On Jan 22, 2:48 am, Julien R Pierre - Sun Microsystems <julien.pierre.nos...@nospam.sun.com> wrote: > Jean-Daniel, > > Jean-Daniel wrote: > >> Another possible reason is if you are comparing 32-bit NSS vs 64-bit > >> OpenSSL binaries. Regardless of assembly optimizations. The 64-bit code > >> is always a lot faster, even without optimizations. > > > Of course, but as my test exec is link on both library, so that could > > no be the case. > > Anyway by default, gcc produce 32 bits binary on OS X, and you should > > ask it explicitly to get a 64 bits version (and I don't ask it). > > I am not sure what kind of application you are developing, but if RSA > keygen performance is an issue, I would strongly recommend you consider > going 64-bits if it's an option. > > > That's what I supected. > > > If I do not managed to find a way to generate an optimized binary, I > > think I'm going to workaround this issue by generating the key using > > OpenSSL and then, import them in my NSS db. > > I am not sure if we have the required functions to import raw private > keys in the NSS API. We go out of our way to make it difficult and > ensure that never happens :-). Even if you can do it, it will be difficult.
In fact, I do not directly use the OpenSSL generator, I'm using the CDSA keygen API and it return a PKCS1 public key and a PKCS8 private key. After that, I can decode the public key using SEC_ASN1DecodeItem with the SECKEY_RSAPublicKeyTemplate and I can use PK11_ImportDERPrivateKeyInfoAndReturnKey() to import the private key. Except if there is know bugs with this function ? > I would suggest you open an RFE in bugzilla against NSS to add freebl > optimizations on Darwin . I will have a look at that too. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto