RE: [RFC] OpenSSL and Windows

["Thomas Buchanan" <TBuchanan () thecompassgrp net>]

> -----Original Message-----
> From: Thomas Buchanan
> Sent: Tuesday, February 05, 2008 11:33 PM
> To: Fyodor
> Cc: nmap-dev () insecure org; DePriest, Jason R.
> Subject: RE: [RFC] OpenSSL and Windows
>
> A better option might be to extract only the .dll files that are
> required, and not ship the installer.  This would probably 
> help us save a little space, as the Light installer does include 
> more than just the .dll files.

The more I thought about this, the less I liked shipping the installer
for OpenSSL just to get the two .dll files that we need.  So, I spent
some time this evening working on compiling OpenSSL from source, and
with a little tweaking, I got it to work.  So, my latest recommendation
for how to include SSL on Windows is to compile OpenSSL ourselves,
rather than relying on the OpenSSL installers.  

As far as I can tell, there is only one additional requirement for
compiling OpenSSL that Nmap doesn't already have: ActiveState Perl (I
used the 5.8.8 version)

Here's the instructions for compiling OpenSSL on Windows, using Visual
Studio 2005 Express,  Windows Platform SDK, and ActivePerl 5.8:

1. Download and extract OpenSSL source (openssl-0.9.8g.tar.gz)
2. Create OpenSSL installation directory (C:\OpenSSL)
3. Start Visual Studio 2005 Command Prompt
4. Set Include & Lib variables to include Platform SDK:
> Set MSSdk=C:\Program Files\Microsoft Platform SDK
> Set Lib=%MSSdk%\Lib;%Lib%
> Set Include=%MSSdk%\Include;%Include%
5. cd to OpenSSL source directory
6. Configure OpenSSL
> perl Configure VC-WIN32 --prefix=C:/OpenSSL
> ms\do_ms
7. Compile OpenSSL
> nmake -f ms\ntdll.mak
8. Install OpenSSL
> nmake -f ms\ntdll.mak install

This will give you the .lib files necessary to build and link Nmap with
SSL on Windows in C:\OpenSSL\lib, and the .dll files required to run
Nmap with SSL in C:\OpenSSL\bin

I've attached an updated patch that uses the output of these
instructions to build Nmap with SSL on Windows.  It saves about 800 KB
over shipping the OpenSSL installer, and only adds about 600 KB to the
-setup.exe file from the non-SSL version:

EXE header size:               51200 / 35328 bytes
Install code:                  18716 / 65825 bytes
Install data:               13240356 / 40316969 bytes
Uninstall code+data:           12067 / 16426 bytes
CRC (0xE3AA9DED):                  4 / 4 bytes

Total size:                 13322343 / 40434552 bytes (32.9%)
mv nmap-4.53/NmapInstaller.exe nmap-4.53-setup.exe

This method has the added advantage of making the .zip file completely
self-reliant again as well.  I noticed that in the previous build
method, the executable from the .zip file would not run on a system
unless it had OpenSSL installed, which could make it difficult to run
from a thumb-drive, for example.

Hope this has been helpful.  Let me know if there are any questions,
concerns, or comments.

Thomas

Attachment: windows-openssl-build-take2.patch
Description: windows-openssl-build-take2.patch

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org