INSTALLATION ON THE WIN32 PLATFORM
----------------------------------
- Heres a few comments about building OpenSSL in Windows environments. Most of
- this is tested on Win32 but it may also work in Win 3.1 with some
- modification.
+ [Instructions for building for Windows CE can be found in INSTALL.WCE]
+ [Instructions for building for Win64 can be found in INSTALL.W64]
- You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
- and one of the following C compilers:
+ Here are a few comments about building OpenSSL for Win32 environments,
+ such as Windows NT and Windows 9x. It should be noted though that
+ Windows 9x are not ordinarily tested. Its mention merely means that we
+ attempt to maintain certain programming discipline and pay attention
+ to backward compatibility issues, in other words it's kind of expected
+ to work on Windows 9x, but no regression tests are actually performed.
- * Visual C++
- * Borland C
- * GNU C (Mingw32 or Cygwin32)
+ On additional note newer OpenSSL versions are compiled and linked with
+ Winsock 2. This means that minimum OS requirement was elevated to NT 4
+ and Windows 98 [there is Winsock 2 update for Windows 95 though].
- If you want to compile in the assembly language routines with Visual C++ then
- you will need an assembler. This is worth doing because it will result in
- faster code: for example it will typically result in a 2 times speedup in the
- RSA routines. Currently the following assemblers are supported:
+ - you need Perl for Win32. Unless you will build on Cygwin, you will need
+ ActiveState Perl, available from http://www.activestate.com/ActivePerl.
- * Microsoft MASM (aka "ml")
- * Free Netwide Assembler NASM.
+ - one of the following C compilers:
- MASM was at one point distributed with VC++. It is now distributed with some
- Microsoft DDKs, for example the Windows NT 4.0 DDK and the Windows 98 DDK. If
- you do not have either of these DDKs then you can just download the binaries
- for the Windows 98 DDK and extract and rename the two files XXXXXml.exe and
- XXXXXml.err, to ml.exe and ml.err and install somewhere on your PATH. Both
- DDKs can be downloaded from the Microsoft developers site www.msdn.com.
+ * Visual C++
+ * Borland C
+ * GNU C (Cygwin or MinGW)
- NASM is freely available. Version 0.98 was used during testing: other versions
- may also work. It is available from many places, see for example:
- http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
- The NASM binary nasmw.exe needs to be installed anywhere on your PATH.
+- Netwide Assembler, a.k.a. NASM, available from http://nasm.sourceforge.net/
+ is required if you intend to utilize assembler modules. Note that NASM
+ is now the only supported assembler.
If you are compiling from a tarball or a CVS snapshot then the Win32 files
may well be not up to date. This may mean that some "tweaking" is required to
Visual C++
----------
- Firstly you should run Configure:
+ If you want to compile in the assembly language routines with Visual
+ C++, then you will need already mentioned Netwide Assembler binary,
+ nasmw.exe or nasm.exe, to be available on your %PATH%.
- > perl Configure VC-WIN32
+ Firstly you should run Configure with platform VC-WIN32:
- Next you need to build the Makefiles and optionally the assembly language
- files:
+ > perl Configure VC-WIN32 --prefix=c:\some\openssl\dir
- - If you are using MASM then run:
+ Where the prefix argument specifies where OpenSSL will be installed to.
- > ms\do_masm
+ Next you need to build the Makefiles and optionally the assembly
+ language files:
- If you are using NASM then run:
- If you don't want to use the assembly language files at all then run:
+ > perl Configure VC-WIN32 no-asm --prefix=c:/some/openssl/dir
> ms\do_ms
If you get errors about things not having numbers assigned then check the
> nmake -f ms\ntdll.mak
- If all is well it should compile and you will have some DLLs and executables
- in out32dll. If you want to try the tests then do:
+ If all is well it should compile and you will have some DLLs and
+ executables in out32dll. If you want to try the tests then do:
- > cd out32dll
- > ..\ms\test
+ > nmake -f ms\ntdll.mak test
+
+
+ To install OpenSSL to the specified location do:
+
+ > nmake -f ms\ntdll.mak install
Tweaks:
- There are various changes you can make to the Win32 compile environment. By
- default the library is not compiled with debugging symbols. If you add 'debug'
- to the mk1mk.pl lines in the do_* batch file then debugging symbols will be
- compiled in.
+ There are various changes you can make to the Win32 compile
+ environment. By default the library is not compiled with debugging
+ symbols. If you use the platform debug-VC-WIN32 instead of VC-WIN32
+ then debugging symbols will be compiled in.
+
+ By default in 1.0.0 OpenSSL will compile builtin ENGINES into the
+ separate shared librariesy. If you specify the "enable-static-engine"
+ option on the command line to Configure the shared library build
+ (ms\ntdll.mak) will compile the engines into libeay32.dll instead.
The default Win32 environment is to leave out any Windows NT specific
features.
- If you want to enable the NT specific features of OpenSSL (currently only the
- logging BIO) follow the instructions above but call the batch file do_nt.bat
- instead of do_ms.bat.
+ If you want to enable the NT specific features of OpenSSL (currently
+ only the logging BIO) follow the instructions above but call the batch
+ file do_nt.bat instead of do_ms.bat.
You can also build a static version of the library using the Makefile
ms\nt.mak
+
+ Borland C++ builder 5
+ ---------------------
+
+ * Configure for building with Borland Builder:
+ > perl Configure BC-32
+
+ * Create the appropriate makefile
+ > ms\do_nasm
+
+ * Build
+ > make -f ms\bcb.mak
+
Borland C++ builder 3 and 4
---------------------------
* Run make:
> make -f bcb.mak
- GNU C (Mingw32)
- ---------------
+ GNU C (Cygwin)
+ --------------
+
+ Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of
+ Win32 subsystem and provides a bash shell and GNU tools environment.
+ Consequently, a make of OpenSSL with Cygwin is virtually identical to
+ Unix procedure. It is also possible to create Win32 binaries that only
+ use the Microsoft C runtime system (msvcrt.dll or crtdll.dll) using
+ MinGW. MinGW can be used in the Cygwin development environment or in a
+ standalone setup as described in the following section.
+
+ To build OpenSSL using Cygwin:
+
+ * Install Cygwin (see http://cygwin.com/)
+
+ * Install Perl and ensure it is in the path. Both Cygwin perl
+ (5.6.1-2 or newer) and ActivePerl work.
- To build OpenSSL, you need the Mingw32 package and GNU make.
+ * Run the Cygwin bash shell
- * Compiler installation:
+ * $ tar zxvf openssl-x.x.x.tar.gz
+ $ cd openssl-x.x.x
- Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/gnu-win32/
- mingw32/egcs-1.1.2/egcs-1.1.2-mingw32.zip>. GNU make is at
- <ftp://agnes.dida.physik.uni-essen.de/home/janjaap/mingw32/binaries/
- make-3.76.1.zip>. Install both of them in C:\egcs-1.1.2 and run
- C:\egcs-1.1.2\mingw32.bat to set the PATH.
+ To build the Cygwin version of OpenSSL:
+
+ $ ./config
+ [...]
+ $ make
+ [...]
+ $ make test
+ $ make install
+
+ This will create a default install in /usr/local/ssl.
+
+ To build the MinGW version (native Windows) in Cygwin:
+
+ $ ./Configure mingw
+ [...]
+ $ make
+ [...]
+ $ make test
+ $ make install
+
+ Cygwin Notes:
+
+ "make test" and normal file operations may fail in directories
+ mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
+ stripping of carriage returns. To avoid this ensure that a binary
+ mount is used, e.g. mount -b c:\somewhere /home.
+
+ "bc" is not provided in older Cygwin distribution. This causes a
+ non-fatal error in "make test" but is otherwise harmless. If
+ desired and needed, GNU bc can be built with Cygwin without change.
+
+ GNU C (MinGW/MSYS)
+ -------------
+
+ * Compiler and shell environment installation:
+
+ MinGW and MSYS are available from http://www.mingw.org/, both are
+ required. Run the installers and do whatever magic they say it takes
+ to start MSYS bash shell with GNU tools on its PATH.
+
+ N.B. Since source tar-ball can contain symbolic links, it's essential
+ that you use accompanying MSYS tar to unpack the source. It will
+ either handle them in one way or another or fail to extract them,
+ which does the trick too. Latter means that you may safely ignore all
+ "cannot create symlink" messages, as they will be "re-created" at
+ configure stage by copying corresponding files. Alternative programs
+ were observed to create empty files instead, which results in build
+ failure.
* Compile OpenSSL:
- > perl Configure Mingw32
- > ms\mw.bat
+ $ ./config
+ [...]
+ $ make
+ [...]
+ $ make test
+
+ This will create the library and binaries in root source directory
+ and openssl.exe application in apps directory.
- This will create the library and binaries in out.
+ It is also possible to cross-compile it on Linux by configuring
+ with './Configure --cross-compile-prefix=i386-mingw32- mingw ...'.
+ 'make test' is naturally not applicable then.
libcrypto.a and libssl.a are the static libraries. To use the DLLs,
link with libeay32.a and libssl32.a instead.
- See troubleshooting if you get error messages about functions not having
- a number assigned.
+ See troubleshooting if you get error messages about functions not
+ having a number assigned.
+
+ Installation
+ ------------
+
+ If you used the Cygwin procedure above, you have already installed and
+ can skip this section. For all other procedures, there's currently no real
+ installation procedure for Win32. There are, however, some suggestions:
- * You can now try the tests:
+ - do nothing. The include files are found in the inc32/ subdirectory,
+ all binaries are found in out32dll/ or out32/ depending if you built
+ dynamic or static libraries.
+
+ - do as is written in INSTALL.Win32 that comes with modssl:
+
+ $ md c:\openssl
+ $ md c:\openssl\bin
+ $ md c:\openssl\lib
+ $ md c:\openssl\include
+ $ md c:\openssl\include\openssl
+ $ copy /b inc32\openssl\* c:\openssl\include\openssl
+ $ copy /b out32dll\ssleay32.lib c:\openssl\lib
+ $ copy /b out32dll\libeay32.lib c:\openssl\lib
+ $ copy /b out32dll\ssleay32.dll c:\openssl\bin
+ $ copy /b out32dll\libeay32.dll c:\openssl\bin
+ $ copy /b out32dll\openssl.exe c:\openssl\bin
+
+ Of course, you can choose another device than c:. C: is used here
+ because that's usually the first (and often only) harddisk device.
+ Note: in the modssl INSTALL.Win32, p: is used rather than c:.
- > cd out
- > ..\ms\test
Troubleshooting
---------------
malloc(), free() and realloc() as the application. However there are many
standard library functions used by OpenSSL that call malloc() internally
(e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
- rely on CYRPTO_malloc_init() solving your problem, and you should
+ rely on CRYPTO_malloc_init() solving your problem, and you should
consistently use the multithreaded library.
+
+ Linking your application
+ ------------------------
+
+ If you link with static OpenSSL libraries [those built with ms/nt.mak],
+ then you're expected to additionally link your application with
+ WS2_32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing
+ non-interactive service applications might feel concerned about linking
+ with the latter two, as they are justly associated with interactive
+ desktop, which is not available to service processes. The toolkit is
+ designed to detect in which context it's currently executed, GUI,
+ console app or service, and act accordingly, namely whether or not to
+ actually make GUI calls. Additionally those who wish to
+ /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and actually keep them
+ off service process should consider implementing and exporting from
+ .exe image in question own _OPENSSL_isservice not relying on USER32.DLL.
+ E.g., on Windows Vista and later you could:
+
+ __declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
+ { DWORD sess;
+ if (ProcessIdToSessionId(GetCurrentProcessId(),&sess))
+ return sess==0;
+ return FALSE;
+ }
+
+ If you link with OpenSSL .DLLs, then you're expected to include into
+ your application code small "shim" snippet, which provides glue between
+ OpenSSL BIO layer and your compiler run-time. Look up OPENSSL_Applink
+ reference page for further details.