Compiling FIPS-cable OpenSSL on Windows Server 2012R2

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Compiling FIPS-cable OpenSSL on Windows Server 2012R2

OpenSSL - User mailing list
I perused the list archives for all of 2018 and did not see anything current relating to this problem, so if this is a question that has been asked & answered, please feel free to point me at the relevant location to read about what I'm doing incorrectly. =)

I'm not at all familiar with Windows & compiling Open Source projects, but I am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module and OpenSSL 1.0.2q (NO FIPS) without issue.

When I try to compile OpenSSL with the FIPS canister, per the User Guide instructions, I end up with the following error.

        cl /Fotmp32dll\o_fips.obj  -Iinc32 -Itmp32dll /MD /Ox -DOPENSSL_THREADS
 -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN
-DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -Ic:\..\openssl-fips/
include -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO
_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_
CIPHERS -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/lib -D_WINDLL  -DOPENSSL_BUIL
D_SHLIBCRYPTO -c .\crypto\o_fips.c
o_fips.c
.\crypto\o_fips.c(61): fatal error C1083: Cannot open include file: 'openssl/fip
s.h': No such file or directory
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio\2017
\Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x86\cl.EXE"' : return code '0x2
'
Stop.


I am doing the following to compile FIPS:
cd c:\path\to\fips-source
ms\do_fips no-asm

I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed):
cd c:\path\to\openssl-source
nmake -f ms\ntdll.mak clean
nmake -f ms\nt.mak clean
perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source
ms\do_win64a no-asm
nmake -f ms\ntdll.mak


I feel like I'm missing something fundamental here and I know the User Guide says to install the FIPS files in a protected area. However, as I'm just building the source on this device, shouldn't I be able to to do the above and have it work?

Any help would be greatly appreciated.


Thanks,

Chris
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Compiling FIPS-cable OpenSSL on Windows Server 2012R2

OpenSSL - User mailing list
>
> On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users <[hidden email]> wrote:
>
> I perused the list archives for all of 2018 and did not see anything current relating to this problem, so if this is a question that has been asked & answered, please feel free to point me at the relevant location to read about what I'm doing incorrectly. =)
>
> I'm not at all familiar with Windows & compiling Open Source projects, but I am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module and OpenSSL 1.0.2q (NO FIPS) without issue.
>
> [snip]
>
>
> I am doing the following to compile FIPS:
> cd c:\path\to\fips-source
> ms\do_fips no-asm
>
> I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed):
> cd c:\path\to\openssl-source
> nmake -f ms\ntdll.mak clean
> nmake -f ms\nt.mak clean
> perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source
> ms\do_win64a no-asm
> nmake -f ms\ntdll.mak
>
> [snip]


Well, I managed to get the compile to move a bit further by copying "inc32" to "include", "util" to "bin", and "out32dll" to "lib" in the FIPS source directory, that I was including in --with-fipsdir= .

However, now I am getting the following error during the OpenSSL build process.


        cl /Fotmp32dll\fips_premain_dso.obj -DFINGERPRINT_PREMAIN_DSO_LOAD -Iinc
32 -Itmp32dll /MD /Ox -DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPEN
SSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_S
ECURE_NO_DEPRECATE -IC:\Users\cfernando\Downloads\ossl\ossl\openssl-fips/include
 -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -
DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS
 -DOPENSSL_NO_STATIC_ENGINE /Zi /Fdtmp32dll/app -c C:\Users\cfernando\Downloads\
ossl\ossl\openssl-fips\lib\fips_premain.c
fips_premain.c
        ml  /c ms\uptable.asm
Microsoft (R) Macro Assembler Version 14.16.27025.1
Copyright (C) Microsoft Corporation.  All rights reserved.

 Assembling: ms\uptable.asm
ms\uptable.asm(9) : error A2006:undefined symbol : rsp
ms\uptable.asm(10) : error A2006:undefined symbol : rsp
ms\uptable.asm(11) : error A2006:undefined symbol : rsp
ms\uptable.asm(12) : error A2006:undefined symbol : rsp
ms\uptable.asm(13) : error A2006:undefined symbol : rcx
ms\uptable.asm(14) : error A2006:undefined symbol : rdx
ms\uptable.asm(16) : error A2006:undefined symbol : rcx
ms\uptable.asm(17) : error A2006:undefined symbol : rdx
ms\uptable.asm(18) : error A2006:undefined symbol : r8
ms\uptable.asm(19) : error A2006:undefined symbol : r9
ms\uptable.asm(20) : error A2006:undefined symbol : rax
ms\uptable.asm(21) : error A2006:undefined symbol : rsp
ms\uptable.asm(22) : error A2006:undefined symbol : rax
ms\uptable.asm(29) : error A2006:undefined symbol : rsp
ms\uptable.asm(30) : error A2006:undefined symbol : rsp
ms\uptable.asm(31) : error A2006:undefined symbol : rsp
ms\uptable.asm(32) : error A2006:undefined symbol : rsp
ms\uptable.asm(33) : error A2006:undefined symbol : rcx
ms\uptable.asm(34) : error A2006:undefined symbol : rdx
ms\uptable.asm(36) : error A2006:undefined symbol : rcx
ms\uptable.asm(37) : error A2006:undefined symbol : rdx
ms\uptable.asm(38) : error A2006:undefined symbol : r8
ms\uptable.asm(39) : error A2006:undefined symbol : r9
ms\uptable.asm(40) : error A2006:undefined symbol : rax
ms\uptable.asm(41) : error A2006:undefined symbol : rsp
ms\uptable.asm(42) : error A2006:undefined symbol : rax
ms\uptable.asm(49) : error A2006:undefined symbol : rsp
ms\uptable.asm(50) : error A2006:undefined symbol : rsp
ms\uptable.asm(51) : error A2006:undefined symbol : rsp
ms\uptable.asm(52) : error A2006:undefined symbol : rsp
ms\uptable.asm(53) : error A2006:undefined symbol : rcx
ms\uptable.asm(54) : error A2006:undefined symbol : rdx
ms\uptable.asm(56) : error A2006:undefined symbol : rcx
ms\uptable.asm(57) : error A2006:undefined symbol : rdx
ms\uptable.asm(58) : error A2006:undefined symbol : r8
ms\uptable.asm(59) : error A2006:undefined symbol : r9
ms\uptable.asm(60) : error A2006:undefined symbol : rax
ms\uptable.asm(61) : error A2006:undefined symbol : rsp
ms\uptable.asm(62) : error A2006:undefined symbol : rax
ms\uptable.asm(69) : error A2006:undefined symbol : rsp
ms\uptable.asm(70) : error A2006:undefined symbol : rsp
ms\uptable.asm(71) : error A2006:undefined symbol : rsp
ms\uptable.asm(72) : error A2006:undefined symbol : rsp
ms\uptable.asm(73) : error A2006:undefined symbol : rcx
ms\uptable.asm(74) : error A2006:undefined symbol : rdx
ms\uptable.asm(76) : error A2006:undefined symbol : rcx
ms\uptable.asm(77) : error A2006:undefined symbol : rdx
ms\uptable.asm(78) : error A2006:undefined symbol : r8
ms\uptable.asm(79) : error A2006:undefined symbol : r9
ms\uptable.asm(80) : error A2006:undefined symbol : rax
ms\uptable.asm(81) : error A2006:undefined symbol : rsp
ms\uptable.asm(82) : error A2006:undefined symbol : rax
ms\uptable.asm(89) : error A2006:undefined symbol : rsp
ms\uptable.asm(90) : error A2006:undefined symbol : rsp
ms\uptable.asm(91) : error A2006:undefined symbol : rsp
ms\uptable.asm(92) : error A2006:undefined symbol : rsp
ms\uptable.asm(93) : error A2006:undefined symbol : rcx
ms\uptable.asm(94) : error A2006:undefined symbol : rdx
ms\uptable.asm(96) : error A2006:undefined symbol : rcx
ms\uptable.asm(97) : error A2006:undefined symbol : rdx
ms\uptable.asm(98) : error A2006:undefined symbol : r8
ms\uptable.asm(99) : error A2006:undefined symbol : r9
ms\uptable.asm(100) : error A2006:undefined symbol : rax
ms\uptable.asm(101) : error A2006:undefined symbol : rsp
ms\uptable.asm(102) : error A2006:undefined symbol : rax
ms\uptable.asm(109) : error A2006:undefined symbol : rsp
ms\uptable.asm(110) : error A2006:undefined symbol : rsp
ms\uptable.asm(111) : error A2006:undefined symbol : rsp
ms\uptable.asm(112) : error A2006:undefined symbol : rsp
ms\uptable.asm(113) : error A2006:undefined symbol : rcx
ms\uptable.asm(114) : error A2006:undefined symbol : rdx
ms\uptable.asm(116) : error A2006:undefined symbol : rcx
ms\uptable.asm(117) : error A2006:undefined symbol : rdx
ms\uptable.asm(118) : error A2006:undefined symbol : r8
ms\uptable.asm(119) : error A2006:undefined symbol : r9
ms\uptable.asm(120) : error A2006:undefined symbol : rax
ms\uptable.asm(121) : error A2006:undefined symbol : rsp
ms\uptable.asm(122) : error A2006:undefined symbol : rax
ms\uptable.asm(129) : error A2006:undefined symbol : rsp
ms\uptable.asm(130) : error A2006:undefined symbol : rsp
ms\uptable.asm(131) : error A2006:undefined symbol : rsp
ms\uptable.asm(132) : error A2006:undefined symbol : rsp
ms\uptable.asm(133) : error A2006:undefined symbol : rcx
ms\uptable.asm(134) : error A2006:undefined symbol : rdx
ms\uptable.asm(136) : error A2006:undefined symbol : rcx
ms\uptable.asm(137) : error A2006:undefined symbol : rdx
ms\uptable.asm(138) : error A2006:undefined symbol : r8
ms\uptable.asm(139) : error A2006:undefined symbol : r9
ms\uptable.asm(140) : error A2006:undefined symbol : rax
ms\uptable.asm(141) : error A2006:undefined symbol : rsp
ms\uptable.asm(142) : error A2006:undefined symbol : rax
ms\uptable.asm(149) : error A2006:undefined symbol : rsp
ms\uptable.asm(150) : error A2006:undefined symbol : rsp
ms\uptable.asm(151) : error A2006:undefined symbol : rsp
ms\uptable.asm(152) : error A2006:undefined symbol : rsp
ms\uptable.asm(153) : error A2006:undefined symbol : rcx
ms\uptable.asm(154) : error A2006:undefined symbol : rdx
ms\uptable.asm(156) : error A2006:undefined symbol : rcx
ms\uptable.asm(157) : error A2006:undefined symbol : rdx
ms\uptable.asm(158) : error A2006:undefined symbol : r8
ms\uptable.asm(159) : fatal error A1012:error count exceeds 100; stopping assembly
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\bin\HostX86\x86\ml.EXE"' : return code '0x1'
Stop.


Any thoughts?

Thanks,

Chris

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Compiling FIPS-cable OpenSSL on Windows Server 2012R2

OpenSSL - User mailing list
> On Jan 7, 2019, at 11:52, Chris Fernando via openssl-users <[hidden email]> wrote:
>
>>
>> On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users <[hidden email]> wrote:
>>
>> I perused the list archives for all of 2018 and did not see anything current relating to this problem, so if this is a question that has been asked & answered, please feel free to point me at the relevant location to read about what I'm doing incorrectly. =)
>>
>> I'm not at all familiar with Windows & compiling Open Source projects, but I am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module and OpenSSL 1.0.2q (NO FIPS) without issue.
>>
>> [snip]
>>
>>
>> I am doing the following to compile FIPS:
>> cd c:\path\to\fips-source
>> ms\do_fips no-asm
>>
>> I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed):
>> cd c:\path\to\openssl-source
>> nmake -f ms\ntdll.mak clean
>> nmake -f ms\nt.mak clean
>> perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source
>> ms\do_win64a no-asm
>> nmake -f ms\ntdll.mak
>>
>> [snip]
>
>
> Well, I managed to get the compile to move a bit further by copying "inc32" to "include", "util" to "bin", and "out32dll" to "lib" in the FIPS source directory, that I was including in --with-fipsdir= .
>
> However, now I am getting the following error during the OpenSSL build process.
>
> [snip]

So, for anyone searching in the future, I managed to get it to compile ensuring the following:

Ensure the following is installed:
 * Perl (I used Strawberry Perl 5.24.4.1)
 * NASM (I used 2.14.02)
 * MS Visual Studio 2017 Community with the MS Windows SDK (what I used)

- Ensure your Windows PATH variable has NASM and Perl included (not including this is what was causing my errors).
- Start the Visual Studio 'Developer Command Prompt'.
- Change directory to the decompressed openssl source directory.
- Follow the instructions in the OpenSSL FIPS User Guide. I had to ensure '--with-fipsdir=' pointed to where my FIPS object code was installed. It was, purposefully, not in C:\usr\local\ssl\fips-2.0\, which was also causing problems for me.

I appreciate those who reached out to me directly to provide guidance in solving my compile issues.

Thanks,

Chris



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users