Cross-compile OpenSSL for your Raspberry Pi

Have you tried to compile OpenSSL directly on your Raspberry Pi? Don’t! Save yourself a lot of time by compiling it on your desktop computer or laptop instead, then move it to your Pi!

1. Get the cross-compiler

First you need to get the cross-compiling tools on your computer. Those will allow you to compile for your Pi’s ARM architecture. The cross-compiling tools are part of the raspberrypi/tools repository on Github, which you’re going to have to clone to your computer. From whatever base folder you’ve chosen for this, type:

$ git clone https://github.com/raspberrypi/tools.git --depth=1 pitools

The option --depth=1 specifies you only want to copy the latest revision of the repository. You can leave it out if you prefer to clone the whole thing instead.

You will now find two important folders in the arm-bcm2708 subfolder of your newly created pitools repository. The first is called gcc-linaro-arm-linux-gnueabihf-raspbian and contains the cross-compiling tools you must use on a 32-bit computer, the second is called gcc-linaro-arm-linux-gnueabihf-raspbian-x64 and contains predictably the tools for 64-bit systems. Note that the Raspberry Pi itself has a 32-bit processor, so we aren’t talking about the Pi now, but your computer, which is either 32 or 64-bit.

The cross-compiling tools themselves are in the respective bin subfolder. To put it all together, on a 64-bit system the path to the cross-compiling tools for your Raspberry Pi will be:

/path/to/basefolder/pitools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin/

Export it as a variable for later:

$ export CROSSCOMP_DIR=/path/to/basefolder/pitools/arm-bcm2708/gcc-linaro-arm-linux-gnueabihf-raspbian-x64/bin

Have a look at the files in the bin folder. You’ll notice they all start with the arm-linux-gnueabihf- prefix and include a C compiler (gcc), a C++ compiler (g++), a linker (ld), etc.

2. Get the OpenSSL source

Assuming you want to compile and install the latest OpenSSL version on your Pi, type:

$ git clone https://github.com/openssl/openssl.git

Again, choose a base folder for cloning the repository into. If you don’t want the latest OpenSSL version, go to openssl.org and download the tar.gz file of the version you’re interested in, extract it and move the folder to the location of your choice.

3. Cross-compile the OpenSSL source

At this point you’re ready to cross-compile.

cd into the OpenSSL repository and export the following variable for convenience:

$ export INSTALL_DIR=/path/to/installation/folder

It should contain the path to the folder you want to install the cross-compiled OpenSSL to.

Now run the Configure script with the following options:

  • linux-generic32 : You’re compiling for a 32-bit Linux system, i.e. your Raspberry Pi
  • shared : To create static (.a) AND shared (.so) OpenSSL libraries
  • --prefix=$INSTALL_DIR : The path to the folder your cross-compiled OpenSSL will be installed in, as seen above
  • --openssldir=$INSTALL_DIR/openssl : This folder will contain certain configuration files
  • --cross-compile-prefix=$CROSSCOMP_DIR/arm-linux-gnueabihf- : This is the path to the cross-compiling tools we’ve seen above, and kind of the point of the whole thing. Notice the dash at the end!
user@host:/path/to/folder/openssl $ ./Configure linux-generic32 shared \
--prefix=$INSTALL_DIR --openssldir=$INSTALL_DIR/openssl \
--cross-compile-prefix=$CROSSCOMP_DIR/arm-linux-gnueabihf-

After the configuration step is done, run the following commands:

make depend
make
make install

Your installation folder now contains the cross-compiled OpenSSL!

Specifically, the bin folder contains the openssl executable and the lib folder contains the OpenSSL libraries.

You can check the openssl executable in $INSTALL_DIR/bin to see that it really is a 32-bit Linux executable for the ARM platform :)

$ file $INSTALL_DIR/bin/openssl
openssl: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.26,
BuildID[sha1]=60d55b25b044bf1f378eba2e7890c928f8552609, not stripped

4. Transfer the cross-compiled OpenSSL to your Pi

Now transfer the installation folder to your Pi, for example via scp, and check that the executable can effectively run, e.g. by cd‘ing into the folder and typing:

user@host:/path/to/folder/openssl/bin $ ./openssl help

Once compiling your programs on the Pi with the new OpenSSL libraries, make sure they are also the ones actually being loaded at run-time!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s