Re: FIPS in 1.0.1 windows 7 64 bit compile / link problems
Hello Steve, do you see another way to force the error state? Thanks Dirk On 03.07.2012 10:49, Dirk Menstermann wrote: Hello Steve, On 02.07.2012 19:37, Dr. Stephen Henson wrote: As I indicated HEAD wont work as it isn't currently FIPS capable. OK - I will concentrate on 1.0.1c! The (largely internal use) functions like FIPS_corupt_aes are not exported from the Windows DLL at present: do you have a specific need to call them? I'm in the process of upgrading our product to use the latest openssl. In the version to be upgraded with 0.9.8 and fips 1.2.x the call was used to demonstrate that our product enters error state on a failed power up self test. Can this be achieved without these kind of functions? Thanks Dirk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS in 1.0.1 windows 7 64 bit compile / link problems
Hello Steve, On 02.07.2012 19:37, Dr. Stephen Henson wrote: As I indicated HEAD wont work as it isn't currently FIPS capable. OK - I will concentrate on 1.0.1c! The (largely internal use) functions like FIPS_corupt_aes are not exported from the Windows DLL at present: do you have a specific need to call them? I'm in the process of upgrading our product to use the latest openssl. In the version to be upgraded with 0.9.8 and fips 1.2.x the call was used to demonstrate that our product enters error state on a failed power up self test. Can this be achieved without these kind of functions? Thanks Dirk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
FIPS in 1.0.1 windows 7 64 bit compile / link problems
Anybody able to help me (problem posted below some days ago)? Thanks a lot Dirk On 27.06.2012 14:42, Dirk Menstermann wrote: Hello, I tried to build the FIPS version (openssl-fips-2.0.1) on win7 and VS2005 (command line prompt) using the build target debug-VC-WIN64A and option no-asm. Compilation of the fipscanister.lib was easy. The problem begun when I tried to build the containing openssl: 1) openssl-1.0.1c: Here it worked but there are few oddities: * there isn't a fips.h include file * the library does only export FIPS_mode and FIPS_mode_set and not all other FIPS related functions like FIPS_corrupt_aes or FIPS_rng_stick But nevertheless it seems that the library is working and can be put into FIPS state (I verified that other ciphers will be sent in the ssl client hello) 2) openssl-SNAP-20120627: * while building the fips_auth.c could not be copied (seems that the step to generate it from fips_auth.in is missing). * after manually putting the file to the desired destination (not sure it this is correct) I got following linking error... cl /Fotmp32dll.dbg\fips_standalone_sha1.obj -Iinc32 -Itmp32dll.dbg /MDd /Od -DDEBUG -D_DEBUG -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -Zi -nologo -DO PENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CR T_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM _MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAE S_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL _NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll.dbg/lib -D_WINDLL -c .\fip s\sha\fips_standalone_sha1.c fips_standalone_sha1.c link /nologo /subsystem:console /opt:ref /debug /out:out32dll.dbg\fips_s tandalone_sha1.exe @C:\Users\dm\AppData\Local\Temp\nm6310.tmp fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Update referenced in function main fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Final referenced in function hmac_init fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Init r eferenced in function hmac_init out32dll.dbg\fips_standalone_sha1.exe : fatal error LNK1120: 3 unresolved extern als NMAKE : fatal error U1077: 'c:\Program Files (x86)\Microsoft Visual Studio 9.0\ VC\BIN\amd64\link.EXE' : return code '0x460' Stop. Can anybody help me? With which versions is it supposed to work (win 7 64 bit) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: FIPS in 1.0.1 windows 7 64 bit compile / link problems
More than happy to help you Dirk, but we use MinGW here and it works ok. You could check the versions (OpenSSL version and FIPS version). Sergio. Date: Mon, 2 Jul 2012 18:05:54 +0200 From: noadsple...@web.de To: openssl-users@openssl.org Subject: FIPS in 1.0.1 windows 7 64 bit compile / link problems Anybody able to help me (problem posted below some days ago)? Thanks a lot Dirk On 27.06.2012 14:42, Dirk Menstermann wrote: Hello, I tried to build the FIPS version (openssl-fips-2.0.1) on win7 and VS2005 (command line prompt) using the build target debug-VC-WIN64A and option no-asm. Compilation of the fipscanister.lib was easy. The problem begun when I tried to build the containing openssl: 1) openssl-1.0.1c: Here it worked but there are few oddities: * there isn't a fips.h include file * the library does only export FIPS_mode and FIPS_mode_set and not all other FIPS related functions like FIPS_corrupt_aes or FIPS_rng_stick But nevertheless it seems that the library is working and can be put into FIPS state (I verified that other ciphers will be sent in the ssl client hello) 2) openssl-SNAP-20120627: * while building the fips_auth.c could not be copied (seems that the step to generate it from fips_auth.in is missing). * after manually putting the file to the desired destination (not sure it this is correct) I got following linking error... cl /Fotmp32dll.dbg\fips_standalone_sha1.obj -Iinc32 -Itmp32dll.dbg /MDd /Od -DDEBUG -D_DEBUG -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -Zi -nologo -DO PENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CR T_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM _MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAE S_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL _NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll.dbg/lib -D_WINDLL -c .\fip s\sha\fips_standalone_sha1.c fips_standalone_sha1.c link /nologo /subsystem:console /opt:ref /debug /out:out32dll.dbg\fips_s tandalone_sha1.exe @C:\Users\dm\AppData\Local\Temp\nm6310.tmp fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Update referenced in function main fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Final referenced in function hmac_init fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Init r eferenced in function hmac_init out32dll.dbg\fips_standalone_sha1.exe : fatal error LNK1120: 3 unresolved extern als NMAKE : fatal error U1077: 'c:\Program Files (x86)\Microsoft Visual Studio 9.0\ VC\BIN\amd64\link.EXE' : return code '0x460' Stop. Can anybody help me? With which versions is it supposed to work (win 7 64 bit) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS in 1.0.1 windows 7 64 bit compile / link problems
Hello Sergio, I use openssl-1.0.1c (and a daily snaphost) and openssl-fips-2.0.1. Which combination are you using and which target (debug?) do you build? Will the function FIPS_corrupt_aes be exported and is the include file fips.h available? Thanks Dirk On 02.07.2012 18:30, Sergio NNX wrote: More than happy to help you Dirk, but we use MinGW here and it works ok. You could check the versions (OpenSSL version and FIPS version). Sergio. Date: Mon, 2 Jul 2012 18:05:54 +0200 From: noadsple...@web.de To: openssl-users@openssl.org Subject: FIPS in 1.0.1 windows 7 64 bit compile / link problems Anybody able to help me (problem posted below some days ago)? Thanks a lot Dirk On 27.06.2012 14:42, Dirk Menstermann wrote: Hello, I tried to build the FIPS version (openssl-fips-2.0.1) on win7 and VS2005 (command line prompt) using the build target debug-VC-WIN64A and option no-asm. Compilation of the fipscanister.lib was easy. The problem begun when I tried to build the containing openssl: 1) openssl-1.0.1c: Here it worked but there are few oddities: * there isn't a fips.h include file * the library does only export FIPS_mode and FIPS_mode_set and not all other FIPS related functions like FIPS_corrupt_aes or FIPS_rng_stick But nevertheless it seems that the library is working and can be put into FIPS state (I verified that other ciphers will be sent in the ssl client hello) 2) openssl-SNAP-20120627: * while building the fips_auth.c could not be copied (seems that the step to generate it from fips_auth.in is missing). * after manually putting the file to the desired destination (not sure it this is correct) I got following linking error... cl /Fotmp32dll.dbg\fips_standalone_sha1.obj -Iinc32 -Itmp32dll.dbg /MDd /Od -DDEBUG -D_DEBUG -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -Zi -nologo -DO PENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CR T_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM _MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAE S_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL _NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll.dbg/lib -D_WINDLL -c .\fip s\sha\fips_standalone_sha1.c fips_standalone_sha1.c link /nologo /subsystem:console /opt:ref /debug /out:out32dll.dbg\fips_s tandalone_sha1.exe @C:\Users\dm\AppData\Local\Temp\nm6310.tmp fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Update referenced in function main fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Final referenced in function hmac_init fips_standalone_sha1.obj : error LNK2019: unresolved external symbol SHA1_Init r eferenced in function hmac_init out32dll.dbg\fips_standalone_sha1.exe : fatal error LNK1120: 3 unresolved extern als NMAKE : fatal error U1077: 'c:\Program Files (x86)\Microsoft Visual Studio 9.0\ VC\BIN\amd64\link.EXE' : return code '0x460' Stop. Can anybody help me? With which versions is it supposed to work (win 7 64 bit) __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS in 1.0.1 windows 7 64 bit compile / link problems
On Mon, Jul 02, 2012, Dirk Menstermann wrote: Hello Sergio, I use openssl-1.0.1c (and a daily snaphost) and openssl-fips-2.0.1. Which combination are you using and which target (debug?) do you build? Will the function FIPS_corrupt_aes be exported and is the include file fips.h available? As I indicated HEAD wont work as it isn't currently FIPS capable. The (largely internal use) functions like FIPS_corupt_aes are not exported from the Windows DLL at present: do you have a specific need to call them? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
