Re: [openssl-users] iOS FIPS armv7, armv7s, arm64
> > I have been trying for the life of me to get the FIPS module to compile > for those supported platforms. Our app compiles for those platforms so > without a compatible version of the openssl FIPS it causes errors. > > Is there any plans to have the FIPS module support those architectures? > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] 755413103 error on fingerprint match
I modified a script to get a FIPS compliant iOS library and am having issues with the fingerprint. I had to add a CPU adjustment to the incore_macho but I wouldn't think that would cause a FIPS fingerprint mismatch. https://gist.github.com/jostster/ebbc6925c668b632d8b185293080256c Does anyone have any thoughts how to overcome this error so that I can have a FIPS compliant iOS library for armv7, armv7s and arm64? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] 755413103 error on fingerprint match
Update on this. Here is the log from my app. Any idea why my calculated sig is 0...? 2016-08-03 11:47:49.988 App[32127:2253410] FIPS_mode_set failed: 755413103 2016-08-03 11:47:49.988 App[32127:2253410] Embedded sig: 7363808352b3d84a797c91df813afcb58bf924b4 2016-08-03 11:47:49.988 App[32127:2253410] Calculated sig: Here is my code inside of my main.m files for my ios app int mode = FIPS_mode(), ret = 0; unsigned long err = 0; if(mode == 0) { ret = FIPS_mode_set(1 /*on*/); err = ERR_get_error(); } else { ret = FIPS_mode_set(0 /*off*/); err = ERR_get_error(); } if(1 != ret) NSLog(@"FIPS_mode_set failed: %lu", err); NSMutableString* f1 = [NSMutableString stringWithCapacity:MAGIC_20*2 + 8]; for(unsigned int i = 0; i < MAGIC_20; i++) [f1 appendFormat:@"%02x", FIPS_signature[i]]; NSLog(@"Embedded sig: %@", f1); unsigned char calculated[20] = {}; unsigned int ret2 = FIPS_incore_fingerprint(calculated, sizeof(calculated)); if(ret2 != MAGIC_20) { // Failure - wipe it. // Default is 0x00. We use 0xFF to differentiate memset(calculated, 0xFF, sizeof(calculated)); } NSMutableString* f2 = [NSMutableString stringWithCapacity:MAGIC_20*2 + 8]; for(unsigned int j = 0; j < MAGIC_20; j++) [f2 appendFormat:@"%02x", calculated[j]]; NSLog(@"Calculated sig: %@", f2); On Wed, Aug 3, 2016 at 10:39 AM, Brian Jost <br...@virtru.com> wrote: > I modified a script to get a FIPS compliant iOS library and am having > issues with the fingerprint. I had to add a CPU adjustment to the > incore_macho but I wouldn't think that would cause a FIPS fingerprint > mismatch. > > https://gist.github.com/jostster/ebbc6925c668b632d8b185293080256c > > Does anyone have any thoughts how to overcome this error so that I can > have a FIPS compliant iOS library for armv7, armv7s and arm64? > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] fips_premain.c bitcode for iOS
We ran into an issue where we were selecting 'Include bitcode' when submitting to apple and when doing ad-hoc builds. It seems doing this with the fips_premain.c file included in the xcode compile sources phase causes an instant crash on start up. What is the proper way to get past this bitcode issue? If we select to NOT 'Include bitcode' the app doesn't crash. I have narrowed this down to the fips_premain.c file by Including bitcode but removing fips from the project and it working. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] French Declaration
Ok thanks, so there isn't a generic declaration that applications using openssl standard encryption like GCM can use? Each application will have to get self declared? On Thu, Dec 1, 2016 at 12:12 PM, Peter Sylvester Edelweb < peter.sylves...@edelweb.fr> wrote: > Hi > > There are news since about a year. > > https://www.ssi.gouv.fr/administration/reglementation/ > controle-reglementaire-sur-la-cryptographie/ > There is a downloadable editable PDF to prepare the declaration. > > Anyway, you normally do not declare all functionality of the openssl > library if you use it in a product. > > It may be as simple as "to hash passwords we use the SHAnnn functions as > implemented by openssl". > > I used to make such declarations about 15 years ago. > > > Peter > > > > > > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] French Declaration
I see that it was discussed many years ago about getting a French Declaration for openssl. Was this ever successful? If so is there a place I can download the declaration as it seems to be required when submitting to the iOS appstore. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] fips_premain arch invalid
I have updated my iOS scripts to build for all archs now using the latest fips-2.0.14 and openssl-1.1.0e. Before I was using 1.0.2h I believe and fips-2.0.12 and didn't have armv7s support added. I needed to add it so I upgrade and adjusted my script accordingly https://gist.github.com/jostster/ebbc6925c668b632d8b185293080256c This works great, however I now get an error when building my application in xcode. Undefined symbols for architecture armv7: "_FIPS_text_start", referenced from: _FINGERPRINT_premain in fips_premain.o "_FIPS_signature", referenced from: _FINGERPRINT_premain in fips_premain.o +[VTFipsInfo getEmbeddedFingerprint] in VTFipsInfo.o "_FIPS_incore_fingerprint", referenced from: _FINGERPRINT_premain in fips_premain.o +[VTFipsInfo getExpectedFingerprint] in VTFipsInfo.o ld: symbol(s) not found for architecture armv7 VTFipsInfo.o is my objective-c files that get if FIPS is enabled and gets the hashes to display to the end user. If I try this on our buildkite server it replaces armv7 with x86_64. However running lipo --info on my libssl and libcrypt.a returns Architectures in the fat file: libssl.a are: armv7 i386 armv7s x86_64 arm64 Architectures in the fat file: libcrypto.a are: armv7 i386 armv7s x86_64 arm64 My valid architectures in xcode are armv7, armv7s and armv64. Before I upgraded my openssl and added armv7s support, this wasn't an issue. Any ideas how to fix this? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users