> Is libeay32.dll linked with /FIXED? Verify with 'dumpbin /headers> > libeay32.dll', look for "DLL characteristics"No! The DLL still had the > randomization code turned on after I dumped it. It turns out I had the > /FIXED flag in the wrong place for the actual DLL. Once I looked closer at > the code linking the actual DLL I found the correct place to put the flag. > I've now verified the DLL is linked with /FIXED and the libeay32.dll now > works for FIPS mode. I tested this on the x86 version of the DLL and I > imagine it will fix the x64 DLL as well (they both reported the same error). > It looks like this setting will need to be added for VS2010. Thanks to everyone for all of your help! Grant
> Date: Mon, 18 Oct 2010 21:30:36 +0200 > From: ap...@openssl.org > To: openssl-dev@openssl.org > Subject: Re: FIPS Module 1.2 build with Visual Studio 2010 fails self-tests > > Question #1. Are we talking about 32-bit version or is it the problem > with *both* x86 and x64 code? > > > Even specifying a different base address doesn't fix the problem. I > > have a different default address that the DLL consistently gets > > relocated to but changing the preferred base address of libeay32 to that > > address still doesn't work. The DLL will just get relocated to a > > different address. > > > > Using the /FIXED parameter also doesn't work. > > Define "also doesn't work". If I link *both* fips_test_suite.exe *and* > libeay.dll with /FIXED (or /DYNAMICBASE:NO), then both > fips_test_suite.exe and openssl.exe with OPENSSL_FIPS environment > variable set work. With fips_test_suite.exe working, because it itself > is linked with /FIXED, and openssl.exe working because libeay32.dll is > linked with /FIXED. > > > However, if you link a > > Visual Studio 2008 generated FIPS canister to a Visual Studio 2010 > > OpenSSL DLL then everything works. > > Strange... It's up to linker to set dynamicbase flag in COFF header. > Newer compiler must be marking .obj files in some special way, which > serves as a message to linker. > > > Unfortunately, that means your > > OpenSSL DLL is linked to both the VC9 CRT and the VC10 CRT which is > > exactly what I want to avoid. > > Originally fipscanister.lib was designed not to have strong dependency > on msvcrt, meaning that idea was that it should be possible to use > fipscanister compiled with one compiler with another. But it was > verified to work with rather old compilers. > > > Strangely, the out32dll/fips_test_suite.exe no longer returns a failure > > after I compiled everything with the /FIXED linker option (everything > > was compiled with VS 2010). I assumed the test suite was linking to the > > generated OpenSSL DLLs but after running it through process explorer and > > dependency walker it looks like it's statically linked. Using the DLLs > > in my app still fails to initialize FIPS and the DLL is still getting > > relocated. I'm going to try static linking next. > > Is libeay32.dll linked with /FIXED? Verify with 'dumpbin /headers > libeay32.dll', look for "DLL characteristics". A. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org
