<div dir="ltr">Update on this. Here is the log from my app. Any idea why my calculated sig is 000000000...?<input name="virtru-metadata" type="hidden" value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"expires":false,"isManaged":false},"attachments":{}}"><div><br></div><div><div>2016-08-03 11:47:49.988 App[32127:2253410] FIPS_mode_set failed: 755413103</div><div>2016-08-03 11:47:49.988 App[32127:2253410] Embedded sig: 7363808352b3d84a797c91df813afcb58bf924b4</div><div>2016-08-03 11:47:49.988 App[32127:2253410] Calculated sig: 0000000000000000000000000000000000000000</div></div><div><br></div><div><br></div><div>Here is my code inside of my main.m files for my ios app</div><div><br></div><div>
<p class="gmail-p1"><span class="gmail-s1">int</span><span class="gmail-s2"> mode = </span><span class="gmail-s3">FIPS_mode</span><span class="gmail-s2">(), ret = </span><span class="gmail-s4">0</span><span class="gmail-s2">;</span></p>
<p class="gmail-p2"><span class="gmail-s5"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s2">unsigned</span><span class="gmail-s5"> </span><span class="gmail-s2">long</span><span class="gmail-s5"> err = </span><span class="gmail-s4">0</span><span class="gmail-s5">;</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s1">if</span><span class="gmail-s2">(mode == </span><span class="gmail-s4">0</span><span class="gmail-s2">)</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span>{</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span>ret = </span><span class="gmail-s3">FIPS_mode_set</span><span class="gmail-s2">(</span><span class="gmail-s4">1</span><span class="gmail-s2"> </span><span class="gmail-s6">/*on*/</span><span class="gmail-s2">);</span></p>
<p class="gmail-p3"><span class="gmail-s5"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span>err = </span><span class="gmail-s2">ERR_get_error</span><span class="gmail-s5">();</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span>}</span></p>
<p class="gmail-p2"><span class="gmail-s5"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s2">else</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span>{</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span>ret = </span><span class="gmail-s3">FIPS_mode_set</span><span class="gmail-s2">(</span><span class="gmail-s4">0</span><span class="gmail-s2"> </span><span class="gmail-s6">/*off*/</span><span class="gmail-s2">);</span></p>
<p class="gmail-p3"><span class="gmail-s5"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span>err = </span><span class="gmail-s2">ERR_get_error</span><span class="gmail-s5">();</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span>}</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s1">if</span><span class="gmail-s2">(</span><span class="gmail-s4">1</span><span class="gmail-s2"> != ret)</span></p>
<p class="gmail-p4"><span class="gmail-s5"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s7">NSLog</span><span class="gmail-s5">(</span><span class="gmail-s2">@"FIPS_mode_setĀ failed: %lu"</span><span class="gmail-s5">, err);</span></p>
<p class="gmail-p5"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span></p>
<p class="gmail-p6"><span class="gmail-s5"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s2">NSMutableString</span><span class="gmail-s5">* f1 = [</span><span class="gmail-s2">NSMutableString</span><span class="gmail-s5"> </span><span class="gmail-s2">stringWithCapacity</span><span class="gmail-s5">:</span><span class="gmail-s3">MAGIC_20</span><span class="gmail-s5">*</span><span class="gmail-s4">2</span><span class="gmail-s5"> + </span><span class="gmail-s4">8</span><span class="gmail-s5">];</span></p>
<p class="gmail-p5"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s1">for</span><span class="gmail-s2">(</span><span class="gmail-s1">unsigned</span><span class="gmail-s2"> </span><span class="gmail-s1">int</span><span class="gmail-s2"> i = </span><span class="gmail-s4">0</span><span class="gmail-s2">; i < </span><span class="gmail-s3">MAGIC_20</span><span class="gmail-s2">; i++)</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span>[f1 </span><span class="gmail-s7">appendFormat</span><span class="gmail-s2">:</span><span class="gmail-s8">@"%02x"</span><span class="gmail-s2">, </span><span class="gmail-s3">FIPS_signature</span><span class="gmail-s2">[i]];</span></p>
<p class="gmail-p5"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span></p>
<p class="gmail-p4"><span class="gmail-s5"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s7">NSLog</span><span class="gmail-s5">(</span><span class="gmail-s2">@"Embedded sig: %@"</span><span class="gmail-s5">, f1);</span></p>
<p class="gmail-p5"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s1">unsigned</span><span class="gmail-s2"> </span><span class="gmail-s1">char</span><span class="gmail-s2"> calculated[</span><span class="gmail-s4">20</span><span class="gmail-s2">] = {};</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s1">unsigned</span><span class="gmail-s2"> </span><span class="gmail-s1">int</span><span class="gmail-s2"> ret2 = </span><span class="gmail-s3">FIPS_incore_fingerprint</span><span class="gmail-s2">(calculated, </span><span class="gmail-s1">sizeof</span><span class="gmail-s2">(calculated));</span></p>
<p class="gmail-p5"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s1">if</span><span class="gmail-s2">(ret2 != </span><span class="gmail-s3">MAGIC_20</span><span class="gmail-s2">)</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span>{</span></p>
<p class="gmail-p7"><span class="gmail-s5"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s2">// Failure - wipe it.</span></p>
<p class="gmail-p7"><span class="gmail-s5"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s2">// Default is 0x00. We use 0xFF to differentiate</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s9">memset</span><span class="gmail-s2">(calculated, </span><span class="gmail-s4">0xFF</span><span class="gmail-s2">, </span><span class="gmail-s1">sizeof</span><span class="gmail-s2">(calculated));</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span>}</span></p>
<p class="gmail-p5"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span></p>
<p class="gmail-p6"><span class="gmail-s5"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s2">NSMutableString</span><span class="gmail-s5">* f2 = [</span><span class="gmail-s2">NSMutableString</span><span class="gmail-s5"> </span><span class="gmail-s2">stringWithCapacity</span><span class="gmail-s5">:</span><span class="gmail-s3">MAGIC_20</span><span class="gmail-s5">*</span><span class="gmail-s4">2</span><span class="gmail-s5"> + </span><span class="gmail-s4">8</span><span class="gmail-s5">];</span></p>
<p class="gmail-p5"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s1">for</span><span class="gmail-s2">(</span><span class="gmail-s1">unsigned</span><span class="gmail-s2"> </span><span class="gmail-s1">int</span><span class="gmail-s2"> j = </span><span class="gmail-s4">0</span><span class="gmail-s2">; j < </span><span class="gmail-s3">MAGIC_20</span><span class="gmail-s2">; j++)</span></p>
<p class="gmail-p1"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span>[f2 </span><span class="gmail-s7">appendFormat</span><span class="gmail-s2">:</span><span class="gmail-s8">@"%02x"</span><span class="gmail-s2">, calculated[j]];</span></p>
<p class="gmail-p5"><span class="gmail-s2"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span></p>
<p class="gmail-p4"><span class="gmail-s5"><span class="gmail-Apple-tab-span"> </span><span class="gmail-Apple-tab-span"> </span></span><span class="gmail-s7">NSLog</span><span class="gmail-s5">(</span><span class="gmail-s2">@"Calculated sig: %@"</span><span class="gmail-s5">, f2);</span></p></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 3, 2016 at 10:39 AM, Brian Jost <span dir="ltr"><<a href="mailto:brian@virtru.com" target="_blank">brian@virtru.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I modified a script to get a FIPS compliant iOS library and am having issues with the fingerprint. I had to add a CPU adjustment to the incore_macho but I wouldn't think that would cause a FIPS fingerprint mismatch.<input name="virtru-metadata" type="hidden" value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"expires":false,"isManaged":false},"attachments":{}}"><div><br></div><div><a href="https://gist.github.com/jostster/ebbc6925c668b632d8b185293080256c" target="_blank">https://gist.github.com/jostster/ebbc6925c668b632d8b185293080256c</a><br></div><div><br></div><div>Does anyone have any thoughts how to overcome this error so that I can have a FIPS compliant iOS library for armv7, armv7s and arm64?</div></div>
</blockquote></div><br></div>