>>What version of VC++ are you using? We are using Visual Studio 2010 Professional SP1 + security Hotfixes Version 10.0.40219.1 SP1Rel FYI -- We are using the older compiler because VS 2010 is what was used for the FIPS evaluations.
I tired setting the FIPSDIR environment variable, building the FIPS object module, and then trying to build the FIPS capable OpenSSL, however it failed exactly the same. __________________________________ On a minor note, now, as previously, when I tried using the --with-fipsdir option, the build fails quite early because it cannot find the fipscanister.lib. I followed the instructions in The User Guide for OpenSSL FIPS Object Module v2.0: 4.3.2 Installing and Protecting the FIPS Object Module The system administrator should install the generated fipscanister.lib, fipscanister.lib.sha1, and fips_premain.c files in a location protected by the host operating system security features. ... 4.3.3 Building a FIPS Capable OpenSSL ... do: perl Configure VC-WIN32 fips --with-fipsdir=c:\fips\path where "c:\fips\path" is wherever the FIPS module from the first stage was installed. ... However, the build is expecting fipscanister.lib to be in a "lib" subdirectory, off of the specified fipsdir path, which is contrary to the instructions above. When I first ran into this issue, I figured out (from the make files) that if I used the fipslibdir instead of fipsdir, then the build would work. Thanks, Carl -----Original Message----- From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Thursday, December 03, 2015 7:57 PM To: openssl-dev@openssl.org Subject: Re: [openssl-dev] Windows x86_64 build broken -- RE: [openssl-users] OpenSSL version 1.0.1q released (corrected download) On Fri, Dec 04, 2015, Carl Tietjen wrote: > Folks, > > It looks like the Windows x86_64 build for OpenSSL version 1.0.1q is broken. > > > I am building a FIPS capable version, and have verified that I have the > corrected download build: SHA1 checksum: > c65a7bec49b72092d7ebb97a263c496cc1e1d6af > FYI - I have successfully built on 3 Linux platforms with this tar file. > > Build steps: > 1) perl Configure VC-WIN64A fips > --with-fipslibdir=c:\FIPS\openssl-fips-ecp-2.0.9 no-ec2m no-idea no-mdc2 > no-rc5 > 2) ms\do_win64a > 3) nmake -f ms\nt.mak > ... > NMAKE : fatal error U1073: don't know how to make 'tmp32\applink.obj' > > ____________ > > It looks like the nt.mak file ends up different than the one from 1.0.1p. The > relevant changes are: > > 1.0.1p: > ... > $(PREMAIN_DSO_EXE): $(OBJ_D)\$(E_PREMAIN_DSO).obj $(CRYPTOOBJ) > $(O_FIPSCANISTER) > $(LINK) $(LFLAGS) /out:$(PREMAIN_DSO_EXE) @<< > $(EX_LIBS) $(OBJ_D)\$(E_PREMAIN_DSO).obj $(CRYPTOOBJ) $(O_FIPSCANISTER) > $(EX_LIBS) > ... > > 1.0.1q > $(PREMAIN_DSO_EXE): $(OBJ_D)\$(E_PREMAIN_DSO).obj $(CRYPTOOBJ) > $(O_FIPSCANISTER) $(OBJ_D)\applink.obj > $(LINK) $(LFLAGS) /out:$(PREMAIN_DSO_EXE) @<< > $(EX_LIBS) $(OBJ_D)\applink.obj $(OBJ_D)\$(E_PREMAIN_DSO).obj > $(CRYPTOOBJ) $(O_FIPSCANISTER) $(EX_LIBS) > > _______________ > > I have tried to find any changes in the perl scripts that would cause this > change, but have been unsuccessful so far. > > Thanks in advance for any help > That update was to fix a linker error in some versions of VC++. I just tried that on the latest 1.0.1 branch and can't reproduce your problem. What version of VC++ are you using? However you need to use --with-fipsdir not --with-fipslibdir and it need to point to wherever the FIPS module was installed, not the source directory. Alternatively you can set the FIPSDIR environment variable before building the FIPS module and it will be installed to that location and the FIPS capable OpenSSL will use that without the need to use --with-fipsdir. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
