Cross-Compiling w/ FIPS Support from Linux to Windows

Bradley Gannon bradley at
Tue Mar 9 00:48:06 UTC 2021

Hi there:

I'm trying to cross-compile FIPS-capable OpenSSL from Linux to Windows.
I already have a working native Linux build system, and I want to
extend it to support Windows targets without standing up a new host.

My cross-compile process follows the FOM User Guide to the best of my

export MACHINE="MINGW64"
export SYSTEM="mingw64"
export CROSS_COMPILE="x86_64-w64-mingw32-"
export HOSTCC="gcc"
export FIPS_SIG="${FIPS_HOME}/src/util/msincore"

# build FIPS Object Module
cd ${FIPS_HOME}/src
make install

# build OpenSSL
cd ${OPENSSL_HOME}/src
./config fips --prefix=${OPENSSL_FIPS} --with-fipsdir=${OPENSSL_FIPS}
make depend
make install

`FIPS_HOME`, `OPENSSL_HOME`, and `OPENSSL_FIPS` are the locations of
the FOM source tree, the OpenSSL source tree, and the output directory,

The first failure occurs during the FOM `make install` step. The error

cp: cannot stat 'fips_standalone_sha1': No such file or directory

It turns out that the build steps I've written above produce
`fips_standalone_sha1.exe`, which `make install` can't find. That's a
problem for me, because I know it's against the FIPS certification to
modify anything in the work area, but I can't seem to proceed without
changing that file name.

Just to expose another issue let me violate the certification
temporarily to bypass the problem. When I insert this command before
`make install`:

mv ./fips/fips_standalone_sha1.exe ./fips/fips_standalone_sha1

the build continues through the FOM and into OpenSSL. In fact, it seems
to get either nearly or completely through `make` before failing at the
incore digest step:

no fipstx section at ${FIPS_HOME}/src/util/msincore line 132.

This seems to indicate that `msincore` is not getting the kind of
executable it expects, but I'm not sure how to resolve that. I can't
turn up anything interesting on the Web, since most cross-compilation
discussions seem to target Android or iOS. If anyone has any guidance,
I'd appreciate it.

Thank you,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the openssl-users mailing list