1 2 INSTALLATION ON THE WIN32 PLATFORM 3 ---------------------------------- 4 5 [Instructions for building for Windows CE can be found in INSTALL.WCE] 6 7 Heres a few comments about building OpenSSL in Windows environments. Most 8 of this is tested on Win32 but it may also work in Win 3.1 with some 9 modification. 10 11 You need Perl for Win32. Unless you will build on Cygwin, you will need 12 ActiveState Perl, available from http://www.activestate.com/ActivePerl. 13 14 and one of the following C compilers: 15 16 * Visual C++ 17 * Borland C 18 * GNU C (Cygwin or MinGW) 19 20 If you are compiling from a tarball or a CVS snapshot then the Win32 files 21 may well be not up to date. This may mean that some "tweaking" is required to 22 get it all to work. See the trouble shooting section later on for if (when?) 23 it goes wrong. 24 25 Visual C++ 26 ---------- 27 28 If you want to compile in the assembly language routines with Visual C++ then 29 you will need an assembler. This is worth doing because it will result in 30 faster code: for example it will typically result in a 2 times speedup in the 31 RSA routines. Currently the following assemblers are supported: 32 33 * Microsoft MASM (aka "ml") 34 * Free Netwide Assembler NASM. 35 36 MASM is distributed with most versions of VC++. For the versions where it is 37 not included in VC++, it is also distributed with some Microsoft DDKs, for 38 example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have 39 either of these DDKs then you can just download the binaries for the Windows 40 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to 41 ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be 42 downloaded from the Microsoft developers site www.msdn.com. 43 44 NASM is freely available. Version 0.98 was used during testing: other versions 45 may also work. It is available from many places, see for example: 46 http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ 47 The NASM binary nasmw.exe needs to be installed anywhere on your PATH. 48 49 Firstly you should run Configure (to build a FIPS-certified variant of 50 OpenSSL, add the option "fips"): 51 52 > perl Configure VC-WIN32 53 54 Next you need to build the Makefiles and optionally the assembly language 55 files (to build a FIPS-certified variant of OpenSSL, add the argument "fips"): 56 57 - If you are using MASM then run: 58 59 > ms\do_masm 60 61 - If you are using NASM then run: 62 63 > ms\do_nasm 64 65 - If you don't want to use the assembly language files at all then run: 66 67 > ms\do_ms 68 69 If you get errors about things not having numbers assigned then check the 70 troubleshooting section: you probably won't be able to compile it as it 71 stands. 72 73 Then from the VC++ environment at a prompt do: 74 75 > nmake -f ms\ntdll.mak 76 77 If all is well it should compile and you will have some DLLs and executables 78 in out32dll. If you want to try the tests then do: 79 80 > cd out32dll 81 > ..\ms\test 82 83 Tweaks: 84 85 There are various changes you can make to the Win32 compile environment. By 86 default the library is not compiled with debugging symbols. If you add 'debug' 87 to the mk1mf.pl lines in the do_* batch file then debugging symbols will be 88 compiled in. Note that mk1mf.pl expects the platform to be the last argument 89 on the command line, so 'debug' must appear before that, as all other options. 90 91 The default Win32 environment is to leave out any Windows NT specific 92 features. 93 94 If you want to enable the NT specific features of OpenSSL (currently only the 95 logging BIO) follow the instructions above but call the batch file do_nt.bat 96 instead of do_ms.bat. 97 98 You can also build a static version of the library using the Makefile 99 ms\nt.mak 100 101 Borland C++ builder 5 102 --------------------- 103 104 * Configure for building with Borland Builder (to build a FIPS-certified 105 variant of OpenSSL, add the option "fips"): 106 > perl Configure BC-32 107 108 * Create the appropriate makefile (to build a FIPS-certified variant of 109 OpenSSL, add the argument "fips") 110 > ms\do_nasm 111 112 * Build 113 > make -f ms\bcb.mak 114 115 Borland C++ builder 3 and 4 116 --------------------------- 117 118 * Setup PATH. First must be GNU make then bcb4/bin 119 120 * Run ms\bcb4.bat 121 122 * Run make: 123 > make -f bcb.mak 124 125 GNU C (Cygwin) 126 -------------- 127 128 Cygwin provides a bash shell and GNU tools environment running 129 on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. 130 Consequently, a make of OpenSSL with Cygwin is closer to a GNU 131 bash environment such as Linux than to other the other Win32 132 makes. 133 134 Cygwin implements a Posix/Unix runtime system (cygwin1.dll). 135 It is also possible to create Win32 binaries that only use the 136 Microsoft C runtime system (msvcrt.dll or crtdll.dll) using 137 MinGW. MinGW can be used in the Cygwin development environment 138 or in a standalone setup as described in the following section. 139 140 To build OpenSSL using Cygwin: 141 142 * Install Cygwin (see http://cygwin.com/) 143 144 * Install Perl and ensure it is in the path. Both Cygwin perl 145 (5.6.1-2 or newer) and ActivePerl work. 146 147 * Run the Cygwin bash shell 148 149 * $ tar zxvf openssl-x.x.x.tar.gz 150 $ cd openssl-x.x.x 151 152 To build the Cygwin version of OpenSSL: 153 154 $ ./config 155 [...] 156 $ make 157 [...] 158 $ make test 159 $ make install 160 161 This will create a default install in /usr/local/ssl. 162 163 To build the MinGW version (native Windows) in Cygwin: 164 165 $ ./Configure mingw 166 [...] 167 $ make 168 [...] 169 $ make test 170 $ make install 171 172 Cygwin Notes: 173 174 "make test" and normal file operations may fail in directories 175 mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin 176 stripping of carriage returns. To avoid this ensure that a binary 177 mount is used, e.g. mount -b c:\somewhere /home. 178 179 "bc" is not provided in older Cygwin distribution. This causes a 180 non-fatal error in "make test" but is otherwise harmless. If 181 desired and needed, GNU bc can be built with Cygwin without change. 182 183 GNU C (MinGW) 184 ------------- 185 186 * Compiler installation: 187 188 MinGW is available from http://www.mingw.org. Run the installer and 189 set the MinGW bin directory to the PATH in "System Properties" or 190 autoexec.bat. 191 192 * Compile OpenSSL: 193 194 > ms\mingw32 195 196 This will create the library and binaries in out. In case any problems 197 occur, try 198 > ms\mingw32 no-asm 199 instead. 200 If you want to build a FIPS-certified variant of OpenSSL, add the argument 201 "fips" 202 203 libcrypto.a and libssl.a are the static libraries. To use the DLLs, 204 link with libeay32.a and libssl32.a instead. 205 206 See troubleshooting if you get error messages about functions not having 207 a number assigned. 208 209 * You can now try the tests: 210 211 > cd out 212 > ..\ms\test 213 214 215 Installation 216 ------------ 217 218 If you used the Cygwin procedure above, you have already installed and 219 can skip this section. For all other procedures, there's currently no real 220 installation procedure for Win32. There are, however, some suggestions: 221 222 - do nothing. The include files are found in the inc32/ subdirectory, 223 all binaries are found in out32dll/ or out32/ depending if you built 224 dynamic or static libraries. 225 226 - do as is written in INSTALL.Win32 that comes with modssl: 227 228 $ md c:\openssl 229 $ md c:\openssl\bin 230 $ md c:\openssl\lib 231 $ md c:\openssl\include 232 $ md c:\openssl\include\openssl 233 $ copy /b inc32\openssl\* c:\openssl\include\openssl 234 $ copy /b out32dll\ssleay32.lib c:\openssl\lib 235 $ copy /b out32dll\libeay32.lib c:\openssl\lib 236 $ copy /b out32dll\ssleay32.dll c:\openssl\bin 237 $ copy /b out32dll\libeay32.dll c:\openssl\bin 238 $ copy /b out32dll\openssl.exe c:\openssl\bin 239 240 Of course, you can choose another device than c:. C: is used here 241 because that's usually the first (and often only) harddisk device. 242 Note: in the modssl INSTALL.Win32, p: is used rather than c:. 243 244 245 Troubleshooting 246 --------------- 247 248 Since the Win32 build is only occasionally tested it may not always compile 249 cleanly. If you get an error about functions not having numbers assigned 250 when you run ms\do_ms then this means the Win32 ordinal files are not up to 251 date. You can do: 252 253 > perl util\mkdef.pl crypto ssl update 254 255 then ms\do_XXX should not give a warning any more. However the numbers that 256 get assigned by this technique may not match those that eventually get 257 assigned in the CVS tree: so anything linked against this version of the 258 library may need to be recompiled. 259 260 If you get errors about unresolved symbols there are several possible 261 causes. 262 263 If this happens when the DLL is being linked and you have disabled some 264 ciphers then it is possible the DEF file generator hasn't removed all 265 the disabled symbols: the easiest solution is to edit the DEF files manually 266 to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def. 267 268 Another cause is if you missed or ignored the errors about missing numbers 269 mentioned above. 270 271 If you get warnings in the code then the compilation will halt. 272 273 The default Makefile for Win32 halts whenever any warnings occur. Since VC++ 274 has its own ideas about warnings which don't always match up to other 275 environments this can happen. The best fix is to edit the file with the 276 warning in and fix it. Alternatively you can turn off the halt on warnings by 277 editing the CFLAG line in the Makefile and deleting the /WX option. 278 279 You might get compilation errors. Again you will have to fix these or report 280 them. 281 282 One final comment about compiling applications linked to the OpenSSL library. 283 If you don't use the multithreaded DLL runtime library (/MD option) your 284 program will almost certainly crash because malloc gets confused -- the 285 OpenSSL DLLs are statically linked to one version, the application must 286 not use a different one. You might be able to work around such problems 287 by adding CRYPTO_malloc_init() to your program before any calls to the 288 OpenSSL libraries: This tells the OpenSSL libraries to use the same 289 malloc(), free() and realloc() as the application. However there are many 290 standard library functions used by OpenSSL that call malloc() internally 291 (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot 292 rely on CRYPTO_malloc_init() solving your problem, and you should 293 consistently use the multithreaded library. 294