After installing the patches mentioned for studio 11, tests started working.
1) 121015-07 2) 121017-20 Thanks, --Vikram -----Original Message----- From: Vikram Arwade Sent: Tuesday, September 29, 2009 5:05 PM To: openssl-users@openssl.org Subject: RE: FIPS Thanks Steve. Do you know why my make test must be failing? if [ -n "libcrypto" ]; then \ ../util/shlib_wrap.sh ./fips_shatest < SHAmix.req | diff -w SHAmix.fax - ; \ fi ERROR:2d072065:lib=45,func=114,reason=101:file=fips_rand_selftest.c:line =364: 1,129d0 < [L = 64] < < Len = 16 < Msg = 98a1 < MD = 74d78642f70ca830bec75fc60a585917e388cfa4cd1d23daab1c4d9ff1010cac3e67275d f64db5a6a7c7d0fda24f1fc3eb272678a7c8becff6743ee812129078 < < Len = 104 < Msg = 35a37a46df4ccbadd815942249 < MD = 6f5589ea195e745654885d50de687d7fe682affc8da1fb09e681540525f04ecb93022361 a27759b9e272c883564223c5e4ecafeb0daaf1abce6caa4bd4153379 < Regards, --Vikram -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Steve Marquess Sent: Tuesday, September 29, 2009 4:23 AM To: openssl-users@openssl.org Subject: Re: FIPS Vikram Arwade wrote: > ... > > Also is it OK to build using "perl Configure fipscanisterbuild > solaris-sparcv9-cc" or do we need to use "./config fipscanisterbuild"? > If we need to use "./config fipscanisterbuild" then how do we build on > solaris sparcv9 using studio 11? > Not if you're planning to call the result FIPS 140-2 validated. The Security Policy and User Guide are both (IMHO) excruciatingly clear on that point. You can't use the v1.2 module on a platform for which the module as validated (including the Security Policy build instructions) is not suitable. Those build instructions presume a default build environment for the host O/S distribution, i.e. what you get when you procure and install that distribution in the usual and customary way. Granted, there is a bit of a gray area concerning the nature of that "usual and customary" environment. The installation of standard vendor supplied patches and upgrades presumably does not invalidate the host O/S distribution (I say "presumably" because only the CMVP can make any authoritative judgments). Installation of a vendor supplied optional compiler (where more than one such is available) would presumably also be allowed, as would standard well-known third-party libraries or tools. I'm not familiar with Studio 11 but it does appear to be a vendor supplied and supported development product, so it might be acceptable provided that it is installed in such a way that is constitutes the default compiler, linker, etc., so that "./config fipscanisterbuild" works. Changing the module code or those build command incantations is clearly *not* allowed, period. Keep in mind that all you need is fipscanister.o itself. Too many software vendors seem to think they have to fit the fipscanister.o build from the source tarball into their own specific internal build process. The CMVP has already staked out a claim on a particular special process leaving little latitude for creative reinterpretation. It may be a lot easier to create fipscanister.o as a separate independent step, as defined and required in the Security Policy, and *then* throw the resulting fipscanister.o into the special ornate and elaborate internal process. It may even be appropriate to image a standalone build machine with a stock O/S distribution just for the purposes of creating fipscanister.o, as that file can then be moved to a non-standard but ABI compatible platform. -Steve M. -- Steve Marquess The OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 marqu...@opensslfoundation.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
