DLL) for Microsoft Windows Operating Systems with a dependency on the Universal C Runtime only. The distributions can be used standalone or integrated into any Windows application. The EXE and DLL are digitally signed with the 'FireDaemon Technologies Limited' Extended Validation (EV) EV code signing certificate.<br />
| [https://www.firedaemon.com/get-openssl https://www.firedaemon.com/get-openssl]<br />
|-<br />
|-<br />
| OpenSSL for NonStop<br />
| Pre-compiled NonStop ia64/x86 1.0.2, 1.1.1 executables and libraries for the HPE NonStop Operating Systems. Threaded versions are included. The SPT version depends on FLOSS, otherwise there are no other dependencies. 32-bit versions are available. The builds are done by the ITUGLIB Technical Committee as part of Connect.<br />
| [https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml]<br />
|-<br />
|-<br />
|}<br />
<br />
=Engines=<br />
<br />
Some third parties provide OpenSSL compatible engines. As for the binaries above the following disclaimer applies:<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL compatible engines<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
|-<br />
| Intel® QuickAssist Technology engine<br />
| Intel® QuickAssist Technology (http://www.intel.com/content/www/us/en/embedded/technology/quickassist/overview.html) provides acceleration for a number of cryptographic algorithms. QAT_engine adds support for Intel® QuickAssist Technology to OpenSSL-1.1.0 via the ENGINE framework. The definitive list of algorithms exposed into OpenSSL (a subset of those supported in the device) is defined on the associated github page.<br />
| https://github.com/01org/QAT_Engine<br />
|-<br />
| ATECCX08 engine<br />
| Support for the Atmel ATECC508A (http://www.atmel.com/devices/ATECC508A.aspx) hardware to provide secure key storage, ECC cryptographic calculations for the ECC NIST P-256 curve, and FIPS certified hardware Random Number Generator.<br />
| https://github.com/AtmelCSO/cryptoauth-openssl-engine<br />
|-<br />
|-<br />
| GOST engine<br />
| A reference implementation of the Russian GOST crypto algorithms for OpenSSL. The presence of this engine also enables the built-in OpenSSL support for GOST TLS ciphersuites. (Note: this engine is for OpenSSL version 1.1.0 and above. Previous versions of OpenSSL used a built-in GOST engine)<br />
| https://github.com/gost-engine/engine<br />
|-<br />
|-<br />
| ISARA Radiate Solution Suite OpenSSL Connector<br />
| Commercially available engine and source code patch for OpenSSL 1.0.2 branch. The ISARA Radiate OpenSSL Connector lets you implement OpenSSL using quantum safe algorithms. ISARA Radiate (https://www.isara.com/isara-radiate/) gives you the cryptographic building blocks to create applications that will resist attacks by quantum computers.<br />
| https://www.isara.com/openssl/1/<br />
|-<br />
|-<br />
| BEE2EVP engine<br />
| Implements the Belarusian national cryptography: symmetric and public-key encryption, MAC, AEAD, hashing, digital signature. Encapsulates the Bee2 core cryptographic library into OpenSSL using the EVP interface.<br />
| https://github.com/bcrypto/bee2evp<br />
|-<br />
|-<br />
| wolfSSL wolfEngine<br />
| wolfSSL has an OpenSSL engine, wolfEngine. wolfEngine is structured as a separate standalone library which links against wolfSSL (libwolfssl) and OpenSSL. wolfEngine implements and exposes an OpenSSL engine implementation which wraps the wolfCrypt native API internally. Algorithm support matches that as listed on the wolfCrypt FIPS 140-2 certificate #3389.<br />
| https://github.com/wolfSSL/wolfEngine<br />
|-<br />
|-<br />
| wolfSSL wolfProvider<br />
| Similar to the wolfEngine above, the wolfSSL team has also created the wolfProvider. The wolfProvider is structured as a separate standalone library which links against wolfSSL (libwolfssl) and OpenSSL 3.0.0 using the new provider API. Algorithm support matches that as listed on the wolfCrypt FIPS 140-2 certificate #3389.<br />
| https://github.com/wolfSSL/wolfProvider<br />
|-<br />
|-<br />
|}</div>Klaustriendlhttps://wiki.openssl.org/index.php?title=Binaries&diff=3196Binaries2021-12-15T07:47:04Z<p>Klaustriendl: Mention that 3.0 binaries are dependent on the Microsoft Visual Studio 2015-2022 runtime</p>
<hr />
<div>Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the link is stable and can provide continued support for OpenSSL for a while.<br />
<br />
Note: many Linux distributions come with pre-compiled OpenSSL packages. Those are already well-known among the users of said distributions, and will therefore not be mentioned here. If you are such a user, we ask you to get in touch with your distributor first. This service is primarily for operating systems where there are no pre-compiled OpenSSL packages.<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project.<br />
<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL Related Binary Distributions<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
| OpenSSL for Windows<br />
| Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables.<br />
| https://slproweb.com/products/Win32OpenSSL.html<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.<br />
| https://indy.fulgan.com/SSL/<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Reproducible builds with latest MinGW-w64, 64/32-bit, static/dynamic libs and executable.<br />
| https://github.com/curl/curl-for-win<br />
|-<br />
|-<br />
| OpenSSL for Solaris<br />
| Versions for Solaris 2.5 - 11 SPARC and X86<br />
| http://www.unixpackages.com/<br />
|-<br />
|-<br />
| OpensSSL for Windows, Linux, OSX, Android<br />
| Pre-compiled packages at conan.io package manager:<br>''Windows'' x86/x86_64 (Visual Studio 10, 12, 14, 15) <br>''Linux'' x86/x86_64 (gcc 4.6, 4.8, 4.9, 5, 6, 7) <br>''OSx'' (Apple clang). <br>Cross-building ready recipe: Linux ARM, Android.<br />
| https://www.conan.io<br>https://conan.io/center/openssl<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 1.0.2, 1.1.0, 1.1.1 and 3.0 libraries without external dependencies, primarily built for François Piette's Internet Component Suite (ICS) for Embarcadero (Borland) Delphi and C++ development tools, but may be used for any Windows applications. The OpenSSL DLLs and EXE files are digitally code signed 'Open Source Developer, François PIETTE', so applications can self verify them for corruption. <br />
| http://wiki.overbyte.eu/wiki/index.php/ICS_Download<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled 64-bit (x64) and 32-bit (x86) 1.1.1 and 3.0 executables and libraries for Microsoft Windows Operating Systems with a dependency on the Microsoft Visual Studio 2015-2019 runtime and Microsoft Visual Studio 2015-2022 runtime respectively. The distribution may be used standalone or integrated into any Windows application. The distribution's EXE and DLL files are digitally signed 'FireDaemon Technologies Limited'.<br />
| [https://kb.firedaemon.com/support/solutions/articles/4000121705 https://kb.firedaemon.com/support/solutions/articles/4000121705]<br />
|-<br />
|-<br />
| OpenSSL for NonStop<br />
| Pre-compiled NonStop ia64/x86 1.0.2, 1.1.1 executables and libraries for the HPE NonStop Operating Systems. Threaded versions are included. The SPT version depends on FLOSS, otherwise there are no other dependencies. 32-bit versions are available. The builds are done by the ITUGLIB Technical Committee as part of Connect.<br />
| [https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml]<br />
|-<br />
|-<br />
|}<br />
<br />
=Engines=<br />
<br />
Some third parties provide OpenSSL compatible engines. As for the binaries above the following disclaimer applies:<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL compatible engines<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
|-<br />
| Intel® QuickAssist Technology engine<br />
| Intel® QuickAssist Technology (http://www.intel.com/content/www/us/en/embedded/technology/quickassist/overview.html) provides acceleration for a number of cryptographic algorithms. QAT_engine adds support for Intel® QuickAssist Technology to OpenSSL-1.1.0 via the ENGINE framework. The definitive list of algorithms exposed into OpenSSL (a subset of those supported in the device) is defined on the associated github page.<br />
| https://github.com/01org/QAT_Engine<br />
|-<br />
| ATECCX08 engine<br />
| Support for the Atmel ATECC508A (http://www.atmel.com/devices/ATECC508A.aspx) hardware to provide secure key storage, ECC cryptographic calculations for the ECC NIST P-256 curve, and FIPS certified hardware Random Number Generator.<br />
| https://github.com/AtmelCSO/cryptoauth-openssl-engine<br />
|-<br />
|-<br />
| GOST engine<br />
| A reference implementation of the Russian GOST crypto algorithms for OpenSSL. The presence of this engine also enables the built-in OpenSSL support for GOST TLS ciphersuites. (Note: this engine is for OpenSSL version 1.1.0 and above. Previous versions of OpenSSL used a built-in GOST engine)<br />
| https://github.com/gost-engine/engine<br />
|-<br />
|-<br />
| ISARA Radiate Solution Suite OpenSSL Connector<br />
| Commercially available engine and source code patch for OpenSSL 1.0.2 branch. The ISARA Radiate OpenSSL Connector lets you implement OpenSSL using quantum safe algorithms. ISARA Radiate (https://www.isara.com/isara-radiate/) gives you the cryptographic building blocks to create applications that will resist attacks by quantum computers.<br />
| https://www.isara.com/openssl/1/<br />
|-<br />
|-<br />
| BEE2EVP engine<br />
| Implements the Belarusian national cryptography: symmetric and public-key encryption, MAC, AEAD, hashing, digital signature. Encapsulates the Bee2 core cryptographic library into OpenSSL using the EVP interface.<br />
| https://github.com/bcrypto/bee2evp<br />
|-<br />
|-<br />
| wolfSSL wolfEngine<br />
| wolfSSL has an OpenSSL engine, wolfEngine. wolfEngine is structured as a separate standalone library which links against wolfSSL (libwolfssl) and OpenSSL. wolfEngine implements and exposes an OpenSSL engine implementation which wraps the wolfCrypt native API internally. Algorithm support matches that as listed on the wolfCrypt FIPS 140-2 certificate #3389.<br />
| https://github.com/wolfSSL/wolfEngine<br />
|-<br />
|-<br />
| wolfSSL wolfProvider<br />
| Similar to the wolfEngine above, the wolfSSL team has also created the wolfProvider. The wolfProvider is structured as a separate standalone library which links against wolfSSL (libwolfssl) and OpenSSL 3.0.0 using the new provider API. Algorithm support matches that as listed on the wolfCrypt FIPS 140-2 certificate #3389.<br />
| https://github.com/wolfSSL/wolfProvider<br />
|-<br />
|-<br />
|}</div>Klaustriendlhttps://wiki.openssl.org/index.php?title=Binaries&diff=3185Binaries2021-09-17T12:43:51Z<p>Klaustriendl: Mention that FireDaemon Technologies Limited provides 3.0 executables</p>
<hr />
<div>Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the link is stable and can provide continued support for OpenSSL for a while.<br />
<br />
Note: many Linux distributions come with pre-compiled OpenSSL packages. Those are already well-known among the users of said distributions, and will therefore not be mentioned here. If you are such a user, we ask you to get in touch with your distributor first. This service is primarily for operating systems where there are no pre-compiled OpenSSL packages.<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project.<br />
<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL Related Binary Distributions<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
| OpenSSL for Windows<br />
| Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables.<br />
| https://slproweb.com/products/Win32OpenSSL.html<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.<br />
| https://indy.fulgan.com/SSL/<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Reproducible builds with latest MinGW-w64, 64/32-bit, static/dynamic libs and executable.<br />
| https://github.com/curl/curl-for-win<br />
|-<br />
|-<br />
| OpenSSL for Solaris<br />
| Versions for Solaris 2.5 - 11 SPARC and X86<br />
| http://www.unixpackages.com/<br />
|-<br />
|-<br />
| OpensSSL for Windows, Linux, OSX, Android<br />
| Pre-compiled packages at conan.io package manager:<br>''Windows'' x86/x86_64 (Visual Studio 10, 12, 14, 15) <br>''Linux'' x86/x86_64 (gcc 4.6, 4.8, 4.9, 5, 6, 7) <br>''OSx'' (Apple clang). <br>Cross-building ready recipe: Linux ARM, Android.<br />
| https://www.conan.io<br>https://conan.io/center/openssl<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 1.0.2, 1.1.0 and 1.1.1 libraries without external dependencies, primarily built for François Piette's Internet Component Suite (ICS) for Embarcadero (Borland) Delphi and C++ development tools, but may be used for any Windows applications. The OpenSSL DLLs and EXE files are digitally code signed 'Open Source Developer, François PIETTE', so applications can self verify them for corruption. <br />
| http://wiki.overbyte.eu/wiki/index.php/ICS_Download<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled 64-bit (x64) and 32-bit (x86) 1.1.1 and 3.0 executables and libraries for Microsoft Windows Operating Systems with a dependency on the Microsoft Visual Studio 2015-2019 runtime. The distribution may be used standalone or integrated into any Windows application. The distribution's EXE and DLL files are digitally signed 'FireDaemon Technologies Limited'.<br />
| [https://kb.firedaemon.com/support/solutions/articles/4000121705 https://kb.firedaemon.com/support/solutions/articles/4000121705]<br />
|-<br />
|-<br />
| OpenSSL for NonStop<br />
| Pre-compiled NonStop ia64/x86 1.0.2, 1.1.1 executables and libraries for the HPE NonStop Operating Systems. Threaded versions are included. The SPT version depends on FLOSS, otherwise there are no other dependencies. 32-bit versions are available. The builds are done by the ITUGLIB Technical Committee as part of Connect.<br />
| [https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml]<br />
|-<br />
|-<br />
|}<br />
<br />
=Engines=<br />
<br />
Some third parties provide OpenSSL compatible engines. As for the binaries above the following disclaimer applies:<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL compatible engines<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
|-<br />
| Intel® QuickAssist Technology engine<br />
| Intel® QuickAssist Technology (http://www.intel.com/content/www/us/en/embedded/technology/quickassist/overview.html) provides acceleration for a number of cryptographic algorithms. QAT_engine adds support for Intel® QuickAssist Technology to OpenSSL-1.1.0 via the ENGINE framework. The definitive list of algorithms exposed into OpenSSL (a subset of those supported in the device) is defined on the associated github page.<br />
| https://github.com/01org/QAT_Engine<br />
|-<br />
| ATECCX08 engine<br />
| Support for the Atmel ATECC508A (http://www.atmel.com/devices/ATECC508A.aspx) hardware to provide secure key storage, ECC cryptographic calculations for the ECC NIST P-256 curve, and FIPS certified hardware Random Number Generator.<br />
| https://github.com/AtmelCSO/cryptoauth-openssl-engine<br />
|-<br />
|-<br />
| GOST engine<br />
| A reference implementation of the Russian GOST crypto algorithms for OpenSSL. The presence of this engine also enables the built-in OpenSSL support for GOST TLS ciphersuites. (Note: this engine is for OpenSSL version 1.1.0 and above. Previous versions of OpenSSL used a built-in GOST engine)<br />
| https://github.com/gost-engine/engine<br />
|-<br />
|-<br />
| ISARA Radiate Solution Suite OpenSSL Connector<br />
| Commercially available engine and source code patch for OpenSSL 1.0.2 branch. The ISARA Radiate OpenSSL Connector lets you implement OpenSSL using quantum safe algorithms. ISARA Radiate (https://www.isara.com/isara-radiate/) gives you the cryptographic building blocks to create applications that will resist attacks by quantum computers.<br />
| https://www.isara.com/openssl/1/<br />
|-<br />
|-<br />
| BEE2EVP engine<br />
| Implements the Belarusian national cryptography: symmetric and public-key encryption, MAC, AEAD, hashing, digital signature. Encapsulates the Bee2 core cryptographic library into OpenSSL using the EVP interface.<br />
| https://github.com/bcrypto/bee2evp<br />
|-<br />
|-<br />
|}</div>Klaustriendlhttps://wiki.openssl.org/index.php?title=Compilation_and_Installation&diff=3168Compilation and Installation2021-04-16T13:58:55Z<p>Klaustriendl: Correct "its" -> "it's"</p>
<hr />
<div>The following page is a combination of the <tt>INSTALL</tt> file provided with the OpenSSL library and notes from the field. If you have questions about what you are doing or seeing, then you should consult <tt>INSTALL</tt> since it contains the commands and specifies the behavior by the development team.<br />
<br />
OpenSSL uses a custom build system to configure the library. Configuration will allow the library to set up the recursive makefiles from <tt>makefile.org</tt>. Once configured, you use <tt>make</tt> to build the library. You should avoid custom build systems because they often miss details, like each architecture and platform has a unique <tt>opensslconf.h</tt> and <tt>bn.h</tt> generated by <tt>Configure</tt>.<br />
<br />
You must use a C compiler to build the OpenSSL library. You cannot use a C++ compiler. Later, once the library is built, it is OK to create user programs with a C++ compiler. But the library proper must be built with a C compiler.<br />
<br />
There are two generations of build system. First is the build system used in OpenSSL 1.0.2 and below. The instructions below apply to it. Second is the build system for OpenSSL 1.1.0 and above. The instructions are similar, but not the same. For example, the second generation abandons the monolithic <tt>Configure</tt> and places individual configurations in the <tt>Configurations</tt> directory. Also, the second generation is more platform agnostic and uses templates to produce a final, top level build file (<tt>Makefile</tt>, <tt>descrip.mms</tt>, what have you).<br />
<br />
After you configure and build the library, you should always perform a <tt>make test</tt> to ensure the library performs as expected under its self tests. If you are building OpenSSL 1.1.0 and above, then you will also need PERL 5.10 or higher (see <tt>README.PERL</tt> for details).<br />
<br />
OpenSSL's build system does not rely upon <tt>autotools</tt> or <tt>libtool</tt>. Also see [http://www.openssl.org/support/faq.html#MISC5 Why aren't tools like 'autoconf' and 'libtool' used?] in the OpenSSL FAQ.<br />
<br />
== Retrieve source code ==<br />
<br />
The OpenSSL source code can be downloaded from [http://www.openssl.org/source/ OpenSSL Source Tarballs] or any suitable [http://www.openssl.org/source/mirror.html ftp mirror]. There are various versions including stable as well as unstable versions. <br />
<br />
The source code is managed via Git. It's referred to as Master. The repository is<br />
<br />
: git://git.openssl.org/openssl.git<br />
<br />
The source is also available via a [https://github.com/openssl/openssl GitHub] mirror. This repository is updated every 15 minutes.<br />
<br />
* [[Use_of_Git|Accessing OpenSSL source code via Git]]<br />
<br />
== Configuration ==<br />
<br />
OpenSSL is configured for a particular platform with protocol and behavior options using <tt>Configure</tt> and <tt>config</tt>.<br />
<br />
You should avoid custom build systems because they often miss details, like each architecture and platform has a unique <tt>opensslconf.h</tt> and <tt>bn.h</tt> generated by <tt>Configure</tt>.<br />
<br />
=== Supported Platforms ===<br />
<br />
You can run <tt>Configure LIST</tt> to see a list of available platforms.<br />
<br />
<pre>$ ./Configure LIST<br />
BC-32<br />
BS2000-OSD<br />
BSD-generic32<br />
BSD-generic64<br />
BSD-ia64<br />
BSD-sparc64<br />
BSD-sparcv8<br />
BSD-x86<br />
BSD-x86-elf<br />
BSD-x86_64<br />
Cygwin<br />
Cygwin-x86_64<br />
DJGPP<br />
...</pre><br />
<br />
If your platform is not listed, then use a similar platform and tune the <tt>$cflags</tt> and <tt>$ldflags</tt> by making a copy of the configure line and giving it its own name. <tt>$cflags</tt> and <tt>$ldflags</tt> correspond to fields 2 and 6 in a configure line. An example of using a similar configure line is presented in [[Compilation_and_Installation#Using_RPATHs|Using RPATHs]].<br />
<br />
=== Configure & Config ===<br />
<br />
You use <tt>Configure</tt> and <tt>config</tt> to tune the compile and installation process through options and switches. The difference between is <tt>Configure</tt> properly handles the host-arch-compiler triplet, and <tt>config</tt> does not. <tt>config</tt> attempts to guess the triplet, so it's a lot like autotool's <tt>config.guess</tt>.<br />
<br />
You can usually use <tt>config</tt> and it will do the right thing (from Ubuntu 13.04, x64):<br />
<br />
<pre>$ ./config <br />
Operating system: x86_64-whatever-linux2<br />
Configuring for linux-x86_64<br />
Configuring for linux-x86_64<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
...</pre><br />
<br />
Mac OS X can have issues (it's often a neglected platform), and you will have to use <tt>Configure</tt>:<br />
<br />
<pre> ./Configure darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
...</pre><br />
<br />
You can also configure on Darwin by exporting <tt>KERNEL_BITS</tt>:<br />
<br />
<pre>$ export KERNEL_BITS=64<br />
$ ./config shared no-ssl2 no-ssl3 enable-ec_nistp_64_gcc_128 --openssldir=/usr/local/ssl/macosx-x64/<br />
Operating system: i686-apple-darwinDarwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64<br />
Configuring for darwin64-x86_64-cc<br />
Configuring for darwin64-x86_64-cc<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)<br />
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5<br />
...</pre><br />
<br />
If you provide a option not known to configure or ask for help, then you get a brief help message:<br />
<br />
<pre>$ ./Configure --help<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]</pre><br />
<br />
And if you supply an unknown triplet: <br />
<br />
<pre>$ ./Configure darwin64-x86_64-clang<br />
Configuring for darwin64-x86_64-clang<br />
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...]<br />
[-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared]<br />
[[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR]<br />
[--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]<br />
<br />
pick os/compiler from:<br />
BC-32 BS2000-OSD BSD-generic32 BSD-generic64 BSD-ia64 BSD-sparc64 BSD-sparcv8 <br />
BSD-x86 BSD-x86-elf BSD-x86_64 Cygwin Cygwin-pre1.3 DJGPP MPE/iX-gcc OS2-EMX <br />
...<br />
<br />
NOTE: If in doubt, on Unix-ish systems use './config'.</pre><br />
<br />
=== Dependencies ===<br />
<br />
If you are prompted to run <tt>make depend</tt>, then you must do so. For OpenSSL 1.0.2 and below, it's required to update the standard distribution once configuration options change.<br />
<br />
<pre>Since you've disabled or enabled at least one algorithm, you need to do<br />
the following before building:<br />
<br />
make depend<br />
</pre><br />
<br />
OpenSSL 1.1.0 and above performs the dependency step for you, so you should not see the message. However, you should perform a <tt>make clean</tt> to ensure the list of objects files is accurate after a reconfiguration.<br />
<br />
== Configure Options ==<br />
<br />
OpenSSL has been around a long time, and it carries around a lot of cruft. For example, from above, SSLv2 is enabled by default. SSLv2 is completely broken, and you should disable it during configuration. You can disable protocols and provide other options through <tt>Configure</tt> and <tt>config</tt>, and the following lists some of them.<br />
<br />
'''Note''': if you specify a non-existent option, then the configure scripts will proceed without warning. For example, if you inadvertently specify '''no-sslv2''' rather than '''no-ssl2 no-ssl3''', the script will configure ''with'' SSLv2 and ''without'' warning for the unknown no-sslv2.<br />
<br />
'''Note''': when building a shared object, both the static archive and shared objects are built. You do not need to do anything special to build both when '''shared''' is specified.<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ OpenSSL Library Options<br />
|-<br />
! scope="col" width="150px" | Option<br />
! scope="col" class="unsortable" | Description<br />
|-<br />
| --prefix=XXX || See [[#PREFIX_and_OPENSSLDIR|PREFIX and OPENSSLDIR]] in the next section (below).<br />
|-<br />
| --openssldir=XXX || See [[#PREFIX_and_OPENSSLDIR|PREFIX and OPENSSLDIR]] in the next section (below).<br />
|-<br />
| -d || Debug build of the library. Optimizations are disabled (no <tt>-O3</tt> or similar) and <tt>libefence</tt> is used (<tt>apt-get install electric-fence</tt> or <tt>yum install electric-fence</tt>). TODO: Any other features?<br />
|-<br />
| shared || Build a shared object in addition to the static archive. You probably need a [[#Using_RPATHs|RPATH]] when enabling <tt>shared</tt> to ensure <tt>openssl</tt> uses the correct <tt>libssl</tt> and <tt>libcrypto</tt> after installation.<br />
|-<br />
| enable-ec_nistp_64_gcc_128 || Use on little endian platforms when GCC supports <tt>__uint128_t</tt>. ECDH is about 2 to 4 times faster. Not enabled by default because <tt>Configure</tt> can't determine it. Enable it if your compiler defines <tt>__SIZEOF_INT128__</tt>, the CPU is little endian and it tolerates unaligned data access.<br />
|-<br />
| enable-capieng || Enables the Microsoft CAPI engine on Windows platforms. Used to access the Windows Certificate Store. Also see [http://openssl.6102.n7.nabble.com/Using-Windows-certificate-store-through-OpenSSL-td46788.html Using Windows certificate store through OpenSSL] on the OpenSSL developer list.<br />
|-<br />
| no-ssl2 || Disables SSLv2. <tt>OPENSSL_NO_SSL2</tt> will be defined in the OpenSSL headers.<br />
|-<br />
| no-ssl3 || Disables SSLv3. <tt>OPENSSL_NO_SSL3</tt> will be defined in the OpenSSL headers.<br />
|-<br />
| no-comp || Disables compression independent of <tt>zlib</tt>. <tt>OPENSSL_NO_COMP</tt> will be defined in the OpenSSL headers.<br />
|-<br />
| no-idea || Disables IDEA algorithm. Unlike RC5 and MDC2, IDEA is enabled by default<br />
|-<br />
| no-asm || Disables assembly language routines (and uses C routines)<br />
|-<br />
| no-dtls || Disables DTLS in OpenSSL 1.1.0 and above<br />
|-<br />
| no-dtls1 || Disables DTLS in OpenSSL 1.0.2 and below<br />
|-<br />
| no-shared || Disables shared objects (only a static library is created)<br />
|-<br />
| no-hw || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-engine || Disables hardware support (useful on mobile devices)<br />
|-<br />
| no-threads || Disables threading support.<br />
|-<br />
| no-dso || Disables the OpenSSL DSO API (the library offers a shared object abstraction layer). If you disable DSO, then you must disable Engines also<br />
|-<br />
| no-err || Removes all error function names and error reason text to reduce footprint<br />
|-<br />
| no-npn/no-nextprotoneg || Disables Next Protocol Negotiation (NPN). Use <tt>no-nextprotoneg</tt> for 1.1.0 and above; and <tt>no-npn</tt> otherwise<br />
|-<br />
| no-psk || Disables Preshared Key (PSK). PSK provides mutual authentication independent of trusted authorities, but it's rarely offered or used<br />
|-<br />
| no-srp || Disables Secure Remote Password (SRP). SRP provides mutual authentication independent of trusted authorities, but it's rarely offered or used<br />
|-<br />
| no-ec2m || Used when configuring FIPS Capable Library with a FIPS Object Module that only includes prime curves. That is, use this switch if you use <tt>openssl-fips-ecp-2.0.5</tt>.<br />
|-<br />
| no-weak-ssl-ciphers || Disables RC4. Available in OpenSSL 1.1.0 and above.<br />
|-<br />
| -DXXX || Defines XXX. For example, <tt>-DOPENSSL_NO_HEARTBEATS</tt>.<br />
|-<br />
| -DPEDANTIC || Defines PEDANTIC. The library will avoid some undefined behavior, like casting an unaligned byte array to a different pointer type. This define should be used if building OpenSSL with undefined behavior sanitizer (<tt>-fsanitize=undefined</tt>).<br />
|-<br />
| -DOPENSSL_USE_IPV6=0 || Disables IPv6. Useful if OpenSSL encounters incorrect or inconsistent platform headers and mistakenly enables IPv6. Must be passed to <tt>Configure</tt> manually.<br />
|-<br />
| -DNO_FORK || Defines NO_FORK. Disables calls to <tt>fork</tt>. Useful for operating systems like AppleTVOS, WatchOS, AppleTVSimulator and WatchSimulator.<br />
|-<br />
| -L''something'', -l''something'', -K''something'', -Wl,''something'' || Linker options, will become part of LDFLAGS.<br />
|-<br />
| -''anythingelse'', +''anythingelse'' || Compiler options, will become part of CFLAGS.<br />
|}<br />
<br />
'''''Note''''': on older OSes, like CentOS 5, BSD 5, and Windows XP or Vista, you will need to configure with <tt>no-async</tt> when building OpenSSL 1.1.0 and above. The configuration system does not detect lack of the Posix feature on the platforms.<br />
<br />
'''''Note''''': you can verify compiler support for <tt>__uint128_t</tt> with the following:<br />
<br />
<pre># gcc -dM -E - </dev/null | grep __SIZEOF_INT128__ <br />
#define __SIZEOF_INT128__ 16</pre><br />
<br />
=== PREFIX and OPENSSLDIR ===<br />
<br />
<tt>--prefix</tt> and <tt>--openssldir</tt> control the configuration of installed components. The behavior and interactions of <tt>--prefix</tt> and <tt>--openssldir</tt> are slightly different between OpenSSL 1.0.2 and below, and OpenSSL 1.1.0 and above.<br />
<br />
The '''''rule of thumb''''' to use when you want something that "just works" for all recent versions of OpenSSL, including OpenSSL 1.0.2 and 1.1.0, is:<br />
<br />
* specify ''both'' <tt>--prefix</tt> and <tt>--openssldir</tt><br />
* set <tt>--prefix</tt> and <tt>--openssldir</tt> to the same location<br />
<br />
One word of caution is ''avoid'' <tt>--prefix=/usr</tt> when OpenSSL versions are '''''not''''' [[Binary_Compatibility|binary compatible]]. You will replace the distro's version of OpenSSL with your version of OpenSSL. It will most likely break everything, including the package management system.<br />
<br />
<br />
'''OpenSSL 1.0.2 and below'''<br />
<br />
It is usually ''not'' necessary to specify <tt>--prefix</tt>. If <tt>--prefix</tt> is ''not'' specified, then <tt>--openssldir</tt> is used. However, specifying ''only'' <tt>--prefix</tt> may result in broken builds because the 1.0.2 build system attempts to build in a FIPS configuration.<br />
<br />
You can ''omit'' If <tt>--prefix</tt> and use <tt>--openssldir</tt>. In this case, the paths for <tt>--openssldir</tt> will be used during configuration. If <tt>--openssldir</tt> is not specified, the the default <tt>/usr/local/ssl</tt> is used.<br />
<br />
The takeaway is <tt>/usr/local/ssl</tt> is used by default, and it can be overridden with <tt>--openssldir</tt>. The rule of thumb applies for path overrides: specify ''both'' <tt>--prefix</tt> and <tt>--openssldir</tt>.<br />
<br />
<br />
'''OpenSSL 1.1.0 and above'''<br />
<br />
OpenSSL 1.1.0 changed the behavior of install rules. You should specify both <tt>--prefix</tt> and <tt>--openssldir</tt> to ensure <tt>make install</tt> works as expected.<br />
<br />
The takeaway is <tt>/usr/local/ssl</tt> is used by default, and it can be overridden with ''both'' <tt>--prefix</tt> and <tt>--openssldir</tt>. The rule of thumb applies for path overrides: specify ''both'' <tt>--prefix</tt> and <tt>--openssldir</tt>.<br />
<br />
=== Debug Configuration ===<br />
<br />
From the list above, it's possible to quickly configure a "debug" build with <tt>./config -d</tt>. However, you can often get into a more amicable state ''without'' the [http://en.wikipedia.org/wiki/Electric_Fence Electric Fence] dependency by issuing:<br />
<br />
<pre>$ ./config no-asm -g3 -O0 -fno-omit-frame-pointer -fno-inline-functions<br />
Operating system: x86_64-whatever-linux2<br />
Configuring for linux-x86_64<br />
Configuring OpenSSL version 1.1.0-pre5-dev (0x0x10100005L)<br />
no-asm [option] OPENSSL_NO_ASM<br />
...<br />
Configuring for linux-x86_64<br />
IsMK1MF =no<br />
CC =gcc<br />
CFLAG =-Wall -O3 -pthread -m64 -DL_ENDIAN -g3 -O0 -fno-omit-frame-pointer<br />
...</pre><br />
<br />
Don't be alarmed about both <tt>-O3</tt> and <tt>-O0</tt>. The last setting ''"sticks"'', and that's the <tt>-O0</tt>.<br />
<br />
If you are working in Visual Studio and you can't step into library calls, then see [http://stackoverflow.com/q/38249235 Step into not working, but can force stepping after some asm steps] on Stack Overflow.<br />
<br />
=== Modifying Build Settings ===<br />
<br />
Sometimes you need to work around OpenSSL's selections for building the library. For example, you might want to use <tt>-Os</tt> for a mobile device (rather than <tt>-O3</tt>), or you might want to use the <tt>clang</tt> compiler (rather than <tt>gcc</tt>).<br />
<br />
In case like these, its' often easier to modify <tt>Configure</tt> and <tt>Makefile.org</tt> rather than trying to add targets to the configure scripts. Below is a patch that modifies <tt>Configure</tt> and <tt>Makefile.org</tt> for use under the iOS 7.0 SDK (which lacks <tt>gcc</tt> in <tt>/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/</tt>):<br />
<br />
* Modifies <tt>Configure</tt> to use <tt>clang</tt><br />
* Modifies <tt>Makefile.org</tt> to use <tt>clang</tt><br />
* Modifies <tt>CFLAG</tt> to use <tt>-Os</tt><br />
* Modifies <tt>MAKEDEPPROG</tt> to use <tt>$(CC) -M</tt><br />
<br />
Setting and resetting of <tt>LANG</tt> is required on Mac OSX to work around a <tt>sed</tt> bug or limitation.<br />
<br />
<pre>OLD_LANG=$LANG<br />
unset LANG<br />
<br />
sed -i "" 's|\"iphoneos-cross\"\,\"llvm-gcc\:-O3|\"iphoneos-cross\"\,\"clang\:-Os|g' Configure<br />
sed -i "" 's/CC= cc/CC= clang/g' Makefile.org<br />
sed -i "" 's/CFLAG= -O/CFLAG= -Os/g' Makefile.org<br />
sed -i "" 's/MAKEDEPPROG=makedepend/MAKEDEPPROG=$(CC) -M/g' Makefile.org<br />
<br />
export LANG=$OLD_LANG</pre><br />
<br />
After modification, be sure to dclean and configure again so the new settings are picked up:<br />
<br />
<pre>make dclean<br />
<br />
./config<br />
make depend<br />
make all<br />
...</pre><br />
<br />
=== Using RPATHs ===<br />
<br />
<tt>RPATH</tt>'s are supported by default on the BSD platforms, but not others. If you are working on Linux and compatibles, then you have to manually add an RPATH. One of the easiest ways to add a <tt>RPATH</tt> is to configure with it as shown below.<br />
<br />
<pre>./config -Wl,-rpath=/usr/local/ssl/lib</pre><br />
<br />
For modern Linux you should also use <tt>-Wl,--enable-new-dtags</tt>. The linker option sets a <tt>RUNPATH</tt> as opposed to a <tt>RPATH</tt>. A <tt>RUNPATH</tt> allows library path overrides at runtime, while a <tt>RPATH</tt> does not.<br />
<br />
<pre>./config -Wl,-rpath=/usr/local/ssl/lib -Wl,--enable-new-dtags</pre><br />
<br />
'''''Note well''''': you should use a <tt>RPATH</tt> or <tt>RUNPATH</tt> when building both OpenSSL and your program. If you don't add a <tt>RPATH</tt> or <tt>RUNPATH</tt> to both, then your program could runtime-link to the wrong version of OpenSSL. Linking against random versions of a security library is ''not'' a good idea.<br />
<br />
You can also add an <tt>RPATH</tt> or <tt>RUNPATH</tt> by hard coding the <tt>RPATH</tt> into a configure line. For example, on Debian x86_64 open the file <tt>Configure</tt> in an editor, copy <tt>linux-x86_64</tt>, name it <tt>linux-x86_64-rpath</tt>, and make the following change to add the <tt>-rpath</tt> option. Notice the addition of <tt>-Wl,-rpath=...</tt> in two places.<br />
<br />
<pre>"linux-x86_64-rpath", "gcc:-m64 -DL_ENDIAN -O3 -Wall -Wl,-rpath=/usr/local/ssl/lib::<br />
-D_REENTRANT::-Wl,-rpath=/usr/local/ssl/lib -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:<br />
${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",</pre><br />
<br />
Above, fields 2 and 6 were changed. They correspond to <tt>$cflag</tt> and <tt>$ldflag</tt> in OpenSSL's builds system.<br />
<br />
Then, Configure with the new configuration:<br />
<br />
<pre>$ ./Configure linux-x86_64-rpath shared no-ssl2 no-ssl3 no-comp \<br />
--openssldir=/usr/local/ssl enable-ec_nistp_64_gcc_128</pre><br />
<br />
Finally, after <tt>make</tt>, verify the settings stuck:<br />
<br />
<pre>$ readelf -d ./libssl.so | grep -i -E 'rpath|runpath'<br />
0x000000000000000f (RPATH) Library rpath: [/usr/local/ssl/lib]<br />
$ readelf -d ./libcrypto.so | grep -i rpath<br />
0x000000000000000f (RPATH) Library rpath: [/usr/local/ssl/lib]<br />
$ readelf -d ./apps/openssl | grep -i rpath <br />
0x000000000000000f (RPATH) Library rpath: [/usr/local/ssl/lib]</pre><br />
<br />
Once you perform <tt>make install</tt>, then <tt>ldd</tt> will produce expected results:<br />
<br />
<pre>$ ldd /usr/local/ssl/lib/libssl.so<br />
linux-vdso.so.1 => (0x00007ffceff6c000)<br />
ibcrypto.so.1.0.0 => /usr/local/ssl/lib/libcrypto.so.1.0.0 (0x00007ff5eff96000)<br />
...<br />
<br />
$ ldd /usr/local/ssl/bin/openssl <br />
linux-vdso.so.1 => (0x00007ffc30d3a000)<br />
libssl.so.1.0.0 => /usr/local/ssl/lib/libssl.so.1.0.0 (0x00007f9e8372e000)<br />
libcrypto.so.1.0.0 => /usr/local/ssl/lib/libcrypto.so.1.0.0 (0x00007f9e832c0000)<br />
...</pre><br />
<br />
=== FIPS Capable Library ===<br />
<br />
If you want to use FIPS validated cryptography, you download, build and install the FIPS Object Module (<tt>openssl-fips-2.0.5.tar.gz</tt>) according to the [https://www.openssl.org/docs/fips/UserGuide-2.0.pdf FIPS User Guide 2.0] and [https://www.openssl.org/docs/fips/SecurityPolicy-2.0.pdf FIPS 140-2 Security Policy]. You then download, build and install the FIPS Capable Library (<tt>openssl-1.0.1e.tar.gz</tt>).<br />
<br />
When configuring the FIPS Capable Library, you must use <tt>fips</tt> as an option:<br />
<br />
<pre>./config fips <other options ...></pre><br />
<br />
If you are configuring the FIPS Capable Library with only prime curves (<tt>openssl-fips-ecp-2.0.5.tar.gz</tt>), then you must configure with <tt>no-ec2m</tt>:<br />
<br />
<pre>./config fips no-ec2m <other options ...></pre><br />
<br />
=== Compile Time Checking ===<br />
<br />
If you disable an option during configure, you can check if it's available through <tt>OPENSSL_NO_*</tt> defines. OpenSSL writes the configure options to <tt><openssl/opensslconf.h></tt>. For example, if you want to know if SSLv3 is available, then you would perform the following in your code:<br />
<br />
<pre>#include <openssl/opensslconf.h><br />
...<br />
<br />
#if !defined(OPENSSL_NO_SSL3)<br />
/* SSLv3 is available */<br />
#endif</pre><br />
<br />
== Compilation ==<br />
<br />
After configuring the library, you should run <tt>make</tt>. If prompted, there's usually no need to <tt>make depend</tt> since you are building from a clean download.<br />
<br />
==== Quick ====<br />
<br />
<pre>./config <nowiki><options ...> --openssldir=/usr/local/ssl</nowiki><br />
make<br />
make test<br />
sudo make install</pre><br />
<br />
Various options can be found examining the <tt>Configure</tt> file (there is a well commented block at its top). OpenSSL ships with SSLv2, SSLv3 and Compression enabled by default (see <tt>my $disabled</tt>), so you might want to use <tt>no-ssl2 no-ssl3</tt>, <tt>no-ssl3</tt>, and <tt>no-comp</tt>.<br />
<br />
== Platfom specific ==<br />
<br />
=== Linux ===<br />
<br />
==== Intel ====<br />
<br />
==== ARM ====<br />
<br />
==== X32 (ILP32) ====<br />
<br />
X32 uses the 32-bit data model (ILP32) on x86_64/amd64. To properly configure for X32 under current OpenSSL distributions, you must use <tt>Configure</tt> and use the x32 triplet:<br />
<br />
<pre># ./Configure LIST | grep x32<br />
linux-x32<br />
...</pre><br />
<br />
Then:<br />
<br />
<pre># ./Configure linux-x32 <br />
Configuring OpenSSL version 1.1.0-pre6-dev (0x0x10100006L)<br />
no-asan [default] OPENSSL_NO_ASAN (skip dir)<br />
...<br />
Configuring for linux-x32<br />
CC =gcc<br />
CFLAG =-Wall -O3 -pthread -mx32 -DL_ENDIAN <br />
SHARED_CFLAG =-fPIC<br />
...</pre><br />
<br />
If using an amd64-compatible processor and GCC with that supports <tt>__uint128_t</tt>, then you usually add <tt>enable-ec_nistp_64_gcc_128 </tt> in addition to your other flags.<br />
<br />
=== Windows ===<br />
3noch wrote a VERY good guide in 2012 [https://web.archive.org/web/20161123004257/http://developer.covenanteyes.com/building-openssl-for-visual-studio// here] (PLEASE NOTE: the guide was written in 2012 and is no longer available at the original location; the link now points to an archived version at the Internet Archive Wayback Machine).<br />
<br />
Like he said in his article, make absolutely sure to create separate directories for 32 and 64 bit versions.<br />
<br />
==== W32 / Windows NT - Windows 9x ====<br />
<br />
type INSTALL.W32<br />
<br />
* you need Perl for Win32. Unless you will build on Cygwin, you will need ActiveState Perl, available from http://www.activestate.com/ActivePerl.<br />
* one of the following C compilers:<br />
** Visual C++<br />
** Borland C<br />
** GNU C (Cygwin or MinGW)<br />
* Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/ is required if you intend to utilize assembler modules. Note that NASM is now the only supported assembler.<br />
<br />
==== W64 ====<br />
<br />
Read first the INSTALL.W64 documentation note containing some specific 64bits information.<br />
See also INSTALL.W32 that still provides additonnal build information common to both the 64 and 32 bit versions.<br />
<br />
You may be surprised: the 64bit artefacts are indeed output in the out32* sub-directories and bear names ending *32.dll. Fact is the 64 bit compile target is so far an incremental change over the legacy 32bit windows target. Numerous compile flags are still labelled "32" although those do apply to both 32 and 64bit targets.<br />
<br />
The important pre-requisites are to have PERL available (for essential file processing so as to prepare sources and scripts for the target OS) and of course a C compiler like Microsoft Visual Studio for C/C++. Also note the procedure changed at OpenSSL 1.1.0 and is more streamlined. Also see [https://stackoverflow.com/q/39076244/608639 Why there is no ms\do_ms.bat after perl Configure VC-WIN64A] on Stack Overflow.<br />
<br />
=== OpenSSL 1.1.0 ===<br />
<br />
For OpenSSL 1.1.0 and above perform these steps:<br />
<br />
# Ensure you have perl installed on your machine (e.g. ActiveState or Strawberry), and available on your %PATH%<br />
# Ensure you have NASM installed on your machine, and available on your %PATH%<br />
# Extract the source files to your folder, here <code>cd c:\myPath\openssl</code><br />
# Launch Visual Studio tool x64 Cross Tools Command prompt<br />
# Goto your defined folder <code>cd c:\myPath\openssl</code><br />
# Configure for the target OS with <code>perl Configure VC-WIN64A</code> or other configurations to be found in the INSTALL file (e.g. UNIX targets). <br />
## For instance: <code>perl Configure VC-WIN64A</code>.<br />
# (''Optional'') In case you compiled before on 32 or 64-bits, make sure you run <code>nmake clean</code> to prevent trouble across 32 and 64-bits which share output folder.<br />
# Now build with: <code>nmake</code><br />
# Output can be found in the '''root''' of your folder as '''libcrypto-1_1x64.dll''' and '''libssl-1_1-x64.dll''' (with all the build additionals such as .pdb .lik or static .lib). You may check this is true 64bit code using the Visual Studio tool 'dumpbin'. For instance <code>dumpbin /headers libcrypto-1_1x64.dll | more</code>, and look at the FILE HEADER section.<br />
# Test the code using the 'test' make target, by running <code>nmake test</code>.<br />
# Reminder, clean your code to prevent issues the next time you compile for a different target. See step 7.<br />
<br />
==== Windows CE ====<br />
'' Not specified ''<br />
<br />
=== OpenSSL 1.0.2 ===<br />
<br />
For OpenSSL 1.0.2 and earlier the procedure is as follows.<br />
<br />
# Ensure you have perl installed on your machine (e.g. ActiveState or Strawberry), and available on your %PATH%<br />
# Ensure you have NASM installed on your machine, and available on your %PATH%<br />
# launch a Visual Studio tool x64 Cross Tools Command prompt<br />
# change to the directory where you have copied openssl sources <code>cd c:\myPath\openssl</code><br />
# configure for the target OS with the command <code>perl Configure VC-WIN64A</code>. You may also be interested to set more configuration options as documented in the general INSTALL note (for UNIX targets). For instance: <code>perl Configure VC-WIN64A</code>.<br />
# prepare the target environment with the command: <code>ms\do_win64a</code><br />
# ensure you start afresh and notably without linkable products from a previous 32bit compile (as 32 and 64 bits compiling still share common directories) with the command: <code>nmake -f ms\ntdll.mak clean</code> for the DLL target and <code>nmake -f ms\nt.mak clean</code> for static libraries.<br />
# build the code with: <code>nmake -f ms\ntdll.mak</code> (respectively <code>nmake -f ms\nt.mak</code> )<br />
# the artefacts will be found in sub directories out32dll and out32dll.dbg (respectively out32 and out32.dbg for static libraries). The libcrypto and ssl libraries are still named libeay32.lib and ssleay32.lib, and associated includes in inc32 ! You may check this is true 64bit code using the Visual Studio tool 'dumpbin'. For instance <code>dumpbin /headers out32dll/libeay32.lib | more</code>, and look at the FILE HEADER section.<br />
# test the code using the various *test.exe programs in out32dll. Use the 'test' make target to run all tests as in <code>nmake -f ms\ntdll.mak test</code><br />
# we recommend that you move/copy needed includes and libraries from the "32" directories under a new explicit directory tree for 64bit applications from where you will import and link your target applications, similar to that explained in INSTALL.W32.<br />
<br />
==== Windows CE ====<br />
<br />
=== OS X ===<br />
<br />
The earlier discussion presented a lot of information (and some of it had OS X information). Here are the TLDR versions to configure, build and install the library.<br />
<br />
If configuring for 64-bit OS X, then use a command similar to:<br />
<br />
<pre>./Configure darwin64-x86_64-cc shared enable-ec_nistp_64_gcc_128 no-ssl2 no-ssl3 no-comp --openssldir=/usr/local/ssl/macos-x86_64<br />
make depend<br />
sudo make install</pre><br />
<br />
If configuring for 32-bit OS X, then use a command similar to:<br />
<br />
<pre>./Configure darwin-i386-cc shared no-ssl2 no-ssl3 no-comp --openssldir=/usr/local/ssl/macosx-i386<br />
make depend<br />
sudo make install</pre><br />
<br />
If you want to build a multiarch OpenSSL library, then see this answer on Stack Overflow: [http://stackoverflow.com/a/25531033/608639 Build Multiarch OpenSSL on OS X].<br />
<br />
=== iOS ===<br />
<br />
The following builds OpenSSL for iOS using the iPhoneOS SDK. The configuration avoids the dynamic library the DSO interface and engines.<br />
<br />
If you run <tt>make install</tt>, then the headers will be installed in <tt>/usr/local/openssl-ios/include</tt> and libraries will be installed in <tt>/usr/local/openssl-ios/lib</tt>.<br />
<br />
==== 32-bit ====<br />
<br />
For OpenSSL 1.1.0 and above, a 32-bit iOS cross-compiles uses the <tt>ios-cross</tt> target, and options similar to <tt>--prefix=/usr/local/openssl-ios</tt>.<br />
<br />
<pre>$ export CC=clang;<br />
$ export CROSS_TOP=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer<br />
$ export CROSS_SDK=iPhoneOS.sdk<br />
$ export PATH="/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin:$PATH"<br />
<br />
$ ./Configure ios-cross no-shared no-dso no-hw no-engine --prefix=/usr/local/openssl-ios<br />
<br />
Configuring OpenSSL version 1.1.1-dev (0x10101000L)<br />
no-afalgeng [forced] OPENSSL_NO_AFALGENG<br />
no-asan [default] OPENSSL_NO_ASAN<br />
no-dso [option]<br />
no-dynamic-engine [forced]<br />
...<br />
no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS<br />
no-zlib [default]<br />
no-zlib-dynamic [default]<br />
Configuring for ios-cross<br />
<br />
PERL =perl<br />
PERLVERSION =5.16.2 for darwin-thread-multi-2level<br />
HASHBANGPERL =/usr/bin/env perl<br />
CC =clang<br />
CFLAG =-O3 -D_REENTRANT -arch armv7 -mios-version-min=6.0.0 -isysroot $(CROSS_TOP)/SDKs/$(CROSS_SDK) -fno-common<br />
CXX =c++<br />
CXXFLAG =-O3 -D_REENTRANT -arch armv7 -mios-version-min=6.0.0 -isysroot $(CROSS_TOP)/SDKs/$(CROSS_SDK) -fno-common<br />
DEFINES =NDEBUG OPENSSL_THREADS OPENSSL_NO_DYNAMIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m SHA1_ASM SHA256_ASM SHA512_ASM AES_ASM BSAES_ASM GHASH_ASM ECP_NISTZ256_ASM POLY1305_ASM<br />
...</pre><br />
<br />
If you are working with OpenSSL 1.0.2 or below, then use the <tt>iphoneos-cross</tt> target.<br />
<br />
<pre>$ export CC=clang;<br />
$ export CROSS_TOP=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer<br />
$ export CROSS_SDK=iPhoneOS.sdk<br />
$ export PATH="/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin:$PATH"<br />
<br />
$ ./Configure iphoneos-cross no-shared no-dso no-hw no-engine --prefix=/usr/local/openssl-ios<br />
Configuring for iphoneos-cross<br />
no-dso [option]<br />
no-engine [option] OPENSSL_NO_ENGINE (skip dir)<br />
no-gmp [default] OPENSSL_NO_GMP (skip dir)<br />
no-hw [option] OPENSSL_NO_HW<br />
...<br />
no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)<br />
no-zlib [default]<br />
no-zlib-dynamic [default]<br />
IsMK1MF=0<br />
CC =clang<br />
CFLAG =-DOPENSSL_THREADS -D_REENTRANT -O3 -isysroot $(CROSS_TOP)/SDKs/$(CROSS_SDK) -fomit-frame-pointer -fno-common<br />
...</pre><br />
<br />
==== 64-bit ====<br />
<br />
For OpenSSL 1.1.0 , a 64-bit iOS cross-compiles uses the <tt>ios64-cross</tt> target, and <tt>--prefix=/usr/local/openssl-ios64</tt>. <tt>ios64-cross</tt>. There is no built-in 64-bit iOS support for OpenSSL 1.0.2 or below.<br />
<br />
<pre>$ export CC=clang;<br />
$ export CROSS_TOP=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer<br />
$ export CROSS_SDK=iPhoneOS.sdk<br />
$ export PATH="/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin:$PATH"<br />
<br />
$ ./Configure ios64-cross no-shared no-dso no-hw no-engine --prefix=/usr/local/openssl-ios64<br />
<br />
Configuring OpenSSL version 1.1.1-dev (0x10101000L)<br />
no-afalgeng [forced] OPENSSL_NO_AFALGENG<br />
no-asan [default] OPENSSL_NO_ASAN<br />
no-dso [option]<br />
no-dynamic-engine [forced]<br />
...<br />
no-weak-ssl-ciphers [default] OPENSSL_NO_WEAK_SSL_CIPHERS<br />
no-zlib [default]<br />
no-zlib-dynamic [default]<br />
Configuring for ios64-cross<br />
<br />
PERL =perl<br />
PERLVERSION =5.16.2 for darwin-thread-multi-2level<br />
HASHBANGPERL =/usr/bin/env perl<br />
CC =clang<br />
CFLAG =-O3 -D_REENTRANT -arch arm64 -mios-version-min=7.0.0 -isysroot $(CROSS_TOP)/SDKs/$(CROSS_SDK) -fno-common<br />
CXX =c++<br />
CXXFLAG =-O3 -D_REENTRANT -arch arm64 -mios-version-min=7.0.0 -isysroot $(CROSS_TOP)/SDKs/$(CROSS_SDK) -fno-common<br />
DEFINES =NDEBUG OPENSSL_THREADS OPENSSL_NO_DYNAMIC_ENGINE OPENSSL_PIC OPENSSL_BN_ASM_MONT SHA1_ASM SHA256_ASM SHA512_ASM VPAES_ASM ECP_NISTZ256_ASM POLY1305_ASM<br />
...</pre><br />
<br />
=== Android ===<br />
<br />
Visit [[Android]] and [[FIPS Library and Android]].<br />
<br />
=== More ===<br />
<br />
==== VAX/VMS ====<br />
<br />
I you wonder what are files ending with .com like test/testca.com those are VAX/VMX scripts.<br />
This code is still maintained.<br />
<br />
==== OS/2 ====<br />
<br />
==== NetWare ====<br />
5.x 6.x<br />
<br />
==== HP-UX ====<br />
[[HP-UX Itanium FIPS and OpenSSL build]]<br />
<br />
==Autoconf==<br />
<br />
OpenSSL uses its own configuration system, and does not use Autoconf. However, a number of popular projects use both OpenSSL and Autoconf, and it would be useful to detect either <tt>OPENSSL_init_ssl</tt> or <tt>SSL_library_init</tt> from <tt>libssl</tt>. To craft a feature test for OpenSSL that recognizes both <tt>OPENSSL_init_ssl</tt> and <tt>SSL_library_init</tt>, you can use the following.<br />
<br />
<pre>if test "$with_openssl" = yes ; then<br />
dnl Order matters!<br />
if test "$PORTNAME" != "win32"; then<br />
AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])])<br />
FOUND_SSL_LIB="no"<br />
AC_CHECK_LIB(ssl, OPENSSL_init_ssl, [FOUND_SSL_LIB="yes"])<br />
AC_CHECK_LIB(ssl, SSL_library_init, [FOUND_SSL_LIB="yes"])<br />
AS_IF([test "x$FOUND_SSL_LIB" = xno], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])])<br />
else<br />
AC_SEARCH_LIBS(CRYPTO_new_ex_data, eay32 crypto, [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])])<br />
FOUND_SSL_LIB="no"<br />
AC_SEARCH_LIBS(OPENSSL_init_ssl, ssleay32 ssl, [FOUND_SSL_LIB="yes"])<br />
AC_SEARCH_LIBS(SSL_library_init, ssleay32 ssl, [FOUND_SSL_LIB="yes"])<br />
AS_IF([test "x$FOUND_SSL_LIB" = xno], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])])<br />
fi<br />
fi</pre><br />
<br />
Many thanks to the Postgres folks for donating part of their <tt>configure.in</tt>. Also see [http://stackoverflow.com/q/39285733 How to tell Autoconf “require symbol A or B” from LIB?] on Stack Overflow.<br />
<br />
[[Category:Shell level]]<br />
[[Category:Installation]]<br />
[[Category:Compilation]]</div>Klaustriendlhttps://wiki.openssl.org/index.php?title=Binaries&diff=3125Binaries2020-10-07T06:16:13Z<p>Klaustriendl: resolved some ambiguity based on feedback from people downloading FireDaemon's build for Windows</p>
<hr />
<div>Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the link is stable and can provide continued support for OpenSSL for a while.<br />
<br />
Note: many Linux distributions come with pre-compiled OpenSSL packages. Those are already well-known among the users of said distributions, and will therefore not be mentioned here. If you are such a user, we ask you to get in touch with your distributor first. This service is primarily for operating systems where there are no pre-compiled OpenSSL packages.<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project.<br />
<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL Related Binary Distributions<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
| OpenSSL for Windows<br />
| Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables.<br />
| https://slproweb.com/products/Win32OpenSSL.html<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.<br />
| https://indy.fulgan.com/SSL/<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Reproducible 1.1.x builds with latest MinGW-w64/GCC, 32/64-bit, static/dynamic libs and executable.<br />
| https://bintray.com/vszakats/generic/openssl<br />
|-<br />
|-<br />
| OpenSSL for Solaris<br />
| Versions for Solaris 2.5 - 11 SPARC and X86<br />
| http://www.unixpackages.com/<br />
|-<br />
|-<br />
| OpensSSL for Windows, Linux, OSX, Android<br />
| Pre-compiled packages at conan.io package manager:<br>''Windows'' x86/x86_64 (Visual Studio 10, 12, 14, 15) <br>''Linux'' x86/x86_64 (gcc 4.6, 4.8, 4.9, 5, 6, 7) <br>''OSx'' (Apple clang). <br>Cross-building ready recipe: Linux ARM, Android.<br />
| https://www.conan.io<br>https://bintray.com/conan-community/conan/OpenSSL%3Aconan<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 1.0.2, 1.1.0 and 1.1.1 libraries without external dependencies, primarily built for François Piette's Internet Component Suite (ICS) for Embarcadero (Borland) Delphi and C++ development tools, but may be used for any Windows applications. The OpenSSL DLLs and EXE files are digitally code signed 'Open Source Developer, François PIETTE', so applications can self verify them for corruption. <br />
| http://wiki.overbyte.eu/wiki/index.php/ICS_Download<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled 64-bit (x64) and 32-bit (x86) 1.1.1 executables and libraries for Microsoft Windows Operating Systems with a dependency on the Microsoft Visual Studio 2015-2019 runtime. The distribution may be used standalone or integrated into any Windows application. The distribution's EXE and DLL files are digitally signed 'FireDaemon Technologies Limited'.<br />
| [https://kb.firedaemon.com/support/solutions/articles/4000121705 https://kb.firedaemon.com/support/solutions/articles/4000121705]<br />
|-<br />
<br />
|-<br />
|}<br />
<br />
=Engines=<br />
<br />
Some third parties provide OpenSSL compatible engines. As for the binaries above the following disclaimer applies:<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL compatible engines<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
|-<br />
| Intel® QuickAssist Technology engine<br />
| Intel® QuickAssist Technology (http://www.intel.com/content/www/us/en/embedded/technology/quickassist/overview.html) provides acceleration for a number of cryptographic algorithms. QAT_engine adds support for Intel® QuickAssist Technology to OpenSSL-1.1.0 via the ENGINE framework. The definitive list of algorithms exposed into OpenSSL (a subset of those supported in the device) is defined on the associated github page.<br />
| https://github.com/01org/QAT_Engine<br />
|-<br />
| ATECCX08 engine<br />
| Support for the Atmel ATECC508A (http://www.atmel.com/devices/ATECC508A.aspx) hardware to provide secure key storage, ECC cryptographic calculations for the ECC NIST P-256 curve, and FIPS certified hardware Random Number Generator.<br />
| https://github.com/AtmelCSO/cryptoauth-openssl-engine<br />
|-<br />
|-<br />
| GOST engine<br />
| A reference implementation of the Russian GOST crypto algorithms for OpenSSL. The presence of this engine also enables the built-in OpenSSL support for GOST TLS ciphersuites. (Note: this engine is for OpenSSL version 1.1.0 and above. Previous versions of OpenSSL used a built-in GOST engine)<br />
| https://github.com/gost-engine/engine<br />
|-<br />
|-<br />
| ISARA Radiate Solution Suite OpenSSL Connector<br />
| Commercially available engine and source code patch for OpenSSL 1.0.2 branch. The ISARA Radiate OpenSSL Connector lets you implement OpenSSL using quantum safe algorithms. ISARA Radiate (https://www.isara.com/isara-radiate/) gives you the cryptographic building blocks to create applications that will resist attacks by quantum computers.<br />
| https://www.isara.com/openssl/1/<br />
|-<br />
|-<br />
| BEE2EVP engine<br />
| Implements the Belarusian national cryptography: symmetric and public-key encryption, MAC, AEAD, hashing, digital signature. Encapsulates the Bee2 core cryptographic library into OpenSSL using the EVP interface.<br />
| https://github.com/bcrypto/bee2evp<br />
|-<br />
|-<br />
|}</div>Klaustriendlhttps://wiki.openssl.org/index.php?title=Binaries&diff=2898Binaries2019-12-21T13:40:47Z<p>Klaustriendl: OpenSSL for Windows built by "FireDaemon Technologies Limited" is now built with Visual Studio 2019</p>
<hr />
<div>Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the link is stable and can provide continued support for OpenSSL for a while.<br />
<br />
Note: many Linux distributions come with pre-compiled OpenSSL packages. Those are already well-known among the users of said distributions, and will therefore not be mentioned here. If you are such a user, we ask you to get in touch with your distributor first. This service is primarily for operating systems where there are no pre-compiled OpenSSL packages.<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project.<br />
<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL Related Binary Distributions<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
| OpenSSL for Windows<br />
| Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables.<br />
| https://slproweb.com/products/Win32OpenSSL.html<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.<br />
| https://indy.fulgan.com/SSL/<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Reproducible 1.1.x builds with latest MinGW-w64/GCC, 32/64-bit, static/dynamic libs and executable.<br />
| https://bintray.com/vszakats/generic/openssl<br />
|-<br />
|-<br />
| OpenSSL for Solaris<br />
| Versions for Solaris 2.5 - 11 SPARC and X86<br />
| http://www.unixpackages.com/<br />
|-<br />
|-<br />
| OpensSSL for Windows, Linux, OSX, Android<br />
| Pre-compiled packages at conan.io package manager:<br>''Windows'' x86/x86_64 (Visual Studio 10, 12, 14, 15) <br>''Linux'' x86/x86_64 (gcc 4.6, 4.8, 4.9, 5, 6, 7) <br>''OSx'' (Apple clang). <br>Cross-building ready recipe: Linux ARM, Android.<br />
| https://www.conan.io<br>https://bintray.com/conan-community/conan/OpenSSL%3Aconan<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 1.0.2, 1.1.0 and 1.1.1 libraries without external dependencies, primarily built for François Piette's Internet Component Suite (ICS) for Embarcadero (Borland) Delphi and C++ development tools, but may be used for any Windows applications. The OpenSSL DLLs and EXE files are digitally code signed 'Open Source Developer, François PIETTE', so applications can self verify them for corruption. <br />
| http://wiki.overbyte.eu/wiki/index.php/ICS_Download<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/x64 1.1.1 libraries with dependency on the Visual Studio 2019 runtime (binary-compatible with 2015+2017). Primarily built for FireDaemon Fusion, but may be used for any Windows application. The OpenSSL DLL and EXE files are digitally code signed 'FireDaemon Technologies Limited'.<br />
| [https://kb.firedaemon.com/support/solutions/articles/4000121705 https://kb.firedaemon.com/support/solutions/articles/4000121705]<br />
|-<br />
<br />
|-<br />
|}<br />
<br />
=Engines=<br />
<br />
Some third parties provide OpenSSL compatible engines. As for the binaries above the following disclaimer applies:<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL compatible engines<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
|-<br />
| Intel® QuickAssist Technology engine<br />
| Intel® QuickAssist Technology (http://www.intel.com/content/www/us/en/embedded/technology/quickassist/overview.html) provides acceleration for a number of cryptographic algorithms. QAT_engine adds support for Intel® QuickAssist Technology to OpenSSL-1.1.0 via the ENGINE framework. The definitive list of algorithms exposed into OpenSSL (a subset of those supported in the device) is defined on the associated github page.<br />
| https://github.com/01org/QAT_Engine<br />
|-<br />
| ATECCX08 engine<br />
| Support for the Atmel ATECC508A (http://www.atmel.com/devices/ATECC508A.aspx) hardware to provide secure key storage, ECC cryptographic calculations for the ECC NIST P-256 curve, and FIPS certified hardware Random Number Generator.<br />
| https://github.com/AtmelCSO/cryptoauth-openssl-engine<br />
|-<br />
|-<br />
| GOST engine<br />
| A reference implementation of the Russian GOST crypto algorithms for OpenSSL. The presence of this engine also enables the built-in OpenSSL support for GOST TLS ciphersuites. (Note: this engine is for OpenSSL version 1.1.0 and above. Previous versions of OpenSSL used a built-in GOST engine)<br />
| https://github.com/gost-engine/engine<br />
|-<br />
|-<br />
| ISARA Radiate Solution Suite OpenSSL Connector<br />
| Commercially available engine and source code patch for OpenSSL 1.0.2 branch. The ISARA Radiate OpenSSL Connector lets you implement OpenSSL using quantum safe algorithms. ISARA Radiate (https://www.isara.com/isara-radiate/) gives you the cryptographic building blocks to create applications that will resist attacks by quantum computers.<br />
| https://www.isara.com/openssl/1/<br />
|-<br />
|-<br />
| BEE2EVP engine<br />
| Implements the Belarusian national cryptography: symmetric and public-key encryption, MAC, AEAD, hashing, digital signature. Encapsulates the Bee2 core cryptographic library into OpenSSL using the EVP interface.<br />
| https://github.com/bcrypto/bee2evp<br />
|-<br />
|-<br />
|}</div>Klaustriendlhttps://wiki.openssl.org/index.php?title=Binaries&diff=2747Binaries2019-05-11T15:14:07Z<p>Klaustriendl: Update version of provided binaries by FireDaemon Technologies Limited and link to a different URL</p>
<hr />
<div>Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the link is stable and can provide continued support for OpenSSL for a while.<br />
<br />
Note: many Linux distributions come with pre-compiled OpenSSL packages. Those are already well-known among the users of said distributions, and will therefore not be mentioned here. If you are such a user, we ask you to get in touch with your distributor first. This service is primarily for operating systems where there are no pre-compiled OpenSSL packages.<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project.<br />
<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL Related Binary Distributions<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
| OpenSSL for Windows<br />
| Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables.<br />
| https://slproweb.com/products/Win32OpenSSL.html<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.<br />
| https://indy.fulgan.com/SSL/<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Reproducible 1.1.x builds with latest MinGW-w64/GCC, 32/64-bit, static/dynamic libs and executable.<br />
| https://bintray.com/vszakats/generic/openssl<br />
|-<br />
|-<br />
| OpenSSL for Solaris<br />
| Versions for Solaris 2.5 - 11 SPARC and X86<br />
| http://www.unixpackages.com/<br />
|-<br />
|-<br />
| OpensSSL for Windows, Linux, OSX, Android<br />
| Pre-compiled packages at conan.io package manager:<br>''Windows'' x86/x86_64 (Visual Studio 10, 12, 14, 15) <br>''Linux'' x86/x86_64 (gcc 4.6, 4.8, 4.9, 5, 6, 7) <br>''OSx'' (Apple clang). <br>Cross-building ready recipe: Linux ARM, Android.<br />
| https://www.conan.io<br>https://bintray.com/conan-community/conan/OpenSSL%3Aconan<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 1.0.2, 1.1.0 and 1.1.1 libraries without external dependencies, primarily built for François Piette's Internet Component Suite (ICS) for Embarcadero (Borland) Delphi and C++ development tools, but may be used for any Windows applications. The OpenSSL DLLs and EXE files are digitally code signed 'Open Source Developer, François PIETTE', so applications can self verify them for corruption. <br />
| http://wiki.overbyte.eu/wiki/index.php/ICS_Download<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/x64 1.1.1 libraries with dependency on the Visual Studio 2017 runtime (binary-compatible with 2015). Primarily built for FireDaemon Fusion, but may be used for any Windows application. The OpenSSL DLL and EXE files are digitally code signed 'FireDaemon Technologies Limited'.<br />
| [https://kb.firedaemon.com/support/solutions/articles/4000121705 https://kb.firedaemon.com/support/solutions/articles/4000121705]<br />
|-<br />
<br />
|-<br />
|}<br />
<br />
=Engines=<br />
<br />
Some third parties provide OpenSSL compatible engines. As for the binaries above the following disclaimer applies:<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL compatible engines<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
|-<br />
| Intel® QuickAssist Technology engine<br />
| Intel® QuickAssist Technology (http://www.intel.com/content/www/us/en/embedded/technology/quickassist/overview.html) provides acceleration for a number of cryptographic algorithms. QAT_engine adds support for Intel® QuickAssist Technology to OpenSSL-1.1.0 via the ENGINE framework. The definitive list of algorithms exposed into OpenSSL (a subset of those supported in the device) is defined on the associated github page.<br />
| https://github.com/01org/QAT_Engine<br />
|-<br />
| ATECCX08 engine<br />
| Support for the Atmel ATECC508A (http://www.atmel.com/devices/ATECC508A.aspx) hardware to provide secure key storage, ECC cryptographic calculations for the ECC NIST P-256 curve, and FIPS certified hardware Random Number Generator.<br />
| https://github.com/AtmelCSO/cryptoauth-openssl-engine<br />
|-<br />
|-<br />
| GOST engine<br />
| A reference implementation of the Russian GOST crypto algorithms for OpenSSL. The presence of this engine also enables the built-in OpenSSL support for GOST TLS ciphersuites. (Note: this engine is for OpenSSL version 1.1.0 and above. Previous versions of OpenSSL used a built-in GOST engine)<br />
| https://github.com/gost-engine/engine<br />
|-<br />
|-<br />
| ISARA Radiate Solution Suite OpenSSL Connector<br />
| Commercially available engine and source code patch for OpenSSL 1.0.2 branch. The ISARA Radiate OpenSSL Connector lets you implement OpenSSL using quantum safe algorithms. ISARA Radiate (https://www.isara.com/isara-radiate/) gives you the cryptographic building blocks to create applications that will resist attacks by quantum computers.<br />
| https://www.isara.com/openssl/1/<br />
|-<br />
|-<br />
|}</div>Klaustriendlhttps://wiki.openssl.org/index.php?title=Binaries&diff=2674Binaries2018-06-15T22:16:34Z<p>Klaustriendl: Added Windows binaries by FireDaemon Technologies</p>
<hr />
<div>Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the link is stable and can provide continued support for OpenSSL for a while.<br />
<br />
Note: many Linux distributions come with pre-compiled OpenSSL packages. Those are already well-known among the users of said distributions, and will therefore not be mentioned here. If you are such a user, we ask you to get in touch with your distributor first. This service is primarily for operating systems where there are no pre-compiled OpenSSL packages.<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project.<br />
<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL Related Binary Distributions<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
| OpenSSL for Windows<br />
| Works with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables.<br />
| https://slproweb.com/products/Win32OpenSSL.html<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.<br />
| https://indy.fulgan.com/SSL/<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Reproducible 1.1.x builds with latest MinGW-w64/GCC, 32/64-bit, static/dynamic libs and executable.<br />
| https://bintray.com/vszakats/generic/openssl<br />
|-<br />
|-<br />
| OpenSSL for Solaris<br />
| Versions for Solaris 2.5 - 11 SPARC and X86<br />
| http://www.unixpackages.com/<br />
|-<br />
|-<br />
| OpensSSL for Windows, Linux, OSX, Android<br />
| Pre-compiled packages at conan.io package manager:<br>''Windows'' x86/x86_64 (Visual Studio 10, 12, 14, 15) <br>''Linux'' x86/x86_64 (gcc 4.6, 4.8, 4.9, 5, 6, 7) <br>''OSx'' (Apple clang). <br>Cross-building ready recipe: Linux ARM, Android.<br />
| https://www.conan.io<br>https://bintray.com/conan-community/conan/OpenSSL%3Aconan<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/64 1.0.2, 1.1.0 and 1.1.1-pre libraries without external dependencies, primarily built for François Piette's Internet Component Suite (ICS) for Embarcadero (Borland) Delphi and C++ development tools, but may be used for any Windows applications. The OpenSSL DLLs and EXE files are digitally code signed 'Open Source Developer, François PIETTE', so applications can self verify them for corruption. <br />
| http://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp<br />
|-<br />
|-<br />
| OpenSSL for Windows<br />
| Pre-compiled Win32/x64 1.1.0 libraries with dependency on the Visual Studio 17 runtime (binary-compatible with 15). Primarily built for FireDaemon Fusion, but may be used for any Windows application. The OpenSSL DLL and EXE files are digitally code signed 'FireDaemon Technologies Limited'.<br />
| [https://mirror.firedaemon.com/index.php?dir=OpenSSL%2F https://mirror.firedaemon.com]<br />
|-<br />
<br />
|-<br />
|}<br />
<br />
=Engines=<br />
<br />
Some third parties provide OpenSSL compatible engines. As for the binaries above the following disclaimer applies:<br />
<br />
'''Important Disclaimer''':<br />
''The listing of these third party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by the reference to their independent web sites here. In particular any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.''<br />
<br />
{| class="wikitable sortable" border="1"<br />
|+ Third Party OpenSSL compatible engines<br />
|-<br />
! scope="col" | Product<br />
! scope="col" | Description<br />
! scope="col" | URL<br />
|-<br />
|-<br />
| Intel® QuickAssist Technology engine<br />
| Intel® QuickAssist Technology (http://www.intel.com/content/www/us/en/embedded/technology/quickassist/overview.html) provides acceleration for a number of cryptographic algorithms. QAT_engine adds support for Intel® QuickAssist Technology to OpenSSL-1.1.0 via the ENGINE framework. The definitive list of algorithms exposed into OpenSSL (a subset of those supported in the device) is defined on the associated github page.<br />
| https://github.com/01org/QAT_Engine<br />
|-<br />
| ATECCX08 engine<br />
| Support for the Atmel ATECC508A (http://www.atmel.com/devices/ATECC508A.aspx) hardware to provide secure key storage, ECC cryptographic calculations for the ECC NIST P-256 curve, and FIPS certified hardware Random Number Generator.<br />
| https://github.com/AtmelCSO/cryptoauth-openssl-engine<br />
|-<br />
|-<br />
| GOST engine<br />
| A reference implementation of the Russian GOST crypto algorithms for OpenSSL. The presence of this engine also enables the built-in OpenSSL support for GOST TLS ciphersuites. (Note: this engine is for OpenSSL version 1.1.0 and above. Previous versions of OpenSSL used a built-in GOST engine)<br />
| https://github.com/gost-engine/engine<br />
|-<br />
|-<br />
| ISARA Radiate Solution Suite OpenSSL Connector<br />
| Commercially available engine and source code patch for OpenSSL 1.0.2 branch. The ISARA Radiate OpenSSL Connector lets you implement OpenSSL using quantum safe algorithms. ISARA Radiate (https://www.isara.com/isara-radiate/) gives you the cryptographic building blocks to create applications that will resist attacks by quantum computers.<br />
| https://www.isara.com/openssl/1/<br />
|-<br />
|-<br />
|}</div>Klaustriendl