Re: [openssl-users] Compiling FIPS-cable OpenSSL on Windows Server 2012R2

2019-01-17 Thread Chris Fernando via openssl-users
> On Jan 7, 2019, at 11:52, Chris Fernando via openssl-users 
>  wrote:
> 
>> 
>> On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users 
>>  wrote:
>> 
>> I perused the list archives for all of 2018 and did not see anything current 
>> relating to this problem, so if this is a question that has been asked & 
>> answered, please feel free to point me at the relevant location to read 
>> about what I'm doing incorrectly. =)
>> 
>> I'm not at all familiar with Windows & compiling Open Source projects, but I 
>> am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual 
>> Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module 
>> and OpenSSL 1.0.2q (NO FIPS) without issue.
>> 
>> [snip]
>> 
>> 
>> I am doing the following to compile FIPS:
>> cd c:\path\to\fips-source
>> ms\do_fips no-asm
>> 
>> I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed):
>> cd c:\path\to\openssl-source
>> nmake -f ms\ntdll.mak clean
>> nmake -f ms\nt.mak clean
>> perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source
>> ms\do_win64a no-asm
>> nmake -f ms\ntdll.mak
>> 
>> [snip]
> 
> 
> Well, I managed to get the compile to move a bit further by copying "inc32" 
> to "include", "util" to "bin", and "out32dll" to "lib" in the FIPS source 
> directory, that I was including in --with-fipsdir= .
> 
> However, now I am getting the following error during the OpenSSL build 
> process.
> 
> [snip]

So, for anyone searching in the future, I managed to get it to compile ensuring 
the following:

Ensure the following is installed:
 * Perl (I used Strawberry Perl 5.24.4.1)
 * NASM (I used 2.14.02)
 * MS Visual Studio 2017 Community with the MS Windows SDK (what I used)

- Ensure your Windows PATH variable has NASM and Perl included (not including 
this is what was causing my errors).
- Start the Visual Studio 'Developer Command Prompt'.
- Change directory to the decompressed openssl source directory.
- Follow the instructions in the OpenSSL FIPS User Guide. I had to ensure 
'--with-fipsdir=' pointed to where my FIPS object code was installed. It was, 
purposefully, not in C:\usr\local\ssl\fips-2.0\, which was also causing 
problems for me.

I appreciate those who reached out to me directly to provide guidance in 
solving my compile issues.

Thanks,

Chris



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


Re: [openssl-users] Compiling FIPS-cable OpenSSL on Windows Server 2012R2

2019-01-07 Thread Chris Fernando via openssl-users
> 
> On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users 
>  wrote:
> 
> I perused the list archives for all of 2018 and did not see anything current 
> relating to this problem, so if this is a question that has been asked & 
> answered, please feel free to point me at the relevant location to read about 
> what I'm doing incorrectly. =)
> 
> I'm not at all familiar with Windows & compiling Open Source projects, but I 
> am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual 
> Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module 
> and OpenSSL 1.0.2q (NO FIPS) without issue.
> 
> [snip]
> 
> 
> I am doing the following to compile FIPS:
> cd c:\path\to\fips-source
> ms\do_fips no-asm
> 
> I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed):
> cd c:\path\to\openssl-source
> nmake -f ms\ntdll.mak clean
> nmake -f ms\nt.mak clean
> perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source
> ms\do_win64a no-asm
> nmake -f ms\ntdll.mak
> 
> [snip]


Well, I managed to get the compile to move a bit further by copying "inc32" to 
"include", "util" to "bin", and "out32dll" to "lib" in the FIPS source 
directory, that I was including in --with-fipsdir= .

However, now I am getting the following error during the OpenSSL build process.


cl /Fotmp32dll\fips_premain_dso.obj -DFINGERPRINT_PREMAIN_DSO_LOAD -Iinc
32 -Itmp32dll /MD /Ox -DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPEN
SSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_S
ECURE_NO_DEPRECATE -IC:\Users\cfernando\Downloads\ossl\ossl\openssl-fips/include
 -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -
DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS
 -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/app -c C:\Users\cfernando\Downloads\
ossl\ossl\openssl-fips\lib\fips_premain.c
fips_premain.c
ml  /c ms\uptable.asm
Microsoft (R) Macro Assembler Version 14.16.27025.1
Copyright (C) Microsoft Corporation.  All rights reserved.

 Assembling: ms\uptable.asm
ms\uptable.asm(9) : error A2006:undefined symbol : rsp
ms\uptable.asm(10) : error A2006:undefined symbol : rsp
ms\uptable.asm(11) : error A2006:undefined symbol : rsp
ms\uptable.asm(12) : error A2006:undefined symbol : rsp
ms\uptable.asm(13) : error A2006:undefined symbol : rcx
ms\uptable.asm(14) : error A2006:undefined symbol : rdx
ms\uptable.asm(16) : error A2006:undefined symbol : rcx
ms\uptable.asm(17) : error A2006:undefined symbol : rdx
ms\uptable.asm(18) : error A2006:undefined symbol : r8
ms\uptable.asm(19) : error A2006:undefined symbol : r9
ms\uptable.asm(20) : error A2006:undefined symbol : rax
ms\uptable.asm(21) : error A2006:undefined symbol : rsp
ms\uptable.asm(22) : error A2006:undefined symbol : rax
ms\uptable.asm(29) : error A2006:undefined symbol : rsp
ms\uptable.asm(30) : error A2006:undefined symbol : rsp
ms\uptable.asm(31) : error A2006:undefined symbol : rsp
ms\uptable.asm(32) : error A2006:undefined symbol : rsp
ms\uptable.asm(33) : error A2006:undefined symbol : rcx
ms\uptable.asm(34) : error A2006:undefined symbol : rdx
ms\uptable.asm(36) : error A2006:undefined symbol : rcx
ms\uptable.asm(37) : error A2006:undefined symbol : rdx
ms\uptable.asm(38) : error A2006:undefined symbol : r8
ms\uptable.asm(39) : error A2006:undefined symbol : r9
ms\uptable.asm(40) : error A2006:undefined symbol : rax
ms\uptable.asm(41) : error A2006:undefined symbol : rsp
ms\uptable.asm(42) : error A2006:undefined symbol : rax
ms\uptable.asm(49) : error A2006:undefined symbol : rsp
ms\uptable.asm(50) : error A2006:undefined symbol : rsp
ms\uptable.asm(51) : error A2006:undefined symbol : rsp
ms\uptable.asm(52) : error A2006:undefined symbol : rsp
ms\uptable.asm(53) : error A2006:undefined symbol : rcx
ms\uptable.asm(54) : error A2006:undefined symbol : rdx
ms\uptable.asm(56) : error A2006:undefined symbol : rcx
ms\uptable.asm(57) : error A2006:undefined symbol : rdx
ms\uptable.asm(58) : error A2006:undefined symbol : r8
ms\uptable.asm(59) : error A2006:undefined symbol : r9
ms\uptable.asm(60) : error A2006:undefined symbol : rax
ms\uptable.asm(61) : error A2006:undefined symbol : rsp
ms\uptable.asm(62) : error A2006:undefined symbol : rax
ms\uptable.asm(69) : error A2006:undefined symbol : rsp
ms\uptable.asm(70) : error A2006:undefined symbol : rsp
ms\uptable.asm(71) : error A2006:undefined symbol : rsp
ms\uptable.asm(72) : error A2006:undefined symbol : rsp
ms\uptable.asm(73) : error A2006:undefined symbol : rcx
ms\uptable.asm(74) : error A2006:undefined symbol : rdx
ms\uptable.asm(76) : error A2006:undefined symbol : rcx
ms\uptable.asm(77) : error A2006:undefined symbol : rdx
ms\uptable.asm(78) : error A2006:undefined symbol : r8
ms\uptable.asm(79) : er

[openssl-users] Compiling FIPS-cable OpenSSL on Windows Server 2012R2

2019-01-07 Thread Chris Fernando via openssl-users
I perused the list archives for all of 2018 and did not see anything current 
relating to this problem, so if this is a question that has been asked & 
answered, please feel free to point me at the relevant location to read about 
what I'm doing incorrectly. =)

I'm not at all familiar with Windows & compiling Open Source projects, but I am 
having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual Studio 
2017 (Community Edition), I am able to compile the FIPS 2.0.16 module and 
OpenSSL 1.0.2q (NO FIPS) without issue.

When I try to compile OpenSSL with the FIPS canister, per the User Guide 
instructions, I end up with the following error.

cl /Fotmp32dll\o_fips.obj  -Iinc32 -Itmp32dll /MD /Ox -DOPENSSL_THREADS
 -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN
-DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -Ic:\..\openssl-fips/
include -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO
_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_
CIPHERS -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/lib -D_WINDLL  -DOPENSSL_BUIL
D_SHLIBCRYPTO -c .\crypto\o_fips.c
o_fips.c
.\crypto\o_fips.c(61): fatal error C1083: Cannot open include file: 'openssl/fip
s.h': No such file or directory
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio\2017
\Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x86\cl.EXE"' : return code '0x2
'
Stop.


I am doing the following to compile FIPS:
cd c:\path\to\fips-source
ms\do_fips no-asm

I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed):
cd c:\path\to\openssl-source
nmake -f ms\ntdll.mak clean
nmake -f ms\nt.mak clean
perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source
ms\do_win64a no-asm
nmake -f ms\ntdll.mak


I feel like I'm missing something fundamental here and I know the User Guide 
says to install the FIPS files in a protected area. However, as I'm just 
building the source on this device, shouldn't I be able to to do the above and 
have it work?

Any help would be greatly appreciated.


Thanks,

Chris
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users