Search code examples
c++visual-studio-2015compiler-errorsopensslfips

How do I compile fips capable openssl on Windows x64?

I'm currently using the following steps but I'm having trouble compiling:

Add 64bit/32bit NASM to path: C:\Program Files\NASM for 64 bit

//On 32 bit simply switch to x86 native tool
Open native command prompt for VS2015 x64

or run "C:\Program Files (x86)\Microsoft Visual Studio 
14.0\VC\bin\amd64\vcvars64.bat"

== Environment variables that need to be set ==
Set FPSDIR=C:\Dev\OpenSSL\x64\openssl-fips-ecp-2.0.16
Set PROCESSOR_ARCHITECTURE=AMD64

== Building Fips compliant module ==
cd openssl-fips-ecp-2.0.16
xcopy inc32\* include\* /O /X /E /H /K 
=========
Open ms\do_fips.bat and remove "dll"

[Optional] add "debug" to same line

Open util\mk1mf.pl and add "libcmt.lib LIBCPMT.LIB libcmtd.lib LIBCPMTD.LIB" to EX_LIBS (Line 650 typically)
=========

ms\do_fips
mkdir lib
copy out32.dbg\* lib\*
mkdir bin
copy util\* bin\*
copy out32.dbg\fips_standalone_sha1.exe bin

== Building ==
cd openssl-1.0.2l

======
Open util\pl\VC-32.pl
remove "|| $fips " from line 48 and 133

[Optional]Open ms\do_win64a.bat and add "debug" to line 15 right before VC-WIN64A
======

perl Configure VC-WIN64A fips no-ec2m no-shared -DUNICODE -DOPENSSL_THREADS --with-fipsdir=C:\Dev\OpenSSL\x64\openssl-fips-ecp-2.0.16
ms\do_win64a
nmake -f ms\nt.mak clean
nmake -f ms\ntdll.mak clean
nmake -f ms\nt.mak


//On 32 bit be sure to do 32bit dir and
//Configure VC-WIN32
//ms\do_nasm (add debug here too)

Compiler is failing:

DOPENSSL_THREADS  -DDSO_WIN32 -DOPENSSL_FIPS -DOPENSSL_NO_ERR -DUNICODE -DOPENSSL_THREADS -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -IC:\Dev\OpenSSL\x64\openssl-fips-ecp-2.0.16/include -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_FIPS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_DYNAMIC_ENGINE /Zl /Zi /Fdtmp32/lib -c .\crypto\rand\rand_lib.c

rand_lib.c

.\crypto\rand\rand_lib.c(191): error C2143: syntax error: missing ')' before     '*'
.\crypto\rand\rand_lib.c(191): error C2143: syntax error: missing '{' before '*'
.\crypto\rand\rand_lib.c(191): error C2059: syntax error: 'type'
.\crypto\rand\rand_lib.c(192): error C2059: syntax error: ')'

I looked at the code and it seems that it doesn't know what

DRBG_CTX

I searched and it should be included from FIPS directory, but it isn't, what is wrong with my build steps?

Solution

  • Found it, it seems by default the "include" directory is filled with 0kb files for some reason, I overwrited with the 32 bit include (inc32) directory's contents in the FIPS folder to the "include" one, and it seems to have solved the issue.