Re: FIPS-capable OpenSSL that works on Windows NT
On Oct 25, 2011, at 4:17 AM, Dr. Stephen Henson wrote: > On Mon, Oct 24, 2011, Bill Durant wrote: > >> On Oct 24, 2011, at 4:00 PM, Dr. Stephen Henson wrote: >>> On Mon, Oct 24, 2011, Bill Durant wrote: >>> >>>> >>>> >>>> Hello Steve: >>>> >>>> I downloaded >>>> ftp://openssl.org/snapshot/openssl-fips-2.0-test-20111023.tar.gz and >>>> http://openssl.org/source/openssl-0.9.8r.tar.gz. >>>> >>>> I am getting the following compile errors. Any ideas on what I am doing >>>> wrong? >>>> >>> >>> You can't use OpenSSL 0.9.8 with the test 2.0 tarball. You have to use and >>> OpenSSL 1.0.1 snapshot. >> >> Hello Steve, >> >> Thank you for the clarification. Now I am unable to get past 'nmake -f >> ms\nt.mak' >> >> Attached is the build log. >> >> I downloaded the following: >> >> ftp://ftp.openssl.org/snapshot/openssl-1.0.1-stable-SNAP-20111024.tar.gz >> ftp://ftp.openssl.org/snapshot/openssl-fips-2.0-test-20111024.tar.gz. >> >> I am getting the following compilation error. Any ideas on how to fix it? >> Thanks. >> >> C:\> cd openssl-fips-2.0-test-20111024 >> C:\> ms\do_fips no-asm >> ... >> ... >> *** >> FIPS BUILD SUCCESS* >> *** >> >> C:\> cd ..\openssl-1.0.1-stable-SNAP-20111024 >> >> C:\> perl Configure VC-WIN32 fips >> --with-fipslibdir=..\openssl-fips-2.0-test-20111024\out32dll >> --prefix=..\openssl-1.0.1-stable-SNAP-20111024-fips-static no-idea no-mdc2 >> no-rc5 no-asm >> ... >> ... >> >> C:\> ms\do_nasm >> ... >> ... >> C:\> nmake -f ms\nt.mak >> ... >> ... >> cl /Fotmp32\o_fips.obj -Iinc32 -Itmp32 /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS >> -DDSO_WIN32 -W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 >> -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE >> -Isrocalslips-2.0/include -DOPENSSL_NO_IDEA -DOPENSSL_NO_RC5 >> -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS >> -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c >> .\crypto\o_fips.c >> o_fips.c >> crypto\o_fips.c(60) : fatal error C1083: Cannot open include file: >> 'openssl/fips.h': No such file or directory >> NMAKE : fatal error U1077: 'cl' : return code '0x2' >> Stop. >> > > Set the FIPSDIR environment variable to a location where you want the module > installed before you call ms\do_fips and then don't include the > --with-fipslibdir option to Configure. Hello Steve, That worked perfectly. Thanks. I am now able to produce a working FIPS-capable OpenSSL that works on Windows NT. Thanks! Bill > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS-capable OpenSSL that works on Windows NT
On Mon, Oct 24, 2011, Bill Durant wrote: > On Oct 24, 2011, at 4:00 PM, Dr. Stephen Henson wrote: > > On Mon, Oct 24, 2011, Bill Durant wrote: > > > >> > >> > >> Hello Steve: > >> > >> I downloaded > >> ftp://openssl.org/snapshot/openssl-fips-2.0-test-20111023.tar.gz and > >> http://openssl.org/source/openssl-0.9.8r.tar.gz. > >> > >> I am getting the following compile errors. Any ideas on what I am doing > >> wrong? > >> > > > > You can't use OpenSSL 0.9.8 with the test 2.0 tarball. You have to use and > > OpenSSL 1.0.1 snapshot. > > Hello Steve, > > Thank you for the clarification. Now I am unable to get past 'nmake -f > ms\nt.mak' > > Attached is the build log. > > I downloaded the following: > > ftp://ftp.openssl.org/snapshot/openssl-1.0.1-stable-SNAP-20111024.tar.gz > ftp://ftp.openssl.org/snapshot/openssl-fips-2.0-test-20111024.tar.gz. > > I am getting the following compilation error. Any ideas on how to fix it? > Thanks. > > C:\> cd openssl-fips-2.0-test-20111024 > C:\> ms\do_fips no-asm > ... > ... > *** > FIPS BUILD SUCCESS* > *** > > C:\> cd ..\openssl-1.0.1-stable-SNAP-20111024 > > C:\> perl Configure VC-WIN32 fips > --with-fipslibdir=..\openssl-fips-2.0-test-20111024\out32dll > --prefix=..\openssl-1.0.1-stable-SNAP-20111024-fips-static no-idea no-mdc2 > no-rc5 no-asm > ... > ... > > C:\> ms\do_nasm > ... > ... > C:\> nmake -f ms\nt.mak > ... > ... > cl /Fotmp32\o_fips.obj -Iinc32 -Itmp32 /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS > -DDSO_WIN32 -W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 > -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE > -Isrocalslips-2.0/include -DOPENSSL_NO_IDEA -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 > -DOPENSSL_NO_MDC2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE > -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\o_fips.c > o_fips.c > crypto\o_fips.c(60) : fatal error C1083: Cannot open include file: > 'openssl/fips.h': No such file or directory > NMAKE : fatal error U1077: 'cl' : return code '0x2' > Stop. > Set the FIPSDIR environment variable to a location where you want the module installed before you call ms\do_fips and then don't include the --with-fipslibdir option to Configure. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS-capable OpenSSL that works on Windows NT
On Mon, Oct 24, 2011, Bill Durant wrote: > > > Hello Steve: > > I downloaded > ftp://openssl.org/snapshot/openssl-fips-2.0-test-20111023.tar.gz and > http://openssl.org/source/openssl-0.9.8r.tar.gz. > > I am getting the following compile errors. Any ideas on what I am doing > wrong? > You can't use OpenSSL 0.9.8 with the test 2.0 tarball. You have to use and OpenSSL 1.0.1 snapshot. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS-capable OpenSSL that works on Windows NT
On Oct 24, 2011, at 1:01 AM, Bill Durant wrote: > On Oct 5, 2011, at 12:15 PM, Dr. Stephen Henson wrote: >> On Wed, Oct 05, 2011, Bill Durant wrote: >>> On Oct 5, 2011, at 8:08 AM, Dr. Stephen Henson wrote: >>>> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote: >>>>> On 10/4/2011 10:45 PM, Bill Durant wrote: >>>>>> >>>>>> Does anyone know how to produce a FIPS-capable OpenSSL that works on >>>>>> Windows NT? >>>>> >>>>> It's likely not possible... >>>>> >>>>>> But when I run it under Windows NT, I get the following run-time error: >>>>>> >>>>>> "The procedure entry point Module32NextW could not be located in the >>>>>> dynamic link library KERNEL32.dll" >>>>> >>>>> If you use the equivalent of nm against the fipscanister.lib, I'd expect >>>>> you'll find the binding there. >>>>> >>>>> I see no reason the team would accommodate this in OpenSSL/FIPS 2.0, >>>>> though. >>>>> Support for Windows NT 4.xx ended on December 31, 2004. Support for >>>>> Windows >>>>> 2000 ended on July 13, 2010. So updating "security" or cryptographic >>>>> software >>>>> validation for such systems is something of an oxymoron. >>>> >>>> I'd suggest the OP try to build the 2.0 test module and run >>>> fips_test_suite on >>>> NT as it may work. A lot of the platform specific code has been removed >>>> from >>>> the 2.0 module design. >>> >>> Thank you everyone for the comments so far. >>> >>> What is the 2.0 test module? Does it mean to build openssl-fips-1.2.tar.gz? >>> >> >> For the upcoming 2.0 validation test snapshots are available. You can see >> them at: ftp://ftp.openssl.org/snapshot/ >> >> Steve. >> -- >> Dr Stephen N. Henson. OpenSSL project core developer. >> Commercial tech support now available see: http://www.openssl.org > > > Hello Steve: > > I downloaded ftp://openssl.org/snapshot/openssl-fips-2.0-test-20111023.tar.gz > and http://openssl.org/source/openssl-0.9.8r.tar.gz. > > I am getting the following compile errors. Any ideas on what I am doing > wrong? > > C:\> cd openssl-fips-2.0-test-20111023 > C:\> ms\do_fips no-asm > ... > ... > *** > FIPS BUILD SUCCESS* > *** > > C:\> cd ..\openssl-0.9.8r > > C:\> perl Configure VC-WIN32 fips > --with-fipslibdir=..\openssl-fips-2.0-test-20111023\out32dll > --prefix=..\openssl-0.9.8r-fips-static no-idea no-mdc2 no-rc5 no-asm > ... > ... > > C:\> ms\do_nasm > ... > ... > C:\> nmake -f ms\nt.mak > Generating x86 for NASM assember > Bignum > AES > ... > ... > Copying: ./ssl/dtls1.h to inc32/openssl/dtls1.hperl util/copy.pl > ".\ssl\kssl.h" "inc32\openssl\kssl.h"Copying: ./ssl/kssl.h to > inc32/openssl/kssl.hcl /Fotmp32\fips_standalone_sha1.obj -Iinc32 -Itmp32 > /MT /Ox /O2 /Ob2 /W3 /W > X /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN > -DL_ENDIAN > -DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE /Fdout32 > -DOPENSSL_NO_IDEA -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 > -DOPENSSL > _NO_MDC2 -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG > -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_DYNAMIC_ENGINE /Zl -c > .\fips\sha\fips_standalon > e_sha1.cfips_standalone_sha1.c >link /nologo /subsystem:console /opt:ref > /out:out32\fips_standalone_sha1.exe > @C:\Users\bdurant\AppData\Local\Temp\nm257.tmp > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol > _SHA1_Final referenced in function _hmac_init > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol > _SHA1_Update referenced in function _hmac_init > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol > _SHA1_Init referenced in function _hmac_init > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol __chkstk > referenced in function _hmac_init > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _fwrite > referenced in function _main > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _perror > referenced in function _main > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _printf > referenced in
Re: FIPS-capable OpenSSL that works on Windows NT
On Oct 5, 2011, at 12:15 PM, Dr. Stephen Henson wrote: > On Wed, Oct 05, 2011, Bill Durant wrote: >> On Oct 5, 2011, at 8:08 AM, Dr. Stephen Henson wrote: >>> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote: >>>> On 10/4/2011 10:45 PM, Bill Durant wrote: >>>>> >>>>> Does anyone know how to produce a FIPS-capable OpenSSL that works on >>>>> Windows NT? >>>> >>>> It's likely not possible... >>>> >>>>> But when I run it under Windows NT, I get the following run-time error: >>>>> >>>>> "The procedure entry point Module32NextW could not be located in the >>>>> dynamic link library KERNEL32.dll" >>>> >>>> If you use the equivalent of nm against the fipscanister.lib, I'd expect >>>> you'll find the binding there. >>>> >>>> I see no reason the team would accommodate this in OpenSSL/FIPS 2.0, >>>> though. >>>> Support for Windows NT 4.xx ended on December 31, 2004. Support for >>>> Windows >>>> 2000 ended on July 13, 2010. So updating "security" or cryptographic >>>> software >>>> validation for such systems is something of an oxymoron. >>> >>> I'd suggest the OP try to build the 2.0 test module and run fips_test_suite >>> on >>> NT as it may work. A lot of the platform specific code has been removed from >>> the 2.0 module design. >> >> Thank you everyone for the comments so far. >> >> What is the 2.0 test module? Does it mean to build openssl-fips-1.2.tar.gz? >> > > For the upcoming 2.0 validation test snapshots are available. You can see > them at: ftp://ftp.openssl.org/snapshot/ > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org Hello Steve: I downloaded ftp://openssl.org/snapshot/openssl-fips-2.0-test-20111023.tar.gz and http://openssl.org/source/openssl-0.9.8r.tar.gz. I am getting the following compile errors. Any ideas on what I am doing wrong? C:\> cd openssl-fips-2.0-test-20111023 C:\> ms\do_fips no-asm ... ... *** FIPS BUILD SUCCESS* *** C:\> cd ..\openssl-0.9.8r C:\> perl Configure VC-WIN32 fips --with-fipslibdir=..\openssl-fips-2.0-test-20111023\out32dll --prefix=..\openssl-0.9.8r-fips-static no-idea no-mdc2 no-rc5 no-asm ... ... C:\> ms\do_nasm ... ... C:\> nmake -f ms\nt.mak Generating x86 for NASM assember Bignum AES ... ... Copying: ./ssl/dtls1.h to inc32/openssl/dtls1.hperl util/copy.pl ".\ssl\kssl.h" "inc32\openssl\kssl.h"Copying: ./ssl/kssl.h to inc32/openssl/kssl.hcl /Fotmp32\fips_standalone_sha1.obj -Iinc32 -Itmp32 /MT /Ox /O2 /Ob2 /W3 /W X /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE /Fdout32 -DOPENSSL_NO_IDEA -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL _NO_MDC2 -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_DYNAMIC_ENGINE /Zl -c .\fips\sha\fips_standalon e_sha1.cfips_standalone_sha1.c link /nologo /subsystem:console /opt:ref /out:out32\fips_standalone_sha1.exe @C:\Users\bdurant\AppData\Local\Temp\nm257.tmp fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _SHA1_Final referenced in function _hmac_init fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _SHA1_Update referenced in function _hmac_init fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _SHA1_Init referenced in function _hmac_init fips_standalone_sha1.obj : error LNK2019: unresolved external symbol __chkstk referenced in function _hmac_init fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _fwrite referenced in function _main fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _perror referenced in function _main fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _printf referenced in function _main fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _fread referenced in function _main fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _fopen referenced in function _main fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _exit refer enced in function _main fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _fprintf re ferenced in function _main fips_standalone_sha1.obj : error LNK2019: unresolved external symbol __iob refer enced in function _mainLINK : error LNK2001: unresolved
Re: FIPS-capable OpenSSL that works on Windows NT
On Oct 5, 2011, at 9:10 PM, William A. Rowe Jr. wrote: > On 10/5/2011 10:08 AM, Dr. Stephen Henson wrote: >> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote: >> >>> On 10/4/2011 10:45 PM, Bill Durant wrote: But when I run it under Windows NT, I get the following run-time error: "The procedure entry point Module32NextW could not be located in the dynamic link library KERNEL32.dll" >>> >>> If you use the equivalent of nm against the fipscanister.lib, I'd expect >>> you'll find the binding there. >> >> I'd suggest the OP try to build the 2.0 test module and run fips_test_suite >> on >> NT as it may work. A lot of the platform specific code has been removed from >> the 2.0 module design. > > I'd forgotten how significantly the whole POST code has been refactored, > thanks for the reminder Steve! I will try this and report back my findings soon. Thanks, Bill > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS-capable OpenSSL that works on Windows NT
On 10/5/2011 10:08 AM, Dr. Stephen Henson wrote: > On Tue, Oct 04, 2011, William A. Rowe Jr. wrote: > >> On 10/4/2011 10:45 PM, Bill Durant wrote: >>> >>> But when I run it under Windows NT, I get the following run-time error: >>> >>> "The procedure entry point Module32NextW could not be located in the >>> dynamic link library KERNEL32.dll" >> >> If you use the equivalent of nm against the fipscanister.lib, I'd expect >> you'll find the binding there. > > I'd suggest the OP try to build the 2.0 test module and run fips_test_suite on > NT as it may work. A lot of the platform specific code has been removed from > the 2.0 module design. I'd forgotten how significantly the whole POST code has been refactored, thanks for the reminder Steve! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS-capable OpenSSL that works on Windows NT
On Wed, Oct 05, 2011, Bill Durant wrote: > On Oct 5, 2011, at 8:08 AM, Dr. Stephen Henson wrote: > > On Tue, Oct 04, 2011, William A. Rowe Jr. wrote: > > > >> On 10/4/2011 10:45 PM, Bill Durant wrote: > >>> > >>> Does anyone know how to produce a FIPS-capable OpenSSL that works on > >>> Windows NT? > >> > >> It's likely not possible... > >> > >>> But when I run it under Windows NT, I get the following run-time error: > >>> > >>> "The procedure entry point Module32NextW could not be located in the > >>> dynamic link library KERNEL32.dll" > >> > >> If you use the equivalent of nm against the fipscanister.lib, I'd expect > >> you'll find the binding there. > >> > >> I see no reason the team would accommodate this in OpenSSL/FIPS 2.0, > >> though. > >> Support for Windows NT 4.xx ended on December 31, 2004. Support for > >> Windows > >> 2000 ended on July 13, 2010. So updating "security" or cryptographic > >> software > >> validation for such systems is something of an oxymoron. > > > > I'd suggest the OP try to build the 2.0 test module and run fips_test_suite > > on > > NT as it may work. A lot of the platform specific code has been removed from > > the 2.0 module design. > > Thank you everyone for the comments so far. > > What is the 2.0 test module? Does it mean to build openssl-fips-1.2.tar.gz? > For the upcoming 2.0 validation test snapshots are available. You can see them at: ftp://ftp.openssl.org/snapshot/ Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS-capable OpenSSL that works on Windows NT
On Oct 5, 2011, at 8:08 AM, Dr. Stephen Henson wrote: > On Tue, Oct 04, 2011, William A. Rowe Jr. wrote: > >> On 10/4/2011 10:45 PM, Bill Durant wrote: >>> >>> Does anyone know how to produce a FIPS-capable OpenSSL that works on >>> Windows NT? >> >> It's likely not possible... >> >>> But when I run it under Windows NT, I get the following run-time error: >>> >>> "The procedure entry point Module32NextW could not be located in the >>> dynamic link library KERNEL32.dll" >> >> If you use the equivalent of nm against the fipscanister.lib, I'd expect >> you'll find the binding there. >> >> I see no reason the team would accommodate this in OpenSSL/FIPS 2.0, though. >> Support for Windows NT 4.xx ended on December 31, 2004. Support for Windows >> 2000 ended on July 13, 2010. So updating "security" or cryptographic >> software >> validation for such systems is something of an oxymoron. > > I'd suggest the OP try to build the 2.0 test module and run fips_test_suite on > NT as it may work. A lot of the platform specific code has been removed from > the 2.0 module design. Thank you everyone for the comments so far. What is the 2.0 test module? Does it mean to build openssl-fips-1.2.tar.gz? Thanks, Bill > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS-capable OpenSSL that works on Windows NT
On Tue, Oct 04, 2011, William A. Rowe Jr. wrote: > On 10/4/2011 10:45 PM, Bill Durant wrote: > > > > Does anyone know how to produce a FIPS-capable OpenSSL that works on > > Windows NT? > > It's likely not possible... > > > But when I run it under Windows NT, I get the following run-time error: > > > > "The procedure entry point Module32NextW could not be located in the > > dynamic link library KERNEL32.dll" > > If you use the equivalent of nm against the fipscanister.lib, I'd expect > you'll find the binding there. > > I see no reason the team would accommodate this in OpenSSL/FIPS 2.0, though. > Support for Windows NT 4.xx ended on December 31, 2004. Support for Windows > 2000 ended on July 13, 2010. So updating "security" or cryptographic software > validation for such systems is something of an oxymoron. I'd suggest the OP try to build the 2.0 test module and run fips_test_suite on NT as it may work. A lot of the platform specific code has been removed from the 2.0 module design. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS-capable OpenSSL that works on Windows NT
On Tue October 4 2011, William A. Rowe Jr. wrote: > On 10/4/2011 10:45 PM, Bill Durant wrote: > > > > Does anyone know how to produce a FIPS-capable OpenSSL that works on > > Windows NT? > > It's likely not possible... > > > But when I run it under Windows NT, I get the following run-time error: > > > > "The procedure entry point Module32NextW could not be located in the > > dynamic link library KERNEL32.dll" > > If you use the equivalent of nm against the fipscanister.lib, I'd expect > you'll find the binding there. > > I see no reason the team would accommodate this in OpenSSL/FIPS 2.0, though. > Support for Windows NT 4.xx ended on December 31, 2004. > I can think of one reason to continue support for Windows NT 4.++ There are people in the world that run it on Alpha machines and NT 4.xx was the last Windows release to support that processor. But the O.P. did quote "KERNEL32.dll" which isn't present on the 64 bit Alpha, so that isn't their reason for using NT 4.++ Might be the same story for MIPS hardware, can't recall for sure. Mike > Support for Windows 2000 ended on July 13, 2010. > So updating "security" or cryptographic software > validation for such systems is something of an oxymoron. > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS-capable OpenSSL that works on Windows NT
On 10/5/2011 6:59 AM, William A. Rowe Jr. wrote: On 10/4/2011 10:45 PM, Bill Durant wrote: Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows NT? It's likely not possible... But when I run it under Windows NT, I get the following run-time error: "The procedure entry point Module32NextW could not be located in the dynamic link library KERNEL32.dll" If you use the equivalent of nm against the fipscanister.lib, I'd expect you'll find the binding there. I see no reason the team would accommodate this in OpenSSL/FIPS 2.0, though. Support for Windows NT 4.xx ended on December 31, 2004. Support for Windows 2000 ended on July 13, 2010. So updating "security" or cryptographic software validation for such systems is something of an oxymoron. Ah, so OpenSSL has fallen for the propaganda that if the manufacturer (MS) stops supporting a software version, you should do so too, thus increasing harm to those affected by the manufacturer decision. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS-capable OpenSSL that works on Windows NT
On Wed, Oct 5, 2011 at 12:59 AM, William A. Rowe Jr. wrote: > On 10/4/2011 10:45 PM, Bill Durant wrote: >> >> Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows >> NT? > > It's likely not possible... > >> But when I run it under Windows NT, I get the following run-time error: >> >> "The procedure entry point Module32NextW could not be located in the >> dynamic link library KERNEL32.dll" That's Windows 2000 and above. http://msdn.microsoft.com/en-us/library/windows/desktop/ms684221%28v=vs.85%29.aspx Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS-capable OpenSSL that works on Windows NT
On 10/4/2011 10:45 PM, Bill Durant wrote: > > Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows > NT? It's likely not possible... > But when I run it under Windows NT, I get the following run-time error: > > "The procedure entry point Module32NextW could not be located in the > dynamic link library KERNEL32.dll" If you use the equivalent of nm against the fipscanister.lib, I'd expect you'll find the binding there. I see no reason the team would accommodate this in OpenSSL/FIPS 2.0, though. Support for Windows NT 4.xx ended on December 31, 2004. Support for Windows 2000 ended on July 13, 2010. So updating "security" or cryptographic software validation for such systems is something of an oxymoron. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
FIPS-capable OpenSSL that works on Windows NT
Hello, Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows NT? I have built the latest FIPS-capable OpenSSL (openssl-fips-1.2.3) with openssl-0.9.8r using MS Visual Studio .NET 2003 on Windows 7. I have a small app that uses the OpenSSL library (just encrypts/decrypts). It runs fine on Windows 7/32-bit. But when I run it under Windows NT, I get the following run-time error: "The procedure entry point Module32NextW could not be located in the dynamic link library KERNEL32.dll" So I re-built the FIPS-capable OpenSSL again specifying TARGET=VC-NT in ms/do_fips.bat. I then configured openssl-0.9.8r as follows: perl Configure VC-NT ... And then rebuilt it as before. I still get the same run-time error on Wiindows NT. I did some research and determined that Module32NextW call is not available on Windows NT (it is available on Windows 2000 and above). So is it possible to produce a working FIPS-capable OpenSSL without some hacking of the code to remove calls to Module32NextW and friends? Any ideas? Thanks, Bill __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org