On May 24, 2011, at 4:18 AM, Dr. Stephen Henson wrote:
On Mon, May 23, 2011, ciphertexto wrote:
On May 23, 2011, at 7:20 PM, Dr. Stephen Henson wrote:
On Sun, May 22, 2011, Bill Durant wrote:
Hello,
Has anyone been able to build a working 64-bit version of the
FIPS-capable OpenSSL on Mac OS X 10.6.7 (SnowLeopard)?
I have built a 64-bit version of the fipscanister from openssl-fips-1.2.3
on Mac OS X 10.6.7.
But fips_shatest and the openssl command are core dumping when I do a
'make test'
For example:
./config fipscanisterbuild
make
make test (fips_shatest and openssl core dump at this step)
Does fips_test_suite run OK?
I ran fips_test_suite and it has been pegged for almost two hours on the
following:
=
$ ./fips_test_suite
FIPS-mode test application
1. Non-Approved cryptographic operation test...
=
The CPU is at 100% on fips_test_suite. It does not get past that.
Any ideas?
It can take a long time to execute sometimes as it performs two slow DH
parameter generation operations. Retry it a few times. If it still doesn't
complete try:
OPENSSL_FIPS=1 util/shlib_wrap.sh apps/openssl version -a
Note that the utilities in the 1.2.3 build come from an ancient version of
OpenSSL 0.9.8 and to get a usable library you must build an FIPS capable
OpenSSL using the 1.2.3 fipscanister.o and a recent 0.9.8 version.
fips_test_suite hangs (stayed there for more than 24 hours). So I tried
shlib_wrap.sh as you suggest and I got a core dump from openssl.
I am testing with a FIPS-capable OpenSSL using the 1.2.3 fipscanister.o with
0.9.8r (the most recent version).
$ apps/openssl version
OpenSSL 0.9.8r-fips 8 Feb 2011
$ OPENSSL_FIPS=1 util/shlib_wrap.sh apps/openssl version -a
Segmentation fault (core dumped)
$ otool -c /cores/core.97244 | head -4
/cores/core.97244:
Argument strings on the stack at: 7fff5fc0
/Users/foo/svn/mac_crypto_64/Crypto/OSX/build_openssl_fips_capable/openssl-0.9.8r/apps/openssl
$ gdb apps/openssl /cores/core.97244
GNU gdb 6.3.50-20050815 (Apple version gdb-1515) (Sat Jan 15 08:33:48 UTC 2011)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type show copying to see the conditions.
There is absolutely no warranty for GDB. Type show warranty for details.
This GDB was configured as x86_64-apple-darwin...Reading symbols for shared
libraries done
Reading symbols for shared libraries . done
Reading symbols for shared libraries done
#0 0x3f61 in ?? ()
(gdb) bt
#0 0x3f61 in ?? ()
Cannot access memory at address 0x3f61
#1 0x092ff8bb in ?? ()
(gdb) quit
So does it look like the 64-bit version of the FIPS-capable OpenSSL on
SnowLeopard is officially broken?
Thanks,
Bill
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org