Hello, I've successfully built the validated FIPS object module and OpenSSL 0.9.8o on Windows with Visual Studio 2008 many times (both an x86 and x64 version) without issue and I can successfully build both with Visual Studio 2010. However, the FIPS module built with Visual Studio 2010 fails the FIPS test suite (out32dll\fips_test_suite.exe) and if I use the generated object module to build FIPS validated OpenSSL DLLs, those DLLs also fail the self test and can't be used to enable FIPS mode (OpenSSL reports "the fingerprint does not match").
"out32dll\fips_test_suite.exe" reports the following output when run right after "ms\do_fips.bat": 1. Non-Approved cryptographic operation test... a. Included algorithm (D-H)...successful2. Automatic power-up self test...ERROR:2d06906e:lib=45,func=105,reason=110:file=.\fips\fips.c:line=238:FAILED! The only difference between a working FIPS build and the failed build is the Visual Studio environment. The working version is built using Visual Studio 2008 SP1 and the failed with 2010 (both using the Professional edition and both on Windows 7). I've done a little investigation and it appears the 2010 version of libeay32.dll is being relocated from the correct preferred base address of 0xFB00000 to a different address. I have no idea why this is happening and nothing I do seems to prevent the relocation. I made sure to turn off image randomization and even tried changing the base address of the DLL during building using the command line option but it still gets relocated when I try to use it. If I use the Visual Studio 2008-generated DLLs in place of the 2010 DLLs then they work fine and are not relocated. It is very strange. However, since the FIPS module itself fails the FIP self-test I'm not sure this is significant. If I use a static library instead of the shared library OpenSSL DLL build the results are still the same when I try to enable FIPS mode... "the fingerprint does not match". I'm getting the "FIPS_R_FINGERPRINT_DOES_NOT_MATCH" error and not the "FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED" error so I have a feeling fixing the canister problem will fix the relocation issue with the DLL. I've tried everything I can think of and I'm running out of ideas. Does anyone have any suggestions on what could be the problem? Has anyone successfully built and tested the FIPS canister with Visual Studio 2010? Thanks, Grant
