We have been using a wrapper DLL on top of OpenSSL library in our product. While migrating to 1.0.2t, we are facing the initialization problem in FIPs mode. After analysis we found the following information in openssl guide.
The standard OpenSSL build with the fips option will use a
base address for libeay32.dll of 0xFB00000 by default. This value was chosen because it is
unlikely to conflict with other dynamically loaded libraries. In the event of a clash with another
dynamically loaded library which will trigger runtime relocation of libeay32.dll, the integrity
check will fail with the error
So, the root cause seems to be that our program is using the above mentioned address by the time initialization is called. It's happening with a web application where we are making use of JNI interface to make the relevant calls. In fact there are multiple layers here to access the openssl library calls. It's something like we are calling Library1 from web application, and library1 invokes library2 and then 3 and then openssl. Could someone help me in addressing this problem? We have no choice of rebuilding openssl library as the common wrapper (on top of it) is being used by multiple products.