FIPS 2.0 build_tests using cross for ppc64

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

FIPS 2.0 build_tests using cross for ppc64

Michael Fainstein

I am trying to build test suite using cross environment on Linux x86-64 for ppc64.

 

Without setting FIPS_SIG I am getting error

../fips/fipsld: line 186: ./fips_hmactest: cannot execute binary file

 

With FIPS_SIG=`pwd`/util/incore I am getting error from incore:

ELF64 is supported only natively at util/incore line 45.

 

My target can’t support native build environment, so I must use cross.

Is there any way to fix those errors?

 

Thanks,

Michael


___________________________________________________________________________

This e-mail message is intended for the recipient only and contains information which is
CONFIDENTIAL and which may be proprietary to ECI Telecom. If you have received this
transmission in error, please inform us by e-mail, phone or fax, and then delete the original
and all copies thereof.
___________________________________________________________________________

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: FIPS 2.0 build_tests using cross for ppc64

OpenSSL - User mailing list
  • My target can’t support native build environment, so I must use cross.
  • Is there any way to fix those errors?

 

If you make any changes to the FIPS build procedure, then the result is not FIPS validated.  I think the build procedure does not support cross-compiling very well, because it expects to execute the built programs on the building host – it needs some things to run “natively” to get the digest of the built library so it can be incorporated into its power-on checks.

 

So you’ll have to do your own validation, hire a lab, etc.  Or wait until the project releases a new module.  That *might* support cross-compiling better, or it might not.

 

Sorry we don’t have better news.

 

  • This e-mail message is intended for the recipient only and contains information which is
    CONFIDENTIAL and which may be proprietary to ECI Telecom. If you have received this
    transmission in error, please inform us by e-mail, phone or fax, and then delete the original
    and all copies thereof.

BTW, let your mgmt. know that this kind of disclaimer is obnoxious and impossible to enforce when posting to a public mailing list.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users