On Oct 24, 2011, at 1:01 AM, Bill Durant wrote: > On Oct 5, 2011, at 12:15 PM, Dr. Stephen Henson wrote: >> On Wed, Oct 05, 2011, Bill Durant wrote: >>> On Oct 5, 2011, at 8:08 AM, Dr. Stephen Henson wrote: >>>> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote: >>>>> On 10/4/2011 10:45 PM, Bill Durant wrote: >>>>>> >>>>>> Does anyone know how to produce a FIPS-capable OpenSSL that works on >>>>>> Windows NT? >>>>> >>>>> It's likely not possible... >>>>> >>>>>> But when I run it under Windows NT, I get the following run-time error: >>>>>> >>>>>> "The procedure entry point Module32NextW could not be located in the >>>>>> dynamic link library KERNEL32.dll" >>>>> >>>>> If you use the equivalent of nm against the fipscanister.lib, I'd expect >>>>> you'll find the binding there. >>>>> >>>>> I see no reason the team would accommodate this in OpenSSL/FIPS 2.0, >>>>> though. >>>>> Support for Windows NT 4.xx ended on December 31, 2004. Support for >>>>> Windows >>>>> 2000 ended on July 13, 2010. So updating "security" or cryptographic >>>>> software >>>>> validation for such systems is something of an oxymoron. >>>> >>>> I'd suggest the OP try to build the 2.0 test module and run >>>> fips_test_suite on >>>> NT as it may work. A lot of the platform specific code has been removed >>>> from >>>> the 2.0 module design. >>> >>> Thank you everyone for the comments so far. >>> >>> What is the 2.0 test module? Does it mean to build openssl-fips-1.2.tar.gz? >>> >> >> For the upcoming 2.0 validation test snapshots are available. You can see >> them at: ftp://ftp.openssl.org/snapshot/ >> >> Steve. >> -- >> Dr Stephen N. Henson. OpenSSL project core developer. >> Commercial tech support now available see: http://www.openssl.org > > > Hello Steve: > > I downloaded ftp://openssl.org/snapshot/openssl-fips-2.0-test-20111023.tar.gz > and http://openssl.org/source/openssl-0.9.8r.tar.gz. > > I am getting the following compile errors. Any ideas on what I am doing > wrong? > > C:\> cd openssl-fips-2.0-test-20111023 > C:\> ms\do_fips no-asm > ... > ... > *************************** > ****FIPS BUILD SUCCESS***** > *************************** > > C:\> cd ..\openssl-0.9.8r > > C:\> perl Configure VC-WIN32 fips > --with-fipslibdir=..\openssl-fips-2.0-test-20111023\out32dll > --prefix=..\openssl-0.9.8r-fips-static no-idea no-mdc2 no-rc5 no-asm > ... > ... > > C:\> ms\do_nasm > ... > ... > C:\> nmake -f ms\nt.mak > Generating x86 for NASM assember > Bignum > AES > ... > ... > Copying: ./ssl/dtls1.h to inc32/openssl/dtls1.h perl util/copy.pl > ".\ssl\kssl.h" "inc32\openssl\kssl.h"Copying: ./ssl/kssl.h to > inc32/openssl/kssl.h cl /Fotmp32\fips_standalone_sha1.obj -Iinc32 -Itmp32 > /MT /Ox /O2 /Ob2 /W3 /W > X /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN > -DL_ENDIAN > -DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE /Fdout32 > -DOPENSSL_NO_IDEA -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 > -DOPENSSL > _NO_MDC2 -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG > -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_DYNAMIC_ENGINE /Zl -c > .\fips\sha\fips_standalon > e_sha1.cfips_standalone_sha1.c > link /nologo /subsystem:console /opt:ref > /out:out32\fips_standalone_sha1.exe > @C:\Users\bdurant\AppData\Local\Temp\nm257.tmp > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol > _SHA1_Final referenced in function _hmac_init > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol > _SHA1_Update referenced in function _hmac_init > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol > _SHA1_Init referenced in function _hmac_init > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol __chkstk > referenced in function _hmac_init > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _fwrite > referenced in function _main > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _perror > referenced in function _main > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _printf > referenced in function _main > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _fread > referenced in function _main > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _fopen > referenced in function _main > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _exit > refer > enced in function _main > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _fprintf > re > ferenced in function _main > fips_standalone_sha1.obj : error LNK2019: unresolved external symbol __iob > refer > enced in function _mainLINK : error LNK2001: unresolved external symbol > _mainCRTStartup > out32\fips_standalone_sha1.exe : fatal error LNK1120: 13 unresolved externals > NMAKE : fatal error U1077: 'link' : return code '0x460' > Stop. > > Thanks, > > Bill
And BTW, fips_test_suite.exe works fine on Windows NT after copying msvrc71.dll. C:\> fips_test_suite.exe ... ... DRBG P-521 SHA512 test started DRBG P-521 SHA512 test OK DRBG P-521 SHA512 test started DRBG P-521 SHA512 test OK DRBG P-521 SHA512 test started DRBG P-521 SHA512 test OK DRBG P-521 SHA512 test started DRBG P-521 SHA512 test OK DRBG P-521 SHA512 test started DRBG P-521 SHA512 test OK successful as expected All tests completed with 0 errors C:]> But how can I produce a FIPS-capable OpenSSL from ftp://openssl.org/snapshot/openssl-fips-2.0-test-20111023.tar.gz that works on Windows NT? Thanks! Bill > >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org