I started wondering whether FIPS 2 had been built on s390(x) after first trying to build it 32-bit and having that crash and burn completely.
A little more research turned up that SuSE has FIPS support as of SuSE 11 SP1, some variant of OpenSSL 0.9.8 and FIPS 1. That ought to be available on s390 since that is one of their supported platforms so it looks like upgrading OS is the easiest thing for me to do and saying we're "FIPS 140-2 compliant" is sufficient for our purposes. Thanks! - Andrew -----Original Message----- From: Steve Marquess [mailto:marqu...@opensslfoundation.com] Sent: Wednesday, March 27, 2013 3:02 PM To: openssl-users@openssl.org Cc: Porter, Andrew Subject: Re: Troubles building FIPS-enabled OpenSSL on s390x On 03/27/2013 03:26 PM, Porter, Andrew wrote: > After successfully building the combination of openssl-fips-2.0.2 and > openssl-1.0.1e on Intel Linux I am trying to do the same on mainframe > Linux, 64-bit SuSE 10.2 in my case. > > When I unpack openssl-fips-2.0.2 and do "./config; make" it fails with > > *** No rule to make target `s390xcap.o', needed by `fips'. > > So I found a copy of s390xcap.c after unpacking the openssl-1.0.1e > tarball and copied it to the FIPS crypto directory and was then able > to make and install. > > Question: was that the correct action to take? That's fine for informal testing purposes but you can't use the result as a validated module. You've got two strikes against you there; you can't modify the original source distribution at all, and the processor isn't represented among the formally tested platforms. As far as I know you're the first to try building the 2.0 FIPS module for mainframe Linux (a platform we don't have ready access to) so your result isn't surprising. That platform could be formally added to the validation (via a "change letter" mod), but that takes time and money. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
