Re: [openssl-users] (no subject)

[Jeffrey Walton]

On Fri, Aug 26, 2016 at 6:56 PM, Juliano Souza  wrote:
> I just found it.
>
> Hope to help someone with same requirement.
>
> http://www.cafesoft.com/products/cams/ps/docs32/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
>

There's also Origin Bound Certificates (OCB),
http://www.czeskis.com/research/pubs/tls-obc.pdf. They are like
"tear-off" personal certificates. A user generates one on the fly for
an origin/site, and then uses it when needed. Its not signed by an
authority, so its like the user equivalent to a server's self signed
certificate.

The appealing thing with them is they effectively stop the MitM games
played by many user agents. Not surprisingly, the browser have mostly
rejected them because in their security model, interception is a valid
use case.

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Unhandled exception at 0x005904dc (libeay32.dll) (Windows x86)

[Scott Ware]

On Fri, Aug 26, 2016 at 2:10 AM, Thomas J. Hruska
 wrote:
> Then push a request upstream to change the default build settings. Don't
> blame me.  The binaries that are built are built strictly with default
> settings with the only exception being the various funky runtime linker
> options (/MD, /MT, etc).  If you don't like the defaults, then get the
> upstream changed.
>

Hey Thomas!

Actually the people to blame is Microsoft. They changed the behavior
of Visual Studio. VS2008 was fine, but now  in VS2012 and above SSE is
enabled by default.
https://msdn.microsoft.com/en-us/library/7t5yh4fd(v=vs.110).aspx

I will work with the Configure scripts and see if I can find a
solution to detect the version of VS and add the flag for VS2012 and
above and then try to get it accepted.

-Scott Ware
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] compiling openssl android on arm64

[Nicolas Raby]

Hello,

Due to issue in openSSL 1.0.1l , I have to update openSSL in a project on 4
android platforms : armv7, 64 x86 & x64

I m following this guide, but having trouble compiling the 4 versions.
while I managed to build armv7, I failing building other versions

Can someone help me finding the right variables to edit in
setenv-android.sh ?

Does anyone knows where to find a more user friendly script ?

Here s what I edited for arm64 but it fails with

making depend in crypto...

../util/domd: line 26: arm-linux-androideabi-gcc: command not found

make[1]: *** [local_depend] Error 1


_ANDROID_NDK="android-ndk-r12b"

_ANDROID_EABI="aarch64-linux-android-4.9"
_ANDROID_ARCH=arch-arm64

_ANDROID_API="android-19"


When I launch the setenv script it only complains about FIPS but I dont
need it.

iMac-de-Nicolas:openSSLBuild erwan$ . ./setenv-android-arm64.sh

ERROR ERROR ERROR

Error: FIPS_SIG does not specify incore module. Please edit this script.

ANDROID_NDK_ROOT: /Developer/android-ndk-r12b

ANDROID_ARCH: arch-arm64

ANDROID_EABI: aarch64-linux-android-4.9

ANDROID_API: android-23

ANDROID_SYSROOT: /Developer/android-ndk-r12b/platforms/android-23/arch-arm64

ANDROID_TOOLCHAIN:
/Developer/android-ndk-r12b/toolchains/aarch64-linux-android-4.9/prebuilt/darwin-x86_64/bin

FIPS_SIG:

CROSS_COMPILE: arm-linux-androideabi-

ANDROID_DEV: /Developer/android-ndk-r12b/platforms/android-23/arch-arm64/usr


I m on macOS el capitan

thanks,

Nicolas
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Help installing OpenSSL 1.1.0 pre6 on Windows 2012 R2

[Harster, Kaarl C CIV NAVSEA KPWA, 104]

Hello,
 I've tried many times now to install OpenSSL 1.1.0 pre6 on my Windows 2012 R2 
64bit machine.
We are wanting to run 64bit everything.
I have installed 
ActivePerl 5.24.0.2400
Microsoft Visual Studio Ultimate 2012 version 11.0.50727.1 RTMREL with Visual 
C++2012 installed in it.

When I try to use OpenSSL 1.1.0 pre6 for some reason it can't find the nmake 
commend and it looks to me that the do_win54a and other files are missing in 
the ms folder.
Sorry but I'm new to ActivePerl. I think the nmake is a perl problem maybe. Is 
there additional step you have to do after installing Activeperl to get the 
nmake command to work?
I did find on the ActiveState site the following:
"For 64-bit Perl on 64-bit Windows currently the only supported compiler is the 
Visual C++ compiler included in the Windows Server 2003 SP1 Platform SDK (aka 
the April 2005 edition). 
Use the SetEnv.cmd script to set the PATH, LIB, and INCLUDE environment 
variables to the correct value for building ActivePerl extensions with this 
command:
"C:\Program Files\Microsoft Platform SDK\SetEnv.Cmd" /XP64 /RETAIL"

I tried installing the SDK on my Windows 2012 R2 64bit machine and of course it 
will not install can't find files it needs.
Has anyone tried this? 

So I tried going back a version on openSSL
When I try to use the 1.0.2h version of openSSL, the nmake and the other do_ 
files are in the ms folder and seem to work  but I cannot seem to get past the 
following error message:
c:\openssl\openssl-1.0.2h>nmake -f ms\nt.mak
...
Assembling: tmp32\sha1-586.asm
tmp32\sha1-586.asm(1432) : error A2070:invalid instruction operands
tmp32\sha1-586.asm(1576) : error A2070:invalid instruction operands
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 11.0
\VC\BIN\ml.EXE"' : return code '0x1'
Stop.

Or when I try the following I get a different error:

c:\openssl\openssl-1.0.2h>perl configure VC-WIN64A --prefix=C:\_openssl-1.0.2a_x
64_release_static
Configuring for VC-WIN64A
no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-gmp  [default]  OPENSSL_NO_GMP (skip dir)
no-jpake[experimental] OPENSSL_NO_JPAKE (skip dir)
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
no-libunbound   [experimental] OPENSSL_NO_LIBUNBOUND (skip dir)
no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
no-rfc3779  [default]  OPENSSL_NO_RFC3779 (skip dir)
no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
no-shared   [default]
no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl2 [default]  OPENSSL_NO_SSL2 (skip dir)
no-store[experimental] OPENSSL_NO_STORE (skip dir)
no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
no-zlib [default]
no-zlib-dynamic [default]
IsMK1MF=1
CC=cl
CFLAG =-DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYS
NAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_N
O_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DO
PENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVP
AES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
EX_LIBS   =
CPUID_OBJ =x86_64cpuid.o
BN_ASM=bn_asm.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rs
az-x86_64.o rsaz-avx2.o
EC_ASM=ecp_nistz256.o ecp_nistz256-x86_64.o
DES_ENC   =des_enc.o fcrypt_b.o
AES_ENC   =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-s
ha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
BF_ENC=bf_enc.o
CAST_ENC  =c_enc.o
RC4_ENC   =rc4-x86_64.o rc4-md5-x86_64.o
RC5_ENC   =rc5_enc.o
MD5_OBJ_ASM   =md5-x86_64.o
SHA1_OBJ_ASM  =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sh
a256-mb-x86_64.o
RMD160_OBJ_ASM=
CMLL_ENC  =cmll-x86_64.o cmll_misc.o
MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o
ENGINES_OBJ   =
PROCESSOR =
RANLIB=true
ARFLAGS   =
PERL  =perl
SIXTY_FOUR_BIT mode
DES_INT used
RC4_CHUNK is unsigned long long

Configured for VC-WIN64A.

c:\openssl\openssl-1.0.2h>ms\do_win64a

c:\openssl\openssl-1.0.2h>perl util\mkfiles.pl  1>MINFO

c:\openssl\openssl-1.0.2h>cmd /c "nasm -f win64 -v"  1>NUL 2>&1

c:\openssl\openssl-1.0.2h>if 1 NEQ 0 goto ml64

c:\openssl\openssl-1.0.2h>perl ms\uplink-x86_64.pl masm  1>ms\uptable.asm

c:\openssl\openssl-1.0.2h>ml64 -c -Foms\uptable.obj ms\uptable.asm
Microsoft (R) Macro Assembler (x64) Version 11.00.50727.1
Copyright (C) Microsoft Corporation.  All rights reserved.

 Assembling: ms\uptable.asm

c:\openssl\openssl-1.0.2h>perl util\mk1mf.pl VC-WIN64A  1>ms\nt.mak

c:\openssl\openssl-1.0.2h>perl util\mk1mf.pl dll VC-WIN64A  1>ms\ntdll.mak

c:\openssl\openssl-1.0.2h>perl util\mkdef.pl 32 libeay  

Re: [openssl-users] Help installing OpenSSL 1.1.0 pre6 on Windows 2012 R2

[Matt Caswell]

On 26/08/16 19:17, Harster, Kaarl C CIV NAVSEA KPWA, 104 wrote:
> Hello,
>  I've tried many times now to install OpenSSL 1.1.0 pre6 on my Windows 2012 
> R2 64bit machine.

1.1.0 pre6 is the beta version, but the final 1.1.0 release was made
available yesterday, so to start with I suggest you use that.


> We are wanting to run 64bit everything.
> I have installed 
> ActivePerl 5.24.0.2400
> Microsoft Visual Studio Ultimate 2012 version 11.0.50727.1 RTMREL with Visual 
> C++2012 installed in it.

You also need NASM. See NOTES.WIN

> 
> When I try to use OpenSSL 1.1.0 pre6 for some reason it can't find the nmake 
> commend and it looks to me that the do_win54a and other files are missing in 
> the ms folder.
> Sorry but I'm new to ActivePerl. I think the nmake is a perl problem maybe. 
> Is there additional step you have to do after installing Activeperl to get 
> the nmake command to work?

nmake comes with Visual Studio. Typically if you use the MSVC developer
command prompt it will be available on your PATH.

https://msdn.microsoft.com/en-GB/library/ms229859(v=vs.110).aspx


> I did find on the ActiveState site the following:
> "For 64-bit Perl on 64-bit Windows currently the only supported compiler is 
> the Visual C++ compiler included in the Windows Server 2003 SP1 Platform SDK 
> (aka the April 2005 edition). 
> Use the SetEnv.cmd script to set the PATH, LIB, and INCLUDE environment 
> variables to the correct value for building ActivePerl extensions with this 
> command:
> "C:\Program Files\Microsoft Platform SDK\SetEnv.Cmd" /XP64 /RETAIL"
> 
> I tried installing the SDK on my Windows 2012 R2 64bit machine and of course 
> it will not install can't find files it needs.
> Has anyone tried this? 
> 
> So I tried going back a version on openSSL
> When I try to use the 1.0.2h version of openSSL, the nmake and the other do_ 
> files are in the ms folder and seem to work  but I cannot seem to get past 
> the following error message:
> c:\openssl\openssl-1.0.2h>nmake -f ms\nt.mak
> ...
> Assembling: tmp32\sha1-586.asm
> tmp32\sha1-586.asm(1432) : error A2070:invalid instruction operands
> tmp32\sha1-586.asm(1576) : error A2070:invalid instruction operands
> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 
> 11.0
> \VC\BIN\ml.EXE"' : return code '0x1'
> Stop.

You are using the MASM assembler that comes with MSVC. That is no longer
officially supported. Use NASM instead.

Matt



> 
> Or when I try the following I get a different error:
> 
> c:\openssl\openssl-1.0.2h>perl configure VC-WIN64A 
> --prefix=C:\_openssl-1.0.2a_x
> 64_release_static
> Configuring for VC-WIN64A
> no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip 
> dir)
> no-gmp  [default]  OPENSSL_NO_GMP (skip dir)
> no-jpake[experimental] OPENSSL_NO_JPAKE (skip dir)
> no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
> no-libunbound   [experimental] OPENSSL_NO_LIBUNBOUND (skip dir)
> no-md2  [default]  OPENSSL_NO_MD2 (skip dir)
> no-rc5  [default]  OPENSSL_NO_RC5 (skip dir)
> no-rfc3779  [default]  OPENSSL_NO_RFC3779 (skip dir)
> no-sctp [default]  OPENSSL_NO_SCTP (skip dir)
> no-shared   [default]
> no-ssl-trace[default]  OPENSSL_NO_SSL_TRACE (skip dir)
> no-ssl2 [default]  OPENSSL_NO_SSL2 (skip dir)
> no-store[experimental] OPENSSL_NO_STORE (skip dir)
> no-unit-test[default]  OPENSSL_NO_UNIT_TEST (skip dir)
> no-weak-ssl-ciphers [default]  OPENSSL_NO_WEAK_SSL_CIPHERS (skip dir)
> no-zlib [default]
> no-zlib-dynamic [default]
> IsMK1MF=1
> CC=cl
> CFLAG =-DOPENSSL_THREADS  -DDSO_WIN32 -W3 -Gs0 -Gy -nologo 
> -DOPENSSL_SYS
> NAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE 
> -D_CRT_SECURE_N
> O_DEPRECATE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 
> -DO
> PENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM 
> -DVP
> AES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
> EX_LIBS   =
> CPUID_OBJ =x86_64cpuid.o
> BN_ASM=bn_asm.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o 
> rs
> az-x86_64.o rsaz-avx2.o
> EC_ASM=ecp_nistz256.o ecp_nistz256-x86_64.o
> DES_ENC   =des_enc.o fcrypt_b.o
> AES_ENC   =aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o 
> aesni-s
> ha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o
> BF_ENC=bf_enc.o
> CAST_ENC  =c_enc.o
> RC4_ENC   =rc4-x86_64.o rc4-md5-x86_64.o
> RC5_ENC   =rc5_enc.o
> MD5_OBJ_ASM   =md5-x86_64.o
> SHA1_OBJ_ASM  =sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o 
> sh
> a256-mb-x86_64.o
> RMD160_OBJ_ASM=
> CMLL_ENC  =cmll-x86_64.o cmll_misc.o
> MODES_OBJ =ghash-x86_64.o aesni-gcm-x86_64.o
> ENGINES_OBJ   =
> PROCESSOR =
> RANLIB=true
> ARFLAGS   =
> PERL  =perl
> SIXTY_FOUR_BIT mode
> 

[openssl-users] (no subject)

[Juliano Souza]

Hi!



In order to authenticate users without user and password, I’d like to
generate users .p12 .pfx certificates to install on their browsers and
identify them by CN.



Is there any howto or tutorial explaining some of...



1-Generate my own CA

2-Generate users .p12 / .pfx certs ?

3-In apache how to verify client certificate, if some user try to connect
my URL without this p12/pfx, access is denied.



Is there a lot of documentation (googling), but very old or incomplete.



My set is ; centos 7.2 | Apache 2.4.6 | openssl 1.0.1e-fips



Thank you and best regards,

-- 
Juliano Souza
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] genpkey DSA error

[Leam Hall]

More than likely it's operator error.

OS Version:
CentOS 6, patched.

openssl version:
OpenSSL 1.0.1e-fips 11 Feb 2013

Works:
openssl genpkey -algorithm RSA -out fred_ssl.key
++
++

Fails:
openssl genpkey -algorithm DSA -out fred_ssl.key
Error generating key
	140421332879176:error:0A07906B:dsa routines:PKEY_DSA_KEYGEN:no 
parameters set:dsa_pmeth.c:271:



Suggestions?

Thanks!

Leam
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] genpkey DSA error

[Matt Caswell]

On 26/08/16 21:37, Leam Hall wrote:
> More than likely it's operator error.
> 
> OS Version:
> CentOS 6, patched.
> 
> openssl version:
>OpenSSL 1.0.1e-fips 11 Feb 2013
> 
> Works:
> openssl genpkey -algorithm RSA -out fred_ssl.key
> ++
> ++
> 
> Fails:
> openssl genpkey -algorithm DSA -out fred_ssl.key
> Error generating key
> 140421332879176:error:0A07906B:dsa routines:PKEY_DSA_KEYGEN:no
> parameters set:dsa_pmeth.c:271:
> 
> 
> Suggestions?

DSA needs parameters specifying.

Try this:

openssl genpkey -genparam -algorithm DSA -pkeyopt dsa_paramgen_bits:2048
-out dsa.params

openssl genpkey -paramfile dsa.params -out dsa.key


Matt

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] (no subject)

[Juliano Souza]

I just found it.

Hope to help someone with same requirement.

http://www.cafesoft.com/products/cams/ps/docs32/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html

2016-08-26 17:16 GMT-03:00 Juliano Souza :

> Hi!
>
>
>
> In order to authenticate users without user and password, I’d like to
> generate users .p12 .pfx certificates to install on their browsers and
> identify them by CN.
>
>
>
> Is there any howto or tutorial explaining some of...
>
>
>
> 1-Generate my own CA
>
> 2-Generate users .p12 / .pfx certs ?
>
> 3-In apache how to verify client certificate, if some user try to connect
> my URL without this p12/pfx, access is denied.
>
>
>
> Is there a lot of documentation (googling), but very old or incomplete.
>
>
>
> My set is ; centos 7.2 | Apache 2.4.6 | openssl 1.0.1e-fips
>
>
>
> Thank you and best regards,
>
> --
> Juliano Souza
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>


-- 
Juliano Souza
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] genpkey DSA error

[Leam Hall]

On 08/26/16 18:51, Matt Caswell wrote:


DSA needs parameters specifying.

Try this:

openssl genpkey -genparam -algorithm DSA -pkeyopt dsa_paramgen_bits:2048
-out dsa.params

openssl genpkey -paramfile dsa.params -out dsa.key


Matt



Matt, thanks! That was it.

Leam
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Unhandled exception at 0x005904dc (libeay32.dll) (Windows x86)

[Thomas J. Hruska]

On 8/25/2016 9:21 PM, Jakob Bohm wrote:

On 26/08/2016 05:42, Scott Ware wrote:

On Mon, Aug 22, 2016 at 8:05 PM, Jakob Bohm 
wrote:

On 22/08/2016 22:33, Scott Ware wrote:

On Mon, Aug 22, 2016 at 3:04 PM, Jakob Bohm >wrote: On 22/08/2016 20:09, Scott
Ware wrote: We use libeay32.dll and ssleay32.dll from
https://slproweb.com/products/Win32OpenSSL.htmlin
our applications
and we recently moved from version 1.0.2a to 1.0.2g and now on a few
machines running a AMD Geode processor we are getting "Unhandled
exception at 0x005904dc (libeay32.dll) in Test.exe: 0xC01D:
Illegal Instruction". We ended up building OpennSSL so we could
debug into it and found it is failing on "movsd xmm0,mmword" (see
below) which the AMD Geode does not seem to support. I have tried
"SET OPENSSL_ia32cap=~0x100", "SET OPENSSL_ia32cap=~0x200",
and "SET OPENSSL_ia32cap=~0x700"; and nothing seems to change. I
may not be using OPENSSL_ia32cap correctly. This happens when
calling SSL_CTX_new which then calls RAND_add. Any ideas on the best
thing to do? We don't want to have to manage different compiled
versions of libeay32.dll and ssleay32.dll if we can help it. Your
disassembly looks like the C compiler was invoked with options that
caused regular C floating point code (in this case, the passing of
45.0 as an argument to RAND_add()) to be compiled into MMX/SSE
instructions instead of backwards compatible 80x87 floating point
instructions or (for simple cases like this) regular integer unit
data movement instructions (such as two pushes of 32 bit constants
that contain the halves of the 64 bit double constant, which would
have been more efficient on every x86 CPU). Did the build scripts or
other source code contain any differences from the official source
code that can be downloaded from openssl.org ?
How did you invoke the build scripts (command sequence, special
build environment, special environment variables etc.)? Which
compiler and compiler version/edition did you use? It would be
interesting to know if one of the common Windows compilers does this
unconditionally, making it unsuitable for use in programs that need
to be backwards compatible. I compiled using this process and seem
to be getting the same result as the .dll I downloaded from
slproweb.com  I downloaded the 1.0.2g source
from openssl.com and didn't change anything.
From the "Developer Command Promt for VS2013" perl Configure
debug-VC-WIN32 no-asm --prefix=C:\OpenSSL-VC-32-dbg ms\do_ms nmake
-f ms\ntdll.mak nmake -f ms\ntdll.mak install

According to the following page
https://msdn.microsoft.com/en-us/library/7t5yh4fd%28v=vs.120%29.aspx
Visual Studio 2012 and later requires the following compiler option
to generate code compatible with older CPUs (this is the default in
Visual Studio 2010, and VS2010 does not support the option):
/arch:IA32 This compiler gotcha is specific to the 32 bit x86
architecture, the default looks like it is still sane for x86_64.
Note to the FIPS team: Please check if this affects the FIPS module
building procedure.

Well, I tried to get my normal distribution source to compile with
/arch:IA32. Didn't go well. :( On Thu, Aug 25, 2016 at 10:12 PM,
Thomas J. Hruska  wrote:

On 8/23/2016 7:19 AM, Scott Ware wrote:

Shining Light Productions, Would you consider implementing this in
your builds? VS2012 and above require the /arch:IA32 flag to produce
x86 code compatible with older CPUs.
https://mta.openssl.org/pipermail/openssl-users/2016-August/004260.html
Thanks, Scott Ware



This is an upstream issue. I only do default builds. Contact the
OpenSSL developers if you want that flag added to the default build
process. SSE2 is the default target architecture for Visual Studio
when /arch is not specified. If you don't have a CPU with SSE2
instruction support, then it is long past due for a hardware upgrade.



Bad on them, those of us that have seen this kind of hardware
all know that Geode CPUs use very very little power compared
to modern Intel CPUs, less even than most of Intel's "Atom"
CPUs.


Then push a request upstream to change the default build settings. 
Don't blame me.  The binaries that are built are built strictly with 
default settings with the only exception being the various funky runtime 
linker options (/MD, /MT, etc).  If you don't like the defaults, then 
get the upstream changed.


--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI and Win32 OpenSSL.
http://www.slproweb.com/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users