|
»
« Return to Thread: FIPS Module 1.2 build with Visual Studio 2010 fails self-tests
Re: FIPS Module 1.2 build with Visual Studio 2010 fails self-tests
by Dr. Stephen Henson
::
Rate this Message:
On Sun, Apr 15, 2012, Vimol Kshetrimayum wrote:
> Andy Polyakov <appro <at> openssl.org> writes:
>
> >
> > > I tested this on the x86 version of the DLL and I imagine it will fix
> > > the x64 DLL as well (they both reported the same error). It looks
> > > like this setting will need to be added for VS2010.
> >
> > As mentioned [in another reply], I was under impression that x64 code is
> > always position-independent, i.e. I'd expect x64 to work even if
> > relocated. Oh well... Closer look revealed that .text segment, code
> > itself, *is* indeed position-independent, but not .rdata, which is also
> > fingerprinted. In order for this to work it is implied that compiler
> > moves relocatable data from .rdata segment. Unix compiler actually do
> > that, but apparently not Windows A.
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > Development Mailing List openssl-dev <at> openssl.org
> > Automated List Manager majordomo <at> openssl.org
> >
> >
>
>
> I am facing same issue when I built x64 version of FIPS object module (1.2.3)and
> openSSL 0.9.8.u on Windows 7 with Visual Studio 2010.
>
> As suggested in this thread, I have edited the openssl-0.9.8u\ms\ntdll.mak and
> added /FIXED flag in LFLAGS as below.
>
> LFLAGS=/FIXED /nologo /subsystem:console /opt:ref
>
> Now, out32dll/fips_test_suite.exe running successfully after compiling with
> /FIXED linker option.
>
> However, my sample application which is linking dynamically with libeay32.dll is
> returning same finger print mismatch error.Sample application also links with
> /FIXED linker option.
>
> dumpbin shows no randomization code in "DLL characteristics" for both
> libeay32.dll and sample application.
>
> Here is the link lines for libeay32.dll:
> ----------------------------------------------------
> perl util\fipslink.pl /FIXED /nologo /subsystem:console /opt:ref /dll /map
> /base:0xFB00000 /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def
> @C:\Users\VIMOL_~1\AppData\Local\Temp\nm9209.tmp
> ----------------------------------------------------
>
> Value of DLL characteristics from dumpbin:
> ----------------------------------------------------
> 100 DLL characteristics
> NX compatible
> ----------------------------------------------------
>
> Is the above value of link line and DLL characteristics correct? Or did I miss
> anything? Or is OS forcefully loading the libeay32.DLL at randomized address?
>
>
Try adding: /fixed explicitly to the linker rule for libeay32.dll, it is the
section beginning:
$(O_CRYPTO): ...
Alternatively you can add it to the MLFLAGS line in the makefile but that will
affect ssleay32.dll too. If that doesn't work try /dynamicbase:no /fixed
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...
> Andy Polyakov <appro <at> openssl.org> writes:
>
> >
> > > I tested this on the x86 version of the DLL and I imagine it will fix
> > > the x64 DLL as well (they both reported the same error). It looks
> > > like this setting will need to be added for VS2010.
> >
> > As mentioned [in another reply], I was under impression that x64 code is
> > always position-independent, i.e. I'd expect x64 to work even if
> > relocated. Oh well... Closer look revealed that .text segment, code
> > itself, *is* indeed position-independent, but not .rdata, which is also
> > fingerprinted. In order for this to work it is implied that compiler
> > moves relocatable data from .rdata segment. Unix compiler actually do
> > that, but apparently not Windows A.
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > Development Mailing List openssl-dev <at> openssl.org
> > Automated List Manager majordomo <at> openssl.org
> >
> >
>
>
> I am facing same issue when I built x64 version of FIPS object module (1.2.3)and
> openSSL 0.9.8.u on Windows 7 with Visual Studio 2010.
>
> As suggested in this thread, I have edited the openssl-0.9.8u\ms\ntdll.mak and
> added /FIXED flag in LFLAGS as below.
>
> LFLAGS=/FIXED /nologo /subsystem:console /opt:ref
>
> Now, out32dll/fips_test_suite.exe running successfully after compiling with
> /FIXED linker option.
>
> However, my sample application which is linking dynamically with libeay32.dll is
> returning same finger print mismatch error.Sample application also links with
> /FIXED linker option.
>
> dumpbin shows no randomization code in "DLL characteristics" for both
> libeay32.dll and sample application.
>
> Here is the link lines for libeay32.dll:
> ----------------------------------------------------
> perl util\fipslink.pl /FIXED /nologo /subsystem:console /opt:ref /dll /map
> /base:0xFB00000 /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def
> @C:\Users\VIMOL_~1\AppData\Local\Temp\nm9209.tmp
> ----------------------------------------------------
>
> Value of DLL characteristics from dumpbin:
> ----------------------------------------------------
> 100 DLL characteristics
> NX compatible
> ----------------------------------------------------
>
> Is the above value of link line and DLL characteristics correct? Or did I miss
> anything? Or is OS forcefully loading the libeay32.DLL at randomized address?
>
>
Try adding: /fixed explicitly to the linker rule for libeay32.dll, it is the
section beginning:
$(O_CRYPTO): ...
Alternatively you can add it to the MLFLAGS line in the makefile but that will
affect ssleay32.dll too. If that doesn't work try /dynamicbase:no /fixed
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@...
Automated List Manager majordomo@...
« Return to Thread: FIPS Module 1.2 build with Visual Studio 2010 fails self-tests
| Free embeddable forum powered by Nabble | Forum Help |
