On May 24, 2011, at 4:18 AM, Dr. Stephen Henson wrote:
> On Mon, May 23, 2011, ciphertexto wrote:
>
>> On May 23, 2011, at 7:20 PM, Dr. Stephen Henson wrote:
>>> On Sun, May 22, 2011, Bill Durant wrote:
>>>
>>>> Hello,
>>>>
>>>> Has anyone been able to build a "working" 64-bit version of the
>>>> FIPS-capable OpenSSL on Mac OS X 10.6.7 (SnowLeopard)?
>>>>
>>>> I have built a 64-bit version of the fipscanister from openssl-fips-1.2.3
>>>> on Mac OS X 10.6.7.
>>>>
>>>> But fips_shatest and the openssl command are core dumping when I do a
>>>> 'make test'
>>>>
>>>> For example:
>>>>
>>>> ./config fipscanisterbuild
>>>> make
>>>> make test (fips_shatest and openssl core dump at this step)
>>>>
>>>
>>> Does fips_test_suite run OK?
>>
>>
>> I ran fips_test_suite and it has been pegged for almost two hours on the
>> following:
>>
>> =====
>> $ ./fips_test_suite
>> FIPS-mode test application
>>
>> 1. Non-Approved cryptographic operation test...
>> =====
>>
>> The CPU is at 100% on fips_test_suite. It does not get past that.
>>
>> Any ideas?
>>
>
> It can take a long time to execute sometimes as it performs two slow DH
> parameter generation operations. Retry it a few times. If it still doesn't
> complete try:
>
> OPENSSL_FIPS=1 util/shlib_wrap.sh apps/openssl version -a
>
> Note that the utilities in the 1.2.3 build come from an ancient version of
> OpenSSL 0.9.8 and to get a usable library you must build an FIPS capable
> OpenSSL using the 1.2.3 fipscanister.o and a recent 0.9.8 version.
fips_test_suite hangs (stayed there for more than 24 hours). So I tried
shlib_wrap.sh as you suggest and I got a core dump from openssl.
I am testing with a FIPS-capable OpenSSL using the 1.2.3 fipscanister.o with
0.9.8r (the most recent version).
$ apps/openssl version
OpenSSL 0.9.8r-fips 8 Feb 2011
$ OPENSSL_FIPS=1 util/shlib_wrap.sh apps/openssl version -a
Segmentation fault (core dumped)
$ otool -c /cores/core.97244 | head -4
/cores/core.97244:
Argument strings on the stack at: 00007fff5fc00000
/Users/foo/svn/mac_crypto_64/Crypto/OSX/build_openssl_fips_capable/openssl-0.9.8r/apps/openssl
$ gdb apps/openssl /cores/core.97244
GNU gdb 6.3.50-20050815 (Apple version gdb-1515) (Sat Jan 15 08:33:48 UTC 2011)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin"...Reading symbols for shared
libraries .... done
Reading symbols for shared libraries . done
Reading symbols for shared libraries .... done
#0 0x000000003f61ffff in ?? ()
(gdb) bt
#0 0x000000003f61ffff in ?? ()
Cannot access memory at address 0x3f61ffff
#1 0x00000000092ff8bb in ?? ()
(gdb) quit
So does it look like the 64-bit version of the FIPS-capable OpenSSL on
SnowLeopard is officially broken?
Thanks,
Bill
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
