]>
Commit | Line | Data |
---|---|---|
7a79b560 RL |
1 | |
2 | INSTALLATION ON THE WIN32 PLATFORM | |
3 | ---------------------------------- | |
4 | ||
5 | [Instructions for building for Windows CE can be found in INSTALL.WCE] | |
6 | ||
7 | Heres a few comments about building OpenSSL in Windows environments. Most | |
8 | of this is tested on Win32 but it may also work in Win 3.1 with some | |
9 | modification. | |
10 | ||
11 | You need Perl for Win32. Unless you will build on Cygwin, you will need | |
12 | ActiveState Perl, available from http://www.activestate.com/ActivePerl. | |
13 | ||
14 | and one of the following C compilers: | |
15 | ||
16 | * Visual C++ | |
17 | * Borland C | |
18 | * GNU C (Cygwin or MinGW) | |
19 | ||
20 | If you are compiling from a tarball or a CVS snapshot then the Win32 files | |
21 | may well be not up to date. This may mean that some "tweaking" is required to | |
22 | get it all to work. See the trouble shooting section later on for if (when?) | |
23 | it goes wrong. | |
24 | ||
25 | Visual C++ | |
26 | ---------- | |
27 | ||
28 | If you want to compile in the assembly language routines with Visual C++ then | |
29 | you will need an assembler. This is worth doing because it will result in | |
30 | faster code: for example it will typically result in a 2 times speedup in the | |
31 | RSA routines. Currently the following assemblers are supported: | |
32 | ||
33 | * Microsoft MASM (aka "ml") | |
34 | * Free Netwide Assembler NASM. | |
35 | ||
36 | MASM is distributed with most versions of VC++. For the versions where it is | |
37 | not included in VC++, it is also distributed with some Microsoft DDKs, for | |
38 | example the Windows NT 4.0 DDK and the Windows 98 DDK. If you do not have | |
39 | either of these DDKs then you can just download the binaries for the Windows | |
40 | 98 DDK and extract and rename the two files XXXXXml.exe and XXXXXml.err, to | |
41 | ml.exe and ml.err and install somewhere on your PATH. Both DDKs can be | |
42 | downloaded from the Microsoft developers site www.msdn.com. | |
43 | ||
44 | NASM is freely available. Version 0.98 was used during testing: other versions | |
45 | may also work. It is available from many places, see for example: | |
46 | http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ | |
47 | The NASM binary nasmw.exe needs to be installed anywhere on your PATH. | |
48 | ||
3642f632 BL |
49 | Firstly you should run Configure (to build a FIPS-certified variant of |
50 | OpenSSL, add the option "fips"): | |
7a79b560 RL |
51 | |
52 | > perl Configure VC-WIN32 | |
53 | ||
54 | Next you need to build the Makefiles and optionally the assembly language | |
3642f632 | 55 | files (to build a FIPS-certified variant of OpenSSL, add the argument "fips"): |
7a79b560 RL |
56 | |
57 | - If you are using MASM then run: | |
58 | ||
59 | > ms\do_masm | |
60 | ||
61 | - If you are using NASM then run: | |
62 | ||
63 | > ms\do_nasm | |
64 | ||
65 | - If you don't want to use the assembly language files at all then run: | |
66 | ||
67 | > ms\do_ms | |
68 | ||
69 | If you get errors about things not having numbers assigned then check the | |
70 | troubleshooting section: you probably won't be able to compile it as it | |
71 | stands. | |
72 | ||
73 | Then from the VC++ environment at a prompt do: | |
74 | ||
75 | > nmake -f ms\ntdll.mak | |
76 | ||
77 | If all is well it should compile and you will have some DLLs and executables | |
78 | in out32dll. If you want to try the tests then do: | |
79 | ||
80 | > cd out32dll | |
81 | > ..\ms\test | |
82 | ||
83 | Tweaks: | |
84 | ||
85 | There are various changes you can make to the Win32 compile environment. By | |
86 | default the library is not compiled with debugging symbols. If you add 'debug' | |
87 | to the mk1mf.pl lines in the do_* batch file then debugging symbols will be | |
88 | compiled in. Note that mk1mf.pl expects the platform to be the last argument | |
89 | on the command line, so 'debug' must appear before that, as all other options. | |
90 | ||
91 | The default Win32 environment is to leave out any Windows NT specific | |
92 | features. | |
93 | ||
94 | If you want to enable the NT specific features of OpenSSL (currently only the | |
95 | logging BIO) follow the instructions above but call the batch file do_nt.bat | |
96 | instead of do_ms.bat. | |
97 | ||
98 | You can also build a static version of the library using the Makefile | |
99 | ms\nt.mak | |
100 | ||
101 | Borland C++ builder 5 | |
102 | --------------------- | |
103 | ||
3642f632 BL |
104 | * Configure for building with Borland Builder (to build a FIPS-certified |
105 | variant of OpenSSL, add the option "fips"): | |
7a79b560 RL |
106 | > perl Configure BC-32 |
107 | ||
3642f632 BL |
108 | * Create the appropriate makefile (to build a FIPS-certified variant of |
109 | OpenSSL, add the argument "fips") | |
7a79b560 RL |
110 | > ms\do_nasm |
111 | ||
112 | * Build | |
113 | > make -f ms\bcb.mak | |
114 | ||
115 | Borland C++ builder 3 and 4 | |
116 | --------------------------- | |
117 | ||
118 | * Setup PATH. First must be GNU make then bcb4/bin | |
119 | ||
120 | * Run ms\bcb4.bat | |
121 | ||
122 | * Run make: | |
123 | > make -f bcb.mak | |
124 | ||
125 | GNU C (Cygwin) | |
126 | -------------- | |
127 | ||
128 | Cygwin provides a bash shell and GNU tools environment running | |
129 | on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP. | |
130 | Consequently, a make of OpenSSL with Cygwin is closer to a GNU | |
131 | bash environment such as Linux than to other the other Win32 | |
132 | makes. | |
133 | ||
134 | Cygwin implements a Posix/Unix runtime system (cygwin1.dll). | |
135 | It is also possible to create Win32 binaries that only use the | |
136 | Microsoft C runtime system (msvcrt.dll or crtdll.dll) using | |
137 | MinGW. MinGW can be used in the Cygwin development environment | |
138 | or in a standalone setup as described in the following section. | |
139 | ||
140 | To build OpenSSL using Cygwin: | |
141 | ||
142 | * Install Cygwin (see http://cygwin.com/) | |
143 | ||
144 | * Install Perl and ensure it is in the path. Both Cygwin perl | |
145 | (5.6.1-2 or newer) and ActivePerl work. | |
146 | ||
147 | * Run the Cygwin bash shell | |
148 | ||
149 | * $ tar zxvf openssl-x.x.x.tar.gz | |
150 | $ cd openssl-x.x.x | |
151 | ||
152 | To build the Cygwin version of OpenSSL: | |
153 | ||
154 | $ ./config | |
155 | [...] | |
156 | $ make | |
157 | [...] | |
158 | $ make test | |
159 | $ make install | |
160 | ||
161 | This will create a default install in /usr/local/ssl. | |
162 | ||
163 | To build the MinGW version (native Windows) in Cygwin: | |
164 | ||
165 | $ ./Configure mingw | |
166 | [...] | |
167 | $ make | |
168 | [...] | |
169 | $ make test | |
170 | $ make install | |
171 | ||
172 | Cygwin Notes: | |
173 | ||
174 | "make test" and normal file operations may fail in directories | |
175 | mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin | |
176 | stripping of carriage returns. To avoid this ensure that a binary | |
177 | mount is used, e.g. mount -b c:\somewhere /home. | |
178 | ||
179 | "bc" is not provided in older Cygwin distribution. This causes a | |
180 | non-fatal error in "make test" but is otherwise harmless. If | |
181 | desired and needed, GNU bc can be built with Cygwin without change. | |
182 | ||
183 | GNU C (MinGW) | |
184 | ------------- | |
185 | ||
186 | * Compiler installation: | |
187 | ||
188 | MinGW is available from http://www.mingw.org. Run the installer and | |
189 | set the MinGW bin directory to the PATH in "System Properties" or | |
190 | autoexec.bat. | |
191 | ||
192 | * Compile OpenSSL: | |
193 | ||
194 | > ms\mingw32 | |
195 | ||
196 | This will create the library and binaries in out. In case any problems | |
197 | occur, try | |
198 | > ms\mingw32 no-asm | |
199 | instead. | |
3642f632 BL |
200 | If you want to build a FIPS-certified variant of OpenSSL, add the argument |
201 | "fips" | |
7a79b560 RL |
202 | |
203 | libcrypto.a and libssl.a are the static libraries. To use the DLLs, | |
204 | link with libeay32.a and libssl32.a instead. | |
205 | ||
206 | See troubleshooting if you get error messages about functions not having | |
207 | a number assigned. | |
208 | ||
209 | * You can now try the tests: | |
210 | ||
211 | > cd out | |
212 | > ..\ms\test | |
213 | ||
214 | ||
215 | Installation | |
216 | ------------ | |
217 | ||
218 | If you used the Cygwin procedure above, you have already installed and | |
219 | can skip this section. For all other procedures, there's currently no real | |
220 | installation procedure for Win32. There are, however, some suggestions: | |
221 | ||
222 | - do nothing. The include files are found in the inc32/ subdirectory, | |
223 | all binaries are found in out32dll/ or out32/ depending if you built | |
224 | dynamic or static libraries. | |
225 | ||
226 | - do as is written in INSTALL.Win32 that comes with modssl: | |
227 | ||
228 | $ md c:\openssl | |
229 | $ md c:\openssl\bin | |
230 | $ md c:\openssl\lib | |
231 | $ md c:\openssl\include | |
232 | $ md c:\openssl\include\openssl | |
4097dce4 | 233 | $ copy /b inc32\openssl\* c:\openssl\include\openssl |
7a79b560 RL |
234 | $ copy /b out32dll\ssleay32.lib c:\openssl\lib |
235 | $ copy /b out32dll\libeay32.lib c:\openssl\lib | |
236 | $ copy /b out32dll\ssleay32.dll c:\openssl\bin | |
237 | $ copy /b out32dll\libeay32.dll c:\openssl\bin | |
238 | $ copy /b out32dll\openssl.exe c:\openssl\bin | |
239 | ||
240 | Of course, you can choose another device than c:. C: is used here | |
241 | because that's usually the first (and often only) harddisk device. | |
242 | Note: in the modssl INSTALL.Win32, p: is used rather than c:. | |
243 | ||
244 | ||
245 | Troubleshooting | |
246 | --------------- | |
247 | ||
248 | Since the Win32 build is only occasionally tested it may not always compile | |
249 | cleanly. If you get an error about functions not having numbers assigned | |
250 | when you run ms\do_ms then this means the Win32 ordinal files are not up to | |
251 | date. You can do: | |
252 | ||
253 | > perl util\mkdef.pl crypto ssl update | |
254 | ||
255 | then ms\do_XXX should not give a warning any more. However the numbers that | |
256 | get assigned by this technique may not match those that eventually get | |
257 | assigned in the CVS tree: so anything linked against this version of the | |
258 | library may need to be recompiled. | |
259 | ||
260 | If you get errors about unresolved symbols there are several possible | |
261 | causes. | |
262 | ||
263 | If this happens when the DLL is being linked and you have disabled some | |
264 | ciphers then it is possible the DEF file generator hasn't removed all | |
265 | the disabled symbols: the easiest solution is to edit the DEF files manually | |
266 | to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def. | |
267 | ||
268 | Another cause is if you missed or ignored the errors about missing numbers | |
269 | mentioned above. | |
270 | ||
271 | If you get warnings in the code then the compilation will halt. | |
272 | ||
273 | The default Makefile for Win32 halts whenever any warnings occur. Since VC++ | |
274 | has its own ideas about warnings which don't always match up to other | |
275 | environments this can happen. The best fix is to edit the file with the | |
276 | warning in and fix it. Alternatively you can turn off the halt on warnings by | |
277 | editing the CFLAG line in the Makefile and deleting the /WX option. | |
278 | ||
279 | You might get compilation errors. Again you will have to fix these or report | |
280 | them. | |
281 | ||
282 | One final comment about compiling applications linked to the OpenSSL library. | |
283 | If you don't use the multithreaded DLL runtime library (/MD option) your | |
284 | program will almost certainly crash because malloc gets confused -- the | |
285 | OpenSSL DLLs are statically linked to one version, the application must | |
286 | not use a different one. You might be able to work around such problems | |
287 | by adding CRYPTO_malloc_init() to your program before any calls to the | |
288 | OpenSSL libraries: This tells the OpenSSL libraries to use the same | |
289 | malloc(), free() and realloc() as the application. However there are many | |
290 | standard library functions used by OpenSSL that call malloc() internally | |
291 | (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot | |
292 | rely on CRYPTO_malloc_init() solving your problem, and you should | |
293 | consistently use the multithreaded library. |