Reputation: 102205
FIPS Capable OpenSSL and `make depend`
I'm trying to build a FIPS Capable OpenSSL for an iDevice. I'm working with the FIPS 2.0 gear, and the 1.0.1 sources. Step 1 is OpenSSL FIPS Object Module, and it went fairly well. Step 2 is FIPS Capable OpenSSL.
To configure FIPS Capable OpenSSL, we perform:
./config -no-dtls --with-fiplibdir=/usr/local/ssl/iphoneos/lib
-no-dtls is required because Apple omitted STCP and friends. I don't want to make STCP and DTLS a dependency in this process, so -no-dtls is the obvious choice. In addition, third party STCP will surely lack Xcode and cross-compilation support.
However, the -no-dtls requires we run make depend. make depend is causing me:
openssl-1.0.1c jwalton$ make depend
making depend in crypto...
../util/domd: line 30: makedepend: command not found
mv: Makefile.new: No such file or directory
make[1]: *** [depend] Error 127
make: *** [depend] Error 1
I tried finding makedepend on this system (2012 MBP, Xcode 4.5), but its MIA:
$ find /Applications/Xcode.app/ -name makedepend 2>/dev/null
$ find /usr/ -name makedepend 2>/dev/null
$ find /bin/ -name makedepend 2>/dev/null
$
make depend is essential here. When I attempt to continue without it, I run into the STCP problem. Hence the requirement:
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/llvm-gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch armv7 -O3 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS6.0.sdk -fomit-frame-pointer -fno-common -c -o bss_dgram.o bss_dgram.c
bss_dgram.c:74:26: error: netinet/sctp.h: No such file or directory
bss_dgram.c: In function ‘BIO_new_dgram_sctp’:
bss_dgram.c:843: error: storage size of ‘auth’ isn’t known
bss_dgram.c:860: error: ‘SCTP_AUTH_CHUNK’ undeclared (first use in this function)
bss_dgram.c:860: error: (Each undeclared identifier is reported only once
bss_dgram.c:860: error: for each function it appears in.)
bss_dgram.c:860: error: invalid application of ‘sizeof’ to incomplete type ‘struct sctp_authchunk’
I went to X.org and fetched the package. The package won't build from sources due to missing dependencies. I see this going on ad infinitium (I've been down that road before).
What are my options here?
Upvotes: 3
Views: 3662
Answers (1)
Reputation: 102205
To configure FIPS Capable OpenSSL, we perform:
./config -no-dtls --with-fiplibdir=/usr/local/ssl/iphoneos/lib
Dooh... it should be ./config fips -no-dtls...
Upvotes: 4
Related Questions
- How to create a FIPS-capable OpenSSL in a Bitbake recipe?
- How to upgrade openssl 1.1.0e to openssl fips 2.0.x version in linux?
- FIPS Capable OpenSSL cross-compiled: incore fingerprint issue
- FIPS Capable OpenSSL and openssl/fips.h: No such file or directory
- How to dynamically use FIPS and non-FIPS openssl library based on flags?
- Building OpenSSL with FIPS on Mac OSX 10.11
- Consuming FIPS validated OpenSSL runtime
- Compiling openssl-fips on Solaris10 x86
- No fips and --with-fipsdir arguments in OpenSSL 1.0.0l configure script
- use of make depend while compiling fips enabled openssl