| Summary: | 3.2.3. OpenSSL Intel AES-NI Engine is outdated | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Miroslav Vadkerti <mvadkert> |
| Component: | doc-Security_Guide | Assignee: | Bara Ancincova <bancinco> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Tomas Capek <tcapek> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.5 | CC: | bancinco, ebenes, fweimer, hkario, msvoboda |
| Target Milestone: | rc | Keywords: | Documentation |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-04-21 11:31:37 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Miroslav Vadkerti
2013-12-17 14:28:01 UTC
The reproduced is correct, I just tested in on an AES testing machine # grep -m1 -o aes /proc/cpuinfo aes # openssl speed aes-128-cbc Doing aes-128 cbc for 3s on 16 size blocks: 18693032 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 64 size blocks: 5052796 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 256 size blocks: 1288608 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 1024 size blocks: 323906 aes-128 cbc's in 3.00s Doing aes-128 cbc for 3s on 8192 size blocks: 40555 aes-128 cbc's in 3.00s OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Fri Sep 27 10:09:12 EDT 2013 options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128 cbc 99696.17k 107792.98k 109961.22k 110559.91k 110742.19k # openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 150084418 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 40934523 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 10510135 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 2646815 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 8192 size blocks: 330598 aes-128-cbc's in 3.00s OpenSSL 1.0.1e-fips 11 Feb 2013 built on: Fri Sep 27 10:09:12 EDT 2013 options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 800450.23k 873269.82k 896864.85k 903446.19k 902752.94k The updated text is already on the Portal: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Security_Guide/index.html#sect-Security_Guide-Encryption-OpenSSL_Intel_AES-NI_Engine Closing this bug as CLOSED CURRENTRELEASE. |