Wednesday, July 9, 2014

Compiling OpenSSL For Windows

Introduction

In order to support more advanced features planned in future releases, ClamAV has switched to using OpenSSL for hashing. The ClamAV Visual Studio project included with ClamAV's source code requires the OpenSSL distributables to be placed in a specific directory. This article will teach you how to compile OpenSSL on a Microsoft Windows system and how to link ClamAV against OpenSSL.

This blog article is based on another article.


Prerequisites


You will need ActiveState ActivePerl installed. OpenSSL uses Perl-based Makefiles. You will also need Visual Studio 2010 or later.


Download OpenSSL


You can find OpenSSL's source here. Download the latest version. When this article was first authored, the latest version of OpenSSL was 1.0.1h. This article will reference that version throughout.

We will be using separate build and installation directories for 32bit and 64bit compilations. We'll extract the source code twice, to C:\openssl-src-32 and C:\openss-src-64. We'll then create two directories to hold the OpenSSL installation: C:\openssl-build-32 and C:\openssl-build-64.


Compiling OpenSSL


We will first build the 32bit libraries. You will need to open a Visual Studio 32bit command prompt. Please note that you cannot build OpenSSL 64bit from a 32bit Visual Studio command prompt and vice-versa.

We'll run these commands in the command prompt:
  1. C:
  2. cd \openssl-src-32
  3. perl Configure VC-WIN32 --prefix=C:\openssl-build-32
  4. ms\do_ms
  5. nmake -f ms\ntdll.mak
  6. nmake -f ms\ntdll.mak install
Once those commands have run, you'll need to create the 64bit OpenSSL distributables in a Visual Studio x64 comamnd prompt:
  1. C:
  2. cd \openssl-src-64
  3. perl Configure VC-WIN64A --prefix=C:\openssl-build-64
  4. ms\do_win64a
  5. nmake -f ms\ntdll.mak
  6. nmake -f ms\ntdll.mak install
You now have both the 32bit and 64bit builds of OpenSSL compiled and installed in their respective build directories.


ClamAV Dependencies Directory


Now that you have distributables for both 32bit and 64bit, we'll now need to create the directories where the ClamAV Visual Studio project expects the OpenSSL dependencies to be.

Create these directories:
  1. C:\clamdeps
  2. C:\clamdeps\win32
  3. C:\clamdeps\win32\openssl
  4. C:\clamdeps\win32\openssl\lib
  5. C:\clamdeps\win64
  6. C:\clamdeps\win64\openssl
  7. C:\clamdeps\win64\openssl\lib

Copy the 32bit directories and files over:
  1. C:\openssl-build-32\include to C:\clamdeps\win32\openssl
  2. C:\openssl-build-32\lib\libeay32.lib to C:\clamdeps\win32\openssl\lib
  3. C:\openssl-build-32\lib\ssleay32.lib to C:\clamdeps\win32\openssl\lib
  4. C:\openssl-build-32\bin\libeay32.dll to C:\clamdeps\win32\openssl\lib
  5. C:\openssl-build-32\bin\ssleay32.dll to C:\clamdeps\win32\openssl\lib
Now copy the 64bit directories and files over:
  • C:\openssl-build-64\include to C:\clamdeps\win64\openssl
  • C:\openssl-build-64\lib\libeay32.lib to C:\clamdeps\win64\openssl\lib
  • C:\openssl-build-64\lib\ssleay32.lib to C:\clamdeps\win64\openssl\lib
  • C:\openssl-build-64\bin\libeay32.dll to C:\clamdeps\win64\openssl\lib
  • C:\openssl-build-64\bin\ssleay32.dll to C:\clamdeps\win64\openssl\lib


Conclusion


We've now built the OpenSSL libraries that ClamAV now depends on. ClamAV requires them to be in C:\clamdeps\win{32,64}\openssl.

4 comments :

  1. During the "Compiling OpenSSL" phase, additional build targets can be queried through running 'perl Configure' in the Visual Studio command prompt.

    One important target is debug which is generated by replacing step 3 in "Compiling OpenSSL" with:

    'perl Configure debug-VC-WIN32 --prefix=C:\openssl-build-32'

    'perl Configure debug-VC-WIN64A --prefix=C:\openssl-build-64'

    for the 32-bit build and 64-bit build, respectively.

    ReplyDelete
  2. For those who using openssl version > 1.1.0 and Visual Studio 2015.
    Beside of ActivePerl or equivalent, you need NASM (download link http://www.nasm.us/pub/nasm/releasebuilds/) and add nasm path to your PATH environment variable. Now, start building openssl using these commands:
    For 32bit:
    cd c:\openssl-src-32
    perl Configure VC-WIN32 --prefix=C:\openssl-build-32
    nmake
    nmake install

    For 64bit:
    cd C:\openssl-src-64
    perl Configure VC-WIN64A --prefix=C:\openssl-build-64
    nmake
    nmake install

    ReplyDelete
  3. Please do not use Command Prompt (cmd.exe), use Visual Studio Command Prompt.

    ReplyDelete
  4. @ Minh Dang: Thanks a lot for the update on NASM (I was getting error "NASM not found" and after doing as directed by you, it is taken care of...

    Though using the Visual Studio Command Prompt (on both Developer & MS Build) I get following error on running the configure command "perl Configure VC-WIN32 --prefix=C:\openssl-build-32":

    "It looks like you don't have either nmake.exe or dmake.exe on your PATH,
    so you will not be able to execute the commands from a Makefile. You can
    install dmake.exe with the Perl Package Manager by running: ppm install dmake"

    Being a NOVICE (I really mean it), I followed suit and got "dmake" using PPM, then after running the configure command mentioned above no errors were reported (imagine my relief). When I tried to run the next command "nmake" as mentioned by you, it gave me an error that "namke" is not present on my computer or in my PATH hence I was looking for the reason as I know that it is present in my Visual Studio 2015 Folder. Soon I realized that I installed "dmake" and should not use "namke" hence I tried "dmake" instead but got following error:

    "dmake.exe: makefile: line 51: Error: -- Expecting macro or rule defn, found neither"

    Not understanding what I was doing wrong (I pulled a lot of hair out of my head), I searched for forums and finally got the answer on a forum as follows:

    "Use Microsoft's nmake, not dmake. The VC-WIN32 configuration generates makefiles for use with nmake, which is included with Visual C. You told the OpenSSL build process to configure itself for Visual C (the "VC" part); now you have to use it."

    (At this time all my happiness and excitement is gone as I am back to square one).

    Now I have uninstalled the "dmake" package from PPM, and in my desperation I copied "nmake.exe" to "C:\openssl-src-32" so as to make sure that I get it in my so-called PATH however that is giving me the same error as before. I tried running "namke" in the same console after I got the error to make sure that the VS-Console is able to locate "nmake" in this directory and it went on and on and on with a lot of "IF EXIST" commands finally coming to a halt without any error.

    Now having mercy and pity on myself, my pimple sized brain and the time I was loosing on this (which is of no use anyway)... I finally gave up and am asking in this form for help, which would be much appreciated.

    I am not the only one facing this issue, there are a lot of people like me (may not be as funny as me) that are looking for some guidance.

    Regards,
    Suhail.

    ReplyDelete