Re: Adding Hash to Application : Static Build - OpenSSL With FIPS
sorry to repost it ... sorry if its annoying anyone.. has anyone faced with same issues ... really need of help here ... Thanks, Rajesh. On Tue, Oct 26, 2010 at 3:54 PM, rajesh kumar rajeshdavul...@gmail.comwrote: Hi All, According to UserGuide i am trying to add hash to my Project DLL as i am linking the OpenSSL Lib statically. While calling fipslink.pl i do see following link errors.. Dump from the command prompt ... TSPFIPSnmake -f Add_FipsHash_TSP.mak Microsoft (R) Program Maintenance Utility Version 8.00.50727.42 Copyright (C) Microsoft Corporation. All rights reserved. Building CiscoTSP with Hash for Self Test SET FIPS_LINK=link SET FIPS_CC=cl SET FIPS_CC_ARGS=/Fo\fips_premain.obj -I -I /MD /Ox /O2 /Ob2 /W3 /WX /Gs 0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32 -DWINDLL -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE / Fdout32 -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD C2 -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_KRB5 -D OPENSSL_FIPS -DOPENSSL_NO_DYNAMIC_ENGINE /Zl -c SET FIPS_PREMAIN_SRC=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\o penssl-fips-1.2\out32\fips_premain.c SET PREMAIN_DSO_EXE=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\op enssl-fips-1.2\out32\fips_premain_dso.exe SET PREMAIN_SHA1_EXE=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\o penssl-fips-1.2\out32\fips_standalone_sha1.exe SET FIPS_SHA1_EXE=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\open ssl-fips-1.2\out32\fips_standalone_sha1.exe SET O_FIPSCANISTER=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\ope nssl-fips-1.2\out32\fipscanister.lib SET FIPS_TARGET=..\Win32\ReleaseMinDependency\CiscoTSP.dll SET FIPSLIB_D=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\openssl- fips-1.2\out32 perl fipslink.pl /nologo /opt:ref /machine:x86 /subsystem:console /dll / NOENTRY msvcrt.lib /NODEFAULTLIB:nochkclr.obj /INCLUDE:__dllmaincrtstar...@12 /m ap /out:..\Win32\ReleaseMinDependency\CiscoTSP.dll @C:\DOCUME~1\drajesh\LOCALS ~1\Temp\nm4A1.tmp Integrity check OK cl /Fo\fips_premain.obj -I -I /MD /Ox /O2 /Ob2 /W3 /WX /Gs0 /GF /Gy /nologo -DOP ENSSL_SYSNAME_WIN32 -DWIN32 -DWINDLL -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN3 2 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE /Fdout32 -DOPENSSL_NO_C AMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_CMS -D OPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL _NO_DYNAMIC_ENGINE /Zl -c C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\ope nssl-fips-1.2\out32/fips_premain.c fips_premain.c link /nologo /opt:ref /machine:x86 /subsystem:console /dll /NOENTRY msvcrt.lib / NODEFAULTLIB:nochkclr.obj /INCLUDE:__dllmaincrtstar...@12 /map /out:..\Win32\Rel easeMinDependency\CiscoTSP.dll @C:\DOCUME~1\drajesh\LOCALS~1\Temp\nm4A1.tmp C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\openssl-fips-1.2\out32\fips_pr emain_dso.exe ..\Win32\ReleaseMinDependency\TSP.dll 5292:error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind to the r equested symbol name:.\crypto\dso\dso_win32.c:288:symname(FINGERPRINT_premain) 5292:error:2506C06A:DSO support routines:DSO_bind_func:could not bind to the req uested symbol name:.\crypto\dso\dso_lib.c:294: Get hash failure at fipslink.pl line 48. NMAKE : fatal error U1077: 'C:\Perl\bin\perl.EXE' : return code '0x1' Can some suggest me if i am missing anything Thanks, Rajesh.
Re: Adding Hash to Application : Static Build - OpenSSL With FIPS
Hi Rajesh, I've had success with integrity checking using MACs and signatures for both PE/PE+ and Elf32/64 executables and dynamic libraries on their respective platforms (not limited to a OpenSSL dll). If I recall, OpenSSL is only trying to embed a MAC. 5292:error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind to the requested symbol (1) What symbol is fipslink.pl trying to locate? (2) How is fipslink.pl trying to locate it? Is it through MinGW and nm (or other command); or is it using the Windows DebugHelp library? (3) Is the symbol present in the module? If using MinGW, try nm -D. If using a Microsoft compatible tool, use a visual tool such as PEBrowse, or a command line tool such as dumpbin. Jeff On Wed, Oct 27, 2010 at 2:07 AM, rajesh kumar rajeshdavul...@gmail.com wrote: sorry to repost it ... sorry if its annoying anyone.. has anyone faced with same issues ... really need of help here ... Thanks, Rajesh. On Tue, Oct 26, 2010 at 3:54 PM, rajesh kumar rajeshdavul...@gmail.com wrote: Hi All, According to UserGuide i am trying to add hash to my Project DLL as i am linking the OpenSSL Lib statically. While calling fipslink.pl i do see following link errors.. Dump from the command prompt ... TSPFIPSnmake -f Add_FipsHash_TSP.mak Microsoft (R) Program Maintenance Utility Version 8.00.50727.42 Copyright (C) Microsoft Corporation. All rights reserved. Building CiscoTSP with Hash for Self Test SET FIPS_LINK=link SET FIPS_CC=cl SET FIPS_CC_ARGS=/Fo\fips_premain.obj -I -I /MD /Ox /O2 /Ob2 /W3 /WX /Gs 0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32 -DWINDLL -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE / Fdout32 -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD C2 -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_KRB5 -D OPENSSL_FIPS -DOPENSSL_NO_DYNAMIC_ENGINE /Zl -c SET FIPS_PREMAIN_SRC=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\o penssl-fips-1.2\out32\fips_premain.c SET PREMAIN_DSO_EXE=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\op enssl-fips-1.2\out32\fips_premain_dso.exe SET PREMAIN_SHA1_EXE=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\o penssl-fips-1.2\out32\fips_standalone_sha1.exe SET FIPS_SHA1_EXE=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\open ssl-fips-1.2\out32\fips_standalone_sha1.exe SET O_FIPSCANISTER=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\ope nssl-fips-1.2\out32\fipscanister.lib SET FIPS_TARGET=..\Win32\ReleaseMinDependency\CiscoTSP.dll SET FIPSLIB_D=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\openssl- fips-1.2\out32 perl fipslink.pl /nologo /opt:ref /machine:x86 /subsystem:console /dll / NOENTRY msvcrt.lib /NODEFAULTLIB:nochkclr.obj /INCLUDE:__dllmaincrtstar...@12 /m ap /out:..\Win32\ReleaseMinDependency\CiscoTSP.dll @C:\DOCUME~1\drajesh\LOCALS ~1\Temp\nm4A1.tmp Integrity check OK cl /Fo\fips_premain.obj -I -I /MD /Ox /O2 /Ob2 /W3 /WX /Gs0 /GF /Gy /nologo -DOP ENSSL_SYSNAME_WIN32 -DWIN32 -DWINDLL -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN3 2 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE /Fdout32 -DOPENSSL_NO_C AMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_CMS -D OPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL _NO_DYNAMIC_ENGINE /Zl -c C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\ope nssl-fips-1.2\out32/fips_premain.c fips_premain.c link /nologo /opt:ref /machine:x86 /subsystem:console /dll /NOENTRY msvcrt.lib / NODEFAULTLIB:nochkclr.obj /INCLUDE:__dllmaincrtstar...@12 /map /out:..\Win32\Rel easeMinDependency\CiscoTSP.dll @C:\DOCUME~1\drajesh\LOCALS~1\Temp\nm4A1.tmp C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\openssl-fips-1.2\out32\fips_pr emain_dso.exe ..\Win32\ReleaseMinDependency\TSP.dll 5292:error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind to the r equested symbol name:.\crypto\dso\dso_win32.c:288:symname(FINGERPRINT_premain) 5292:error:2506C06A:DSO support routines:DSO_bind_func:could not bind to the req uested symbol name:.\crypto\dso\dso_lib.c:294: Get hash failure at fipslink.pl line 48. NMAKE : fatal error U1077: 'C:\Perl\bin\perl.EXE' : return code '0x1' Can some suggest me if i am missing anything Thanks, Rajesh. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Adding Hash to Application : Static Build - OpenSSL With FIPS
Hi Jeff, first of all a big thanks for reply ... i am trying to build it on Windows using VS2005. as suggested by Dr. Stephen and others on OpenSSL threads, i have build FIPS on FIPS 1.2 Module and then linking it against OpenSSL Build 0.9.8l to build FIPS Capable OpenSSL - cd C:\OPENSSL_BUILD\openssl-fips-1.2 - ms\do_fips no-asm - this is to build FIPS Module - cd C:\OPENSSL_BUILD\openssl-0.9.8l - perl Configure VC-WIN32 fips --with-fipslibdir=C:\OPENSSL_BUILD\openssl-fips-1.2\out32dll - nmake -f ms\nt.mak - to build static OpenSSL First I would like to know if the steps and procedure i followed to Build OpenSSL with FIPS is correct. can you please help me here. 5292:error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind to the requested symbol (1) What symbol is fipslink.pl trying to locate? 5292:error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind to the r equested symbol name:.\crypto\dso\dso_win32.c:288:symname(FINGERPRINT_premain) it shows error with Symname : FINGERPRINT_premain - this is when i try to call fipslink.pl to add hash to my application. thanks, Rajesh. On Wed, Oct 27, 2010 at 1:18 PM, Jeffrey Walton noloa...@gmail.com wrote: Hi Rajesh, I've had success with integrity checking using MACs and signatures for both PE/PE+ and Elf32/64 executables and dynamic libraries on their respective platforms (not limited to a OpenSSL dll). If I recall, OpenSSL is only trying to embed a MAC. 5292:error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind to the requested symbol (1) What symbol is fipslink.pl trying to locate? (2) How is fipslink.pl trying to locate it? Is it through MinGW and nm (or other command); or is it using the Windows DebugHelp library? (3) Is the symbol present in the module? If using MinGW, try nm -D. If using a Microsoft compatible tool, use a visual tool such as PEBrowse, or a command line tool such as dumpbin. Jeff On Wed, Oct 27, 2010 at 2:07 AM, rajesh kumar rajeshdavul...@gmail.com wrote: sorry to repost it ... sorry if its annoying anyone.. has anyone faced with same issues ... really need of help here ... Thanks, Rajesh. On Tue, Oct 26, 2010 at 3:54 PM, rajesh kumar rajeshdavul...@gmail.com wrote: Hi All, According to UserGuide i am trying to add hash to my Project DLL as i am linking the OpenSSL Lib statically. While calling fipslink.pl i do see following link errors.. Dump from the command prompt ... TSPFIPSnmake -f Add_FipsHash_TSP.mak Microsoft (R) Program Maintenance Utility Version 8.00.50727.42 Copyright (C) Microsoft Corporation. All rights reserved. Building CiscoTSP with Hash for Self Test SET FIPS_LINK=link SET FIPS_CC=cl SET FIPS_CC_ARGS=/Fo\fips_premain.obj -I -I /MD /Ox /O2 /Ob2 /W3 /WX /Gs 0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32 -DWINDLL -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE / Fdout32 -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD C2 -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_KRB5 -D OPENSSL_FIPS -DOPENSSL_NO_DYNAMIC_ENGINE /Zl -c SET FIPS_PREMAIN_SRC=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\o penssl-fips-1.2\out32\fips_premain.c SET PREMAIN_DSO_EXE=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\op enssl-fips-1.2\out32\fips_premain_dso.exe SET PREMAIN_SHA1_EXE=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\o penssl-fips-1.2\out32\fips_standalone_sha1.exe SET FIPS_SHA1_EXE=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\open ssl-fips-1.2\out32\fips_standalone_sha1.exe SET O_FIPSCANISTER=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\ope nssl-fips-1.2\out32\fipscanister.lib SET FIPS_TARGET=..\Win32\ReleaseMinDependency\CiscoTSP.dll SET FIPSLIB_D=C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\openssl- fips-1.2\out32 perl fipslink.pl /nologo /opt:ref /machine:x86 /subsystem:console /dll / NOENTRY msvcrt.lib /NODEFAULTLIB:nochkclr.obj /INCLUDE:__dllmaincrtstar...@12 /m ap /out:..\Win32\ReleaseMinDependency\CiscoTSP.dll @C:\DOCUME~1\drajesh\LOCALS ~1\Temp\nm4A1.tmp Integrity check OK cl /Fo\fips_premain.obj -I -I /MD /Ox /O2 /Ob2 /W3 /WX /Gs0 /GF /Gy /nologo -DOP ENSSL_SYSNAME_WIN32 -DWIN32 -DWINDLL -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN3 2 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE /Fdout32 -DOPENSSL_NO_C AMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_CMS -D OPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL _NO_DYNAMIC_ENGINE /Zl -c C:\OpenSSL-work\OpenSSL_Downloaded\openssl-0.9.8l\ope nssl-fips-1.2\out32/fips_premain.c fips_premain.c link /nologo /opt:ref /machine:x86 /subsystem:console /dll /NOENTRY msvcrt.lib /