Commit 9431cc20be for openssl.org
commit 9431cc20bea7c559e11bebd9f877405fffc0584e
Author: Neil Horman <nhorman@openssl.org>
Date: Thu Feb 12 19:38:36 2026 -0500
Add abilty to use static vcruntime
Add a config option to selectively enable disable static vcruntime
linkage (default disabled, implying dynamic vcruntime linkage)
Fixes #12210
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Feb 17 09:43:37 2026
(Merged from https://github.com/openssl/openssl/pull/29995)
diff --git a/CHANGES.md b/CHANGES.md
index 8dc17dcbbc..b58a83911f 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -37,6 +37,14 @@ OpenSSL 4.0
*Simo Sorce*
+ * Windows targets support static/dynamic vcruntime linkage
+
+ Using the `enable-static-vcruntime` option OpenSSL can now be configured
+ to use the static or dynamic vcruntime.dll linkage. The multithreaded or
+ single threaded static vcruntime is selected based on the enable-threads option.
+
+ *Neil Horman*
+
* OPENSSL_cleanup() now runs in a global destructor, or not at all by default.
OpenSSL_cleanup() will no longer by default free global objects when run from
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index 184dfb5ea3..36a0f8c3ac 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1566,11 +1566,11 @@ my %targets = (
cflags => add(picker(default => '/Gs0 /GF /Gy',
debug =>
sub {
- ($disabled{shared} ? "" : "/MDd");
+ ($disabled{shared} ? "" : ($disabled{"static-vcruntime"} ? "/MDd" : ($disabled{threads} ? "" : "/MT")));
},
release =>
sub {
- ($disabled{shared} ? "" : "/MD");
+ ($disabled{shared} ? "" : ($disabled{"static-vcruntime"} ? "/MD": ($disabled{threads} ? "" : "/MT")));
})),
defines => add(picker(default => [], # works as type cast
debug => [ "DEBUG", "_DEBUG" ])),
@@ -1655,7 +1655,7 @@ my %targets = (
combine('/GF /Gy',
sub { vc_wince_info()->{cflags}; },
sub { `cl 2>&1` =~ /Version ([0-9]+)\./ && $1>=14
- ? ($disabled{shared} ? " /MT" : " /MD")
+ ? ($disabled{shared} ? " /MT" : ($disabled{"static-vcruntime"} ? " /MD" : ""))
: " /MC"; }),
cppflags => sub { vc_wince_info()->{cppflags}; },
lib_defines => add("NO_CHMOD", "OPENSSL_SMALL_FOOTPRINT"),
diff --git a/Configure b/Configure
index 46c666529a..53a2e43cc3 100755
--- a/Configure
+++ b/Configure
@@ -539,6 +539,7 @@ my @disablables = (
"sshkdf",
"sskdf",
"ssl-trace",
+ "static-vcruntime",
"stdio",
"sslkeylog",
"tests",
@@ -627,6 +628,7 @@ our %disabled = ( # "what" => "comment"
"rc5" => "default",
"sctp" => "default",
"sslkeylog" => "default",
+ "static-vcruntime" => "default",
"tfo" => "default",
"tls-deprecated-ec" => "default",
"trace" => "default",
diff --git a/NEWS.md b/NEWS.md
index 71ddf483c2..016faaa314 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -27,6 +27,8 @@ OpenSSL 4.0
### Major changes between OpenSSL 3.6 and OpenSSL 4.0 [under development]
+ * Windows supports the use of staic or dynamic vcruntime linkage
+
* The `OPENSSL_sk_set_cmp_thunks()` call was added to the `STACK_OF` api
* The script tool `c_rehash` was removed. Use `openssl rehash` instead.