On 3/8/2013 10:34 AM, Abhijit Ray Chaudhury wrote:
Hello,
I am trying to cross compile FIPS compliant openssl module
(openssl-fips-ecp-2.0.2.tar.gz) for linux armv4 pratform :
I have used following script to setup the environment:
===============================================
export MACHINE=armv4t
export RELEASE=2.6.23
export SYSTEM=Linux
export ARCH=arm
export CROSS_COMPILE="/opt/gccarm-4.1.2/bin/"
export HOSTCC=/usr/bin/gcc
================================================
./config -t
Operating system: armv4t-whatever-linux2
Auto Configuring fipsonly
Auto Configuring fipsonly
Configuring for linux-armv4
/usr/bin/perl ./Configure linux-armv4 -Wa,--noexecstack no-bf
no-camellia no-cast no-idea no-md2 no-md5 no-mdc2 no-rc2 no-rc4 no-rc5
no-ripemd no-seed
==================================================
after config the make fails finding include directories :
==================================================
In file included from cryptlib.c:117:
cryptlib.h:62:20: error: stdlib.h: No such file or directory
cryptlib.h:63:20: error: string.h: No such file or directory
In file included from cryptlib.h:65,
from cryptlib.c:117:
../e_os.h:444:30: error: unistd.h: No such file or directory
../e_os.h:449:29: error: sys/types.h: No such file or directory
==================================================
also in my platform malloc and free is redefined to XXX_malloc and XXX_free.
Please let me know how to pass CFLAGS to the build system or how to
resolve above problems.
I don't think you can change the CFLAGS without having to go through the
entire many-thousand-dollars-and-lots-of-time official validation
process again.
But maybe you can get away with using a cross compiler whose default
include and library directories point to the cross platform includes
and libraries.
Try this test to see if your cross compiler is setup to do the right
thing by default:
$ cat > ./hello.c
#include <stdlib.h>
#include <unistd.h>
int main(int argc, char**argv) {
printf("Hello, World!\n");
return 0;
}
<Press Ctrl+D here>
$ /opt/gccarm-4.1.2/bin/gcc -o hello hello.c
If the second command above produces a valid Hello, World for your
target platform, the problem is complicated. But if it fails with
errors similar to those in the FIPSCANISTER build, then your cross
compiler is not correctly configured/installed, and that needs to
be fixed first.
All that being said, note the following caveats:
- Others have reported specific problems with the final checksumming
steps for the FIPSCANISTER when cross compiling. However they got
a lot further than you before running in to trouble.
- What you can and cannot do without that expensive revalidation I
mentioned depends on the exact text of the official OpenSSL FIPS
documents that were part of the validation of the official
FIPSCANISTER, so read them carefully.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
