RE: fipslink
I could either get it to link, but fail the premain test or not get it to link. I never did get even a simple application to compile and run. I haven't had time since my last post to work on it. I've been side tracked by our (way behind) software release. -Jon Evers From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Raghav Varadan Sent: Wednesday, April 03, 2013 5:59 PM To: openssl-users@openssl.org Subject: Re: fipslink Jon, I have the same problem that you were mentioning in your thread. I built a batch file similar to yours and I'm getting the link error in the first pass. Were you able to find a solution for this? Following are the link errors I'm getting: fips_premain.obj : error LNK2001: unresolved external symbol unsigned char * FIPS_signature (?FIPS_signature@@3PAEA) fips_premain.obj : error LNK2019: unresolved external symbol unsigned int __cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int) (?FIPS_incor e_fingerprint@@YAIPEAEI@Z) referenced in function void __cdecl FINGERPRINT_premain(void) (?FINGERPRINT_premain@@YAXXZ) fips_premain.obj : error LNK2019: unresolved external symbol void const * __cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPEBXXZ) referenced in f unction void __cdecl FINGERPRINT_premain(void) (?FINGERPRINT_premain@@YAXXZ) --- Here is my log: D:\TestPrograms\TestFIPSOpensslcl /Od /I D:\OpenSSL\deploy\Applications_win64_x64\include /I D:\Dev\WrkSpace_Main\depot\ExternalLibs\OpenSSL\1.0.1c-fips2.0.3\fips-s rc\include /D WIN32 /D _DEBUG /D _CONSOLE /D _UNICODE /D UNICODE /Gm /EHsc /RTC1 /MDd /Fox64\Debug\\ /Fdx64\Debug\vc90.pdb /W3 /nologo /c /Zi /TC /errorReport:prompt main.c main.c D:\TestPrograms\TestFIPSOpensslfips_build_script.bat D:\TestPrograms\TestFIPSOpensslSET FIPS_PATH=D:\OpenSSL\deploy\Applications_win64_x64 D:\TestPrograms\TestFIPSOpensslSET FIPS_LINK=link D:\TestPrograms\TestFIPSOpensslSET FIPS_CC=cl D:\TestPrograms\TestFIPSOpensslSET FIPS_CC_ARGS=/Fo D:\TestPrograms\TestFIPSOpenssl\x64\Debug\fips_premain.obj -ID:\Dev\WrkSpace_Ma in\depot\ExternalLibs\OpenSSL\1.0.1c-fips2.0.3\_deploy\Applications_win6 4_x64\include /MD /O1 -DOPENSSL_THREADS -DDSO_WIN32 -DOPENSSL_NO_ERR -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -ID:\Dev\WrkSpace_Main\depot\Ext ernalLibs\OpenSSL\1.0.1c-fips2.0.3\_deploy\Applications_win64_x64/includ e/GS -DOPENSSL_NO_IDEA -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC 2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_MDC2 -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_DH -DOPENSSL_NO_WHIRLPOOL -DO PENSSL_NO_SSL2 -DOPENSSL_NO_CMS -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_GOST -DOPENSSL_NO_HW -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DY NAMIC_ENGINE /Zl /Z7 -c D:\TestPrograms\TestFIPSOpensslSET PREMAIN_DSO_EXE= D:\TestPrograms\TestFIPSOpensslSET FIPS_TARGET=D:\TestPrograms\TestFIPSOpenssl\x64\Debug\TestFIPSOpenssl.ex e D:\TestPrograms\TestFIPSOpensslSET FIPS_SHA1_EXE=D:\OpenSSL\deploy\Applications_win64_x64\bin\fips_standalo ne_sha1.exe D:\TestPrograms\TestFIPSOpensslSET FIPSLIB_D=D:\OpenSSL\deploy\Applications_win64_x64\lib D:\TestPrograms\TestFIPSOpensslperl D:\OpenSSL\deploy\Applications_win64_x64\bin\fips link.pl /OUT:D:\TestPrograms\TestFIPSOpenssl\x64\Debug\TestFIPSOpenssl.exe /NOLOGO /LIBPATH:D:\Dev\WrkSpace_Main\depot\ExternalLibs\OpenSS L\1.0.1c-fips2.0.3\_deploy\Applications_win64_x64\lib /MANIFEST /MANIFESTFILE:\x64\Debug\TestFIPSOpenssl.exe.intermediate.manifest\ /MANIFESTUAC:\ level='asInvoker' uiAccess='false'\ /DEBUG /PDB:\D:\TestPrograms\TestFIPSOpenssl\x64\Debug\TestFIPSOpenssl.pdb\ /SUBSYSTEM:CONSOLE /DYNAMI CBASE /NXCOMPAT /MACHINE:X64 /ERRORREPORT:PROMPT fipscanister.lib opensslcryptofips.lib opensslssl.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib x64\Debug\main.obj x64\Debug\fips_premain.obj Integrity check OK cl /Fo D:\TestPrograms\TestFIPSOpenssl\x64\Debug\fips_premain.obj -ID:\OpenSSL\deploy\ Applications_win64_x64\include /MD /O1 -DOPENSSL_THREADS -DDSO_WIN32 -DOPENSSL_NO_ERR -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_M EAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -ID:\OpenSSL\deploy\Applications _win64_x64/include/GS -DOPENSSL_NO_IDEA -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_MDC2 -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_DH
RE: fipslink
/W3 /c /Zi /TP
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPS_LINK=link
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset
FIPS_SHA1_EXE=C:\openssl-fips-2.0.2\out32dll\fips_standalone_sha1.exe
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset
FIPS_SIG=C:\openssl-fips-2.0.2\util\msincore
C:\openssl-TestUtils\FipsSample - Clean\FipsSamplerem Not used to comple an
EXE: set PREMAIN_DSO_EXE=C:\openssl-1.0.1c\out32dll\fips_premain_dso.exe
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset PREMAIN_DSO_EXE=
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset
FIPS_TARGET=..\Release\FipsSample.exe
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleperl
c:\openssl-fips-2.0.2\util\fipslink.pl @link.rsp
Integrity check OK
cl /O2 /Oi /GL /I C:\openssl-1.0.1c\inc32 /D WIN32 /D NDEBUG /D
_CONSOLE /D _MBCS /FD /EHsc /MD /Gy /FoRelease\\ /FdRelease\vc90.pdb
/W3 /c /Zi /T
P c:\openssl-fips-2.0.2\out32dll/fips_premain.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 15.00.30729.01 for 80x86
Copyright (C) Microsoft Corporation. All rights reserved.
fips_premain.c
link @link.rsp
Microsoft (R) Incremental Linker Version 9.00.30729.01
Copyright (C) Microsoft Corporation. All rights reserved.
/OUT:C:\openssl-TestUtils\FipsSample - Clean\Release\FipsSample.exe
/INCREMENTAL:NO /LIBPATH:C:\openssl-1.0.1c\out32dll /MANIFEST
/MANIFESTFILE:Release\Fip
sSample.exe.intermediate.manifest /MANIFESTUAC:level='asInvoker'
uiAccess='false' /DEBUG /PDB:c:\openssl-TestUtils\FipsSample -
Clean\Release\FipsSample.pdb
/SUBSYSTEM:CONSOLE /OPT:REF /OPT:ICF /LTCG /DYNAMICBASE /NXCOMPAT
/MACHINE:X86 libeay32.lib kernel32.lib user32.lib gdi32.lib winspool.lib
comdlg32.lib advapi
32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib
.\Release\FipsSample.obj
.\Release\stdafx.obj
.\Release\fips_premain.obj
fips_premain.obj : error LNK2001: unresolved external symbol unsigned char *
FIPS_signature (?FIPS_signature@@3PAEA)
fips_premain.obj : error LNK2001: unresolved external symbol void const *
__cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPBXXZ)
fips_premain.obj : error LNK2001: unresolved external symbol unsigned int
__cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int)
(?FIPS_incore_fingerpr
int@@YAIPAEI@Z)
C:\openssl-TestUtils\FipsSample - Clean\Release\FipsSample.exe : fatal error
LNK1120: 3 unresolved externals
First stage Link failure at c:\openssl-fips-2.0.2\util\fipslink.pl line 55.
===
---
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jon Evers
Sent: Tuesday, February 05, 2013 2:09 PM
To: openssl-users@openssl.org
Subject: fipslink
Does anyone have a windows make file that uses fipslink to build an executable
that they can forward to me?
Alternatively a Visual Studio project that uses that would also help?
The smaller and simpler the project the better.
I’m trying to build a windows executable that uses the fips libraries and I
think I’m not using this utility correctly. I’m stuck with linker errors.
Thanks,
-Jon Evers
:IϮrm
(Z+K
+1x
h[z(Z+
fy
fh)z{,
Live customer support is available 24/7/365 from the U.S. for all customers
worldwide and locally in other countries. Find out more at www.go2vanguard.com.
Enable Yourself Learn more about Vanguard zSecurity University training classes
offered online, on-demand by request, or in a traditional classroom setting in
cities worldwide. www.go2vanguard.com
This e-mail and any attachments are intended solely for the use of the
addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If
you are not the intended recipient of this e-mail, you are hereby notified that
any dissemination of this e-mail or any attachments is strictly prohibited. If
you have received this e-mail in error, please do not read this email, please
delete all copies of this e-mail and any attachments and notify the sender
immediately. Thank you.
RE: fipslink
winspool.lib comdlg32.lib
advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib
.\Release\FipsSample.obj
.\Release\stdafx.obj
.\Release\fips_premain.obj
===
Build Output:
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleg
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset
FIPSLIB_D=c:\openssl-fips-2.0.2\out32dll
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPS_CC=cl
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPS_CC_ARGS=/O2 /Oi /GL
/I C:\openssl-1.0.1c\inc32 /D WIN32 /D NDEBUG /D _CONSOLE /D _MBCS /FD
/EHsc /MD /Gy /FoRelease\\ /FdRelease\vc90.pdb /W3 /c /Zi /TP
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPS_LINK=link
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset
FIPS_SHA1_EXE=C:\openssl-fips-2.0.2\out32dll\fips_standalone_sha1.exe
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset
FIPS_SIG=C:\openssl-fips-2.0.2\util\msincore
C:\openssl-TestUtils\FipsSample - Clean\FipsSamplerem Not used to comple an
EXE: set PREMAIN_DSO_EXE=C:\openssl-1.0.1c\out32dll\fips_premain_dso.exe
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset PREMAIN_DSO_EXE=
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset
FIPS_TARGET=..\Release\FipsSample.exe
C:\openssl-TestUtils\FipsSample - Clean\FipsSampleperl
c:\openssl-fips-2.0.2\util\fipslink.pl @link.rsp
Integrity check OK
cl /O2 /Oi /GL /I C:\openssl-1.0.1c\inc32 /D WIN32 /D NDEBUG /D
_CONSOLE /D _MBCS /FD /EHsc /MD /Gy /FoRelease\\ /FdRelease\vc90.pdb
/W3 /c /Zi /T
P c:\openssl-fips-2.0.2\out32dll/fips_premain.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 15.00.30729.01 for 80x86
Copyright (C) Microsoft Corporation. All rights reserved.
fips_premain.c
link @link.rsp
Microsoft (R) Incremental Linker Version 9.00.30729.01
Copyright (C) Microsoft Corporation. All rights reserved.
/OUT:C:\openssl-TestUtils\FipsSample - Clean\Release\FipsSample.exe
/INCREMENTAL:NO /LIBPATH:C:\openssl-1.0.1c\out32dll /MANIFEST
/MANIFESTFILE:Release\Fip
sSample.exe.intermediate.manifest /MANIFESTUAC:level='asInvoker'
uiAccess='false' /DEBUG /PDB:c:\openssl-TestUtils\FipsSample -
Clean\Release\FipsSample.pdb
/SUBSYSTEM:CONSOLE /OPT:REF /OPT:ICF /LTCG /DYNAMICBASE /NXCOMPAT
/MACHINE:X86 libeay32.lib kernel32.lib user32.lib gdi32.lib winspool.lib
comdlg32.lib advapi
32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib
.\Release\FipsSample.obj
.\Release\stdafx.obj
.\Release\fips_premain.obj
fips_premain.obj : error LNK2001: unresolved external symbol unsigned char *
FIPS_signature (?FIPS_signature@@3PAEA)
fips_premain.obj : error LNK2001: unresolved external symbol void const *
__cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPBXXZ)
fips_premain.obj : error LNK2001: unresolved external symbol unsigned int
__cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int)
(?FIPS_incore_fingerpr
int@@YAIPAEI@Z)
C:\openssl-TestUtils\FipsSample - Clean\Release\FipsSample.exe : fatal error
LNK1120: 3 unresolved externals
First stage Link failure at c:\openssl-fips-2.0.2\util\fipslink.pl line 55.
===
---
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jon Evers
Sent: Tuesday, February 05, 2013 2:09 PM
To: openssl-users@openssl.org
Subject: fipslink
Does anyone have a windows make file that uses fipslink to build an executable
that they can forward to me?
Alternatively a Visual Studio project that uses that would also help?
The smaller and simpler the project the better.
I’m trying to build a windows executable that uses the fips libraries and I
think I’m not using this utility correctly. I’m stuck with linker errors.
Thanks,
-Jon Evers
:IϮrm
(Z+K
+1x
h[z(Z+
fy
fh)z{,
Live customer support is available 24/7/365 from the U.S. for all customers
worldwide and locally in other countries. Find out more at www.go2vanguard.com.
Enable Yourself Learn more about Vanguard zSecurity University training classes
offered online, on-demand by request, or in a traditional classroom setting in
cities worldwide. www.go2vanguard.com
This e-mail and any attachments are intended solely for the use of the
addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If
you are not the intended recipient of this e-mail, you are hereby notified that
any dissemination of this e-mail or any attachments is strictly prohibited. If
you have received this e-mail in error, please do not read this email, please
delete all copies of this e-mail and any attachments and notify the sender
immediately. Thank you.
fipslink
Does anyone have a windows make file that uses fipslink to build an executable that they can forward to me? Alternatively a Visual Studio project that uses that would also help? The smaller and simpler the project the better. I'm trying to build a windows executable that uses the fips libraries and I think I'm not using this utility correctly. I'm stuck with linker errors. Thanks, -Jon Evers Live customer support is available 24/7/365 from the U.S. for all customers worldwide and locally in other countries. Find out more at www.go2vanguard.com. Enable Yourself Learn more about Vanguard zSecurity University training classes offered online, on-demand by request, or in a traditional classroom setting in cities worldwide. www.go2vanguard.com This e-mail and any attachments are intended solely for the use of the addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination of this e-mail or any attachments is strictly prohibited. If you have received this e-mail in error, please do not read this email, please delete all copies of this e-mail and any attachments and notify the sender immediately. Thank you.
RE: Compiling openssl fips in Windows
LM, I was using the Jan 18, 2013 version. It looks like the current is now Jan 25, 2013. However, those sections and paragraphs I quoted are still there. Just look down a few paragraphs to find them. Section 5.3.2 seems to be the root of my problem. I don't think my project, based on ms\nt.mak, is working correctly. As a makefile example, nt.mak is fairly complex and I had to trace and pull out quite a few symbols and modify them to get it to run. Does anyone have a basic make file for Windows that links the openssl and fips libraries or maybe a simple VS2008 project that they can post or send me? Thanks for any help. -Jon Section 5.3.2 The static library Makefile ms\nt.mak in the OpenSSL distribution gives an example of the usage of fipslink.pl. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Memmott, Lester Sent: Monday, February 04, 2013 2:51 PM To: openssl-users@openssl.org Subject: RE: Compiling openssl fips in Windows Jon, Regarding: According to my interpretation of the documentation, it should be included in libeay32.dll: Section 2.4.2 Note that except in the most unusual circumstances the FIPS Object Module itself (fipscanister.o) is not linked directly with application code. Section 4.3.3 The resulting FIPS capable OpenSSL can be used for shared or static linking. The shared library built (when ms\ntdll.mak is used as the Makefile) links fipscanister.lib into libeay32.dll using fipslink.pl I wonder if you're working off of an older version of the documentation. I've been using the User Guide v2.0 found here: http://www.openssl.org/docs/fips/UserGuide-2.0.pdf Thanks, LM Live customer support is available 24/7/365 from the U.S. for all customers worldwide and locally in other countries. Find out more at www.go2vanguard.com. Enable Yourself Learn more about Vanguard zSecurity University training classes offered online, on-demand by request, or in a traditional classroom setting in cities worldwide. www.go2vanguard.com This e-mail and any attachments are intended solely for the use of the addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination of this e-mail or any attachments is strictly prohibited. If you have received this e-mail in error, please do not read this email, please delete all copies of this e-mail and any attachments and notify the sender immediately. Thank you.
RE: Compiling openssl fips in Windows
Dave, I am linking libeay32.lib. I did try the .dll and tried to make it a reference in a VS2008 project, but that completely failed. If I understand correctly ssleay32 is needed to implement SSL/TLS protocols? If so, I definitely need to include it. But, currently my linking issues don't seem to be affected by this library being included or not. My link issues are either : 1) Can't find FIPS symbols (FIPS_hmac_final, FIPS_hmac_init_ex) OR 2) with fipscanister.lib also linked - duplicate symbols int MSVCRT.lib and LIBCMT.lib (like __exit, _raise and _malloc) I think a simple, basic make file for a windows console application would greatly help me track down my linker issues. I'm sure it is some simple mismatch or mistake I make in the make file I sourced from nt.mak. I just can't seem to pinpoint it. Thanks, -Jon -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Monday, February 04, 2013 1:58 PM To: openssl-users@openssl.org Subject: RE: Compiling openssl fips in Windows From: owner-openssl-us...@openssl.org On Behalf Of Jon Evers Sent: Friday, 01 February, 2013 17:45 I'm trying to link an application that will use openssl and fips. I'm getting linker errors snip [using] MS Visual Studio 2008. I'm trying to link the DLL, lib32eay.dll. Did you put libeay32.dll in the VS project or libeay32.lib ? VS needs the latter. You *link* with the export library and then *run* with the dll (from the same build, or at least a build which is binary compatible) and if the dll is not in your PATH I think you need a setting for that also. To answer your other question elsethread, you similarly need ssleay32 if and only if your app uses protocol functions. libeay on Windows (libcrypto on Unix) provides crypto primitives (like AES_* RC4_* SHA_* etc), some utility primitives like ASN1_* PEM_* BIO_* PEM_*, and the generic wrapper EVP_*. Parts of libeay/libcrypto (only) are replaced in FIPS mode. (Actually the normal versions are still there, but not used.) ssleay (libssl) implements SSL protocol (including TLS and DTLS, which technically are slightly different) *using* libeay/libcrypto, and thus using FIPS primitives if enabled. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org Live customer support is available 24/7/365 from the U.S. for all customers worldwide and locally in other countries. Find out more at www.go2vanguard.com. Enable Yourself Learn more about Vanguard zSecurity University training classes offered online, on-demand by request, or in a traditional classroom setting in cities worldwide. www.go2vanguard.com This e-mail and any attachments are intended solely for the use of the addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination of this e-mail or any attachments is strictly prohibited. If you have received this e-mail in error, please do not read this email, please delete all copies of this e-mail and any attachments and notify the sender immediately. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Compiling openssl fips in Windows
I'm trying to link an application that will use openssl and fips. (sorry about any typos and shortcuts. I have to hand type this because my development is on a closed system and I can't cut and paste to here) I'm getting linker errors: Error LNK2001: unresolved external symbol _FIPS_hmac_ctx_cleanup Error LNK2001: unresolved external symbol _FIPS_hmac_final Error LNK2001: unresolved external symbol _FIPS_hmac_update Plus a few other unresolved _FIPS_xxx linkings. My project is basically the fips_hmac example from Appendix C in the User Guide with some minor changes to build on MS Visual Studio 2008. I'm trying to link the DLL, lib32eay.dll. If I look at the libeay32.map file that gets created, I see those symbols: 0002:0e80 _FIPS_hmac_final 0fbbde80 f fipscanister:hmac.obj I'm using fipslink.pl to do the linking and set the FIPS variables. I also build a .mak file using nt.mak as an example. When I run nmake, my compiler command looks like this: cl /Fod:\work\ssl\ved\Debug\fips_premain.obj -ID:\Work\SSL\openssl-fips-2.0.0\inc32 -IO /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -GX -GS0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -I\usr\local\ssl\fips-2.0\include -DOPENSSL_USER_APPLINK -I. -DOPENSSL_NO_RRC5 -DOPENSLL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zl /Zi /Fd/lib -c \usr\local\ssl\fips-2.0\lib/fips_premain.c ...which compiles with no errors or warnings. I have 2 other files that also compile clean (stdafx.cpp and VED.cpp). My link command (which is inside fipslink.pl) looks like this: link /nologo /subsystem:console /opt:ref /debug /map /out:Debug\VED.exe @C:\temp\nma0452 C:\temp\nma0452: setargv.obj d:\work\ssl\ved\Debug\VED.obj d:\work\ssl\ved\Debug\stdafx.obj d:\work\ssl\ved\Debug\fips_premain.obj d:\Work\SSL\openssl-1.0.1c\out32dll\libeay32.lib ws2_32.lib gdi32.lib advapi32.lib crytp32.bli user32.lib openssl version -a returns OpenSSL 1.0.1c-fips 10 May 2012 ...which I think indicates that I build the fips and openssl correctly. But, the linker warnings don't make sense to me because it looks like the symbols are in the linked .lib. Any ideas why this might not link? Thanks, -Jon Evers Live customer support is available 24/7/365 from the U.S. for all customers worldwide and locally in other countries. Find out more at www.go2vanguard.com. Enable Yourself Learn more about Vanguard zSecurity University training classes offered online, on-demand by request, or in a traditional classroom setting in cities worldwide. www.go2vanguard.com This e-mail and any attachments are intended solely for the use of the addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination of this e-mail or any attachments is strictly prohibited. If you have received this e-mail in error, please do not read this email, please delete all copies of this e-mail and any attachments and notify the sender immediately. Thank you.
RE: Compiling openssl fips in Windows
Thanks LM, I wasn't explicitly including fipscanister.o. According to my interpretation of the documentation, it should be included in libeay32.dll: Section 2.4.2 Note that except in the most unusual circumstances the FIPS Object Module itself (fipscanister.o) is not linked directly with application code. Section 4.3.3 The resulting FIPS capable OpenSSL can be used for shared or static linking. The shared library built (when ms\ntdll.mak is used as the Makefile) links fipscanister.lib into libeay32.dll using fipslink.pl I did try to link fipscanister.lib directly and got a set of errors like this: MSVCRT.lib(MSVCRT.DLL) : error LNK2005: _fopen already defined in LIBC.lib(fopen.obj) I think that is usually caused by a mismatch of static and dymnamic libraries. I tried /NODEAULTLIB: on both MSVCRT.lib and LIBC.lib, but both gave linker errors about similar c library calls. I also tried to link the static libs, libeayfips.lib with and without fipscanister.lib, but either got my previous link errors or these new ones. As a side question, do I need to link ssley32.lib? It's in some examples, but doesn't seem to make a difference whether I link it in or not, at least, regarding my current issues. Thanks, -Jon From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Memmott, Lester Sent: Friday, February 01, 2013 3:59 PM To: openssl-users@openssl.org Subject: RE: Compiling openssl fips in Windows Regarding: C:\temp\nma0452: setargv.obj d:\work\ssl\ved\Debug\VED.obj d:\work\ssl\ved\Debug\stdafx.obj d:\work\ssl\ved\Debug\fips_premain.obj d:\Work\SSL\openssl-1.0.1c\out32dll\libeay32.lib ws2_32.lib gdi32.lib advapi32.lib crytp32.bli user32.lib I'm not sure but did you link in fipscanister.lib? It's required too. Thanks, LM From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jon Evers Sent: Friday, February 01, 2013 3:45 PM To: openssl-users@openssl.org Subject: Compiling openssl fips in Windows I'm trying to link an application that will use openssl and fips. (sorry about any typos and shortcuts. I have to hand type this because my development is on a closed system and I can't cut and paste to here) I'm getting linker errors: Error LNK2001: unresolved external symbol _FIPS_hmac_ctx_cleanup Error LNK2001: unresolved external symbol _FIPS_hmac_final Error LNK2001: unresolved external symbol _FIPS_hmac_update Plus a few other unresolved _FIPS_xxx linkings. My project is basically the fips_hmac example from Appendix C in the User Guide with some minor changes to build on MS Visual Studio 2008. I'm trying to link the DLL, lib32eay.dll. If I look at the libeay32.map file that gets created, I see those symbols: 0002:0e80 _FIPS_hmac_final 0fbbde80 f fipscanister:hmac.obj I'm using fipslink.pl to do the linking and set the FIPS variables. I also build a .mak file using nt.mak as an example. When I run nmake, my compiler command looks like this: cl /Fod:\work\ssl\ved\Debug\fips_premain.obj -ID:\Work\SSL\openssl-fips-2.0.0\inc32 -IO /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -GX -GS0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -I\usr\local\ssl\fips-2.0\include -DOPENSSL_USER_APPLINK -I. -DOPENSSL_NO_RRC5 -DOPENSLL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zl /Zi /Fd/lib -c \usr\local\ssl\fips-2.0\lib/fips_premain.c ...which compiles with no errors or warnings. I have 2 other files that also compile clean (stdafx.cpp and VED.cpp). My link command (which is inside fipslink.pl) looks like this: link /nologo /subsystem:console /opt:ref /debug /map /out:Debug\VED.exe @C:\temp\nma0452 C:\temp\nma0452: setargv.obj d:\work\ssl\ved\Debug\VED.obj d:\work\ssl\ved\Debug\stdafx.obj d:\work\ssl\ved\Debug\fips_premain.obj d:\Work\SSL\openssl-1.0.1c\out32dll\libeay32.lib ws2_32.lib gdi32.lib advapi32.lib crytp32.bli user32.lib openssl version -a returns OpenSSL 1.0.1c-fips 10 May 2012 ...which I think indicates that I build the fips and openssl correctly. But, the linker warnings don't make sense to me because it looks like the symbols are in the linked .lib. Any ideas why this might not link? Thanks, -Jon Evers Live customer support is available 24/7/365 from the U.S. for all customers worldwide and locally in other countries. Find out more at www.go2vanguard.com http://www.go2vanguard.com/ . Enable Yourself(tm) Learn more about Vanguard zSecurity University training classes offered online, on-demand by request, or in a traditional classroom setting in cities worldwide. www.go2vanguard.com http://www.go2vanguard.com/ This e-mail and any attachments are intended solely for the use of the addressee and may contain information that is PRIVILEGED
