Building FIPS-capable OpenSSL on Linux PPC64

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Building FIPS-capable OpenSSL on Linux PPC64

gperrow

I am trying to build FIPS OpenSSL libraries for Linux PPC64 but it does not seem possible. This has been raised before (link below) but I didn’t see any resolution.

 

http://openssl.6102.n7.nabble.com/BUG-FIPS-capable-OpenSSL-fails-to-build-on-Linux-PPC64-td66890.html

 

I can build it if I run “./Configure linux-ppc64” but it is my understanding that you **must** build the FIPS libraries using “./config” or “./config no-asm”. Is there a workaround? Is there a fix coming? Given that the problem is within the FIPS module, is a fix possible without recertification?

 

Thanks

Graeme Perrow

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Building FIPS-capable OpenSSL on Linux PPC64

Steve Marquess-4
On 09/27/2016 10:56 AM, Perrow, Graeme wrote:

> I am trying to build FIPS OpenSSL libraries for Linux PPC64 but it does
> not seem possible. This has been raised before (link below) but I didn’t
> see any resolution.
>
>  
>
> http://openssl.6102.n7.nabble.com/BUG-FIPS-capable-OpenSSL-fails-to-build-on-Linux-PPC64-td66890.html
>
>  
>
> I can build it if I run “./Configure linux-ppc64” but it is my
> understanding that you ***must*** build the FIPS libraries using
> “./config” or “./config no-asm”. Is there a workaround? Is there a fix
> coming? Given that the problem is within the FIPS module, is a fix
> possible without recertification?
>
>  
>
> Thanks
>
> Graeme Perrow
>
>  
>
>
>

Well, your first and biggest problem is that no Linux on 64-bit PPC
platforms ("OEs") have been validated. So whether you can build it there
or not it moot.

We can still add platforms to the 2.0 FIPS module, but of course that
takes time and money. Typically we would introduce new architecture
targets in config/Configure as necessary to accommodate the requirement
that command line options not be used (that's where most of the revision
bumps come from).

-Steve M.

--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
[hidden email]
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users