Skip to main content

Notes on Using OpenSSL


Notes on Using OpenSSL
Oracle Solaris provides cryptographic libraries for SPARC M12 systems. These libraries can be used by using the PKCS11 engine of OpenSSL. For details, see the man pages openssl(5), engine(3openssl), and evp(3openssl).

Please note:
  1. The PKCS11 engine is the only way in OpenSSL to obtain the acceleration of cryptographic functions from the encryption arithmetic unit of the SPARC64 XII processor.
  2. The implementation of the PKCS11 engine for OpenSSL in Oracle Solaris requires the enabling of the EVP model for digest and encryption methods supported by engine.
    - The following digest methods have been optimized for the SPARC64 XII processor:
    SHA1, SHA224, SHA256, SHA384, SHA512

    - The following encryption methods have been optimized for the SPARC64 XII processor:
    DES-CBC, DES-EDE3-CBC, DES-ECB, DES-EDE3
    AES-128-CBC, AES-192-CBC, AES-256-CBC
    AES-128-ECB, AES-192-ECB, AES-256-ECB
    AES-128-CTR, AES-192-CTR, AES-256-CTR


    The command in the following example calls the accelerated AES-256-CBC method on the SPARC64 XII processor.
# openssl speed -engine pkcs11 -evp AES-256-CBC
  1. - The following public key encryption methods have been optimized for the SPARC64 XII processor, from Oracle Solaris 11.2.
    RSA512, RSA1024, RSA2048
    DSA512, DSA1024, DSA2048
    The command in the following example invokes the RSA2048 method optimized for the SPARC64 XII processor.
# openssl speed -engine pkcs11 rsa2048
  1. To use the optimized digest method or encryption method in the PKCS11 engine with an application using the OpenSSL library (libssl, libcrypto), enable the EVP interface explained in evp(3openssl).