Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: Review Request: openssl-ibmpkcs11 - An openssl PKCS#11 engine https://bugzilla.redhat.com/show_bug.cgi?id=794793 Summary: Review Request: openssl-ibmpkcs11 - An openssl PKCS#11 engine Product: Fedora Version: rawhide Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: Package Review AssignedTo: nobody@xxxxxxxxxxxxxxxxx ReportedBy: key@xxxxxxxxxxxxxxxxxx QAContact: extras-qa@xxxxxxxxxxxxxxxxx CC: notting@xxxxxxxxxx, package-review@xxxxxxxxxxxxxxxxxxxxxxx Classification: Fedora Story Points: --- Type: --- Regression: --- Mount Type: --- Documentation: --- Spec URL: http://kyoder.users.sourceforge.net/openssl-ibmpkcs11.spec SRPM URL: http://kyoder.users.sourceforge.net/openssl-ibmpkcs11-1.0.0-0.src.rpm Description: This package contains a shared object OpenSSL dynamic engine for the use with a PKCS#11 implementation such as openCryptoki. This package provides a library that will bridge the gap between a PKCS#11 implementation, which provides support for storage of keys and certificates and cryptographic hardware support, to the openssl libcrypto library. Testing: 1. Install openCryptoki: # rpm -ivh opencryptoki-2.3.3-2.fc15.i686.rpm opencryptoki-libs-2.3.3-2.fc15.i686.rpm opencryptoki-swtok-2.3.3-2.fc15.i686.rpm 2. Configure openCryptoki: # /etc/init.d/pkcsslotd start [root@localhost ~]# pkcsconf -t Token #0 Info: Label: IBM OS PKCS#11 Manufacturer: IBM Corp. Model: IBM SoftTok Serial Number: 123 Flags: 0x880045 (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGED) Sessions: -1/-1 R/W Sessions: -1/-1 PIN Length: 4-8 Public Memory: 0xFFFFFFFF/0xFFFFFFFF Private Memory: 0xFFFFFFFF/0xFFFFFFFF Hardware Version: 1.0 Firmware Version: 1.0 Time: 10:01:00 AM [root@localhost ~]# pkcsconf -I -c 0 Enter the SO PIN: # (default is 87654321) Enter a unique token label: kentinit [root@localhost ~]# pkcsconf -P -c 0 Enter the SO PIN: Enter the new SO PIN: Re-enter the new SO PIN: [root@localhost ~]# pkcsconf -u -c 0 Enter the SO PIN: Enter the new user PIN: Re-enter the new user PIN: [root@localhost ~]# pkcsconf -t Token #0 Info: Label: kentinit Manufacturer: IBM Corp. Model: IBM SoftTok Serial Number: 123 Flags: 0x44D (RNG|LOGIN_REQUIRED|USER_PIN_INITIALIZED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED) Sessions: -1/-1 R/W Sessions: -1/-1 PIN Length: 4-8 Public Memory: 0xFFFFFFFF/0xFFFFFFFF Private Memory: 0xFFFFFFFF/0xFFFFFFFF Hardware Version: 1.0 Firmware Version: 1.0 Time: 10:01:44 AM 3. Point openssl at the new engine: [root@localhost ~]# openssl engine -t (aesni) Intel AES-NI engine (no-aesni) [ available ] (dynamic) Dynamic engine loading support [ unavailable ] [root@localhost ~]# OPENSSL_CONF=/usr/share/doc/openssl-ibmpkcs11-1.0.0/openssl.cnf.sample openssl engine -t (aesni) Intel AES-NI engine (no-aesni) [ available ] (dynamic) Dynamic engine loading support [ unavailable ] (ibmpkcs11) PKCS#11 hardware engine support [ available ] 4. Run an openssl speed test using the engine: [root@localhost ~]# OPENSSL_CONF=/usr/share/doc/openssl-ibmpkcs11-1.0.0/openssl.cnf.sample openssl engine -c (aesni) Intel AES-NI engine (no-aesni) (dynamic) Dynamic engine loading support (ibmpkcs11) PKCS#11 hardware engine support [RSA, RAND, DES-ECB, DES-CBC, DES-EDE3, DES-EDE3-CBC, AES-128-ECB, AES-128-CBC, AES-192-ECB, AES-192-CBC, AES-256-ECB, AES-256-CBC, MD5, SHA1, RSA-SHA1, hmacWithSHA1] [root@localhost ~]# OPENSSL_CONF=/usr/share/doc/openssl-ibmpkcs11-1.0.0/openssl.cnf.sample openssl speed -engine ibmpkcs11 -evp des-ecb engine "ibmpkcs11" set. Doing des-ecb for 3s on 16 size blocks: 3601074 des-ecb's in 2.97s Doing des-ecb for 3s on 64 size blocks: 1724899 des-ecb's in 2.97s Doing des-ecb for 3s on 256 size blocks: 545990 des-ecb's in 2.90s Doing des-ecb for 3s on 1024 size blocks: 156847 des-ecb's in 2.97s Doing des-ecb for 3s on 8192 size blocks: 19434 des-ecb's in 2.97s OpenSSL 1.0.0e-fips 6 Sep 2011 built on: Wed Sep 7 18:44:05 UTC 2011 options:bn(64,32) md2(int) rc4(8x,mmx) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables -Wa,--noexecstack -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DWHIRLPOOL_ASM The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes des-ecb 19399.73k 37169.54k 48197.74k 54077.89k 53603.81k [root@localhost ~]# -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review