search

smuellerDD / acvpparser

ACVP Parser for invocation of cryptographic implementations using the ACVP JSON test vectors
https://www.chronox.de/acvpparser
Other
36 stars 27 forks source link

make openssl build error #14

Closed Nagarjuna-jantali closed 3 years ago

Nagarjuna-jantali commented 3 years ago

Hi ,

I tried "make openssl". it gave gcc -Wextra -Wall -pedantic -fPIE -O2 -Wno-long-long -Werror -DACVP_PARSER_IUT=\"openssl\" -g -DUBUNTU -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fwrapv --param ssp-buffer-size=4 -Iparser -c -o backends/backend_openssl.o backends/backend_openssl.c backends/backend_openssl.c:35:10: fatal error: openssl/fips.h: No such file or directory

include <openssl/fips.h>

      ^~~~~~~~~~~~~~~~

compilation terminated.

which openssl it will refer ? There is no info available about the location of openssl in Makefile.

Do i need to specify the header files and library location in Makefile ?

smuellerDD commented 3 years ago

Am Montag, dem 29.03.2021 um 05:16 -0700 schrieb Nagarjuna-jantali:

Hi ,

I tried "make openssl".  it gave gcc -Wextra -Wall -pedantic -fPIE -O2 -Wno-long-long -Werror - DACVP_PARSER_IUT=\"openssl\" -g -DUBUNTU -D_FORTIFY_SOURCE=2 -fstack- protector-strong -fwrapv --param ssp-buffer-size=4 -Iparser   -c -o backends/backend_openssl.o backends/backend_openssl.c backends/backend_openssl.c:35:10: fatal error: openssl/fips.h: No such file or directory  #include <openssl/fips.h>           ^~~~ compilation terminated.

which openssl it will refer ? There is no info available about the location of openssl in Makefile.

The code is intended to compile with the FIPS version of OpenSSL such as provided by Red Hat, SUSE, Ubuntu or Oracle. There you have that header file.

Ciao Stephan

Do i need to specify the header files and  library location in Makefile ?

Nagarjuna-jantali commented 3 years ago

Hi Stephan,

I included the header file paths in Makefile, still getting compilation error. I am using UBUNTU. I have installed fipsopenssl(openssl-1.0.2l+openssl-fips-2.0.16) in usr/local/ssl .

file included from /usr/local/ssl/include/openssl/objects.h:61:0, from /usr/local/ssl/fips-2.0/include/openssl/evp.h:94, from /usr/local/ssl/fips-2.0/include/openssl/cmac.h:62, from backends/backend_openssl.c:26: /usr/local/ssl/include/openssl/asn1.h:530:9: error: unknown type name ‘ASN1_OBJECT’ ASN1_OBJECT object; ^~~ /usr/local/ssl/include/openssl/asn1.h:783:1: error: unknown type name ‘ASN1_OBJECT’; did you mean ‘V_ASN1_OBJECT’? ASN1_OBJECT ASN1_OBJECT_new(void); ^~~ V_ASN1_OBJECT /usr/local/ssl/include/openssl/asn1.h:784:23: error: unknown type name ‘ASN1_OBJECT’; did you mean ‘V_ASN1_OBJECT’? void ASN1_OBJECT_free(ASN1_OBJECT a); ^~~ V_ASN1_OBJECT /usr/local/ssl/include/openssl/asn1.h:785:21: error: unknown type name ‘ASN1_OBJECT’; did you mean ‘V_ASN1_OBJECT’? int i2d_ASN1_OBJECT(ASN1_OBJECT a, unsigned char pp); ^~~ V_ASN1_OBJECT /usr/local/ssl/include/openssl/asn1.h:786:1: error: unknown type name ‘ASN1_OBJECT’; did you mean ‘V_ASN1_OBJECT’? ASN1_OBJECT c2i_ASN1_OBJECT(ASN1_OBJECT a, const unsigned char pp, ^~~ V_ASN1_OBJECT /usr/local/ssl/include/openssl/asn1.h:786:30: error: unknown type name ‘ASN1_OBJECT’; did you mean ‘V_ASN1_OBJECT’? ASN1_OBJECT c2i_ASN1_OBJECT(ASN1_OBJECT a, const unsigned char pp, ^~~ V_ASN1_OBJECT /usr/local/ssl/include/openssl/asn1.h:788:1: error: unknown type name ‘ASN1_OBJECT’; did you mean ‘V_ASN1_OBJECT’? ASN1_OBJECT d2i_ASN1_OBJECT(ASN1_OBJECT a, const unsigned char pp, ^~~ V_ASN1_OBJECT /usr/local/ssl/include/openssl/asn1.h:788:30: error: unknown type name ‘ASN1_OBJECT’; did you mean ‘V_ASN1_OBJECT’? ASN1_OBJECT d2i_ASN1_OBJECT(ASN1_OBJECT a, const unsigned char **pp, ^~~ V_ASN1_OBJECT

Regards, Nagarjun

smuellerDD commented 3 years ago

Am Montag, dem 29.03.2021 um 06:24 -0700 schrieb Nagarjuna-jantali:

Hi Stephan,

I include header file paths in Makefile, still getting compilation error,

file included from /usr/local/ssl/include/openssl/objects.h:61:0,                  from /usr/local/ssl/fips-2.0/include/openssl/evp.h:94,                  from /usr/local/ssl/fips-2.0/include/openssl/cmac.h:62,                  from backends/backend_openssl.c:26: /usr/local/ssl/include/openssl/asn1.h:530:9: error: unknown type name ‘ASN1_OBJECT’

Neither does the parser code include asn1.h nor does it need any ASN1 symbols. That said, I guess you need to check how your fips.h is to be used.

Cioa Stephan

InternetFreedom commented 3 years ago

Hi @smuellerDD and @Nagarjuna-jantali I am having the same error when I build openssl backends/backend_openssl.c:35:10: fatal error: openssl/fips.h: No such file or directory

include <openssl/fips.h>.

How did you include the header file in the Makefile?

I have FIPS version of Openssl on my Ubuntu system: openssl version OpenSSL 1.0.2h-fips 3 May 2016 and the path to my openssl fips is in /usr/local/ssl/fips-2.0 Thank you, Kayla

smuellerDD commented 3 years ago

OpenSSL on Ubuntu is NOT FIPS-compliant out of the box. You have to obtain a special DEB package from Canonical that is FIPS compliant. That one will definitely work with this parser code as the parser code was used to obtain the ACVP certificates for the Ubuntu FIPS certificate.

InternetFreedom commented 3 years ago

@smuellerDD thank you for your response. Can I build it on an Ubuntu box that has FIPS-compliant OpenSSL and copy it over to the Target box I am trying to obtain a FIPS certificate for? Or do I have to build it the target box directly?

smuellerDD commented 3 years ago

Am Mittwoch, 7. April 2021, 19:12:37 CEST schrieb Internet Freedom Project:

Hi Internet,

@smuellerDD thank you for your response. Can I build it on an Ubuntu box that has FIPS-compliant OpenSSL and copy it over to the Target box I am trying to obtain a FIPS certificate for? Or do I have to build it the target box directly?

You can build the parser everywhere, but the execution for a real certificate has to be done on the machine you want to certify.

Ciao Stephan

Nagarjuna-jantali commented 3 years ago

resolved