Hello,
I am following the guide at :
https://source.codeaurora.org/external/imxsupport/imx_sec_apps/tree/enhanced-openssl/README.md
It is all good up to the point :
### To install library:
cd securekey_lib
make
when I try this, I get these errors :
cc1: error: /include: No such file or directory [-Werror=missing-include-dirs]
cc1: error: /include: No such file or directory [-Werror=missing-include-dirs]
src/securekey.c:10:10: fatal error: tee_client_api.h: No such file or directory
#include <tee_client_api.h>
^~~~~~~~~~~~~~~~~~
what does that "error: /include No such file or directory" refer to?
I checked the Makefile and added exported definition of CURDIR.
is there anything else needed to define that is not in stated in the Readme instructions ?
I am sure OPTEE_CLIENT_EXPORT is set correctly.
In general I can build correctly other OP-TEE examples apps.
thank you
I have also fallen into the NXP "trap" using enhanced-openssl, saw it in the Video but then it is hell to get parts to compile. But now that I get exactly the same c-code compile errors that you others have. How can any of this ever been used? Passing in a char instead of a pointer e.g - how can that ever have worked? And then the set_verify() lacking the second callback function parameter.
Even if i get this all working eventually it seems just be a proof of concept but we wanted it for production.
checked the history of ec.h at
and method has always been with these parameters, since the very beginning :
original reference to this topic is on application note AN12632 at :
I have solved some problems adapting symbol definitions in the Makefile.
Now I got the securekeylib compiled but I am stuck compiling the
secureobj_openssl_engine
It's the last step stated at https://source.codeaurora.org/external/imxsupport/imx_sec_apps/tree/enhanced-openssl/README.md
eng_secure_obj.c: In function ‘bind’:
eng_secure_obj.c:819:2: error: too few arguments to function ‘EC_KEY_METHOD_set_verify’
EC_KEY_METHOD_set_verify(secureobj_ec, secure_obj_ec_verify_sig);
I get :
^~~~~~~~~~~~~~~~~~~~~~~~
In file included from /home/develop/openssl/1.1.1b-r0/image/usr/include//openssl/engine.h:22,
from eng_secure_obj.c:16:
/home/develop/openssl/1.1.1b-r0/image/usr/include//openssl/ec.h:1312:6: note: declared here
void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
I am using the imx bsp 4.9.35 rather than what is stated in the readme where they use
4.14.98-2.0.0
could this be the cause of the problem ?
Hello,
I stuck in a similar way of Antonio but
I'm using exactly the same version described in the readme:
https://source.codeaurora.org/external/imxsupport/imx_sec_apps/tree/enhanced-openssl/README.md so:
- IMX BSP version imx-4.14.98-2.0.0_ga
- openssl 1.0.2p-r0
and secureobj_openssl_engine give errors when compiling:
main problem is secure_obj_ec_sign() and secure_obj_ec_verify_sig() have different number of parameter rather then the function pointer prototype described in the ecdsa.h header in the openssl library.
from ecdsa.h:
void ECDSA_METHOD_set_sign(
ECDSA_METHOD *ecdsa_method,
ECDSA_SIG *(*ecdsa_do_sign (const unsigned char
*dgst, int dgst_len,
const BIGNUM *inv,
const BIGNUM *rp,
EC_KEY *eckey)
);
void ECDSA_METHOD_set_verify(
ECDSA_METHOD *ecdsa_method,
int (*ecdsa_do_verify) (const unsigned char
*dgst, int dgst_len,
const ECDSA_SIG *sig,
EC_KEY *eckey)
);
from the eng_secure_obj.c:
static int secure_obj_ec_sign (
int type, const unsigned char *dgst,
int dlen, unsigned char *sig,
unsigned int *siglen,
const BIGNUM *kinv, const BIGNUM *r,
EC_KEY *eckey
)
static int secure_obj_ec_verify_sig(
int type,
const unsigned char *dgst,
int dgst_len,
const unsigned char *sigbuf,
int sig_len,
EC_KEY *eckey
)
So functions paramenters don't mach....
What are exactly the condicion where the openssl engine is build?
In attachment the compiler output:
| Building Secure Object OpenSSL Engine App
| aarch64-poky-linux-gcc --sysroot=/opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot -I/opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/include -o app/sobj_eng_app app/sobj_eng_app.c -L -lssl -lcrypto
| eng_secure_obj.c: In function 'secure_obj_ec_verify_sig':
| eng_secure_obj.c:345:27: warning: passing argument 2 of 'ECDSA_verify' makes pointer from integer without a cast [-Wint-conversion]
| ret = ECDSA_verify(type, *dgst, dgst_len, *sigbuf,
| ^
| In file included from /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/engine.h:89:0,
| from eng_secure_obj.c:16:
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/ecdsa.h:221:5: note: expected 'const unsigned char *' but argument is of type 'unsigned char'
| int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
| ^~~~~~~~~~~~
| eng_secure_obj.c:345:44: warning: passing argument 4 of 'ECDSA_verify' makes pointer from integer without a cast [-Wint-conversion]
| ret = ECDSA_verify(type, *dgst, dgst_len, *sigbuf,
| ^
| In file included from /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/engine.h:89:0,
| from eng_secure_obj.c:16:
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/ecdsa.h:221:5: note: expected 'const unsigned char *' but argument is of type 'unsigned char'
| int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
| ^~~~~~~~~~~~
| eng_secure_obj.c: In function 'bind':
| eng_secure_obj.c:763:38: warning: passing argument 2 of 'ECDSA_METHOD_set_sign' from incompatible pointer type [-Wincompatible-pointer-types]
| ECDSA_METHOD_set_sign(secureobj_ec, secure_obj_ec_sign);
| ^~~~~~~~~~~~~~~~~~
| In file included from /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/engine.h:89:0,
| from eng_secure_obj.c:16:
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/ecdsa.h:262:6: note: expected 'ECDSA_SIG * (*)(const unsigned char *, int, const BIGNUM *, const BIGNUM *, EC_KEY *) {aka struct ECDSA_SIG_st * (*)(const unsigned char *, int, const struct bignum_st *, const struct bignum_st *, struct ec_key_st *)}' but argument is of type 'int (*)(int, const unsigned char *, int, unsigned char *, unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) {aka int (*)(int, const unsigned char *, int, unsigned char *, unsigned int *, const struct bignum_st *, const struct bignum_st *, struct ec_key_st *)}'
| void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method,
| ^~~~~~~~~~~~~~~~~~~~~
| eng_secure_obj.c:765:40: warning: passing argument 2 of 'ECDSA_METHOD_set_verify' from incompatible pointer type [-Wincompatible-pointer-types]
| /(secureobj_ec, secure_obj_ec_verify_sig);
| ^~~~~~~~~~~~~~~~~~~~~~~~
| In file included from /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/engine.h:89:0,
| from eng_secure_obj.c:16:
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/ecdsa.h:285:6: note: expected 'int (*)(const unsigned char *, int, const ECDSA_SIG *, EC_KEY *) {aka int (*)(const unsigned char *, int, const struct ECDSA_SIG_st *, struct ec_key_st *)}' but argument is of type 'int (*)(int, const unsigned char *, int, const unsigned char *, int, EC_KEY *) {aka int (*)(int, const unsigned char *, int, const unsigned char *, int, struct ec_key_st *)}'
| void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method,
| ^~~~~~~~~~~~~~~~~~~~~~~
| aarch64-poky-linux-gcc --sysroot=/opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot -shared -fPIC -o libeng_secure_obj.so *.o -lpthread -L -lcrypto -L../SecureKey_Lib/out/securekey_lib -lsecure_obj
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot-native/usr/bin/aarch64-poky-linux/../../libexec/aarch64-poky-linux/gcc/aarch64-poky-linux/7.3.0/ld: cannot find -lsecure_obj
| collect2: error: ld returned 1 exit status
| Makefile:8: recipe for target 'engine' failed
| make: *** [engine] Error 1
| ERROR: oe_runmake failed
| WARNING: exit code 1 from a shell command.
| ERROR: Function failed: do_compile (log file is located at /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/temp/log.do_compile.407)
ERROR: Task (/opt/kas/imx-linux-sumo/sources/meta-teox/recipes-security/optee-imx/securestorage-ta.bb:do_compile) failed with exit code '1'
Hi,
Please see also: https://www.nxp.com/docs/en/application-note/AN12838.pdf. Depending on your use-case, it can be a good option.
Regards,
Andreea