Stephen Henson via RT wrote:
[[email protected] - Thu Feb 03 16:36:58 2011]:
The mingw cross-build of current HEAD(2011-01-31) fail :
WARNING: mkdef.pl doesn't know the following algorithms:
NEXTPROTONEG
Creating library file: libcrypto.dll.a
Cannot export FIPS_dh_free: symbol not defined
.....
I'm currently updating the Windows build system for FIPS. It may end up
being broken for a while until I can get all the pieces working
properly: it's a bit messy.
I *think* the above may be fixed in the next snapshot: I've added
support to mkdef.pl for the FIPS symbol so it should now exclude things
like FIPS_dh_free for non-FIPS builds.
Steve.
10x
Functions RSA_X931_derive_ex and RSA_X931_generate_key_ex are not
available in non-fips mode (see attached
"openssl-cvs-mingw-NOFIPS.patch" plus minor cleanup in .cvsignore files
for generated asm-files).
Roumen
Index: crypto/rsa/rsa.h
===================================================================
RCS file: /work/repo/mirror/openssl/openssl/crypto/rsa/rsa.h,v
retrieving revision 1.87
diff -u -r1.87 rsa.h
--- crypto/rsa/rsa.h 3 Feb 2011 10:03:22 -0000 1.87
+++ crypto/rsa/rsa.h 3 Feb 2011 22:40:07 -0000
@@ -293,11 +293,13 @@
/* New version */
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+#ifdef OPENSSL_FIPS
int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
const BIGNUM *e, BN_GENCB *cb);
int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
+#endif /*def OPENSSL_FIPS*/
int RSA_check_key(const RSA *);
/* next 4 return -1 on error */
Index: util/libeay.num
===================================================================
RCS file: /work/repo/mirror/openssl/openssl/util/libeay.num,v
retrieving revision 1.317
diff -u -r1.317 libeay.num
--- util/libeay.num 3 Feb 2011 12:59:00 -0000 1.317
+++ util/libeay.num 3 Feb 2011 22:52:24 -0000
@@ -3664,7 +3664,7 @@
FIPS_rand_status 4051 EXIST:OPENSSL_FIPS:FUNCTION:
FIPS_rand_set_key 4052 EXIST:OPENSSL_FIPS:FUNCTION:
CRYPTO_set_mem_info_functions 4053 NOEXIST::FUNCTION:
-RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA
+RSA_X931_generate_key_ex 4054 EXIST:OPENSSL_FIPS:FUNCTION:RSA
int_ERR_set_state_func 4055 NOEXIST::FUNCTION:
int_EVP_MD_set_engine_callbacks 4056 NOEXIST::FUNCTION:
int_CRYPTO_set_do_dynlock_callback 4057 NOEXIST::FUNCTION:
@@ -3675,7 +3675,7 @@
FIPS_rand_set_dt 4062 EXIST:OPENSSL_FIPS:FUNCTION:
CRYPTO_dbg_pop_info 4063 NOEXIST::FUNCTION:
FIPS_dsa_free 4064 EXIST:OPENSSL_FIPS:FUNCTION:DSA
-RSA_X931_derive_ex 4065 EXIST::FUNCTION:RSA
+RSA_X931_derive_ex 4065 EXIST:OPENSSL_FIPS:FUNCTION:RSA
FIPS_rsa_new 4066 EXIST:OPENSSL_FIPS:FUNCTION:RSA
FIPS_rand_bytes 4067 EXIST:OPENSSL_FIPS:FUNCTION:
fips_cipher_test 4068 EXIST:OPENSSL_FIPS:FUNCTION:
Index: .cvsignore
===================================================================
RCS file: /work/repo/mirror/openssl/openssl/.cvsignore,v
retrieving revision 1.14
diff -u -r1.14 .cvsignore
--- .cvsignore 28 Oct 2008 15:29:25 -0000 1.14
+++ .cvsignore 31 Jan 2011 21:05:33 -0000
@@ -16,6 +16,7 @@
*.flc
semantic.cache
Makefile
+*.def*
*.dll*
*.so*
*.sl*
Index: crypto/.cvsignore
===================================================================
RCS file: /work/repo/mirror/openssl/openssl/crypto/.cvsignore,v
retrieving revision 1.12
diff -u -r1.12 .cvsignore
--- crypto/.cvsignore 17 Apr 2008 10:19:05 -0000 1.12
+++ crypto/.cvsignore 31 Jan 2011 21:04:53 -0000
@@ -5,4 +5,4 @@
*.flc
semantic.cache
*cpuid.s
-uplink-cof.s
+uplink-*.s
Index: crypto/aes/.cvsignore
===================================================================
RCS file: /work/repo/mirror/openssl/openssl/crypto/aes/.cvsignore,v
retrieving revision 1.5
diff -u -r1.5 .cvsignore
--- crypto/aes/.cvsignore 17 Apr 2008 10:19:05 -0000 1.5
+++ crypto/aes/.cvsignore 3 Aug 2009 22:10:14 -0000
@@ -3,3 +3,4 @@
*.flc
semantic.cache
aes-*.s
+aesni-*.s
Index: crypto/modes/.cvsignore
===================================================================
RCS file: /work/repo/mirror/openssl/openssl/crypto/modes/.cvsignore,v
retrieving revision 1.1
diff -u -r1.1 .cvsignore
--- crypto/modes/.cvsignore 29 Dec 2008 00:27:06 -0000 1.1
+++ crypto/modes/.cvsignore 2 Feb 2011 21:38:33 -0000
@@ -2,3 +2,4 @@
Makefile.save
*.flc
semantic.cache
+ghash-*.s
