From: Jeremy Spewock <jspewock@iol.unh.edu>
To: Ali Alnubani <alialnu@nvidia.com>
Cc: "ci@dpdk.org" <ci@dpdk.org>
Subject: Re: [PATCH v6 4/4] doc: add readme file for acvp_tool
Date: Mon, 3 Apr 2023 14:49:27 -0400 [thread overview]
Message-ID: <CAAA20URop5qXmwGfXm8R93ZhOjPJBHkEKPuED==4nMc5nSf+JQ@mail.gmail.com> (raw)
In-Reply-To: <CH0PR12MB51564EB4BE091AE111996168DA889@CH0PR12MB5156.namprd12.prod.outlook.com>
[-- Attachment #1: Type: text/plain, Size: 3352 bytes --]
On Tue, Mar 28, 2023 at 4:27 AM Ali Alnubani <alialnu@nvidia.com> wrote:
> > -----Original Message-----
> > From: jspewock@iol.unh.edu <jspewock@iol.unh.edu>
> > Sent: Monday, March 27, 2023 7:52 PM
> > To: ci@dpdk.org
> > Cc: Jeremy Spewock <jspewock@iol.unh.edu>
> > Subject: [PATCH v6 4/4] doc: add readme file for acvp_tool
> >
> > From: Jeremy Spewock <jspewock@iol.unh.edu>
> >
> > updated out-of-date acvp_tool readme
>
> This only describes the diff with Brandon's patch. The original commit
> message should have been kept instead and expanded if needed.
>
> >
> > Signed-off-by: Jeremy Spewock <jspewock@iol.unh.edu>
> > ---
> [..]
> > +* FIPS Object Module
> > +```
> > +curl -o openssl-fips-2.0.16.tar.gz
> https://www.openssl.org/source/openssl-
> > fips-2.0.16.tar.gz
> > +tar xvfm openssl-fips-2.0.16.tar.gz
> > +cd openssl-fips-2.0.16
> > +./config
> > +make
> > +make install
> > +```
>
> Is this module required even with recent versions of openssl?
>
In recent testing of the dependencies, when this module wasn't present
there is inconsistent behavior that leads to errors.
>
> > +* OpenSSL library
> > +```
> > +curl -o openssl-1.0.2o.tar.gz https://www.openssl.org/source/openssl-
> > 1.0.2o.tar.gz
> > +export CFLAGS='-fPIC'
> > +tar xvfm openssl-1.0.2o.tar.gz
> > +cd openssl-1.0.2o
> > +./config shared fips
> > +make depend
> > +make
> > +```
>
> OpenSSL 1.0.2 is deprecated and probably vulnerable (
> https://www.openssl.org/news/vulnerabilities-1.0.2.html).
> You're also only building locally here, and you aren't pointing DPDK build
> to it, so I doubt it's making a difference.
>
After doing some testing, it seems that this library is not needed in order
to run the application and get passing vectors.
>
> Can you please double check these dependencies?
>
>
These dependencies were actually taken from the test plan documentation
written for running the FIPS sample application. This was the only
documentation I could find that mentions the required libraries in order to
run the sample application so I followed it as closely as I could. The only
thing I had to change was the version of the IPsec library because it
wouldn't build with this older outdated version. This documentation should
likely be updated:
https://git.dpdk.org/tools/dts/tree/test_plans/fips_cryptodev_test_plan.rst
> [..]
> > +### Using the DPDK FIPS Validation Example Application
> > +First, you have to make sure that you configure DPDK to build the FIPS
> > sample application before you compile with ninja
> > +```
> > +#inside dpdk/
> > +meson build --werror
> > +meson configure -Dexamples=fips_validation build
>
> You can combine them into a single command:
> meson --werror -Dexamples=fips_validation build
>
> > +sudo ninja -C build
>
> You're only making local changes here. If sudo wasn't required for the
> meson commands, it won't be required for this one.
>
> Additionally, I see the following warnings when applying the patch:
>
> Applying: doc: add readme file for acvp_tool
> .git/rebase-apply/patch:63: trailing whitespace.
> * In order to test AES-CTR you'll also have to remove the key `"ivGenMode"`
> .git/rebase-apply/patch:133: trailing whitespace.
>
Fixed in v7.
>
> - Ali
>
Thanks,
Jeremy
[-- Attachment #2: Type: text/html, Size: 5404 bytes --]
next prev parent reply other threads:[~2023-04-03 18:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-27 16:51 [PATCH v6 0/4] Add ACVP Tool jspewock
2023-03-27 16:51 ` [PATCH v6 1/4] tools: add acvp_tool jspewock
2023-03-27 16:51 ` [PATCH v6 2/4] tools: add default config file for acvp_tool jspewock
2023-03-28 8:25 ` Ali Alnubani
2023-03-27 16:51 ` [PATCH v6 3/4] tools: add requirements " jspewock
2023-03-27 16:51 ` [PATCH v6 4/4] doc: add readme " jspewock
2023-03-28 8:27 ` Ali Alnubani
2023-04-03 18:49 ` Jeremy Spewock [this message]
2023-03-28 8:28 ` [PATCH v6 0/4] Add ACVP Tool Ali Alnubani
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAA20URop5qXmwGfXm8R93ZhOjPJBHkEKPuED==4nMc5nSf+JQ@mail.gmail.com' \
--to=jspewock@iol.unh.edu \
--cc=alialnu@nvidia.com \
--cc=ci@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).