I'd suggest checking where the bottlenecks are before making major structural changes. I'll admit we have made a few changes to the basic OpenSSL sources but I don't see unacceptable amounts of locking even on large machines (100's of processing units) with thousands of threads.Blinding and the RN
On Tue, Dec 01, 2015 at 09:21:34AM +1000, Paul Dale wrote:
> However, the obstacle preventing 100% CPU utilisation for both stacks
> is lock contention. The NSS folks apparently spent a lot of effort
> addressing this and they have a far more scalable locking model than
> OpenSSL: one lock per con
> are you sure that the negotiated cipher suite is the same and that the
> NSS is not configured to reuse the server key share if you're using DHE
> or ECDHE?
The cipher suite was the same. I'd have to check to see exactly which was
used. It is certainly possible that NSS was configured as yo
Ø Why could not to extend functionality ?
Because there are other things we are working on (see the roadmap at
http://openssl.org/policies/roadmap.html )
Ø And in the future to come to almost full Certificate Authority center as a
fullforce solution along one line with other Linux and even M
Nevertheless, OSSL has Ocsp with responder feature.
Why could not to extend functionality ?
And in the future to come to almost full Certificate Authority center as a
fullforce solution along one line with other Linux and even MS AD CS
sokutions.
Moreover, I think, many people need it and will b
Ø Why this part of code will never become part of OSSL ?
It's not what we do.
OpenSSL is a crypto and TLS toolkit. It is not a general PKI solution.
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
> ... and it almost certainly will not become part of OpenSSL
It sound bad.
Why this part of code will never become part of OSSL ?
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Congratulations, sounds like nice work!
Ø And a big wishing to you as dev. team is to check code and include to the
next nearest release version.
I doubt anyone on the team will review the code, and it almost certainly will
not become part of OpenSSL.
I hope that others are interested and wi
> We have no plans to do this.
>> May be will put it into your plans ?
>>> Doubtful. We have lots of other work to do. Writing a full-strength
database-backed OCSP responder is outside of our interests.
I decided not wait for you and I have made OSSL Ocsp responder based at
index DB - storing/gett
On Tue, Nov 24, 2015 at 11:06:44AM +, Pascal Cuoq via RT wrote:
> This issue is similar in nature to 4151
> (http://www.mail-archive.com/openssl-dev@openssl.org/msg40950.html ): it is
> about a dangling pointer being used, but not used for dereferencing, so it's
> not a memory error. The dan
On 11/24/2015 05:06 AM, Pascal Cuoq via RT wrote:
> This issue is similar in nature to 4151
> (http://www.mail-archive.com/openssl-dev@openssl.org/msg40950.html ): it is
> about a dangling pointer being used, but not used for dereferencing, so it's
> not a memory error. The dangling pointer is u
Access to VRSAVE have a high cost in performance.
Since ABI was update we don't need to save what
vector register we are using. Removing VRSAVE access
can improve a bit more our performance.
Signed-off-by: Leonidas S. Barbosa
Signed-off-by: Paulo Flabiano Smorigo
---
crypto/aes/asm/aesp8-ppc.pl
Sorry Rick, no, I was asking openssl-dev. I sent the email solely to
r...@openssl.org as recommended on the web site, and it looks like it
rewrote it 'To' you and 'Cc' to openssl-dev. Sorry for the confusion.
Regards,
jjf
On 30/11/2015 17:57, Puckett, Rick via RT wrote:
>
Wrong crypto being used, not an OpenSSL error.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Jeremy,
Are you asking me? I don't have commit access to the repository. Obviously, I
would endorse adding this patch as we have Sun T-3 systems. :-) As the patch
wasn't incorporated into an official release, I worked around this issue by
using the configure parameter "solaris-sparcv7".
- R
On Mon Jul 20 13:03:05 UTC 2015 Andy Polyakov wrote:
>
>> I applied the patch you sent and configured/compiled using
>> "solaris-sparcv9-gcc" and the program completes normally.
>> As I am unable to use patched/unofficial code for our operational ...
>
>What is criteria for being "official"?
On Mon, Nov 23, 2015 at 11:56:54PM +, Viktor Dukhovni wrote:
> > It may be a good idea to rethink locking completely.
>
> There is some glimmer of hope in that as various libcrypto structures
> become opaque, the locking moves from application code into the
> library. For example, we now have
On Mon Nov 30 15:25:01 2015, prasha...@ryussi.com wrote:
> Hi,
>
> We are trying to generate CMAC authentication code using EVP_aes_128_ccm
> mode. The CMAC_Final function returning the single byte hash code which
> suppose to return 16-byte hash code.
>
> We tried same algorithm with EVP_aes_128_c
> I think it omits a *huge* area of use cases where “openssl” executable itself
> is used to (a) test and/or debug other SSL/TLS applications and packages, (b)
> perform cryptographic processing on files and data - either standalone, or as
> a part of a script (shell or such).
It would be great
On 11/30/15, 11:10 , "openssl-dev on behalf of Hubert Kario"
wrote:
>On Friday 27 November 2015 13:39:36 Tom Jay via RT wrote:
>> 3. Some kind of useful examples of common usages
>> of OpenSSL would be appreciated.
>
>https://wiki.openssl.org/index.php/Main_Page
>
>If you have specific use cases
On Friday 27 November 2015 13:39:36 Tom Jay via RT wrote:
> 3. Some kind of useful examples of common usages
> of OpenSSL would be appreciated. I'm still trawling through the
> documentation trying to figure out how to do what I want to do and am
> relying heaving on 3rd party guides to figure out
On Friday 27 November 2015 13:39:36 Tom Jay via RT wrote:
> 3. Some kind of useful examples of common usages
> of OpenSSL would be appreciated. I'm still trawling through the
> documentation trying to figure out how to do what I want to do and am
> relying heaving on 3rd party guides to figure out
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.0.2e, 1.0.1q, 1.0.0t and 0.9.8zh.
These releases will be made available on 3rd December between
Hi,
We are trying to generate CMAC authentication code using EVP_aes_128_ccm
mode. The CMAC_Final function returning the single byte hash code which
suppose to return 16-byte hash code.
We tried same algorithm with EVP_aes_128_cbc mode which is returning
16-byte hash code but we have specific re
On Tuesday 24 November 2015 10:49:26 Paul Dale wrote:
> On Mon, 23 Nov 2015 11:11:37 PM Alessandro Ghedini wrote:
> > Is this TLS connections?
>
> Yes, this is just measuring the TLS handshake. Renegotiations
> predominately. We deliberately didn't test the bulk symmetric crypto
> phase of the co
Did you see the INSTALL and README files in whatever version you downloaded?
On the download page, I added a link to the release strategy which explains the
release numbering.
--
Rich Salz, OpenSSL dev team; rs...@openssl.org
___
openssl-dev mailing list
26 matches
Mail list logo