[openssl-dev] OpenSSL for windows with /fixed flag
Dr. Stephen Henson
steve at openssl.org
Sun May 24 16:42:09 UTC 2015
On Sun, May 24, 2015, Dixon Xavier wrote:
> Hi,
>
> Going by the description in links:
> http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html
> http://mailing.openssl.dev.narkive.com/HfYeReuA/fips-module-1-2-build-with-visual-studio-2010-fails-self-tests
>
> I understand that adding /fixed flag for linker has resolved the 'FIPS
> selftest failure issues' when OpenSSL is built for 32-bit mode in VS
> 2010.
>
> I would like to understand why the same change (adding /fixed) is
> *not* required in case of OpenSSL 64-bit builds.
>
The integrity test performs an in core hash. If a DLL gets relocated to an
address other than the original location then the hashes will be different
and the test will fail.
For 64 bits Windows builds (and other platforms whether 32 or 64 bits) the
compilers can be persuaded to output position independent code so the data
hashed is independent of the load address.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list