Re: FIPS 1.2.2 build for Windows Vista
On Wed, Mar 09, 2011, Collins, Jerry wrote: > Stephan, > Maybe I'm confused, and it's been two years since I dealt with this, > but I thought the libeayfips32.lib was built as part of the fips build, > not as a follow on step. Also, the libeay32.lib that is built by the > ms\do_fips no-asm doesn't give me an option of whether to build a DLL or > static library. It automatically builds a DLL. > The build process has changed since the 1.1 module: which had to use MingW. The 1.2 modules uses VC++ throughout and you need two steps. The reason you build a FIPS capable OpenSSL is so you can keep up to date with security and bugfixes outside the validated code. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: FIPS 1.2.2 build for Windows Vista
Stephan, Maybe I'm confused, and it's been two years since I dealt with this, but I thought the libeayfips32.lib was built as part of the fips build, not as a follow on step. Also, the libeay32.lib that is built by the ms\do_fips no-asm doesn't give me an option of whether to build a DLL or static library. It automatically builds a DLL. Thanks, Jerry -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Wednesday, March 09, 2011 6:09 AM To: openssl-users@openssl.org Subject: Re: FIPS 1.2.2 build for Windows Vista On Tue, Mar 08, 2011, Collins, Jerry wrote: > Hello, > My company recently decided to upgrade to the latest FIPS release > 1.2.2. I've read the Security and User Manual. According to them, the > only command we can give is ms\do_fips no-asm. > Well for Vista you'd be better with ms\do_fips or you'll get reduced performance: you just need to install the free nasm assembler. > While this runs, I see several problems. > 1) The build now builds dlls. In the past we did not use DLLs and > would prefer not to change at this point. > 2) The build process doesn't build the libeayfips32.lib or the > libeaycompat32.lib. As far as I can tell, these are still required. > > I've taken a look at the scripts and can see references to the libraries > in the VC-32.pl script. Unfortunately, I've no real experience with > perl and can't follow the flow to see if this script is being called, > and if so, with the proper parameters. I can't even tell how perl > handles parameters. > > I'm building on a Windows Vista (32 bit) system, using Visual Studio > 2008 and the Window 7 SDK. > > Any help will be greatly appreciated. > The standard procedure is to build and install the validated module in accordance with the security policy. The use the latest version of OpenSSL 0.9.8 to build an FIPS capable version of OpenSSL. That can build DLLs or static libraries. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: FIPS 1.2.2 build for Windows Vista
On Tue, Mar 08, 2011, Collins, Jerry wrote: > Hello, > My company recently decided to upgrade to the latest FIPS release > 1.2.2. I've read the Security and User Manual. According to them, the > only command we can give is ms\do_fips no-asm. > Well for Vista you'd be better with ms\do_fips or you'll get reduced performance: you just need to install the free nasm assembler. > While this runs, I see several problems. > 1) The build now builds dlls. In the past we did not use DLLs and > would prefer not to change at this point. > 2) The build process doesn't build the libeayfips32.lib or the > libeaycompat32.lib. As far as I can tell, these are still required. > > I've taken a look at the scripts and can see references to the libraries > in the VC-32.pl script. Unfortunately, I've no real experience with > perl and can't follow the flow to see if this script is being called, > and if so, with the proper parameters. I can't even tell how perl > handles parameters. > > I'm building on a Windows Vista (32 bit) system, using Visual Studio > 2008 and the Window 7 SDK. > > Any help will be greatly appreciated. > The standard procedure is to build and install the validated module in accordance with the security policy. The use the latest version of OpenSSL 0.9.8 to build an FIPS capable version of OpenSSL. That can build DLLs or static libraries. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org