Re: building openssl-fips-1.2 on windows with cygwin fails.

Wed, 21 Jul 2010 08:48:53 -0700 

On 21-07-2010 16:18, Bryan wrote:

I am trying to build openssl 0.9.8o with the fips-1.2 source.  I'm
building it using cygwin as the interface, since I am trying to script
this into an installation process.



When building with Visual Studio, you are better off using a perl 
version itself compiled as a native program (such as Strawberry perl

or ActiveState perl), and not putting CYGWIN on your path.


 The cygwin interface is using
Visual Studio 8 to build the source, using the cl.exe. After disabling
cygwin's "link.exe", I was able to build the FIPS libraries, but when
I try to build openssl with fips enabled, I receive an error.



As discussed in another recent thread about the FIPS module, it is not 
really intended to be built automatically.  Any deviation from the very

specific *manual* procedure in the certification documents voids the
FIPS certification, making the exercise useless.



We found the location of crypt32.lib and added that directory to the
very beginning of our $PATH, but it does not appear to be working.

Remember that with MS compilers, library directories need to be on the
path described by the environment variable "LIB", not the path
described by the environment variable "PATH"


 I
thought that since we are using VS8, that we need the 8.0 SDK...  and
if that is the case, then we can deal with that...  below is the
output of the openssl build, with attempting to add FIPS support.




The "Visual Studio SDK" is typically not needed for stuff like openssl. 
 That SDK is only for building Visual Studio plugins such as new 
toolbars for the MSDEV GUI etc.



The SDK that you need is the platform SDK for the targeted Windows 
version (limited to those editions of the platform SDK which are 
compatible with your version of VS).  These days you would typically

use the "Windows Vista Platform SDK" with VS8 (aka Visual Studio 2005).



I appreciate any help...  thank you...

Regards,
Bryan

Here is the output:

bbr...@iava-dev-0% perl Configure VC-WIN32 no-asm fips
--with-fipslibdir=f:/TRUNK/UPDATES/Linux/FIPS_SSL/openssl-fips-1.2/out32dll
Configuring for VC-WIN32
     no-asm          [option]   OPENSSL_NO_ASM
     no-camellia     [default]  OPENSSL_NO_CAMELLIA (skip dir)
     no-capieng      [default]  OPENSSL_NO_CAPIENG (skip dir)
     no-cms          [default]  OPENSSL_NO_CMS (skip dir)
     no-gmp          [default]  OPENSSL_NO_GMP (skip dir)
     no-jpake        [experimental] OPENSSL_NO_JPAKE (skip dir)
     no-krb5         [krb5-flavor not specified] OPENSSL_NO_KRB5
     no-mdc2         [default]  OPENSSL_NO_MDC2 (skip dir)
     no-montasm      [default]
     no-rc5          [default]  OPENSSL_NO_RC5 (skip dir)
     no-rfc3779      [default]  OPENSSL_NO_RFC3779 (skip dir)
     no-seed         [default]  OPENSSL_NO_SEED (skip dir)
     no-zlib         [default]
     no-zlib-dynamic [default]
IsMK1MF=1
CC            =cl
CFLAG         =-DOPENSSL_THREADS  -DDSO_WIN32
EX_LIBS       =
CPUID_OBJ     =
BN_ASM        =bn_asm.o
DES_ENC       =des_enc.o fcrypt_b.o
AES_ASM_OBJ   =aes_core.o aes_cbc.o
BF_ENC        =bf_enc.o
CAST_ENC      =c_enc.o
RC4_ENC       =rc4_enc.o rc4_skey.o
RC5_ENC       =rc5_enc.o
MD5_OBJ_ASM   =
SHA1_OBJ_ASM  =
RMD160_OBJ_ASM=
PROCESSOR     =
RANLIB        =true
ARFLAGS       =
PERL          =perl
THIRTY_TWO_BIT mode
BN_LLONG mode
RC4_INDEX mode
RC4_CHUNK is undefined

Configured for VC-WIN32.
bbr...@iava-dev-0%
bbr...@iava-dev-0% ms/do_ms.bat

f:\TRUNK\UPDATES\Linux\FIPS_SSL\openssl-0.9.8o>perl util\mkfiles.pl  1>MINFO

f:\TRUNK\UPDATES\Linux\FIPS_SSL\openssl-0.9.8o>perl util\mk1mf.pl
no-asm VC-WIN32  1>ms\nt.mak

f:\TRUNK\UPDATES\Linux\FIPS_SSL\openssl-0.9.8o>perl util\mk1mf.pl dll
no-asm VC-WIN32  1>ms\ntdll.mak

f:\TRUNK\UPDATES\Linux\FIPS_SSL\openssl-0.9.8o>if x == x goto skipce

f:\TRUNK\UPDATES\Linux\FIPS_SSL\openssl-0.9.8o>perl util\mkdef.pl 32
libeay  1>ms\libeay32.def

f:\TRUNK\UPDATES\Linux\FIPS_SSL\openssl-0.9.8o>perl util\mkdef.pl 32
ssleay  1>ms\ssleay32.def
bbr...@iava-dev-0% nmake -f ms/ntdll.mak

Microsoft (R) Program Maintenance Utility Version 8.00.50727.762
Copyright (C) Microsoft Corporation.  All rights reserved.

Building OpenSSL
         perl util/copy.pl ".\crypto\buildinf.h" "tmp32dll\buildinf.h"
Copying: ./crypto/buildinf.h to tmp32dll/buildinf.h
         perl util/copy.pl ".\crypto\opensslconf.h" 
"inc32\openssl\opensslconf.h"
Copying: ./crypto/opensslconf.h to inc32/openssl/opensslconf.h
         link /nologo /subsystem:console /opt:ref
/out:out32dll\fips_standalone_sha1.exe @c:\temp\nm1.tmp
LINK : fatal error LNK1181: cannot open input file 'crypt32.lib'
NMAKE : fatal error U1077: '"c:\Program Files\Microsoft Visual Studio
8\VC\BIN\link.EXE"' : return code '0x49d'
Stop.


To diagnose this, you need the contents of the temporary file
  "c:\temp\nm1.tmp"

There are special nmake options to prevent nmake from deleting that file 
on exit.



(The rest of your log should not have happened, your script should have
stopped when nmake had an exit code different from 0).

Try adding lines such as these

IF NOT ERRORLEVEL 0 GOTO FAILED
IF     ERRORLEVEL 1 GOTO FAILED


(The first line checks for exit codes in the range 0x80000000 to 
0xFFFFFFFF, the second one checks for exit codes in the range

0x00000001 to 0x7FFFFFFF)

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to