Hello,
I am following the guide at :
https://source.codeaurora.org/external/imxsupport/imx_sec_apps/tree/enhanced-openssl/README.md
It is all good up to the point :
### To install library:
cd securekey_lib
make
when I try this, I get these errors :
cc1: error: /include: No such file or directory [-Werror=missing-include-dirs]
cc1: error: /include: No such file or directory [-Werror=missing-include-dirs]
src/securekey.c:10:10: fatal error: tee_client_api.h: No such file or directory
#include <tee_client_api.h>
^~~~~~~~~~~~~~~~~~
what does that "error: /include No such file or directory" refer to?
I checked the Makefile and added exported definition of CURDIR.
is there anything else needed to define that is not in stated in the Readme instructions ?
I am sure OPTEE_CLIENT_EXPORT is set correctly.
In general I can build correctly other OP-TEE examples apps.
thank you
I have also fallen into the NXP "trap" using enhanced-openssl, saw it in the Video but then it is hell to get parts to compile. But now that I get exactly the same c-code compile errors that you others have. How can any of this ever been used? Passing in a char instead of a pointer e.g - how can that ever have worked? And then the set_verify() lacking the second callback function parameter.
Even if i get this all working eventually it seems just be a proof of concept but we wanted it for production.
thank you, but versions I am using are more recent, so should I revert to older version ?I think we can't do that for some reasons.
checked the history of ec.h at
and method has always been with these parameters, since the very beginning :
original reference to this topic is on application note AN12632 at :
I have solved some problems adapting symbol definitions in the Makefile.
Now I got the securekeylib compiled but I am stuck compiling the
secureobj_openssl_engine
It's the last step stated at https://source.codeaurora.org/external/imxsupport/imx_sec_apps/tree/enhanced-openssl/README.md
eng_secure_obj.c: In function ‘bind’:
eng_secure_obj.c:819:2: error: too few arguments to function ‘EC_KEY_METHOD_set_verify’
EC_KEY_METHOD_set_verify(secureobj_ec, secure_obj_ec_verify_sig);
I get :
^~~~~~~~~~~~~~~~~~~~~~~~
In file included from /home/develop/openssl/1.1.1b-r0/image/usr/include//openssl/engine.h:22,
from eng_secure_obj.c:16:
/home/develop/openssl/1.1.1b-r0/image/usr/include//openssl/ec.h:1312:6: note: declared here
void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
I am using the imx bsp 4.9.35 rather than what is stated in the readme where they use
4.14.98-2.0.0
could this be the cause of the problem ?
Hello,
It is an older version, the recommendation is to use the one stated in the readme.
BR,
Ivan.
Hello,
I stuck in a similar way of Antonio but
I'm using exactly the same version described in the readme:
https://source.codeaurora.org/external/imxsupport/imx_sec_apps/tree/enhanced-openssl/README.md so:
- IMX BSP version imx-4.14.98-2.0.0_ga
- openssl 1.0.2p-r0
and secureobj_openssl_engine give errors when compiling:
main problem is secure_obj_ec_sign() and secure_obj_ec_verify_sig() have different number of parameter rather then the function pointer prototype described in the ecdsa.h header in the openssl library.
from ecdsa.h:
void ECDSA_METHOD_set_sign(
ECDSA_METHOD *ecdsa_method,
ECDSA_SIG *(*ecdsa_do_sign (const unsigned char
*dgst, int dgst_len,
const BIGNUM *inv,
const BIGNUM *rp,
EC_KEY *eckey)
);
void ECDSA_METHOD_set_verify(
ECDSA_METHOD *ecdsa_method,
int (*ecdsa_do_verify) (const unsigned char
*dgst, int dgst_len,
const ECDSA_SIG *sig,
EC_KEY *eckey)
);
from the eng_secure_obj.c:
static int secure_obj_ec_sign (
int type, const unsigned char *dgst,
int dlen, unsigned char *sig,
unsigned int *siglen,
const BIGNUM *kinv, const BIGNUM *r,
EC_KEY *eckey
)
static int secure_obj_ec_verify_sig(
int type,
const unsigned char *dgst,
int dgst_len,
const unsigned char *sigbuf,
int sig_len,
EC_KEY *eckey
)
So functions paramenters don't mach....
What are exactly the condicion where the openssl engine is build?
In attachment the compiler output:
| Building Secure Object OpenSSL Engine App
| aarch64-poky-linux-gcc --sysroot=/opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot -I/opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/include -o app/sobj_eng_app app/sobj_eng_app.c -L -lssl -lcrypto
| eng_secure_obj.c: In function 'secure_obj_ec_verify_sig':
| eng_secure_obj.c:345:27: warning: passing argument 2 of 'ECDSA_verify' makes pointer from integer without a cast [-Wint-conversion]
| ret = ECDSA_verify(type, *dgst, dgst_len, *sigbuf,
| ^
| In file included from /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/engine.h:89:0,
| from eng_secure_obj.c:16:
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/ecdsa.h:221:5: note: expected 'const unsigned char *' but argument is of type 'unsigned char'
| int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
| ^~~~~~~~~~~~
| eng_secure_obj.c:345:44: warning: passing argument 4 of 'ECDSA_verify' makes pointer from integer without a cast [-Wint-conversion]
| ret = ECDSA_verify(type, *dgst, dgst_len, *sigbuf,
| ^
| In file included from /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/engine.h:89:0,
| from eng_secure_obj.c:16:
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/ecdsa.h:221:5: note: expected 'const unsigned char *' but argument is of type 'unsigned char'
| int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
| ^~~~~~~~~~~~
| eng_secure_obj.c: In function 'bind':
| eng_secure_obj.c:763:38: warning: passing argument 2 of 'ECDSA_METHOD_set_sign' from incompatible pointer type [-Wincompatible-pointer-types]
| ECDSA_METHOD_set_sign(secureobj_ec, secure_obj_ec_sign);
| ^~~~~~~~~~~~~~~~~~
| In file included from /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/engine.h:89:0,
| from eng_secure_obj.c:16:
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/ecdsa.h:262:6: note: expected 'ECDSA_SIG * (*)(const unsigned char *, int, const BIGNUM *, const BIGNUM *, EC_KEY *) {aka struct ECDSA_SIG_st * (*)(const unsigned char *, int, const struct bignum_st *, const struct bignum_st *, struct ec_key_st *)}' but argument is of type 'int (*)(int, const unsigned char *, int, unsigned char *, unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) {aka int (*)(int, const unsigned char *, int, unsigned char *, unsigned int *, const struct bignum_st *, const struct bignum_st *, struct ec_key_st *)}'
| void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method,
| ^~~~~~~~~~~~~~~~~~~~~
| eng_secure_obj.c:765:40: warning: passing argument 2 of 'ECDSA_METHOD_set_verify' from incompatible pointer type [-Wincompatible-pointer-types]
| /(secureobj_ec, secure_obj_ec_verify_sig);
| ^~~~~~~~~~~~~~~~~~~~~~~~
| In file included from /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/engine.h:89:0,
| from eng_secure_obj.c:16:
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/ecdsa.h:285:6: note: expected 'int (*)(const unsigned char *, int, const ECDSA_SIG *, EC_KEY *) {aka int (*)(const unsigned char *, int, const struct ECDSA_SIG_st *, struct ec_key_st *)}' but argument is of type 'int (*)(int, const unsigned char *, int, const unsigned char *, int, EC_KEY *) {aka int (*)(int, const unsigned char *, int, const unsigned char *, int, struct ec_key_st *)}'
| void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method,
| ^~~~~~~~~~~~~~~~~~~~~~~
| aarch64-poky-linux-gcc --sysroot=/opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot -shared -fPIC -o libeng_secure_obj.so *.o -lpthread -L -lcrypto -L../SecureKey_Lib/out/securekey_lib -lsecure_obj
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot-native/usr/bin/aarch64-poky-linux/../../libexec/aarch64-poky-linux/gcc/aarch64-poky-linux/7.3.0/ld: cannot find -lsecure_obj
| collect2: error: ld returned 1 exit status
| Makefile:8: recipe for target 'engine' failed
| make: *** [engine] Error 1
| ERROR: oe_runmake failed
| WARNING: exit code 1 from a shell command.
| ERROR: Function failed: do_compile (log file is located at /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/temp/log.do_compile.407)
ERROR: Task (/opt/kas/imx-linux-sumo/sources/meta-teox/recipes-security/optee-imx/securestorage-ta.bb:do_compile) failed with exit code '1'
Hi,
Please see also: https://www.nxp.com/docs/en/application-note/AN12838.pdf. Depending on your use-case, it can be a good option.
Regards,
Andreea