I'm looking into building OpenSSL 1.0.1e for use on embedded devices with severely limited disk sizes (<20 MiB available). These devices run Windows CE 3 or 5 (EVC compiler) and are ARM, SHx, or x86 architectures. After applying a few minor patches to fix compile/link errors, OpenSSL DLLs compile fine for these platforms as long as I pass "no-asm" to Configure. However, the output files are large, at least compared to the constrained disk size I have to work with.
* The Configure, mkdef.pl, and mk1mf.pl scripts sort-of list Configure/compile flags, but they list different values in each and I'm not confident of their support. For example, supplying no-gost seems to still cause the Makefile to try to link the gost engine (gost.dll), which obviously fails since the gost objs were never compiled.
** Is there a better place for me to find flags?
* Does anyone see any particular problem with the following flags? Any flags that you particularly thing that I should add? My goal is not to include every algorithm, but to provide enough that we can assume the client will be able to connect to most webservers in a secure manner.
no-asm no-rc2 no-rc5 no-idea no-cast no-whirlpool no-camellia no-seed no-md2 no-md4 no-ripemd no-mdc2 no-krb5 no-hw no-gmp no-jpake no-srp no-ssl2 no-sctp
Patrick Watson, CISSP
Data Security & Electronic Payment Systems