After reading the user guide and finding some more information I was able to get a full build but now my problem seems to be that the signatures don't match. I am using the fips-pi app to verify. Here are the steps I have taken to make things work under iOS 7 SDK.
1. I updated the setenv-ios-11.sh file to reflect an iOS 7 environment: export CROSS_TYPE=OS cross_arch="-armv7" CROSS_DEVELOPER=`xcode-select -print-path`" # CROSS_TOP is the top of the development tools tree export CROSS_TOP="$CROSS_DEVELOPER/Platforms/iPhone$CROSS_TYPE.platform/Developer" # CROSS_CHAIN is the location of the actual compiler tools export CROSS_CHAIN="$CROSS_DEVELOPER/Toolchains/XcodeDefault.xctoolchain/usr/bin/" # CROSS_SDK is the SDK version being used - adjust as appropriate for i in 7.1 7.0 6.1 6.0 5.1 5.0 4.3 do do if [ -d "$CROSS_TOP/SDKs/iPhone"$CROSS_TYPE""$i".sdk" ]; then SDKVER=$i break fi done export CROSS_SDK=iPhone"$CROSS_TYPE""$SDKVER".sdk # # fips/sha/Makefile uses HOSTCC for building fips_standalone_sha1 # export HOSTCC=/usr/bin/clang export HOSTCFLAGS="-arch i386" # CROSS_COMPILE is the prefix for the tools - in this case the scripts # which invoke the tools with the correct options for 'fat' binary handling export CROSS_COMPILE=$CROSS_CHAIN # FIPS_SIG is the tool for determining the incore fingerprint export FIPS_SIG=/usr/local/bin/incore_macho export IOS_TARGET=darwin-iphoneos-cross export IOS_INSTALLDIR=/usr/local/ssl/Release-iphoneos cross_type=`echo $CROSS_TYPE | tr '[A-Z]' '[a-z]'` MACHINE=`echo "$cross_arch" | sed -e 's/^-//'` SYSTEM="iphoneos" BUILD="build" export MACHINE export SYSTEM export BUILD export CONFIG_OPTIONS="no-shared --openssldir=$IOS_INSTALLDIR" 2. Followed the instructions to use the setenv-darwin-i386.sh file to build incore_macho and installed it in /usr/local/bin 3. Deleted the FIPS module folder and recreated it / called setenv-reset and setenv-ios-11 as per instructions 4. Ran sed -i "" 's|\"iphoneos-cross\"\,\"llvm-gcc\:-O3|\"iphoneos-cross\"\,\"clang\:-Os|g' Configure to force the use of clang since llvm-gcc no longer exists in iOS 7 SDK 5. ./configure make sudo make install No errors happen 6. move to openssl folder and setenv-reset / setenv-ios-11 again 7. Ran http://wiki.openssl.org/index.php/Compilation_and_Installation instructions OLD_LANG=$LANG unset LANG sed -i "" 's|\"iphoneos-cross\"\,\"llvm-gcc\:-O3|\"iphoneos-cross\"\,\"clang\:-Os|g' Configure sed -i "" 's/CC= cc/CC= clang/g' Makefile.org sed -i "" 's/CFLAG= -O/CFLAG= -Os/g' Makefile.org sed -i "" 's/MAKEDEPPROG=makedepend/MAKEDEPPROG=$(CC) -M/g' Makefile.org export LANG=$OLD_LANG 8. ./config fips -no-shared -no-hw -no-engines --with-fipsdir=/usr/local/ssl/Release-iphoneos make depend (for some reason this fails even though the sed MAKEDEPPROG instruction above was specifically designed to fix issues with clang I believe) making depend in crypto... clang: error: no such file or directory: '-DOPENSSL_THREADS' clang: error: no such file or directory: '-D_REENTRANT' clang: error: no such file or directory: '-DDSO_DLFCN' clang: error: no such file or directory: '-DHAVE_DLFCN_H' clang: error: no such file or directory: '-arch' clang: error: no such file or directory: 'armv7' clang: error: no such file or directory: '-Os' make all sudo make install 9. No errors on make or make install ... I then point the FIPS-pi demo to the correct library / headers and make sure to replace the fips_premain.c file that came bundled with FIPS-pi app with the one I had in my FIPS module install. 10. The app fails to have matching signatures and can't enable FIPS mode. I followed a similar procedure on the iOS 6 SDK last year using llvm-gcc and had no issues. It became necessary for me to upgrade and now I'm having these confusing issues. On Fri, Mar 21, 2014 at 8:28 PM, Jeffrey Walton <noloa...@gmail.com> wrote: > On Fri, Mar 21, 2014 at 8:06 PM, Thomas Leavy <tombu...@gmail.com> wrote: >> Is there any way to accomplish building OpenSSL FIPS under the iOS 7 sdk? >> > See the OpenSSL FIPS User Guide, Appendix E.2. > http://www.openssl.org/docs/fips/UserGuide-2.0.pdf. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org