[openssl-users] Building OpenSSL Library on ARM Cortex M4 based STM32F4 controller in an RTOS environment

Steve Marquess marquess at openssl.com
Tue Sep 20 11:14:50 UTC 2016

On 09/20/2016 12:22 AM, Jinu Jayachandran wrote:
> Hi,
> I am looking at the feasibility of developing an embedded Bluetooth
> application with OpenSSL-FIPS support on STM32F407 microcontroller(which
> is ARM Cortex M4 based). The application doesn't run on generic OS like
> Linux, Windows or android but it runs on CMSIS-RTX RTOS. I am using Keil
> in Windows as the developing environment with the built in armc compiler
> (armcc) for compilation.
> During my analysis I found the OpenSSL wiki which explains how to build
> and install OpenSSL library: Compilation and Installation
> <https://wiki.openssl.org/index.php/Compilation_and_Installation>.
> In the page although there is a section for compilation for ARM
> platform, there is no description on how to do it.
> I have also gone through the following link on compiling with ARM
> How To Build OpenSSL for ARM
> <http://how-to-build-for-arm.wikispaces.com/openssl?responseToken=08950c74d64853fbf5d76acb5a751878c>
> But the compiler specified here is GCC.
> My queries for OpenSSL-FIPS support are the following
> 1.    Is there a library available which can used in the mentioned
> platform ?
> 2.    Is it possible to port OpenSSL to ARM Cortex M4 platform with an
> RTOS?. To be more specific is it possible to port it to STM32F407 with
> 3.    If it is possible, where should I start and how much complex is it?.
> 4.    If I compile the OpenSSL library in GCC compiler and use it in a
> armc compiled application will it work ? (I have a feeling that it won't)
> 5.    Which other SSL libraries can I use with the embedded software ? 

Unfortunately these questions are all moot for the OpenSSL FIPS module.
The only reason to use the FIPS module is to satisfy FIPS 140-2
requirements (usually within the U.S. DoD and Federal government). Use
of the module on a non-validated platform, such as yours, will *not*
satisfy those requirements.

It should be possible to have your platform (RTOS on ARM) added to one
of the validations, but that will cost time and money. But, until and if
that is done stock OpenSSL will achieve the same level of FIPS 140-2
righteousness (i.e., none).

-Steve M.

Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc

More information about the openssl-users mailing list