'How to add version info to OpenSSL 3.0.2 fips.dll?

On Windows, I basically run these batch commands to build the OpenSSL 3.0.2 FIPS module (fips.dll):

perl Configure VC-WIN64A -MT -Z7 no-shared enable-fips
nmake

After the build completes, the fips.dll has mostly blank details

3.0.2

However, during the build process, an openssl.rc is created with these details

#include <winver.h>

LANGUAGE 0x09,0x01

1 VERSIONINFO
  FILEVERSION 3,0,2,0
  PRODUCTVERSION 3,0,2,0
  FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
  FILEFLAGS 0x01L
#else
  FILEFLAGS 0x00L
#endif
  FILEOS VOS__WINDOWS32
  FILETYPE VFT_APP
  FILESUBTYPE 0x0L
BEGIN
    BLOCK "StringFileInfo"
    BEGIN
        BLOCK "040904b0"
        BEGIN
            // Required:
            VALUE "CompanyName", "The OpenSSL Project, https://www.openssl.org/\0"
            VALUE "FileDescription", "OpenSSL application\0"
            VALUE "FileVersion", "3.0.2\0"
            VALUE "InternalName", "openssl\0"
            VALUE "OriginalFilename", "openssl\0"
            VALUE "ProductName", "The OpenSSL Toolkit\0"
            VALUE "ProductVersion", "3.0.2\0"
            // Optional:
            //VALUE "Comments", "\0"
            VALUE "LegalCopyright", "Copyright 1998-2022 The OpenSSL Authors. All rights reserved.\0"
            //VALUE "LegalTrademarks", "\0"
            //VALUE "PrivateBuild", "\0"
            //VALUE "SpecialBuild", "\0"
        END
    END
    BLOCK "VarFileInfo"
    BEGIN
        VALUE "Translation", 0x409, 0x4b0
    END
END

Question

Is there a way to include those openssl.rc details into the final fips.dll?
Maybe there's an option to some script which can add the version info and hopefully the FIPS file checksum is still valid afterwards?

openssl


Solution 1:[1]

Resolved as follows:

Copy this build generated resource file from

C:\OpenSSL-Builds\openssl-3.0.2\apps\openssl-bin-openssl.res

to

C:\OpenSSL-Builds\OpenSSLoutput-3.0.2\FIPS64\version.res

Download and run

ResourceHacker.exe -open "C:\OpenSSL-Builds\OpenSSLoutput-3.0.2\FIPS64\fips.dll" -save fips.dll -action addoverwrite -resource "C:\OpenSSL-Builds\OpenSSLoutput-3.0.2\FIPS64\version.res"

Important, run this command below to regenerate a FIPS module configuration file. This configuration file can be used each time a FIPS module is loaded in order to pass data to the FIPS module self tests.

openssl.exe fipsinstall -module "C:\OpenSSL-Builds\OpenSSLoutput-3.0.2\FIPS64\fips.dll" -out "C:\OpenSSL-Builds\OpenSSLoutput-3.0.2\FIPS64\fips.cnf"

The fips.dll should now show the updated version info

openssl3.0.version.info

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 vengy

Related Questions

Solving sslv3 alert handshake failure when trying to use a client certificate

make fails to build squid with openssl (deprecated functions used)

Create PKCS#1 formatted RSA key using OpenSSL v3.0.0

Mongodb SSL - unable to get issuer certificate

Convert p12 APNS certificate to base64 string

SSL Error Certificate subject name does not match target host for github.com

How to get configuration.h from configuration.h.in in OpenSSL?

Error opening CA private key when Create the intermediate pair

Create compatible Java "RSA" signature using a PKCS#8 encoded private key

How do I use a X509 certificate with PyCrypto?

gem eventmachine fatal error: 'openssl/ssl.h' file not found

SSL error unsafe legacy renegotiation disabled

PHP Startup: Unable to load dynamic library 'openssl' in Ubuntu

builder error: 'openssl/rand.h' not found [Windows 10]

Building Python 3.7.1 - SSL module failed