Wow... That is certainly a very unfortunate limitation... Thank you for clarifying... Bill
On Dec 19, 2012, at 6:40 AM, Steve Marquess wrote: > On 12/19/2012 05:21 AM, Bill Durant wrote: >> Hello Jeffrey: >> >> Thank you for the response. >> >> So FIPS mode enable is supported on non-SSE2 processors *only* with a >> fipscanister that is built with the "no-asm" option? > > Correct. That's an unfortunate limitation of the requirements of the > validation process, where each "code path" permutation has to be > separately tested at non-trivial expense. So even though it would easy > in the code to do a runtime selection of the appropriate optimizations, > we couldn't afford to validate each permutation independently. Hence the > three tiers of optimization. > > Also note that for the most recent validation (2.0 module, #1747) there > aren't many "no-asm" platforms, so effectively non-SSE2 capable x86 > processors aren't supported on many O/Ses. > > -Steve M. > > -- > Steve Marquess > OpenSSL Software Foundation, Inc. > 1829 Mount Ephraim Road > Adamstown, MD 21710 > USA > +1 877 673 6775 s/b > +1 301 874 2571 direct > marqu...@opensslfoundation.com > marqu...@openssl.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
