Cross-Compiling w/ FIPS Support from Linux to Windows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi there:

I'm trying to cross-compile FIPS-capable OpenSSL from Linux to Windows.
I already have a working native Linux build system, and I want to
extend it to support Windows targets without standing up a new host.

My cross-compile process follows the FOM User Guide to the best of my
understanding:

```
export MACHINE="MINGW64"
export SYSTEM="mingw64"
export CROSS_COMPILE="x86_64-w64-mingw32-"
export HOSTCC="gcc"
export FIPS_SIG="${FIPS_HOME}/src/util/msincore"

# build FIPS Object Module
cd ${FIPS_HOME}/src
./config
make
make install

# build OpenSSL
cd ${OPENSSL_HOME}/src
./config fips --prefix=${OPENSSL_FIPS} --with-fipsdir=${OPENSSL_FIPS}
make depend
make
make install
```

`FIPS_HOME`, `OPENSSL_HOME`, and `OPENSSL_FIPS` are the locations of
the FOM source tree, the OpenSSL source tree, and the output directory,
respectively.

The first failure occurs during the FOM `make install` step. The error
is:

```
cp: cannot stat 'fips_standalone_sha1': No such file or directory
```

It turns out that the build steps I've written above produce
`fips_standalone_sha1.exe`, which `make install` can't find. That's a
problem for me, because I know it's against the FIPS certification to
modify anything in the work area, but I can't seem to proceed without
changing that file name.

Just to expose another issue let me violate the certification
temporarily to bypass the problem. When I insert this command before
`make install`:

```
mv ./fips/fips_standalone_sha1.exe ./fips/fips_standalone_sha1
```

the build continues through the FOM and into OpenSSL. In fact, it seems
to get either nearly or completely through `make` before failing at the
incore digest step:

```
no fipstx section at ${FIPS_HOME}/src/util/msincore line 132.
```

This seems to indicate that `msincore` is not getting the kind of
executable it expects, but I'm not sure how to resolve that. I can't
turn up anything interesting on the Web, since most cross-compilation
discussions seem to target Android or iOS. If anyone has any guidance,
I'd appreciate it.

Thank you,

Bradley

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux