Build openssl with just RSA and AES

I'm using libcrypto.a (OpenSSL) with a project. By default all the algorithms are available under libcrypto.a. For the project i just need RSA, AES and SHA.

How I can build libcrypto.a with just those algorithms?

If you build OpenSSL by running the config or Configure script, you provide no-<cipher> as an argument to exclude the cipher. Run Configure with no options to see the available build options.

The configuration script converts these arguments into options for the preprocessor. Here's a list of nearly everything you can disable at compile time. First is the configuration-script argument, and then the compiler argument it gets converted to.

Ciphers:

no-idea       -DOPENSSL_NO_IDEA
no-aes        -DOPENSSL_NO_AES
no-camellia   -DOPENSSL_NO_CAMELLIA
no-seed       -DOPENSSL_NO_SEED
no-bf         -DOPENSSL_NO_BF
no-cast       -DOPENSSL_NO_CAST
no-des        -DOPENSSL_NO_DES
no-rc2        -DOPENSSL_NO_RC2
no-rc4        -DOPENSSL_NO_RC4
no-rc5        -DOPENSSL_NO_RC5

no-md2        -DOPENSSL_NO_MD2
no-md4        -DOPENSSL_NO_MD4
no-md5        -DOPENSSL_NO_MD5
no-sha        -DOPENSSL_NO_SHA
no-ripemd     -DOPENSSL_NO_RIPEMD
no-mdc2       -DOPENSSL_NO_MDC2

no-rsa        -DOPENSSL_NO_RSA
no-dsa        -DOPENSSL_NO_DSA
no-dh         -DOPENSSL_NO_DH

no-ec         -DOPENSSL_NO_EC
no-ecdsa      -DOPENSSL_NO_ECDSA
no-ecdh       -DOPENSSL_NO_ECDH

Non-cipher functionality:

no-sock       -DOPENSSL_NO_SOCK         No socket code.
no-ssl2       -DOPENSSL_NO_SSL2         No SSLv2.
no-ssl3       -DOPENSSL_NO_SSL3         No SSLv3.
no-err        -DOPENSSL_NO_ERR          No error strings.
no-krb5       -DOPENSSL_NO_KRB5         No Kerberos v5.
no-engine     -DOPENSSL_NO_ENGINE       No dynamic engines.
no-hw         -DOPENSSL_NO_HW           No support for external hardware.

Not documented:

no-tlsext     -DOPENSSL_NO_TLSEXT
no-cms        -DOPENSSL_NO_CMS
no-jpake      -DOPENSSL_NO_JPAKE
no-capieng    -DOPENSSL_NO_CAPIENG

Note that some things have dependencies. For example, you cannot build the SSL library without ciphers and digest algorithms because the SSL and TLS protocols demand them. So instead of doing make all, you want to do make build_crypto so that it only builds libcrypto.a.

Through experimentation, I found (in OpenSSL 0.9.8r) that libcrypto has 2 algorithm dependencies: MD5 for the random-number generator's algorithm (in crypto/rand_lib.c) and SHA-1 for printing certificate hashes (in crypto/asn1/t_x509.c). I'd say these dependencies are oversights by the developers.

This is how I build libcrypto.a with only MD5 and SHA:

./config no-idea no-aes no-camellia no-seed no-bf no-cast no-des no-rc2 no-rc4 no-rc5 \
no-md2 no-md4 no-ripemd no-mdc2 no-rsa no-dsa no-dh no-ec no-ecdsa no-ecdh no-sock \
no-ssl2 no-ssl3 no-err no-krb5 no-engine no-hw
make depend
make build_crypto

I also successfully built it with everything except AES, RSA, SHA, and MD5 as the question asked.

If I try to disable anything except RSA, AES and SHA I can not build the library it's generate some errors because some functions are missing. I'm obliged to reactivate md5, dsa. Now have some errors with BIO about some SSL functions missing. It's like openssl doesn't manage properly those no-* flags

 I was able to build it without anything except RSA, AES, SHA, and MD5. The RNG has a message digest dependency so I just picked MD5. I edited my answer with the details.