我需要为Windows,iOS和Android(x86,MIPS和Arm)构建静态OpenSSL库。
我有一台Mac,我有一台Windows PC。我没有Linux机器。到目前为止,我没有在网上发现任何表明我需要的东西是可能的,但显然人们已经做到了。
不幸的是,OpenSSL wiki不太有用。使用Visual Studio为Windows构建静态库几乎不可能。 iOS的作弊但它并没有构建我需要的版本。至于Android,它不会在Windows或Mac上构建,至少不适合我。
为什么这样一个普遍且广泛采用的软件无法构建和使用?
答案 0 :(得分:1)
Windows演示 - 构建OpenSSL 1.0.2d
我对构建OpenSSL for Windows感到很沮丧,所以我创建了下面的批处理文件,只需点击一下即可构建它。如果一切顺利,您将拥有一个名为“OpenSSLoutput-1.0.2d”的输出文件夹,其中包含FIPS个OpenSSL文件。
静态Libs在这里创建:
C:\Work\OpenSSL-Builds\openssl-1.0.2d-64\out32
导入Libs / Dll在此处创建:
C:\Work\OpenSSL-Builds\openssl-1.0.2d-64\out32dll
要开始OpenSSL构建,请创建本地文件夹,例如
C:\Work\OpenSSL-Builds\bin
bin 子文件夹应包含以下文件:
7z.dll
7z.exe
wget.exe
ReadMe.txt
RunMe.bat
BuildOpenSSL.bat
replace.bat
可以使用 7z.dll 和 7z.exe 解压缩OpenSSL文件。
可在此处获取:www.7-zip.org
Wget.exe 是一个免费的网络实用程序,用于从Internet检索文件。
可在此处获取:gnuwin32.sourceforge.net/packages/wget.htm
<强>的Readme.txt
--- Building FIPS Capable OpenSSL ---
Edit RunMe.bat and tweak these variables:
set fipsurl=http://www.openssl.org/source
set fipsfile=openssl-fips-2.0.11.tar.gz
set fipsfileversion=2.0.11
set opensslurl=http://www.openssl.org/source
set opensslfile=openssl-1.0.2e.tar.gz
set opensslfileversion=1.0.2e
set rootfolder="C:\OpenSSL-Builds"
set VCcompiler="C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC"
To build, run the batch file:
bin\RunMe.bat
--- FIPS capable OpenSSL ---
The FIPS module was designed from the beginning to be used in conjunction with OpenSSL in a configuration we call the "FIPS Capable" OpenSSL, where the FIPS module is embedded in the OpenSSL shared library (or library plus application as an executable file) and all relevant cryptographic operations are seamlessly diverted to the FIPS module when the FIPS mode of operation is enabled. A major advantage of the "FIPS capable" OpenSSL is that vendors can ship the same software to all of their customers, those who want the FIPS 140-2 validated cryptography and those who do not. For many software products and markets the latter group of users is the largest.
The "FIPS capable" OpenSSL redirects allowed cryptography to the embedded FIPS module and disables all other cryptography (those algorithm implementations not in the FIPS module), and to be conservative we implemented the "FIPS capable" OpenSSL 1.0.1 to unconditionally redirect some cryptographic operations (SHA digests, for instance, which are the same for FIPS and non-FIPS implementations) to the FIPS module. So, a FIPS module that unconditionally disables those cryptographic operations will break OpenSSL for anyone who doesn't immediately enable FIPS mode, which is most calling applications. Note that even aside from the fact that most users won't want the overhead of the POST, it isn't possible for a library to automatically perform POST processing in a portable way.
The proper treatment for a new FIPS capable OpenSSL for use with a disabled-by-default FIPS module will be to have OpenSSL ignore the FIPS module completely until and if it is referenced via a call to the FIPS_mode_set() function.
--- System Requirements ---
Download Visual Studio 2008 with VC++ support - C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\
Download nasm assembler - C:\nasm\
Download ActiveState Perl - C:\Perl64\
<强> RunMe.bat
REM --- Building FIPS Capable OpenSSL ---
set fipsurl=http://www.openssl.org/source
set fipsfile=openssl-fips-2.0.11.tar.gz
set fipsfileversion=2.0.11
set opensslurl=http://www.openssl.org/source
set opensslfile=openssl-1.0.2e.tar.gz
set opensslfileversion=1.0.2e
set rootfolder="C:\OpenSSL-Builds"
set VCcompiler="C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC"
call buildOpenSSL.bat %fipsurl% %fipsfile% %opensslurl% %opensslfile% %fipsfileversion% %opensslfileversion% %rootfolder% %VCcompiler%
<强> BuildOpenSSL.bat
@SETLOCAL
cd..
REM ------------------- Build FIPS x86 -------------------
set rootfolder=%7
set rootfolder=%rootfolder:~1,-1%
set fipsurl=%1
set fips=%2
set OpenSSLurl=%3
set openSSL=%4
set fipsver=%5
set OpenSSLver=%6
set fipstar=%fips:~0,-3%
set fipsfolder=%fips:~0,-7%
set openSSLtar=%openSSL:~0,-3%
set openSSLfolder=%openSSL:~0,-7%
set VCcompiler=%8
set VCcompiler=%VCcompiler:~1,-1%
REM Set environment variable PROCESSOR_ARCHITECTURE briefly to x86.
REM This prevents FIPS trying to build an x64 release by default.
ECHO Setting PROCESSOR_ARCHITECTURE from AMD64 to x86
set PROCESSOR_ARCHITECTURE=x86
echo %PROCESSOR_ARCHITECTURE%
call "%VCcompiler%\vcvarsall.bat" x86
set path=C:\nasm;%rootfolder%\bin;%path%
del %fips%
del %fipstar%
rmdir /S /Q %fipsfolder%
rmdir /S /Q %fipsfolder%-64
wget -N -q --no-check-certificate %fipsurl%/%fips%
7z.exe x %fips%
7z.exe x %fipstar%
XCOPY "%rootfolder%\%fipsfolder%" "%rootfolder%\%fipsfolder%-64" /E /I /Y
cd %fipsfolder%
REM This statically links the CRT (/MT). That will remove the msvcr90.dll dependency by basically including the CRT inside the dll.
REM For VC debug builds, comment out the next line to keep /MD.
call "%rootfolder%\bin\replace.bat" "/MD" "/MT" "%rootfolder%\%fipsfolder%\util\pl\VC-32.pl"
perl Configure VC-WIN32
call "%rootfolder%\bin\replace.bat" "pause" "rem pause" "%rootfolder%\%fipsfolder%\ms\do_fips.bat"
call ms\do_fips.bat
cd "%rootfolder%"
REM ------------------- Build OpenSSL x86 -------------------
del %openSSL%
del %openSSLtar%
rmdir /S /Q %openSSLfolder%
wget -N -q --no-check-certificate %OpenSSLurl%/%openSSL%
7z.exe x %openSSL%
7z.exe x %openSSLtar%
XCOPY "%rootfolder%\%openSSLfolder%" "%rootfolder%\%openSSLfolder%-64" /E /I /Y
cd %openSSLfolder%
call "%rootfolder%\bin\replace.bat" "/MD" "/MT" "%rootfolder%\%openSSLfolder%\util\pl\VC-32.pl"
perl Configure VC-WIN32 fips --with-fipslibdir=%rootfolder%\%fipsfolder%\out32dll
call ms\do_nasm.bat
REM /fixed tells the operating system to load the program only at its preferred base address.
REM The standard OpenSSL build with the FIPS option will use a base address for libeay32.dll of 0xFB00000.
call "%rootfolder%\bin\replace.bat" "/dll" "/dll /fixed" "%rootfolder%\%openSSLfolder%\ms\ntdll.mak"
REM Embed symbols into lib files - otherwise copy \tmp32\LIB.PDB to the project.
call "%rootfolder%\bin\replace.bat" "/Zi" "/Z7" "%rootfolder%\%openSSLfolder%\ms\ntdll.mak"
REM Building the 32-bit dynamic libraries for FIPS
nmake -f ms\ntdll.mak
nmake -f ms\ntdll.mak test
REM Building the 32-bit static libraries for OPENSSL.EXE
perl Configure VC-WIN32
call ms\do_nasm.bat
REM Embed symbols into lib files.
call "%rootfolder%\bin\replace.bat" "/Zi" "/Z7" "%rootfolder%\%openSSLfolder%\ms\nt.mak"
nmake -f ms\nt.mak
nmake -f ms\nt.mak test
cd "%rootfolder%"
rmdir /S /Q OpenSSLoutput-%OpenSSLver%
mkdir OpenSSLoutput-%OpenSSLver%
copy "%rootfolder%\%openSSLfolder%\out32dll\libeay32.lib" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\libeay32_%OpenSSLver%-fips-%fipsver%_W32.lib"
copy "%rootfolder%\%openSSLfolder%\out32dll\libeay32.dll" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\libeay32.dll"
copy "%rootfolder%\%openSSLfolder%\out32dll\ssleay32.lib" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\ssleay32_%OpenSSLver%-fips-%fipsver%_W32.lib"
copy "%rootfolder%\%openSSLfolder%\out32dll\ssleay32.dll" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\ssleay32.dll"
copy "%rootfolder%\%openSSLfolder%\out32\openssl.exe" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\OpenSSL.exe"
REM Copy Static Libs (Non FIPS)
copy "%rootfolder%\%openSSLfolder%\out32\libeay32.lib" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\libeay32_%OpenSSLver%_W32.lib"
copy "%rootfolder%\%openSSLfolder%\out32\ssleay32.lib" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\ssleay32_%OpenSSLver%_W32.lib"
REM ------------------- Build FIPS x64 -------------------
ECHO Setting PROCESSOR_ARCHITECTURE from x86 to AMD64
set PROCESSOR_ARCHITECTURE=AMD64
echo %PROCESSOR_ARCHITECTURE%
call "%VCcompiler%\vcvarsall.bat" x86_amd64
set path=C:\nasm;%rootfolder%\bin;%path%
cd %fipsfolder%-64
REM This statically links the CRT (/MT). That will remove the msvcr90.dll dependency by basically including the CRT inside the dll.
call "%rootfolder%\bin\replace.bat" "/MD" "/MT" "%rootfolder%\%fipsfolder%-64\util\pl\VC-32.pl"
perl Configure VC-WIN64A
call "%rootfolder%\bin\replace.bat" "pause" "rem pause" "%rootfolder%\%fipsfolder%-64\ms\do_fips.bat"
call ms\do_fips.bat
REM ------------------- Build OpenSSL x64 -------------------
cd "%rootfolder%\%openSSLfolder%-64"
call "%rootfolder%\bin\replace.bat" "/MD" "/MT" "%rootfolder%\%openSSLfolder%-64\util\pl\VC-32.pl"
perl Configure VC-WIN64A fips --with-fipslibdir=%rootfolder%\%fipsfolder%-64\out32dll
call ms\do_win64a.bat
REM /fixed tells the operating system to load the program only at its preferred base address.
REM The standard OpenSSL build with the FIPS option will use a base address for libeay32.dll of 0xFB00000.
call "%rootfolder%\bin\replace.bat" "/dll" "/dll /fixed" "%rootfolder%\%openSSLfolder%-64\ms\ntdll.mak"
REM Embed symbols into lib files.
call "%rootfolder%\bin\replace.bat" "/Zi" "/Z7" "%rootfolder%\%openSSLfolder%-64\ms\ntdll.mak"
REM Create 64-bit named binaries to prevent clashing with 32-bit binaries
call "%rootfolder%\bin\replace.bat" "SSL=ssleay32" "SSL=ssleay64" "%rootfolder%\%openSSLfolder%-64\ms\ntdll.mak"
call "%rootfolder%\bin\replace.bat" "CRYPTO=libeay32" "CRYPTO=libeay64" "%rootfolder%\%openSSLfolder%-64\ms\ntdll.mak"
call "%rootfolder%\bin\replace.bat" "SSLEAY32" "SSLEAY64" "%rootfolder%\%openSSLfolder%-64\ms\ssleay32.def"
call "%rootfolder%\bin\replace.bat" "LIBEAY32" "LIBEAY64" "%rootfolder%\%openSSLfolder%-64\ms\libeay32.def"
REM Building the 64-bit dynamic libraries for FIPS
nmake -f ms\ntdll.mak
nmake -f ms\ntdll.mak test
REM Building the 64-bit static libraries for OPENSSL.EXE
perl Configure VC-WIN64A
call ms\do_win64a.bat
call "%rootfolder%\bin\replace.bat" "SSL=ssleay32" "SSL=ssleay64" "%rootfolder%\%openSSLfolder%-64\ms\nt.mak"
call "%rootfolder%\bin\replace.bat" "CRYPTO=libeay32" "CRYPTO=libeay64" "%rootfolder%\%openSSLfolder%-64\ms\nt.mak"
REM Embed symbols into lib files.
call "%rootfolder%\bin\replace.bat" "/Zi" "/Z7" "%rootfolder%\%openSSLfolder%-64\ms\nt.mak"
nmake -f ms\nt.mak
nmake -f ms\nt.mak test
cd "%rootfolder%"
copy "%rootfolder%\%openSSLfolder%-64\out32dll\libeay64.lib" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\libeay64_%OpenSSLver%-fips-%fipsver%_W64.lib"
copy "%rootfolder%\%openSSLfolder%-64\out32dll\libeay64.dll" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\libeay64.dll"
copy "%rootfolder%\%openSSLfolder%-64\out32dll\ssleay64.lib" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\ssleay64_%OpenSSLver%-fips-%fipsver%_W64.lib"
copy "%rootfolder%\%openSSLfolder%-64\out32dll\ssleay64.dll" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\ssleay64.dll"
copy "%rootfolder%\%openSSLfolder%-64\out32\openssl.exe" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\OpenSSL64.exe"
REM Copy Static Libs (Non FIPS)
copy "%rootfolder%\%openSSLfolder%-64\out32\libeay64.lib" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\libeay64_%OpenSSLver%_W64.lib"
copy "%rootfolder%\%openSSLfolder%-64\out32\ssleay64.lib" "%rootfolder%\OpenSSLoutput-%OpenSSLver%\ssleay64_%OpenSSLver%_W64.lib"
REM ------------------- Cleanup Build -------------------
del %fips%
del %fipstar%
rmdir /S /Q %fipsfolder%
rmdir /S /Q %fipsfolder%-64
del %openSSL%
del %openSSLtar%
rmdir /S /Q %openSSLfolder%
rmdir /S /Q %openSSLfolder%-64
exit
<强> Replace.bat
@echo ON
setlocal
call :FindReplace %1 %2 %3
exit /b
:FindReplace <findstr> <replstr> <file>
set tmp="%temp%\tmp.txt"
If not exist %temp%\_.vbs call :MakeReplace
for /f "tokens=*" %%a in ('dir "%3" /s /b /a-d /on') do (
for /f "usebackq" %%b in (`Findstr /mic:"%~1" "%%a"`) do (
echo(&Echo Replacing "%~1" with "%~2" in file %%~nxa
<%%a cscript //nologo %temp%\_.vbs "%~1" "%~2">%tmp%
if exist %tmp% move /Y %tmp% "%%~dpnxa">nul
)
)
del %temp%\_.vbs
exit /b
:MakeReplace
>%temp%\_.vbs echo with Wscript
>>%temp%\_.vbs echo set args=.arguments
>>%temp%\_.vbs echo .StdOut.Write _
>>%temp%\_.vbs echo Replace(.StdIn.ReadAll,args(0),args(1),1,-1,1)
>>%temp%\_.vbs echo end with
在Visual Studio中使用OpenSSL
Several Configuration Properties use these boost/openssl paths:
a. C/C++ -> Additional Include Directories -> C:\boost64\include;C:\Work\OpenSSL-Builds\openssl-1.0.2d-64\inc32
b. Linker -> General -> Additional Library Directories -> C:\boost64\lib;C:\Work\OpenSSL-Builds\openssl-1.0.2d-64\out32
c. Linker -> Command Line -> Additional Options -> Add libeay64.lib and ssleay64.lib