如何在Windows x64上编译具有openssl功能的fips?

时间:2017-08-21 21:41:57

标签: c++ visual-studio-2015 compiler-errors openssl fips

我目前正在使用以下步骤,但我在编译时遇到了问题:

Add 64bit/32bit NASM to path: C:\Program Files\NASM for 64 bit

//On 32 bit simply switch to x86 native tool
Open native command prompt for VS2015 x64

or run "C:\Program Files (x86)\Microsoft Visual Studio 
14.0\VC\bin\amd64\vcvars64.bat"

== Environment variables that need to be set ==
Set FPSDIR=C:\Dev\OpenSSL\x64\openssl-fips-ecp-2.0.16
Set PROCESSOR_ARCHITECTURE=AMD64

== Building Fips compliant module ==
cd openssl-fips-ecp-2.0.16
xcopy inc32\* include\* /O /X /E /H /K 
=========
Open ms\do_fips.bat and remove "dll"

[Optional] add "debug" to same line

Open util\mk1mf.pl and add "libcmt.lib LIBCPMT.LIB libcmtd.lib LIBCPMTD.LIB" to EX_LIBS (Line 650 typically)
=========

ms\do_fips
mkdir lib
copy out32.dbg\* lib\*
mkdir bin
copy util\* bin\*
copy out32.dbg\fips_standalone_sha1.exe bin

== Building ==
cd openssl-1.0.2l

======
Open util\pl\VC-32.pl
remove "|| $fips " from line 48 and 133

[Optional]Open ms\do_win64a.bat and add "debug" to line 15 right before VC-WIN64A
======

perl Configure VC-WIN64A fips no-ec2m no-shared -DUNICODE -DOPENSSL_THREADS --with-fipsdir=C:\Dev\OpenSSL\x64\openssl-fips-ecp-2.0.16
ms\do_win64a
nmake -f ms\nt.mak clean
nmake -f ms\ntdll.mak clean
nmake -f ms\nt.mak


//On 32 bit be sure to do 32bit dir and
//Configure VC-WIN32
//ms\do_nasm (add debug here too)

编译器失败:

DOPENSSL_THREADS  -DDSO_WIN32 -DOPENSSL_FIPS -DOPENSSL_NO_ERR -DUNICODE -DOPENSSL_THREADS -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -IC:\Dev\OpenSSL\x64\openssl-fips-ecp-2.0.16/include -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rand\rand_lib.c

rand_lib.c

.\crypto\rand\rand_lib.c(191): error C2143: syntax error: missing ')' before     '*'
.\crypto\rand\rand_lib.c(191): error C2143: syntax error: missing '{' before '*'
.\crypto\rand\rand_lib.c(191): error C2059: syntax error: 'type'
.\crypto\rand\rand_lib.c(192): error C2059: syntax error: ')'

我查看了代码,似乎它不知道是什么

DRBG_CTX

我搜索了它应该包含在FIPS目录中,但它不是,我的构建步骤有什么问题?

2 个答案:

答案 0 :(得分:1)

找到它,默认似乎"包括"由于某种原因,目录中填充了0kb文件,我用FIPS文件夹中的32位include(inc32)目录的内容覆盖了" include"一,似乎已经解决了这个问题。

答案 1 :(得分:1)

如果有人想知道如何构建它并通过fips自我测试。

 Add 64bit/32bit NASM to path: C:\Program Files\NASM for 64 bit

//On 32 bit simply switch to x86 native tool and Set PROCESSOR_ARCHITECTURE=x86
Open native command prompt for VS2015 x64
or run "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\vcvars64.bat"

== Environment variables that need to be set ==
Set FPSDIR=C:\Dev\OpenSSL\x64\openssl-fips-ecp-2.0.16
Set PROCESSOR_ARCHITECTURE=AMD64

== Building Fips compliant module ==
cd openssl-fips-ecp-2.0.16

Open util\mk1mf.pl and add
$cflags.= " -DOPENSSL_FIPS_DEBUGGER";
after line 311

This will disable the fingerprint check for the module, whose purpose is to ensure that the source code hasn't been modified(but leave all other tests intact). 
This is done because the fingerprint check appears to be broken for static libraries.

ms\do_fips
mkdir lib
copy out32dll\* lib\*
mkdir bin
copy util\* bin\*
copy out32dll\fips_standalone_sha1.exe bin
xcopy inc32\* include\* /O /X /E /H /K 

== Building ==
cd openssl-1.0.2l
perl Configure VC-WIN64A fips no-ec2m no-shared -DUNICODE -DOPENSSL_FIPS_DEBUGGER -DOPENSSL_THREADS --with-fipsdir=C:\Dev\OpenSSL\openssl-fips-ecp-2.0.16
ms\do_win64a
nmake -f ms\nt.mak clean
nmake -f ms\ntdll.mak clean
nmake -f ms\nt.mak


//On 32 bit be sure to do 32bit dir and
//Configure VC-WIN32 ms\do_nasm