>> However, I >> am honestly annoyed that there have been two validation cycles past >> without (still!) a working FIPS-validated module for the Intel Mac. > > What is this statement based on? Intel Mac support was added and tested > prior second submission. Though it's limited to 32 bits... Because > 64-bit capable hardware was not available at that point... A.
I know where he's coming from on that one, I couldn't get fips-1.1.1 to work on Intel Mac... I think the first issue was that it was setting -DB_ENDIAN in the cflags when you run ./config fips: $ ./config fips Operating system: i386-apple-darwinDarwin Kernel Version 9.1.0: Wed Oct 31 17:46:22 PDT 2007; root:xnu-1228.0.2~1/RELEASE_I386 Configuring for darwin-i386-cc Configuring for darwin-i386-cc IsWindows=0 CC =cc CFLAG =-DOPENSSL_SYSNAME_MACOSX -DOPENSSL_THREADS -D_REENTRANT -DOPENSSL_NO_KRB5 -O3 -fomit-frame-pointer -fno-common -DB_ENDIAN That's obviously not right for i386 and _does_ cause tests to fail. Then, when you "illegally" fix that in Configure, the make install fails (at least on Leopard with XCode 3) starting with: make[3]: Nothing to be done for `all'. exdel=""; \ for i in ../crypto/aes/aes_cbc.o ../crypto/aes/aes_cfb.o ../crypto/aes/aes_ecb.o ../crypto/aes/aes_ofb.o ../crypto/asn1/a_bitstr.o ../crypto/asn1/a_bytes.o ../crypto/asn1/a_dup.o ../crypto/asn1/a_int.o ../crypto/asn1/a_object.o ../crypto/asn1/asn1_err.o ../crypto/asn1/asn1_lib.o ../crypto/asn1/a_type.o ../crypto/asn1/evp_asn1.o ../crypto/asn1/tasn_dec.o ../crypto/asn1/tasn_enc.o ../crypto/asn1/tasn_fre.o ../crypto/asn1/tasn_new.o ../crypto/asn1/tasn_typ.o ../crypto/asn1/tasn_utl.o ../crypto/asn1/t_pkey.o ../crypto/asn1/x_algor.o ../crypto/asn1/x_bignum.o ../crypto/asn1/x_long.o ../crypto/asn1/x_sig.o ../crypto/bio/bio_err.o ../crypto/bio/bio_lib.o ../crypto/bio/b_print.o ../crypto/bio/bss_file.o ../crypto/bn/bn_add.o ../crypto/bn/bn_blind.o ../crypto/bn/bn_ctx.o ../crypto/bn/bn_div.o ../crypto/bn/bn_err.o ../crypto/bn/bn_exp2.o ../crypto/bn/bn_exp.o ../crypto/bn/bn_gcd.o ../crypto/bn/bn_lib.o ../crypto/bn/bn_mod.o ../crypto/bn/bn_mont.o ../crypto/bn/bn_mul.o ../crypto/bn/bn_prime.o ../crypto/bn/bn_print.o ../crypto/bn/bn_rand.o ../crypto/bn/bn_recp.o ../crypto/bn/bn_shift.o ../crypto/bn/bn_sqr.o ../crypto/bn/bn_word.o ../crypto/bn/bn_x931p.o ../crypto/buffer/buf_err.o ../crypto/buffer/buffer.o ../crypto/conf/conf_err.o ../crypto/cpt_err.o ../crypto/cryptlib.o ../crypto/des/cfb64ede.o ../crypto/des/cfb64enc.o ../crypto/des/cfb_enc.o ../crypto/des/des_enc.o ../crypto/des/ecb3_enc.o ../crypto/des/ecb_enc.o ../crypto/des/ofb64ede.o ../crypto/des/ofb64enc.o ../crypto/dh/dh_err.o ../crypto/dh/dh_lib.o ../crypto/dsa/dsa_asn1.o ../crypto/dsa/dsa_err.o ../crypto/dsa/dsa_lib.o ../crypto/dsa/dsa_sign.o ../crypto/dsa/dsa_vrf.o ../crypto/dso/dso_err.o ../crypto/ec/ec_err.o ../crypto/engine/eng_err.o ../crypto/engine/eng_init.o ../crypto/engine/eng_lib.o ../crypto/engine/eng_list.o ../crypto/engine/eng_table.o ../crypto/engine/tb_cipher.o ../crypto/engine/tb_dh.o ../crypto/engine/tb_digest.o ../crypto/engine/tb_dsa.o ../crypto/engine/tb_rand.o ../crypto/engine/tb_rsa.o ../crypto/err/err_all.o ../crypto/err/err.o ../crypto/err/err_prn.o ../crypto/evp/digest.o ../crypto/evp/e_aes.o ../crypto/evp/e_des3.o ../crypto/evp/e_des.o ../crypto/evp/evp_enc.o ../crypto/evp/evp_err.o ../crypto/evp/evp_lib.o ../crypto/evp/m_sha1.o ../crypto/evp/p_lib.o ../crypto/evp/p_sign.o ../crypto/evp/p_verify.o ../crypto/ex_data.o ../crypto/lhash/lhash.o ../crypto/mem_clr.o ../crypto/mem_dbg.o ../crypto/mem.o ../crypto/objects/obj_dat.o ../crypto/objects/obj_err.o ../crypto/objects/obj_lib.o ../crypto/ocsp/ocsp_err.o ../crypto/pem/pem_err.o ../crypto/pkcs12/pk12err.o ../crypto/pkcs7/pkcs7err.o ../crypto/rand/md_rand.o ../crypto/rand/rand_egd.o ../crypto/rand/rand_err.o ../crypto/rand/randfile.o ../crypto/rand/rand_lib.o ../crypto/rand/rand_os2.o ../crypto/rand/rand_unix.o ../crypto/rand/rand_win.o ../crypto/rsa/rsa_err.o ../crypto/rsa/rsa_lib.o ../crypto/rsa/rsa_none.o ../crypto/rsa/rsa_oaep.o ../crypto/rsa/rsa_pk1.o ../crypto/rsa/rsa_pss.o ../crypto/rsa/rsa_sign.o ../crypto/rsa/rsa_ssl.o ../crypto/rsa/rsa_x931.o ../crypto/stack/stack.o ../crypto/uid.o ../crypto/ui/ui_err.o ../crypto/x509v3/v3err.o ../crypto/x509v3/v3_hex.o ../crypto/x509/x509_err.o bn_asm.o;\ do \ exdel="$exdel "`basename $i`""; \ done ; \ ar d ../libcrypto.a $exdel ar: aes_cbc.o: not found in archive ...<snip>... ar: x509_err.o: not found in archive ar: bn_asm.o: not found in archive make[2]: *** [delexobj] Error 1 make[1]: *** [all] Error 2 make: *** [sub_all] Error 1 I hadn't tried to manually copy the libs and includes over, we just don't support fips on mac-intel since the Configure change isn't legal to make without invalidating the module anyhow. -Brad ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]