On 09/10/2012 10:31 AM, Taraniteja Vishwanatha wrote:
> I have moved the iOS directory to one level above and I am able to generate
> the 2.0 module.
> One more difference that I have observed between 1.2 and 2.0 for iOS is:
> when I built the FIPS module, I also had libcrypto.a, libssl.a etc. in my
> /usr/local/ssl/Release-iphoneos/lib. I did not build a FIPS capable openssl
> module ( 1.0.1)
>
> For 2.0 module, I only have fipscanister.o in the location. There are no
> instructions to build FIPS capable openssl module for iOS.
That's because the 1.2 module distribution consists of a bastardized
version of the regular OpenSSL, and as such creates many of the same
files. Those should not be used; all files other than the FIPS module
itself should be discarded after the module is generated.
The 2.0 module has a much cleaner purpose-built distribution that
doesn't create those extraneous files.
You would build the "FIPS capable" OpenSSL the same way as for the
non-FIPS capable case, but with the "fips" build-time option. As noted
before I no longer have access to any OS X or iOS systems and so can't
give more specific examples. One good clue for linking an application
(such as the libcrypto shared library) with the FIPS module is to study
how the fips_algvs test program is generated from
make build_algvs
in the FIPS module workarea.
-Steve M.
--
Steve Marquess
OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@opensslfoundation.com
marqu...@openssl.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
