Initially published on 2014-10-02
Here's a complete process of rebuilding Debian OpenSSL packages with Padlock support. You shouldn't just copy-paste all of it into a console, but rather copy-paste and run line-by-line, ensuring everything went fine before moving on to the next step.
apt-get install devscripts fakeroot build-essential zlib1g-dev # For Debian 7 versions of OpenSSL: curl -O https://romanrm.net/dl/padlock/wheezy/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch \ -O https://romanrm.net/dl/padlock/wheezy/1002-engines-e_padlock-backport-cvs-head-changes.patch \ -O https://romanrm.net/dl/padlock/wheezy/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch \ -O https://romanrm.net/dl/padlock/wheezy/1004-crypto-engine-autoload-padlock-dynamic-engine.patch \ -O https://romanrm.net/dl/padlock/wheezy/1005-auto-engine.patch # For Debian 8: curl -O https://romanrm.net/dl/padlock/jessie/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch \ -O https://romanrm.net/dl/padlock/jessie/1002-backport-changes-from-upstream-padlock-module.patch \ -O https://romanrm.net/dl/padlock/jessie/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch \ -O https://romanrm.net/dl/padlock/jessie/1004-crypto-engine-autoload-padlock-dynamic-engine.patch \ -O https://romanrm.net/dl/padlock/jessie/1005-auto-engine.patch dget http://http.debian.net/debian/pool/main/o/openssl/openssl_1.0.1t-1+deb8u2.dsc # ^ check what is the most current URL for the *.dsc at https://packages.debian.org/jessie/openssl in the right column # The error "dscverify: can't find any system keyrings" at this point is no problem, just proceed. dpkg-source -x *.dsc cd openssl*/ patch -lp1 < ../1001*; patch -lp1 < ../1002*; patch -lp1 < ../1003*; patch -lp1 < ../1004*; patch -lp1 < ../1005* # ^ if you get FAILED in any of the patches, check http://git.alpinelinux.org/cgit/aports/plain/main/openssl/ for updated versions of them dpkg-source --commit # ^ it will ask you for a patch name (enter "padlock") and launch a text editor, just press Ctrl-X(nano) or enter :x(vim) to exit dpkg-buildpackage -rfakeroot -b # ^ if you're building this for the first time, this may complain that you don't have a lot of development packages installed; install them, then retry. cd .. dpkg -i openssl*.deb libssl1*.deb aptitude hold openssl libssl1.0.0
Don't forget to restart all daemons which use encryption (e.g. the web server, SSH server, any VPN daemons, etc).
It appears that for AES only the CBC encryption mode is accelerated (but not GCM or CTR), therefore some apps may need to be reconfigured to take full advantage of the acceleration.
For example if you run a web server with HTTPS, I suggest to use the following cipher list (yes, that simple):
On more details what that is and how to apply it, see e.g. https://cipherli.st/ (but do not use the ones suggested there).
My server was initially set up to use GCM, and as you can the cipher has a huge impact on performance:
# ==== Tries to use AES-GCM: === # wget -O /dev/null https://xxxx/100m --2016-09-20 20:23:46-- https://xxxx/100m Resolving xxxx (xxxx)... 127.0.1.1 Connecting to xxxx (xxxx)|127.0.1.1|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 104857600 (100M) [application/octet-stream] Saving to: ‘/dev/null’ /dev/null 100%[============================================================>] 100.00M 17.4MB/s in 5.7s 2016-09-20 20:23:52 (17.4 MB/s) - ‘/dev/null’ saved [104857600/104857600] # ... edit the config file to use the cipher list mentioned above ... # /etc/init.d/lighttpd restart [ ok ] Stopping web server: lighttpd. [ ok ] Starting web server: lighttpd. # ==== Uses AES CBC now: ==== # wget -O /dev/null https://xxxx/100m --2016-09-20 20:24:13-- https://xxxx/100m Resolving xxxx (xxxx)... 127.0.1.1 Connecting to xxxx (xxxx)|127.0.1.1|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 104857600 (100M) [application/octet-stream] Saving to: ‘/dev/null’ /dev/null 100%[============================================================>] 100.00M 42.1MB/s in 2.4s 2016-09-20 20:24:15 (42.1 MB/s) - ‘/dev/null’ saved [104857600/104857600]
After installing the rebuilt packages, you can verify that OpenSSL has been successfully patched via running:
dd if=/dev/zero bs=1M count=512 | openssl sha256
With the hardware acceleration, on a VIA Nano U2250 this should give around 230 MB/sec, without it – only about 60 or so.
openssl speed -evp aes-256-cbc
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 44501.64k 47309.02k 49103.10k 48988.44k 49356.09k
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 74678.28k 248020.33k 489234.82k 640749.64k 711964.72k
For reference, an i5-3570S CPU at 3.7 GHz:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-256-cbc 503045.35k 527675.33k 533090.56k 534551.55k 534749.18k
One side-effect of manually building and installing a patched version of OpenSSL, is that you “opt out” of automatic updates to it provided by your distribution (Debian in our case). So to keep OpenSSL up-to-date and stay ahead of any security exploits, you will need to re-do the build and install process described above from time to time as new OpenSSL versions come out, and also immediately if any “big news” serious exploit appears in the wild.