[openssl-users] shouldn't fipslink.pl include the fipscanister.lib in the link line?
Sam Roberts
vieuxtech at gmail.com
Wed Jul 19 18:27:02 UTC 2017
On Thu, Jul 13, 2017 at 11:07 AM, Sam Roberts <vieuxtech at gmail.com> wrote:
> I'm having trouble linking on Windows with fipslink.pl, lots of FIPS_
> symbols are unresolved.
OK, I attempted to do as ms/nt.mak does, rewriting it as a batch file:
https://github.com/sam-github/node/blob/fips-win-ninja/fipslink.bat,
no luck yet.
The args are passed in %2 as a response file from
https://github.com/sam-github/node/blob/574ddeff5197d097d7d872e2ef03127b95b4d5f9/out/Release/build.ninja#L70-L71,
the rsp file is
https://github.com/sam-github/node/blob/574ddeff5197d097d7d872e2ef03127b95b4d5f9/out/Release/openssl-cli.exe.rsp#L52
Note that the lib names used in the node gyp build of openssl vary a
bit from the perl/ms makefile build.
Anyhow, still the same link errors. My eventual goal is to build a
fips node on Windows (Linux works already), but one of its build
pre-reqs is the openssl CLI:
C:\Users\rsam\node\out\Release>c:\users\rsam\perl\bin\perl.exe c:\usr\local\ssl\
fips-2.0\bin\fipslink.pl /nologo /subsystem:console /opt:ref /debug /out:openssl
-cli.exe .\fips_premain.obj @openssl-cli.exe.rsp
Integrity check OK
"C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\cl.exe" /Fo.\f
ips_premain.obj -c c:\usr\local\ssl\fips-2.0\lib/fips_premain.c
Microsoft (R) C/C++ Optimizing Compiler Version 19.00.24210 for x64
Copyright (C) Microsoft Corporation. All rights reserved.
fips_premain.c
link /nologo /subsystem:console /opt:ref /debug /out:openssl-cli.exe .\fips_prem
ain.obj @openssl-cli.exe.rsp
fips_premain.obj : error LNK2001: unresolved external symbol FIPS_text_start
fips_premain.obj : error LNK2001: unresolved external symbol FIPS_incore_fingerp
rint
fips_premain.obj : error LNK2001: unresolved external symbol FIPS_signature
crypto.lib(openssl.rand_lib.obj) : error LNK2001: unresolved external symbol FIP
S_rand_set_method
crypto.lib(openssl.rand_lib.obj) : error LNK2001: unresolved external symbol FIP
S_get_default_drbg
etc...
I'd love any suggestions, as-is, the only way I can think of to figure
out how FIPS builds are supposed to work is to do a pure-openssl fips
build, get a dump of all the compile and link commands done by the
generated makefiles, s and try working from there to reverse engineer
what the ninja/batch file build should be trying to do.
More information about the openssl-users
mailing list