RE: FIPS in 1.0.1 windows 7 64 bit compile / link problems
More than happy to help you Dirk, but we use MinGW here and it works ok. You could check the versions (OpenSSL version and FIPS version). Sergio. > Date: Mon, 2 Jul 2012 18:05:54 +0200 > From: noadsple...@web.de > To: openssl-users@openssl.org > Subject: FIPS in 1.0.1 windows 7 64 bit compile / link problems > > Anybody able to help me (problem posted below some days ago)? > > Thanks a lot > Dirk > > On 27.06.2012 14:42, Dirk Menstermann wrote: > > Hello, > > > > I tried to build the FIPS version (openssl-fips-2.0.1) on win7 and VS2005 > > (command line prompt) using the build target debug-VC-WIN64A and option > > no-asm. > > > > Compilation of the fipscanister.lib was easy. > > > > The problem begun when I tried to build the containing openssl: > > > > 1) openssl-1.0.1c: Here it worked but there are few oddities: > > * there isn't a fips.h include file > > * the library does only export FIPS_mode and FIPS_mode_set and not all > > other > > FIPS related functions like FIPS_corrupt_aes or FIPS_rng_stick > > > > But nevertheless it seems that the library is working and can be put into > > FIPS > > state (I verified that other ciphers will be sent in the ssl client hello) > > > > 2) openssl-SNAP-20120627: > > * while building the fips_auth.c could not be copied (seems that the > > step to > > generate it from fips_auth.in is missing). > > * after manually putting the file to the desired destination (not sure > > it this > > is correct) I got following linking error... > > > > cl /Fotmp32dll.dbg\fips_standalone_sha1.obj -Iinc32 -Itmp32dll.dbg > > /MDd > > /Od -DDEBUG -D_DEBUG -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -Zi > > -nologo -DO > > PENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE > > -D_CR > > T_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT > > -DOPENSSL_BN_ASM > > _MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM > > -DAE > > S_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM > > -DOPENSSL_USE_APPLINK > > -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS > > -DOPENSSL > > _NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll.dbg/lib -D_WINDLL -c > > .\fip > > s\sha\fips_standalone_sha1.c > > fips_standalone_sha1.c > > link /nologo /subsystem:console /opt:ref /debug > > /out:out32dll.dbg\fips_s > > tandalone_sha1.exe @C:\Users\dm\AppData\Local\Temp\nm6310.tmp > > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol > > SHA1_Update > > referenced in function main > > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol > > SHA1_Final > > referenced in function hmac_init > > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol > > SHA1_Init r > > eferenced in function hmac_init > > out32dll.dbg\fips_standalone_sha1.exe : fatal error LNK1120: 3 unresolved > > extern > > als > > NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio > > 9.0\ > > VC\BIN\amd64\link.EXE"' : return code '0x460' > > Stop. > > > > > > > > Can anybody help me? With which versions is it supposed to work (win 7 64 > > bit) > > > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org
Re: FIPS in 1.0.1 windows 7 64 bit compile / link problems
Hello Sergio, I use openssl-1.0.1c (and a daily snaphost) and openssl-fips-2.0.1. Which combination are you using and which target (debug?) do you build? Will the function FIPS_corrupt_aes be exported and is the include file fips.h available? Thanks Dirk On 02.07.2012 18:30, Sergio NNX wrote: > More than happy to help you Dirk, but we use MinGW here and it works ok. You > could check the versions (OpenSSL version and FIPS version). > > Sergio. > >> Date: Mon, 2 Jul 2012 18:05:54 +0200 >> From: noadsple...@web.de >> To: openssl-users@openssl.org >> Subject: FIPS in 1.0.1 windows 7 64 bit compile / link problems >> >> Anybody able to help me (problem posted below some days ago)? >> >> Thanks a lot >> Dirk >> >> On 27.06.2012 14:42, Dirk Menstermann wrote: >> > Hello, >> > >> > I tried to build the FIPS version (openssl-fips-2.0.1) on win7 and VS2005 >> > (command line prompt) using the build target debug-VC-WIN64A and option >> > no-asm. >> > >> > Compilation of the fipscanister.lib was easy. >> > >> > The problem begun when I tried to build the containing openssl: >> > >> > 1) openssl-1.0.1c: Here it worked but there are few oddities: >> > * there isn't a fips.h include file >> > * the library does only export FIPS_mode and FIPS_mode_set and not all >> > other >> > FIPS related functions like FIPS_corrupt_aes or FIPS_rng_stick >> > >> > But nevertheless it seems that the library is working and can be put into >> > FIPS >> > state (I verified that other ciphers will be sent in the ssl client hello) >> > >> > 2) openssl-SNAP-20120627: >> > * while building the fips_auth.c could not be copied (seems that the step >> > to >> > generate it from fips_auth.in is missing). >> > * after manually putting the file to the desired destination (not sure it >> > this >> > is correct) I got following linking error... >> > >> > cl /Fotmp32dll.dbg\fips_standalone_sha1.obj -Iinc32 -Itmp32dll.dbg /MDd >> > /Od -DDEBUG -D_DEBUG -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -Zi >> > -nologo -DO >> > PENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE >> > -D_CR >> > T_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT >> > -DOPENSSL_BN_ASM >> > _MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM >> > -DMD5_ASM -DAE >> > S_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM >> > -DOPENSSL_USE_APPLINK >> > -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS >> > -DOPENSSL >> > _NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll.dbg/lib -D_WINDLL -c >> > .\fip >> > s\sha\fips_standalone_sha1.c >> > fips_standalone_sha1.c >> > link /nologo /subsystem:console /opt:ref /debug /out:out32dll.dbg\fips_s >> > tandalone_sha1.exe @C:\Users\dm\AppData\Local\Temp\nm6310.tmp >> > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol >> > SHA1_Update >> > referenced in function main >> > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol >> > SHA1_Final >> > referenced in function hmac_init >> > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol >> > SHA1_Init r >> > eferenced in function hmac_init >> > out32dll.dbg\fips_standalone_sha1.exe : fatal error LNK1120: 3 unresolved >> > extern >> > als >> > NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual >> > Studio 9.0\ >> > VC\BIN\amd64\link.EXE"' : return code '0x460' >> > Stop. >> > >> > >> > >> > Can anybody help me? With which versions is it supposed to work (win 7 64 >> > bit) >> > >> > >> __ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS in 1.0.1 windows 7 64 bit compile / link problems
On Mon, Jul 02, 2012, Dirk Menstermann wrote: > Hello Sergio, > > I use openssl-1.0.1c (and a daily snaphost) and openssl-fips-2.0.1. Which > combination are you using and which target (debug?) do you build? Will the > function FIPS_corrupt_aes be exported and is the include file fips.h > available? > As I indicated HEAD wont work as it isn't currently FIPS capable. The (largely internal use) functions like FIPS_corupt_aes are not exported from the Windows DLL at present: do you have a specific need to call them? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS in 1.0.1 windows 7 64 bit compile / link problems
Hello Steve, On 02.07.2012 19:37, Dr. Stephen Henson wrote: > > As I indicated HEAD wont work as it isn't currently FIPS capable. OK - I will concentrate on 1.0.1c! The (largely > internal use) functions like FIPS_corupt_aes are not exported from the Windows > DLL at present: do you have a specific need to call them? > I'm in the process of upgrading our product to use the latest openssl. In the version to be upgraded with 0.9.8 and fips 1.2.x the call was used to demonstrate that our product enters error state on a failed power up self test. Can this be achieved without these kind of functions? Thanks Dirk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS in 1.0.1 windows 7 64 bit compile / link problems
Hello Steve, do you see another way to force the error state? Thanks Dirk On 03.07.2012 10:49, Dirk Menstermann wrote: > Hello Steve, > > On 02.07.2012 19:37, Dr. Stephen Henson wrote: > >> >> As I indicated HEAD wont work as it isn't currently FIPS capable. > > OK - I will concentrate on 1.0.1c! > > The (largely >> internal use) functions like FIPS_corupt_aes are not exported from the >> Windows >> DLL at present: do you have a specific need to call them? >> > > I'm in the process of upgrading our product to use the latest openssl. In the > version to be upgraded with 0.9.8 and fips 1.2.x the call was used to > demonstrate that our product enters error state on a failed power up self > test. > Can this be achieved without these kind of functions? > > Thanks > Dirk > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
