Thomas J. Hruska wrote:
Feel free to follow along with this e-mail:

http://www.slproweb.com/download/bad_openssl.zip

I just zipped up the contents of the 'out32dll' directory. What you see is what I've got in my out32dll directory. And now onto the main part of the e-mail.


This is my first time building FIPS but given that I generally know how to build pretty much anything OpenSSL, it probably isn't my fault (famous last words). The build process works fine up to this point:

out32dll\fips_premain_dso.exe out32dll\libeay32.dll
2348:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared library:.\crypto\dso\dso_win32.c:147:filename(out32dll\libeay32.dll) 2348:error:25070067:DSO support routines:DSO_load:could not load the shared library:.\crypto\dso\dso_lib.c:244:
Get hash failure at util\fipslink.pl line 48.
NMAKE : fatal error U1077: 'C:\Perl\bin\perl.EXE' : return code '0x1'
Stop.


Looking at fipslink.pl, it looks like the first line displayed is the executable/command run. Running that command directly, I get the two error messages after Windows displays this message box:

"Bad Image"
"The application or DLL C:\[path]\openssl-0.9.7m\out32dll\libeay32.dll is not a valid Windows image. Please check this against your installation diskette."


So, it is finding the DLL but refusing to load. It could be the fixed address issue and wanting to relocate, but using one of the tools I use, it is clear to me that something seriously hosed the file up somewhere along the line in the build process. There is a relocation table data directory entry but no relocation table (appears to be intentional file truncation) and a missing section. One of the tools I've used for years without problems is balking at the file. I'm not surprised that Windows isn't loading the DLL.


VC++ 2008 Professional (not SP1)
Windows XP SP2
FIPS 1.1.2 w/ OpenSSL 0.9.7m
fipscanister.o and other files reside on a CD-R (drive e:) built against the MSYS instructions in the User Guide for 1.1.1.
perl Configure VC-WIN32 fips --with-fipslibdir=e:/
Beyond that, regular build process using NASM (latest).
Fresh 0.9.7m and FIPS 1.1.2 files, cross-referenced against the MD5 and SHA-1 hashes on the site (which, BTW, the website links are broken, I had to go through FTP).


Additional tests:

While paused at the message box, I ran a little tool I wrote many years ago:

Process ID: 2904
Module ID = 00400000, Module Name = FIPS_PREMAIN_DSO.EXE, Module Filename = c:\cfiles\projects\winssl\openssl-0.9.7m\out32dll\FIPS_PREMAIN_DSO.EXE Module ID = 7C900000, Module Name = ntdll.dll, Module Filename = C:\WINDOWS\system32\ntdll.dll Module ID = 7C800000, Module Name = kernel32.dll, Module Filename = C:\WINDOWS\system32\kernel32.dll Module ID = 08370000, Module Name = depends.dll, Module Filename = C:\PROGRA~1\MIAF9D~1\Common\Tools\depends.dll Module ID = 77DD0000, Module Name = ADVAPI32.dll, Module Filename = C:\WINDOWS\system32\ADVAPI32.dll Module ID = 77E70000, Module Name = RPCRT4.dll, Module Filename = C:\WINDOWS\system32\RPCRT4.dll Module ID = 77FE0000, Module Name = Secur32.dll, Module Filename = C:\WINDOWS\system32\Secur32.dll Module ID = 71AD0000, Module Name = WSOCK32.dll, Module Filename = C:\WINDOWS\system32\WSOCK32.dll Module ID = 71AB0000, Module Name = WS2_32.dll, Module Filename = C:\WINDOWS\system32\WS2_32.dll Module ID = 77C10000, Module Name = msvcrt.dll, Module Filename = C:\WINDOWS\system32\msvcrt.dll Module ID = 71AA0000, Module Name = WS2HELP.dll, Module Filename = C:\WINDOWS\system32\WS2HELP.dll Module ID = 7E410000, Module Name = USER32.dll, Module Filename = C:\WINDOWS\system32\USER32.dll Module ID = 77F10000, Module Name = GDI32.dll, Module Filename = C:\WINDOWS\system32\GDI32.dll Module ID = 78520000, Module Name = MSVCR90.dll, Module Filename = C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll Module ID = 76390000, Module Name = IMM32.DLL, Module Filename = C:\WINDOWS\system32\IMM32.DLL Module ID = 629C0000, Module Name = LPK.DLL, Module Filename = C:\WINDOWS\system32\LPK.DLL Module ID = 74D90000, Module Name = USP10.dll, Module Filename = C:\WINDOWS\system32\USP10.dll


No apparent base address conflicts with the loader and libeay32.dll (preferred base at the default 0x0FB00000).


Dependency Walker was running the app. at the time and showed the following output:

LoadLibraryA("out32dll\libeay32.dll") called from "FIPS_PREMAIN_DSO.EXE" at address 0x00412540. LoadLibraryA("out32dll\libeay32.dll") returned NULL. Error: %1 is not a valid Win32 application (193).

Needless to say, given the lack of response and further web searching reveals issues with older VC++ linkers core dumping(?) against the latest MinGW and I've already put forth 30+ hours (not counting the preparation time of several months!), two CD-Rs, and who knows how much money into an attempted production of a default OpenSSL FIPS 140-2 compliant binary build for Windows (complete with fancy installer), I'm going to simply hold off until 1.2.0 becomes available and then try again at that time. Mixing together binaries from two totally different compilers is not only a bad idea, it is a horrifically terrible idea. The fact that this supposedly works at all for some people is a miracle.

Supposedly, from what I've read, 1.2.0 doesn't require mixing compilers. That should significantly clean things up. Assuming, of course, "not mixing compilers" allows the use of VC++. If I have to use MinGW, I will be very annoyed. I'm also hoping I can compile against 0.9.8x instead of 0.9.7m.

Case closed.  For the time being.  I'm all OpenSSL'ed out.

--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL.
http://www.slproweb.com/


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to