问题
I am doing build for FIPS Object Module and FIPS compatible OpenSSL using openssl-fips-ecp-2.0.9 and openssl-1.0.1j respectively.
Out of which FIPS one compiled successfully. But as per User Guide adding fips option with ./config is giving error:
march=mips32 -fomit-frame-pointer -Wall -Ifips/openssl-fips-ecp-2.0.9/include -DSHA1_ASM -DSHA256_ASM -DAES_ASM -c -o o_fips.o o_fips.c
o_fips.c:60:26: fatal error: openssl/fips.h: No such file or directory
compilation terminated.
make[6]: *** [o_fips.o] Error 1
crypto’s Makefile is using o_fips.c & o_fips.c is having a code like this:
#include "cryptlib.h"
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include <openssl/rand.h>
#endif
Since there is no fips folder to include in the library after 1.0.1 versions. Can anyone please help me out here?
回答1:
Problem solved by giving proper --openssldir and --with-fipsdir options.
回答2:
My current code has two libraries openssl-1.0.2h and openssl-fips-ecp-2.0.12 placed parallel in a folder called libraries. And this is the code I am using in my Makefile:
export HOSTCC=gcc
export FIPSLD_CC=gcc
export FIPSDIR=$(OPENSSLFIPS_TOP_DIR)/../fips_install
export OPENSSLDIR=$(OPENSSL_TOP_DIR)
export PREMAIN_DSO=openssl-1.0.2h/fips_premain_dso
where 'OPENSSL_TOP_DIR' and 'OPENSSLFIPS_TOP_DIR' are the paths to the respective libraries. Later in the Makefile we have to build the libraries like this:
@cd openssl-fips-ecp-2.0.12 path; \
./Configure --cross-compile-prefix=$(CROSS_COMPILE) $(PLATFORM) \
-fPIC no-ec2m
$(MAKE) -C $(OPENSSLFIPS_DIR)
mkdir -p $(FIPSDIR)
$(MAKE) -C $(OPENSSLFIPS_DIR) install
@cd openssl-1.0.2h path; \
./Configure --cross-compile-prefix=$(CROSS_COMPILE) $(PLATFORM) \
fips no-ec2m
$(MAKE) -C $(OPENSSL_DIR)
cp -f $(OPENSSL_DIR)/libssl.so $(LIB_DIR)/libssl.so.1.0.0
cp -f $(OPENSSL_DIR)/libcrypto.so $(LIB_DIR)/libcrypto.so.1.0.0
Here instead of ./Configure you should use ./config after setting all platform specific(cross compilation) variables. Please refer openSSL FIPS User Guide Section 3.4.
The first build will generate fipscanister and other files in fips_install(FIPSDIR) folder. This FIPSDIR will be internally used by openssl library building on mentioning 'fips'
来源:https://stackoverflow.com/questions/29495429/fips-capable-openssl-and-openssl-fips-h-no-such-file-or-directory