RE: FIPS-Capable openssl-1.0.1h Targeted to XP: Unable to Build

Fri, 01 Aug 2014 14:31:39 -0700 

Tom:
Thanks for the quick response (I'm "under the gun"):
1.  The XP SP3 box I'm working on has ActivePerl 5.10.0, an old release 
(2008?), which was suitable for building openssl-0.9.8l at the time.  Of 
course, it's easy to install a newer version it there's a requirement to do so.
2.  Given the message written at the end of the Configure output, I assumed 
only a static build could be accomplished.  Regardless, I'll attend to your 
notes.

Thanks.
-----------------------------------------------------------------------------
Tom Francis wrote:

Which perl is used?  I know a lot of people around there run cygwin, but if you 
want to build opens with VS2008, you need to be sure that ActivePerl is the 
perl in use, otherwise there are subtle bugs.  If you don't have ActivePerl, 
you might try asking Jim Roos or Tim Heeg, about a project I worked on for them 
last year (as a contractor).  That project didn't build OpenSSL for FIPS 140, 
but the read me file for the project includes a URL for downloading ActivePerl. 
:)

Also, if you want to build shared libraries of OpenSSL, you should use the 
ntdll.mak file, not nt.mak, and finally, you should make doubly-sure that /MD 
or /MT is set correctly in whichever makefile you use, to match how you link 
your product (obviously that doesn't affect getting the openssl library 
compiled, but you don't want to get it compiled just to get link errors in your 
final project. :) ).

TOM
-----------------------------------------------------------------------------

-----Original Message-----
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Welling, Gerhart G.
Sent: Wednesday, July 30, 2014 4:49 PM
To: openssl-users@openssl.org
Subject: FIPS-Capable openssl-1.0.1h Targeted to XP: Unable to Build

I am unable to build fips-capable openssl-1.0.1h using VS 2008 (+ 2003 SDK) on 
XP SP3 (Our product - which links to libcurl+openssl dlls - is still used on 
some XP and Server 2003 platforms.)  The build phase fails at what appears to 
be the beginning of linking, but, I haven't been able to decipher what the 
problem is (I tried setting /verbose for link, but after perusal of the 
relevant linking-related Microsoft webpages, couldn't figure out what it was 
trying to tell me.)  I need advice {the}{sooner,better}.

The openssl-fips-2.0.5 (ms\do_fips no-asm) builds successfully and installs to 
C:\usr\local\ssl\fips-2.0.  However, openssl-1.0.1h fails to build as the 
following excerpts may explain.  The "shared" issue is, of course, suspect, 
but, the Configure output indicates it's handled.

Note: The excerpts are cut and pasted from output files generated by a shell 
script that simply executes that commands and redirects output to 
appropriately-named files while adding some start and end information like the 
time.

1. CONFIGURE OUTPUT ----------------------------------------------

14:04:43.96
CfgCmdline: perl Configure VC-WIN32 fips 
--with-fipslibdir=C:/E2E/WDC-3.0.1/wdc_file_xfer/openssl-fips-2.0.5/out32dll 
shared no-zlib

Configuring for VC-WIN32
    no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
    no-gmp          [default]  OPENSSL_NO_GMP (skip dir)
    no-jpake        [experimental] OPENSSL_NO_JPAKE (skip dir)
    no-krb5         [krb5-flavor not specified] OPENSSL_NO_KRB5
    no-md2          [default]  OPENSSL_NO_MD2 (skip dir)
    no-rc5          [default]  OPENSSL_NO_RC5 (skip dir)
    no-rfc3779      [default]  OPENSSL_NO_RFC3779 (skip dir)
    no-rsax         [forced]   OPENSSL_NO_RSAX (skip dir)
    no-sctp         [default]  OPENSSL_NO_SCTP (skip dir)
    no-store        [experimental] OPENSSL_NO_STORE (skip dir)
    no-zlib         [option]
    no-zlib-dynamic [default]
IsMK1MF=1
CC            =cl
CFLAG         =-DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo 
-DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN 
-D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I$(FIPSDIR)/include -DSHA1_ASM 
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM 
-DWHIRLPOOL_ASM -DGHASH_ASM
EX_LIBS       =
CPUID_OBJ     =x86cpuid.o
BN_ASM        =bn-586.o co-586.o x86-mont.o x86-gf2m.o
DES_ENC       =des-586.o crypt586.o
AES_ENC       =aes-586.o vpaes-x86.o aesni-x86.o
BF_ENC        =bf-586.o
CAST_ENC      =c_enc.o
RC4_ENC       =rc4-586.o
RC5_ENC       =rc5-586.o
MD5_OBJ_ASM   =md5-586.o
SHA1_OBJ_ASM  =sha1-586.o sha256-586.o sha512-586.o
RMD160_OBJ_ASM=rmd-586.o
CMLL_ENC      =cmll-x86.o
MODES_OBJ     =ghash-x86.o
ENGINES_OBJ   =
PROCESSOR     =
RANLIB        =true
ARFLAGS       =
PERL          =perl
THIRTY_TWO_BIT mode
BN_LLONG mode
RC4_INDEX mode
RC4_CHUNK is undefined

Configured for VC-WIN32.

You gave the option 'shared'.  Normally, that would give you shared libraries. 
Unfortunately, the OpenSSL configuration doesn't include shared library support 
for this platform yet, so it will pretend you gave the option 'no-shared'.  If 
you can inform the developpers (openssl-dev\@openssl.org) how to support shared 
libraries on this platform, they will at least look at it and try their best 
(but please first make sure you have tried with a current version of OpenSSL).

14:04:44.10


2. ASSEMBLE OUTPUT -----------------------------------------------

16:03:13.18
start /b /wait cmd /c C:\E2E\WDC-3.0.1\wdc_file_xfer\openssl-1.0.1h\ms\do_nasm

16:03:13.25    C:\E2E\WDC-3.0.1\wdc_file_xfer\openssl-1.0.1h
==>perl util\mkfiles.pl  1>MINFO
16:03:13.34    C:\E2E\WDC-3.0.1\wdc_file_xfer\openssl-1.0.1h
==>perl util\mk1mf.pl nasm VC-WIN32  1>ms\nt.mak
16:03:14.18    C:\E2E\WDC-3.0.1\wdc_file_xfer\openssl-1.0.1h
==>perl util\mk1mf.pl dll nasm VC-WIN32  1>ms\ntdll.mak
16:03:14.96    C:\E2E\WDC-3.0.1\wdc_file_xfer\openssl-1.0.1h
==>perl util\mk1mf.pl nasm BC-NT  1>ms\bcb.mak
16:03:15.73    C:\E2E\WDC-3.0.1\wdc_file_xfer\openssl-1.0.1h
==>perl util\mkdef.pl 32 libeay  1>ms\libeay32.def
16:03:17.01    C:\E2E\WDC-3.0.1\wdc_file_xfer\openssl-1.0.1h
==>perl util\mkdef.pl 32 ssleay  1>ms\ssleay32.def

16:03:18.18


3. MAKE OUTPUT ---------------------------------------------------

16:03:25.14
TitleSuffix: PSDKforSvr2003R2 /XP32 /RETAIL
MakeCmdline: nmake /f ms\nt.mak

Microsoft (R) Program Maintenance Utility   Version 7.00.8882
Copyright (C) Microsoft Corp 1988-2000. All rights reserved.

Building OpenSSL
      perl util/copy.pl ".\.\e_os.h" "tmp32\e_os.h"
Copying: ././e_os.h to tmp32/e_os.h

... [TEXT REMOVED] ...

      cl /Fotmp32\openssl.obj -DMONOLITH -Iinc32 -Itmp32 /MD /Ox /O2 /Ob2 
-DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE 
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_GF2m -I\usr\local\ssl\fips-2.0/include -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM 
-DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS 
-DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zi /Fdtmp32/app -c 
.\apps\openssl.c
openssl.c
      SET FIPS_LINK=link
      SET FIPS_CC=cl
      SET FIPS_CC_ARGS=/Fotmp32\fips_premain.obj -Iinc32 -Itmp32 /MD /Ox /O2 
/Ob2 -DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo 
-DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN 
-D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -I\usr\local\ssl\fips-2.0/include 
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM 
-DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 
-DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE 
/Zl /Zi /Fdtmp32/lib  -c
      SET PREMAIN_DSO_EXE=
      SET FIPS_TARGET=out32\openssl.exe
      SET FIPS_SHA1_EXE=\usr\local\ssl\fips-2.0\bin\fips_standalone_sha1.exe
      SET FIPSLIB_D=\usr\local\ssl\fips-2.0\lib
      perl \usr\local\ssl\fips-2.0\bin\fipslink.pl /nologo /subsystem:console 
/opt:ref /debug /fixed /map /out:out32\openssl.exe @"C:\DOCUME~1\wellingc\Local 
Settings\Temp\nm286.tmp"
Integrity check OK
cl /Fotmp32\fips_premain.obj -Iinc32 -Itmp32 /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS 
 -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 
-DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE 
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_GF2m -I\usr\local\ssl\fips-2.0/include -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM 
-DGHASH_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS 
-DOPENSSL_NO_JPAKE -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib  -c 
\usr\local\ssl\fips-2.0\lib/fips_premain.c
link /nologo /subsystem:console /opt:ref /debug /fixed /map 
/out:out32\openssl.exe @C:\DOCUME~1\wellingc\Local Settings\Temp\nm286.tmp
First stage Link failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 55
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to