Skip to main content

Notes on Using OpenSSL


Notes on Using OpenSSL
Oracle Solaris provides accelerated cryptographic libraries for SPARC M10 systems. These libraries can be used by using the PKCS11 engine of OpenSSL. For details, see the man pages openssl(5), engine(3openssl), and evp(3openssl).

Please note:
  1. The PKCS11 engine is the only way in OpenSSL to obtain the acceleration of cryptographic functions from the encryption arithmetic unit of the SPARC64 X+/SPARC64 X processor.
  2. The implementation of the PKCS11 engine for OpenSSL in Oracle Solaris requires the enabling of the EVP model for digest and encryption methods supported by the engine.
    - The following digest methods have been optimized for the SPARC64 X+/SPARC64 X processor:
      SHA1, SHA224, SHA256, SHA384, SHA512

    - The following encryption methods have been optimized for the SPARC64 X+/SPARC64 X processor:
      DES-CBC, DES-EDE3-CBC, DES-ECB, DES-EDE3
      AES-128-CBC, AES-192-CBC, AES-256-CBC
      AES-128-ECB, AES-192-ECB, AES-256-ECB
      AES-128-CTR, AES-192-CTR, AES-256-CTR


    Here is an example of calling the accelerated version of the AES-256-CBC method on the SPARC64 X+/SPARC64 X processor.
# openssl speed -engine pkcs11 -evp AES-256-CBC
  1. - The following public key encryption methods have been optimized for the SPARC64 X+/SPARC64 X processor from Oracle Solaris 11.2.
      RSA512, RSA1024, RSA2048
      DSA512, DSA1024, DSA2048
    The command in the following example invokes the RSA2048 method optimized for the SPARC64 X+/SPARC64 X processor.
# openssl speed -engine pkcs11 rsa2048 
  1. To use the optimized digest method or encryption method in the PKCS11 engine with an application using the OpenSSL library (libssl, libcrypto), enable the EVP interface explained in evp(3openssl).