Re: Building openssl fips 2.0 shared without version for Android
I have a common c library on top of openssl to abstract it from our applications we use for devices and servers. We can easily plug in any version of openssl going forward. On Android we had an existing jni wrapper for our common library that I compile with android ndk. Wouldn't it be most appropriate to link together OpenSSL, your lib and JNI to single .so and be done with it? Even more appropriate would be to limit exported symbols to JNI methods so that other components don't "contaminate" dynamic linker name space nor library itself won't fall victim to "contamination". Latter is by all means is definition of "error-prone." __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: Open SSL and CUDA
I am a PhD student at EPFL Lausanne and I implemented, some time ago, RSA 1024/2048 decryption on NVIDIA GPUs. My software achieved a quite high throughput when decryption involves a single private key or a few. The latency is not very low unfortunately. I would like to integrate my code in open SSL to allow GPU acceleration of RSA decryption. The problem is that to benefit from that, it should be possible to batch decryptions. To minimize confusion it's probably more appropriate to refer to operation as "private key operation" or "sign" rather than "decryption". Provided that it is realistic to assume that real SSL based applications may have thousands of handshake requests at once (could you shed some light on this?), would it be hard to allow batch decryption in SSL?. I am working on reducing the latency of my code make worth offloading on the GPU just a few decryptions, but even if I succeed in that I would need some batching facility... Do see discussion at http://marc.info/?t=118825449500017&r=1&w=2. Personally I'm skeptical that it's feasible in general SSL case such as web server in sense that it would be hard [if even possible] to justify the effort and additional complexity. It probably would be more appropriate to target specific cases. DNSSEC comes to mind... __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Open SSL and CUDA
Dear all, I am a PhD student at EPFL Lausanne and I implemented, some time ago, RSA 1024/2048 decryption on NVIDIA GPUs. My software achieved a quite high throughput when decryption involves a single private key or a few. The latency is not very low unfortunately. I would like to integrate my code in open SSL to allow GPU acceleration of RSA decryption. The problem is that to benefit from that, it should be possible to batch decryptions. Provided that it is realistic to assume that real SSL based applications may have thousands of handshake requests at once (could you shed some light on this?), would it be hard to allow batch decryption in SSL?. I am working on reducing the latency of my code make worth offloading on the GPU just a few decryptions, but even if I succeed in that I would need some batching facility... Cheers, Andrea
[openssl.org #2911] enhancement request: Windows RT support
type of request: enhancement object: support of Windows RT comment: Windows RT is the new Microsoft Windows 8 for ARM tablets such the Microsoft Surface. Applications (so OpenSSL) can be cross built using a Visual Studio C++ 2012 on a x86 platform running a not too old version of Windows. I suggest to create and fill a README.WRT file at the top directory explaining how to build OpenSSL for Windows RT (similar to already provided README.W32, README.W64 and README.WCE). I have access to a suitable build platform and a Windows RT device so I can help both giving some inputs and testing results. Just send a message to my personal E-mail francis.dup...@fdupont.fr or professional E-mail fdup...@isc.org Regards PS: perhaps you can do a similar thing for Windows 8 Phone? __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: BN_DEBUG
Andy Polyakov writes: [...] > As FIPS module is compiled without BN_DEBUG it can and certainly will > confuse code compiled with BN_DEBUG that will call it. This surely is > the explanation for the phenomena and the answer to specific question is > no, you shouldn't define it. Ah, OK, that makes sense, thanks. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org