On Sun, 11 Aug 2002 17:54:49 -0700 (PDT), James Shelby wrote:
>My first thought was the same. Which brought up
>another interesting questionthe 32bit Pentium II
>333 is still faster than the UltraSparc 400.
Frankly, I don't find this surprising. A RISC CPU would likely be slower
t
On Tue, 17 Sep 2002 17:07:06 +0800, Öܹ⻪ wrote:
>After few days, on the server side, there are many ssl socket connection
>did not exit clean, they are mostly in close_wait state and few in
>established state.
Do you understand what the CLOSE_WAIT state means and how sockets get in
On Tue, 17 Sep 2002 18:26:05 +0800, 周光华 wrote:
>I think CLOSE_WAIT state means it is still waitting for the other side's
>FD_CLOSE notification, (perhaps shutdown function of ssl or socket will
>send this notification), but the other side had already exit and
>successfully closed the connectio
>>I am trying to understand why ZLIB is being used that way. Here is what
>>gives better results on a continuous reliable stream of data:
>>
>>1) You create a z_stream for sending, and another z_stream for
>>receiving.
>>
>>2) You call deflateInit() and inflateInit() on them, respecti
>6.2.2. Record compression and decompression
>
>[snip snip] The compression algorithm translates a
>TLSPlaintext structure into a TLSCompressed structure. Compression
>functions are initialized with default state information whenever a
>connection state is made active.
The conne
On Tue, 10 Dec 2002 08:24:09 +0100 (MET), Jeyalakshmi via RT wrote:
>we would like to apply SSL to our Web site. Now most of our pages are using
>Request.Querystring object. I feel it would create pblm ie we can't user
>GET method in ASP while applying SSL.
Why not? What does one have to
e it's part of a random number generator,
predictability is not important. Purify/Valgrind assume you want your
code to behave in a predictable way -- usually a correct assumption
just not in this case.
--
David Schwartz
<[EMAIL PROTECTED]>
___
On Mon, 17 Mar 2003 11:26:46 -0700, Verdon Walker wrote:
>I know from looking in the archives that this question has been
>asked
>before, but I am wondering if anything has been done in the 0.9.7
>branch
>to address it.
>We have an application that uses separate threads for its readers
and
>write
On Wed, 19 Mar 2003 09:51:20 -0700, Verdon Walker wrote:
>We have one thread wanting to write a large amount of data (say 2
>Meg).
>OpenSSL will break that data up into 16k chunks, SSLize them and
>write
>each separately. During the process, it is using the "rwstate" in
>the
>SSL structure to indi
On Wed, 19 Mar 2003 16:53:32 -0700, Verdon Walker wrote:
>First, thank you for your responses. I appreciate the feedback, but
>I don't think I understand the points you are making in your last
>email.
>Perhaps, I did not explain myself well enough, but the idea of
>allowing
>long operations to be
On Thu, 20 Mar 2003 11:45:28 -0700, Verdon Walker wrote:
>I knew I had not explained myself well enough given your last
>response.
>I did not mean to attempt to abort the "current chunck", but rather
>to
>be able to read the cancel between chunks so I could do just what
>you
>suggest. Of course, t
> Hello,
> How Can I get two independent SSL structures on the same one
> connection
> ?
The glib answer would be "any way you want to". The detailed answer is that
there is no standard way to do this, so you can choose any method you wish
and do it that way.
One way, for exa
> >
> > > Hello,
> > > How Can I get two independent SSL structures on the same one
> > > connection
> > > ?
> > The glib answer would be "any way you want to". The detailed answer is
> > that
> > there is no standard way to do this, so you can choose any
> > method you wish
> > and do it tha
> Hi OpenSSL Developers,
>
> (cc Jon Schull)
>
> I'm a relative newbie at encryption, capable of using and wrapping
> crypto software, but with no depth of background in its technicalities.
>
> I got an email yesterday from a user of one of my wrappers, who reported
> a strange quirk in Blowfish (
> 1:error:24064064:lib(36):func(100):reason(100):../../../../openssl
> /md_rand.c
> :503:You need to read the OpenSSL FAQ,
> http://www.openssl.org/support/faq.html
> 1:error:05068003:lib(5):func(104):reason(3):../../../../openssl/dh_gen.c:
> Any ideas on why I am getting this error?
Ju
I'm not 100% sure I'm following you because of your choice of terminology,
but here goes:
> Yes, I do understand the DH exchange process. But with respect to the
> OpenSSL DH Library usage, let's say I and another party have
> fixed p & g. I
> calculate X using DH_generate_key() (I get a
> One of the applications we are working on requires us
> to generate RSA key pairs at a rate of about 20-25 key
> pairs/second
> is there any application out there which can do this??
> is using /dev/random, /etc/entropy or accelerator card
> with RNG any faster?? and can this achieve the speed
>
> but my public key come from a buffer,like char* buf,how can I use
> this buf
> encrypt my data?I know maybe use RSA struct,so how can I use that
> buf make
> a RSA struct?
What format is the key in? PEM? DER? Text? And why is this on openssl-dev?
This isn't about the development of Open
>
> To whom it may concern:
>
> We found that the following code fragment causes 21 memory leaks:
> --
> --
> --
> #include
> SSL_CTX* ctx = SSL_CTX_new(SSLv23_method());
> SSL_CTX_free(ctx);
> -
> Suggestion:
>
> This is a usage error. Be sure to initialize openssl when your
> application starts or
> when your DLL is loaded. Do not wait for the first thread to attempt
> to make
> a call to OpenSSL to initialize it.
That is not always possible. The process may become multi-thre
> As I am new here I frist want to introduce myself - I am a scientific
> employee at Technische Universitaet Muenchen and we do some research on
> DRM related security mechanisms.
The short answer is that you cannot reliably both grant and deny access to
the same entity.
> We made a con
> ssleay32.lib libeay32.lib
>
> When I compile now, I get:
>
> Linking...
> LINK : fatal error LNK1181: cannot open input file 'ssleay32.lib'
>
> What am I doing wrong here?
It should be pretty obvious that the problem is that the linker isn't
looking for these two files in the place that
> Looking through openssl's DH code (0.9.7d, see below),
> when choosing the secret exponent, openssl chooses a
> random number where the most significant bit of the
> exponent is always set to be 1 (that's what top=0 does
> as the 3rd argument to BN_rand). I can't figure out
> any security justi
> Does it mean that Openssl will try to seed by
> *itself* first when it is initialized, and this
> operation fails on PPC2003 because of not enough enthropy ?
This is a user question, not a developer question and is on the wrong
list.
Yes, OpenSSL will try to seed itself using
> Hi, apologies if this has already been covered, but I did not find it
> specifically in the faq or by googling.
You really need to read the actual BXA regulations and, if you plan to
rely
on the advice, hire an attorney.
> Has anyone received sound legal advice about the rules for U.S
> > The BXA doesn't care how you get the encryption done, whether an
> > application has its own routines or calls a library, if the end
> > result is
> > cryptography, it's cryptographic software.
>
> Yes it does. There are special exemptions for open source.
>
> /r$
This is
> I am trying to use ssl_read in the loop for receiving the data
> of
> unknown size ( say 988 bytes for now ). But it fails to read after a
> single pass. Everytime it exits with ret = 32 and error=SSL_ERROR_NONE.
> Am I missing something here .. Please find attached the code snippet. Is
> I mean that if the order of memory write visibility between
> processors can't
> be g'teed, than a whole lot MORE than just DCLP crashes and burns ... How
> in that case can anyone write safe MP code?
>
> D.
The only correct and safe way to do it is with mutexes or their
equivalent.
D
> Since aquiring the mutex is already on the 'slow' track,
> couldn't you
> just aquire a second (pointless) mutex inside the first around only the
> 'initialized=1;' assignment? If mutexes resolve the initial situation
> then they must be implemented with a memory fence (in the itanium
> model),
> It strikes me that the H/W designers have played a bit "fast and
> loose" with
> the cache consistency issue here
For the vast majority of cases, this is a pure speed boost. For the tiny
number of cases where it causes a problem, you use mutexes.
> - I believe I understand the C/C++
>
> On Thursday 07 April 2005 16:39, David Schwartz wrote:
> A bit off-topic, but...
> > If you mean 'volatile', no, that doesn't do anything. Specifically,
> > 'volatile' has no special semantics for multi-processors. There may be
> > specif
> On Thursday 07 April 2005 19:09, David Schwartz wrote:
> > > Translation: The compiler can't make assumptions about the state of a
> > > variable marked "volatile", and MUST generate code that writes
> > > every result
> > > stor
> On Fri, 8 Apr 2005, David Schwartz wrote:
> > No. The C standard is not telling the compiler what to do.
> > It is saying
> > what the system must do when it runs the particular source code. If the
> > compiler cannot generate code that makes the system as a wh
> Hi,
>
> May I ask how to use openssl API implement a ssh
> client in C++/Unix?
>
> Part of this communication project is to use ssh/ssl
> client communicate with the sshd server on the other
> site and "push" local configuration files to the
> remote machine.
Googling for "openssl ssh"
> Thanks for your point. However, I think you
> misinterpreted my problem.
Actually, you have misinterpret your own problem. ;)
> I know BER is a superset of DER, so we can use DER in
> places where BER is expected.
Exactly.
> However, my case is reversed. I am trying to use B
> Thanks, David.
>
> I am stuck exact at how to convert BER to DER.
> If I can convert BER to DER, then my problem is
> solved.
>
> Dr. Steve said there is no such conversion routine in
> OpenSSL...
That is not your program. If that were the problem, the solution would
simply be to re
> I am having a lot of problems importing a certificate made in openssl
> into a phone, but I can get a keytool certificate imported. The only
> thing is that I need to change the V1 cert (keytool only makes V1) to a
> V3 cert - can openssl modify a cert to a V3 (without changing anything
> else)?
> This is a follow on from my last post as the text lost its formatting.
>
> How do I change the utc time of a certificate to a smaller format
> (whilst creating a cert):
> 18082107Z - there are lots of zeros in this format, openssl
> gives less.
There is never more than one way to re
> Hello all!
>
> I find some problem in OpenSSL when I use it for connecting to POP3s
> (POP3 over SSL/TLS, port 995) server. When I use command "retr" it's
> work fine. When I use "RETR" OpenSSL print some error.
>
> Computer: Cel-633, RAM 192, HDD 10Gb
> OS: WinXP SP2
> OpenSSL: OpenSSL 0.9.8a 1
> > openssl prime 2
> 2 is not prime
>
> openssl version openssl-0.9.8a
This is a known issue. The prime testing code was designed to test large
primes.
DS
__
OpenSSL Project htt
> Alright, there's a SEVERE disconnect here versus the description of an
> integer as described in the thread "openssl can don' t handle 20 Octes
> long Serial Numbers RFC 3280".
If you think there's a disconnect, you are confused.
> This needs to be rectified soonest.
There is
> Clarification:
>
> In DER, the following is prohibited:
> 1. leading zero bytes if the next non-zero octet does not start with bit
> 7 set (0x80 mask).
> 2. leading 0xff (-1, 255) bytes, if the next non-0xff octet starts with
> bit 7 set (0x80 mask).
Thanks for the clarification. It too
> My mistake it was ASN1_TIME that is correct.
>
> But any way, I don't see a reason why I should not be able to convert
> it, if I don't care for milliseconds, time_t can represent times for
> up to 2038, so It should be ok to convert it to the time_t.
>
> Any ideas, the ASN1_cmp_time does much
> > 00 20 : Illegal DER, leading 00 not needed
> > 00 80 : Legal, leading 00 needed to make number positive
> > FF 03 : Legal, leading FF needed to make number negative
> > FF D0 : Illegal DER, FF not needed
> > Note that these are all legal BER and are all perfectly valid and
> > meaningful
> I will not get certificates today for after 2045 because the
> certificates that I am checking are certificates that already past a
> validation check and have been inserted into my cache system, therefor
> it is a certificate signed by our own system which does not sign for
> more then 25 year.
> BTW why will I run into trouble at 2015 it should be good up to 2037?
> Am I missing some thing?
You said your system signs certificates that are valid for as long as 25
years. In 2015, therefore, you may encounter certificates that expire in
2040.
DS
> 1. When using OpenSSL for signing data, and for SSL sessions
> (both client side and server side), should I use the /dev/random instead?
IMO, if you're using the random data just to seed a PRNG, there is no
rational reason to insist on using /dev/random instead of /dev/urandom. The
only
> In message
> <[EMAIL PROTECTED]
> com> on Tue, 16 May 2006 12:27:27 -0400, Richard Salz
> <[EMAIL PROTECTED]> said:
>
> rsalz> As for BSD/advertising dicussions, the SSLeay license is
> rsalz> characterized as "BSD with copyright." It's not pure BSD, and
> rsalz> so whether or not the current B
> The OPENSSL_gmtime in o_time.c (that gets called from other places
> like ASN1_UTCTIME_cmp_time_t in a_utctm.c) does not use the safe
> version of gmtime in lots of platforms including:
>OPENSSL_SYS_WIN32
>OPENSSL_SYS_OS2
>__CYGWIN32__
>OPENSSL_SYS_MACOSX
>OPENSSL_SYS_SUNOS
>This could cause pro
> The long version: We run security check software, which makes connections
> with various services, calls up the header, and then tells us that based
> upon the version it read in the header, this service has certain
vulnerabilities.
You mean it might have certain vulnerabilities. You c
> > The long version: We run security check software, which makes
> > connections
> > with various services, calls up the header, and then tells us that based
> > upon the version it read in the header, this service has certain
> > vulnerabilities.
I just have to say one more thing:
> 4.I use 'WSAEventSelect'. Windows assumes that writing to socket
> is possible all the time, so you don't have to check socket's
> possibilty to write if you want to write, like you do it using
> 'select' statement. Only if 'send' will fail with WSAEWOULDBLOCK
> error code windows will send
> On Tue, Nov 07, 2006, Bernhard Rosenkraenzer wrote:
> > gcc 4.2 no longer allows function casting - which is used
> > rather heavily by
> > openssl. (To make things worse, it compiles but inserts abort()
> > statements
> > resulting in app crashes).
> Ugh, I would've thought that flagging a co
> But it gets cast back to the correct type before it is called. These
> casts are done the way they are to get type-safety. Removing that option
> strikes me as a bad thing.
It does not. Look closely at how these functions work:
char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp,
> x is still just a pointer to data - so it's the same
> length in any case, all pointers to lvalues are the
> same length in C. The only issue there is whether it's
> aligned correctly - that's the programmers problem.
Length is not the issue. There is no rule that says that two types must be
pa
> > davids> simple -- if you are going to call a function whose types you
> > davids> don't know (through a prototype), you must cast each type you
> > davids> pass to the type the function expects. End of story. OpenSSL
> > davids> does not do this. This is not valid C whether or not the type
> >
> Once K&R is included, the situation becomes a lot less clear. Also, as I
> read the thread on the GCC list, it looks like the situation is further
> complicated by their desire to avoid an internal compiler error.
> Also**2,
> I don't know what you mean by C's aliasing rules; to me that brings
> The equivalent of the offending line would be
>
> foo((double *)(void *) &j);
>
> since any access through a void pointer CAN change the value.
'(double *)(void *)' does not keep some sort of remnant of the 'void *'. The
final cast renders the end-result a 'double *' and negates the 'void *'
I found the rule -- at least for C99. It is ISO 9899:1999 section
6.2.5, rule 26 and footnote 39:
"26) A pointer to void shall have the same representation and alignment
requirements as a
pointer to a character type. Similarly, pointers to qualified or unqualified
versions of compatibl
> An object may be the type of its last cast -- but it also can't
> exactly lose the benefit/cost of being cast to a pointer to an
> undefined type. As soon as you undefine the type of a pointer, it
> loses the remnant of ever having had the initial type in the first
> place.
Right, but that doe
> But you can pass 'X509 **' as 'void *'. So...
> void x509func(void* p) { X509** pp = (X509**)p; ... }
> void trampoline(void* p) { x509func(p); }
> void caller(void) { X509* p; trampoline(&p); }
>
> should (MUST?) work just fine.
>
> /r$
When I change my test pr
> Are you sure that problem is in cast ?
>
> $ cat test.c
> main() {
> int j=2;
> double *d=(double*)&j;
> *d=1.0;
> printf("%d %e\n", j, *d);
> printf("%d %e\n", j, *d);
> }
> gcc -O2 test.c && ./a.out
> 2 1.00e+00
> 0 1.00e+00
>
> Same result in case with line "double *d=&j;" (but expect
> > So HT flag is no longer HyperThreading, but something else...
> > Will look into
> > it... There is another place HTT flag is checked and it's AES...
> yeah HT flag now basically means "multi-threading or multi-core
> package"... because when amd/intel went dual core they didn't want silly
>
> > Oi. Don't do that.
> Why not?
Because it's a pure pessimization whose sole purpose is to suppress a
bogus
warnings that very, very few people even see, when there's already a way to
suppress those warnings that doesn't impose costs on people who don't care
about them because they'll
> Valgrind runs on unmodified binaries - and it's not always
> possible to get someone else to recompile their code so that
> you can find problems. OpenSSL is used in commercial products
> where source isn't always available.
Valgrind *can* run on unmodified binaries, but when you do that, you g
> When an SSL_read() operation has to be repeated because of
> SSL_ERROR_WANT_READ
> or SSL_ERROR_WANT_WRITE, it must be repeated with the same arguments.
>
> I'm having a hard time to understand the openssl code to confirm that
> SSL_read doesn't need the same buffer on retries.
>
> And o
> Thos are for SSL_write as far as I understand the manpage ode
> SSL_CTX_set_mode. What about SSL_read? My question was about SSL_read.
>
> Robin
Those two flags resolve all the issues.
DS
__
OpenSSL Project
> Could you please tell me where in the manual pages or in which
> document that is documented? That would be really helpful.
Didn't this all start because you didn't trust the documentation?
> Until now the man page for SSL_read reads:
>
> WARNING
>When an SSL_read() operation h
> The function SSL_library_init() is observed to be introudcing
> memory leak in
> the application code. There is still some amount of memory leak left even
> after the series of cleanup calls suggested in the openssl FAQ.
>
> Can someone help understand that technically what is the problem
> in h
> diff -ru openssl-0.9.8e/ssl/ssl_rsa.c openssl-0.9.8e-hacked/ssl/ssl_rsa.c
> --- openssl-0.9.8e/ssl/ssl_rsa.c 2005-04-09 08:52:41.0 +1000
> +++ openssl-0.9.8e-hacked/ssl/ssl_rsa.c 2007-03-19
> 09:03:15.0 +1100
> @@ -728,6 +728,9 @@
> goto end;
>
> Keepin it apart from the memory leak, i would like to know by
> example how a
> perfect cleanup can casue performance problems?
One common case goes like this:
1) You have an object you create very early in the library initialization.
2) The object is accessed a lot, and having to check if it
> Hi!
>
> I have an example case where by the unused memoy allocated by
> SSL_library_init when not freed, would accumulate.
>
> There is an application which takes services from some of the
> libraries say
> A, B and C.
>
> These libraries are dynamically loaded and unloaded into the
> applicatio
> HI!
>
> Thanks again for highlighting those issues. What would be the
> best way for
> the application using those pluggins to avoid this issue of
> SSL_library_init()?
There are really two good ways that ensure that all problems are resolved.
Other ways just deal with problems as they crop up
> If we say that the call SSL_library_init() would initialze some data
> structures which have process scope and are initialized only once.
>
> In such case what is the problem in having a *single* function
> which exacly
> cleans up those data structures at the time of process termination?
See m
> Is it required to call SSL_library_init() if I only want to use
> some crypto
> functionalities?
All SSL_library_init does is add ciphers and digests to the EVP table. If
you don't need any ciphers and digests accessible through the EVP interface
or you add those ciphers and digests yourself, y
>1287 void SSL_free_comp_methods(void)
>1288 {
>1289 if (ssl_comp_methods == NULL)
>1290 return;
>1291 CRYPTO_w_lock(CRYPTO_LOCK_SSL);
>1292 if (ssl_comp_methods != NULL)
>1293 {
>1294 sk_SSL_COMP_pop_free(ssl_comp_methods,CRYPTO_
> > For POSIX threads, the result of reading a variable in one
> > thread while it
> > might be modified in another thread is undefined. Line 1289 and
> > 1290 should
> > be removed.
> Not this old chestnut again.
Like it or not, it's a fact.
> I can't name a CPU in which an aligned load/store
> Oh. I'm sorry. Someone needs to use a keyword 'volatile'.
Sorry, doesn't help.
> Bingo. Problem solved on the improper optimization issue.
What specification says that 'volatile' causes any particular semantics across
threads? I must not have read that one. The 'volatile' keyword is only
> So the point you are trying to make is, while the function would
> solve the
> purpose of freeing the compression methods, However the lock are
> not really
> required in the usage secnario of this function?
If the usage scenario is solely final shutdown of the library, then the lock
is not req
> David seems to be thinking ahead into the realms of CPUs that have not
> been invented yet.
Exactly. That's why there are standards and guarantees. If you follow the
standards and rely on the guarantees you have, your code will work on all
future platforms that provide those same guarantees
> This is the precise optimization that 'volatile' inhibits.
For single-threaded code, you are right. But we are talking about
multi-threaded code.
> 'volatile'
> requires that the value not be cached in "cheap-to-access" locations
> like registers, instead being re-loaded from "expensive-to-ac
> A read of a 'volatile uint64_t', btw, is supposed to make sure that it
> reads from the original memory locations, not cached copies of it in
> register or spread across multiple registers.
Which it doesn't do on any platform I know of. On every platform, 'volatile'
reads through the caches an
Darryl Mile wrote:
> A compiler will not generate a store instruction to put back a
> "cached_copy" into the variable location. Principally because there was
> no assignment operation in the original code and because even a
> non-optimizing compiler knows it can just dump the "cached_copy"
>
Richard Salz wrote:
> Kyle's claim about things like cache's and registers is wrong, not even
> sort-of right. The standard talks about only in terms of
> sequence points,
> and volatile limits what can be done in terms of sequence points. So
> extern volatile char* p;
> int i,
Richard Salz:
> > Suppose another thread does this:
> > *p=99;
> > *p=98;
> Out of scope -- the C standard does not define ANY semantics for
> multiple
> threads of execution.
Exactly. The original example was:
>>> extern volatile char* p;
>>> int i, j;
>>> i = *p;
>>>
> If we were to add SSL_poll() (my preference) or SSL_select()
> (perhaps more portable) to the API, the OpenSSL library could add
> events to the set the application is waiting on -- so it could
> wake the application up when crypto requests had finished and
> SSL_read()/SSL_write() were possible
> int SSL_poll(struct pollfd *fds, nfds_t nfds, int timeout,
> struct SSL_pollctx *sctx, nfds_t nsctx);
I like this approach a lot. Could someone with great familiarity of
OpenSSL's guts give the five minute explanation of what's involved in making
this happen? I can start
> If kevents are the only direct asynchronous notification mechanism for
> this hardware, then it doesn't seem unreasonable to require the
> application to use kevent() for high performance. OpenSSL could
> provide a function to return the set of (struct kevent)s for a given
> SSL connection, whi
> On 4/15/07, David Schwartz <[EMAIL PROTECTED]> wrote:
> > You could easily implement the poll, select, and kevent
> > semantics with just
> > this function. I can't think of any reason a more complex
> > implementation would be any better.
> One reas
> I have been using openssl for some personal home-use encryption, and
> recently overwrote an input file while using openssl bf accidentally
> because bash's autocompletion put in the input file's name when I
> started typing the same name (minus bf at the end) for the output and I
> careless
> On 2007.04.19 at 11:59:39 -0700, David Schwartz wrote:
>
> > This is not nearly as simple as you might think. Are 'foo.txt'
> and 'Foo.txt' the same file? What about 'directory/file.txt' and
> 'symlink/file.txt'?
> >
> >
> For example, if we are running under Unix-style kernel, we can make
> stat calls on both files. And if both st_dev and st_ino fields of
> the resulting stat structures are same, we should consider files same.
Why? Suppose the filesystem internally uses inodes larger than the st_ino
field. Is it
> Im tearing my hair out here with what is probably a stupid problem.
> I'm new to openssl , rsa, etc... , so bear with me please:)
[snip]
> Ok then, i know the key needs to be in PEM format, for PHP /
> openssl... but, i can't get it recognized at all by openssl.
[snip]
> Ok, so i guess i do som
> I searched the archives, but didn't find any hits for what I want. If this
> has already been discussed, please let me know how to improve my search
> string.
>
> On to my question: I know DER is a subset of BER, so therefore
> OpenSSL does
> "write to BER", but can we write to any other BER enc
> [EMAIL PROTECTED] ([EMAIL PROTECTED]) terminated by signal BUS (invalid
> address alignment)
> 0x7d24fab8: t_delete+0x00f8:stx %o0, [%g4 + 16]
> current thread: [EMAIL PROTECTED]
>[1] t_delete(0x11c303480, 0x0, 0x7f268340, 0x2000,
> 0x2190, 0x1004e4290), at 0xf
> Using the Intel 9.1 compiler on an IA64 system the performance of
> AES and (to a lesser extent) other algorithms implemented in
> assembly language is less than that using gcc. I've included the
> speed output for several of the algorithms below.
>
> Is this a know issue and is there a workarou
> Using the Intel 9.1 compiler on an IA64 system the performance of
> AES and (to a lesser extent) other algorithms implemented in
> assembly language is less than that using gcc. I've included the
> speed output for several of the algorithms below.
>
> Is this a know issue and is there a workarou
> I don't think -march=pentium4 is going to work on an IA64, and I have my
> doubts about sse3 too.
Yeah, I misread the original post. I still recommend comparing using the
appropriate optimization flags for each compiler. If you're going to compare
them just based on performance, you should allo
> The idea.h header file is not installed when openssl 0.9.7m is
> compiled on windows system. This header file is included from
> evp.h header file.
Because the IDEA algorithm is covered by patents in some parts of the world,
many compiled builds of OpenSSL don't include it. The "evp.h" header
> Anyway, I'm on 0.9.8e and I've got an application that's doing a lot of
> BIO_write's to a server via TLS. When the write buffer is full, I get -1
> from BIO_write (as expected) and BIO_should_retry returns "do retry" (as
> expected), but when I go to write again a little bit later I get
> SSL_
1 - 100 of 234 matches
Mail list logo
