On 12/19/2012 05:21 AM, Bill Durant wrote: > Hello Jeffrey: > > Thank you for the response. > > So FIPS mode enable is supported on non-SSE2 processors *only* with a > fipscanister that is built with the "no-asm" option?
Correct. That's an unfortunate limitation of the requirements of the validation process, where each "code path" permutation has to be separately tested at non-trivial expense. So even though it would easy in the code to do a runtime selection of the appropriate optimizations, we couldn't afford to validate each permutation independently. Hence the three tiers of optimization. Also note that for the most recent validation (2.0 module, #1747) there aren't many "no-asm" platforms, so effectively non-SSE2 capable x86 processors aren't supported on many O/Ses. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
