Hello Steve. Thank you very much for your quick response. I have tried different approaches to build FIPS module, according to the testing instructions of iOS 7.1 and iOS 8.1. Unfortunately I failed for all the FIPS packages for iOS >= 7, i.e., openssl-fips-2.0.8.tar, openssl-fips-2.0.9.tar, openssl-fips-2.0.10.tar, openssl-fips-2.0.11.tar. Apple Mac OS has been automatically updated to the new version. I failed to recover it to the old version. ************************************************** $ uname -a Darwin Honeycrisp.local 15.0.0 Darwin Kernel Version 15.0.0: Sat Sep 19 15:53:46 PDT 2015; root:xnu-3247.10.11~1/RELEASE_X86_64 x86_64 $ clang -v Apple LLVM version 7.0.0 (clang-700.1.76) Target: x86_64-apple-darwin15.0.0 Thread model: posix $ ls /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs iPhoneOS.sdk iPhoneOS6.1.sdk iPhoneOS7.1.sdk iPhoneOS9.1.sdk ************************************************** I reports the building issues below: ************************************************** (1) For iOS 7.1, http://openssl.com/testing/validation-2.0/platforms/ios-7.1/TestingInstructions-iOS-7.1.pdf (1a) Correct results in Section 4.3 Compilation of "incore_macho" Utility $ tar zxf openssl-fips-2.0.8.tar $ cd openssl-fips-2.0.8 $ tar zxvf ../ios64?incore.tar.gz $ . ../setenv?reset.sh $ . ../setenv?darwin?i386.sh $ ./config $ make $ cd iOS $ make $ ./incore_macho usage: ./incore_macho [??debug] [?exe|?dso] executable $ lipo ?info ancore_macho Non?fat file: iOS/incore_macho is architecture: i386 $cd .. $ make clean All the above operations achieve the exactly same results as indicated by the testing guide. (1b) the errors appear in Section 4.4 Cross? compilation of FIPS module $ . ../setenv-reset.sh $ . ../setenv-ios-11.sh $ ./config $ make ld: building for iOS simulator, but linking against dylib built for OSX, file '/usr/lib/libSystem.dylib' for architecture i386 clang: error: linker command failed with exit code 1 (use -v to see invocation) (2) I met the same failures for the other 3 FIPS packages 2.0.9 -- 2.0.11 I have noticed that 2.0.10 and 2.0.11 have included iOS folders. Thus we do NOT need to extract ios64incore.tar,gz ************************************************************** If I run the following shell script in a separate folder, I can build OpenSSL generate module successfully. The built OpenSSL library works well for iOS 9 device. https://github.com/x2on/OpenSSL-for-iPhone/blob/master/build-libssl.sh I have tried many approaches from the Internet, for example, https://github.com/GotoHack/iOS-openSSL-FIPS http://stackoverflow.com/questions/1211854/xcode-conditional-build-settings-based-on-architecture-device-arm-vs-simulat http://stackoverflow.com/questions/6293298/llvm-gcc-4-2-error I still can not solve the issues. *************************************************************** I have used Beyond compare 4 to check the difference between openssl-1.0.2f/config (or Configure) and openssl-fips-2.0.11/config (or Configure). I do NOT know how to modify the setenv-ios-11.sh to generate OpenSSL FIPS module for iOS >=8 under the new Mac OS available from Apple website. Would you shed some light on how to modify the building script for iOS >=8? Thank you very much. With best regards, Winston Hong On Thu, Feb 4, 2016 at 5:35 PM, Steve Marquess <marquess at openssl.com> wrote: > On 02/04/2016 05:31 PM, Steve Marquess wrote: > > On 02/04/2016 03:19 PM, Yang Hong wrote: > >> Hello folks. > >> > >> > >> I follow the latest User Guide 2.0 to build iOS the FIPS Object Module > >> and FIPS Capable library for iOS devices (*/E.2 Apple iOS Support /*page > >> 131) > >> > >> > >> https://www.openssl.org/docs/fips/UserGuide-2.0.pdf > >> > >> > >> I got two errors below. > >> > >> ************************************************************ > >> > >> ... > > > > No iOS 7 or greater platforms have been tested yet, so this is no > > surprise. The FIPS 140-2 validation won't apply for untested versions of > > iOS anyway. > > > > If/when we test more iOS versions we'll make changes as appropriate. > > ... and I spoke (typed) too fast. The User Guide discussion of iOS is > way out of date. You'll find some relevant info for iOS 7.1, and 8.1 at: > > http://openssl.com/testing/validation-2.0/platforms/ios-7.1/ > http://openssl.com/testing/validation-2.0/platforms/ios-8.1/ > > I'll get around to updating the User Guide one of these days... > > -Steve M. > > -- > Steve Marquess > OpenSSL Validation Services, Inc. > 1829 Mount Ephraim Road > Adamstown, MD 21710 > USA > +1 877 673 6775 s/b > +1 301 874 2571 direct > marquess at openssl.com > gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160208/9d92560c/attachment-0001.html>
