On Wed, Jul 21, 2010 at 10:33, Jakob Bohm <jb-open...@wisemo.com> wrote: > On 21-07-2010 16:18, Bryan wrote: >> >> I am trying to build openssl 0.9.8o with the fips-1.2 source. I'm >> building it using cygwin as the interface, since I am trying to script >> this into an installation process. > > When building with Visual Studio, you are better off using a perl version > itself compiled as a native program (such as Strawberry perl > or ActiveState perl), and not putting CYGWIN on your path. >
Sorry, I failed to mention that I installed ActiveState Perl... and am using it. When I run "which perl" states "/cygdrive/c/Perl/bin/perl" which is where I installed ActivePerl. >> The cygwin interface is using >> Visual Studio 8 to build the source, using the cl.exe. After disabling >> cygwin's "link.exe", I was able to build the FIPS libraries, but when >> I try to build openssl with fips enabled, I receive an error. > > As discussed in another recent thread about the FIPS module, it is not > really intended to be built automatically. Any deviation from the very > specific *manual* procedure in the certification documents voids the > FIPS certification, making the exercise useless. > I just joined last night. I googled for the error message before joining, but I couldn't get a straight answer from yahoo/google that concerned openssl/fips that was within the last few years. Mayhaps I didn't search efficiently... So you are saying that you don't build the FIPS module first? You build OpenSSL with FIPS at the same time? We downloaded the separate "openssl-fips-1.2.tar.gz" and build it and then build openssl-0.9.8o.tar.gz. Back to the drawing board... I'll just back everything out... guess we read too much into the 140-2 doc... assumed that FIPS had to be build, and then build openssl pointing to the FIPS lib. >> >> We found the location of crypt32.lib and added that directory to the >> very beginning of our $PATH, but it does not appear to be working. > > Remember that with MS compilers, library directories need to be on the > path described by the environment variable "LIB", not the path > described by the environment variable "PATH" > I have no idea how MS compilers work. I am used to building using ONLY Unix (.configure && make && make install). Ultimately, I have to compile OpenSSH to create executables for windows. OpenSSL-fips is needed for our customers. I see a LIBPATH, and LIB when I do a "printenv" in cygwin. Can I permanently set this in my .bashrc? >> I >> thought that since we are using VS8, that we need the 8.0 SDK... and >> if that is the case, then we can deal with that... below is the >> output of the openssl build, with attempting to add FIPS support. >> > > The "Visual Studio SDK" is typically not needed for stuff like openssl. > That SDK is only for building Visual Studio plugins such as new toolbars > for the MSDEV GUI etc. > > The SDK that you need is the platform SDK for the targeted Windows version > (limited to those editions of the platform SDK which are compatible with > your version of VS). These days you would typically > use the "Windows Vista Platform SDK" with VS8 (aka Visual Studio 2005). > We are still using XP, and are doing our best to get our remaining form factor boxes off of Windows 2000. Our customer moves slowly... ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
