Hi Jakob,
Thank you so much for really fast reply.
Our toolchain is built once and then pushed into version version
control system. So the based on the repository directory, toolcain
could have become inconsistent in this particular context . I'll try
building the toolchain.
Is it valid FIPS compliant procedure, if I create a shell script
naming gcc , which calls the cross compiler passing additional flags ?
Also our malloc and free has been renamed to suit custom memory
allocator. So if fipscanister.o has reference to malloc and free it
will have problem, when linking with final application.
How to get around this problem as well ?
Thanks,
-Abhijit
On Fri, Mar 8, 2013 at 3:30 PM, Jakob Bohm <jb-open...@wisemo.com> wrote:
> On 3/8/2013 10:34 AM, Abhijit Ray Chaudhury wrote:
>>
>> Hello,
>>
>> I am trying to cross compile FIPS compliant openssl module
>> (openssl-fips-ecp-2.0.2.tar.gz) for linux armv4 pratform :
>>
>> I have used following script to setup the environment:
>> ===============================================
>> export MACHINE=armv4t
>> export RELEASE=2.6.23
>> export SYSTEM=Linux
>> export ARCH=arm
>> export CROSS_COMPILE="/opt/gccarm-4.1.2/bin/"
>> export HOSTCC=/usr/bin/gcc
>> ================================================
>> ./config -t
>> Operating system: armv4t-whatever-linux2
>> Auto Configuring fipsonly
>> Auto Configuring fipsonly
>> Configuring for linux-armv4
>> /usr/bin/perl ./Configure linux-armv4 -Wa,--noexecstack no-bf
>> no-camellia no-cast no-idea no-md2 no-md5 no-mdc2 no-rc2 no-rc4 no-rc5
>> no-ripemd no-seed
>> ==================================================
>> after config the make fails finding include directories :
>> ==================================================
>> In file included from cryptlib.c:117:
>> cryptlib.h:62:20: error: stdlib.h: No such file or directory
>> cryptlib.h:63:20: error: string.h: No such file or directory
>> In file included from cryptlib.h:65,
>> from cryptlib.c:117:
>> ../e_os.h:444:30: error: unistd.h: No such file or directory
>> ../e_os.h:449:29: error: sys/types.h: No such file or directory
>> ==================================================
>>
>> also in my platform malloc and free is redefined to XXX_malloc and
>> XXX_free.
>>
>> Please let me know how to pass CFLAGS to the build system or how to
>> resolve above problems.
>>
> I don't think you can change the CFLAGS without having to go through the
> entire many-thousand-dollars-and-lots-of-time official validation
> process again.
>
> But maybe you can get away with using a cross compiler whose default
> include and library directories point to the cross platform includes
> and libraries.
>
> Try this test to see if your cross compiler is setup to do the right
> thing by default:
>
> $ cat > ./hello.c
> #include <stdlib.h>
> #include <unistd.h>
>
> int main(int argc, char**argv) {
> printf("Hello, World!\n");
> return 0;
> }
> <Press Ctrl+D here>
> $ /opt/gccarm-4.1.2/bin/gcc -o hello hello.c
>
> If the second command above produces a valid Hello, World for your
> target platform, the problem is complicated. But if it fails with
> errors similar to those in the FIPSCANISTER build, then your cross
> compiler is not correctly configured/installed, and that needs to
> be fixed first.
>
> All that being said, note the following caveats:
>
> - Others have reported specific problems with the final checksumming
> steps for the FIPSCANISTER when cross compiling. However they got
> a lot further than you before running in to trouble.
>
> - What you can and cannot do without that expensive revalidation I
> mentioned depends on the exact text of the official OpenSSL FIPS
> documents that were part of the validation of the official
> FIPSCANISTER, so read them carefully.
>
>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
> Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
