Well, with the commercial use of 3G, more and more application will flourish in the mobile platform. And most of the implement is associated with security such as payment, E-bank, DRM and so on. So it’s important to find some powerful and easy security APIs in the mobile platform. it’s no doubt that the OPEN SSL is the most widely used encryption APIs, but there is little information on how to use the OPEN in windows CE platform. Here I shall give some detail on the compilation and how to use them.
compilation
First we need some resource before building SSL libs:
1. OpenSSL source code
we may get the latest distribution form
Here we compile the openssl-0.9.8i.tar.gz edition.
2. Perl
We may download the latest edition and install.
http://downloads.activestate.com/ActivePerl/Windows/5.8/ActivePerl-5.8.8.822-MSWin32-x86-280952.zip
3. Visual Studio 2005 or later
4. Window CE 5.0 SDK or later
NT Building steps:
1. Install ActivePerl and VS.
2. Extract the files of OpenSSL.
3. Open "Visual Studio .NET Command Prompt" window.
Go into openssl-0.9.7b directory.
4. Type "perl Configure VC-WIN32" in the Command Prompt to configuration the building environment.
5. Type "ms/do_ms" to generate makefile.
If success, two .mak file ms/nt.mak and ms/ntdll.mak will be generated.
6. Type "nmake -f ms/nt.mak" (This is for static version of OpenSSL library)
After the compilation, we will get static lib in directory out32.
If wanna build DLL, then type "nmake -f ms/ntdll.mak"
If wanna the debug edition, we need to change the file ms/do_ms.bat.
Open the file in an editor, then add “debug”in the perl line:
After adding, it looks like:
perl util/mk1mf.pl debug no-asm VC-WIN32 >ms/nt.mak
perl util/mk1mf.pl debug dll no-asm VC-WIN32 >ms/ntdll.mak
7. Testing the SSL libs
Still call nmake:
nmake -f ms/ntdll.mak test
nmake -f ms/nt.mak test
8. install or clean the SSL libs
Still call nmake:
nmake -f ms/ntdll.mak install
nmake -f ms/nt.mak install
nmake -f ms/ntdll.mak clean
nmake -f ms/nt.mak clean
CE Building:
To build Open SSL in VS2005, we need to change the source code according to the instruction:
http://marc.info/?l=openssl-dev&m=122595397822893&w=2
Check summarized details in annex 1
Steps:
1, 2, 3 are the same as NT
4, Build wcecompat project.
You cannot compile OpenSSL from Visual Studio. Secondly the Windows CE/Mobile SDKs lack a lot of functionality, which is available on desktop systems. Thus the wcecompat project was started, so that you (as a third party developer) can use all your regular knowledge to build embedded windows applications. For an updated version download the latest version from http://github.com/mauricek/wcecompat/tree/master
set building evironment:
set OSVERSION=WCE501
set TARGETCPU=ARMV4I
set PLATFORM=VC-CE
Call 'perl config.pl' to create the makefile configuration
Call 'nmake' then we get the libs.
5, set the make file generation symble
perl configure VC-CE
set OSVERSION=WCE501
set TARGETCPU=ARMV4I
set PLATFORM=VC-CE
set PATH=F:/Program Files/Microsoft Visual Studio 8/VC/ce/bin/x86_arm;F:/Program Files/Microsoft Visual Studio 8/VC/bin;F:/Program Files/Microsoft Visual Studio 8/VC/PlatformSDK/bin;F:/Program Files/Microsoft Visual Studio 8/Common7/Tools;F:/Program Files/Microsoft Visual Studio 8/Common7/IDE;F:/Program Files/Microsoft Visual Studio 8/Common/Tools;F:/Program Files/Microsoft Visual Studio 8/Common/IDE;F:/Program Files/Microsoft Visual Studio 8/;$(FrameworkSDKDir)Bin;%PATH%
set INCLUDE=F:/Program Files/Microsoft Visual Studio 8/VC/ce/include;F:/Program Files/Windows CE Tools/wce500/STANDARDSDK_500/include/ARMV4I;F:/Program Files/Windows CE Tools/wce500/STANDARDSDK_500/include;F:/Program Files/Microsoft Visual Studio 8/VC/ce/atlmfc/include;F:/Program Files/Microsoft Visual Studio 8/SmartDevices/SDK/SQL Server/Mobile/v3.0
set LIB=F:/Program Files/Windows CE Tools/wce500/STANDARDSDK_500/lib/ARMV4I;F:/Program Files/Microsoft Visual Studio 8/VC/ce/atlmfc/lib/ARMV4I;F:/Program Files/Microsoft Visual Studio 8/VC/ce/lib/ARMV4I
set WCECOMPAT=C:/wcecompat
6, we need to update some code of source file, check the detail in annex 1
7, Type "ms/do_ms" to build makefile.
8, Now type "nmake -f ms/ce.mak" (This is for static version of OpenSSL library)
then we get the static lib in ./ out32_ARMV4I
9, error shooting:
1, Error message:
PTO -c ./crypto/rsa/rsa_pss.c
cl : Command line warning D9002 : ignoring unknown option '/MC'
rsa_pss.c
f:/openssl/openssl98/crypto/rsa/rsa_pss.c(165) : error C2220: warning treated as
error - no 'object' file generated
f:/openssl/openssl98/crypto/rsa/rsa_pss.c(165) : warning C4748: /GS can not prot
ect parameters and local variables from local buffer overrun because optimizatio
ns are disabled in function
NMAKE : fatal error U1077: '"F:/Program Files/Microsoft Visual Studio 8/VC/ce/bi
n/x86_arm/cl.EXE"' : return code '0x2'
Stop.
Solution: Remove the /WX in cedll.mak
2, when building, a lib “oldnames.lib” is needed, so I add the lib path: F:/Program Files/Microsoft Visual Studio 8/VC/lib;
Ending
Well, with the lib and DLL, we and implement some security applications on CE platform. Later I shall give some examples.
annex 1
http://marc.info/?l=openssl-dev&m=122536319510494&w=2
diff -durw openssl-0.9.8i_original/INSTALL.WCE openssl-0.9.8i/INSTALL.WCE
--- openssl-0.9.8i_original/INSTALL.WCE
Tue Oct
4 08:35:14 2005
+++ openssl-0.9.8i/INSTALL.WCE
Thu Oct 30 10:59:54 2008
@@ -4,18 +4,15 @@
Building OpenSSL for Windows CE requires the following external tools:
-
* Microsoft eMbedded Visual C++ 3.0
-
* wcecompat compatibility library (www.essemer.com.au
)
+
* Microsoft eMbedded Visual C++ 3.0 or Microsoft Visual Studio 2005 and later
+
* wcecompat compatibility library
+
* www.essemer.com.au
Windows CE 4.2 and earlier
+
* github.com/mauricek/wcecompat all Windows CE versions
* Optionally ceutils for running automated tests (www.essemer.com.au
)
You also need Perl for Win32.
You will need ActiveState Perl, available
- from http://www.activestate.com/ActivePerl
.
-
- Windows CE support in OpenSSL relies on wcecompat and therefore it's
- appropriate to check http://www.essemer.com.au/windowsce/
for updates in
- case of compilation problems. As for the moment of this writing version
- 1.1 is available and actually required for WCE 4.2 and newer platforms.
- All Windows CE specific issues should be directed to www.essemer.com.au
.
+ from http://www.activestate.com/ActivePerl
. Note that perl by MSYS does
+ not create correct makefiles.
The C Runtime Library implementation for Windows CE that is included with
Microsoft eMbedded Visual C++ 3.0 is incomplete and in some places
@@ -26,6 +23,10 @@
by the OpenSSL library itself but is used for the tests and openssl.exe.
More information is available at www.essemer.com.au
.
+ With Windows CE 5 and following a lot of standard functionality has been
+ added to the core system, making some parts of the wcecompat lib deprecated.
+ More information is available at github.com/mauricek/wcecompat
+
Building
--------
@@ -34,10 +35,18 @@
> "C:/Program Files/Microsoft eMbedded Tools/EVC/WCE300/BIN/WCEARM.BAT"
+ For Visual Studio 2005 and following there might be similar script depending
+ on the SDK OpenSSL is supposed to be build for. Follow the SDK documentation
+ to get more information how to setup a cross-compiler environment.
+
Next indicate where wcecompat is located:
> set WCECOMPAT=C:/wcecompat
+ OpenSSL for Windows CE uses the same environment variables for compilation
+ as wcecompat does. Thus, there might be more settings needed. For more
+ information follow the wcecompat documentation.
+
Next you should run Configure:
> perl Configure VC-CE
@@ -61,8 +70,9 @@
> nmake -f ms/cedll.mak
If all is well it should compile and you will have some static libraries and
- executables in out32, or some DLLs and executables in out32dll.
If you want
- to try the tests then make sure the ceutils are in the path and do:
+ executables in out32_xyz, or some DLLs and executables in out32dll_xyz where
+ xyz refers to the target processor architecture of the Windows CE SDK.
+ If you want to try the tests then make sure the ceutils are in the path and do:
> cd out32
> ../ms/testce
diff -durw openssl-0.9.8i_original/crypto/o_str.c openssl-0.9.8i/crypto/o_str.c
--- openssl-0.9.8i_original/crypto/o_str.c
Sat Mar 29 14:22:49 2008
+++ openssl-0.9.8i/crypto/o_str.c
Wed Oct 29 10:30:03 2008
@@ -60,7 +60,7 @@
#include <e_os.h>
#include "o_str.h"
-#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && !defined(OPENSSL_SYSNAME_WIN32)
+#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && !defined(OPENSSL_SYSNAME_WIN32) && /
!defined(OPENSSL_SYS_WINCE)
# include <strings.h>
#endif
diff -durw openssl-0.9.8i_original/crypto/rsa/rsa_pss.c /
openssl-0.9.8i/crypto/rsa/rsa_pss.c
--- openssl-0.9.8i_original/crypto/rsa/rsa_pss.c
Mon Aug 29 01:20:50 2005
+++ openssl-0.9.8i/crypto/rsa/rsa_pss.c
Wed Oct 29 11:29:00 2008
@@ -66,7 +66,7 @@
static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
-#if defined(_MSC_VER) && defined(_ARM_)
+#if defined(_MSC_VER) && defined(_ARM_) && (!defined(_WIN32_WCE) || (_WIN32_WCE < /
500))
#pragma optimize("g", off)
#endif
diff -durw openssl-0.9.8i_original/e_os.h openssl-0.9.8i/e_os.h
--- openssl-0.9.8i_original/e_os.h
Thu Jan
3 23:53:01 2008
+++ openssl-0.9.8i/e_os.h
Wed Oct 29 10:32:31 2008
@@ -625,7 +625,7 @@
#define IRIX_CC_BUG
/* CDS++ up to V2.0Bsomething suffered from the same bug.*/
#endif
-#if defined(OPENSSL_SYS_WINDOWS)
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WINCE)
#
define strcasecmp _stricmp
#
define strncasecmp _strnicmp
#elif defined(OPENSSL_SYS_VMS)
diff -durw openssl-0.9.8i_original/util/pl/VC-32.pl openssl-0.9.8i/util/pl/VC-32.pl
--- openssl-0.9.8i_original/util/pl/VC-32.pl
Fri Jun
6 22:48:57 2008
+++ openssl-0.9.8i/util/pl/VC-32.pl
Wed Oct 29 13:05:44 2008
@@ -41,7 +41,6 @@
{
# sanity check
die '%OSVERSION% is not defined'
if (!defined($ENV{'OSVERSION'}));
-
die '%PLATFORM% is not defined'
if (!defined($ENV{'PLATFORM'}));
die '%TARGETCPU% is not defined'
if (!defined($ENV{'TARGETCPU'}));
#
@@ -50,11 +49,15 @@
$wcevers = $ENV{'OSVERSION'};
# WCENNN
die '%OSVERSION% value is insane'
if ($wcevers !~ /^WCE([1-9])([0-9]{2})$/);
$wcecdefs = "-D_WIN32_WCE=$1$2 -DUNDER_CE=$1$2";
# -D_WIN32_WCE=NNN
+
$wcevers = substr($wcevers,3);
$wcelflag = "/subsystem:windowsce,$1.$2";
# ...,N.NN
+
if ($wcevers < 500 || defined($ENV{'PLATFORM'})) {
+
die '%PLATFORM% is not defined'
if (!defined($ENV{'PLATFORM'}));
$wceplatf =
$ENV{'PLATFORM'};
$wceplatf =~ tr/a-z0-9 /A-Z0-9_/d;
$wcecdefs .= " -DWCE_PLATFORM_$wceplatf";
+
}
$wcetgt = $ENV{'TARGETCPU'};
# just shorter name...
SWITCH: for($wcetgt) {
@@ -87,9 +90,18 @@
$cc='$(CC)';
$base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE /
-DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD /
-I$(WCECOMPAT)/include -DOPENSSL_SMALL_FOOTPRINT';
$base_cflags.=" $wcecdefs";
-
$opt_cflags=' /MC /O1i';
# optimize for space, but with intrinsics...
-
$dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG';
+
$opt_cflags=' /O1i';
# optimize for space, but with intrinsics...
+
$dbg_cflags=' /Od -DDEBUG -D_DEBUG';
$lflags="/nologo /opt:ref $wcelflag";
+
if ($wcevers >= 500) {
+
$lflags .=" /NODEFAULTLIB:oldnames.lib /NODEFAULTLIB:libc.lib";
+
if (!($wcetgt eq "X86") || $shlib) {
+
$lflags .=" coredll.lib corelibc.lib";
+
}
+
} else {
+
$opt_cflags .= ' /MC';
+
$dbg_cflags .= ' /MC';
+
}
}
else
# Win32
{