菜鸟教程小白 发表于 2022-12-13 02:15:00

IOS 模拟器在 OS-x 上编译 FIPS/Openssl 解决方案时出现 FIPS 签名不匹配


                                            <p><p>我正在尝试在 <strong>IOS 模拟器</strong> 上获得 OpenSSL/FIPS 构建 fork 。我尝试过的每个组合都会产生编译/链接错误,或者在构建时我得到 FIPS 签名不匹配(我已经尝试了很多很多的脚本排列和设置组合)。</p>

<p>这是我正在使用的最新配置:
工具集:
    XCODE V 5 .1
    SDK 版本 7.1</p>

<p>对于 FIPS 模块,我使用的是基于用户手册附录 E 的脚本
对于 OpenSSL 构建,我使用的是基于 <a href="https://github.com/x2on/OpenSSL-for-iPhone" rel="noreferrer noopener nofollow">https://github.com/x2on/OpenSSL-for-iPhone</a> 的脚本。 </p>

<h2>FIPS 模块构建脚本:</h2>

<pre><code>gunzip openssl-fips-2.0.1.tar.gz
tar xf openssl-fips-2.0.1.tar

. setenv-reset.sh
. setenv-darwin-i386.sh

gunzip ios-incore-2.0.1.tar.gz
tar xf ios-incore-2.0.1.tar

cd openssl-fips-2.0.1
./config fipscanisterbuild

make
cd ios
make

cp ./incore_macho /usr/local/bin

cd ..

make clean
rm -f *.dylib

. ../setenv-reset.sh
. ../setenv-ios-11.sh


./config fipscanisterbuild
make
make install


Here are the Enviornment Variables
=========================
MACHINE =i386
RELEASE =
SYSTEM =iphoneos
BUILD =build
CROSS_TOP =/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer
CROSS_SDK =iPhoneSimulator7.1.sdk
BUILD_TOOLS =
CC =
CROSS_TYPE =Simulator
CROSS_CHAIN =
C_INCLUDE_PATH =
CPLUS_INCLUDE_PATH =
HOSTCC =/usr/bin/cc
HOSTCFLAGS =-arch i386
CROSS_COMPILE =/Users/scoleman/dev/IOSFipsBuilds/iosFIPSUsersManual/dev925/openssl-fips-2.0.1/iOS/
FIPS_SIG =/Users/scoleman/dev/IOSFipsBuilds/iosFIPSUsersManual/dev925/openssl-fips-2.0.1/iOS/incore_macho
IOS_TARGET =darwin-iphoneos-cross
IOS_INSTALLDIR =/usr/local/ssl/Release-iphoneos
CONFIG_OPTIONS =no-asm no-shared --openssldir=/usr/local/ssl/Release-iphoneos
CROSS_ARCH =
CROSS_DEVELOPER =/Applications//Xcode.app/Contents/Developer
CROSS_SYSROOT =
IOS_TARGET =
</code></pre>

<h2>Openssl 模块构建脚本</h2>

<pre><code>VERSION=&#34;1.0.1i&#34;                                                          #
SDKVERSION=`xcrun -sdk iphoneos --show-sdk-version`                     #

# Don&#39;t change anything under this line!                                  #


CURRENTPATH=`pwd`
//ARCHS=&#34;i386 x86_64 armv7 armv7s arm64&#34;
ARCHS=&#34;i386&#34;
DEVELOPER=`xcode-select -print-path`

mkdir -p &#34;${CURRENTPATH}/src&#34;
mkdir -p &#34;${CURRENTPATH}/bin&#34;
mkdir -p &#34;${CURRENTPATH}/lib&#34;

tar zxf openssl-${VERSION}.tar.gz -C &#34;${CURRENTPATH}/src&#34;
cd &#34;${CURRENTPATH}/src/openssl-${VERSION}&#34;


for ARCH in ${ARCHS}
do
    if [[ &#34;${ARCH}&#34; == &#34;i386&#34; || &#34;${ARCH}&#34; == &#34;x86_64&#34; ]];
    then
      PLATFORM=&#34;iPhoneSimulator&#34;
    else
      sed -ie &#34;s!static volatile sig_atomic_t intr_signal;!static volatile intr_signal;!&#34; &#34;crypto/ui/ui_openssl.c&#34;
      PLATFORM=&#34;iPhoneOS&#34;
    fi

    export CROSS_TOP=&#34;${DEVELOPER}/Platforms/${PLATFORM}.platform/Developer&#34;
    export CROSS_SDK=&#34;${PLATFORM}${SDKVERSION}.sdk&#34;
    export BUILD_TOOLS=&#34;${DEVELOPER}&#34;

    export CC=&#34;${BUILD_TOOLS}/usr/bin/gcc -arch ${ARCH}&#34;
    mkdir -p &#34;${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk&#34;
    LOG=&#34;${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk/build-openssl-${VERSION}.log&#34;

    set +e
    if [[ &#34;$VERSION&#34; =~ 1.0.0. ]]; then
      ./Configure BSD-generic32 --openssldir=&#34;${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk&#34; &gt; &#34;${LOG}&#34; 2&gt;&amp;1
    elif [ &#34;${ARCH}&#34; == &#34;x86_64&#34; ]; then
      ./Configure darwin64-x86_64-cc --openssldir=&#34;${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk&#34; &gt; &#34;${LOG}&#34; 2&gt;&amp;1
    else
            # - original line:./Configure iphoneos-cross --openssldir=&#34;${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk&#34; &gt; &#34;${LOG}&#34; 2&gt;&amp;1
      ## this line was changed to add fips --with-fipsdir=/usr/local/ssl/Release-iphoneos
      ./Configure iphoneos-cross --openssldir=&#34;${CURRENTPATH}/bin/${PLATFORM}${SDKVERSION}-${ARCH}.sdk&#34; fips --with-fipsdir=/usr/local/ssl/Release-iphoneos &gt; &#34;${LOG}&#34; 2&gt;&amp;1

    fi

    if [ $? != 0 ];
    then
      echo &#34;Problem while configure - Please check ${LOG}&#34;
      exit 1
    fi

    # add -isysroot to CC=
    sed -ie &#34;s!^CFLAG=!CFLAG=-isysroot ${CROSS_TOP}/SDKs/${CROSS_SDK} -miphoneos-version-min=7.0 !&#34; &#34;Makefile&#34;


    echo &#34;PLATFORM = $PLATFORM&#34;
    echo &#34;CROSS_TOP = $CROSS_TOP&#34;
    echo &#34;CROSS_SDK = $CROSS_SDK&#34;
    echo &#34;BUILD_TOOLS = $BUILD_TOOLS&#34;
    echo &#34;-isysroot ${CROSS_TOP}/SDKs/${CROSS_SDK}&#34;
    echo &#34;CC = $CC&#34;




      make &gt;&gt; &#34;${LOG}&#34; 2&gt;&amp;1


    set -e
    make install &gt;&gt; &#34;${LOG}&#34; 2&gt;&amp;1
    make clean &gt;&gt; &#34;${LOG}&#34; 2&gt;&amp;1
done

echo &#34;Build library...&#34;
lipo -create ${CURRENTPATH}/bin/iPhoneSimulator${SDKVERSION}-i386.sdk/lib/libssl.a-output ${CURRENTPATH}/lib/libssl.a

lipo -create ${CURRENTPATH}/bin/iPhoneSimulator${SDKVERSION}-i386.sdk/lib/libcrypto.a-output ${CURRENTPATH}/lib/libcrypto.a

mkdir -p ${CURRENTPATH}/include
cp -R ${CURRENTPATH}/bin/iPhoneSimulator${SDKVERSION}-i386.sdk/include/openssl ${CURRENTPATH}/include/
echo &#34;Building done.&#34;
echo &#34;Cleaning up...&#34;
rm -rf ${CURRENTPATH}/src/openssl-${VERSION}
echo &#34;Done.&#34;



Here are the Environment Variables:
--------------------------
PLATFORM = iPhoneSimulator
CROSS_TOP = /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer
CROSS_SDK = iPhoneSimulator7.1.sdk
BUILD_TOOLS = /Applications/Xcode.app/Contents/Developer
-isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.1.sdk
CC = /Applications/Xcode.app/Contents/Developer/usr/bin/gcc -arch i386
</code></pre></p>
                                    <br><hr><h1><strong>Best Answer-推荐答案</ strong></h1><br>
                                            <p><blockquote>
<p>I&#39;m trying to get a OpenSSL/FIPS build forking on the IOS simulator. Every combination I&#39;ve tried gives wither compile/link errors, or when it does build I get a FIPS signature mismatch (and I&#39;ve tried many, many permutations of scripts and combinations of settings).</p>
</blockquote>

<p>您好像少了一步。 <code>incore_macho</code> 对生成的二进制文件的调用在哪里?在这里,“生成的二进制文件”是您应用中的可执行文件。</p>

<p>在 OpenSSL 示例中,在 Taget 的 <strong><em>Build Phases</em></strong> 下有一个名为 <strong><em>Embed Fingerprint</em></strong> 的自定义构建步骤(它在项目级别不可用)。您可以在 <a href="https://www.openssl.org/docs/fips/UserGuide-2.0.pdf" rel="noreferrer noopener nofollow">OpenSSL User Guide 2.0 for the FIPS Object Module</a> 中找到示例, 附录 E.2。截图转载如下:</p>

<p> <img src="/image/4TT2I.png" alt="enter image description here"/> </p>

<p>您可能还会发现 <a href="https://github.com/noloader/incore_macho" rel="noreferrer noopener nofollow">this useful</a> .它是一个更新的 <code>incore_macho</code>,包括对 dylibs(用于越狱设备)和 ARM64 的支持。我很确定它包含 ARMv7s 支持。</p></p>
                                   
                                                <p style="font-size: 20px;">关于IOS 模拟器在 OS-x 上编译 FIPS/Openssl 解决方案时出现 FIPS 签名不匹配,我们在Stack Overflow上找到一个类似的问题:
                                                        <a href="https://stackoverflow.com/questions/26068600/" rel="noreferrer noopener nofollow" style="color: red;">
                                                                https://stackoverflow.com/questions/26068600/
                                                        </a>
                                                </p>
                                       
页: [1]
查看完整版本: IOS 模拟器在 OS-x 上编译 FIPS/Openssl 解决方案时出现 FIPS 签名不匹配