[PATCH v6 4/4] doc: add readme file for acvp_tool

Ali Alnubani alialnu at nvidia.com
Tue Mar 28 10:27:40 CEST 2023


> -----Original Message-----
> From: jspewock at iol.unh.edu <jspewock at iol.unh.edu>
> Sent: Monday, March 27, 2023 7:52 PM
> To: ci at dpdk.org
> Cc: Jeremy Spewock <jspewock at iol.unh.edu>
> Subject: [PATCH v6 4/4] doc: add readme file for acvp_tool
> 
> From: Jeremy Spewock <jspewock at iol.unh.edu>
> 
> updated out-of-date acvp_tool readme

This only describes the diff with Brandon's patch. The original commit message should have been kept instead and expanded if needed.

> 
> Signed-off-by: Jeremy Spewock <jspewock at iol.unh.edu>
> ---
[..]
> +* FIPS Object Module
> +```
> +curl -o openssl-fips-2.0.16.tar.gz https://www.openssl.org/source/openssl-
> fips-2.0.16.tar.gz
> +tar xvfm openssl-fips-2.0.16.tar.gz
> +cd openssl-fips-2.0.16
> +./config
> +make
> +make install
> +```

Is this module required even with recent versions of openssl?

> +* OpenSSL library
> +```
> +curl -o openssl-1.0.2o.tar.gz https://www.openssl.org/source/openssl-
> 1.0.2o.tar.gz
> +export CFLAGS='-fPIC'
> +tar xvfm openssl-1.0.2o.tar.gz
> +cd openssl-1.0.2o
> +./config shared fips
> +make depend
> +make
> +```

OpenSSL 1.0.2 is deprecated and probably vulnerable (https://www.openssl.org/news/vulnerabilities-1.0.2.html).
You're also only building locally here, and you aren't pointing DPDK build to it, so I doubt it's making a difference.

Can you please double check these dependencies?

[..]
> +### Using the DPDK FIPS Validation Example Application
> +First, you have to make sure that you configure DPDK to build the FIPS
> sample application before you compile with ninja
> +```
> +#inside dpdk/
> +meson build --werror
> +meson configure -Dexamples=fips_validation build

You can combine them into a single command:
meson --werror  -Dexamples=fips_validation build

> +sudo ninja -C build

You're only making local changes here. If sudo wasn't required for the meson commands, it won't be required for this one.

Additionally, I see the following warnings when applying the patch:

Applying: doc: add readme file for acvp_tool
.git/rebase-apply/patch:63: trailing whitespace.
* In order to test AES-CTR you'll also have to remove the key `"ivGenMode"`
.git/rebase-apply/patch:133: trailing whitespace.

- Ali


More information about the ci mailing list