You forgot: ./config fipscanisterbuild asm
Since you're on an x86_64 platform, you can benefit a lot from the asm speedups. -Kyle H On Fri, Aug 28, 2009 at 2:48 AM, Mark Phalan<mark.pha...@sun.com> wrote: > > On Thu, 2009-08-27 at 10:23 -0400, Steve Marquess wrote: >> Mark Phalan wrote: >> > I've been working on getting a FIPS Capable OpenSSL into OpenSolaris. >> >> Excellent, we designed the OpenSSL FIPS Object Module and the "FIPS >> capable" OpenSSL to enable just this sort of support in vendor O/S >> distros. One set of "FIPS capable" OpenSSL libraries shipped to all >> customers, with FIPS mode for the entire system enabled or not at >> runtime. Note the global configuration file and OPENSSL_config() call >> can be used for this purpose (see section 5.2 of >> http://openssl.org/docs/fips/UserGuide-1.2.pdf). >> >> > Due to the way the FIPS Capable OpenSSL is built it ends up with >> > older implementations of ciphers (all the ones that fipscanister.o >> > implements). These cipher implementations are used regardless of >> > being in FIPS mode or not. >> >> Ummm, not so. Use the OpenSSL FIPS Object Module v1.2 (the >> fipscanister.o part *only*, throw the rest away!) along with a current >> version of OpenSSL 0.9.8 for everything else. That way the old but >> validated crypto implementations in fipscanister.o are used in FIPS >> mode, the standard unvalidated (and current) ones in 0.9.8k+ are used >> when not in FIPS mode. > > This doesn't appear to be the case the way I build it... > > Here is a summary of how I built and tested the fips and non-fips > versions on my Ultra 24 (Core2Duo Q9650 @ 3.00GHz): > > $ isainfo > amd64 i386 > > openssl-fips-1.2 > $ ./config fipscanisterbuild > $ make > # make install > ... > > 0.9.8k-fips > ./config fips shared > make > > ... > > 0.9.8k > ./config shared > make > > > Speed results: > > OpenSSL 0.9.8k 25 Mar 2009 > built on: Fri Aug 28 10:36:58 CEST 2009 > options:bn(64,64) md2(int) rc4(1x,char) des(idx,cisc,16,int) > aes(partial) idea(int) blowfish(ptr2) > compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT > -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int > -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM > -DAES_ASM > available timing options: TIMES TIMEB HZ=100 [sysconf value] > timing function used: times > The 'numbers' are in 1000s of bytes per second processed. > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 > bytes > aes-128 cbc 135063.79k 184065.92k 202569.47k 208250.88k > 209704.28k > aes-192 cbc 98324.28k 147109.23k 167682.30k 173344.43k > 175494.49k > aes-256 cbc 90383.17k 130776.13k 146193.92k 150772.74k > 152103.59k > > > OpenSSL 0.9.8k-fips 25 Mar 2009 > built on: Fri Aug 28 10:35:09 CEST 2009 > options:bn(64,64) md2(int) rc4(1x,char) des(idx,cisc,16,int) > aes(partial) idea(int) blowfish(ptr2) > compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT > -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int > -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM > -DAES_ASM > available timing options: TIMES TIMEB HZ=100 [sysconf value] > timing function used: times > The 'numbers' are in 1000s of bytes per second processed. > type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 > bytes > aes-128 cbc 88270.08k 96227.86k 98987.43k 99352.58k > 99543.72k > aes-192 cbc 74932.78k 80559.13k 82352.64k 82683.56k > 82952.90k > aes-256 cbc 64523.70k 69436.15k 70589.18k 70931.49k > 70934.53k > > > Summary: AES is twice as slow when using the FIPS Capable libcrypto > (note OPENSSL_FIPS wasn't set as doing so would cause an immediate > assertion failure due to the use of non-FIPS approved ciphers) > > > Digging in a little more: > > # openssl-0.9.8k > $ ar t libcrypto.a |grep aes > aes_misc.o > aes_ecb.o > aes_cfb.o > aes_ofb.o > aes_ctr.o > aes_ige.o > aes_wrap.o > aes-x86_64.o > e_aes.o > > # openssl-0.9.8k-fips > $ ar t libcrypto.a |grep aes > aes_misc.o > aes_ctr.o > aes_ige.o > aes_wrap.o > > Clearly the FIPS Capable OpenSSL doesn't contain the same aes > implementation as the non-FIPS one. truss(1) shows the FIPS Capable > OpenSSL calling _x86_64_AES_encrypt_compact and the non-FIPS one calling > _x86_64_AES_encrypt. > > I believe this is correct as when building in FIPS mode util/arx.pl will > exclude the cipher implementations so that when fipscanister.o is > included in the library there are no symbol conflicts. > (See "FIPSCANLIB" in Configure and EXCL_OBJ in the top-level Makefile). > > e.g. from fipscanister.o: > > $ nm fipscanister.o |grep _x86_64_AES_encrypt > [308] | 91008| 483|FUNC |LOCL |0 |2 |_x86_64_AES_encrypt > .. > > from the aes object file: > $ nm aes-x86_64.o |grep _x86_64_AES_encrypt > [4] | 0| 507|FUNC |LOCL |0 |1 |_x86_64_AES_encrypt > > > I've read the user guide and security policy a number of times and I > don't believe that I've built this incorrectly. Please correct me if I'm > wrong :) > > >> >> The FIPS capable build process is discussed in the User Guide document >> noted above. >> >> > ... >> > >> > I'm new to the list so if these things have been discussed before >> > feel free to send me to an archive of that previous discussion. >> >> Yes, but this is tricky stuff, complex crypto compounded with >> unintuitive policy requirements, so please feel free to ask. > > Thanks, > > -M > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
