Platform: Win32 FIPS Object Module: 2.0.13 OpenSSL: 1.0.2j We've been using FIPS-capable OpenSSL for over a year now. Some of our components are .dlls that statically link the libraries. Using the BASE:xxxx linker flag (but not /FIXED) has worked well with only very occasional address clashes. The new year has brought a new requirement: NIAP. One of the NIAP requirements is ASLR - address space layout randomization. Since turning on these linker flags, the FIPS POST has been failing due to dll address being randomized and no longer respecting the requested address in the BASE:xxxxx linker flag. In order to get around this, I've had to add the /FIXED flag. The address is no longer being randomized and the POST succeeds if the dll loads...but therein lies the problem. When linking with the /FIXED flag, if the BASE:xxxx address is not available, the dll will not load which is an unacceptable problem and it is happening far too frequenctly. It seems as though the requirements of FIPS-capable OpenSSL and NIAP address randomization are at odds. Is there any way to satisfy both of these requirements on Win32 and guarantee that the dll load? Thanks - any ideas are greatly appreciated. Even if this is mission impossible, at least I'll have something to report. If we need to apply for an exception to one or more NIAP requirements so be it, but I want to exhaust all possibilities. Thanks, Paul -- View this message in context: http://openssl.6102.n7.nabble.com/Static-FIPS-Library-with-Address-Randomization-tp70129.html Sent from the OpenSSL - User mailing list archive at Nabble.com. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
