[openssl-users] Static FIPS Library with Address Randomization

Jakob Bohm jb-openssl at wisemo.com
Tue Mar 21 14:17:35 UTC 2017


On 21/03/2017 14:02, Michael Wojcik wrote:
>> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
>> Of William A Rowe Jr
>> Sent: Monday, March 20, 2017 20:59
>> To: openssl-users at openssl.org
>> Subject: Re: [openssl-users] Static FIPS Library with Address Randomization
>>
>> Note you may not modify the openssl-FIPS build files or process.
>>
>> However, building the openssl host container of the FIPS library build,
>> you may pin the DLL file with link flags and dodge this relocation.
> Yes. That's what /BASE:x /FIXED does, which causes the problem (address not available at runtime) which the OP was trying to work around. We're just back where we started.
>
> The simple fact of the matter is that the FIPS requirements do not play well with the PE DLL design. Arguably the PE DLL design itself is at fault (PE relocations also inhibit sharing text pages among processes, for example), but it is what it is. In 32-bit, address space is a scarce resource, and OSes make various compromises in managing it. The real problem is that FIPS 140-2 was written primarily for hardware and doesn't accommodate software well. And, many have argued, doesn't really do anything useful anyway - which is no help whatsoever if your customer is required to have it, or insists on it anyway.
>
I don't believe it is a shortcoming of FIPS 140-2 as much as it
is a shortcoming of how the OpenSSL library verifies the hash of
the FIPS blob.  Specifically, that the has verification is done
on the runtime-relocated code block, not on it's
unrelocated/normalized form.

If there is a conformant way to change the code that checks the
FIPS blob, so it checks the "relocated-to-base-0" form along with
the list of blob-relative relocation offsets used for that
normalization, then the blob hash should work fine with runtime
relocation to an available address, address-layout randomization
etc.  The list of relocation offsets could be trivially extracted
from the relocation data in any non-fixed PE file linked against
that particular blob, sorted by address and filtered to only
include those offsets that fall within the blob.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



More information about the openssl-users mailing list