Hi
I am in the process of upgrading an application which was using the FIPS
1.1.2 module to using the FIPS 1.2 module and I am looking for a sanity
check. My system is an x86 (AMD Geode LX 800) system running Linux 2.6.26.
I noticed the time it takes to execute FIPS_mode_set(1) went from under
1 second with the FIPS 1.1.2 module to almost 20 seconds with the FIPS
1.2 module. Were there significant changes to the self-tests that would
account for this increase in run-time?
When I built the FIPS 1.2 module, I did have to specify the "no-asm"
option as it seems the asm code is not compatible with the Geode CPU. I
don't recall doing this for the FIPS 1.1.2 module. Did it use any x86
asm code by default or is the asm code new to the FIPS1.2 module?
Is there any chance I built something wrong to end up with this
significant slowdown. I built the FIPS module per the security policy
and User's guide. When I built the OpenSSL library, I specified:
./config fips --withfipslibdir=/usr/local/ssl/fips-1.0/lib
--prefix=/usr --openssldir=/etc/ssl
Any insight would be appreciated. The slowdown particularly hurts my
application because it is called multiple times from a script with each
call incurring the 20 second FIPS_mode_set(1) delay.
Thanks,
Mark
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
