2

I am doing build for FIPS Object Module and FIPS compatible OpenSSL using openssl-fips-ecp-2.0.9 and openssl-1.0.1j respectively.

Out of which FIPS one compiled successfully. But as per User Guide adding fips option with ./config is giving error:

march=mips32 -fomit-frame-pointer -Wall -Ifips/openssl-fips-ecp-2.0.9/include -DSHA1_ASM -DSHA256_ASM -DAES_ASM -c -o o_fips.o o_fips.c o_fips.c:60:26: fatal error: openssl/fips.h: No such file or directory compilation terminated. make[6]: *** [o_fips.o] Error 1

crypto’s Makefile is using o_fips.c & o_fips.c is having a code like this:

#include "cryptlib.h" #ifdef OPENSSL_FIPS #include <openssl/fips.h> #include <openssl/fips_rand.h> #include <openssl/rand.h> #endif

Since there is no fips folder to include in the library after 1.0.1 versions. Can anyone please help me out here?

Improve this question

2 Answers 2

Reset to default
3

Problem solved by giving proper --openssldir and --with-fipsdir options.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I know this is old but I am having the same issue. no matter what path I give such as /usr/local/ssl/Release-iphoneos it still gives this error. What path did you end up using?
Please see the detailed answer below.
Apologies to all for posting in the incorrect format. I've been able to compile now - my issue was that I was attempting to compile the latest version of OpenSSL (1.1.0e) which apparently doesn't work - 1.0.x versions only
2

My current code has two libraries openssl-1.0.2h and openssl-fips-ecp-2.0.12 placed parallel in a folder called libraries. And this is the code I am using in my Makefile:

export HOSTCC=gcc export FIPSLD_CC=gcc export FIPSDIR=$(OPENSSLFIPS_TOP_DIR)/../fips_install export OPENSSLDIR=$(OPENSSL_TOP_DIR) export PREMAIN_DSO=openssl-1.0.2h/fips_premain_dso

where 'OPENSSL_TOP_DIR' and 'OPENSSLFIPS_TOP_DIR' are the paths to the respective libraries. Later in the Makefile we have to build the libraries like this:

 @cd openssl-fips-ecp-2.0.12 path; \ ./Configure --cross-compile-prefix=$(CROSS_COMPILE) $(PLATFORM) \ -fPIC no-ec2m $(MAKE) -C $(OPENSSLFIPS_DIR) mkdir -p $(FIPSDIR) $(MAKE) -C $(OPENSSLFIPS_DIR) install @cd openssl-1.0.2h path; \ ./Configure --cross-compile-prefix=$(CROSS_COMPILE) $(PLATFORM) \ fips no-ec2m $(MAKE) -C $(OPENSSL_DIR) cp -f $(OPENSSL_DIR)/libssl.so $(LIB_DIR)/libssl.so.1.0.0 cp -f $(OPENSSL_DIR)/libcrypto.so $(LIB_DIR)/libcrypto.so.1.0.0

Here instead of ./Configure you should use ./config after setting all platform specific(cross compilation) variables. Please refer openSSL FIPS User Guide Section 3.4.

The first build will generate fipscanister and other files in fips_install(FIPSDIR) folder. This FIPSDIR will be internally used by openssl library building on mentioning 'fips'

Improve this answer

1 Comment

Thanks for the update. I am still running into the issue of Undefined symbols for architecture armv7: ... ld: symbol(s) not found for architecture armv7 clang: error: linker command failed with exit code 1 (use -v to see invocation) make[2]: *** [link_app.] Error 1 make[1]: *** [openssl] Error 2 make: *** [build_apps] Error 1 Admins-MacBook-Pro:openssl-1.0.2h user$ ./config -t Operating system: armv7-whatever-iphoneos Configuring for iphoneos-cross /usr/bin/perl ./Configure iphoneos-cross -arch%20armv7

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.