WindyHana's Solanara: OpenSSL

Category: 어플리케이션
Description: OpenSSL의 설치방법과 실행에 대해 설명
Update: 2009-06-15
You can found last updated documents at http://www.solanara.net/
@solanara(solanara on Twitter)
Sorry, for Korean only.

개요

SSL(Secure Socket Layer)과 TLS(Transport Layer Security)는 보안 통신을 위해 사용하는 프로토콜의 이름이다. 이 프로토콜을 구현한 라이브러리중 하나가 OpenSSL이며 오픈 소스로 구현되어있다. OpenSSL라이브러리는 통신 전문을 암호화 하는 것은 물론, 문서를 암호화 할 수도 있다. (하지만 문서를 암호화 한다면 PGP를 사용하는게 더 쉬울 것이다. 윈디하나의 솔라나라: PGP, GnuPG를 참고하자)
SSL을 이용해 통신 내용을 암호화 하는 방법은, 패킷 스나이핑과 IP스푸핑으로 인한 피해를 줄여줄 뿐 그 이상은 안된다. 시스템이 해킹되지 않도록 하는게 아니라 해킹 되어도 피해를 줄일 수 있는 역할을 한다는 의미다. 즉 웹서버에 SSL 통신을 위한 인증서를 설치하고 '보안은 끝'이라고 생각하는 것은 문제가 있다는 의미다. [SSL을 설치했는데 왜 해킹을 당하나요?]라는 질문을 실제로 받은 적이 있는데 참 바보같은 질문인 셈이다
SSL의 단점은 한가지있다. 속도가 느리다는 것이다. 플레인과 비교했을때 너무 느리다. 패킷의 인코딩/디코딩에 많은 CPU자원을 소모하기 때문이다. 속도가 문제가 되는 경우에는 CPU를 업그레이드 하거나, 암호화 가속기(Cryptographic accelerator)를 사용해보는것이 좋다. 솔라리스에서는 Sun Cryptographic Accelerator를 사용할 수 있다.
OpenSSL의 소스가 공개되어있다고 해서 OpenSSL에 포함되어있는 알고리즘도 '무료'는 아니다. OpenSSL에 있는 알고리즘은 저작권이 있고, 대부분 특허가 취득되어 있다. 만약 OpenSSL의 특정 알고리즘을 사용하려면 사용하기 전에 법률가와 상의 하는것이 좋다. [./config no-idea no-mdc2 no-rc5]와 같이 특허권 문제가 될만한 알고리즘은 아예 사용 안하도록 설정하는 것도 하나의 방법이다. 자세한 사항은 README 파일의 PATENTS 섹션을 참고하자. 또한 OpenSSL의 라이선스는 [OpenSSL License]와 [SSLeay License]를 따른다. 쉽게 말해 GPL이 아니기 때문에 OpenSSL을 이용해 개발할 때에는 라이선스를 확인해야 할 것이다. OpenSSL의 라이선스는 GPL과 호환되지 않는 것으로 알려져 있다.
이외에도 SSL을 구현한 오픈 소스 라이브러리로는 LGPL라이선스의 GnuTLS(The GNU Transport Layer Security Library)가 있다.
OpenSSL The Open Source toolkit for SSL-TLS

OpenSSL 설치

아래의 세가지 방법중 어떤것을 사용해도 된다. 솔라나라는 [소스 설치]를 사용했으며 성능을 위해 소스로 설치할 것을 권한다.

소스 설치

root@wl ~ # wget http://www.openssl.org/source/openssl-1.0.0a.tar.gz
root@wl ~ # tar xvfz openssl-1.0.0a.tar.gz
root@wl ~ # cd openssl-1.0.0a
root@wl ~/openssl-1.0.0a # ./config shared
...
Configured for solaris-x86-cc.
root@wl ~/openssl-1.0.0a # make
메시지 생략
making all in tools...
root@wl ~/openssl-1.0.0a # make test 1)
...
compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fast -O -Xa
OPENSSLDIR: "/usr/local/ssl"
`test' is up to date.
root@wl ~/openssl-1.0.0a # make install
...
OpenSSL shared libraries have been installed in:
  /usr/local/ssl

If this directory is not in a standard system path for dynamic/shared
libraries, then you will have problems linking and executing
applications that use OpenSSL libraries UNLESS:

* you link with static (archive) libraries.  If you are truly
  paranoid about security, you should use static libraries.
* you use the GNU libtool code during linking
  (http://www.gnu.org/software/libtool/libtool.html)
* you use pkg-config during linking (this requires that
  PKG_CONFIG_PATH includes the path to the OpenSSL shared
  library directory), and make use of -R or -rpath.
  (http://www.freedesktop.org/software/pkgconfig/)
* you specify the system-wide link path via a command such
  as crle(1) on Solaris systems.
* you add the OpenSSL shared library directory to /etc/ld.so.conf
  and run ldconfig(8) on Linux systems.
* you define the LD_LIBRARY_PATH, LIBPATH, SHLIB_PATH (HP),
  DYLD_LIBRARY_PATH (MacOS X) or PATH (Cygwin and DJGPP)
  environment variable and add the OpenSSL shared library
  directory to it.

One common tool to check the dynamic dependencies of an executable
or dynamic library is ldd(1) on most UNIX systems.

See any operating system documentation and manpages about shared
libraries for your version of UNIX.  The following manpages may be
helpful: ld(1), ld.so(1), ld.so.1(1) [Solaris], dld.sl(1) [HP],
ldd(1), crle(1) [Solaris], pldd(1) [Solaris], ldconfig(8) [Linux],
chatr(1) [HP].
...
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc
root@wl ~/openssl-1.0.0a #

# 환경 설정
root@wl ~ # vi /etc/profile
# for OpenSSL located at /usr/local/ssl
if [ -d /usr/local/ssl ]
then
  PATH=$PATH:/usr/local/ssl/bin
  LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/ssl/lib
fi

1) OpenSSL은 반드시 테스트를 하자. OpenSSL은 컴파일시 기본 옵션으로 풀 옵티마이징을 하도록 되어있다. 이런 이유로 흔하지는 않지만 gcc, cc의 버그로 인해 테스트에 실패하는 경우가 있다. 이런경우 패치를 하거나, gcc, cc, openssl 버전을 낮추거나 gcc, cc의 옵티마이징을 꺼야 한다. [compiler: cc ...] 부분은 시스템마다 다를 수 있다.

번들 사용

# 솔라리스 10에 0.9.7d 이 설치되어있다. PATH만 걸어준다.
root@wl ~ # cd /usr/local/bin
root@wl /usr/local/bin # ln -s /usr/sfw/bin/openssl openssl

패키지 설치

솔라리스 서버의 OS와 아키텍처에 맞는 패키지를 설치한다. 아래의 예에서는 솔라리스 10 x86 의 경우다.

root@wl ~ # wget ftp://ftp.sunfreeware.com/pub/freeware/intel/10/libgcc-3.4.6-sol10-x86-local.gz
root@wl ~ # gunzip libgcc-3.4.6-sol10-x86-local.gz
root@wl ~ # pkgadd -d libgcc-3.4.6-sol10-x86-local
root@wl ~ # wget ftp://ftp.sunfreeware.com/pub/freeware/intel/10/openssl-1.0.0a-sol10-x86-local.gz
root@wl ~ # gunzip openssl-1.0.0a-sol10-x86-local.gz
root@wl ~ # pkgadd -d openssl-1.0.0a-sol10-x86-local

OpenSSL 인증서 만들기

root@wl ~ # cd /usr/local/ssl/certs
root@wl /usr/local/ssl/certs # openssl req -newkey rsa:2048 -nodes -out req.pem -keyout req.key 1)
Generating a 2048 bit RSA private key
.......++++++
.......++++++
writing new private key to '/usr/local/ssl/certs/root.cert'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:GyungGiDo
Locality Name (eg, city) []:Suwon
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Solanara
Organizational Unit Name (eg, section) []:SolanaraTeam
Common Name (eg, YOUR name) []:*.solanara.net 2)
Email Address []:admin@solanara.net
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root@wl /usr/local/ssl/certs # ls -alF 3)

1) OpenSSL 버전이 낮으면 [-newkey rsa:2048]에서 오류가 난다. [-new]로 대체한다.
2) Apache 설정파일인 httpd.conf의 ServerName에 들어갈 값을 적어준다. 아파치는 이부분을 검사한다. www.solanara.net 과 같이 전체를 다 써줘도 되고, 위와 같이 '별표'를 사용할 수 있으며, 192.186.0.1과 같이 IP를 써도 된다. 다른 내용을 쓰면 인증을 다시 받아야 하는 불상사가 생길 수 있다. 유료 루트 인증기관에 보내기 전에 반드시 확인해야 한다.
3) 총 2개의 파일이 생성되었다. req.key는 공개키로, 유출되지 않고 잃어버리지 않도록 보관해야한다. req.pem (certificate signing request)파일은 CA(Certification Authority=인증기관, 예: 베리사인, 타우트)에게 보내 인증 받아야 한다.

Root CA가 되기

CA에서 인증 받으려면 비용이 들기 때문에 테스트용으로는 자신이 CA가 될 필요가 있다. 그런데 CA가 되려면 Root CA(최상위 인증 기관)의 인증이 필요하다. 그리고 그 인증을 받기 위해서는 비용이 든다. 따라서 여기서는 Root CA가 되는 방법을 소개한다. Root CA도 CA중 하나이므로 CA가 하는 일을 모두 할 수 있다.

root@wl /usr/local/ssl/certs # openssl genrsa -des3 -out ca.key 2048 1)
Generating RSA private key, 2048 bit long modulus
............................++++++
............++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:*****
Verifying - Enter pass phrase for ca.key: *****
root@wl /usr/local/ssl/certs # openssl req -new -x509 -days 365 -key ca.key -out ca.crt 2)
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:GyungGiDo
Locality Name (eg, city) []:Suwon
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Solanara
Organizational Unit Name (eg, section) []:SolanaraTeam
Common Name (eg, YOUR name) []:Solanara CA
Email Address []:admin@solanara.net
root@wl /usr/local/ssl/certs # openssl x509 -req -CA ca.crt -CAkey ca.key -days 365 -in req.pem -out signed-req.pem -CAcreateserial 3)
Signature ok
subject=/C=KR/ST=GyungGiDo/L=Suwon/O=Solanara/OU=SolanaraTeam/CN=wl.solanara.net/emailAddress=admin@solanara.net
Getting CA Private Key
Enter pass phrase for ca.key:*****
root@wl /usr/local/ssl/certs # chmod 600 *
root@wl /usr/local/ssl/certs # ls -alF 4)
총 18
drwxr-xr-x   2 root     bin          512 10월 26일  13:44 ./
drwxr-xr-x  10 root     bin          512 10월 26일  13:40 ../
-rw-------   1 root     other       1671  4월  8일  11:27 ca.crt
-rw-------   1 root     other       1751  4월  8일  11:26 ca.key
-rw-------   1 root     other         17  4월  8일  11:49 ca.srl
-rw-------   1 root     other       1679  4월  8일  11:48 req.key
-rw-------   1 root     other       1074  4월  8일  11:48 req.pem
-rw-------   1 root     other       1330  4월  8일  11:49 signed-req.pem
root@wl /usr/local/ssl/certs #

1) Root CA의 2048bit private key 파일을 만든다. 결과 파일은 ca.key 이다.
2) 인증서를 만든다. 결과파일은 ca.crt파일이다. ca.crt를 Internet Explorer에 등록해주면 '올바르지 않은 CA'라는 에러메시지를 없앨 수 있다.
3) 이제 Root CA가 되는 일은 끝났다. 클라이언트가 요청한 req.pem을 싸인해주자. 결과파일은 signed-req.pem이다. 베리싸인과 같은 인증 기관은 이 명령 한줄만 실행 해주면 된다. (그러면서 도대체 얼마를 받는거야... ㅡ,.ㅡ)
4) ca.key와 req.key는 소중하게 보관해야 한다. 절대 외부에 유출되서는 안된다.
※ 아파치를 포함한 유닉스 데몬에서 SSL을 사용할 때 사용하는 필수 정보는, req.key와 signed-req.pem 파일에 저장되어있다. 몇몇 데몬은 ca.crt의 내용까지 요구하는 경우도 있다. (형태가 파일인 경우가 대부분이지만 DB에 저장된 문자열일 수도 있다. 실제로 req.key 와 signed-req.pem 은 vi 에디터등으로 열어 내용을 볼 수 있는 텍스트 파일이다)

인증서 생성 정리

인증서를 빨리 생성하기 위한 명령을 정리했다.

root@wl /usr/local/ssl/certs # openssl req -newkey rsa:4096 -nodes -out req.pem -keyout req.key \
  -subj "/C=KR/ST=GyungGiDo/L=Suwon/O=Solanara/OU=SolanaraTeam/CN=*.solanara.net/emailAddress=admin@solanara.net"
root@wl /usr/local/ssl/certs # openssl genrsa -des3 -out ca.key 4096
Enter pass phrase for ca.key:12345
Verifying - Enter pass phrase for ca.key:12345
root@wl /usr/local/ssl/certs # openssl req -new -x509 -days 3650 -key ca.key -out ca.crt \
  -subj "/C=KR/ST=GyungGiDo/L=Suwon/O=Solanara/OU=SolanaraTeam/CN=Solanara CA/emailAddress=admin@solanara.net"
Enter pass phrase for ca.key:12345
root@wl /usr/local/ssl/certs # openssl x509 -req -CA ca.crt -CAkey ca.key -days 3650 -in req.pem -out signed-req.pem -CAcreateserial
Enter pass phrase for ca.key:12345
root@wl /usr/local/ssl/certs #

OpenSSL 속도 비교

OpenSSL의 암호화로 인한 속도를 체크해볼 수 있는 명령어다. 아래의 예는 Pentium 4 2.4GHz에서 테스트해보았다.

root@wl ~ # openssl speed
Doing mdc2 for 3s on 16 size blocks: 902725 mdc2's in 2.96s
Doing mdc2 for 3s on 64 size blocks: 243365 mdc2's in 2.93s
Doing mdc2 for 3s on 256 size blocks: 62351 mdc2's in 2.95s
Doing mdc2 for 3s on 1024 size blocks: 17725 mdc2's in 2.97s
Doing mdc2 for 3s on 8192 size blocks: 2078 mdc2's in 2.95s
Doing md4 for 3s on 16 size blocks: 2499778 md4's in 2.95s
Doing md4 for 3s on 64 size blocks: 2160524 md4's in 2.90s
Doing md4 for 3s on 256 size blocks: 1640304 md4's in 2.96s
Doing md4 for 3s on 1024 size blocks: 755020 md4's in 2.96s
Doing md4 for 3s on 8192 size blocks: 124118 md4's in 2.97s
Doing md5 for 3s on 16 size blocks: 2261225 md5's in 2.97s
Doing md5 for 3s on 64 size blocks: 1726428 md5's in 2.95s
Doing md5 for 3s on 256 size blocks: 1166991 md5's in 2.97s
Doing md5 for 3s on 1024 size blocks: 554073 md5's in 2.96s
Doing md5 for 3s on 8192 size blocks: 85546 md5's in 2.93s
Doing hmac(md5) for 3s on 16 size blocks: 2036582 hmac(md5)'s in 2.95s
Doing hmac(md5) for 3s on 64 size blocks: 1806025 hmac(md5)'s in 2.95s
Doing hmac(md5) for 3s on 256 size blocks: 1242925 hmac(md5)'s in 2.96s
Doing hmac(md5) for 3s on 1024 size blocks: 541489 hmac(md5)'s in 2.96s
Doing hmac(md5) for 3s on 8192 size blocks: 84985 hmac(md5)'s in 2.95s
Doing sha1 for 3s on 16 size blocks: 2063980 sha1's in 2.97s
Doing sha1 for 3s on 64 size blocks: 1485095 sha1's in 2.97s
Doing sha1 for 3s on 256 size blocks: 794613 sha1's in 2.97s
Doing sha1 for 3s on 1024 size blocks: 336228 sha1's in 2.98s
Doing sha1 for 3s on 8192 size blocks: 48142 sha1's in 2.97s
Doing sha256 for 3s on 16 size blocks: 1510157 sha256's in 2.97s
Doing sha256 for 3s on 64 size blocks: 838321 sha256's in 2.87s
Doing sha256 for 3s on 256 size blocks: 438836 sha256's in 2.97s
Doing sha256 for 3s on 1024 size blocks: 139390 sha256's in 2.97s
Doing sha256 for 3s on 8192 size blocks: 17954 sha256's in 2.97s
Doing sha512 for 3s on 16 size blocks: 636972 sha512's in 2.98s
Doing sha512 for 3s on 64 size blocks: 602356 sha512's in 2.96s
Doing sha512 for 3s on 256 size blocks: 221160 sha512's in 2.97s
Doing sha512 for 3s on 1024 size blocks: 88909 sha512's in 2.98s
Doing sha512 for 3s on 8192 size blocks: 12322 sha512's in 2.97s
Doing whirlpool for 3s on 16 size blocks: 422058 whirlpool's in 2.98s
Doing whirlpool for 3s on 64 size blocks: 207229 whirlpool's in 2.96s
Doing whirlpool for 3s on 256 size blocks: 85295 whirlpool's in 2.90s
Doing whirlpool for 3s on 1024 size blocks: 25394 whirlpool's in 2.97s
Doing whirlpool for 3s on 8192 size blocks: 3112 whirlpool's in 2.96s
Doing rmd160 for 3s on 16 size blocks: 1580074 rmd160's in 2.98s
Doing rmd160 for 3s on 64 size blocks: 1017823 rmd160's in 2.97s
Doing rmd160 for 3s on 256 size blocks: 495077 rmd160's in 2.97s
Doing rmd160 for 3s on 1024 size blocks: 176281 rmd160's in 2.98s
Doing rmd160 for 3s on 8192 size blocks: 24314 rmd160's in 2.97s
Doing rc4 for 3s on 16 size blocks: 15483958 rc4's in 2.97s
Doing rc4 for 3s on 64 size blocks: 3442092 rc4's in 2.88s
Doing rc4 for 3s on 256 size blocks: 1178422 rc4's in 2.97s
Doing rc4 for 3s on 1024 size blocks: 291251 rc4's in 2.97s
Doing rc4 for 3s on 8192 size blocks: 30951 rc4's in 2.96s
Doing des cbc for 3s on 16 size blocks: 6261394 des cbc's in 2.98s
Doing des cbc for 3s on 64 size blocks: 1591923 des cbc's in 2.96s
Doing des cbc for 3s on 256 size blocks: 376787 des cbc's in 2.97s
Doing des cbc for 3s on 1024 size blocks: 105723 des cbc's in 2.98s
Doing des cbc for 3s on 8192 size blocks: 12988 des cbc's in 2.97s
Doing des ede3 for 3s on 16 size blocks: 2253765 des ede3's in 2.98s
Doing des ede3 for 3s on 64 size blocks: 545553 des ede3's in 2.95s
Doing des ede3 for 3s on 256 size blocks: 150370 des ede3's in 2.98s
Doing des ede3 for 3s on 1024 size blocks: 37043 des ede3's in 2.97s
Doing des ede3 for 3s on 8192 size blocks: 4320 des ede3's in 2.97s
Doing aes-128 cbc for 3s on 16 size blocks: 9562893 aes-128 cbc's in 2.98s
Doing aes-128 cbc for 3s on 64 size blocks: 2292593 aes-128 cbc's in 2.96s
Doing aes-128 cbc for 3s on 256 size blocks: 550227 aes-128 cbc's in 2.96s
Doing aes-128 cbc for 3s on 1024 size blocks: 165769 aes-128 cbc's in 2.98s
Doing aes-128 cbc for 3s on 8192 size blocks: 20737 aes-128 cbc's in 2.97s
Doing aes-192 cbc for 3s on 16 size blocks: 7877984 aes-192 cbc's in 2.96s
Doing aes-192 cbc for 3s on 64 size blocks: 1779272 aes-192 cbc's in 2.91s
Doing aes-192 cbc for 3s on 256 size blocks: 533439 aes-192 cbc's in 2.97s
Doing aes-192 cbc for 3s on 1024 size blocks: 138014 aes-192 cbc's in 2.97s
Doing aes-192 cbc for 3s on 8192 size blocks: 16463 aes-192 cbc's in 2.96s
Doing aes-256 cbc for 3s on 16 size blocks: 7563249 aes-256 cbc's in 2.98s
Doing aes-256 cbc for 3s on 64 size blocks: 1798999 aes-256 cbc's in 2.96s
Doing aes-256 cbc for 3s on 256 size blocks: 434204 aes-256 cbc's in 2.97s
Doing aes-256 cbc for 3s on 1024 size blocks: 119193 aes-256 cbc's in 2.95s
Doing aes-256 cbc for 3s on 8192 size blocks: 15177 aes-256 cbc's in 2.96s
Doing aes-128 ige for 3s on 16 size blocks: 9202275 aes-128 ige's in 2.97s
Doing aes-128 ige for 3s on 64 size blocks: 2142712 aes-128 ige's in 2.88s
Doing aes-128 ige for 3s on 256 size blocks: 614359 aes-128 ige's in 2.96s
Doing aes-128 ige for 3s on 1024 size blocks: 157163 aes-128 ige's in 2.97s
Doing aes-128 ige for 3s on 8192 size blocks: 18776 aes-128 ige's in 2.97s
Doing aes-192 ige for 3s on 16 size blocks: 8232838 aes-192 ige's in 2.97s
Doing aes-192 ige for 3s on 64 size blocks: 2085623 aes-192 ige's in 2.97s
Doing aes-192 ige for 3s on 256 size blocks: 507600 aes-192 ige's in 2.96s
Doing aes-192 ige for 3s on 1024 size blocks: 140589 aes-192 ige's in 2.98s
Doing aes-192 ige for 3s on 8192 size blocks: 17883 aes-192 ige's in 2.97s
Doing aes-256 ige for 3s on 16 size blocks: 7220919 aes-256 ige's in 2.97s
Doing aes-256 ige for 3s on 64 size blocks: 1578844 aes-256 ige's in 2.88s
Doing aes-256 ige for 3s on 256 size blocks: 496151 aes-256 ige's in 2.97s
Doing aes-256 ige for 3s on 1024 size blocks: 120573 aes-256 ige's in 2.97s
Doing aes-256 ige for 3s on 8192 size blocks: 14419 aes-256 ige's in 2.97s
Doing camellia-128 cbc for 3s on 16 size blocks: 10164181 camellia-128 cbc's in 2.98s
Doing camellia-128 cbc for 3s on 64 size blocks: 2426735 camellia-128 cbc's in 2.97s
Doing camellia-128 cbc for 3s on 256 size blocks: 594696 camellia-128 cbc's in 2.97s
Doing camellia-128 cbc for 3s on 1024 size blocks: 155165 camellia-128 cbc's in 2.97s
Doing camellia-128 cbc for 3s on 8192 size blocks: 19823 camellia-128 cbc's in 2.97s
Doing camellia-192 cbc for 3s on 16 size blocks: 7759191 camellia-192 cbc's in 2.97s
Doing camellia-192 cbc for 3s on 64 size blocks: 1807682 camellia-192 cbc's in 2.96s
Doing camellia-192 cbc for 3s on 256 size blocks: 503313 camellia-192 cbc's in 2.98s
Doing camellia-192 cbc for 3s on 1024 size blocks: 120817 camellia-192 cbc's in 2.97s
Doing camellia-192 cbc for 3s on 8192 size blocks: 14645 camellia-192 cbc's in 2.97s
Doing camellia-256 cbc for 3s on 16 size blocks: 7630240 camellia-256 cbc's in 2.97s
Doing camellia-256 cbc for 3s on 64 size blocks: 1894929 camellia-256 cbc's in 2.98s
Doing camellia-256 cbc for 3s on 256 size blocks: 480498 camellia-256 cbc's in 2.97s
Doing camellia-256 cbc for 3s on 1024 size blocks: 115530 camellia-256 cbc's in 2.97s
Doing camellia-256 cbc for 3s on 8192 size blocks: 14892 camellia-256 cbc's in 2.97s
Doing idea cbc for 3s on 16 size blocks: 3159428 idea cbc's in 2.97s
Doing idea cbc for 3s on 64 size blocks: 783210 idea cbc's in 2.92s
Doing idea cbc for 3s on 256 size blocks: 203622 idea cbc's in 2.98s
Doing idea cbc for 3s on 1024 size blocks: 51121 idea cbc's in 2.96s
Doing idea cbc for 3s on 8192 size blocks: 6380 idea cbc's in 2.96s
Doing seed cbc for 3s on 16 size blocks: 7960158 seed cbc's in 2.98s
Doing seed cbc for 3s on 64 size blocks: 2104600 seed cbc's in 2.97s
Doing seed cbc for 3s on 256 size blocks: 541924 seed cbc's in 2.97s
Doing seed cbc for 3s on 1024 size blocks: 133534 seed cbc's in 2.97s
Doing seed cbc for 3s on 8192 size blocks: 17405 seed cbc's in 2.98s
Doing rc2 cbc for 3s on 16 size blocks: 4191467 rc2 cbc's in 2.96s
Doing rc2 cbc for 3s on 64 size blocks: 1032080 rc2 cbc's in 2.96s
Doing rc2 cbc for 3s on 256 size blocks: 275059 rc2 cbc's in 2.97s
Doing rc2 cbc for 3s on 1024 size blocks: 69219 rc2 cbc's in 2.96s
Doing rc2 cbc for 3s on 8192 size blocks: 8160 rc2 cbc's in 2.96s
Doing blowfish cbc for 3s on 16 size blocks: 10698135 blowfish cbc's in 2.98s
Doing blowfish cbc for 3s on 64 size blocks: 2710698 blowfish cbc's in 2.97s
Doing blowfish cbc for 3s on 256 size blocks: 721653 blowfish cbc's in 2.98s
Doing blowfish cbc for 3s on 1024 size blocks: 171149 blowfish cbc's in 2.96s
Doing blowfish cbc for 3s on 8192 size blocks: 23126 blowfish cbc's in 2.98s
Doing cast cbc for 3s on 16 size blocks: 7636006 cast cbc's in 2.97s
Doing cast cbc for 3s on 64 size blocks: 1714923 cast cbc's in 2.83s
Doing cast cbc for 3s on 256 size blocks: 529902 cast cbc's in 2.98s
Doing cast cbc for 3s on 1024 size blocks: 131865 cast cbc's in 2.97s
Doing cast cbc for 3s on 8192 size blocks: 15190 cast cbc's in 2.96s
Doing 512 bit private rsa's for 10s: 5261 512 bit private RSA's in 9.91s
Doing 512 bit public rsa's for 10s: 61094 512 bit public RSA's in 9.89s
Doing 1024 bit private rsa's for 10s: 930 1024 bit private RSA's in 9.90s
Doing 1024 bit public rsa's for 10s: 20079 1024 bit public RSA's in 9.89s
Doing 2048 bit private rsa's for 10s: 155 2048 bit private RSA's in 9.85s
Doing 2048 bit public rsa's for 10s: 6068 2048 bit public RSA's in 9.92s
Doing 4096 bit private rsa's for 10s: 25 4096 bit private RSA's in 9.98s
Doing 4096 bit public rsa's for 10s: 1764 4096 bit public RSA's in 9.90s
Doing 512 bit sign dsa's for 10s: 5609 512 bit DSA signs in 9.86s
Doing 512 bit verify dsa's for 10s: 4947 512 bit DSA verify in 9.89s
Doing 1024 bit sign dsa's for 10s: 1904 1024 bit DSA signs in 9.80s
Doing 1024 bit verify dsa's for 10s: 1620 1024 bit DSA verify in 9.91s
Doing 2048 bit sign dsa's for 10s: 607 2048 bit DSA signs in 9.92s
Doing 2048 bit verify dsa's for 10s: 515 2048 bit DSA verify in 9.92s
Doing 160 bit sign ecdsa's for 10s: 13863 160 bit ECDSA signs in 9.86s
Doing 160 bit verify ecdsa's for 10s: 2876 160 bit ECDSA verify in 9.89s
Doing 192 bit sign ecdsa's for 10s: 12634 192 bit ECDSA signs in 9.75s
Doing 192 bit verify ecdsa's for 10s: 2656 192 bit ECDSA verify in 9.89s
Doing 224 bit sign ecdsa's for 10s: 9945 224 bit ECDSA signs in 9.87s
Doing 224 bit verify ecdsa's for 10s: 2047 224 bit ECDSA verify in 9.89s
Doing 256 bit sign ecdsa's for 10s: 5899 256 bit ECDSA signs in 9.87s
Doing 256 bit verify ecdsa's for 10s: 1094 256 bit ECDSA verify in 9.92s
Doing 384 bit sign ecdsa's for 10s: 3231 384 bit ECDSA signs in 9.81s
Doing 384 bit verify ecdsa's for 10s: 597 384 bit ECDSA verify in 9.89s
Doing 521 bit sign ecdsa's for 10s: 1131 521 bit ECDSA signs in 9.91s
Doing 521 bit verify ecdsa's for 10s: 201 521 bit ECDSA verify in 9.91s
Doing 163 bit sign ecdsa's for 10s: 3677 163 bit ECDSA signs in 9.89s
Doing 163 bit verify ecdsa's for 10s: 1746 163 bit ECDSA verify in 9.91s
Doing 233 bit sign ecdsa's for 10s: 1807 233 bit ECDSA signs in 9.83s
Doing 233 bit verify ecdsa's for 10s: 923 233 bit ECDSA verify in 9.91s
Doing 283 bit sign ecdsa's for 10s: 1149 283 bit ECDSA signs in 9.91s
Doing 283 bit verify ecdsa's for 10s: 500 283 bit ECDSA verify in 9.91s
Doing 409 bit sign ecdsa's for 10s: 470 409 bit ECDSA signs in 9.91s
Doing 409 bit verify ecdsa's for 10s: 229 409 bit ECDSA verify in 9.92s
Doing 571 bit sign ecdsa's for 10s: 203 571 bit ECDSA signs in 9.86s
Doing 571 bit verify ecdsa's for 10s: 102 571 bit ECDSA verify in 9.94s
Doing 163 bit sign ecdsa's for 10s: 3653 163 bit ECDSA signs in 9.90s
Doing 163 bit verify ecdsa's for 10s: 1623 163 bit ECDSA verify in 9.89s
Doing 233 bit sign ecdsa's for 10s: 1838 233 bit ECDSA signs in 9.89s
Doing 233 bit verify ecdsa's for 10s: 848 233 bit ECDSA verify in 9.90s
Doing 283 bit sign ecdsa's for 10s: 1130 283 bit ECDSA signs in 9.85s
Doing 283 bit verify ecdsa's for 10s: 458 283 bit ECDSA verify in 9.90s
Doing 409 bit sign ecdsa's for 10s: 475 409 bit ECDSA signs in 9.91s
Doing 409 bit verify ecdsa's for 10s: 205 409 bit ECDSA verify in 9.88s
Doing 571 bit sign ecdsa's for 10s: 205 571 bit ECDSA signs in 9.91s
Doing 571 bit verify ecdsa's for 10s: 88 571 bit ECDSA verify in 9.89s
Doing 160 bit  ecdh's for 10s: 3439 160-bit ECDH ops in 9.83s
Doing 192 bit  ecdh's for 10s: 3184 192-bit ECDH ops in 9.90s
Doing 224 bit  ecdh's for 10s: 2488 224-bit ECDH ops in 9.90s
Doing 256 bit  ecdh's for 10s: 1309 256-bit ECDH ops in 9.89s
Doing 384 bit  ecdh's for 10s: 717 384-bit ECDH ops in 9.91s
Doing 521 bit  ecdh's for 10s: 245 521-bit ECDH ops in 9.92s
Doing 163 bit  ecdh's for 10s: 3464 163-bit ECDH ops in 9.85s
Doing 233 bit  ecdh's for 10s: 1927 233-bit ECDH ops in 9.94s
Doing 283 bit  ecdh's for 10s: 1035 283-bit ECDH ops in 9.91s
Doing 409 bit  ecdh's for 10s: 449 409-bit ECDH ops in 9.89s
Doing 571 bit  ecdh's for 10s: 206 571-bit ECDH ops in 9.93s
Doing 163 bit  ecdh's for 10s: 2735 163-bit ECDH ops in 9.91s
Doing 233 bit  ecdh's for 10s: 1728 233-bit ECDH ops in 9.84s
Doing 283 bit  ecdh's for 10s: 907 283-bit ECDH ops in 9.92s
Doing 409 bit  ecdh's for 10s: 413 409-bit ECDH ops in 9.93s
Doing 571 bit  ecdh's for 10s: 181 571-bit ECDH ops in 9.93s
OpenSSL 1.0.0a 1 Jun 2010
built on: Thu Jul 22 09:58:20 KST 2010
options:bn(64,32) rc4(ptr,char) des(ptr,cisc,16,long) aes(partial) idea(int) blowfish(ptr)
compiler: cc -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fast -O -Xa
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md2                  0.00         0.00         0.00         0.00         0.00
mdc2              4879.59k     5315.82k     5410.80k     6111.25k     5770.50k
md4              13558.12k    47680.53k   141864.13k   261196.11k   342348.37k
md5              12181.68k    37454.71k   100589.12k   191679.31k   239178.44k
hmac(md5)        11045.87k    39181.56k   107496.22k   187325.92k   235999.02k
sha1             11119.08k    32002.05k    68491.89k   115536.06k   132787.63k
rmd160            8483.62k    21932.89k    42673.30k    60574.41k    67064.07k
rc4              83415.26k    76490.93k   101574.42k   100417.85k    85658.98k
des cbc          33618.22k    34419.96k    32477.26k    36328.98k    35824.14k
des ede3         12100.75k    11835.73k    12917.69k    12771.73k    11915.64k
idea cbc         17020.49k    17166.25k    17492.36k    17685.10k    17657.08k
seed cbc         42739.10k    45351.65k    46711.29k    46040.01k    47846.23k
rc2 cbc          22656.58k    22315.24k    23708.79k    23946.03k    22583.35k
rc5-32/12 cbc        0.00         0.00         0.00         0.00         0.00
blowfish cbc     57439.65k    58412.35k    61994.35k    59208.30k    63573.22k
cast cbc         41136.73k    38782.71k    45521.78k    45464.57k    42039.35k
aes-128 cbc      51344.39k    49569.58k    47587.20k    56962.23k    57197.81k
aes-192 cbc      42583.70k    39131.76k    45979.93k    47584.62k    45562.46k
aes-256 cbc      40608.05k    38897.28k    37426.34k    41374.11k    42003.37k
camellia-128 cbc    54572.78k    52293.28k    51259.99k    53497.97k    54676.77k
camellia-192 cbc    41800.36k    39085.02k    43237.63k    41655.42k    40394.56k
camellia-256 cbc    41105.67k    40696.46k    41416.66k    39832.57k    41075.85k
sha256            8135.53k    18694.27k    37825.59k    48059.04k    49521.61k
sha512            3419.98k    13023.91k    19062.95k    30551.28k    33987.15k
whirlpool         2266.08k     4480.63k     7529.49k     8755.37k     8612.67k
aes-128 ige      49574.55k    47615.82k    53133.75k    54186.84k    51788.89k
aes-192 ige      44351.99k    44942.72k    43900.54k    48309.78k    49325.77k
aes-256 ige      38900.57k    35085.42k    42765.88k    41571.30k    39771.19k
                  sign    verify    sign/s verify/s
rsa  512 bits 0.001884s 0.000162s    530.9   6177.4
rsa 1024 bits 0.010645s 0.000493s     93.9   2030.2
rsa 2048 bits 0.063548s 0.001635s     15.7    611.7
rsa 4096 bits 0.399200s 0.005612s      2.5    178.2
                  sign    verify    sign/s verify/s
dsa  512 bits 0.001758s 0.001999s    568.9    500.2
dsa 1024 bits 0.005147s 0.006117s    194.3    163.5
dsa 2048 bits 0.016343s 0.019262s     61.2     51.9
                              sign    verify    sign/s verify/s
 160 bit ecdsa (secp160r1)   0.0007s   0.0034s   1406.0    290.8
 192 bit ecdsa (nistp192)   0.0008s   0.0037s   1295.8    268.6
 224 bit ecdsa (nistp224)   0.0010s   0.0048s   1007.6    207.0
 256 bit ecdsa (nistp256)   0.0017s   0.0091s    597.7    110.3
 384 bit ecdsa (nistp384)   0.0030s   0.0166s    329.4     60.4
 521 bit ecdsa (nistp521)   0.0088s   0.0493s    114.1     20.3
 163 bit ecdsa (nistk163)   0.0027s   0.0057s    371.8    176.2
 233 bit ecdsa (nistk233)   0.0054s   0.0107s    183.8     93.1
 283 bit ecdsa (nistk283)   0.0086s   0.0198s    115.9     50.5
 409 bit ecdsa (nistk409)   0.0211s   0.0433s     47.4     23.1
 571 bit ecdsa (nistk571)   0.0486s   0.0975s     20.6     10.3
 163 bit ecdsa (nistb163)   0.0027s   0.0061s    369.0    164.1
 233 bit ecdsa (nistb233)   0.0054s   0.0117s    185.8     85.7
 283 bit ecdsa (nistb283)   0.0087s   0.0216s    114.7     46.3
 409 bit ecdsa (nistb409)   0.0209s   0.0482s     47.9     20.7
 571 bit ecdsa (nistb571)   0.0483s   0.1124s     20.7      8.9
                              op      op/s
 160 bit ecdh (secp160r1)   0.0029s    349.8
 192 bit ecdh (nistp192)   0.0031s    321.6
 224 bit ecdh (nistp224)   0.0040s    251.3
 256 bit ecdh (nistp256)   0.0076s    132.4
 384 bit ecdh (nistp384)   0.0138s     72.4
 521 bit ecdh (nistp521)   0.0405s     24.7
 163 bit ecdh (nistk163)   0.0028s    351.7
 233 bit ecdh (nistk233)   0.0052s    193.9
 283 bit ecdh (nistk283)   0.0096s    104.4
 409 bit ecdh (nistk409)   0.0220s     45.4
 571 bit ecdh (nistk571)   0.0482s     20.7
 163 bit ecdh (nistb163)   0.0036s    276.0
 233 bit ecdh (nistb233)   0.0057s    175.6
 283 bit ecdh (nistb283)   0.0109s     91.4
 409 bit ecdh (nistb409)   0.0240s     41.6
 571 bit ecdh (nistb571)   0.0549s     18.2
root@wl ~ #