2

I am doing build for FIPS Object Module and FIPS compatible OpenSSL using openssl-fips-ecp-2.0.9 and openssl-1.0.1j respectively.

Out of which FIPS one compiled successfully. But as per User Guide adding fips option with ./config is giving error:

march=mips32 -fomit-frame-pointer -Wall -Ifips/openssl-fips-ecp-2.0.9/include -DSHA1_ASM -DSHA256_ASM -DAES_ASM   -c -o o_fips.o o_fips.c
o_fips.c:60:26: fatal error: openssl/fips.h: No such file or directory
compilation terminated.
make[6]: *** [o_fips.o] Error 1

crypto’s Makefile is using o_fips.c & o_fips.c is having a code like this:

#include "cryptlib.h"
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include <openssl/rand.h>
#endif

Since there is no fips folder to include in the library after 1.0.1 versions. Can anyone please help me out here?

jww
  • 97,681
  • 90
  • 411
  • 885
MEGHANSH SHARMA
  • 71
  • 1
  • 6

2 Answers2

3

Problem solved by giving proper --openssldir and --with-fipsdir options.

MEGHANSH SHARMA
  • 71
  • 1
  • 6
  • I know this is old but I am having the same issue. no matter what path I give such as `/usr/local/ssl/Release-iphoneos` it still gives this error. What path did you end up using? – Bot Jul 20 '16 at 18:16
  • Please see the detailed answer below. – MEGHANSH SHARMA Jul 22 '16 at 12:27
  • Apologies to all for posting in the incorrect format. I've been able to compile now - my issue was that I was attempting to compile the latest version of OpenSSL (1.1.0e) which apparently doesn't work - 1.0.x versions only – bnoeafk May 04 '17 at 18:20
2

My current code has two libraries openssl-1.0.2h and openssl-fips-ecp-2.0.12 placed parallel in a folder called libraries. And this is the code I am using in my Makefile:

export HOSTCC=gcc
export FIPSLD_CC=gcc
export FIPSDIR=$(OPENSSLFIPS_TOP_DIR)/../fips_install
export OPENSSLDIR=$(OPENSSL_TOP_DIR)
export PREMAIN_DSO=openssl-1.0.2h/fips_premain_dso

where 'OPENSSL_TOP_DIR' and 'OPENSSLFIPS_TOP_DIR' are the paths to the respective libraries. Later in the Makefile we have to build the libraries like this:

    @cd openssl-fips-ecp-2.0.12 path; \
        ./Configure --cross-compile-prefix=$(CROSS_COMPILE) $(PLATFORM) \
                    -fPIC no-ec2m
        $(MAKE) -C $(OPENSSLFIPS_DIR)
        mkdir -p $(FIPSDIR)
        $(MAKE) -C $(OPENSSLFIPS_DIR) install

    @cd openssl-1.0.2h path; \
        ./Configure --cross-compile-prefix=$(CROSS_COMPILE) $(PLATFORM) \
                    fips no-ec2m
        $(MAKE) -C $(OPENSSL_DIR)
        cp -f $(OPENSSL_DIR)/libssl.so $(LIB_DIR)/libssl.so.1.0.0
        cp -f $(OPENSSL_DIR)/libcrypto.so $(LIB_DIR)/libcrypto.so.1.0.0

Here instead of ./Configure you should use ./config after setting all platform specific(cross compilation) variables. Please refer openSSL FIPS User Guide Section 3.4.

The first build will generate fipscanister and other files in fips_install(FIPSDIR) folder. This FIPSDIR will be internally used by openssl library building on mentioning 'fips'

MEGHANSH SHARMA
  • 71
  • 1
  • 6
  • Thanks for the update. I am still running into the issue of Undefined symbols for architecture armv7: ... ld: symbol(s) not found for architecture armv7 clang: error: linker command failed with exit code 1 (use -v to see invocation) make[2]: *** [link_app.] Error 1 make[1]: *** [openssl] Error 2 make: *** [build_apps] Error 1 Admins-MacBook-Pro:openssl-1.0.2h user$ ./config -t Operating system: armv7-whatever-iphoneos Configuring for iphoneos-cross /usr/bin/perl ./Configure iphoneos-cross -arch%20armv7 – Bot Jul 22 '16 at 18:22