交叉编译OpenSSL FIPS版本

作者: MrDecoder | 来源:发表于2019-10-17 11:08 被阅读0次

交叉编译OpenSSL FIPS版本
centos7.6升级openssl和openssh
openssl升级
交叉编译OpenSSL和paho.mqtt.c
交叉编译OpenSSL和paho.mqtt.c
项目实战-广域网智能家居-把mosquitto移植到arm上
debian 交叉编译 openssl
交叉编译openssl for arm-linux-androi
交叉编译openssl for arm-linux-androi
OpenSSL：生成 pfx 证书

// S1: Build steps refer steps below:[Or refer the link directly:https://wiki.openssl.org/index.php/FIPS_Library_and_Android]

The instructions that follow depend upon a properly configured Android NDK. 
The NDK is used to compile programs and link the OpenSSL library; 
Be sure ANDROID_NDK_ROOT is set properly.

//////////////////Pre-step1:Configure ANDROID_NDK_ROOT /////////////////////////////
$ sudo vim /etc/profile
export ANDROID_NDK_ROOT=/home/henryhu/android_fips/android-ndk-r14b[depends on detail path]
export PATH=$ANDROID_NDK_ROOT:$PATH
source /etc/profile

//////////////////Pre-step2:Configure setenv-android.sh ////////////////////////////
# Set ANDROID_NDK_ROOT to you NDK location. For example,
# /opt/android-ndk-r8e or /opt/android-ndk-r9. This can be done in a
# login script. If ANDROID_NDK_ROOT is not specified, the script will
# try to pick it up with the value of _ANDROID_NDK_ROOT below. If
# ANDROID_NDK_ROOT is set, then the value is ignored.
_ANDROID_NDK="android-ndk-r18b"

# Set _ANDROID_EABI to the EABI you want to use. You can find the
# list in $ANDROID_NDK_ROOT/toolchains. This value is always used.
_ANDROID_EABI="arm-linux-androideabi-4.9"

# Set _ANDROID_ARCH to the architecture you are building for.
# This value is always used.
_ANDROID_ARCH=arch-arm

# Set _ANDROID_API to the API you want to use. You should set it
# to one of: android-14, android-9, android-8, android-14, android-5
# android-4, or android-3. You can't set it to the latest (for
# example, API-17) because the NDK does not supply the platform. At
# Android 5.0, there will likely be another platform added (android-22?).
# This value is always used.
_ANDROID_API="android-23"

//////////////////Section 1:Build the FIPS Object Module ///////////////////////////
# From the 'root' directory
$ . ./setenv-android.sh
$ cd openssl-fips-x.x.x/

$ ./config
$ make
$ sudo make install

# Execute after install
$ sudo -E cp $FIPS_SIG /usr/local/ssl/fips-2.0/bin
$ sudo -E mv /usr/local/ssl/fips-2.0/ /usr/local/ssl/$ANDROID_API

////////////////////Section2:Build the FIPS Capable Library////////////////////////
# From the 'root' directory
$ . ./setenv-android.sh
$ cd openssl-x.x.x/

$ perl -pi -e 's/install: all install_docs install_sw/install: install_docs install_sw/g' Makefile.org
$ ./config fips shared no-ssl2 no-ssl3 no-comp no-hw no-engine --openssldir=/usr/local/ssl/$ANDROID_API \
  --with-fipsdir=/usr/local/ssl/$ANDROID_API --with-fipslibdir=/usr/local/ssl/$ANDROID_API/lib/

$ make depend
$ make all
$ sudo -E make install CC=$ANDROID_TOOLCHAIN/arm-linux-androideabi-gcc RANLIB=$ANDROID_TOOLCHAIN/arm-linux-androideabi-ranlib

////////////////////Section3:Build the wrapper library based on Section1&2//////////
$ . ./setenv-android.sh
$ export CC=`find /usr/local/ssl/$ANDROID_API -name fipsld`
$ export FIPSLD_CC="$ANDROID_TOOLCHAIN/aarch64-linux-android-gcc"
$ export OPENSSL_ANDROID=/usr/local/ssl/android-23  // This depends on the detail build platform.

$ $CC sha.cpp -fPIC -pie -shared --sysroot="$ANDROID_SYSROOT" -I/usr/local/ssl/android-23/include  -Wl,-Bstatic -lcrypto -lssl -L$OPENSSL_ANDROID/lib  -o libtestwrapper.so -Wl,-Bdynamic

一、Build 32

1.1 buildopenssl.sh

#!/bin/bash
rm -rf openssl-1.0.2t
tar -zxf openssl-1.0.2t.tar.gz

. ./setenv-reset.sh
. ./setenv-android.sh

cd openssl-1.0.2t

perl -pi -e 's/SHARED_LIBS=\n/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)\n/' Makefile.org

perl -pi -e 's/install: all install_docs install_sw/install: install_sw/g' Makefile.org

./config fips no-ssl2 no-ssl3 no-comp no-hw no-engine \
 --openssldir=/usr/local/ssl/$ANDROID_API/ \
 --with-fipsdir=/usr/local/ssl/$ANDROID_API/ \
 --with-fipslibdir=/usr/local/ssl/$ANDROID_API/lib/

make depend
make all

find . -name libcrypto.a
readelf -h ./libcrypto.a | grep -i 'class\|machine' | head -2

sudo -E make install CC=$ANDROID_TOOLCHAIN/arm-linux-androideabi-gcc RANLIB=$ANDROID_TOOLCHAIN/arm-linux-androideabi-ranlib

#make install

1.2 buildfips.sh

#!/bin/bash
rm -rf openssl-fips-2.0.16
tar -zxf openssl-fips-2.0.16.tar.gz

. ./setenv-reset.sh
. ./setenv-android.sh

cd openssl-fips-2.0.16

./config  
make
sudo make install

sudo mv /usr/local/ssl/fips-2.0/ /usr/local/ssl/$ANDROID_API
#ls /usr/local/ssl
sudo cp ./util/incore /usr/local/ssl/$ANDROID_API/bin/
ls /usr/local/ssl/$ANDROID_API/bin

1.3 setenv-android.sh

#!/bin/bash
# Cross-compile environment for Android on ARMv7 and x86
#
# Contents licensed under the terms of the OpenSSL license
# http://www.openssl.org/source/license.html
#
# See http://wiki.openssl.org/index.php/FIPS_Library_and_Android
#   and http://wiki.openssl.org/index.php/Android

#####################################################################

# Set ANDROID_NDK_ROOT to you NDK location. For example,
# /opt/android-ndk-r8e or /opt/android-ndk-r9. This can be done in a
# login script. If ANDROID_NDK_ROOT is not specified, the script will
# try to pick it up with the value of _ANDROID_NDK_ROOT below. If
# ANDROID_NDK_ROOT is set, then the value is ignored.
# _ANDROID_NDK="android-ndk-r8e"
_ANDROID_NDK="android-ndk-r18b"
# _ANDROID_NDK="android-ndk-r10"

# Set _ANDROID_EABI to the EABI you want to use. You can find the
# list in $ANDROID_NDK_ROOT/toolchains. This value is always used.
# _ANDROID_EABI="x86-4.6"
# _ANDROID_EABI="arm-linux-androideabi-4.6"
#_ANDROID_EABI="arm-linux-androideabi-4.9"
_ANDROID_EABI="arm-linux-androideabi-4.9"

# Set _ANDROID_ARCH to the architecture you are building for.
# This value is always used.
# _ANDROID_ARCH=arch-arm64
_ANDROID_ARCH=arch-arm

# Set _ANDROID_API to the API you want to use. You should set it
# to one of: android-14, android-9, android-8, android-14, android-5
# android-4, or android-3. You can't set it to the latest (for
# example, API-17) because the NDK does not supply the platform. At
# Android 5.0, there will likely be another platform added (android-22?).
# This value is always used.
# _ANDROID_API="android-14"
_ANDROID_API="android-23"
# _ANDROID_API="android-19"

#####################################################################

# If the user did not specify the NDK location, try and pick it up.
# We expect something like ANDROID_NDK_ROOT=/opt/android-ndk-r8e
# or ANDROID_NDK_ROOT=/usr/local/android-ndk-r8e.

if [ -z "$ANDROID_NDK_ROOT" ]; then

  _ANDROID_NDK_ROOT=""
  if [ -z "$_ANDROID_NDK_ROOT" ] && [ -d "/usr/local/$_ANDROID_NDK" ]; then
    _ANDROID_NDK_ROOT="/usr/local/$_ANDROID_NDK"
  fi

  if [ -z "$_ANDROID_NDK_ROOT" ] && [ -d "/opt/$_ANDROID_NDK" ]; then
    _ANDROID_NDK_ROOT="/opt/$_ANDROID_NDK"
  fi

  if [ -z "$_ANDROID_NDK_ROOT" ] && [ -d "$HOME/$_ANDROID_NDK" ]; then
    _ANDROID_NDK_ROOT="$HOME/$_ANDROID_NDK"
  fi

  if [ -z "$_ANDROID_NDK_ROOT" ] && [ -d "$PWD/$_ANDROID_NDK" ]; then
    _ANDROID_NDK_ROOT="$PWD/$_ANDROID_NDK"
  fi

  # If a path was set, then export it
  if [ ! -z "$_ANDROID_NDK_ROOT" ] && [ -d "$_ANDROID_NDK_ROOT" ]; then
    export ANDROID_NDK_ROOT="$_ANDROID_NDK_ROOT"
  fi
fi

# Error checking
# ANDROID_NDK_ROOT should always be set by the user (even when not running this script)
# http://groups.google.com/group/android-ndk/browse_thread/thread/a998e139aca71d77
if [ -z "$ANDROID_NDK_ROOT" ] || [ ! -d "$ANDROID_NDK_ROOT" ]; then
  echo "Error: ANDROID_NDK_ROOT is not a valid path. Please edit this script."
  # echo "$ANDROID_NDK_ROOT"
  # exit 1
fi

# Error checking
if [ ! -d "$ANDROID_NDK_ROOT/toolchains" ]; then
  echo "Error: ANDROID_NDK_ROOT/toolchains is not a valid path. Please edit this script."
  # echo "$ANDROID_NDK_ROOT/toolchains"
  # exit 1
fi

# Error checking
if [ ! -d "$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI" ]; then
  echo "Error: ANDROID_EABI is not a valid path. Please edit this script."
  # echo "$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI"
  # exit 1
fi

#####################################################################

# Based on ANDROID_NDK_ROOT, try and pick up the required toolchain. We expect something like:
# /opt/android-ndk-r83/toolchains/arm-linux-androideabi-4.7/prebuilt/linux-x86_64/bin
# Once we locate the toolchain, we add it to the PATH. Note: this is the 'hard way' of
# doing things according to the NDK documentation for Ice Cream Sandwich.
# https://android.googlesource.com/platform/ndk/+/ics-mr0/docs/STANDALONE-TOOLCHAIN.html

ANDROID_TOOLCHAIN=""
for host in "linux-x86_64" "linux-x86" "darwin-x86_64" "darwin-x86"
do
  if [ -d "$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI/prebuilt/$host/bin" ]; then
    ANDROID_TOOLCHAIN="$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI/prebuilt/$host/bin"
    break
  fi
done

# Error checking
if [ -z "$ANDROID_TOOLCHAIN" ] || [ ! -d "$ANDROID_TOOLCHAIN" ]; then
  echo "Error: ANDROID_TOOLCHAIN is not valid. Please edit this script."
  # echo "$ANDROID_TOOLCHAIN"
  # exit 1
fi

case $_ANDROID_ARCH in
    arch-arm)     
      ANDROID_TOOLS="arm-linux-androideabi-gcc arm-linux-androideabi-ranlib arm-linux-androideabi-ld"
    ;;
    arch-arm64)
    ANDROID_TOOLS="aarch64-linux-android-gcc aarch64-linux-android-ranlib aarch64-linux-android-ld"
      ;;
    arch-x86)     
      ANDROID_TOOLS="i686-linux-android-gcc i686-linux-android-ranlib i686-linux-android-ld"
      ;;      
    *)
      echo "ERROR ERROR ERROR"
      ;;
esac

for tool in $ANDROID_TOOLS
do
  # Error checking
  if [ ! -e "$ANDROID_TOOLCHAIN/$tool" ]; then
    echo "Error: Failed to find $tool. Please edit this script."
    # echo "$ANDROID_TOOLCHAIN/$tool"
    # exit 1
  fi
done

# Only modify/export PATH if ANDROID_TOOLCHAIN good
if [ ! -z "$ANDROID_TOOLCHAIN" ]; then
  export ANDROID_TOOLCHAIN="$ANDROID_TOOLCHAIN"
  export PATH="$ANDROID_TOOLCHAIN":"$PATH"
fi

#####################################################################

# For the Android SYSROOT. Can be used on the command line with --sysroot
# https://android.googlesource.com/platform/ndk/+/ics-mr0/docs/STANDALONE-TOOLCHAIN.html
export ANDROID_SYSROOT="$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH"
export CROSS_SYSROOT="$ANDROID_SYSROOT"
export NDK_SYSROOT="$ANDROID_SYSROOT"

# Error checking
if [ -z "$ANDROID_SYSROOT" ] || [ ! -d "$ANDROID_SYSROOT" ]; then
  echo "Error: ANDROID_SYSROOT is not valid. Please edit this script."
  # echo "$ANDROID_SYSROOT"
  # exit 1
fi

#####################################################################

# If the user did not specify the FIPS_SIG location, try and pick it up
# If the user specified a bad location, then try and pick it up too.
if [ -z "$FIPS_SIG" ] || [ ! -e "$FIPS_SIG" ]; then

  # Try and locate it
  _FIPS_SIG=""
  if [ -d "/usr/local/ssl/$_ANDROID_API" ]; then
    _FIPS_SIG=`find "/usr/local/ssl/$_ANDROID_API" -name incore`
  fi

  if [ ! -e "$_FIPS_SIG" ]; then
    _FIPS_SIG=`find $PWD -name incore`
  fi

  # If a path was set, then export it
  if [ ! -z "$_FIPS_SIG" ] && [ -e "$_FIPS_SIG" ]; then
    export FIPS_SIG="$_FIPS_SIG"
  fi
fi

# Error checking. Its OK to ignore this if you are *not* building for FIPS
if [ -z "$FIPS_SIG" ] || [ ! -e "$FIPS_SIG" ]; then
  echo "Error: FIPS_SIG does not specify incore module. Please edit this script."
  # echo "$FIPS_SIG"
  # exit 1
fi

#####################################################################

# Most of these should be OK (MACHINE, SYSTEM, ARCH). RELEASE is ignored.
export MACHINE=armv7
export RELEASE=2.6.37
export SYSTEM=android
export ARCH=arm
export CROSS_COMPILE="arm-linux-androideabi-"

if [ "$_ANDROID_ARCH" == "arch-x86" ]; then
    export MACHINE=i686
    export RELEASE=2.6.37
    export SYSTEM=android
    export ARCH=x86
    export CROSS_COMPILE="i686-linux-android-"
fi

# For the Android toolchain
# https://android.googlesource.com/platform/ndk/+/ics-mr0/docs/STANDALONE-TOOLCHAIN.html
export ANDROID_SYSROOT="$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH"
export SYSROOT="$ANDROID_SYSROOT"
export NDK_SYSROOT="$ANDROID_SYSROOT"
export ANDROID_NDK_SYSROOT="$ANDROID_SYSROOT"
export ANDROID_API="$_ANDROID_API"

# CROSS_COMPILE and ANDROID_DEV are DFW (Don't Fiddle With). Its used by OpenSSL build system.
# export CROSS_COMPILE="arm-linux-androideabi-"
export ANDROID_DEV="$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH/usr"
export HOSTCC=gcc

VERBOSE=1
if [ ! -z "$VERBOSE" ] && [ "$VERBOSE" != "0" ]; then
  echo "ANDROID_NDK_ROOT: $ANDROID_NDK_ROOT"
  echo "ANDROID_ARCH: $_ANDROID_ARCH"
  echo "ANDROID_EABI: $_ANDROID_EABI"
  echo "ANDROID_API: $ANDROID_API"
  echo "ANDROID_SYSROOT: $ANDROID_SYSROOT"
  echo "ANDROID_TOOLCHAIN: $ANDROID_TOOLCHAIN"
  echo "FIPS_SIG: $FIPS_SIG"
  echo "CROSS_COMPILE: $CROSS_COMPILE"
  echo "ANDROID_DEV: $ANDROID_DEV"
fi

1.4 setenv-reset.sh

#!/bin/bash
#
# reset vars from other platforms
#

unset MACHINE
unset SYSTEM
unset CROSS_COMPILE
unset CROSS_COMPILE_SUFFIX
unset HOSTCC
unset FIPS_SIG
unset INSTALL_PREFIX
unset cross_arch

PATH=/usr/bin:$PATH

二、Build 64

2.1 buildopenssl64.sh

#!/bin/bash
rm -rf openssl-1.0.2t
tar -zxf openssl-1.0.2t.tar.gz

. ./setenv-reset.sh
. ./setenv-android64.sh

cd openssl-1.0.2t
  
perl -pi -e 's/SHARED_LIBS=\n/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)\n/' Makefile.org

perl -pi -e 's/install: all install_docs install_sw/install: install_sw/g' Makefile.org
 
perl -pi -e 's/"linux-aarch64"/"linux-aarch64" ;;\n aarch64-*-android) OUT="android64-aarch64"/' config

perl -pi -e 's/"android"/"android64-aarch64","gcc:-mandroid -fPIC -I\\\$(ANDROID_DEV)\/include -B\\\$(ANDROID_DEV)\/lib -O3 -Wall::-D_REENTRANT::-pie%-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:\${aarch64_asm}:linux64:dlfcn:linux-shared:::.so.\\\$(SHLIB_MAJOR).\\\$(SHLIB_MINOR)",\n "android"/' Configure


./config fips no-ssl2 no-ssl3 no-comp no-hw no-engine \
 --openssldir=/usr/local/ssl/$ANDROID_API/ \
 --with-fipsdir=/usr/local/ssl/$ANDROID_API/ \
 --with-fipslibdir=/usr/local/ssl/$ANDROID_API/lib/

make depend
make 

sudo -E make install CC=$ANDROID_TOOLCHAIN/aarch64-linux-android-gcc RANLIB=$ANDROID_TOOLCHAIN/aarch64-linux-android-ranlib

#make install

2.2 buildfips64.sh

#!/bin/bash
rm -rf openssl-fips-2.0.16
tar -zxf openssl-fips-2.0.16.tar.gz

. ./setenv-reset.sh
. ./setenv-android64.sh

cd openssl-fips-2.0.16

./config
 make
find . -name fipscanister.o
readelf -h ./fips/fipscanister.o | grep -i 'class\|machine'

sudo make install

sudo mv /usr/local/ssl/fips-2.0/ /usr/local/ssl/$ANDROID_API
#ls /usr/local/ssl
sudo cp ./util/incore /usr/local/ssl/$ANDROID_API/bin/
ls /usr/local/ssl/$ANDROID_API/bin

2.3 setenv-android64.sh

#!/bin/bash
# Cross-compile environment for Android on ARMv7 and x86
#
# Contents licensed under the terms of the OpenSSL license
# http://www.openssl.org/source/license.html
#
# See http://wiki.openssl.org/index.php/FIPS_Library_and_Android
#   and http://wiki.openssl.org/index.php/Android

#####################################################################

# Set ANDROID_NDK_ROOT to you NDK location. For example,
# /opt/android-ndk-r8e or /opt/android-ndk-r9. This can be done in a
# login script. If ANDROID_NDK_ROOT is not specified, the script will
# try to pick it up with the value of _ANDROID_NDK_ROOT below. If
# ANDROID_NDK_ROOT is set, then the value is ignored.
# _ANDROID_NDK="android-ndk-r8e"
_ANDROID_NDK="android-ndk-r18b"
# _ANDROID_NDK="android-ndk-r10"

# Set _ANDROID_EABI to the EABI you want to use. You can find the
# list in $ANDROID_NDK_ROOT/toolchains. This value is always used.
# _ANDROID_EABI="x86-4.6"
# _ANDROID_EABI="arm-linux-androideabi-4.6"
#_ANDROID_EABI="arm-linux-androideabi-4.9"
_ANDROID_EABI="aarch64-linux-android-4.9"

# Set _ANDROID_ARCH to the architecture you are building for.
# This value is always used.
# _ANDROID_ARCH=arch-arm64
_ANDROID_ARCH=arch-arm64

# Set _ANDROID_API to the API you want to use. You should set it
# to one of: android-14, android-9, android-8, android-14, android-5
# android-4, or android-3. You can't set it to the latest (for
# example, API-17) because the NDK does not supply the platform. At
# Android 5.0, there will likely be another platform added (android-22?).
# This value is always used.
# _ANDROID_API="android-14"
_ANDROID_API="android-23"
# _ANDROID_API="android-19"

#####################################################################

# If the user did not specify the NDK location, try and pick it up.
# We expect something like ANDROID_NDK_ROOT=/opt/android-ndk-r8e
# or ANDROID_NDK_ROOT=/usr/local/android-ndk-r8e.

if [ -z "$ANDROID_NDK_ROOT" ]; then

  _ANDROID_NDK_ROOT=""
  if [ -z "$_ANDROID_NDK_ROOT" ] && [ -d "/usr/local/$_ANDROID_NDK" ]; then
    _ANDROID_NDK_ROOT="/usr/local/$_ANDROID_NDK"
  fi

  if [ -z "$_ANDROID_NDK_ROOT" ] && [ -d "/opt/$_ANDROID_NDK" ]; then
    _ANDROID_NDK_ROOT="/opt/$_ANDROID_NDK"
  fi

  if [ -z "$_ANDROID_NDK_ROOT" ] && [ -d "$HOME/$_ANDROID_NDK" ]; then
    _ANDROID_NDK_ROOT="$HOME/$_ANDROID_NDK"
  fi

  if [ -z "$_ANDROID_NDK_ROOT" ] && [ -d "$PWD/$_ANDROID_NDK" ]; then
    _ANDROID_NDK_ROOT="$PWD/$_ANDROID_NDK"
  fi

  # If a path was set, then export it
  if [ ! -z "$_ANDROID_NDK_ROOT" ] && [ -d "$_ANDROID_NDK_ROOT" ]; then
    export ANDROID_NDK_ROOT="$_ANDROID_NDK_ROOT"
  fi
fi

# Error checking
# ANDROID_NDK_ROOT should always be set by the user (even when not running this script)
# http://groups.google.com/group/android-ndk/browse_thread/thread/a998e139aca71d77
if [ -z "$ANDROID_NDK_ROOT" ] || [ ! -d "$ANDROID_NDK_ROOT" ]; then
  echo "Error: ANDROID_NDK_ROOT is not a valid path. Please edit this script."
  # echo "$ANDROID_NDK_ROOT"
  # exit 1
fi

# Error checking
if [ ! -d "$ANDROID_NDK_ROOT/toolchains" ]; then
  echo "Error: ANDROID_NDK_ROOT/toolchains is not a valid path. Please edit this script."
  # echo "$ANDROID_NDK_ROOT/toolchains"
  # exit 1
fi

# Error checking
if [ ! -d "$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI" ]; then
  echo "Error: ANDROID_EABI is not a valid path. Please edit this script."
  # echo "$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI"
  # exit 1
fi

#####################################################################

# Based on ANDROID_NDK_ROOT, try and pick up the required toolchain. We expect something like:
# /opt/android-ndk-r83/toolchains/arm-linux-androideabi-4.7/prebuilt/linux-x86_64/bin
# Once we locate the toolchain, we add it to the PATH. Note: this is the 'hard way' of
# doing things according to the NDK documentation for Ice Cream Sandwich.
# https://android.googlesource.com/platform/ndk/+/ics-mr0/docs/STANDALONE-TOOLCHAIN.html

ANDROID_TOOLCHAIN=""
for host in "linux-x86_64" "linux-x86" "darwin-x86_64" "darwin-x86"
do
  if [ -d "$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI/prebuilt/$host/bin" ]; then
    ANDROID_TOOLCHAIN="$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI/prebuilt/$host/bin"
    break
  fi
done

# Error checking
if [ -z "$ANDROID_TOOLCHAIN" ] || [ ! -d "$ANDROID_TOOLCHAIN" ]; then
  echo "Error: ANDROID_TOOLCHAIN is not valid. Please edit this script."
  # echo "$ANDROID_TOOLCHAIN"
  # exit 1
fi

case $_ANDROID_ARCH in
    arch-arm)     
      ANDROID_TOOLS="arm-linux-androideabi-gcc arm-linux-androideabi-ranlib arm-linux-androideabi-ld"
    ;;
    arch-arm64)
    ANDROID_TOOLS="aarch64-linux-android-gcc aarch64-linux-android-ranlib aarch64-linux-android-ld"
      ;;
    arch-x86)     
      ANDROID_TOOLS="i686-linux-android-gcc i686-linux-android-ranlib i686-linux-android-ld"
      ;;      
    *)
      echo "ERROR ERROR ERROR"
      ;;
esac

for tool in $ANDROID_TOOLS
do
  # Error checking
  if [ ! -e "$ANDROID_TOOLCHAIN/$tool" ]; then
    echo "Error: Failed to find $tool. Please edit this script."
    # echo "$ANDROID_TOOLCHAIN/$tool"
    # exit 1
  fi
done

# Only modify/export PATH if ANDROID_TOOLCHAIN good
if [ ! -z "$ANDROID_TOOLCHAIN" ]; then
  export ANDROID_TOOLCHAIN="$ANDROID_TOOLCHAIN"
  export PATH="$ANDROID_TOOLCHAIN":"$PATH"
fi

#####################################################################

# For the Android SYSROOT. Can be used on the command line with --sysroot
# https://android.googlesource.com/platform/ndk/+/ics-mr0/docs/STANDALONE-TOOLCHAIN.html
export ANDROID_SYSROOT="$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH"
export CROSS_SYSROOT="$ANDROID_SYSROOT"
export NDK_SYSROOT="$ANDROID_SYSROOT"

# Error checking
if [ -z "$ANDROID_SYSROOT" ] || [ ! -d "$ANDROID_SYSROOT" ]; then
  echo "Error: ANDROID_SYSROOT is not valid. Please edit this script."
  # echo "$ANDROID_SYSROOT"
  # exit 1
fi

#####################################################################

# If the user did not specify the FIPS_SIG location, try and pick it up
# If the user specified a bad location, then try and pick it up too.
if [ -z "$FIPS_SIG" ] || [ ! -e "$FIPS_SIG" ]; then

  # Try and locate it
  _FIPS_SIG=""
  if [ -d "/usr/local/ssl/$_ANDROID_API" ]; then
    _FIPS_SIG=`find "/usr/local/ssl/$_ANDROID_API" -name incore`
  fi

  if [ ! -e "$_FIPS_SIG" ]; then
    _FIPS_SIG=`find $PWD -name incore`
  fi

  # If a path was set, then export it
  if [ ! -z "$_FIPS_SIG" ] && [ -e "$_FIPS_SIG" ]; then
    export FIPS_SIG="$_FIPS_SIG"
  fi
fi

# Error checking. Its OK to ignore this if you are *not* building for FIPS
if [ -z "$FIPS_SIG" ] || [ ! -e "$FIPS_SIG" ]; then
  echo "Error: FIPS_SIG does not specify incore module. Please edit this script."
  # echo "$FIPS_SIG"
  # exit 1
fi

#####################################################################

# Most of these should be OK (MACHINE, SYSTEM, ARCH). RELEASE is ignored.
export MACHINE=aarch64
export RELEASE=2.6.37
export SYSTEM=android
export ARCH=aarch64
export CROSS_COMPILE="aarch64-linux-android-"

if [ "$_ANDROID_ARCH" == "arch-x86" ]; then
    export MACHINE=i686
    export RELEASE=2.6.37
    export SYSTEM=android
    export ARCH=x86
    export CROSS_COMPILE="i686-linux-android-"
fi

# For the Android toolchain
# https://android.googlesource.com/platform/ndk/+/ics-mr0/docs/STANDALONE-TOOLCHAIN.html
export ANDROID_SYSROOT="$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH"
export SYSROOT="$ANDROID_SYSROOT"
export NDK_SYSROOT="$ANDROID_SYSROOT"
export ANDROID_NDK_SYSROOT="$ANDROID_SYSROOT"
export ANDROID_API="$_ANDROID_API"

# CROSS_COMPILE and ANDROID_DEV are DFW (Don't Fiddle With). Its used by OpenSSL build system.
# export CROSS_COMPILE="arm-linux-androideabi-"
export ANDROID_DEV="$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH/usr"
export HOSTCC=gcc

VERBOSE=1
if [ ! -z "$VERBOSE" ] && [ "$VERBOSE" != "0" ]; then
  echo "ANDROID_NDK_ROOT: $ANDROID_NDK_ROOT"
  echo "ANDROID_ARCH: $_ANDROID_ARCH"
  echo "ANDROID_EABI: $_ANDROID_EABI"
  echo "ANDROID_API: $ANDROID_API"
  echo "ANDROID_SYSROOT: $ANDROID_SYSROOT"
  echo "ANDROID_TOOLCHAIN: $ANDROID_TOOLCHAIN"
  echo "FIPS_SIG: $FIPS_SIG"
  echo "CROSS_COMPILE: $CROSS_COMPILE"
  echo "ANDROID_DEV: $ANDROID_DEV"
fi

2.4 setenv-reset.sh

#!/bin/bash
#
# reset vars from other platforms
#

unset MACHINE
unset SYSTEM
unset CROSS_COMPILE
unset CROSS_COMPILE_SUFFIX
unset HOSTCC
unset FIPS_SIG
unset INSTALL_PREFIX
unset cross_arch

PATH=/usr/bin:$PATH

交叉编译OpenSSL FIPS版本
一、Build 32 1.1 buildopenssl.sh 1.2 buildfips.sh 1.3 seten...
centos7.6升级openssl和openssh
系统加固列表文档 1、 openssl 当前版本：OpenSSL 1.0.2k-fips 升级后的版本：OpenS...
openssl升级
查看当前openssl版本：或者进入openssl命令行：当前版本为1.0.2k-fips，希望升级到1.1....
交叉编译OpenSSL和paho.mqtt.c
交叉编译OpenSSL 下载源码官网下载最OpenSSL V1.1.0 交叉编译参数解析：具体信息请参看工...
交叉编译OpenSSL和paho.mqtt.c
网络转载，侵权请联系删除一、交叉编译OpenSSL 下载源码官网下载最OpenSSL V1.1.0 交叉编译...
项目实战-广域网智能家居-把mosquitto移植到arm上
Mosquitto库依赖libuuid和openssl库，所以我们在交叉编译Mosquitto之前需要先交叉编译他...
debian 交叉编译 openssl
使用上次编译的交叉编译工具链来编译openssl如果没建立交叉编译环境的先阅读:编译工具链子制作神器 – cro...
交叉编译openssl for arm-linux-androi
交叉编译openssl for arm-linux-androideabi-gcc工具链 1、编译出错问题在Ub...
交叉编译openssl for arm-linux-androi
交叉编译openssl for arm-linux-androideabi-gcc工具链 1、编译出错问题在Ub...
OpenSSL：生成 pfx 证书
OpenSSL 下载地址：源码，自行编译 Windows 版本打开 OpenSSL 右键 powershell...

交叉编译OpenSSL FIPS版本

一、Build 32

1.1 buildopenssl.sh

1.2 buildfips.sh

1.3 setenv-android.sh

1.4 setenv-reset.sh

二、Build 64

2.1 buildopenssl64.sh

2.2 buildfips64.sh

2.3 setenv-android64.sh

2.4 setenv-reset.sh

相关文章

交叉编译OpenSSL FIPS版本

centos7.6升级openssl和openssh

openssl升级

交叉编译OpenSSL和paho.mqtt.c

交叉编译OpenSSL和paho.mqtt.c

项目实战-广域网智能家居-把mosquitto移植到arm上

debian 交叉编译 openssl

交叉编译openssl for arm-linux-androi

交叉编译openssl for arm-linux-androi

OpenSSL：生成 pfx 证书

网友评论

延伸阅读

深度阅读

栏目导航

热点阅读