On Tue, Mar 28, 2023 at 4:27 AM Ali Alnubani wrote: > > -----Original Message----- > > From: jspewock@iol.unh.edu > > Sent: Monday, March 27, 2023 7:52 PM > > To: ci@dpdk.org > > Cc: Jeremy Spewock > > Subject: [PATCH v6 4/4] doc: add readme file for acvp_tool > > > > From: Jeremy Spewock > > > > updated out-of-date acvp_tool readme > > This only describes the diff with Brandon's patch. The original commit > message should have been kept instead and expanded if needed. > > > > > Signed-off-by: Jeremy Spewock > > --- > [..] > > +* FIPS Object Module > > +``` > > +curl -o openssl-fips-2.0.16.tar.gz > https://www.openssl.org/source/openssl- > > fips-2.0.16.tar.gz > > +tar xvfm openssl-fips-2.0.16.tar.gz > > +cd openssl-fips-2.0.16 > > +./config > > +make > > +make install > > +``` > > Is this module required even with recent versions of openssl? > In recent testing of the dependencies, when this module wasn't present there is inconsistent behavior that leads to errors. > > > +* OpenSSL library > > +``` > > +curl -o openssl-1.0.2o.tar.gz https://www.openssl.org/source/openssl- > > 1.0.2o.tar.gz > > +export CFLAGS='-fPIC' > > +tar xvfm openssl-1.0.2o.tar.gz > > +cd openssl-1.0.2o > > +./config shared fips > > +make depend > > +make > > +``` > > OpenSSL 1.0.2 is deprecated and probably vulnerable ( > https://www.openssl.org/news/vulnerabilities-1.0.2.html). > You're also only building locally here, and you aren't pointing DPDK build > to it, so I doubt it's making a difference. > After doing some testing, it seems that this library is not needed in order to run the application and get passing vectors. > > Can you please double check these dependencies? > > These dependencies were actually taken from the test plan documentation written for running the FIPS sample application. This was the only documentation I could find that mentions the required libraries in order to run the sample application so I followed it as closely as I could. The only thing I had to change was the version of the IPsec library because it wouldn't build with this older outdated version. This documentation should likely be updated: https://git.dpdk.org/tools/dts/tree/test_plans/fips_cryptodev_test_plan.rst > [..] > > +### Using the DPDK FIPS Validation Example Application > > +First, you have to make sure that you configure DPDK to build the FIPS > > sample application before you compile with ninja > > +``` > > +#inside dpdk/ > > +meson build --werror > > +meson configure -Dexamples=fips_validation build > > You can combine them into a single command: > meson --werror -Dexamples=fips_validation build > > > +sudo ninja -C build > > You're only making local changes here. If sudo wasn't required for the > meson commands, it won't be required for this one. > > Additionally, I see the following warnings when applying the patch: > > Applying: doc: add readme file for acvp_tool > .git/rebase-apply/patch:63: trailing whitespace. > * In order to test AES-CTR you'll also have to remove the key `"ivGenMode"` > .git/rebase-apply/patch:133: trailing whitespace. > Fixed in v7. > > - Ali > Thanks, Jeremy