iphone – Openssl 3.0.8 fips compliant integration in ios

I’m writing to hunt help with constructing OpenSSL 3.0.8 with FIPS for an iOS gadget. That is my first time endeavor such a activity, and I’m encountering some points that I hope get answer from anybody right here.

Listed here are the steps I’ve adopted to this point:

Downloaded OpenSSL 3.0.8:
I downloaded the OpenSSL 3.0.8 supply code and configured it to construct for iOS with FIPS enabled utilizing the next script:

`

configure_and_build_openssl() {
ARCH=$1
TARGET=$2
SDK_VERSION=$3
SDK_PATH=$4
PREFIX=$5

export CROSS_TOP=$(xcode-select --print-path)/Platforms/${TARGET}.platform/Developer
export CROSS_SDK=${TARGET}${SDK_VERSION}.sdk
export SDKROOT=${SDK_PATH}
export BUILD_TOOLS=$(xcode-select --print-path)/Toolchains/XcodeDefault.xctoolchain
export CROSS_COMPILE="${BUILD_TOOLS}/usr/bin/"

export CC="cc -isysroot $SDK_PATH -I$SDK_PATH/usr/embody -I$SDK_PATH/usr/embody/$(basename $BUILD_TOOLS)"
export CFLAGS="-isysroot $SDK_PATH -I$SDK_PATH/usr/embody -I$SDK_PATH/usr/embody/$(basename $BUILD_TOOLS)"
export LDFLAGS="-isysroot $SDK_PATH"

# Configure and construct for the required structure
./Configure ${ARCH} enable-fips no-async no-shared no-tests enable-ec_nistp_64_gcc_128 --prefix=$PREFIX --openssldir=$PREFIX
make -j$(sysctl -n hw.ncpu)
make set up
make clear
}

`

Up to date openssl.cnf:
I up to date the openssl.cnf file as directed within the OpenSSL FIPS module documentation.
openssl

Copied Libraries and Configuration Recordsdata:
I copied libssl.a and libcrypto.a to my challenge, and positioned openssl.cnf, fipsmodule.cnf, and fips.dylib in my challenge.

Enabled FIPS Mode:
I wrote the next code to allow FIPS and examine whether it is enabled:

`

BOOL isFIPSModeEnabled() {
OSSL_PROVIDER *fips;
OSSL_PROVIDER *base;

fips = OSSL_PROVIDER_load(NULL, "fips");
if (fips == NULL) {
    printf("Did not load FIPS providern");
    ERR_print_errors_fp(stderr);
}

base = OSSL_PROVIDER_load(NULL, "base");
if (base == NULL) {
    OSSL_PROVIDER_unload(fips);
    printf("Did not load base providern");
    return false;
}

if (EVP_default_properties_enable_fips(NULL, 1) == 0) {
    printf("Did not allow FIPS moden");
    OSSL_PROVIDER_unload(base);
    OSSL_PROVIDER_unload(fips);
    return false;
}

if (EVP_default_properties_is_fips_enabled(NULL) == 1) {
    printf("FIPS mode is enabledn");
    OSSL_PROVIDER_unload(base);
    OSSL_PROVIDER_unload(fips);
    return true;
} else {
    printf("FIPS mode will not be enabledn");
    OSSL_PROVIDER_unload(base);
    OSSL_PROVIDER_unload(fips);
    return false;
}
}

`

After I run this code, it prints “FIPS mode is enabled.” Nevertheless, the supplier will not be loading, and I obtain the next error message:

`

Did not load FIPS supplier

C0BEC7F701000000:error:12800067:DSO help routines:dlfcn_load:couldn't load the shared                                      library:crypto/dso/dso_dlfcn.c:118:
C0BEC7F701000000:error:12800067:DSO help routines:DSO_load:couldn't load the shared library:crypto/dso/dso_lib.c:152:
C0BEC7F701000000:error:07880025:widespread libcrypto routines:provider_init:purpose(524325):crypto/provider_core.c:912:identify=fips`

I might drastically respect your steerage on why the FIPS supplier will not be loading and what steps I may be lacking or doing incorrectly on this course of.