AES performance when using FIPS 2.0 Object Module

Fri, 11 May 2012 05:26:48 -0700 

Is AES performance expected to be much lower when using the FIPS 2.0
Object Module?  Below are the speed results when using AES-128-CBC with
and w/o the FIPS module.  The host system is 32-bit Linux using gcc
4.4.3.  The host system does not have AES-NI support.  No additional
config arguments were used other than 'fipscanisteronly' for building
the FIPS module and 'fips' for building 1.0.1b. 


$ ./openssl speed -evp aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 13734067 aes-128-cbc's in 2.98s
Doing aes-128-cbc for 3s on 64 size blocks: 4149906 aes-128-cbc's in 2.95s
Doing aes-128-cbc for 3s on 256 size blocks: 1084643 aes-128-cbc's in 2.99s
Doing aes-128-cbc for 3s on 1024 size blocks: 278767 aes-128-cbc's in 2.98s
Doing aes-128-cbc for 3s on 8192 size blocks: 34952 aes-128-cbc's in 2.99s
OpenSSL 1.0.1b-fips 26 Apr 2012
built on: Fri May 11 08:04:08 EDT 2012
options:bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) aes(partial)
idea(int) blowfish(idx)
compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-Wa,--noexecstack -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_GF2m -I/usr/local/ssl/fips-2.0/include -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM
-DWHIRLPOOL_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
bytes
aes-128-cbc      73739.96k    90031.86k    92865.76k    95791.08k   
95761.47k


$ ./openssl speed -evp aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 36109363 aes-128-cbc's in 2.96s
Doing aes-128-cbc for 3s on 64 size blocks: 11241446 aes-128-cbc's in 2.97s
Doing aes-128-cbc for 3s on 256 size blocks: 2840087 aes-128-cbc's in 2.96s
Doing aes-128-cbc for 3s on 1024 size blocks: 706161 aes-128-cbc's in 2.97s
Doing aes-128-cbc for 3s on 8192 size blocks: 90698 aes-128-cbc's in 2.97s
OpenSSL 1.0.1b 26 Apr 2012
built on: Fri May 11 08:14:14 EDT 2012
options:bn(64,32) rc4(8x,mmx) des(ptr,risc1,16,long) aes(partial)
idea(int) blowfish(idx)
compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-Wa,--noexecstack -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM
-DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192
bytes
aes-128-cbc     195185.75k   242239.91k   245629.15k   243471.00k  
250167.68k

<<attachment: foleyj.vcf>>

Reply via email to