Edited at

Building OpenSSL 1.1.1 for Windows CE

This page introduces how I build OpenSSL 1.1.1 (only libraries, no command line application) for Windows CE. The build system and sources of OpenSSL have been changed dramatically in 1.1.0, we have to take some tweaks to build 1.1.1, though there is a good instruction1 for previous version.

I have confirmed that the build libraries works with our customized cURL based code. It can show a page available on only TLS1.32.


Requirements and prerequisite

Our build system is VisualStudio 2008 with WCE700 development environment on Windows7-64bit and target platform is ARMv4I. Perl execution environment is also needed.

Following source file are used. It is the version I used here in parentheses.


  • wcecompat3 (bad854b)

  • OpenSSL 1.1.14 (1.1.1b)


Build wcecompat


  1. Get wcecompat


  2. Fix 2 known bugs as follow.



    1. localtime() and gmtime()1


      src/time.c

        struct tm* localtime(const time_t* clock)
      

      - st_tm.tm_mon = stLocal.wMonth;
      + st_tm.tm_mon = stLocal.wMonth - 1;
      - st_tm.tm_year = stLocal.wYear;
      + st_tm.tm_year = stLocal.wYear - 1900;

      struct tm* gmtime(const time_t* clock)

      - st_tm.tm_mon = stUtc.wMonth;
      + st_tm.tm_mon = stUtc.wMonth - 1;
      - st_tm.tm_year = stUtc.wYear;
      + st_tm.tm_year = stUtc.wYear - 1900;




    2. Avoid infinite loop5


      src/wce211_string.c

        _CRTIMP char* __cdecl strrchr(const char* s, int c)
      
      {
      const char* p = s + strlen(s) - 1;
      while (p >= s)
      {
      if (*p == c)
      return (char*)p;
      + p -= 1;
      }
      return NULL;
      }






  3. Modify headerfile



    1. add an alias, "_access" for access()


      include/io.h

        #define access _wceaccess
      
      + #define _access _wceaccess




    2. add aliases for stat and fstat as below


      include/sys/stat.h

      + #define _stat stat
      
      + #define _fstat fstat
      struct stat
      {






  4. Set environmental variables

    Replace YOURSDKNAME to your real sdk name.

    set OSVERSION=WCE700
    
    set PLATFORM=VC-CE
    set TARGETCPU=ARMV4I
    set LIB=C:\Program Files (x86)\Windows CE Tools\SDKs\YOURSDKNAME\Lib\ARMv4I;C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\ce\lib\armv4i;C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\lib
    set INCLUDE=C:\Program Files (x86)\Windows CE Tools\SDKs\YOURSDKNAME\Include\Armv4i
    set Path=C:\WINCE700\sdk\bin\i386\arm;C:\WINCE700\sdk\bin\i386;%Path%



  5. Configure then build

    On wcecompat top directory,

    > perl config.pl
    
    > nmake -f makefile


If you see wcecompat.lib and wcecompatex.lib in lib directory then wcecompat may successfully be built.


Build OpenSSL


  1. Get OpenSSL and extract


  2. Modify C sources to adopt CE

    (1.1.1b) I make a patch for 1.1.1b because there is a lot to change. Apply it.

    https://github.com/aSoujyuTanaka/building_openssl-1.1.1_for_windowsce

    (after 1.1.1c) You will not have to patch because my fix for CE6 had been merged to OpenSSL.




  3. Set environmental variables


    • Replace YOURSDKNAME to your real sdk name.

    • Replace the path of WCECOMPAT to the actual one you build previously.

    set OSVERSION=WCE700
    
    set PLATFORM=VC-CE
    set TARGETCPU=ARMV4I
    set WCECOMPAT=C:\Users\tanaka\wcecompat
    set LIB=C:\Program Files (x86)\Windows CE Tools\SDKs\YOURSDKNAME\Lib\ARMV4I;C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\ce\lib\ARMV4I;C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\lib
    set INCLUDE=C:\Program Files (x86)\Windows CE Tools\SDKs\YOURSDKNAME\Include\ARMV4I;C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\ce\include
    set Path=C:\WINCE700\sdk\bin\i386\arm;C:\WINCE700\sdk\bin\i386;%Path%



  4. Configure

    On OpenSSL top directory,

    > C:\Strawberry\perl\bin\perl Configure no-idea no-mdc2 no-rc5 no-ssl3 no-weak-ssl-ciphers no-async no-engine VC-CE
    

    Specifying full path of Strawberry perl which I recommend here to avoid error messages, I used 5.24.4.1-32bit. 2-options are added on purpose. These are why.



    • no-engine: For lack of CreatePipe() in WinCE (used in engines/e_dasync.c)


    • no-async: For lack of ConvertFiberToThread() in WinCE (used in crypto/async/arch/async_win.c)



no-asm shouldn't be added for production use to improve performance since, in so far as this target, absence of this option leads low level instructions in C-spec so there is no need to consider compiler support of ARM inline assembler notation.



  1. Modify makefile as below


    makefile

    - CFLAGS=/W3 /wd4090 /nologo /O1i
    
    + CFLAGS=/W3 /wd4090 /nologo /O1i -D_MSC_VER=1300
    ..
    - CNF_CPPFLAGS=-D_WIN32_WCE=700 -DUNDER_CE=700 -DWCE_PLATFORM_VC-CE -DARM -D_ARM_ -DARMV4I -QRarch4T -QRinterwork-return -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" -I"\$(WCECOMPAT)/include"
    + CNF_CPPFLAGS=-D_WIN32_WCE=700 -DUNDER_CE=700 -DWCE_PLATFORM_VC-CE -DARM -D_ARM_ -DARMV4I -QRarch4T -QRinterwork-return -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" -I$(WCECOMPAT)/include
    ..
    - CNF_EX_LIBS=3
    + CNF_EX_LIBS=ws2.lib $(WCECOMPAT)\lib\wcecompatex.lib corelibc.lib coredll.lib

    If you are using WCE700 or above and target CPU is ARMv7 then you should replace any existence of "-QRarch4T" with "/QRarch7 /arch:VFPv3-D32 /QRfpe-" to take more benefit of optimization for newer architecture7.




  2. Build

    > nmake build_generated libcrypto-1_1.dll libssl-1_1.dll
    

    Then we will get the following artifacts.


    • libcrypto.lib

    • libcrypto-1_1.dll

    • libcrypto-1_1.pdb

    • libssl.lib

    • libssl-1_1.dll

    • libssl-1_1.pdb