Please be aware that the content in SAP SQL Anywhere Forum will be migrated to the SAP Community in June and this forum will be retired.

FIPS support is not available for 32-bit software on 64-bit Windows

3

FIPS support is not available for 32-bit software on 64-bit Windows

Why not?

asked 07 Aug '19, 18:33

J%20Diaz's gravatar image

J Diaz
1.2k404968
accept rate: 10%

That's not fully correct according to the v17 What's new docs, they state (under the "Strong encryption now achieved using OpenSSL" topic):

On 64-bit Windows, the 32-bit database server no longer supports FIPS-certified encryption. Use the 64-bit database server instead.

Well, I don't know why it is that way - but why wouldn't you want to run a 64-bit database server on 64-bit Windows?

(08 Aug '19, 03:43) Volker Barth

Didn't want to ignore this question. We use some older 32-Bit external libraries and continue to have issues with these working in the external environment under a 64-Bit instance of SQL Anywhere so we are forced to revert to a 32-Bit instance. Version is 16 latest EBF.

(08 Aug '19, 20:09) J Diaz
Replies hidden

Hm, running 32-bit external libraries with a 32-bit external C environment under a 64-bit database server has worked well for us so far... Have you tried to solve those issues via questions here?

(09 Aug '19, 03:02) Volker Barth

No but I will it's an interesting issue. I'll start a new item once I get the data straight

(09 Aug '19, 11:44) J Diaz
One Answer:
active answersoldest answersnewest answerspopular answers
3

When you load a FIPS DLL, the DLL must first do some integrity checking to make sure it hasn't been tampered with. Basically the DLL calculates some sort of checksum on its own memory space and ensures that the result is what it expects.

I don't remember the details, but something about the way that 32-bit DLLs are loaded by 64-bit Windows caused the DLL to get that memory check wrong, and so it always thinks the DLL has been modified and refuses to load. This is OpenSSL FIPS-validated code (not ours) and so we are not allowed to change it.

permanent link

answered 08 Aug '19, 08:27

Graeme%20Perrow's gravatar image

Graeme Perrow
9.6k379124
accept rate: 54%

Thank you. Have we considered creating a 64-Bit FIPS DLL?

(08 Aug '19, 10:28) J Diaz
Replies hidden

What do mean by that? AFAIK, there should be a 64-bit FIPS DLL in your install when you have the according license, see here...

(08 Aug '19, 10:34) Volker Barth

OK sorry your right I'm working to many things at once.

(08 Aug '19, 10:44) J Diaz
Replies hidden
1

I'd suggest a vacation at the beach, but that can be perilous too...

(08 Aug '19, 16:16) Breck Carter
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×1

question asked: 07 Aug '19, 18:33

question was seen: 1,060 times

last updated: 09 Aug '19, 11:44

Related questions