I'm attempting to build an iOS OpenSSL library with FIPS (Federal Information Processing Standards) compliance enabled. I've modified the build script from the krzyzanowskim/OpenSSL repository (https://github.com/krzyzanowskim/OpenSSL/blob/main/scripts/build.sh) to include FIPS configuration. However, when I integrate the resulting library into my iOS app and attempt to load the FIPS provider, it fails. How can I properly enable FIPS compliance in the OpenSSL library build script for iOS and ensure it's correctly integrated into my app? I've followed these steps in modifying the build script:
Configure FIPS
${SRC_DIR}/Configure enable-fips make install_fips make install
In the build logs, I can see messages indicating the FIPS module is being installed:
*** Installing FIPS module
install providers/fips.dylib -> /var/folders/jn/d8ymwfvs4t5942j6y_n930m00000gn/T/tmp.qa2J31kZ81/3.0.8-iPhoneSimulator-x86_64/lib/ossl-modules/fips.dylib
*** Installing FIPS module configuration
install providers/fipsmodule.cnf -> /var/folders/jn/d8ymwfvs4t5942j6y_n930m00000gn/T/tmp.qa2J31kZ81/3.0.8-iPhoneSimulator-x86_64/ssl/fipsmodule.cnf
It always fails to load the FIPS provider. However, when I integrate the resulting library into my iOS app and attempt to load the FIPS provider using the following code: fips = OSSL_PROVIDER_load(NULL, "fips"); if (fips == NULL) { printf("Failed to load FIPS provider\n"); exit(EXIT_FAILURE); }
How can I properly enable FIPS compliance in the OpenSSL library build script for iOS and ensure it's correctly integrated into my app? Any insights or suggestions would be greatly appreciated. Thank you!