I have tested the sample program . For me it only took 4 sec . I am using openssl fips 1.2 and openssl 9.8k .
This is the output # time ./hmac -v hmac.c FIPS mode enabled c00a160be4bc5a9cf1e74bcf44c1b002734e5df1 real 0m3.82s user 0m3.62s sys 0m0.01s thanks rajan On Wed, Apr 29, 2009 at 3:42 AM, Mark Schank <msch...@dcbnet.com> wrote: > Hi > > I am in the process of upgrading an application which was using the FIPS > 1.1.2 module to using the FIPS 1.2 module and I am looking for a sanity > check. My system is an x86 (AMD Geode LX 800) system running Linux 2.6.26. > > I noticed the time it takes to execute FIPS_mode_set(1) went from under 1 > second with the FIPS 1.1.2 module to almost 20 seconds with the FIPS 1.2 > module. Were there significant changes to the self-tests that would account > for this increase in run-time? > > When I built the FIPS 1.2 module, I did have to specify the "no-asm" option > as it seems the asm code is not compatible with the Geode CPU. I don't > recall doing this for the FIPS 1.1.2 module. Did it use any x86 asm code by > default or is the asm code new to the FIPS1.2 module? > > Is there any chance I built something wrong to end up with this significant > slowdown. I built the FIPS module per the security policy and User's guide. > When I built the OpenSSL library, I specified: > ./config fips --withfipslibdir=/usr/local/ssl/fips-1.0/lib --prefix=/usr > --openssldir=/etc/ssl > > Any insight would be appreciated. The slowdown particularly hurts my > application because it is called multiple times from a script with each call > incurring the 20 second FIPS_mode_set(1) delay. > > Thanks, > Mark > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
