Re: fipslink
I'm able to build a simple application using fips openssl library. Here is my build script: SET FIPS_PATH=D:\usr\local\ssl\fips-2.0 SET INC_D=D:\openssl-1.0.1c\inc32 SET INCL_D=D:\openssl-1.0.1c\tmp32 SET INC=-I %INC_D% -I %INCL_D% SET CFLAG=/MD /Ox -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -I\usr\local\ssl\fips-2.0/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE SET LIB_CFLAG= /Zl /Zi SET SHLIB_CFLAG= SET SHLIB_CFLAGS=%INC% %CFLAG% %LIB_CFLAG% %SHLIB_CFLAG% SET FIPS_LINK=link SET FIPS_CC=cl SET FIPS_CC_ARGS=/FoD:\Projects\TestPrograms\TestFIPSOpenssl\x64\Release\ %SHLIB_CFLAGS% -c SET PREMAIN_DSO_EXE= SET FIPS_TARGET=D:\Projects\TestPrograms\TestFIPSOpenssl\x64\Release\TestFIPSOpenssl.exe SET FIPS_SHA1_EXE=%FIPS_PATH%\bin\fips_standalone_sha1.exe SET FIPSLIB_D=%FIPS_PATH%\lib perl %FIPS_PATH%\bin\fipslink.pl /nologo /subsystem:console /opt:ref /debug /map /OUT:D:\Projects\TestPrograms\TestFIPSOpenssl\x64\Release\TestFIPSOpenssl.exe /LIBPATH:\D:\usr\local\ssl\fips-2.0\lib\ /LIBPATH:\D:\openssl-1.0.1c\out32\ ssleay32.lib libeayfips32.lib fipscanister.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib x64\Release\main.obj x64\Release\fips_premain.obj Hope it helps! Thanks Raghav On Wed, Apr 3, 2013 at 6:45 PM, Raghav Varadan raghavssubscr...@gmail.comwrote: Alrite Thanks Jon! Did anyone else had any success on linking your application with fips capable static libraries? I have been stuck on this and I would appreciate any help. Thanks Raghav On Wed, Apr 3, 2013 at 6:15 PM, Jon Evers jon.ev...@go2vanguard.comwrote: I could either get it to link, but fail the premain test or not get it to link. I never did get even a simple application to compile and run.** ** I haven’t had time since my last post to work on it. I’ve been side tracked by our (way behind) software release. -Jon Evers -- *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *Raghav Varadan *Sent:* Wednesday, April 03, 2013 5:59 PM *To:* openssl-users@openssl.org *Subject:* Re: fipslink ** ** Jon, I have the same problem that you were mentioning in your thread. I built a batch file similar to yours and I'm getting the link error in the first pass. Were you able to find a solution for this? Following are the link errors I'm getting: fips_premain.obj : error LNK2001: unresolved external symbol unsigned char * FIPS_signature (?FIPS_signature@@3PAEA) fips_premain.obj : error LNK2019: unresolved external symbol unsigned int __cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int) (?FIPS_incor e_fingerprint@@YAIPEAEI@Z) referenced in function void __cdecl FINGERPRINT_premain(void) (?FINGERPRINT_premain@@YAXXZ) fips_premain.obj : error LNK2019: unresolved external symbol void const * __cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPEBXXZ) referenced in f unction void __cdecl FINGERPRINT_premain(void) (?FINGERPRINT_premain@ @YAXXZ) --- Here is my log: D:\TestPrograms\TestFIPSOpensslcl /Od /I D:\OpenSSL\deploy\Applications_win64_x64\include /I D:\Dev\WrkSpace_Main\depot\ExternalLibs\OpenSSL\1.0.1c-fips2.0.3\fips-src\include /D WIN32 /D _DEBUG /D _CONSOLE /D _UNICODE /D UNICODE /Gm /EHsc /RTC1 /MDd /Fox64\Debug\\ /Fdx64\Debug\vc90.pdb /W3 /nologo /c /Zi /TC /errorReport:prompt main.c main.c D:\TestPrograms\TestFIPSOpensslfips_build_script.bat D:\TestPrograms\TestFIPSOpensslSET FIPS_PATH=D:\OpenSSL\deploy\Applications_win64_x64 D:\TestPrograms\TestFIPSOpensslSET FIPS_LINK=link D:\TestPrograms\TestFIPSOpensslSET FIPS_CC=cl D:\TestPrograms\TestFIPSOpensslSET FIPS_CC_ARGS=/Fo D:\TestPrograms\TestFIPSOpenssl\x64\Debug\fips_premain.obj -ID:\Dev\WrkSpace_Ma in\depot\ExternalLibs\OpenSSL\1.0.1c-fips2.0.3\_deploy\Applications_win64_x64\include /MD /O1 -DOPENSSL_THREADS -DDSO_WIN32 -DOPENSSL_NO_ERR -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -ID:\Dev\WrkSpace_Main\depot\Ext ernalLibs\OpenSSL\1.0.1c-fips2.0.3\_deploy\Applications_win64_x64/include/GS
Re: fipslink
/NOLOGO /LIBPATH:D:\Dev\WrkSpace_Main\depot\ExternalLibs\OpenSSL\1.0. 1c-fips2.0.3\_deploy\Applications_win64_x64\lib /MANIFEST /MANIFESTFILE:x64\Debug\TestFIPSOpenssl.exe.intermediate.manifest /MANIFESTUAC:level='asI nvoker' uiAccess='false' /DEBUG /PDB:D:\TestPrograms\TestFIPSOpenssl\x64\Debug\TestFIPSOpenssl.pdb /SUBSYSTEM:CONSOLE /DYNAMICBASE /NXCOMP AT /MACHINE:X64 /ERRORREPORT:PROMPT fipscanister.lib opensslcryptofips.lib opensslssl.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib x64\Debug\main.obj x64\Debug\fips_premain.obj MSVCRTD.lib(cinitexe.obj) : warning LNK4098: defaultlib 'msvcrt.lib' conflicts with use of other libs; use /NODEFAULTLIB:library fips_premain.obj : error LNK2001: unresolved external symbol unsigned char * FIPS_signature (?FIPS_signature@@3PAEA) fips_premain.obj : error LNK2019: unresolved external symbol unsigned int __cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int) (?FIPS_incor e_fingerprint@@YAIPEAEI@Z) referenced in function void __cdecl FINGERPRINT_premain(void) (?FINGERPRINT_premain@@YAXXZ) fips_premain.obj : error LNK2019: unresolved external symbol void const * __cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPEBXXZ) referenced in f unction void __cdecl FINGERPRINT_premain(void) (?FINGERPRINT_premain@ @YAXXZ) D:\TestPrograms\TestFIPSOpenssl\x64\Debug\TestFIPSOpenssl.exe : fatal error LNK1120: 3 unresolved externals First stage Link failure at D:\OpenSSL\deploy\Applications_win64_x64\bin\ fipslink.pl line 55. Thanks! Regards, Raghav On Thu, Feb 7, 2013 at 2:26 PM, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton Sent: Wednesday, 06 February, 2013 16:59 To: openssl-users@openssl.org Subject: Re: fipslink On Wed, Feb 6, 2013 at 2:40 PM, Memmott, Lester lester.memm...@landesk.com wrote: Jon, I'm having trouble with fipslink as well and thought it might help to compare notes. These are the linker errors I'm getting using Visual Studio 2008: fips_premain.obj : error LNK2001: unresolved external symbol unsigned char * FIPS_signature (?FIPS_signature@@3PAEA) fips_premain.obj : error LNK2001: unresolved external symbol void const * __cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPBXXZ) fips_premain.obj : error LNK2001: unresolved external symbol unsigned int __cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int) (?FIPS_incore_fingerprint@@YAIPAEI@Z) What linker errors do you get? It looks like you are not compiling fips_premain.c (that's where those symbols are allocated storage). I don't think so. In my copy they are *referenced* in fips_premain.c, and allocated/defined in fips.c and fips_canister.c . Those error messages look like fips_premain.c was compiled as C++ instead of C. Since by design C++ is a superset of good C this doesn't cause errors. If OP is compiling in VisualStudio/VisualC++ (not just linking) in my experience VisualStudio defaults to force C++ and you have to manually reconfigure to allow C. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: fipslink
I could either get it to link, but fail the premain test or not get it to link. I never did get even a simple application to compile and run. I haven't had time since my last post to work on it. I've been side tracked by our (way behind) software release. -Jon Evers From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Raghav Varadan Sent: Wednesday, April 03, 2013 5:59 PM To: openssl-users@openssl.org Subject: Re: fipslink Jon, I have the same problem that you were mentioning in your thread. I built a batch file similar to yours and I'm getting the link error in the first pass. Were you able to find a solution for this? Following are the link errors I'm getting: fips_premain.obj : error LNK2001: unresolved external symbol unsigned char * FIPS_signature (?FIPS_signature@@3PAEA) fips_premain.obj : error LNK2019: unresolved external symbol unsigned int __cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int) (?FIPS_incor e_fingerprint@@YAIPEAEI@Z) referenced in function void __cdecl FINGERPRINT_premain(void) (?FINGERPRINT_premain@@YAXXZ) fips_premain.obj : error LNK2019: unresolved external symbol void const * __cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPEBXXZ) referenced in f unction void __cdecl FINGERPRINT_premain(void) (?FINGERPRINT_premain@@YAXXZ) --- Here is my log: D:\TestPrograms\TestFIPSOpensslcl /Od /I D:\OpenSSL\deploy\Applications_win64_x64\include /I D:\Dev\WrkSpace_Main\depot\ExternalLibs\OpenSSL\1.0.1c-fips2.0.3\fips-s rc\include /D WIN32 /D _DEBUG /D _CONSOLE /D _UNICODE /D UNICODE /Gm /EHsc /RTC1 /MDd /Fox64\Debug\\ /Fdx64\Debug\vc90.pdb /W3 /nologo /c /Zi /TC /errorReport:prompt main.c main.c D:\TestPrograms\TestFIPSOpensslfips_build_script.bat D:\TestPrograms\TestFIPSOpensslSET FIPS_PATH=D:\OpenSSL\deploy\Applications_win64_x64 D:\TestPrograms\TestFIPSOpensslSET FIPS_LINK=link D:\TestPrograms\TestFIPSOpensslSET FIPS_CC=cl D:\TestPrograms\TestFIPSOpensslSET FIPS_CC_ARGS=/Fo D:\TestPrograms\TestFIPSOpenssl\x64\Debug\fips_premain.obj -ID:\Dev\WrkSpace_Ma in\depot\ExternalLibs\OpenSSL\1.0.1c-fips2.0.3\_deploy\Applications_win6 4_x64\include /MD /O1 -DOPENSSL_THREADS -DDSO_WIN32 -DOPENSSL_NO_ERR -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -ID:\Dev\WrkSpace_Main\depot\Ext ernalLibs\OpenSSL\1.0.1c-fips2.0.3\_deploy\Applications_win64_x64/includ e/GS -DOPENSSL_NO_IDEA -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC 2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_MDC2 -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_DH -DOPENSSL_NO_WHIRLPOOL -DO PENSSL_NO_SSL2 -DOPENSSL_NO_CMS -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_GOST -DOPENSSL_NO_HW -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DY NAMIC_ENGINE /Zl /Z7 -c D:\TestPrograms\TestFIPSOpensslSET PREMAIN_DSO_EXE= D:\TestPrograms\TestFIPSOpensslSET FIPS_TARGET=D:\TestPrograms\TestFIPSOpenssl\x64\Debug\TestFIPSOpenssl.ex e D:\TestPrograms\TestFIPSOpensslSET FIPS_SHA1_EXE=D:\OpenSSL\deploy\Applications_win64_x64\bin\fips_standalo ne_sha1.exe D:\TestPrograms\TestFIPSOpensslSET FIPSLIB_D=D:\OpenSSL\deploy\Applications_win64_x64\lib D:\TestPrograms\TestFIPSOpensslperl D:\OpenSSL\deploy\Applications_win64_x64\bin\fips link.pl /OUT:D:\TestPrograms\TestFIPSOpenssl\x64\Debug\TestFIPSOpenssl.exe /NOLOGO /LIBPATH:D:\Dev\WrkSpace_Main\depot\ExternalLibs\OpenSS L\1.0.1c-fips2.0.3\_deploy\Applications_win64_x64\lib /MANIFEST /MANIFESTFILE:\x64\Debug\TestFIPSOpenssl.exe.intermediate.manifest\ /MANIFESTUAC:\ level='asInvoker' uiAccess='false'\ /DEBUG /PDB:\D:\TestPrograms\TestFIPSOpenssl\x64\Debug\TestFIPSOpenssl.pdb\ /SUBSYSTEM:CONSOLE /DYNAMI CBASE /NXCOMPAT /MACHINE:X64 /ERRORREPORT:PROMPT fipscanister.lib opensslcryptofips.lib opensslssl.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib x64\Debug\main.obj x64\Debug\fips_premain.obj Integrity check OK cl /Fo D:\TestPrograms\TestFIPSOpenssl\x64\Debug\fips_premain.obj -ID:\OpenSSL\deploy\ Applications_win64_x64\include /MD /O1 -DOPENSSL_THREADS -DDSO_WIN32 -DOPENSSL_NO_ERR -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_M EAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -ID:\OpenSSL\deploy\Applications _win64_x64/include/GS -DOPENSSL_NO_IDEA -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_MDC2 -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_DH
Re: fipslink
Alrite Thanks Jon! Did anyone else had any success on linking your application with fips capable static libraries? I have been stuck on this and I would appreciate any help. Thanks Raghav On Wed, Apr 3, 2013 at 6:15 PM, Jon Evers jon.ev...@go2vanguard.com wrote: I could either get it to link, but fail the premain test or not get it to link. I never did get even a simple application to compile and run.*** * I haven’t had time since my last post to work on it. I’ve been side tracked by our (way behind) software release. -Jon Evers -- *From:* owner-openssl-us...@openssl.org [mailto: owner-openssl-us...@openssl.org] *On Behalf Of *Raghav Varadan *Sent:* Wednesday, April 03, 2013 5:59 PM *To:* openssl-users@openssl.org *Subject:* Re: fipslink ** ** Jon, I have the same problem that you were mentioning in your thread. I built a batch file similar to yours and I'm getting the link error in the first pass. Were you able to find a solution for this? Following are the link errors I'm getting: fips_premain.obj : error LNK2001: unresolved external symbol unsigned char * FIPS_signature (?FIPS_signature@@3PAEA) fips_premain.obj : error LNK2019: unresolved external symbol unsigned int __cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int) (?FIPS_incor e_fingerprint@@YAIPEAEI@Z) referenced in function void __cdecl FINGERPRINT_premain(void) (?FINGERPRINT_premain@@YAXXZ) fips_premain.obj : error LNK2019: unresolved external symbol void const * __cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPEBXXZ) referenced in f unction void __cdecl FINGERPRINT_premain(void) (?FINGERPRINT_premain@ @YAXXZ) --- Here is my log: D:\TestPrograms\TestFIPSOpensslcl /Od /I D:\OpenSSL\deploy\Applications_win64_x64\include /I D:\Dev\WrkSpace_Main\depot\ExternalLibs\OpenSSL\1.0.1c-fips2.0.3\fips-src\include /D WIN32 /D _DEBUG /D _CONSOLE /D _UNICODE /D UNICODE /Gm /EHsc /RTC1 /MDd /Fox64\Debug\\ /Fdx64\Debug\vc90.pdb /W3 /nologo /c /Zi /TC /errorReport:prompt main.c main.c D:\TestPrograms\TestFIPSOpensslfips_build_script.bat D:\TestPrograms\TestFIPSOpensslSET FIPS_PATH=D:\OpenSSL\deploy\Applications_win64_x64 D:\TestPrograms\TestFIPSOpensslSET FIPS_LINK=link D:\TestPrograms\TestFIPSOpensslSET FIPS_CC=cl D:\TestPrograms\TestFIPSOpensslSET FIPS_CC_ARGS=/Fo D:\TestPrograms\TestFIPSOpenssl\x64\Debug\fips_premain.obj -ID:\Dev\WrkSpace_Ma in\depot\ExternalLibs\OpenSSL\1.0.1c-fips2.0.3\_deploy\Applications_win64_x64\include /MD /O1 -DOPENSSL_THREADS -DDSO_WIN32 -DOPENSSL_NO_ERR -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -ID:\Dev\WrkSpace_Main\depot\Ext ernalLibs\OpenSSL\1.0.1c-fips2.0.3\_deploy\Applications_win64_x64/include/GS -DOPENSSL_NO_IDEA -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC 2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_MDC2 -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_DH -DOPENSSL_NO_WHIRLPOOL -DO PENSSL_NO_SSL2 -DOPENSSL_NO_CMS -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_GOST -DOPENSSL_NO_HW -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DY NAMIC_ENGINE /Zl /Z7 -c D:\TestPrograms\TestFIPSOpensslSET PREMAIN_DSO_EXE= D:\TestPrograms\TestFIPSOpensslSET FIPS_TARGET=D:\TestPrograms\TestFIPSOpenssl\x64\Debug\TestFIPSOpenssl.exe D:\TestPrograms\TestFIPSOpensslSET FIPS_SHA1_EXE=D:\OpenSSL\deploy\Applications_win64_x64\bin\fips_standalone_sha1.exe D:\TestPrograms\TestFIPSOpensslSET FIPSLIB_D=D:\OpenSSL\deploy\Applications_win64_x64\lib D:\TestPrograms\TestFIPSOpensslperl D:\OpenSSL\deploy\Applications_win64_x64\bin\fips link.pl/OUT:D:\TestPrograms\TestFIPSOpenssl\x64\Debug\TestFIPSOpenssl.exe /NOLOGO /LIBPATH:D:\Dev\WrkSpace_Main\depot\ExternalLibs\OpenSS L\1.0.1c-fips2.0.3\_deploy\Applications_win64_x64\lib /MANIFEST /MANIFESTFILE:\x64\Debug\TestFIPSOpenssl.exe.intermediate.manifest\ /MANIFESTUAC:\ level='asInvoker' uiAccess='false'\ /DEBUG /PDB:\D:\TestPrograms\TestFIPSOpenssl\x64\Debug\TestFIPSOpenssl.pdb\ /SUBSYSTEM:CONSOLE /DYNAMI CBASE /NXCOMPAT /MACHINE:X64 /ERRORREPORT:PROMPT fipscanister.lib opensslcryptofips.lib opensslssl.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib x64\Debug\main.obj x64\Debug\fips_premain.obj Integrity check OK cl /Fo D:\TestPrograms\TestFIPSOpenssl\x64\Debug\fips_premain.obj -ID:\OpenSSL\deploy\ Applications_win64_x64\include /MD /O1 -DOPENSSL_THREADS
RE: fipslink
Jeff, Thanks for the suggestion but that isn't the case. You'll note below that the unresolved external symbols are from fips_premain.obj, which was naturally compiled from fips_premain.c. fips_premain.obj : error LNK2001: unresolved external symbol unsigned In looking at fips_premain.c, these symbols are defined at external so they must come from somewhere else: extern const void *FIPS_text_start(), *FIPS_text_end(); extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[]; extern unsigned char FIPS_signature[20]; extern unsigned intFIPS_incore_fingerprint(unsigned char *,unsigned int); I see that some of them are defined in fips.c. I'm assuming that they should have been included in libeay32.lib when I compiled it with the fips module. Still checking. Thanks, Lester -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeffrey Walton Sent: Wednesday, February 06, 2013 2:59 PM To: openssl-users@openssl.org Subject: Re: fipslink On Wed, Feb 6, 2013 at 2:40 PM, Memmott, Lester lester.memm...@landesk.com wrote: Jon, I’m having trouble with fipslink as well and thought it might help to compare notes. These are the linker errors I’m getting using Visual Studio 2008: fips_premain.obj : error LNK2001: unresolved external symbol unsigned char * FIPS_signature (?FIPS_signature@@3PAEA) fips_premain.obj : error LNK2001: unresolved external symbol void const * __cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPBXXZ) fips_premain.obj : error LNK2001: unresolved external symbol unsigned int __cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int) (?FIPS_incore_fingerprint@@YAIPAEI@Z) What linker errors do you get? It looks like you are not compiling fips_premain.c (that's where those symbols are allocated storage). Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org :��IϮ��r�m (Z+�K�+1���x��h[�z�(Z+���f�y���f���h��)z{,���
Re: fipslink
On Wed, Feb 06, 2013, Memmott, Lester wrote: Jon, I???m having trouble with fipslink as well and thought it might help to compare notes. These are the linker errors I???m getting using Visual Studio 2008: If you can it is far easier to link against the DLLs created by the FIPS capable OpenSSL. Then you can forget all about fipslink.pl and just link as you normally would. If you have to link against the static libraries then you have to use fipslink.pl to embed the appropriate signature. There are examples in the nt.mak makefile which uses it all the time to created static executables. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: fipslink
Jon, I've not made any meaningful progress yet, but found a few interesting things. I'm using fipslink.pl as is and didn't have to modify it. Did you have to modify yours before you called ntdll.mak? It's used in there. I didn't have to modify it to build openssl but when I looked carefully, I found that fipslink.pl was used to compile libeay32.dll, but not for openssl.exe. Link libeay32.dll in ntdll.mak. Note that FIPSLINK is used and O_FIPSCANISTER is included along with fips_premain.obj: $(O_CRYPTO): $(CRYPTOOBJ) $(O_FIPSCANISTER) $(PREMAIN_DSO_EXE) SET FIPS_LINK=$(LINK) SET FIPS_CC=$(CC) SET FIPS_CC_ARGS=/Fo$(OBJ_D)\fips_premain.obj $(SHLIB_CFLAGS) -c SET PREMAIN_DSO_EXE=$(PREMAIN_DSO_EXE) SET FIPS_SHA1_EXE=$(FIPS_SHA1_EXE) SET FIPS_TARGET=$(O_CRYPTO) SET FIPSLIB_D=$(FIPSLIB_D) $(FIPSLINK) $(MLFLAGS) /map /base:$(BASEADDR) /out:$(O_CRYPTO) /def:ms/LIBEAY32.def @ $(SHLIB_EX_OBJ) $(CRYPTOOBJ) $(O_FIPSCANISTER) $(EX_LIBS) $(OBJ_D)\fips_premain.obj IF EXIST $@.manifest mt -nologo -manifest $@.manifest -outputresource:$@;2 Link openssl.exe in ntdll.mak. Note that it does not use FIPSLINK! Is it an oversight? I'm not sure. $(BIN_D)\$(E_EXE).exe: $(E_OBJ) $(LIBS_DEP) $(LINK) $(LFLAGS) /out:$(BIN_D)\$(E_EXE).exe @ $(APP_EX_OBJ) $(E_OBJ) $(L_LIBS) $(EX_LIBS) IF EXIST $@.manifest mt -nologo -manifest $@.manifest -outputresource:$@;1 The binary I'm trying to build is an EXE so the example in ntdll.mak isn't much help. Also, the change I made by adding perl (see below) was after building openssl and since $fips_premain_dso is defined to be an EXE, not perl script, it would have worked for the EXE. Now with my change, if rebuild openssl, it would probably fail. Also not that I had to edit fipslink.pl to make it run. I added perl to these two lines (about line 57 58): print perl $fips_premain_dso $fips_target\n; system(perl $fips_premain_dso $fips_target $fips_target.sha1); My equivalent of your @link.rsp does not have fips_premain in it. I thought fipslink compiled and linked that for me. In the example for libeay32 that I've copied in this email (above), it shows $(FIPSLINK) with both O_FIPSANISTER and fips_premain.obj. They put it on the command-line. I chose to put it in my rsp file. It should be equivalent to the linker. From what I observed, fipslink does complie fips_premain.c automatically, but it doesn't automatically include the .obj from that in the link stage. There seems to be lack of consistency for this. Here it is in fipslink.pl: print $fips_link @ARGV\n; system $fips_link @ARGV; It looks like you and I are bumping up against very similar issues. I'd love to hear from someone who has successfully done this using the prescribed method. Thanks, Lester -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jon Evers Sent: Wednesday, February 06, 2013 1:16 PM To: openssl-users@openssl.org Subject: RE: fipslink LM, Thanks for jumping in the bus with me :) I haven't had a chance to work through your last email, but was planning to soon. I see you attached your make file also, which I need to try out. I get very similar errors, but not the same functions. Mine look like: VED.obj : Error LNK2019: unresolved external symbol _FIPS_hmac_ctx_cleanup referenced in function void __cdecl dofile(struct _iobuf *) (?dofile@@YAXPAU_iobuif@@@Z) And similar for: FIPS_hmac_final FIPS_hmac_update FIPS_hmac_init_ex FIPS_evp_sha1 FIPS_hmac_ctx_init I'm using fipslink.pl as is and didn't have to modify it. Did you have to modify yours before you called ntdll.mak? It's used in there. Also, it looks like you are stuck on fips_premain. I don't include that in my makefile directly because fipslink.pl is suppose to do it for me. fips_premain compiles and I don't have any link errors from fips_premain.obj. My equivalent of your @link.rsp does not have fips_premain in it. I thought fipslink compiled and linked that for me. M my fipslink.pl dies at First stage Link Failure - Line 55, which is the same place you get to. I can't really copy my make files because they are on a secure system, so I have to type everything here. Thanks, -Jon -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Memmott, Lester Sent: Wednesday, February 06, 2013 11:40 AM To: openssl-users@openssl.org Subject: RE: fipslink Jon, I’m having trouble with fipslink as well and thought it might help to compare notes. These are the linker errors I’m getting using Visual Studio 2008: fips_premain.obj : error LNK2001: unresolved external symbol unsigned char * FIPS_signature (?FIPS_signature@@3PAEA) fips_premain.obj : error LNK2001: unresolved external symbol void const * __cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPBXXZ
RE: fipslink
Dr Henson, Thanks so much for your response. Perhaps some clarification is in order. When you state static libraries are you referring to libeay32 being statically linked with the c runtime libraries? ...or do you mean my application statically linking in the openssl libraries? Thanks, Lester -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Thursday, February 07, 2013 8:00 AM To: openssl-users@openssl.org Subject: Re: fipslink On Wed, Feb 06, 2013, Memmott, Lester wrote: Jon, I???m having trouble with fipslink as well and thought it might help to compare notes. These are the linker errors I???m getting using Visual Studio 2008: If you can it is far easier to link against the DLLs created by the FIPS capable OpenSSL. Then you can forget all about fipslink.pl and just link as you normally would. If you have to link against the static libraries then you have to use fipslink.pl to embed the appropriate signature. There are examples in the nt.mak makefile which uses it all the time to created static executables. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: fipslink
On Thu, Feb 07, 2013, Memmott, Lester wrote: Thanks so much for your response. Perhaps some clarification is in order. When you state static libraries are you referring to libeay32 being statically linked with the c runtime libraries? ...or do you mean my application statically linking in the openssl libraries? I mean your application liking to the static versions of the OpenSSL libraries: that is those that appear in out32 when you use the makefile ms\nt.mak. If you link against libeay32.dll (as built by ms\ntdll.mak) then you don't need to do anything special to get FIPS working: just link as you normally would. That's why the lines in ntdll.mak which create openssl.exe don't use fipslink.pl. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: fipslink
Dr Henson, Excellent! Thanks for clarifying that for us! Jon, I'm using dynamic openssl libraries so I have no need pursue this further. If you still do, good luck! Thanks, Lester __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: fipslink
From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton Sent: Wednesday, 06 February, 2013 16:59 To: openssl-users@openssl.org Subject: Re: fipslink On Wed, Feb 6, 2013 at 2:40 PM, Memmott, Lester lester.memm...@landesk.com wrote: Jon, I'm having trouble with fipslink as well and thought it might help to compare notes. These are the linker errors I'm getting using Visual Studio 2008: fips_premain.obj : error LNK2001: unresolved external symbol unsigned char * FIPS_signature (?FIPS_signature@@3PAEA) fips_premain.obj : error LNK2001: unresolved external symbol void const * __cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPBXXZ) fips_premain.obj : error LNK2001: unresolved external symbol unsigned int __cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int) (?FIPS_incore_fingerprint@@YAIPAEI@Z) What linker errors do you get? It looks like you are not compiling fips_premain.c (that's where those symbols are allocated storage). I don't think so. In my copy they are *referenced* in fips_premain.c, and allocated/defined in fips.c and fips_canister.c . Those error messages look like fips_premain.c was compiled as C++ instead of C. Since by design C++ is a superset of good C this doesn't cause errors. If OP is compiling in VisualStudio/VisualC++ (not just linking) in my experience VisualStudio defaults to force C++ and you have to manually reconfigure to allow C. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: fipslink
Jon, I’m having trouble with fipslink as well and thought it might help to compare notes. These are the linker errors I’m getting using Visual Studio 2008: fips_premain.obj : error LNK2001: unresolved external symbol unsigned char * FIPS_signature (?FIPS_signature@@3PAEA) fips_premain.obj : error LNK2001: unresolved external symbol void const * __cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPBXXZ) fips_premain.obj : error LNK2001: unresolved external symbol unsigned int __cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int) (?FIPS_incore_fingerprint@@YAIPAEI@Z) What linker errors do you get? Below are more details on how I did this using a batch file to setup the environment variables that calls the perl script. Also not that I had to edit fipslink.pl to make it run. I added perl to these two lines (about line 57 58): print perl $fips_premain_dso $fips_target\n; system(perl $fips_premain_dso $fips_target $fips_target.sha1); Thanks, LM === I created this batch file to run the perl script: @echo off rem This batch file is intended to build FipsSample.exe in a FIPS enabled fashion. rem Built the project first in Visual Studio 2008 and then run this as a post build step. rem See section 5.3.2 Linking under Windows of the OpenSSL FIPS User Guide for details about this. rem http://www.openssl.org/docs/fips/UserGuide-2.0.pdf rem Note: I think the docs are wrong on a couple of items. rem It should be FIPS_SHA1_EXE and not PREMAIN_SHA1_EXE. rem Associated files: link.rsp @echo on set FIPSLIB_D=c:\openssl-fips-2.0.2\out32dll set FIPS_CC=cl set FIPS_CC_ARGS=/O2 /Oi /GL /I C:\openssl-1.0.1c\inc32 /D WIN32 /D NDEBUG /D _CONSOLE /D _MBCS /FD /EHsc /MD /Gy /FoRelease\\ /FdRelease\vc90.pdb /W3 /c /Zi /TP set FIPS_LINK=link set FIPS_SHA1_EXE=C:\openssl-fips-2.0.2\out32dll\fips_standalone_sha1.exe rem The following wasn't documented in the user guide but the script tries to use it. msincore seems like the right script, but I'm not sure. set FIPS_SIG=C:\openssl-fips-2.0.2\util\msincore rem Not used to compile an EXE: set PREMAIN_DSO_EXE=C:\openssl-1.0.1c\out32dll\fips_premain_dso.exe set PREMAIN_DSO_EXE= set FIPS_TARGET=..\Release\FipsSample.exe perl c:\openssl-fips-2.0.2\util\fipslink.pl @link.rsp === link.rsp: /OUT:C:\openssl-TestUtils\FipsSample - Clean\Release\FipsSample.exe /INCREMENTAL:NO /LIBPATH:C:\openssl-1.0.1c\out32dll /MANIFEST /MANIFESTFILE:Release\FipsSample.exe.intermediate.manifest /MANIFESTUAC:level='asInvoker' uiAccess='false' /DEBUG /PDB:c:\openssl-TestUtils\FipsSample - Clean\Release\FipsSample.pdb /SUBSYSTEM:CONSOLE /OPT:REF /OPT:ICF /LTCG /DYNAMICBASE /NXCOMPAT /MACHINE:X86 libeay32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib .\Release\FipsSample.obj .\Release\stdafx.obj .\Release\fips_premain.obj === Build Output: C:\openssl-TestUtils\FipsSample - Clean\FipsSampleg C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPSLIB_D=c:\openssl-fips-2.0.2\out32dll C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPS_CC=cl C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPS_CC_ARGS=/O2 /Oi /GL /I C:\openssl-1.0.1c\inc32 /D WIN32 /D NDEBUG /D _CONSOLE /D _MBCS /FD /EHsc /MD /Gy /FoRelease\\ /FdRelease\vc90.pdb /W3 /c /Zi /TP C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPS_LINK=link C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPS_SHA1_EXE=C:\openssl-fips-2.0.2\out32dll\fips_standalone_sha1.exe C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPS_SIG=C:\openssl-fips-2.0.2\util\msincore C:\openssl-TestUtils\FipsSample - Clean\FipsSamplerem Not used to comple an EXE: set PREMAIN_DSO_EXE=C:\openssl-1.0.1c\out32dll\fips_premain_dso.exe C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset PREMAIN_DSO_EXE= C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPS_TARGET=..\Release\FipsSample.exe C:\openssl-TestUtils\FipsSample - Clean\FipsSampleperl c:\openssl-fips-2.0.2\util\fipslink.pl @link.rsp Integrity check OK cl /O2 /Oi /GL /I C:\openssl-1.0.1c\inc32 /D WIN32 /D NDEBUG /D _CONSOLE /D _MBCS /FD /EHsc /MD /Gy /FoRelease\\ /FdRelease\vc90.pdb /W3 /c /Zi /T P c:\openssl-fips-2.0.2\out32dll/fips_premain.c Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 15.00.30729.01 for 80x86 Copyright (C) Microsoft Corporation. All rights reserved. fips_premain.c link @link.rsp Microsoft (R) Incremental Linker Version 9.00.30729.01 Copyright (C) Microsoft Corporation. All rights reserved. /OUT:C:\openssl-TestUtils\FipsSample - Clean\Release\FipsSample.exe /INCREMENTAL:NO /LIBPATH:C:\openssl-1.0.1c\out32dll /MANIFEST /MANIFESTFILE:Release\Fip sSample.exe.intermediate.manifest /MANIFESTUAC:level='asInvoker' uiAccess='false
RE: fipslink
LM, Thanks for jumping in the bus with me :) I haven't had a chance to work through your last email, but was planning to soon. I see you attached your make file also, which I need to try out. I get very similar errors, but not the same functions. Mine look like: VED.obj : Error LNK2019: unresolved external symbol _FIPS_hmac_ctx_cleanup referenced in function void __cdecl dofile(struct _iobuf *) (?dofile@@YAXPAU_iobuif@@@Z) And similar for: FIPS_hmac_final FIPS_hmac_update FIPS_hmac_init_ex FIPS_evp_sha1 FIPS_hmac_ctx_init I'm using fipslink.pl as is and didn't have to modify it. Did you have to modify yours before you called ntdll.mak? It's used in there. Also, it looks like you are stuck on fips_premain. I don't include that in my makefile directly because fipslink.pl is suppose to do it for me. fips_premain compiles and I don't have any link errors from fips_premain.obj. My equivalent of your @link.rsp does not have fips_premain in it. I thought fipslink compiled and linked that for me. M my fipslink.pl dies at First stage Link Failure - Line 55, which is the same place you get to. I can't really copy my make files because they are on a secure system, so I have to type everything here. Thanks, -Jon -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Memmott, Lester Sent: Wednesday, February 06, 2013 11:40 AM To: openssl-users@openssl.org Subject: RE: fipslink Jon, I’m having trouble with fipslink as well and thought it might help to compare notes. These are the linker errors I’m getting using Visual Studio 2008: fips_premain.obj : error LNK2001: unresolved external symbol unsigned char * FIPS_signature (?FIPS_signature@@3PAEA) fips_premain.obj : error LNK2001: unresolved external symbol void const * __cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPBXXZ) fips_premain.obj : error LNK2001: unresolved external symbol unsigned int __cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int) (?FIPS_incore_fingerprint@@YAIPAEI@Z) What linker errors do you get? Below are more details on how I did this using a batch file to setup the environment variables that calls the perl script. Also not that I had to edit fipslink.pl to make it run. I added perl to these two lines (about line 57 58): print perl $fips_premain_dso $fips_target\n; system(perl $fips_premain_dso $fips_target $fips_target.sha1); Thanks, LM === I created this batch file to run the perl script: @echo off rem This batch file is intended to build FipsSample.exe in a FIPS enabled fashion. rem Built the project first in Visual Studio 2008 and then run this as a post build step. rem See section 5.3.2 Linking under Windows of the OpenSSL FIPS User Guide for details about this. rem http://www.openssl.org/docs/fips/UserGuide-2.0.pdf rem Note: I think the docs are wrong on a couple of items. rem It should be FIPS_SHA1_EXE and not PREMAIN_SHA1_EXE. rem Associated files: link.rsp @echo on set FIPSLIB_D=c:\openssl-fips-2.0.2\out32dll set FIPS_CC=cl set FIPS_CC_ARGS=/O2 /Oi /GL /I C:\openssl-1.0.1c\inc32 /D WIN32 /D NDEBUG /D _CONSOLE /D _MBCS /FD /EHsc /MD /Gy /FoRelease\\ /FdRelease\vc90.pdb /W3 /c /Zi /TP set FIPS_LINK=link set FIPS_SHA1_EXE=C:\openssl-fips-2.0.2\out32dll\fips_standalone_sha1.exe rem The following wasn't documented in the user guide but the script tries to use it. msincore seems like the right script, but I'm not sure. set FIPS_SIG=C:\openssl-fips-2.0.2\util\msincore rem Not used to compile an EXE: set PREMAIN_DSO_EXE=C:\openssl-1.0.1c\out32dll\fips_premain_dso.exe set PREMAIN_DSO_EXE= set FIPS_TARGET=..\Release\FipsSample.exe perl c:\openssl-fips-2.0.2\util\fipslink.pl @link.rsp === link.rsp: /OUT:C:\openssl-TestUtils\FipsSample - Clean\Release\FipsSample.exe /INCREMENTAL:NO /LIBPATH:C:\openssl-1.0.1c\out32dll /MANIFEST /MANIFESTFILE:Release\FipsSample.exe.intermediate.manifest /MANIFESTUAC:level='asInvoker' uiAccess='false' /DEBUG /PDB:c:\openssl-TestUtils\FipsSample - Clean\Release\FipsSample.pdb /SUBSYSTEM:CONSOLE /OPT:REF /OPT:ICF /LTCG /DYNAMICBASE /NXCOMPAT /MACHINE:X86 libeay32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib .\Release\FipsSample.obj .\Release\stdafx.obj .\Release\fips_premain.obj === Build Output: C:\openssl-TestUtils\FipsSample - Clean\FipsSampleg C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPSLIB_D=c:\openssl-fips-2.0.2\out32dll C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPS_CC=cl C:\openssl-TestUtils\FipsSample - Clean\FipsSampleset FIPS_CC_ARGS=/O2 /Oi /GL /I C:\openssl-1.0.1c\inc32 /D WIN32 /D NDEBUG /D _CONSOLE /D _MBCS /FD /EHsc /MD /Gy /FoRelease\\ /FdRelease\vc90.pdb
RE: fipslink
LM, I attempted to duplicate your work and mostly get to the same place as you. Here are my notes. nmake -f ms\ntdll.mak test //The tests fail for me with 'rsa_test' is not recognized as an internal or external command. - I get the same 'rsa_test' error perl Configure VC-WIN32 no-asm fips - I didn't specify directories, so I think openssl grabs the fips files from \usr\local\SSL\fips-2.0: I hadn't run this before: openssl-fips-2.0.2\outdllnmake -f ms\ntdll.mak test - My fips tests all complete or failure as expeted. I also did: openssl-1.0.1cnmake -f ms\ntdll.mak install My source code is the same as yours except I changed: 1) Change the exit() to call my own Exit() function 2) Used TCHAR inside my _tmain so argv matches types 3) Used C++ cout, cin in a few places and added needed header files none of which should make a difference for the linking issues we see Differences in my previous attempt to use fipslink: I created a full VED.mak file based on ntdll.mak that has fipslink and bunch of symbols in it instead of your shorter batch file method. I ran into problems because I wasn't using the installed locations (from ntdll.mak install). I didn't use the msincore step. I'm building in Debug mode, not Release I finished testing with your batch and rsp files. I had to change paths to get it to work in my environment. I get the same link errors as you, but I also get my previous link errors as well. I tried removing fips_premain.obj and then just got my older link errors. I tried adding fipscanister.lib, which removed my older link errors, but the others stayed. I end up with two fips_premain.obj. One that goes with my VS project and the other that is created by fipslink. If I use the fipslink one I get additional warnings: MSVCRT.lib(MSVCRT.DLL) : error LNK2005: _fopen already defined in LIBC.lib(fopen.obj) ...and similar for about 6 system calls. Thanks, -Jon -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Memmott, Lester Sent: Wednesday, February 06, 2013 11:40 AM To: openssl-users@openssl.org Subject: RE: fipslink Jon, I’m having trouble with fipslink as well and thought it might help to compare notes. These are the linker errors I’m getting using Visual Studio 2008: fips_premain.obj : error LNK2001: unresolved external symbol unsigned char * FIPS_signature (?FIPS_signature@@3PAEA) fips_premain.obj : error LNK2001: unresolved external symbol void const * __cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPBXXZ) fips_premain.obj : error LNK2001: unresolved external symbol unsigned int __cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int) (?FIPS_incore_fingerprint@@YAIPAEI@Z) What linker errors do you get? Below are more details on how I did this using a batch file to setup the environment variables that calls the perl script. Also not that I had to edit fipslink.pl to make it run. I added perl to these two lines (about line 57 58): print perl $fips_premain_dso $fips_target\n; system(perl $fips_premain_dso $fips_target $fips_target.sha1); Thanks, LM === I created this batch file to run the perl script: @echo off rem This batch file is intended to build FipsSample.exe in a FIPS enabled fashion. rem Built the project first in Visual Studio 2008 and then run this as a post build step. rem See section 5.3.2 Linking under Windows of the OpenSSL FIPS User Guide for details about this. rem http://www.openssl.org/docs/fips/UserGuide-2.0.pdf rem Note: I think the docs are wrong on a couple of items. rem It should be FIPS_SHA1_EXE and not PREMAIN_SHA1_EXE. rem Associated files: link.rsp @echo on set FIPSLIB_D=c:\openssl-fips-2.0.2\out32dll set FIPS_CC=cl set FIPS_CC_ARGS=/O2 /Oi /GL /I C:\openssl-1.0.1c\inc32 /D WIN32 /D NDEBUG /D _CONSOLE /D _MBCS /FD /EHsc /MD /Gy /FoRelease\\ /FdRelease\vc90.pdb /W3 /c /Zi /TP set FIPS_LINK=link set FIPS_SHA1_EXE=C:\openssl-fips-2.0.2\out32dll\fips_standalone_sha1.exe rem The following wasn't documented in the user guide but the script tries to use it. msincore seems like the right script, but I'm not sure. set FIPS_SIG=C:\openssl-fips-2.0.2\util\msincore rem Not used to compile an EXE: set PREMAIN_DSO_EXE=C:\openssl-1.0.1c\out32dll\fips_premain_dso.exe set PREMAIN_DSO_EXE= set FIPS_TARGET=..\Release\FipsSample.exe perl c:\openssl-fips-2.0.2\util\fipslink.pl @link.rsp === link.rsp: /OUT:C:\openssl-TestUtils\FipsSample - Clean\Release\FipsSample.exe /INCREMENTAL:NO /LIBPATH:C:\openssl-1.0.1c\out32dll /MANIFEST /MANIFESTFILE:Release\FipsSample.exe.intermediate.manifest /MANIFESTUAC:level='asInvoker' uiAccess='false' /DEBUG /PDB:c:\openssl-TestUtils\FipsSample - Clean\Release\FipsSample.pdb /SUBSYSTEM:CONSOLE /OPT:REF /OPT:ICF /LTCG /DYNAMICBASE /NXCOMPAT /MACHINE:X86 libeay32.lib kernel32.lib user32.lib gdi32.lib
Re: fipslink
On Wed, Feb 6, 2013 at 2:40 PM, Memmott, Lester lester.memm...@landesk.com wrote: Jon, I’m having trouble with fipslink as well and thought it might help to compare notes. These are the linker errors I’m getting using Visual Studio 2008: fips_premain.obj : error LNK2001: unresolved external symbol unsigned char * FIPS_signature (?FIPS_signature@@3PAEA) fips_premain.obj : error LNK2001: unresolved external symbol void const * __cdecl FIPS_text_start(void) (?FIPS_text_start@@YAPBXXZ) fips_premain.obj : error LNK2001: unresolved external symbol unsigned int __cdecl FIPS_incore_fingerprint(unsigned char *,unsigned int) (?FIPS_incore_fingerprint@@YAIPAEI@Z) What linker errors do you get? It looks like you are not compiling fips_premain.c (that's where those symbols are allocated storage). Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
fipslink
Does anyone have a windows make file that uses fipslink to build an executable that they can forward to me? Alternatively a Visual Studio project that uses that would also help? The smaller and simpler the project the better. I'm trying to build a windows executable that uses the fips libraries and I think I'm not using this utility correctly. I'm stuck with linker errors. Thanks, -Jon Evers Live customer support is available 24/7/365 from the U.S. for all customers worldwide and locally in other countries. Find out more at www.go2vanguard.com. Enable Yourself Learn more about Vanguard zSecurity University training classes offered online, on-demand by request, or in a traditional classroom setting in cities worldwide. www.go2vanguard.com This e-mail and any attachments are intended solely for the use of the addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination of this e-mail or any attachments is strictly prohibited. If you have received this e-mail in error, please do not read this email, please delete all copies of this e-mail and any attachments and notify the sender immediately. Thank you.