[15529] | 1 | |
---|
| 2 | INSTALLATION ON THE WIN32 PLATFORM |
---|
| 3 | ---------------------------------- |
---|
| 4 | |
---|
| 5 | Heres a few comments about building OpenSSL in Windows environments. Most of |
---|
| 6 | this is tested on Win32 but it may also work in Win 3.1 with some |
---|
| 7 | modification. |
---|
| 8 | |
---|
| 9 | You need Perl for Win32 (available from http://www.activestate.com/ActivePerl) |
---|
| 10 | and one of the following C compilers: |
---|
| 11 | |
---|
| 12 | * Visual C++ |
---|
| 13 | * Borland C |
---|
| 14 | * GNU C (Mingw32 or Cygwin32) |
---|
| 15 | |
---|
| 16 | If you want to compile in the assembly language routines with Visual C++ then |
---|
| 17 | you will need an assembler. This is worth doing because it will result in |
---|
| 18 | faster code: for example it will typically result in a 2 times speedup in the |
---|
| 19 | RSA routines. Currently the following assemblers are supported: |
---|
| 20 | |
---|
| 21 | * Microsoft MASM (aka "ml") |
---|
| 22 | * Free Netwide Assembler NASM. |
---|
| 23 | |
---|
| 24 | MASM was at one point distributed with VC++. It is now distributed with some |
---|
| 25 | Microsoft DDKs, for example the Windows NT 4.0 DDK and the Windows 98 DDK. If |
---|
| 26 | you do not have either of these DDKs then you can just download the binaries |
---|
| 27 | for the Windows 98 DDK and extract and rename the two files XXXXXml.exe and |
---|
| 28 | XXXXXml.err, to ml.exe and ml.err and install somewhere on your PATH. Both |
---|
| 29 | DDKs can be downloaded from the Microsoft developers site www.msdn.com. |
---|
| 30 | |
---|
| 31 | NASM is freely available. Version 0.98 was used during testing: other versions |
---|
| 32 | may also work. It is available from many places, see for example: |
---|
| 33 | http://www.kernel.org/pub/software/devel/nasm/binaries/win32/ |
---|
| 34 | The NASM binary nasmw.exe needs to be installed anywhere on your PATH. |
---|
| 35 | |
---|
| 36 | If you are compiling from a tarball or a CVS snapshot then the Win32 files |
---|
| 37 | may well be not up to date. This may mean that some "tweaking" is required to |
---|
| 38 | get it all to work. See the trouble shooting section later on for if (when?) |
---|
| 39 | it goes wrong. |
---|
| 40 | |
---|
| 41 | Visual C++ |
---|
| 42 | ---------- |
---|
| 43 | |
---|
| 44 | Firstly you should run Configure: |
---|
| 45 | |
---|
| 46 | > perl Configure VC-WIN32 |
---|
| 47 | |
---|
| 48 | Next you need to build the Makefiles and optionally the assembly language |
---|
| 49 | files: |
---|
| 50 | |
---|
| 51 | - If you are using MASM then run: |
---|
| 52 | |
---|
| 53 | > ms\do_masm |
---|
| 54 | |
---|
| 55 | - If you are using NASM then run: |
---|
| 56 | |
---|
| 57 | > ms\do_nasm |
---|
| 58 | |
---|
| 59 | - If you don't want to use the assembly language files at all then run: |
---|
| 60 | |
---|
| 61 | > ms\do_ms |
---|
| 62 | |
---|
| 63 | If you get errors about things not having numbers assigned then check the |
---|
| 64 | troubleshooting section: you probably won't be able to compile it as it |
---|
| 65 | stands. |
---|
| 66 | |
---|
| 67 | Then from the VC++ environment at a prompt do: |
---|
| 68 | |
---|
| 69 | > nmake -f ms\ntdll.mak |
---|
| 70 | |
---|
| 71 | If all is well it should compile and you will have some DLLs and executables |
---|
| 72 | in out32dll. If you want to try the tests then do: |
---|
| 73 | |
---|
| 74 | > cd out32dll |
---|
| 75 | > ..\ms\test |
---|
| 76 | |
---|
| 77 | Tweaks: |
---|
| 78 | |
---|
| 79 | There are various changes you can make to the Win32 compile environment. By |
---|
| 80 | default the library is not compiled with debugging symbols. If you add 'debug' |
---|
| 81 | to the mk1mk.pl lines in the do_* batch file then debugging symbols will be |
---|
| 82 | compiled in. |
---|
| 83 | |
---|
| 84 | The default Win32 environment is to leave out any Windows NT specific |
---|
| 85 | features. |
---|
| 86 | |
---|
| 87 | If you want to enable the NT specific features of OpenSSL (currently only the |
---|
| 88 | logging BIO) follow the instructions above but call the batch file do_nt.bat |
---|
| 89 | instead of do_ms.bat. |
---|
| 90 | |
---|
| 91 | You can also build a static version of the library using the Makefile |
---|
| 92 | ms\nt.mak |
---|
| 93 | |
---|
| 94 | Borland C++ builder 3 and 4 |
---|
| 95 | --------------------------- |
---|
| 96 | |
---|
| 97 | * Setup PATH. First must be GNU make then bcb4/bin |
---|
| 98 | |
---|
| 99 | * Run ms\bcb4.bat |
---|
| 100 | |
---|
| 101 | * Run make: |
---|
| 102 | > make -f bcb.mak |
---|
| 103 | |
---|
| 104 | GNU C (Mingw32) |
---|
| 105 | --------------- |
---|
| 106 | |
---|
| 107 | To build OpenSSL, you need the Mingw32 package and GNU make. |
---|
| 108 | |
---|
| 109 | * Compiler installation: |
---|
| 110 | |
---|
| 111 | Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/ |
---|
| 112 | gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. GNU make is at |
---|
| 113 | <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/ |
---|
| 114 | make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run |
---|
| 115 | C:\egcs-1.1.2\mingw32.bat to set the PATH. |
---|
| 116 | |
---|
| 117 | * Compile OpenSSL: |
---|
| 118 | |
---|
| 119 | > ms\mingw32 |
---|
| 120 | |
---|
| 121 | This will create the library and binaries in out. In case any problems |
---|
| 122 | occur, try |
---|
| 123 | > ms\mingw32 no-asm |
---|
| 124 | instead. |
---|
| 125 | |
---|
| 126 | libcrypto.a and libssl.a are the static libraries. To use the DLLs, |
---|
| 127 | link with libeay32.a and libssl32.a instead. |
---|
| 128 | |
---|
| 129 | See troubleshooting if you get error messages about functions not having |
---|
| 130 | a number assigned. |
---|
| 131 | |
---|
| 132 | * You can now try the tests: |
---|
| 133 | |
---|
| 134 | > cd out |
---|
| 135 | > ..\ms\test |
---|
| 136 | |
---|
| 137 | GNU C (CygWin32) |
---|
| 138 | --------------- |
---|
| 139 | |
---|
| 140 | CygWin32 provides a bash shell and GNU tools environment running on |
---|
| 141 | NT 4.0, Windows 9x and Windows 2000. Consequently, a make of OpenSSL |
---|
| 142 | with CygWin is closer to a GNU bash environment such as Linux rather |
---|
| 143 | than other W32 makes that are based on a single makefile approach. |
---|
| 144 | CygWin32 implements Posix/Unix calls through cygwin1.dll, and is |
---|
| 145 | contrasted to Mingw32 which links dynamically to msvcrt.dll or |
---|
| 146 | crtdll.dll. |
---|
| 147 | |
---|
| 148 | To build OpenSSL using CygWin32: |
---|
| 149 | |
---|
| 150 | * Install CygWin32 (see http://sourceware.cygnus.com/cygwin) |
---|
| 151 | |
---|
| 152 | * Install Perl and ensure it is in the path |
---|
| 153 | |
---|
| 154 | * Run the CygWin bash shell |
---|
| 155 | |
---|
| 156 | * $ tar zxvf openssl-x.x.x.tar.gz |
---|
| 157 | $ cd openssl-x.x.x |
---|
| 158 | $ ./Configure no-threads CygWin32 |
---|
| 159 | [...] |
---|
| 160 | $ make |
---|
| 161 | [...] |
---|
| 162 | $ make test |
---|
| 163 | $ make install |
---|
| 164 | |
---|
| 165 | This will create a default install in /usr/local/ssl. |
---|
| 166 | |
---|
| 167 | CygWin32 Notes: |
---|
| 168 | |
---|
| 169 | "make test" and normal file operations may fail in directories |
---|
| 170 | mounted as text (i.e. mount -t c:\somewhere /home) due to CygWin |
---|
| 171 | stripping of carriage returns. To avoid this ensure that a binary |
---|
| 172 | mount is used, e.g. mount -b c:\somewhere /home. |
---|
| 173 | |
---|
| 174 | As of version 1.1.1 CygWin32 is relatively unstable in its handling |
---|
| 175 | of cr/lf issues. These make procedures succeeded with versions 1.1 and |
---|
| 176 | the snapshot 20000524 (Slow!). |
---|
| 177 | |
---|
| 178 | "bc" is not provided in the CygWin32 distribution. This causes a |
---|
| 179 | non-fatal error in "make test" but is otherwise harmless. If |
---|
| 180 | desired, GNU bc can be built with CygWin32 without change. |
---|
| 181 | |
---|
| 182 | |
---|
| 183 | Installation |
---|
| 184 | ------------ |
---|
| 185 | |
---|
| 186 | There's currently no real installation procedure for Win32. There are, |
---|
| 187 | however, some suggestions: |
---|
| 188 | |
---|
| 189 | - do nothing. The include files are found in the inc32/ subdirectory, |
---|
| 190 | all binaries are found in out32dll/ or out32/ depending if you built |
---|
| 191 | dynamic or static libraries. |
---|
| 192 | |
---|
| 193 | - do as is written in INSTALL.Win32 that comes with modssl: |
---|
| 194 | |
---|
| 195 | $ md c:\openssl |
---|
| 196 | $ md c:\openssl\bin |
---|
| 197 | $ md c:\openssl\lib |
---|
| 198 | $ md c:\openssl\include |
---|
| 199 | $ md c:\openssl\include\openssl |
---|
| 200 | $ copy /b inc32\* c:\openssl\include\openssl |
---|
| 201 | $ copy /b out32dll\ssleay32.lib c:\openssl\lib |
---|
| 202 | $ copy /b out32dll\libeay32.lib c:\openssl\lib |
---|
| 203 | $ copy /b out32dll\ssleay32.dll c:\openssl\bin |
---|
| 204 | $ copy /b out32dll\libeay32.dll c:\openssl\bin |
---|
| 205 | $ copy /b out32dll\openssl.exe c:\openssl\bin |
---|
| 206 | |
---|
| 207 | Of course, you can choose another device than c:. C: is used here |
---|
| 208 | because that's usually the first (and often only) harddisk device. |
---|
| 209 | Note: in the modssl INSTALL.Win32, p: is used rather than c:. |
---|
| 210 | |
---|
| 211 | |
---|
| 212 | Troubleshooting |
---|
| 213 | --------------- |
---|
| 214 | |
---|
| 215 | Since the Win32 build is only occasionally tested it may not always compile |
---|
| 216 | cleanly. If you get an error about functions not having numbers assigned |
---|
| 217 | when you run ms\do_ms then this means the Win32 ordinal files are not up to |
---|
| 218 | date. You can do: |
---|
| 219 | |
---|
| 220 | > perl util\mkdef.pl crypto ssl update |
---|
| 221 | |
---|
| 222 | then ms\do_XXX should not give a warning any more. However the numbers that |
---|
| 223 | get assigned by this technique may not match those that eventually get |
---|
| 224 | assigned in the CVS tree: so anything linked against this version of the |
---|
| 225 | library may need to be recompiled. |
---|
| 226 | |
---|
| 227 | If you get errors about unresolved symbols there are several possible |
---|
| 228 | causes. |
---|
| 229 | |
---|
| 230 | If this happens when the DLL is being linked and you have disabled some |
---|
| 231 | ciphers then it is possible the DEF file generator hasn't removed all |
---|
| 232 | the disabled symbols: the easiest solution is to edit the DEF files manually |
---|
| 233 | to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def. |
---|
| 234 | |
---|
| 235 | Another cause is if you missed or ignored the errors about missing numbers |
---|
| 236 | mentioned above. |
---|
| 237 | |
---|
| 238 | If you get warnings in the code then the compilation will halt. |
---|
| 239 | |
---|
| 240 | The default Makefile for Win32 halts whenever any warnings occur. Since VC++ |
---|
| 241 | has its own ideas about warnings which don't always match up to other |
---|
| 242 | environments this can happen. The best fix is to edit the file with the |
---|
| 243 | warning in and fix it. Alternatively you can turn off the halt on warnings by |
---|
| 244 | editing the CFLAG line in the Makefile and deleting the /WX option. |
---|
| 245 | |
---|
| 246 | You might get compilation errors. Again you will have to fix these or report |
---|
| 247 | them. |
---|
| 248 | |
---|
| 249 | One final comment about compiling applications linked to the OpenSSL library. |
---|
| 250 | If you don't use the multithreaded DLL runtime library (/MD option) your |
---|
| 251 | program will almost certainly crash because malloc gets confused -- the |
---|
| 252 | OpenSSL DLLs are statically linked to one version, the application must |
---|
| 253 | not use a different one. You might be able to work around such problems |
---|
| 254 | by adding CRYPTO_malloc_init() to your program before any calls to the |
---|
| 255 | OpenSSL libraries: This tells the OpenSSL libraries to use the same |
---|
| 256 | malloc(), free() and realloc() as the application. However there are many |
---|
| 257 | standard library functions used by OpenSSL that call malloc() internally |
---|
| 258 | (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot |
---|
| 259 | rely on CYRPTO_malloc_init() solving your problem, and you should |
---|
| 260 | consistently use the multithreaded library. |
---|