[openssl.org #3395] Can’t Compile 0.9.8za FIPS on Win 7 32 Bit w/ Visual Studio 2010.

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #3395] Can’t Compile 0.9.8za FIPS on Win 7 32 Bit w/ Visual Studio 2010.

Rich Salz via RT
On Tue Jun 10 20:53:31 2014, [hidden email] wrote:
>
> OpenSSL Support;
>
> I issued the command ms\do_fips (also tried w/ ‘no-ec’ option,) it
> compiles for about 5 minutes, and then throws this error…
>

That's not the correct build procedure. You only call ms\do_fips from the
validated module source. Calling it from 0.9.8 tarballs does not produce a
validated module.

You need to link OpenSSL 0.9.8 to the validate module. See the user guide for
details.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: [openssl.org #3395] Can’t Compile 0.9.8za FIPS on Win 7 32 Bit w/ Visual Studio 2010.

Swenson, Ken_S. (IS)
 
Steve;

    Thanks for replying.  I am using the instructions from section 4.3.1 of UserGuide-2.0.pdf that I found at http://www.openssl.org/docs/fips/.  That appears to be the latest one dated September 2013.  If I should be using something else, please let me know; thanks!

-----Original Message-----
From: Stephen Henson via RT [mailto:[hidden email]]
Sent: Wednesday, June 11, 2014 8:14 PM
To: Swenson, Ken_S. (IS)
Cc: [hidden email]
Subject: EXT :[openssl.org #3395] Can’t Compile 0.9.8za FIPS on Win 7 32 Bit w/ Visual Studio 2010.

On Tue Jun 10 20:53:31 2014, [hidden email] wrote:
>
> OpenSSL Support;
>
> I issued the command ms\do_fips (also tried w/ ‘no-ec’ option,) it
> compiles for about 5 minutes, and then throws this error…
>

That's not the correct build procedure. You only call ms\do_fips from the
validated module source. Calling it from 0.9.8 tarballs does not produce a
validated module.

You need to link OpenSSL 0.9.8 to the validate module. See the user guide for
details.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

:��I"Ϯ��r�m���� (���Z+�7�zZ)���1���x ��h���W^��^��%����&jם.+-1�ځ��j:+v�������h�
Reply | Threaded
Open this post in threaded view
|

RE: [openssl.org #3395] Can’t Compile 0.9.8za FIPS on Win 7 32 Bit w/ Visual Studio 2010.

Rich Salz via RT
 
Steve;

    Thanks for replying.  I am using the instructions from section 4.3.1 of UserGuide-2.0.pdf that I found at http://www.openssl.org/docs/fips/.  That appears to be the latest one dated September 2013.  If I should be using something else, please let me know; thanks!

-----Original Message-----
From: Stephen Henson via RT [mailto:[hidden email]]
Sent: Wednesday, June 11, 2014 8:14 PM
To: Swenson, Ken_S. (IS)
Cc: [hidden email]
Subject: EXT :[openssl.org #3395] Can’t Compile 0.9.8za FIPS on Win 7 32 Bit w/ Visual Studio 2010.

On Tue Jun 10 20:53:31 2014, [hidden email] wrote:
>
> OpenSSL Support;
>
> I issued the command ms\do_fips (also tried w/ ‘no-ec’ option,) it
> compiles for about 5 minutes, and then throws this error…
>

That's not the correct build procedure. You only call ms\do_fips from the
validated module source. Calling it from 0.9.8 tarballs does not produce a
validated module.

You need to link OpenSSL 0.9.8 to the validate module. See the user guide for
details.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #3395] Can’t Compile 0.9.8za FIPS on Win 7 32 Bit w/ Visual Studio 2010.

Andy Schmidt
In reply to this post by Swenson, Ken_S. (IS)
I believe the OpenSSL FIPS Object Module 2.0 is only for OpenSSL 1.0.1? See UserGuide-2.0.pdf, top of page 11.

Andrew Schmidt


On Thu, Jun 12, 2014 at 6:13 AM, Swenson, Ken_S. (IS) <[hidden email]> wrote:

Steve;

    Thanks for replying.  I am using the instructions from section 4.3.1 of UserGuide-2.0.pdf that I found at http://www.openssl.org/docs/fips/.  That appears to be the latest one dated September 2013.  If I should be using something else, please let me know; thanks!

-----Original Message-----
From: Stephen Henson via RT [mailto:[hidden email]]
Sent: Wednesday, June 11, 2014 8:14 PM
To: Swenson, Ken_S. (IS)
Cc: [hidden email]
Subject: EXT :[openssl.org #3395] Can’t Compile 0.9.8za FIPS on Win 7 32 Bit w/ Visual Studio 2010.

On Tue Jun 10 20:53:31 2014, [hidden email] wrote:
>
> OpenSSL Support;
>
> I issued the command ms\do_fips (also tried w/ ‘no-ec’ option,) it
> compiles for about 5 minutes, and then throws this error…
>

That's not the correct build procedure. You only call ms\do_fips from the
validated module source. Calling it from 0.9.8 tarballs does not produce a
validated module.

You need to link OpenSSL 0.9.8 to the validate module. See the user guide for
details.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #3395] Can’t Compile 0.9.8za FIPS on Win 7 32 Bit w/ Visual Studio 2010.

Andy Schmidt
In reply to this post by Rich Salz via RT
Ok, thanks Steve. I didn't realize this problem was a user error.

Unfortunately I have old code using OpenSSL that needs some of the FIPS calls -- I realize this not FIPS compliant. I maybe stuck figuring out how to get these unsupported 0.9.8 builds working e.g. easier than the correct solution of fixing the old code to use the non-FIPS 0.9.8 API.

( New versions of this code are using 1.0.1h at least )
Andy


On Wed, Jun 11, 2014 at 5:13 PM, Stephen Henson via RT <[hidden email]> wrote:
On Tue Jun 10 20:53:31 2014, [hidden email] wrote:
>
> OpenSSL Support;
>
> I issued the command ms\do_fips (also tried w/ ‘no-ec’ option,) it
> compiles for about 5 minutes, and then throws this error…
>

That's not the correct build procedure. You only call ms\do_fips from the
validated module source. Calling it from 0.9.8 tarballs does not produce a
validated module.

You need to link OpenSSL 0.9.8 to the validate module. See the user guide for
details.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: [openssl.org #3395] Can’t Compile 0.9.8za FIPS on Win 7 32 Bit w/ Visual Studio 2010.

Rich Salz via RT
In reply to this post by Swenson, Ken_S. (IS)
You should be using the FIPS Object Module 1.2.x and its associated
User Guide.

> From: Swenson, Ken_S. (IS) [mailto:[hidden email]]
> Sent: Thursday, June 12, 2014 2:14 PM
>
>     Thanks for replying.  I am using the instructions from section
> 4.3.1 of UserGuide-2.0.pdf that I found at
> http://www.openssl.org/docs/fips/.  That appears to be the latest
> one dated September 2013.  If I should be using something else,
> please let me know; thanks!
>
> From: Stephen Henson via RT [mailto:[hidden email]]
> Sent: Wednesday, June 11, 2014 8:14 PM
> On Tue Jun 10 20:53:31 2014, [hidden email] wrote:
> >
> > I issued the command ms\do_fips (also tried w/ ‘no-ec’ option,) it
> > compiles for about 5 minutes, and then throws this error…
>
> That's not the correct build procedure. You only call ms\do_fips from
> the validated module source. Calling it from 0.9.8 tarballs does not
> produce a validated module.
>
> You need to link OpenSSL 0.9.8 to the validate module. See the user
> guide for details.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]