I'm attempting to follow the outline at from the OpenSSL Wiki to build a FIPS 140-2 compliant Ubuntu server and I'm stumbling at a reasonably early stage.
I've a new virtual Ubuntu 14.04.5 server with the default OpenSSH server running (so that I've got remote SSH to the system) and then downloaded the OpenSSL FIPS Object Model (openssl-fips-2.0.14.tar.gz) and OpenSSL (openssl-1.1.0e.tar.gz).
Compiling the FIPS side of things seems straight forward enough:
- ./config
- make
- make install
However, when it comes to then compiling OpenSSL, I run into a problem
- ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' shared fips --with-fipslibdir=/usr/local/ssl/fips-2.0/lib/
make
crypto/err/err_all.c:35:27: fatal error: openssl/fips.h: No such file or directory # include <openssl/fips.h> ^ compilation terminated. make[1]: *** [crypto/err/err_all.o] Error 1 make[1]: Leaving directory `/home/user/openssl-1.1.0e' make: *** [all] Error 2
From this SO post, the author states that he overcame this missing fips.h file by correctly setting an additional parameter to the ./config file, that being "--openssldir" but I've attempted to use both "/home/user/openssl-1.1.0e" as well as the existing "/usr/lib/ssl" (obtained using "openssl version -d") but all to no avail.
Performing a "find / -name fips.h" on my system only shows that file in a couple of places, all of which I've tried to use with the "--openssldir" parameter, but again with no luck...
- /usr/src/linux-headers-4.4.0-31/include/linux/fips.h
- /usr/local/ssl/fips-2.0/include/openssl/fips.h
Can anyone supply any insight as to what I'm doing wrong here?
