Back to home page

openssl Cross Reference

 
 

    


0001  
0002  INSTALLATION ON THE WIN32 PLATFORM
0003  ----------------------------------
0004 
0005  [Instructions for building for Windows CE can be found in INSTALL.WCE]
0006  [Instructions for building for Win64 can be found in INSTALL.W64]
0007 
0008  Here are a few comments about building OpenSSL for Win32 environments,
0009  such as Windows NT and Windows 9x. It should be noted though that
0010  Windows 9x are not ordinarily tested. Its mention merely means that we
0011  attempt to maintain certain programming discipline and pay attention
0012  to backward compatibility issues, in other words it's kind of expected
0013  to work on Windows 9x, but no regression tests are actually performed.
0014 
0015  On additional note newer OpenSSL versions are compiled and linked with
0016  Winsock 2. This means that minimum OS requirement was elevated to NT 4
0017  and Windows 98 [there is Winsock 2 update for Windows 95 though].
0018 
0019  - you need Perl for Win32.  Unless you will build on Cygwin, you will need
0020    ActiveState Perl, available from http://www.activestate.com/ActivePerl.
0021 
0022  - one of the following C compilers:
0023 
0024   * Visual C++
0025   * Borland C
0026   * GNU C (Cygwin or MinGW)
0027 
0028 - Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/
0029   is required if you intend to utilize assembler modules. Note that NASM
0030   is now the only supported assembler.
0031 
0032  If you are compiling from a tarball or a Git snapshot then the Win32 files
0033  may well be not up to date. This may mean that some "tweaking" is required to
0034  get it all to work. See the trouble shooting section later on for if (when?)
0035  it goes wrong.
0036 
0037  Visual C++
0038  ----------
0039 
0040  If you want to compile in the assembly language routines with Visual
0041  C++, then you will need already mentioned Netwide Assembler binary,
0042  nasmw.exe or nasm.exe, to be available on your %PATH%.
0043 
0044  Firstly you should run Configure with platform VC-WIN32:
0045 
0046  > perl Configure VC-WIN32 --prefix=c:\some\openssl\dir
0047 
0048  Where the prefix argument specifies where OpenSSL will be installed to.
0049 
0050  Next you need to build the Makefiles and optionally the assembly
0051  language files:
0052 
0053  - If you are using NASM then run:
0054 
0055    > ms\do_nasm
0056 
0057  - If you don't want to use the assembly language files at all then run:
0058 
0059    > perl Configure VC-WIN32 no-asm --prefix=c:/some/openssl/dir
0060    > ms\do_ms
0061 
0062  If you get errors about things not having numbers assigned then check the
0063  troubleshooting section: you probably won't be able to compile it as it
0064  stands.
0065 
0066  Then from the VC++ environment at a prompt do:
0067 
0068  > nmake -f ms\ntdll.mak
0069 
0070  If all is well it should compile and you will have some DLLs and
0071  executables in out32dll. If you want to try the tests then do:
0072  
0073  > nmake -f ms\ntdll.mak test
0074 
0075 
0076  To install OpenSSL to the specified location do:
0077 
0078  > nmake -f ms\ntdll.mak install
0079 
0080  Tweaks:
0081 
0082  There are various changes you can make to the Win32 compile
0083  environment. By default the library is not compiled with debugging
0084  symbols. If you use the platform debug-VC-WIN32 instead of VC-WIN32
0085  then debugging symbols will be compiled in.
0086 
0087  By default in 1.0.0 OpenSSL will compile builtin ENGINES into the
0088  separate shared librariesy. If you specify the "enable-static-engine"
0089  option on the command line to Configure the shared library build
0090  (ms\ntdll.mak) will compile the engines into libeay32.dll instead.
0091 
0092  The default Win32 environment is to leave out any Windows NT specific
0093  features.
0094 
0095  If you want to enable the NT specific features of OpenSSL (currently
0096  only the logging BIO) follow the instructions above but call the batch
0097  file do_nt.bat instead of do_ms.bat.
0098 
0099  You can also build a static version of the library using the Makefile
0100  ms\nt.mak
0101 
0102 
0103  Borland C++ builder 5
0104  ---------------------
0105 
0106  * Configure for building with Borland Builder:
0107    > perl Configure BC-32
0108 
0109  * Create the appropriate makefile
0110    > ms\do_nasm
0111 
0112  * Build
0113    > make -f ms\bcb.mak
0114 
0115  Borland C++ builder 3 and 4
0116  ---------------------------
0117 
0118  * Setup PATH. First must be GNU make then bcb4/bin 
0119 
0120  * Run ms\bcb4.bat
0121 
0122  * Run make:
0123    > make -f bcb.mak
0124 
0125  GNU C (Cygwin)
0126  --------------
0127 
0128  Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of
0129  Win32 subsystem and provides a bash shell and GNU tools environment.
0130  Consequently, a make of OpenSSL with Cygwin is virtually identical to
0131  Unix procedure. It is also possible to create Win32 binaries that only
0132  use the Microsoft C runtime system (msvcrt.dll or crtdll.dll) using
0133  MinGW. MinGW can be used in the Cygwin development environment or in a
0134  standalone setup as described in the following section.
0135 
0136  To build OpenSSL using Cygwin:
0137 
0138  * Install Cygwin (see http://cygwin.com/)
0139 
0140  * Install Perl and ensure it is in the path. Both Cygwin perl
0141    (5.6.1-2 or newer) and ActivePerl work.
0142 
0143  * Run the Cygwin bash shell
0144 
0145  * $ tar zxvf openssl-x.x.x.tar.gz
0146    $ cd openssl-x.x.x
0147 
0148    To build the Cygwin version of OpenSSL:
0149 
0150    $ ./config
0151    [...]
0152    $ make
0153    [...]
0154    $ make test
0155    $ make install
0156 
0157    This will create a default install in /usr/local/ssl.
0158 
0159    To build the MinGW version (native Windows) in Cygwin:
0160 
0161    $ ./Configure mingw
0162    [...]
0163    $ make
0164    [...]
0165    $ make test
0166    $ make install
0167 
0168  Cygwin Notes:
0169 
0170  "make test" and normal file operations may fail in directories
0171  mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
0172  stripping of carriage returns. To avoid this ensure that a binary
0173  mount is used, e.g. mount -b c:\somewhere /home.
0174 
0175  "bc" is not provided in older Cygwin distribution.  This causes a
0176  non-fatal error in "make test" but is otherwise harmless.  If
0177  desired and needed, GNU bc can be built with Cygwin without change.
0178 
0179  GNU C (MinGW/MSYS)
0180  -------------
0181 
0182  * Compiler and shell environment installation:
0183 
0184    MinGW and MSYS are available from http://www.mingw.org/, both are
0185    required. Run the installers and do whatever magic they say it takes
0186    to start MSYS bash shell with GNU tools on its PATH.
0187 
0188    N.B. Since source tar-ball can contain symbolic links, it's essential
0189    that you use accompanying MSYS tar to unpack the source. It will
0190    either handle them in one way or another or fail to extract them,
0191    which does the trick too. Latter means that you may safely ignore all
0192    "cannot create symlink" messages, as they will be "re-created" at
0193    configure stage by copying corresponding files. Alternative programs
0194    were observed to create empty files instead, which results in build
0195    failure.
0196 
0197  * Compile OpenSSL:
0198 
0199    $ ./config
0200    [...]
0201    $ make
0202    [...]
0203    $ make test
0204 
0205    This will create the library and binaries in root source directory
0206    and openssl.exe application in apps directory.
0207 
0208    It is also possible to cross-compile it on Linux by configuring
0209    with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
0210    'make test' is naturally not applicable then.
0211 
0212    libcrypto.a and libssl.a are the static libraries. To use the DLLs,
0213    link with libeay32.a and libssl32.a instead.
0214 
0215    See troubleshooting if you get error messages about functions not
0216    having a number assigned.
0217 
0218  Installation
0219  ------------
0220 
0221  If you used the Cygwin procedure above, you have already installed and
0222  can skip this section.  For all other procedures, there's currently no real
0223  installation procedure for Win32.  There are, however, some suggestions:
0224 
0225     - do nothing.  The include files are found in the inc32/ subdirectory,
0226       all binaries are found in out32dll/ or out32/ depending if you built
0227       dynamic or static libraries.
0228 
0229     - do as is written in INSTALL.Win32 that comes with modssl:
0230 
0231         $ md c:\openssl 
0232         $ md c:\openssl\bin
0233         $ md c:\openssl\lib
0234         $ md c:\openssl\include
0235         $ md c:\openssl\include\openssl
0236         $ copy /b inc32\openssl\*       c:\openssl\include\openssl
0237         $ copy /b out32dll\ssleay32.lib c:\openssl\lib
0238         $ copy /b out32dll\libeay32.lib c:\openssl\lib
0239         $ copy /b out32dll\ssleay32.dll c:\openssl\bin
0240         $ copy /b out32dll\libeay32.dll c:\openssl\bin
0241         $ copy /b out32dll\openssl.exe  c:\openssl\bin
0242 
0243       Of course, you can choose another device than c:.  C: is used here
0244       because that's usually the first (and often only) harddisk device.
0245       Note: in the modssl INSTALL.Win32, p: is used rather than c:.
0246 
0247 
0248  Troubleshooting
0249  ---------------
0250 
0251  Since the Win32 build is only occasionally tested it may not always compile
0252  cleanly.  If you get an error about functions not having numbers assigned
0253  when you run ms\do_ms then this means the Win32 ordinal files are not up to
0254  date. You can do:
0255 
0256  > perl util\mkdef.pl crypto ssl update
0257 
0258  then ms\do_XXX should not give a warning any more. However the numbers that
0259  get assigned by this technique may not match those that eventually get
0260  assigned in the Git tree: so anything linked against this version of the
0261  library may need to be recompiled.
0262 
0263  If you get errors about unresolved symbols there are several possible
0264  causes.
0265 
0266  If this happens when the DLL is being linked and you have disabled some
0267  ciphers then it is possible the DEF file generator hasn't removed all
0268  the disabled symbols: the easiest solution is to edit the DEF files manually
0269  to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def.
0270 
0271  Another cause is if you missed or ignored the errors about missing numbers
0272  mentioned above.
0273 
0274  If you get warnings in the code then the compilation will halt.
0275 
0276  The default Makefile for Win32 halts whenever any warnings occur. Since VC++
0277  has its own ideas about warnings which don't always match up to other
0278  environments this can happen. The best fix is to edit the file with the
0279  warning in and fix it. Alternatively you can turn off the halt on warnings by
0280  editing the CFLAG line in the Makefile and deleting the /WX option.
0281 
0282  You might get compilation errors. Again you will have to fix these or report
0283  them.
0284 
0285  One final comment about compiling applications linked to the OpenSSL library.
0286  If you don't use the multithreaded DLL runtime library (/MD option) your
0287  program will almost certainly crash because malloc gets confused -- the
0288  OpenSSL DLLs are statically linked to one version, the application must
0289  not use a different one.  You might be able to work around such problems
0290  by adding CRYPTO_malloc_init() to your program before any calls to the
0291  OpenSSL libraries: This tells the OpenSSL libraries to use the same
0292  malloc(), free() and realloc() as the application.  However there are many
0293  standard library functions used by OpenSSL that call malloc() internally
0294  (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
0295  rely on CRYPTO_malloc_init() solving your problem, and you should
0296  consistently use the multithreaded library.
0297 
0298  Linking your application
0299  ------------------------
0300 
0301  If you link with static OpenSSL libraries [those built with ms/nt.mak],
0302  then you're expected to additionally link your application with
0303  WS2_32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing
0304  non-interactive service applications might feel concerned about linking
0305  with the latter two, as they are justly associated with interactive
0306  desktop, which is not available to service processes. The toolkit is
0307  designed to detect in which context it's currently executed, GUI,
0308  console app or service, and act accordingly, namely whether or not to
0309  actually make GUI calls. Additionally those who wish to
0310  /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and actually keep them
0311  off service process should consider implementing and exporting from
0312  .exe image in question own _OPENSSL_isservice not relying on USER32.DLL.
0313  E.g., on Windows Vista and later you could:
0314 
0315         __declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
0316         {   DWORD sess;
0317             if (ProcessIdToSessionId(GetCurrentProcessId(),&sess))
0318                 return sess==0;
0319             return FALSE;
0320         }
0321 
0322  If you link with OpenSSL .DLLs, then you're expected to include into
0323  your application code small "shim" snippet, which provides glue between
0324  OpenSSL BIO layer and your compiler run-time. Look up OPENSSL_Applink
0325  reference page for further details.