[openssl-dev] Openssl 1.0.2c include the FIPS 140-2 Object Module
Jan Ehrhardt
phpdev at ehrhardt.nl
Sat Jul 11 16:08:58 UTC 2015
Steve Marquess in gmane.comp.encryption.openssl.devel (Wed, 01 Jul 2015
09:53:14 -0400):
>On 07/01/2015 02:24 AM, Patil, Ashwini IN BLR STS wrote:
>> Hello All,
>>
>> Please let me know if openssl-1.0.2c include FIPS 140-2 Object Module.
>> Also please explain how to validate the application.
>
>This question would be more appropriate for the openssl-users list. The
>-dev list is for OpenSSL development issues, not for basic usage questions.
Patil has a point, because FIPS 140-2 building on Windows is broken
since the introduction of applink.c. The generated fips_premain_dso.exe
fails during the building process:
link /nologo /subsystem:console /opt:ref /debug /dll /fixed /map
/base:0xFB00000 /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def
@D:\Temp\nmB1D5.tmp
Creating library out32dll\libeay32.lib and object
out32dll\libeay32.exp
out32dll\fips_premain_dso.exe out32dll\libeay32.dll
OPENSSL_Uplink(00CBB000,08): no OPENSSL_Applink
Get hash failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 60.
NMAKE : fatal error U1077: 'C:\Perl64\bin\perl.EXE' : return code '0x1'
Outside of the building script the error is the same
C:\openssl>out32dll\fips_premain_dso.exe out32dll\libeay32.dll
OPENSSL_Uplink(010CB000,08): no OPENSSL_Applink
Solution: fips/fips_premain.c in the FIPS sources should include
applink.c on Windows
I managed to build a fips_premain_dso.exe with Applink and use that to
create Openssl 1.0.2d fips, but this was certainly not without breaking
the FIPS rules.
It is time for openssl-fips-2.0.10
--
Jan
More information about the openssl-dev
mailing list