On Mon, May 23, 2011, ciphertexto wrote:
Hello,
Does any one know how can any application work 100% reliably with a
FIPS-capable OpenSSL given the following requirement from page 33 of the
OpenSSL UserGuide at http://www.openssl.org/docs/fips/UserGuide.pdf:
===
The standard OpenSSL build with the fips option will use a base address for
libeay32.dll of 0xFB0 by default.This value was chosen because it is
unlikely to conflict with other dynamically loaded libraries. In the event of
a clash with another dynamically loaded library which will trigger runtime
relocation of libeay32.dll the integrity check will fail with the error
FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELATED
A base address conflict can be resolved by shuffling the other DLLs or re
compiling OpenSSL with an alternative base address specified with the with
baseaddr= option.
Note that the developer can identify which DLLs are relocated with the
Process Explorer utility
fromhttp://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx.;
=
I am hitting this problem sporadically with my application on various Windows
flavors. The dynamic loader on Windows changes the base address of
libeay32.dll whenever it wants to.
As a result, my application stops working because FIPS_mode_set() fails. So
I am ending up with an unreliable application.
I have no control on all of the dynamically loaded libraries in a system so I
unable shuffle the other DLLs as suggested in the user guide.
And changing the base address at build time is also not guaranteed to work
100% reliably because it could also conflict with some other DLL's base
address.
So what to do? Is there some trick/workaround to make this work?
Try specifying the /FIXED and/or /DYNAMICBASE:NO options when you build the
DLL.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
