Discussion:
Issue linking FIPS with OpenSSL libraries
Amit Pandey
2014-10-01 07:39:38 UTC
Permalink
Hi All,
Having two issues with OpenSSL with FIPS for ANDROID.

Issue 1:
I am compiling OpenSSL-1.0.1i with OpenSSLFips-2.0.7 under MIPS EL
architecture for FIPS support for ANDROID.
And when I crossed compile for using the 'fips shared' config option, I
still get a static libs (libcrypto.a & libssl.a) only.
No dynamic (*.so) libs produced at all.

Issue 2:
For Android add bellow link for Android MIPS:

"android-mips","gcc:-march=mips32 -mandroid -I\$(ANDROID_DEV)/include
-B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer
-Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL
BF_PTR:${mips32_asm}:dlfcn:linux-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR
)",

While compiling OpenSSL & OpenSSLFips separately then both sources compiled
successfully under MIPS arch.
But when trying to linking between them then got error as bellow:

shlib_target=; if [ -n "" ]; then \
shlib_target=""; \
elif [ -n "libcrypto" ]; then \
FIPSLD_CC="mipsel-linux-android-gcc";
CC=/Users/devusr1/OpensslfipsAndroid/fips//bin/fipsld; export CC FIPSLD_CC;
\
fi; \
LIBRARIES="-L.. -lssl -L.. -lcrypto" ; \
make -f ../Makefile.shared -e \
APPNAME=openssl OBJECTS="openssl.o verify.o asn1pars.o req.o dgst.o dh.o
dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o
rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o
s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o
version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o
pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o" \
LIBDEPS=" $LIBRARIES -ldl" \
link_app.${shlib_target}
( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto -ldl}";
LDCMD="${LDCMD:-/Users/devusr1/OpensslfipsAndroid/fips//bin/fipsld}";
LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_LINUX-SHARED
-Wa,--noexecstack -march=mips32 -mandroid
-I/Android/ndk/platforms/android-18/arch-mips/usr/include
-B/Android/ndk/platforms/android-18/arch-mips/usr/lib -O3
-fomit-frame-pointer -Wall -I/Users/devusr1/OpensslfipsAndroid/fips//include
-DSHA1_ASM -DSHA256_ASM -DAES_ASM}"; LIBPATH=`for x in $LIBDEPS; do echo $x;
done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e
's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o
${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o
dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o
rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o
s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o
version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o
pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o
${LIBDEPS} )
<command-line>:0:10: warning: missing whitespace after the macro name
[enabled by default]
../libcrypto.a(bn-mips.o): In function `bn_div_3_words':
(.text+0x700): multiple definition of `bn_div_3_words'
/Users/devusr1/OpensslfipsAndroid/fips//lib//fipscanister.o:(.text+0x415a0):
first defined here
collect2: error: ld returned 1 exit status
make[2]: *** [link_app.] Error 1
make[1]: *** [openssl] Error 2
make: *** [build_apps] Error 1

May be "Fipsld" not called.


Instructions followed for UserGuide-2.0
<https://www.openssl.org/docs/fips/UserGuide-2.0.pdf> and
Setenv-android.sh <http://wiki.openssl.org/images/7/70/Setenv-android.sh>
and executed as:
Android Env:
_ANDROID_SDK = "Android-sdk-mac-x86_64"
_ANDROID_NDK="Android-ndk-r10b"
_ANDROID_API="android-18"
MACHINE=mips
RELEASE=2.6.37
SYSTEM=android export ARCH=mips
CROSS_COMPILE="mipsel-linux-android-"

For FIPS:
cd openssl-fips-2.0.7
./config
make
make install INSTALLTOP=$PWD/../fips
cd ..

For OpenSSL:
cd openssl-1.0.1i
./config fips shared --with-fipsdir=$PWD/../fips
--openssldir=$PWD/../OpenSSLFips
make depend
make
make install



Thanks in Advance
Amit

Loading...