Trying to understand performance differences
Collected performance numbers using openssl speed for two copies of OpenSSL 1.0.1e, one built as FIPS-capable, the other not, running on an ARMv6. I am having a hard time understanding the differences I observed and would appreciate any insight. Non-FIPS Capable # openssl speed aes Type16 bytes64 bytes256 bytes 1024 bytes 8192 bytes aes-128 cbc 2345.03k2627.50k2708.99k2739.11k 2730.67k aes-192 cbc 2029.69k2236.10k2293.85k2316.84k 2310.14k aes-256 cbc 1782.30k1943.21k1988.52k2000.21k 1994.93k #openssl speed -evp aes-128-cbc aes-128-cbc 2234.73k2591.72k2698.50k2726.91k 2733.40k #openssl speed -evp aes-192-cbc aes-192-cbc 1941.83k2206.61k2284.12k2304.68k 2310.14k #openssl speed -evp aes-256-cbc aes-256-cbc 1719.65k1923.88k1982.21k1997.82k 2001.58k FIPS Capable # openssl speed aes Type16 bytes64 bytes256 bytes 1024 bytes 8192 bytes aes-128 cbc 2540.86k2846.65k2923.78k2946.73k 2951.85k aes-192 cbc 2193.64k2416.26k2478.85k2503.15k 2501.29k aes-256 cbc 1933.31k2103.79k2150.57k2163.37k 2160.95k #openssl speed -evp aes-128-cbc aes-128-cbc 4370.26k6091.88k6787.25k6981.69k 7009.62k #openssl speed -evp aes-192-cbc aes-192-cbc 3992.79k5353.26k5865.22k6010.54k 6048.43k #openssl speed -evp aes-256-cbc aes-256-cbc 3650.15k4773.53k5176.66k5307.68k 5339.87k I don't understand why non-EVP and EVP results are practically the same with the non- FIPS capable library, but the EVP results are significantly faster than the non-EVP results on the FIPS-capable one. MV __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Experimental multi-implementation support for FIPS capable OpenSSL
On Wed, Nov 6, 2013, Dr. Stephen Henson wrote: On Tue, Nov 05, 2013, Vuille, Martin (Martin) wrote: Another approach I am considering is to have both a FIPS-capable and non-FIPS capable version of OpenSSL installed on the system (with suitable adjustments to .so file names to avoid conflicts) with the application using the former when FIPS mode is required and the latter otherwise (perhaps by dynamically loading the appropriate one, or by using a different LD_LIBRARY_PATH). Any thoughts on the viability of that approach? The FIPS capable version of OpenSSL outside FIPS mode should be compatible with the non-FIPS build of the same version of OpenSSL so there shouldn't be a need to do this. Any incompatibilities would be regarded as bugs which should be fixed. Understood, but my understanding is that even in non-FIPS mode the code from the FIPS Object Module is used. Is that understanding incorrect? When not using FIPS mode, I do not want to suffer a performance penalty, as I am running on a very CPU-constrained platform, and want the ability to use patches provided by my platform vendor to leverage their hardware crypto acceleration, which obviously cannot be applied to the FIPS Object Module. MV __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Experimental multi-implementation support for FIPS capable OpenSSL
On Tue, Nov 5, 2013, Dr. Stephen Henson wrote: On Tue, Nov 05, 2013, Vuille, Martin (Martin) wrote: Hi, I have some questions about this change: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dded7f7e8e9f7 37ef9d7e3c3ef165a78fd7fa1d I am interested in using this functionality and wondering whether it would be feasible and reasonably safe for me to back-port it on top of 1.0.1e? You can backport it to 1.0.1e but it will never be officially part of the 1.0.1 release as it includes new features. The first version of OpenSSL it will appear in in 1.0.2. What is it about this change that makes it experimental? It hasn't been widely tested and the tecnique of having mutiple implementations of the same algorithm in EVP hasn't been used in OpenSSL before. In 1.0.1 the more cautious approach of not having non-FIPS EVP implementations was taken instead. Another approach I am considering is to have both a FIPS-capable and non-FIPS capable version of OpenSSL installed on the system (with suitable adjustments to .so file names to avoid conflicts) with the application using the former when FIPS mode is required and the latter otherwise (perhaps by dynamically loading the appropriate one, or by using a different LD_LIBRARY_PATH). Any thoughts on the viability of that approach? MV __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org