[openssl-users] shouldn't fipslink.pl include the fipscanister.lib in the link line?

Sam Roberts vieuxtech at gmail.com
Thu Jul 20 23:54:29 UTC 2017


On Thu, Jul 20, 2017 at 4:08 PM, Dr. Stephen Henson <steve at openssl.org> wrote:
> On Thu, Jul 20, 2017, Sam Roberts wrote:
>
>>
>> Most of the application is compiled with /MT, but openssl-fips-2.0.16
>> is using /MD, could this be an issue? Can I/should I convince
>> ms\do_fips to build against the multi-threaded runtime?
>>
>
> Unfortunately you can't change that part of the build process in any way or
> the result is no longer validated.

OK, then given https://msdn.microsoft.com/en-us/library/2kzt1wy3(VS.80).aspx
"All modules passed to a given invocation of the linker must have been
compiled with the same run-time library compiler option (/MD, /MT,
/LD)." a static link is impossible, it seems.

I don't think a DLL build will work for node.js given its
distribution/use model, but hypothetically, is there a way to hide
fipscanister in a single-threaded DLL, used by a multi-threaded app?
Are you aware of any multi-threaded OpenSSL FIPS apps on Windows?

node makes almost all of its openssl calls from a single thread, but
there are two exceptions, getting random seeds and pbkdf2, where the
cpu intensive or potentially blocking call is made from a thread pool.

Cheers,
Sam


More information about the openssl-users mailing list