Re: [openssl-users] Openssl and floating point

(Top posting for consistency in this part of the thread) Note, however that emulated floating point tends to add code size and startup overhead even when not called. Hence the need to compile with an option to not use floating point at all, at least on platforms that don't have platform-

Re: [openssl-users] Checking for AES-NI accelration

On 10/08/2016 19:02, Norm Green wrote: I've been wondering how and when OpenSSL decides whether it can use the new aes instructions? Does it decide at build time or at run time? If I build on a CPU that supports aes instructions but run on a cpu that does not, will bad things happen? Or is

Re: [openssl-users] Checking for AES-NI accelration

I've been wondering how and when OpenSSL decides whether it can use the new aes instructions? Does it decide at build time or at run time? If I build on a CPU that supports aes instructions but run on a cpu that does not, will bad things happen? Or is OpenSSL smart enough to call functions

Re: [openssl-users] Loading engines recursively and crypto engine lock

On 10 August 2016 at 16:19, Jakob Bohm wrote: > On 10/08/2016 15:49, Krzysztof Konopko wrote: > >> On 10 August 2016 at 15:31, Jakob Bohm jb-open...@wisemo.com>>wrote: >> ​ >> 1. Create a third engine3 which loads both engine1 and engine2 >>

Re: [openssl-users] output from: dh, dhparam, pkeyparam

On 08/08/2016 16:51, Benjamin Kaduk wrote: What Rich said, and also note that it's perfectly valid usage of the PEM routines to read one type from a BIO and then go on to read another (potentially different) type from the same BIO, as would happen if they were in the same file concatenated

Re: [openssl-users] output from: dh, dhparam, pkeyparam

On 08/10/2016 11:00 AM, Jakob Bohm wrote: > On 08/08/2016 16:51, Benjamin Kaduk wrote: >> What Rich said, and also note that it's perfectly valid usage of the >> PEM routines to read one type from a BIO and then go on to read >> another (potentially different) type from the same BIO, as would >>

[openssl-users] Checking for AES-NI accelration

Hi Group, I am running an application which transfers huge chunks of data every second (850Mbps) and the same is secured using openssl. However the CPU usage on windows is very high ( ~ 100%). So as a part of the analysis, I stumbled upon the information that, when using AES

Re: [openssl-users] Openssl and floating point

> We have a platform that does not support floating point operations.  We > discovered that openssl uses floating point in the random number generator. There are other places, too, like bio_print, the poly135 code, etc. Good luck... > Is there any build or compile time flag that uses an

Re: [openssl-users] Loading engines recursively and crypto engine lock

On 08/08/2016 13:39, Krzysztof Konopko wrote: Hi, TL;DR; Is it allowed to initialise engines recursively, ie. call `engine2->init` from `engine1->init`? -- I have a solution in a consumer product based on OpenSSL 1.0.2 series that uses two engines: one (engine1) for selecting client

[openssl-users] Openssl and floating point

We have a platform that does not support floating point operations. We discovered that openssl uses floating point in the random number generator. Is there any build or compile time flag that uses an alternative to floating point? -- Ken Goldman kgold...@us.ibm.com 914-945-2415 (862-2415)

Re: [openssl-users] Info Request

On 09/08/2016 19:26, Luiggi Valles wrote: Helo. I'm trying to used OPENSSL to generate a sign XDAS-BES with PHP and I have some problem but the most important is the function exec(). I would like to know howI do that: the exec () function does not block the function of

Re: [openssl-users] Loading engines recursively and crypto engine lock

On 10 August 2016 at 15:31, Jakob Bohm wrote: > I am not part of the OpenSSL team and have no idea what their > thinking or suggestions are. > ​Thanks for responding! ​ > > However the following should be a generic workaround: > > 1. Create a third engine3 which loads

Re: [openssl-users] Checking for AES-NI accelration

Hi, On 10/08/16 14:25, Nagesh shamnur wrote: Hi Group, I am running an application which transfers huge chunks of data every second (850Mbps) and the same is secured using openssl. However the CPU usage on windows is very high ( ~ 100%). So as a part of the analysis, I stumbled upon the

Re: [openssl-users] Loading engines recursively and crypto engine lock

On 10/08/2016 15:49, Krzysztof Konopko wrote: On 10 August 2016 at 15:31, Jakob Bohm >wrote: I am not part of the OpenSSL team and have no idea what their thinking or suggestions are. ​Thanks for responding! ​ However the

Re: [openssl-users] Openssl and floating point

This is compiler-dependent, and because you didn't specify what platform you're targeting or what compiler you're using, there's no way for us to provide an answer. Check your compiler's documentation. GCC, for example, provides software-emulated floating point for platforms without hardware

[openssl-users] Certificates generated using 3k/4k CSR generated with OpenSSL fails on Windows 2008R2

Hi All, I am generating 1k/2k/3k/4k CSR's on our device using OpenSSL library. I am generating these CSR on our device. We have windows 2008 R2 servers and I am signing these CSR using certificate authority on windows server. I am setting only client and server authentication bits in the CSR