Cross compiling openssl-fips-1.2 for arm-linux
I'm trying to build openssl-fips-1.2 for an Arm XSCALE 255 running a debian-based linux filesystem. Build system is an x86-Knoppix machine. I've applied the openssl-fips-1.2.crossbuild.patch as advised in the User Manual and Security Policy. After setting $CROSS_COMPILE and $HOSTCC as needed, I am running into a problem during the build where fipsld is trying to generate a signature. Here's the error:make[2]: Entering directory`/hda1/softw-local/uadmas/openssl/openssl-build/openssl-fips-1.2'fips/fipsld: line 121: fips/../fips/fips_premain_dso: cannot execute binaryfileThe file openssl-fips-1.2/fips/fipsld was patched with the following snippet to allow cross-compiling: # generate signature...! if [ -z "${FIPS_SIG}" ]; then! SIG=`"${THERE}/fips/fips_premain_dso" "${TARGET}"`! else! SIG=`"${FIPS_SIG}" -dso "${TARGET}"`! fiNow I'm pretty sure that fips_premain_dso is the wrong path because it is built for the ARM target. I'm having trouble figuring out what $FIPS_SIG should be set to? Do I build an x86 version of fips_premain_dso and point $FIPS_SIG to it? Thanks,Jim/*Jim Rowe*/__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Cross compiling openssl-fips-1.2 for arm-linux
I'm trying to build openssl-fips-1.2 for an Arm XSCALE 255 running a debian-based linux filesystem. Build system is an x86-Knoppix machine. I've applied the openssl-fips-1.2.crossbuild.patch as advised in the User Manual and Security Policy. After setting $CROSS_COMPILE and $HOSTCC as needed, I am running into a problem during the build where fipsld is trying to generate a signature. Here's the error: make[2]: Entering directory `/hda1/softw-local/uadmas/openssl/openssl-build/openssl-fips-1.2' fips/fipsld: line 121: fips/../fips/fips_premain_dso: cannot execute binary file The following section of openssl-fips-1.2/fips/fipsld was patched when I applied the openssl-fips-1.2.crossbuild.patch: # generate signature... ! if [ -z ${FIPS_SIG} ]; then ! SIG=`${THERE}/fips/fips_premain_dso ${TARGET}` ! else ! SIG=`${FIPS_SIG} -dso ${TARGET}` ! fi Now I'm pretty sure that fips_premain_dso is the wrong path because it is built for the ARM target. I'm having trouble figuring out what $FIPS_SIG should be set to? Do I build an x86 version of fips_premain_dso and point $FIPS_SIG to it? Thanks, Jim Rowe __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Cross compiling openssl-fips-1.2 for arm-linux
On Tue, Jan 12, 2010, jim.r...@sncorp.com wrote: I'm trying to build openssl-fips-1.2 for an Arm XSCALE 255 running a debian-based linux filesystem. Build system is an x86-Knoppix machine. I've applied the openssl-fips-1.2.crossbuild.patch as advised in the User Manual and Security Policy. After setting $CROSS_COMPILE and $HOSTCC as needed, I am running into a problem during the build where fipsld is trying to generate a signature. Here's the error: make[2]: Entering directory `/hda1/softw-local/uadmas/openssl/openssl-build/openssl-fips-1.2' fips/fipsld: line 121: fips/../fips/fips_premain_dso: cannot execute binary file The following section of openssl-fips-1.2/fips/fipsld was patched when I applied the openssl-fips-1.2.crossbuild.patch: # generate signature... ! if [ -z ${FIPS_SIG} ]; then ! SIG=`${THERE}/fips/fips_premain_dso ${TARGET}` ! else ! SIG=`${FIPS_SIG} -dso ${TARGET}` ! fi Now I'm pretty sure that fips_premain_dso is the wrong path because it is built for the ARM target. I'm having trouble figuring out what $FIPS_SIG should be set to? Do I build an x86 version of fips_premain_dso and point $FIPS_SIG to it? During a normal build (i.e. not cross compiling) OpenSSL would initially run the executable or run fips_dso against a shared library. This would output the signature to standard output and that signature would be used to relink the target. When cross compiling this can't be done because you need to run an executable on the target system to get the signature. So fips_dso is correct but it just can't be run on the host. You have two options here. One is to write a script that copies the files to the target system, executes them and then returns the signature. The script should be set in the environment variable FIPS_SIG and usage is: $FIPS_SIG -dso target_share_library $FIPS_SIG -exe target_exectutable Since that process will vary from one system to another we can't write a general solution for OpenSSL. The other is to download the incore script from: http://www.openssl.org/docs/fips/incore.gz This attempts to do everything on the host system. It should work but during testing the offset value did need changing sometimes. If you get signature errors on the target system that's the most likely cause. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org