From: Ali Alnubani <alialnu@nvidia.com>
To: "jspewock@iol.unh.edu" <jspewock@iol.unh.edu>,
"ci@dpdk.org" <ci@dpdk.org>
Subject: RE: [PATCH v6 4/4] doc: add readme file for acvp_tool
Date: Tue, 28 Mar 2023 08:27:40 +0000 [thread overview]
Message-ID: <CH0PR12MB51564EB4BE091AE111996168DA889@CH0PR12MB5156.namprd12.prod.outlook.com> (raw)
In-Reply-To: <20230327165141.7916-6-jspewock@iol.unh.edu>
> -----Original Message-----
> From: jspewock@iol.unh.edu <jspewock@iol.unh.edu>
> Sent: Monday, March 27, 2023 7:52 PM
> To: ci@dpdk.org
> Cc: Jeremy Spewock <jspewock@iol.unh.edu>
> Subject: [PATCH v6 4/4] doc: add readme file for acvp_tool
>
> From: Jeremy Spewock <jspewock@iol.unh.edu>
>
> updated out-of-date acvp_tool readme
This only describes the diff with Brandon's patch. The original commit message should have been kept instead and expanded if needed.
>
> Signed-off-by: Jeremy Spewock <jspewock@iol.unh.edu>
> ---
[..]
> +* FIPS Object Module
> +```
> +curl -o openssl-fips-2.0.16.tar.gz https://www.openssl.org/source/openssl-
> fips-2.0.16.tar.gz
> +tar xvfm openssl-fips-2.0.16.tar.gz
> +cd openssl-fips-2.0.16
> +./config
> +make
> +make install
> +```
Is this module required even with recent versions of openssl?
> +* OpenSSL library
> +```
> +curl -o openssl-1.0.2o.tar.gz https://www.openssl.org/source/openssl-
> 1.0.2o.tar.gz
> +export CFLAGS='-fPIC'
> +tar xvfm openssl-1.0.2o.tar.gz
> +cd openssl-1.0.2o
> +./config shared fips
> +make depend
> +make
> +```
OpenSSL 1.0.2 is deprecated and probably vulnerable (https://www.openssl.org/news/vulnerabilities-1.0.2.html).
You're also only building locally here, and you aren't pointing DPDK build to it, so I doubt it's making a difference.
Can you please double check these dependencies?
[..]
> +### Using the DPDK FIPS Validation Example Application
> +First, you have to make sure that you configure DPDK to build the FIPS
> sample application before you compile with ninja
> +```
> +#inside dpdk/
> +meson build --werror
> +meson configure -Dexamples=fips_validation build
You can combine them into a single command:
meson --werror -Dexamples=fips_validation build
> +sudo ninja -C build
You're only making local changes here. If sudo wasn't required for the meson commands, it won't be required for this one.
Additionally, I see the following warnings when applying the patch:
Applying: doc: add readme file for acvp_tool
.git/rebase-apply/patch:63: trailing whitespace.
* In order to test AES-CTR you'll also have to remove the key `"ivGenMode"`
.git/rebase-apply/patch:133: trailing whitespace.
- Ali
next prev parent reply other threads:[~2023-03-28 8:27 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-27 16:51 [PATCH v6 0/4] Add ACVP Tool jspewock
2023-03-27 16:51 ` [PATCH v6 1/4] tools: add acvp_tool jspewock
2023-03-27 16:51 ` [PATCH v6 2/4] tools: add default config file for acvp_tool jspewock
2023-03-28 8:25 ` Ali Alnubani
2023-03-27 16:51 ` [PATCH v6 3/4] tools: add requirements " jspewock
2023-03-27 16:51 ` [PATCH v6 4/4] doc: add readme " jspewock
2023-03-28 8:27 ` Ali Alnubani [this message]
2023-04-03 18:49 ` Jeremy Spewock
2023-03-28 8:28 ` [PATCH v6 0/4] Add ACVP Tool Ali Alnubani
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CH0PR12MB51564EB4BE091AE111996168DA889@CH0PR12MB5156.namprd12.prod.outlook.com \
--to=alialnu@nvidia.com \
--cc=ci@dpdk.org \
--cc=jspewock@iol.unh.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).