FIPS Capable OpenSSL and openssl/fips.h: No such file or directory

不问归期 提交于 2020-01-05 09:00:13

问题


I am doing build for FIPS Object Module and FIPS compatible OpenSSL using openssl-fips-ecp-2.0.9 and openssl-1.0.1j respectively.

Out of which FIPS one compiled successfully. But as per User Guide adding fips option with ./config is giving error:

march=mips32 -fomit-frame-pointer -Wall -Ifips/openssl-fips-ecp-2.0.9/include -DSHA1_ASM -DSHA256_ASM -DAES_ASM   -c -o o_fips.o o_fips.c
o_fips.c:60:26: fatal error: openssl/fips.h: No such file or directory
compilation terminated.
make[6]: *** [o_fips.o] Error 1

crypto’s Makefile is using o_fips.c & o_fips.c is having a code like this:

#include "cryptlib.h"
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include <openssl/rand.h>
#endif

Since there is no fips folder to include in the library after 1.0.1 versions. Can anyone please help me out here?


回答1:


Problem solved by giving proper --openssldir and --with-fipsdir options.




回答2:


My current code has two libraries openssl-1.0.2h and openssl-fips-ecp-2.0.12 placed parallel in a folder called libraries. And this is the code I am using in my Makefile:

export HOSTCC=gcc
export FIPSLD_CC=gcc
export FIPSDIR=$(OPENSSLFIPS_TOP_DIR)/../fips_install
export OPENSSLDIR=$(OPENSSL_TOP_DIR)
export PREMAIN_DSO=openssl-1.0.2h/fips_premain_dso

where 'OPENSSL_TOP_DIR' and 'OPENSSLFIPS_TOP_DIR' are the paths to the respective libraries. Later in the Makefile we have to build the libraries like this:

    @cd openssl-fips-ecp-2.0.12 path; \
        ./Configure --cross-compile-prefix=$(CROSS_COMPILE) $(PLATFORM) \
                    -fPIC no-ec2m
        $(MAKE) -C $(OPENSSLFIPS_DIR)
        mkdir -p $(FIPSDIR)
        $(MAKE) -C $(OPENSSLFIPS_DIR) install

    @cd openssl-1.0.2h path; \
        ./Configure --cross-compile-prefix=$(CROSS_COMPILE) $(PLATFORM) \
                    fips no-ec2m
        $(MAKE) -C $(OPENSSL_DIR)
        cp -f $(OPENSSL_DIR)/libssl.so $(LIB_DIR)/libssl.so.1.0.0
        cp -f $(OPENSSL_DIR)/libcrypto.so $(LIB_DIR)/libcrypto.so.1.0.0

Here instead of ./Configure you should use ./config after setting all platform specific(cross compilation) variables. Please refer openSSL FIPS User Guide Section 3.4.

The first build will generate fipscanister and other files in fips_install(FIPSDIR) folder. This FIPSDIR will be internally used by openssl library building on mentioning 'fips'



来源:https://stackoverflow.com/questions/29495429/fips-capable-openssl-and-openssl-fips-h-no-such-file-or-directory

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!