On May 24, 2011, at 5:42 PM, Dr. Stephen Henson wrote: > On Tue, May 24, 2011, Bill Durant wrote: > >> On May 24, 2011, at 3:58 PM, Dr. Stephen Henson wrote: >>> On Tue, May 24, 2011, ciphertexto wrote: >>> >>>> On May 24, 2011, at 4:18 AM, Dr. Stephen Henson wrote: >>>>> >>>>> It can take a long time to execute sometimes as it performs two slow DH >>>>> parameter generation operations. Retry it a few times. If it still doesn't >>>>> complete try: >>>>> >>>>> OPENSSL_FIPS=1 util/shlib_wrap.sh apps/openssl version -a >>>>> >>>>> Note that the utilities in the 1.2.3 build come from an ancient version of >>>>> OpenSSL 0.9.8 and to get a usable library you must build an FIPS capable >>>>> OpenSSL using the 1.2.3 fipscanister.o and a recent 0.9.8 version. >>>> >>>> >>>> fips_test_suite hangs (stayed there for more than 24 hours). So I tried >>>> shlib_wrap.sh as you suggest and I got a core dump from openssl. >>>> >>>> I am testing with a FIPS-capable OpenSSL using the 1.2.3 fipscanister.o >>>> with 0.9.8r (the most recent version). >>>> >>>> $ apps/openssl version >>>> OpenSSL 0.9.8r-fips 8 Feb 2011 >>>> >>>> $ OPENSSL_FIPS=1 util/shlib_wrap.sh apps/openssl version -a >>>> Segmentation fault (core dumped) >>>> >>>> $ otool -c /cores/core.97244 | head -4 >>>> /cores/core.97244: >>>> Argument strings on the stack at: 00007fff5fc00000 >>>> >>>> /Users/foo/svn/mac_crypto_64/Crypto/OSX/build_openssl_fips_capable/openssl-0.9.8r/apps/openssl >>>> >>>> $ gdb apps/openssl /cores/core.97244 >>>> GNU gdb 6.3.50-20050815 (Apple version gdb-1515) (Sat Jan 15 08:33:48 UTC >>>> 2011) >>>> Copyright 2004 Free Software Foundation, Inc. >>>> GDB is free software, covered by the GNU General Public License, and you >>>> are >>>> welcome to change it and/or distribute copies of it under certain >>>> conditions. >>>> Type "show copying" to see the conditions. >>>> There is absolutely no warranty for GDB. Type "show warranty" for details. >>>> This GDB was configured as "x86_64-apple-darwin"...Reading symbols for >>>> shared libraries .... done >>>> >>>> Reading symbols for shared libraries . done >>>> Reading symbols for shared libraries .... done >>>> #0 0x000000003f61ffff in ?? () >>>> (gdb) bt >>>> #0 0x000000003f61ffff in ?? () >>>> Cannot access memory at address 0x3f61ffff >>>> #1 0x00000000092ff8bb in ?? () >>>> (gdb) quit >>>> >>>> So does it look like the 64-bit version of the FIPS-capable OpenSSL on >>>> SnowLeopard is officially broken? >>>> >>> >>> I don't have access to that platform so can't say for sure: it could >>> conceivably be a compiler bug. >>> >>> Can you try a debug build of fipscanitsr using 0.9.8r? >>> >>> NB: to anyone who reads this in future. THIS DOES NOT RESULT IN A VALIDATED >>> LIBRARY IT IS ONLY BEING DONE FOR TESTING PURPOSES!! I have to say that as >>> some >>> messages get cut and pasted into cookbooks as "the right way to do things". >>> >>> Something like: >>> >>> ./config -d fipscanisterbuild >>> make >> >> >> Here is what I get with the -d option: >> >> $ ./config -d fipcanisterbuild >> Operating system: i386-apple-darwinDarwin Kernel Version 10.7.0: Sat Jan 29 >> 15:17:16 PST 2011; root:xnu-1504.9.37~1/RELEASE_I386 >> This system (debug-darwin-i386-cc) is not supported. See file INSTALL for >> details. >> >> And without the -d option, I get the following: >> >> $ ./config fipcanisterbuild >> Operating system: i386-apple-darwinDarwin Kernel Version 10.7.0: Sat Jan 29 >> 15:17:16 PST 2011; root:xnu-1504.9.37~1/RELEASE_I386 >> Configuring for darwin-i386-cc >> target already defined - darwin-i386-cc (offending arg: fipcanisterbuild) >> >> Notice that it configures for "darwin-i386-cc" which I believe it is >> incorrect. I am thinking that it should configure for "darwin64-x86_64-cc" >> instead. >> > > Ah that explains it. There is no darwin64-x86_64-cc target for the validated > tarball so it isn't supported. It is possible to add new platforms via a > change letter but so far no one has been interested in including that one.
What is the procedure for a change letter? How do I make the request to add darwin64-x86_64-cc in the validated tarball? Thanks, Bill > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org