[openssl-users] new FIPS module

Steve Marquess marquess at openssl.com
Wed Sep 28 14:38:27 UTC 2016


On 09/27/2016 10:57 AM, Zeke Evans wrote:
>> ...
> 
> The fixed base address requirement causes problems for large Windows
> x86 applications and there isn't a great work around.  It isn't clear
> to me if item 2 " Support compilation in various forms" will address
> this or not.  An option to compile the fips module as a dll instead
> of a static lib would be nice or at least allow the fips capable
> module to be rebased.

As I understand it (not being a Windows person), we don't have any
options good across the Windows ecosystem. Apparently PIC isn't possible
on Win32, for instance.

Hopefully Andy will weigh in. If there is a graceful way to accommodate
Windows we'd gladly do it.

As for DLLs, the fipscanister.o code can always be embedded within a DLL
or shared library. It's the rebasing that's the problem.

-Steve M.

-- 
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc


More information about the openssl-users mailing list