Rebuilding the Debian OpenSSL package with VIA Padlock support

Initially published on 2014-10-02

Here's a complete process of rebuilding Debian OpenSSL packages with Padlock support. You shouldn't just copy-paste all of it into a console, but rather copy-paste and run line-by-line, ensuring everything went fine before moving on to the next step.

apt-get install devscripts fakeroot build-essential zlib1g-dev

# For Debian 7 versions of OpenSSL:
curl -O https://romanrm.net/dl/padlock/wheezy/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch \
     -O https://romanrm.net/dl/padlock/wheezy/1002-engines-e_padlock-backport-cvs-head-changes.patch \
     -O https://romanrm.net/dl/padlock/wheezy/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch \
     -O https://romanrm.net/dl/padlock/wheezy/1004-crypto-engine-autoload-padlock-dynamic-engine.patch \
     -O https://romanrm.net/dl/padlock/wheezy/1005-auto-engine.patch

# For Debian 8:
curl -O https://romanrm.net/dl/padlock/jessie/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch \
     -O https://romanrm.net/dl/padlock/jessie/1002-backport-changes-from-upstream-padlock-module.patch \
     -O https://romanrm.net/dl/padlock/jessie/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch \
     -O https://romanrm.net/dl/padlock/jessie/1004-crypto-engine-autoload-padlock-dynamic-engine.patch \
     -O https://romanrm.net/dl/padlock/jessie/1005-auto-engine.patch

dget http://http.debian.net/debian/pool/main/o/openssl/openssl_1.0.1t-1+deb8u2.dsc
# ^ check what is the most current URL for the *.dsc at https://packages.debian.org/jessie/openssl in the right column

# The error "dscverify: can't find any system keyrings" at this point is no problem, just proceed.

dpkg-source -x *.dsc

cd openssl*/
patch -lp1 < ../1001*; patch -lp1 < ../1002*; patch -lp1 < ../1003*; patch -lp1 < ../1004*; patch -lp1 < ../1005*
# ^ if you get FAILED in any of the patches, check http://git.alpinelinux.org/cgit/aports/plain/main/openssl/ for updated versions of them

dpkg-source --commit
# ^ it will ask you for a patch name (enter "padlock") and launch a text editor, just press Ctrl-X(nano) or enter :x(vim) to exit

dpkg-buildpackage -rfakeroot -b
# ^ if you're building this for the first time, this may complain that you don't have a lot of development packages installed; install them, then retry.

cd ..
dpkg -i openssl*.deb libssl1*.deb
aptitude hold openssl libssl1.0.0  

Don't forget to restart all daemons which use encryption (e.g. the web server, SSH server, any VPN daemons, etc).

Ensure applications use AES-CBC

It appears that for AES only the CBC encryption mode is accelerated (but not GCM or CTR), therefore some apps may need to be reconfigured to take full advantage of the acceleration.

For example if you run a web server with HTTPS, I suggest to use the following cipher list (yes, that simple):

ECDHE-RSA-AES256-SHA:AES256-SHA

On more details what that is and how to apply it, see e.g. https://cipherli.st/ (but do not use the ones suggested there).

My server was initially set up to use GCM, and as you can the cipher has a huge impact on performance:

# ==== Tries to use AES-GCM: ===

# wget -O /dev/null https://xxxx/100m
--2016-09-20 20:23:46--  https://xxxx/100m
Resolving xxxx (xxxx)... 127.0.1.1
Connecting to xxxx (xxxx)|127.0.1.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 104857600 (100M) [application/octet-stream]
Saving to: ‘/dev/null’

/dev/null                         100%[============================================================>] 100.00M  17.4MB/s   in 5.7s   

2016-09-20 20:23:52 (17.4 MB/s) - ‘/dev/null’ saved [104857600/104857600]

# ... edit the config file to use the cipher list mentioned above ...

# /etc/init.d/lighttpd restart
[ ok ] Stopping web server: lighttpd.
[ ok ] Starting web server: lighttpd.

# ==== Uses AES CBC now: ====

# wget -O /dev/null https://xxxx/100m
--2016-09-20 20:24:13--  https://xxxx/100m
Resolving xxxx (xxxx)... 127.0.1.1
Connecting to xxxx (xxxx)|127.0.1.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 104857600 (100M) [application/octet-stream]
Saving to: ‘/dev/null’

/dev/null                         100%[============================================================>] 100.00M  42.1MB/s   in 2.4s   

2016-09-20 20:24:15 (42.1 MB/s) - ‘/dev/null’ saved [104857600/104857600]

More performance tests

sha256

After installing the rebuilt packages, you can verify that OpenSSL has been successfully patched via running:

dd if=/dev/zero bs=1M count=512 | openssl sha256

With the hardware acceleration, on a VIA Nano U2250 this should give around 230 MB/sec, without it – only about 60 or so.

openssl speed

openssl speed -evp aes-256-cbc

Before:

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc      44501.64k    47309.02k    49103.10k    48988.44k    49356.09k

After:

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc      74678.28k   248020.33k   489234.82k   640749.64k   711964.72k

For reference, an i5-3570S CPU at 3.7 GHz:

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-cbc     503045.35k   527675.33k   533090.56k   534551.55k   534749.18k

Keeping your OpenSSL up-to-date

One side-effect of manually building and installing a patched version of OpenSSL, is that you “opt out” of automatic updates to it provided by your distribution (Debian in our case). So to keep OpenSSL up-to-date and stay ahead of any security exploits, you will need to re-do the build and install process described above from time to time as new OpenSSL versions come out, and also immediately if any “big news” serious exploit appears in the wild.

More about VIA Padlock and OpenSSL

More about rebuilding Debian packages


openssl-padlock.txt · Last modified: 2016-09-20 20:42 UTC by rm