Re: [openssl-users] Compiling FIPS-cable OpenSSL on Windows Server 2012R2
> On Jan 7, 2019, at 11:52, Chris Fernando via openssl-users > wrote: > >> >> On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users >> wrote: >> >> I perused the list archives for all of 2018 and did not see anything current >> relating to this problem, so if this is a question that has been asked & >> answered, please feel free to point me at the relevant location to read >> about what I'm doing incorrectly. =) >> >> I'm not at all familiar with Windows & compiling Open Source projects, but I >> am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual >> Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module >> and OpenSSL 1.0.2q (NO FIPS) without issue. >> >> [snip] >> >> >> I am doing the following to compile FIPS: >> cd c:\path\to\fips-source >> ms\do_fips no-asm >> >> I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed): >> cd c:\path\to\openssl-source >> nmake -f ms\ntdll.mak clean >> nmake -f ms\nt.mak clean >> perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source >> ms\do_win64a no-asm >> nmake -f ms\ntdll.mak >> >> [snip] > > > Well, I managed to get the compile to move a bit further by copying "inc32" > to "include", "util" to "bin", and "out32dll" to "lib" in the FIPS source > directory, that I was including in --with-fipsdir= . > > However, now I am getting the following error during the OpenSSL build > process. > > [snip] So, for anyone searching in the future, I managed to get it to compile ensuring the following: Ensure the following is installed: * Perl (I used Strawberry Perl 5.24.4.1) * NASM (I used 2.14.02) * MS Visual Studio 2017 Community with the MS Windows SDK (what I used) - Ensure your Windows PATH variable has NASM and Perl included (not including this is what was causing my errors). - Start the Visual Studio 'Developer Command Prompt'. - Change directory to the decompressed openssl source directory. - Follow the instructions in the OpenSSL FIPS User Guide. I had to ensure '--with-fipsdir=' pointed to where my FIPS object code was installed. It was, purposefully, not in C:\usr\local\ssl\fips-2.0\, which was also causing problems for me. I appreciate those who reached out to me directly to provide guidance in solving my compile issues. Thanks, Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Compiling FIPS-cable OpenSSL on Windows Server 2012R2
> > On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users > wrote: > > I perused the list archives for all of 2018 and did not see anything current > relating to this problem, so if this is a question that has been asked & > answered, please feel free to point me at the relevant location to read about > what I'm doing incorrectly. =) > > I'm not at all familiar with Windows & compiling Open Source projects, but I > am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual > Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module > and OpenSSL 1.0.2q (NO FIPS) without issue. > > [snip] > > > I am doing the following to compile FIPS: > cd c:\path\to\fips-source > ms\do_fips no-asm > > I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed): > cd c:\path\to\openssl-source > nmake -f ms\ntdll.mak clean > nmake -f ms\nt.mak clean > perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source > ms\do_win64a no-asm > nmake -f ms\ntdll.mak > > [snip] Well, I managed to get the compile to move a bit further by copying "inc32" to "include", "util" to "bin", and "out32dll" to "lib" in the FIPS source directory, that I was including in --with-fipsdir= . However, now I am getting the following error during the OpenSSL build process. cl /Fotmp32dll\fips_premain_dso.obj -DFINGERPRINT_PREMAIN_DSO_LOAD -Iinc 32 -Itmp32dll /MD /Ox -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPEN SSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_S ECURE_NO_DEPRECATE -IC:\Users\cfernando\Downloads\ossl\ossl\openssl-fips/include -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 - DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/app -c C:\Users\cfernando\Downloads\ ossl\ossl\openssl-fips\lib\fips_premain.c fips_premain.c ml /c ms\uptable.asm Microsoft (R) Macro Assembler Version 14.16.27025.1 Copyright (C) Microsoft Corporation. All rights reserved. Assembling: ms\uptable.asm ms\uptable.asm(9) : error A2006:undefined symbol : rsp ms\uptable.asm(10) : error A2006:undefined symbol : rsp ms\uptable.asm(11) : error A2006:undefined symbol : rsp ms\uptable.asm(12) : error A2006:undefined symbol : rsp ms\uptable.asm(13) : error A2006:undefined symbol : rcx ms\uptable.asm(14) : error A2006:undefined symbol : rdx ms\uptable.asm(16) : error A2006:undefined symbol : rcx ms\uptable.asm(17) : error A2006:undefined symbol : rdx ms\uptable.asm(18) : error A2006:undefined symbol : r8 ms\uptable.asm(19) : error A2006:undefined symbol : r9 ms\uptable.asm(20) : error A2006:undefined symbol : rax ms\uptable.asm(21) : error A2006:undefined symbol : rsp ms\uptable.asm(22) : error A2006:undefined symbol : rax ms\uptable.asm(29) : error A2006:undefined symbol : rsp ms\uptable.asm(30) : error A2006:undefined symbol : rsp ms\uptable.asm(31) : error A2006:undefined symbol : rsp ms\uptable.asm(32) : error A2006:undefined symbol : rsp ms\uptable.asm(33) : error A2006:undefined symbol : rcx ms\uptable.asm(34) : error A2006:undefined symbol : rdx ms\uptable.asm(36) : error A2006:undefined symbol : rcx ms\uptable.asm(37) : error A2006:undefined symbol : rdx ms\uptable.asm(38) : error A2006:undefined symbol : r8 ms\uptable.asm(39) : error A2006:undefined symbol : r9 ms\uptable.asm(40) : error A2006:undefined symbol : rax ms\uptable.asm(41) : error A2006:undefined symbol : rsp ms\uptable.asm(42) : error A2006:undefined symbol : rax ms\uptable.asm(49) : error A2006:undefined symbol : rsp ms\uptable.asm(50) : error A2006:undefined symbol : rsp ms\uptable.asm(51) : error A2006:undefined symbol : rsp ms\uptable.asm(52) : error A2006:undefined symbol : rsp ms\uptable.asm(53) : error A2006:undefined symbol : rcx ms\uptable.asm(54) : error A2006:undefined symbol : rdx ms\uptable.asm(56) : error A2006:undefined symbol : rcx ms\uptable.asm(57) : error A2006:undefined symbol : rdx ms\uptable.asm(58) : error A2006:undefined symbol : r8 ms\uptable.asm(59) : error A2006:undefined symbol : r9 ms\uptable.asm(60) : error A2006:undefined symbol : rax ms\uptable.asm(61) : error A2006:undefined symbol : rsp ms\uptable.asm(62) : error A2006:undefined symbol : rax ms\uptable.asm(69) : error A2006:undefined symbol : rsp ms\uptable.asm(70) : error A2006:undefined symbol : rsp ms\uptable.asm(71) : error A2006:undefined symbol : rsp ms\uptable.asm(72) : error A2006:undefined symbol : rsp ms\uptable.asm(73) : error A2006:undefined symbol : rcx ms\uptable.asm(74) : error A2006:undefined symbol : rdx ms\uptable.asm(76) : error A2006:undefined symbol : rcx ms\uptable.asm(77) : error A2006:undefined symbol : rdx ms\uptable.asm(78) : error A2006:undefined symbol : r8 ms\uptable.asm(79) : er
[openssl-users] Compiling FIPS-cable OpenSSL on Windows Server 2012R2
I perused the list archives for all of 2018 and did not see anything current relating to this problem, so if this is a question that has been asked & answered, please feel free to point me at the relevant location to read about what I'm doing incorrectly. =) I'm not at all familiar with Windows & compiling Open Source projects, but I am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module and OpenSSL 1.0.2q (NO FIPS) without issue. When I try to compile OpenSSL with the FIPS canister, per the User Guide instructions, I end up with the following error. cl /Fotmp32dll\o_fips.obj -Iinc32 -Itmp32dll /MD /Ox -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -Ic:\..\openssl-fips/ include -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO _SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_ CIPHERS -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/lib -D_WINDLL -DOPENSSL_BUIL D_SHLIBCRYPTO -c .\crypto\o_fips.c o_fips.c .\crypto\o_fips.c(61): fatal error C1083: Cannot open include file: 'openssl/fip s.h': No such file or directory NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio\2017 \Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x86\cl.EXE"' : return code '0x2 ' Stop. I am doing the following to compile FIPS: cd c:\path\to\fips-source ms\do_fips no-asm I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed): cd c:\path\to\openssl-source nmake -f ms\ntdll.mak clean nmake -f ms\nt.mak clean perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source ms\do_win64a no-asm nmake -f ms\ntdll.mak I feel like I'm missing something fundamental here and I know the User Guide says to install the FIPS files in a protected area. However, as I'm just building the source on this device, shouldn't I be able to to do the above and have it work? Any help would be greatly appreciated. Thanks, Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users