Tuesday, September 8, 2015

Compiling openssl with emscripten

a.k.a. the days of 10kB JavaScript are gone.

We are doing some crypto app prototypes and figured that having demos on the web, without having to download or install anything are quite valuable. And despite the issues on the SSL side of OpenSSL, the crypto library is still quite useful. Let's see how to build it into JavaScript using the amazing emscripten.

I'm using openssl v1.0.2a which is commit 3df69d3aefde7671053d4e3c242b228e5d79c83f in the git repository. First I have emscripten prepare my environment for compilation to make sure I'm using the correct compiler, archiver and linker (emcc, ar, ld). I do

emmake bash

or any other shell such as fish. I wasn't able to run emmake ./Configure or emconfigure directly so I just run a new shell. From the shell I can configure openssl as usual:

./Configure -no-asm -no-apps no-ssl2 no-ssl3 no-comp no-hw no-engine no-deprecated shared no-dso --openssldir=built linux-generic32

note that 64b architecture cannot be used. I also did have to modify the generated Makefile a bit.

  1. on line 63, delete the path after $(CROSS_COMPILE) so that it looks like this:
  2. on line 64, remove the -O3 flag just to be sure because not all enscriptem optimizations may be compatible with openssl
after this you're able to build the library using


To test, I did build one of the demos:

emcc  demos/sign/sign.c -lcrypto  -o demos/sign/sign.html -Iinclude -L. --preload-file demos/sign@/

The resulting library is almost 4 MB, it may be useful to try and remove some more features. Now it's not really clear if crypto software running in this way is still secure. I know that browser Crypto API + enscriptem ensure that randomness in /dev/urandom is correct but I may need to dig into the debugger to be sure it's really used correctly.


  1. Hello, you can share the result of this post? aka openssl.js file for testing? thanks

  2. Hi, I don't have it any more, it wouldn't be good to use anyway because

    1) it would be outdated and probably insecure
    2) you're better off using a library such as TweetNaCl or other library based on NaCl
    3) WASM is the hot new stuff rather than asm.js
    4) note that in-browser crypto is inherently insecure

  3. Hey Roman,
    I know that in-browser crypto is quite insecure but I want to build a training module for colleagues working on different crypto tasks.

    For compiling my C modules to wasm I need to be able to provide an OpenSSL library compiled with emscripten. Honestly, I've been searching the interent for two weeks and this seems to be the only work getting close to it.

    Although you'd probably have to spend a considerable amount of time to rethink your previous solution, would it be possible for you do do it again and maybe even share your libcrypto.a?

  4. MGM Resorts International and MGM Resorts International unveil
    MGM 강릉 출장안마 Resorts International and MGM 울산광역 출장샵 Resorts International announced 용인 출장마사지 today a three-day, 경주 출장마사지 multi-year 김제 출장마사지 partnership to offer the Mar 16, 2021