On Oct 24, 2011, at 1:01 AM, Bill Durant wrote:
> On Oct 5, 2011, at 12:15 PM, Dr. Stephen Henson wrote:
>> On Wed, Oct 05, 2011, Bill Durant wrote:
>>> On Oct 5, 2011, at 8:08 AM, Dr. Stephen Henson wrote:
>>>> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote:
>>>>> On 10/4/2011 10:45 PM, Bill Durant wrote:
>>>>>>
>>>>>> Does anyone know how to produce a FIPS-capable OpenSSL that works on
>>>>>> Windows NT?
>>>>>
>>>>> It's likely not possible...
>>>>>
>>>>>> But when I run it under Windows NT, I get the following run-time error:
>>>>>>
>>>>>> "The procedure entry point Module32NextW could not be located in the
>>>>>> dynamic link library KERNEL32.dll"
>>>>>
>>>>> If you use the equivalent of nm against the fipscanister.lib, I'd expect
>>>>> you'll find the binding there.
>>>>>
>>>>> I see no reason the team would accommodate this in OpenSSL/FIPS 2.0,
>>>>> though.
>>>>> Support for Windows NT 4.xx ended on December 31, 2004. Support for
>>>>> Windows
>>>>> 2000 ended on July 13, 2010. So updating "security" or cryptographic
>>>>> software
>>>>> validation for such systems is something of an oxymoron.
>>>>
>>>> I'd suggest the OP try to build the 2.0 test module and run
>>>> fips_test_suite on
>>>> NT as it may work. A lot of the platform specific code has been removed
>>>> from
>>>> the 2.0 module design.
>>>
>>> Thank you everyone for the comments so far.
>>>
>>> What is the 2.0 test module? Does it mean to build openssl-fips-1.2.tar.gz?
>>>
>>
>> For the upcoming 2.0 validation test snapshots are available. You can see
>> them at: ftp://ftp.openssl.org/snapshot/
>>
>> Steve.
>> --
>> Dr Stephen N. Henson. OpenSSL project core developer.
>> Commercial tech support now available see: http://www.openssl.org
>
>
> Hello Steve:
>
> I downloaded ftp://openssl.org/snapshot/openssl-fips-2.0-test-20111023.tar.gz
> and http://openssl.org/source/openssl-0.9.8r.tar.gz.
>
> I am getting the following compile errors. Any ideas on what I am doing
> wrong?
>
> C:\> cd openssl-fips-2.0-test-20111023
> C:\> ms\do_fips no-asm
> ...
> ...
> ***************************
> ****FIPS BUILD SUCCESS*****
> ***************************
>
> C:\> cd ..\openssl-0.9.8r
>
> C:\> perl Configure VC-WIN32 fips
> --with-fipslibdir=..\openssl-fips-2.0-test-20111023\out32dll
> --prefix=..\openssl-0.9.8r-fips-static no-idea no-mdc2 no-rc5 no-asm
> ...
> ...
>
> C:\> ms\do_nasm
> ...
> ...
> C:\> nmake -f ms\nt.mak
> Generating x86 for NASM assember
> Bignum
> AES
> ...
> ...
> Copying: ./ssl/dtls1.h to inc32/openssl/dtls1.h perl util/copy.pl
> ".\ssl\kssl.h" "inc32\openssl\kssl.h"Copying: ./ssl/kssl.h to
> inc32/openssl/kssl.h cl /Fotmp32\fips_standalone_sha1.obj -Iinc32 -Itmp32
> /MT /Ox /O2 /Ob2 /W3 /W
> X /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN
> -DL_ENDIAN
> -DDSO_WIN32 -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE /Fdout32
> -DOPENSSL_NO_IDEA -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5
> -DOPENSSL
> _NO_MDC2 -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG
> -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_DYNAMIC_ENGINE /Zl -c
> .\fips\sha\fips_standalon
> e_sha1.cfips_standalone_sha1.c
> link /nologo /subsystem:console /opt:ref
> /out:out32\fips_standalone_sha1.exe
> @C:\Users\bdurant\AppData\Local\Temp\nm257.tmp
> fips_standalone_sha1.obj : error LNK2019: unresolved external symbol
> _SHA1_Final referenced in function _hmac_init
> fips_standalone_sha1.obj : error LNK2019: unresolved external symbol
> _SHA1_Update referenced in function _hmac_init
> fips_standalone_sha1.obj : error LNK2019: unresolved external symbol
> _SHA1_Init referenced in function _hmac_init
> fips_standalone_sha1.obj : error LNK2019: unresolved external symbol __chkstk
> referenced in function _hmac_init
> fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _fwrite
> referenced in function _main
> fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _perror
> referenced in function _main
> fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _printf
> referenced in function _main
> fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _fread
> referenced in function _main
> fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _fopen
> referenced in function _main
> fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _exit
> refer
> enced in function _main
> fips_standalone_sha1.obj : error LNK2019: unresolved external symbol _fprintf
> re
> ferenced in function _main
> fips_standalone_sha1.obj : error LNK2019: unresolved external symbol __iob
> refer
> enced in function _mainLINK : error LNK2001: unresolved external symbol
> _mainCRTStartup
> out32\fips_standalone_sha1.exe : fatal error LNK1120: 13 unresolved externals
> NMAKE : fatal error U1077: 'link' : return code '0x460'
> Stop.
>
> Thanks,
>
> Bill
And BTW, fips_test_suite.exe works fine on Windows NT after copying
msvrc71.dll.
C:\> fips_test_suite.exe
...
...
DRBG P-521 SHA512 test started
DRBG P-521 SHA512 test OK
DRBG P-521 SHA512 test started
DRBG P-521 SHA512 test OK
DRBG P-521 SHA512 test started
DRBG P-521 SHA512 test OK
DRBG P-521 SHA512 test started
DRBG P-521 SHA512 test OK
DRBG P-521 SHA512 test started
DRBG P-521 SHA512 test OK
successful as expected
All tests completed with 0 errors
C:]>
But how can I produce a FIPS-capable OpenSSL from
ftp://openssl.org/snapshot/openssl-fips-2.0-test-20111023.tar.gz that works on
Windows NT?
Thanks!
Bill
>
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List openssl-users@openssl.org
>> Automated List Manager majord...@openssl.org
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
