Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Building fips enabled openssl using cygwin
78 views
Skip to first unread message
Joy Leima
Jan 10, 2013, 12:29:09 PM1/10/13
to
I am having trouble building a fips enabled/ capable version of openssl for windows. I had no trouble getting this working on Linux. I am not a windows developer and am only doing this as there is no one else in the company right now that is available.
I am using openssl-1.0.1c.tar.gz & openssl-fips-2.0.2.tar.gz.
The build environment is set up to use cygwin. I installed ActiveState perl so I got past the first link issue that I had.
Here is the commands I used to build from my .bat file running under cygwin:
cd %BUILDPATH%\..\..\common\grd\tntCommon\openssl\openssl-fips-2.0.2
SET FIPSDIR=%BUILDPATH%\..\..\common\grd\tntCommon\openssl\fips
call ms\do_fips
@cd %srcpath%\grd\tntcommon\openssl\openssl-1.0.1.c
perl Configure fips VC-WIN32
call ms\do_ms
nmake -f ms\ntdll.mak
------------------------------------------
The ms\do_fips resulted in a SUCCESS. The nmake had issues. Here is the last few lines.
Joy Leima
===============
....
cl /Fotmp32dll\fips_premain_dso.obj -DFINGERPRINT_PREMAIN_DSO_LOAD -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -IC:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/lib -D_WINDLL -c C:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips\lib\fips_premain.c
fips_premain.c
link /nologo /subsystem:console /opt:ref /debug /out:out32dll\fips_premain_dso.exe @"C:\Documents and Settings\Administrator\Local Settings\Temp\nmA6.tmp"
Creating library out32dll\fips_premain_dso.lib and object out32dll\fips_premain_dso.exp
LINK : warning LNK4089: all references to 'GDI32.dll' discarded by /OPT:REF
IF EXIST out32dll\fips_premain_dso.exe.manifest mt -nologo -manifest out32dll\fips_premain_dso.exe.manifest -outputresource:out32dll\fips_premain_dso.exe;1
SET FIPS_LINK=link
SET FIPS_CC=cl
SET FIPS_CC_ARGS=/Fotmp32dll\fips_premain.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -IC:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/lib -D_WINDLL -c
SET PREMAIN_DSO_EXE=out32dll\fips_premain_dso.exe
SET FIPS_SHA1_EXE=C:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips\bin\fips_standalone_sha1.exe
SET FIPS_TARGET=out32dll\libeay32.dll
SET FIPSLIB_D=C:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips\lib
perl C:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips\bin\fipslink.pl /nologo /subsystem:console /opt:ref /debug /dll /map /base:0xFB00000 /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def @"C:\Documents and Settings\Administrator\Local Settings\Temp\nmAC.tmp"
Integrity check OK
cl /Fotmp32dll\fips_premain.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -IC:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/lib -D_WINDLL -c C:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips\lib/fips_premain.c
fips_premain.c
link /nologo /subsystem:console /opt:ref /debug /dll /map /base:0xFB00000 /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def @C:\Documents and Settings\Administrator\Local Settings\Temp\nmAC.tmp
LINK : warning LNK4044: unrecognized option '/-----'; ignored
LINK : fatal error LNK1117: syntax error in option ''
First stage Link failure at C:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips\bin\fipslink.pl line 55.
NMAKE : fatal error U1077: 'perl' : return code '0x5d'
Stop.
I am using openssl-1.0.1c.tar.gz & openssl-fips-2.0.2.tar.gz.
The build environment is set up to use cygwin. I installed ActiveState perl so I got past the first link issue that I had.
Here is the commands I used to build from my .bat file running under cygwin:
cd %BUILDPATH%\..\..\common\grd\tntCommon\openssl\openssl-fips-2.0.2
SET FIPSDIR=%BUILDPATH%\..\..\common\grd\tntCommon\openssl\fips
call ms\do_fips
@cd %srcpath%\grd\tntcommon\openssl\openssl-1.0.1.c
perl Configure fips VC-WIN32
call ms\do_ms
nmake -f ms\ntdll.mak
------------------------------------------
The ms\do_fips resulted in a SUCCESS. The nmake had issues. Here is the last few lines.
Joy Leima
===============
....
cl /Fotmp32dll\fips_premain_dso.obj -DFINGERPRINT_PREMAIN_DSO_LOAD -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -IC:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/lib -D_WINDLL -c C:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips\lib\fips_premain.c
fips_premain.c
link /nologo /subsystem:console /opt:ref /debug /out:out32dll\fips_premain_dso.exe @"C:\Documents and Settings\Administrator\Local Settings\Temp\nmA6.tmp"
Creating library out32dll\fips_premain_dso.lib and object out32dll\fips_premain_dso.exp
LINK : warning LNK4089: all references to 'GDI32.dll' discarded by /OPT:REF
IF EXIST out32dll\fips_premain_dso.exe.manifest mt -nologo -manifest out32dll\fips_premain_dso.exe.manifest -outputresource:out32dll\fips_premain_dso.exe;1
SET FIPS_LINK=link
SET FIPS_CC=cl
SET FIPS_CC_ARGS=/Fotmp32dll\fips_premain.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -IC:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/lib -D_WINDLL -c
SET PREMAIN_DSO_EXE=out32dll\fips_premain_dso.exe
SET FIPS_SHA1_EXE=C:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips\bin\fips_standalone_sha1.exe
SET FIPS_TARGET=out32dll\libeay32.dll
SET FIPSLIB_D=C:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips\lib
perl C:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips\bin\fipslink.pl /nologo /subsystem:console /opt:ref /debug /dll /map /base:0xFB00000 /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def @"C:\Documents and Settings\Administrator\Local Settings\Temp\nmAC.tmp"
Integrity check OK
cl /Fotmp32dll\fips_premain.obj -Iinc32 -Itmp32dll /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -IC:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips/include -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/lib -D_WINDLL -c C:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips\lib/fips_premain.c
fips_premain.c
link /nologo /subsystem:console /opt:ref /debug /dll /map /base:0xFB00000 /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def @C:\Documents and Settings\Administrator\Local Settings\Temp\nmAC.tmp
LINK : warning LNK4044: unrecognized option '/-----'; ignored
LINK : fatal error LNK1117: syntax error in option ''
First stage Link failure at C:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips\bin\fipslink.pl line 55.
NMAKE : fatal error U1077: 'perl' : return code '0x5d'
Stop.
Memmott, Lester
Jan 14, 2013, 3:48:59 PM1/14/13
to
Regarding (from Joy Leima):
I am using openssl-1.0.1c.tar.gz & openssl-fips-2.0.2.tar.gz.
…
The ms\do_fips resulted in a SUCCESS. The nmake had issues. Here is the
last few lines.
The error:
link /nologo /subsystem:console /opt:ref /debug /dll /map /base:0xFB00000
/out:out32dll\libeay32.dll /def:ms/LIBEAY32.def @C:\Documents and
Settings\Administrator\Local Settings\Temp\nmAC.tmp
LINK : warning LNK4044: unrecognized option '/-----'; ignored
LINK : fatal error LNK1117: syntax error in option ''
First stage Link failure at
C:\workspace\CID_Windows_TRUNK\vmsight\probe\common\build\..\..\common\grd\tntCommon\openssl\fips\bin\fipslink.pl
line 55.
NMAKE : fatal error U1077: 'perl' : return code '0x5d'
Stop.
You might look in the file nmAC.tmp listed in your output to see if you find any problems with it. I would assume that bad syntax is in there and might give you an idea where to apply the fix.
Also, what tools are you using to build openssl & the fips module? Visual Studio? What version?
Thanks,
Lester
0 new messages