[openssl-users] shouldn't fipslink.pl include the fipscanister.lib in the link line?

Sam Roberts vieuxtech at gmail.com
Thu Jul 13 21:46:39 UTC 2017

On Thu, Jul 13, 2017 at 1:41 PM, Dr. Stephen Henson <steve at openssl.org> wrote:
> On Thu, Jul 13, 2017, Sam Roberts wrote:
>> On Thu, Jul 13, 2017 at 12:34 PM, Dr. Stephen Henson <steve at openssl.org> wrote:
>> > If you do want to link against the static libraries then the easiest way to do
>> > that is to examine the contents of nt.mak, look for FIPSLINK and adapt the
>> > rule to your needs.
>> Where is nt.mak? Its mentioned in the User Guide but I didn't find it
>> in the github repo, or tarballs for openssl 1.0.2j or 1.1.0c, or
>> tarballs for openssl-fips 2.0.9, or 2.0.16
> It's created by OpenSSL when you follow the Windows build procedure.

No luck so far. I dowloaded openssl-1.0.2l did the `perl Configure ...
--with=fipsdir...` from section 4.3.3 and don't have a ms/nt.mak.

Or is it openssl-fips that is going to have the ms/nt.mak? I followed
the directions in section 4.3.1 and I have a ms/ntdll.mak, but no

For context, I've never done the openssl perl build (until just now,
to try to get a nt.mak), because I'm working on Node.js. It has
openssl copied into its git repo as a dependency, and builds and
statically links it using a gyp based build system. This works fine
for Linux FIPS, but I'm trying to get it working for Windows FIPS.
First I need to figure out the fipslink.pl commands to call by hand,
then I'll have the fun of trying to convince gyp to generate ninja
files that call fipslink.pl correctly.

More information about the openssl-users mailing list