On 5/29/2013 7:29 AM, Abhijit Ray Chaudhury wrote:
HI ,
Anybody successfully enabled FIPS mode in wince as kernel mode dll ?
I Have faced following problem when giving baseaddress > 0xC0000000 to
link.exe :
=====================================
link.exe won't accept baseaddr > 2GB, even with /LARGEADDRESSAWARE flag.
link.exe accepts baseaddr > 2GB with /DRIVER flag,
but it adds a section called INIT, fro which current msincore script
generates wrong sha1 and fingerprinting fails upon running it.
======================================
I have not done this myself, but two options seem obvious:
A: Use an alternate rebasing tool or linker (assuming this can get past
the FIPS procedural restrictions), without the artificial 2GB
limitation. The ReBaseImage Win32 function can do this (it just needs
a wrapper that calls it), and its source code was previously published
as a Win32 sample (in the NT 3.5 SDK), though that sample may not know
about all the ARM relocation types. There is also a chance that a
different build of LINK.EXE does not have the 2GB limitation.
B: Look for a way to make the hashing base independent, such that a DLL
will pass its startup check even if relocated at load time, this is much
more robust, but I am not sure if the FIPS team had the foresight to
implement this (On all modular platforms that I know, DLLs and kernel
modules are never guaranteed a specific load address, and this is made
worse if ASLR is enabled).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
