====== 3.4 Linux Build (WSL) ======

This guide shows how to compile OpenSSL under Linux in WSL2.

----

===== When Do I Need a Linux Build? =====

^ Application ^ Linux build needed? ^
| Docker Container | **Yes** |
| Linux Server | **Yes** |
| L4Re Microkernel | **Yes** (Cross-compilation for aarch64) |
| .NET on Windows | No (use Windows build) |
| WASM/Blazor | Separate (see WASM Build) |

----

===== Prerequisites =====

  * ☑ WSL2 with Ubuntu 24.04 LTS (recommended) or Fedora
  * ☑ Build tools installed
  * ☑ For aarch64: Cross-compiler installed

→ [[.:vorbereitung:wsl-einrichten|Set up WSL]]

----

===== WSL2 Ubuntu 24.04 Installation =====

<code powershell>
# PowerShell (Administrator)
wsl --install Ubuntu-24.04 --no-launch
wsl -d Ubuntu-24.04
</code>

----

===== Build Steps =====

==== Step 1: Install Build Dependencies ====

**Ubuntu 24.04 (recommended):**
<code bash>
sudo apt-get update
sudo apt-get install -y \
    build-essential \
    perl \
    git \
    wget \
    file

# For aarch64 cross-compilation:
sudo apt-get install -y \
    gcc-aarch64-linux-gnu \
    g++-aarch64-linux-gnu \
    binutils-aarch64-linux-gnu
</code>

**Fedora:**
<code bash>
sudo dnf install -y gcc make perl git wget file
# Cross-compilers for aarch64 are harder to install on Fedora
# Ubuntu 24.04 is recommended
</code>

==== Step 2: Copy Sources to Linux Filesystem ====

<WRAP important>
**IMPORTANT: NTFS Symlink Problem**

Building directly on the Windows filesystem (''/mnt/d/...'') fails because NTFS doesn't support Linux symlinks. OpenSSL creates symlinks like ''libcrypto.so → libcrypto.so.3''.

**Solution:** Always copy sources to Linux filesystem (''/opt/...'')!
</WRAP>

<code bash>
# Create build directory
sudo mkdir -p /opt/openssl-build
sudo chown $(id -u):$(id -g) /opt/openssl-build

# Mount Windows drive (if not auto-mounted)
sudo mkdir -p /mnt/d
sudo mount -t drvfs D: /mnt/d 2>/dev/null || true

# Copy sources (with tar for complete copy)
cd /mnt/d/Workspace/openssl-3.6.0/l4re/src
tar cf - . | tar xf - -C /opt/openssl-build
</code>

==== Step 3: Configure (x86_64) ====

<code bash>
cd /opt/openssl-build

# Standard configuration
./Configure linux-x86_64 \
    --prefix=/opt/openssl-3.6 \
    --openssldir=/opt/openssl-3.6/ssl \
    shared

# OR with FIPS module (recommended for production):
./Configure linux-x86_64 \
    --prefix=/opt/openssl-3.6 \
    --openssldir=/opt/openssl-3.6/ssl \
    enable-fips \
    shared
</code>

==== Step 4: Compile ====

<code bash>
# Build with all CPU cores
make -j$(nproc)
</code>

<WRAP tip>
''$(nproc)'' returns the number of CPU cores. On an 8-core CPU: ''make -j8''
</WRAP>

==== Step 5: Install ====

<code bash>
sudo make install
</code>

----

===== aarch64 Cross-Compilation (for L4Re/ARM64) =====

For ARM64 targets like L4Re Microkernel:

<code bash>
# Separate build directory for aarch64
sudo rm -rf /opt/openssl-aarch64-build
sudo mkdir -p /opt/openssl-aarch64-build
sudo chown $(id -u):$(id -g) /opt/openssl-aarch64-build

# Copy sources
cd /mnt/d/Workspace/openssl-3.6.0/l4re/src
tar cf - . | tar xf - -C /opt/openssl-aarch64-build

# Configure for aarch64
cd /opt/openssl-aarch64-build
./Configure linux-aarch64 \
    --cross-compile-prefix=aarch64-linux-gnu- \
    --prefix=/opt/openssl-3.6-aarch64 \
    --openssldir=/opt/openssl-3.6-aarch64/ssl \
    shared \
    enable-fips \
    no-async

# Build
make -j$(nproc)

# Verify result
file libcrypto.so.3
# Expected output: ELF 64-bit LSB shared object, ARM aarch64
</code>

----

===== Result =====

==== x86_64 Build Output ====

<code>
/opt/openssl-3.6/
├── bin/
│   └── openssl                # CLI Tool
├── include/
│   └── openssl/               # Headers for FFI
├── lib64/
│   ├── libcrypto.so.3         # ~7.4 MB - Crypto Library
│   ├── libssl.so.3            # ~1.3 MB - SSL/TLS Library
│   ├── libcrypto.a            # Static Library
│   ├── libssl.a
│   └── ossl-modules/
│       └── fips.so            # ~3.2 MB - FIPS Provider
└── ssl/
    ├── openssl.cnf
    └── fipsmodule.cnf         # FIPS Configuration
</code>

==== aarch64 Build Output ====

^ File ^ Size ^ Description ^
| ''libcrypto.so.3'' | ~6.8 MB | Crypto Library (ARM64) |
| ''libssl.so.3'' | ~1.2 MB | SSL/TLS Library (ARM64) |
| ''fips.so'' | ~2.3 MB | FIPS Provider (ARM64) |
| ''fipsmodule.cnf'' | ~1 KB | FIPS Configuration |

----

===== Testing =====

<code bash>
# Check version
/opt/openssl-3.6/bin/openssl version -a
# Expected output: OpenSSL 3.6.0 1 Oct 2025

# Check providers (FIPS should be listed)
/opt/openssl-3.6/bin/openssl list -providers

# Check Post-Quantum algorithms
/opt/openssl-3.6/bin/openssl list -signature-algorithms | grep -i mldsa
/opt/openssl-3.6/bin/openssl list -kem-algorithms | grep -i mlkem

# Check shared library format
file /opt/openssl-3.6/lib64/libcrypto.so.3
# x86_64: ELF 64-bit LSB shared object, x86-64
</code>

----

===== Copy Results to Windows =====

<code bash>
# x86_64 Libraries
mkdir -p /mnt/d/Workspace/openssl-3.6.0/l4re/bin/x86_64
cp /opt/openssl-3.6/lib64/libcrypto.so.3 /mnt/d/Workspace/openssl-3.6.0/l4re/bin/x86_64/
cp /opt/openssl-3.6/lib64/libssl.so.3 /mnt/d/Workspace/openssl-3.6.0/l4re/bin/x86_64/
cp /opt/openssl-3.6/lib64/ossl-modules/fips.so /mnt/d/Workspace/openssl-3.6.0/l4re/bin/x86_64/
cp /opt/openssl-3.6/ssl/fipsmodule.cnf /mnt/d/Workspace/openssl-3.6.0/l4re/bin/x86_64/

# aarch64 Libraries
mkdir -p /mnt/d/Workspace/openssl-3.6.0/l4re/bin/aarch64
cp /opt/openssl-aarch64-build/libcrypto.so.3 /mnt/d/Workspace/openssl-3.6.0/l4re/bin/aarch64/
cp /opt/openssl-aarch64-build/libssl.so.3 /mnt/d/Workspace/openssl-3.6.0/l4re/bin/aarch64/
cp /opt/openssl-aarch64-build/providers/fips.so /mnt/d/Workspace/openssl-3.6.0/l4re/bin/aarch64/
cp /opt/openssl-aarch64-build/providers/fipsmodule.cnf /mnt/d/Workspace/openssl-3.6.0/l4re/bin/aarch64/
</code>

----

===== For Docker Images =====

==== Dockerfile Example ====

<code dockerfile>
FROM ubuntu:24.04 AS builder

# Install build tools
RUN apt-get update && apt-get install -y \
    build-essential perl git wget file

# Copy OpenSSL sources
COPY openssl-src/ /build/src/

# Build with FIPS
WORKDIR /build/src
RUN ./Configure linux-x86_64 enable-fips --prefix=/opt/openssl && \
    make -j$(nproc) && \
    make install

# Runtime Image
FROM ubuntu:24.04

# Copy only the finished binaries
COPY --from=builder /opt/openssl /opt/openssl

# Set path
ENV PATH="/opt/openssl/bin:$PATH"
ENV LD_LIBRARY_PATH="/opt/openssl/lib64:$LD_LIBRARY_PATH"
</code>

----

===== Troubleshooting =====

==== "ln: failed to create symbolic link: Operation not permitted" ====

**Problem:** Build on NTFS filesystem (''/mnt/d/...'')

**Solution:** Copy sources to Linux filesystem (see Step 2)

==== USB drives not recognized ====

**Problem:** USB drives (external hard drives, USB sticks) are not automatically mounted in WSL2.

**Solution:** Mount manually with ''metadata'' flag:
<code bash>
sudo mkdir -p /mnt/d
sudo mount -t drvfs D: /mnt/d -o metadata
</code>

<WRAP tip>
Without ''metadata'' flag, files may not be written correctly to the Windows filesystem!
</WRAP>

==== "Can't locate OpenSSL/fallback.pm" ====

**Problem:** Incomplete sources (''util/perl/'' missing)

**Solution:** Copy sources with ''tar'' instead of ''cp -r''

==== Cross-compilation: "file in wrong format" ====

**Problem:** Old x86_64 artifacts in build directory

**Solution:** Run ''make clean'' before build

----

===== Continue to =====

  * [[.:vorbereitung:wsl-einrichten|Set up WSL]]
  * [[.:testen:start|4. Testing]]
  * [[.:build:start|Back to Build Overview]]

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//
//Last update: 2025-12-16 (verified with OpenSSL 3.6.0)//