OpenSSL hard coded address 0xFB00000

Sai Srihari dssrrjy at yahoo.co.in
Fri Sep 11 09:05:17 UTC 2020


Hi,
We have been using a wrapper DLL on top of OpenSSL library in our product. While migrating to 1.0.2t, we are facing the initialization problem in FIPs mode. After analysis we found the following information in openssl guide.------------The standard OpenSSL build with the fips option will use abase address for libeay32.dll of 0xFB00000 by default. This value was chosen because it isunlikely to conflict with other dynamically loaded libraries. In the event of a clash with anotherdynamically loaded library which will trigger runtime relocation of libeay32.dll, the integritycheck will fail with the error-----------
So, the root cause seems to be that our program is using the above mentioned address by the time initialization is called. It's happening with a web application where we are making use of JNI interface to make the relevant calls. In fact there are multiple layers here to access the openssl library calls. It's something like we are calling Library1 from web application, and library1 invokes library2 and then 3 and then openssl. Could someone help me in addressing this problem? We have no choice of rebuilding openssl library as the common wrapper (on top of it) is being used by multiple products.
ThanksSai Srihari
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200911/2eade3c7/attachment.html>


More information about the openssl-users mailing list