On Mon, Oct 18, 2010, Grant Averett wrote: > > Even specifying a different base address doesn't fix the problem. I have a > different default address that the DLL consistently gets relocated to but > changing the preferred base address of libeay32 to that address still doesn't > work. The DLL will just get relocated to a different address. > Using the /FIXED parameter also doesn't work. However, if you link a Visual > Studio 2008 generated FIPS canister to a Visual Studio 2010 OpenSSL DLL then > everything works. Unfortunately, that means your OpenSSL DLL is linked to > both the VC9 CRT and the VC10 CRT which is exactly what I want to avoid. > Strangely, the out32dll/fips_test_suite.exe no longer returns a failure > after I compiled everything with the /FIXED linker option (everything was > compiled with VS 2010). I assumed the test suite was linking to the > generated OpenSSL DLLs but after running it through process explorer and > dependency walker it looks like it's statically linked. Using the DLLs in my > app still fails to initialize FIPS and the DLL is still getting relocated. > I'm going to try static linking next. >
Yes the FIPS test utilities including fips_test_suite.exe are statically linked against fipscanister.lib this was to demonstrate that those utilities have no dependencies on any unvalidated source code. I'd suggest writing a test application that just enters FIPS mode and see the result. Then get it to dump the addresses of the fingerprinted regions and their contents: then a comparison can be done to see if the contents change even if the addresses are the same. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
