# [openssl-users] Compiling FIPS-cable OpenSSL on Windows Server 2012R2

Chris Fernando cfernando at alteryx.com
Thu Jan 17 18:29:21 UTC 2019

> On Jan 7, 2019, at 11:52, Chris Fernando via openssl-users <openssl-users at openssl.org> wrote:
>
>>
>> On Jan 7, 2019, at 09:20, Chris Fernando via openssl-users <openssl-users at openssl.org> wrote:
>>
>> I perused the list archives for all of 2018 and did not see anything current relating to this problem, so if this is a question that has been asked & answered, please feel free to point me at the relevant location to read about what I'm doing incorrectly. =)
>>
>> I'm not at all familiar with Windows & compiling Open Source projects, but I am having no trouble on Linux with OpenSSL + FIPS. On Windows, with Visual Studio 2017 (Community Edition), I am able to compile the FIPS 2.0.16 module and OpenSSL 1.0.2q (NO FIPS) without issue.
>>
>> [snip]
>>
>>
>> I am doing the following to compile FIPS:
>> cd c:\path\to\fips-source
>> ms\do_fips no-asm
>>
>> I am doing the following to compile OpenSSL+FIPS (Strawberry Perl installed):
>> cd c:\path\to\openssl-source
>> nmake -f ms\ntdll.mak clean
>> nmake -f ms\nt.mak clean
>> perl Configure VC-WIN64A fips no-asm --with-fipsdir=c:\path\to\fips-source
>> ms\do_win64a no-asm
>> nmake -f ms\ntdll.mak
>>
>> [snip]
>
>
> Well, I managed to get the compile to move a bit further by copying "inc32" to "include", "util" to "bin", and "out32dll" to "lib" in the FIPS source directory, that I was including in --with-fipsdir= .
>
> However, now I am getting the following error during the OpenSSL build process.
>
> [snip]

So, for anyone searching in the future, I managed to get it to compile ensuring the following:

Ensure the following is installed:
* Perl (I used Strawberry Perl 5.24.4.1)
* NASM (I used 2.14.02)
* MS Visual Studio 2017 Community with the MS Windows SDK (what I used)

- Ensure your Windows PATH variable has NASM and Perl included (not including this is what was causing my errors).
- Start the Visual Studio 'Developer Command Prompt'.
- Change directory to the decompressed openssl source directory.
- Follow the instructions in the OpenSSL FIPS User Guide. I had to ensure '--with-fipsdir=' pointed to where my FIPS object code was installed. It was, purposefully, not in C:\usr\local\ssl\fips-2.0\, which was also causing problems for me.

I appreciate those who reached out to me directly to provide guidance in solving my compile issues.

Thanks,

Chris