S Coleman
2014-09-26 21:41:11 UTC
I'm trying to get a OpenSSL/FIPS build forking on the **IOS simulator**.
Every combination I've tried gives wither compile/link errors, or when it
does build I get a FIPS signature mismatch (and I've tried many, many
permutations of scripts and combinations of settings).
Here's the latest configuration I'm using:
Tool Set:
XCODE V 5 .1
SDK Version 7.1
For the FIPS module I'm using a script based on Appendix E of the Users
Manual
For the OpenSSL build I'm using a script based on
https://github.com/x2on/OpenSSL-for-iPhone
FIPS module build script:
-------------------
gunzip openssl-fips-2.0.1.tar.gz
tar xf openssl-fips-2.0.1.tar
. setenv-reset.sh
. setenv-darwin-i386.sh
gunzip ios-incore-2.0.1.tar.gz
tar xf ios-incore-2.0.1.tar
cd openssl-fips-2.0.1
./config fipscanisterbuild
make
cd ios
make
cp ./incore_macho /usr/local/bin
cd ..
make clean
rm -f *.dylib
. ../setenv-reset.sh
. ../setenv-ios-11.sh
./config fipscanisterbuild
make
make install
Here are the Enviornment Variables
=========================
MACHINE = i386
RELEASE =
SYSTEM = iphoneos
BUILD = build
CROSS_TOP =
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer
CROSS_SDK = iPhoneSimulator7.1.sdk
BUILD_TOOLS =
CC =
CROSS_TYPE = Simulator
CROSS_CHAIN =
C_INCLUDE_PATH =
CPLUS_INCLUDE_PATH =
HOSTCC = /usr/bin/cc
HOSTCFLAGS = -arch i386
CROSS_COMPILE =
/Users/scoleman/dev/IOSFipsBuilds/iosFIPSUsersManual/dev925/openssl-fips-2.0.1/iOS/
FIPS_SIG =
/Users/scoleman/dev/IOSFipsBuilds/iosFIPSUsersManual/dev925/openssl-fips-2.0.1/iOS/incore_macho
IOS_TARGET = darwin-iphoneos-cross
IOS_INSTALLDIR = /usr/local/ssl/Release-iphoneos
CONFIG_OPTIONS = no-asm no-shared
--openssldir=/usr/local/ssl/Release-iphoneos
CROSS_ARCH =
CROSS_DEVELOPER = /Applications//Xcode.app/Contents/Developer
CROSS_SYSROOT =
IOS_TARGET =
Openssl module build script
----------------------
VERSION="1.0.1i" #
SDKVERSION=`xcrun -sdk iphoneos --show-sdk-version` #
# Don't change anything under this line! #
CURRENTPATH=`pwd`
//ARCHS="i386 x86_64 armv7 armv7s arm64"
ARCHS="i386"
DEVELOPER=`xcode-select -print-path`
mkdir -p "${CURRENTPATH}/src"
mkdir -p "${CURRENTPATH}/bin"
mkdir -p "${CURRENTPATH}/lib"
tar zxf openssl-${VERSION}.tar.gz -C "${CURRENTPATH}/src"
cd "${CURRENTPATH}/src/openssl-${VERSION}"
for ARCH in ${ARCHS}
do
if [[ "${ARCH}" == "i386" || "${ARCH}" == "x86_64" ]];
then
PLATFORM="iPhoneSimulator"
else
sed -ie "s!static volatile sig_atomic_t intr_signal;!static volatile
intr_signal;!" "crypto/ui/ui_openssl.c"
PLATFORM="iPhoneOS"
fi
export CROSS_TOP="${DEVELOPER}/Platforms/${PLATFORM}.platform/Developer"
export CROSS_SDK="${PLATFORM}${SDKVERSION}.sdk"
export BUILD_TOOLS="${DEVELOPER}"
export CC="${BUILD_TOOLS}/usr/bin/gcc -arch ${ARCH}"
mkdir -p "${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk"
LOG="${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk/build-openssl-${VERSION}.log"
set +e
if [[ "$VERSION" =~ 1.0.0. ]]; then
./Configure BSD-generic32
--openssldir="${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk" >
"${LOG}" 2>&1
elif [ "${ARCH}" == "x86_64" ]; then
./Configure darwin64-x86_64-cc
--openssldir="${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk" >
"${LOG}" 2>&1
else
# - original line: ./Configure iphoneos-cross
--openssldir="${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk" >
"${LOG}" 2>&1
## this line was changed to add fips
--with-fipsdir=/usr/local/ssl/Release-iphoneos
./Configure iphoneos-cross
--openssldir="${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk" fips
--with-fipsdir=/usr/local/ssl/Release-iphoneos > "${LOG}" 2>&1
fi
if [ $? != 0 ];
then
echo "Problem while configure - Please check ${LOG}"
exit 1
fi
# add -isysroot to CC=
sed -ie "s!^CFLAG=!CFLAG=-isysroot ${CROSS_TOP}/SDKs/${CROSS_SDK}
-miphoneos-version-min=7.0 !" "Makefile"
echo "PLATFORM = $PLATFORM"
echo "CROSS_TOP = $CROSS_TOP"
echo "CROSS_SDK = $CROSS_SDK"
echo "BUILD_TOOLS = $BUILD_TOOLS"
echo "-isysroot ${CROSS_TOP}/SDKs/${CROSS_SDK}"
echo "CC = $CC"
make >> "${LOG}" 2>&1
set -e
make install >> "${LOG}" 2>&1
make clean >> "${LOG}" 2>&1
done
echo "Build library..."
lipo -create
${CURRENTPATH}/bin/iPhoneSimulator${SDKVERSION}-i386.sdk/lib/libssl.a
-output ${CURRENTPATH}/lib/libssl.a
lipo -create
${CURRENTPATH}/bin/iPhoneSimulator${SDKVERSION}-i386.sdk/lib/libcrypto.a
-output ${CURRENTPATH}/lib/libcrypto.a
mkdir -p ${CURRENTPATH}/include
cp -R
${CURRENTPATH}/bin/iPhoneSimulator${SDKVERSION}-i386.sdk/include/openssl
${CURRENTPATH}/include/
echo "Building done."
echo "Cleaning up..."
rm -rf ${CURRENTPATH}/src/openssl-${VERSION}
echo "Done."
Here are the Environment Variables:
--------------------------
PLATFORM = iPhoneSimulator
CROSS_TOP =
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer
CROSS_SDK = iPhoneSimulator7.1.sdk
BUILD_TOOLS = /Applications/Xcode.app/Contents/Developer
-isysroot
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.1.sdk
CC = /Applications/Xcode.app/Contents/Developer/usr/bin/gcc -arch i386
Every combination I've tried gives wither compile/link errors, or when it
does build I get a FIPS signature mismatch (and I've tried many, many
permutations of scripts and combinations of settings).
Here's the latest configuration I'm using:
Tool Set:
XCODE V 5 .1
SDK Version 7.1
For the FIPS module I'm using a script based on Appendix E of the Users
Manual
For the OpenSSL build I'm using a script based on
https://github.com/x2on/OpenSSL-for-iPhone
FIPS module build script:
-------------------
gunzip openssl-fips-2.0.1.tar.gz
tar xf openssl-fips-2.0.1.tar
. setenv-reset.sh
. setenv-darwin-i386.sh
gunzip ios-incore-2.0.1.tar.gz
tar xf ios-incore-2.0.1.tar
cd openssl-fips-2.0.1
./config fipscanisterbuild
make
cd ios
make
cp ./incore_macho /usr/local/bin
cd ..
make clean
rm -f *.dylib
. ../setenv-reset.sh
. ../setenv-ios-11.sh
./config fipscanisterbuild
make
make install
Here are the Enviornment Variables
=========================
MACHINE = i386
RELEASE =
SYSTEM = iphoneos
BUILD = build
CROSS_TOP =
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer
CROSS_SDK = iPhoneSimulator7.1.sdk
BUILD_TOOLS =
CC =
CROSS_TYPE = Simulator
CROSS_CHAIN =
C_INCLUDE_PATH =
CPLUS_INCLUDE_PATH =
HOSTCC = /usr/bin/cc
HOSTCFLAGS = -arch i386
CROSS_COMPILE =
/Users/scoleman/dev/IOSFipsBuilds/iosFIPSUsersManual/dev925/openssl-fips-2.0.1/iOS/
FIPS_SIG =
/Users/scoleman/dev/IOSFipsBuilds/iosFIPSUsersManual/dev925/openssl-fips-2.0.1/iOS/incore_macho
IOS_TARGET = darwin-iphoneos-cross
IOS_INSTALLDIR = /usr/local/ssl/Release-iphoneos
CONFIG_OPTIONS = no-asm no-shared
--openssldir=/usr/local/ssl/Release-iphoneos
CROSS_ARCH =
CROSS_DEVELOPER = /Applications//Xcode.app/Contents/Developer
CROSS_SYSROOT =
IOS_TARGET =
Openssl module build script
----------------------
VERSION="1.0.1i" #
SDKVERSION=`xcrun -sdk iphoneos --show-sdk-version` #
# Don't change anything under this line! #
CURRENTPATH=`pwd`
//ARCHS="i386 x86_64 armv7 armv7s arm64"
ARCHS="i386"
DEVELOPER=`xcode-select -print-path`
mkdir -p "${CURRENTPATH}/src"
mkdir -p "${CURRENTPATH}/bin"
mkdir -p "${CURRENTPATH}/lib"
tar zxf openssl-${VERSION}.tar.gz -C "${CURRENTPATH}/src"
cd "${CURRENTPATH}/src/openssl-${VERSION}"
for ARCH in ${ARCHS}
do
if [[ "${ARCH}" == "i386" || "${ARCH}" == "x86_64" ]];
then
PLATFORM="iPhoneSimulator"
else
sed -ie "s!static volatile sig_atomic_t intr_signal;!static volatile
intr_signal;!" "crypto/ui/ui_openssl.c"
PLATFORM="iPhoneOS"
fi
export CROSS_TOP="${DEVELOPER}/Platforms/${PLATFORM}.platform/Developer"
export CROSS_SDK="${PLATFORM}${SDKVERSION}.sdk"
export BUILD_TOOLS="${DEVELOPER}"
export CC="${BUILD_TOOLS}/usr/bin/gcc -arch ${ARCH}"
mkdir -p "${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk"
LOG="${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk/build-openssl-${VERSION}.log"
set +e
if [[ "$VERSION" =~ 1.0.0. ]]; then
./Configure BSD-generic32
--openssldir="${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk" >
"${LOG}" 2>&1
elif [ "${ARCH}" == "x86_64" ]; then
./Configure darwin64-x86_64-cc
--openssldir="${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk" >
"${LOG}" 2>&1
else
# - original line: ./Configure iphoneos-cross
--openssldir="${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk" >
"${LOG}" 2>&1
## this line was changed to add fips
--with-fipsdir=/usr/local/ssl/Release-iphoneos
./Configure iphoneos-cross
--openssldir="${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk" fips
--with-fipsdir=/usr/local/ssl/Release-iphoneos > "${LOG}" 2>&1
fi
if [ $? != 0 ];
then
echo "Problem while configure - Please check ${LOG}"
exit 1
fi
# add -isysroot to CC=
sed -ie "s!^CFLAG=!CFLAG=-isysroot ${CROSS_TOP}/SDKs/${CROSS_SDK}
-miphoneos-version-min=7.0 !" "Makefile"
echo "PLATFORM = $PLATFORM"
echo "CROSS_TOP = $CROSS_TOP"
echo "CROSS_SDK = $CROSS_SDK"
echo "BUILD_TOOLS = $BUILD_TOOLS"
echo "-isysroot ${CROSS_TOP}/SDKs/${CROSS_SDK}"
echo "CC = $CC"
make >> "${LOG}" 2>&1
set -e
make install >> "${LOG}" 2>&1
make clean >> "${LOG}" 2>&1
done
echo "Build library..."
lipo -create
${CURRENTPATH}/bin/iPhoneSimulator${SDKVERSION}-i386.sdk/lib/libssl.a
-output ${CURRENTPATH}/lib/libssl.a
lipo -create
${CURRENTPATH}/bin/iPhoneSimulator${SDKVERSION}-i386.sdk/lib/libcrypto.a
-output ${CURRENTPATH}/lib/libcrypto.a
mkdir -p ${CURRENTPATH}/include
cp -R
${CURRENTPATH}/bin/iPhoneSimulator${SDKVERSION}-i386.sdk/include/openssl
${CURRENTPATH}/include/
echo "Building done."
echo "Cleaning up..."
rm -rf ${CURRENTPATH}/src/openssl-${VERSION}
echo "Done."
Here are the Environment Variables:
--------------------------
PLATFORM = iPhoneSimulator
CROSS_TOP =
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer
CROSS_SDK = iPhoneSimulator7.1.sdk
BUILD_TOOLS = /Applications/Xcode.app/Contents/Developer
-isysroot
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.1.sdk
CC = /Applications/Xcode.app/Contents/Developer/usr/bin/gcc -arch i386