|
Hello openssl users,
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
We are planning to use OpenSSL library because of FIPS 140-2 support and AES encryption/decryption in CFB128 mode.
One of the requirement for FIPS mode is self check which is performing calculation of hash on particular memory address on which must be libeay32.dll loaded otherwise check fails. Our code is written in .NET and so is not
easily possible to 100% ensure that particular memory address will be always free. .NET runtime is dynamically loading assemblies to not predictable memory addresses because od ASLR and turning of this is security risk.
Has anyone face this problem? Why selfcheck requires predefined DLL load address? Is there any "cheap" solution?
I hope there is solution for such problem, because otherwise is OpenSSL without FIPS mode use-less for our needs.
Thank you Tomas Pospisil
|
