Hi there:
I'm trying to cross-compile FIPS-capable OpenSSL from Linux to Windows.
I already have a working native Linux build system, and I want to
extend it to support Windows targets without standing up a new host.
My cross-compile process follows the FOM User Guide to the best of my
understanding:
```
export MACHINE="MINGW64"
export SYSTEM="mingw64"
export CROSS_COMPILE="x86_64-w64-mingw32-"
export HOSTCC="gcc"
export FIPS_SIG="${FIPS_HOME}/src/util/msincore"
# build FIPS Object Module
cd ${FIPS_HOME}/src
./config
make
make install
# build OpenSSL
cd ${OPENSSL_HOME}/src
./config fips --prefix=${OPENSSL_FIPS} --with-fipsdir=${OPENSSL_FIPS}
make depend
make
make install
```
`FIPS_HOME`, `OPENSSL_HOME`, and `OPENSSL_FIPS` are the locations of
the FOM source tree, the OpenSSL source tree, and the output directory,
respectively.
The first failure occurs during the FOM `make install` step. The error
is:
```
cp: cannot stat 'fips_standalone_sha1': No such file or directory
```
It turns out that the build steps I've written above produce
`fips_standalone_sha1.exe`, which `make install` can't find. That's a
problem for me, because I know it's against the FIPS certification to
modify anything in the work area, but I can't seem to proceed without
changing that file name.
Just to expose another issue let me violate the certification
temporarily to bypass the problem. When I insert this command before
`make install`:
```
mv ./fips/fips_standalone_sha1.exe ./fips/fips_standalone_sha1
```
the build continues through the FOM and into OpenSSL. In fact, it seems
to get either nearly or completely through `make` before failing at the
incore digest step:
```
no fipstx section at ${FIPS_HOME}/src/util/msincore line 132.
```
This seems to indicate that `msincore` is not getting the kind of
executable it expects, but I'm not sure how to resolve that. I can't
turn up anything interesting on the Web, since most cross-compilation
discussions seem to target Android or iOS. If anyone has any guidance,
I'd appreciate it.
Thank you,
Bradley
signature.asc
Description: This is a digitally signed message part