Fips folk: Should the 'fipsdso' target complain if it gets any other
command line arguments in ./Configure? Since specifying it means that
you're trying to build the shared object...
-Kyle H
On Sat, Sep 20, 2008 at 8:56 AM, The Doctor <[EMAIL PROTECTED]> wrote:
> Need to split the FIPS and non-FIPS compliant technologies:
>
> When I do a fips compile namely
> ./Configure threads shared no-sse2 fipsdso enable-capieng enable-montasm
> enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779
> enable-gmp enable-mdc2 enable-rc5 zlib-dynamic --prefix="/usr/contrib"
> --openssldir="/usr/contrib"
> debug-bsdi-x86-elf "-g -O3 -Wall -mcpu=pentium3
>
> with debug-bsdi-x86-elf
>
> "debug-bsdi-x86-elf", "gcc:-DPERL5 -DL_ENDIAN -DTERMIOS
> -fomit-frame-pointer -O9 -march=pentium3 -Wall -g::${BSDthreads}::-ldl -lm
> -lc:THIRY_TWO_BIT_LONG RC4_CHUNK BN_LLONG ${x86_gcc_des}
> ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
>
> I get:
>
> Testing cipher SEED-ECB(encrypt)
> Key
> 0000 28 db c3 bc 49 ff d8 7d cf a5 09 b1 1d 42 2b e7
> Plaintext
> 0000 b4 1e 6b e2 eb a8 4a 14 8e 2e ed 84 59 3c 5e c7
> Ciphertext
> 0000 9b 9b 7b fc d1 81 3c b9 5d 0b 36 18 f4 0f 51 22
>
> test SSL protocol
> test ssl3 is forbidden in FIPS mode
> *** IN FIPS MODE ***
> Available compression methods:
> 1: zlib compression
> 8918:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips
> mode:ssl_lib.c:1402:
> 8918:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips
> mode:ssl_lib.c:1402:
> test ssl2 is forbidden in FIPS mode
> *** IN FIPS MODE ***
> Available compression methods:
> 1: zlib compression
> 8932:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips
> mode:ssl_lib.c:1402:
> 8932:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips
> mode:ssl_lib.c:1402:
> test tls1
> *** IN FIPS MODE ***
> Available compression methods:
> 1: zlib compression
> 8956:error:0406A08D:rsa routines:RSA_new_method:non fips method:rsa_eng.c:183:
> 8956:error:0D079064:asn1 encoding routines:ASN1_ITEM_EX_COMBINE_NEW:aux
> error:tasn_new.c:221:
> 8956:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
> error:tasn_dec.c:402:Type=RSA
> 8956:error:0D09B00D:asn1 encoding routines:d2i_PublicKey:ASN1 lib:d2i_pu.c:99:
> 8956:error:0B077066:x509 certificate routines:X509_PUBKEY_get:err asn1
> lib:x_pubkey.c:366:
> 8956:error:140BF10C:SSL routines:SSL_SET_CERT:x509 lib:ssl_rsa.c:402:
> ERROR in SERVER
> 8956:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher:s3_srvr.c:1037:
> TLSv1, cipher (NONE) (NONE)
> 1 handshakes of 256 bytes done
> *** Error code 1 (continuing)
> Test IGE mode
> ../util/shlib_wrap.sh ./igetest
> `tests' not remade because of errors.
> util/opensslwrap.sh version -a
> OpenSSL 0.9.8j-fips-dev xx XXX xxxx
> built on: Sat Sep 20 08:02:29 MDT 2008
> platform: debug-bsdi-x86-elf
> options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int)
> blowfish(idx)
> compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS
> -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O3 -Wall
> -mcpu=pentium3 -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O9
> -march=pentium3 -Wall -g -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT
> -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
> OPENSSLDIR: "/usr/contrib"
> `test' is up to date.
>
> using make -k test .
>
> Please fix.
>
> --
> Member - Liberal International
> This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED]
> God, Queen and country! Beware Anti-Christ rising! Canada vote anything but
> Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca .
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
