Evaluation of OpenSSL stack software

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Evaluation of OpenSSL stack software

Jan Graczyk

Hello OpenSSL-Users,

 

I am actually evaluating OpenSSL stack software to be possibly used in my company next generation products. We would like to have a secure connection between our device TCP/IP stack and web server which already has SSL server running. I am looking for a benchmarks of OpenSSL client running on ARM Cortex-M3 based processor. I would appreciate very much  feedback from you. Thank you.

 

Best Regards

Jan Graczyk

Embedded Software Developer – Embedded Software Poland


Tel:           +48 535 045 515

Tel2:         +49-89-673460-635

E-Mail:     [hidden email]

Web:        www.telic.de

Telic AG

Raiffeisenallee 12b

82041 Oberhaching

Germany

cid:image003.png@01D2336E.70B45010


Local Court Munich, Register Number: HRB 143 723 | Vorstandsvorsitzender: Dr. Ditmar Prigge; Vorstand: Frank Heineck

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Evaluation of OpenSSL stack software

Michael Richardson

Jan Graczyk <[hidden email]> wrote:
    > I am actually evaluating OpenSSL stack software to be possibly used in
    > my company next generation products. We would like to have a secure
    > connection between our device TCP/IP stack and web server which already
    > has SSL server running. I am looking for a benchmarks of OpenSSL client
    > running on ARM Cortex-M3 based processor. I would appreciate very much
    > feedback from you. Thank you.

I think you'll need to be far specific.

If you want to know bulk AES128 performance, then maybe this will help:
  https://csrc.nist.gov/csrc/media/events/lightweight-cryptography-workshop-2015/documents/presentations/session7-vincent.pdf

What compiler?  What MHZ?  What kind of RAM?
The above paper uses mbedTLS (which used to be PolarSSL, but ARM bought it).
The bulk rates are likely comparable.  I don't have any data, but a google
searched found a variety of papers.
Fitting openssl into an M3's code space can be easy or hard depending on many factors.

If you are concerned about setup times, then what method are you using to authenticate?
(RSA? ECDSA? PSK? Raw Public Key)

    > Best Regards
    > Jan Graczyk
    > Embedded Software Developer – Embedded Software Poland

    > ----------------------------------------------------------------------
    > Tel: +48 535 045 515 Telic AG cid:imag
    > Tel2: +49-89-673460-635 Raiffeisenallee 12b
    > E-Mail: j.graczyk@telic.de82041 Oberhaching
    > Web: www.telic.de Germany cid:image003.png@01D2336E.70B45010
    > ----------------------------------------------------------------------



--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [
       

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

signature.asc (497 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Evaluation of OpenSSL stack software

d3x0r
In reply to this post by Jan Graczyk


On Fri, Dec 22, 2017 at 4:44 AM, Jan Graczyk <[hidden email]> wrote:

Hello OpenSSL-Users,

 

I am actually evaluating OpenSSL stack software to be possibly used in my company next generation products. We would like to have a secure connection between our device TCP/IP stack and web server which already has SSL server running. I am looking for a benchmarks of OpenSSL client running on ARM Cortex-M3 based processor. I would appreciate very much  feedback from you. Thank you.

 


I would also suggest check out LibreSSL which uses the same API as OpenSSL but was easier to build (not requiring perl) and supports CMake.
 

Best Regards

Jan Graczyk

Embedded Software Developer – Embedded Software Poland


Tel:           <a href="tel:+48%20535%20045%20515" value="+48535045515" target="_blank">+48 535 045 515

Tel2:         <a href="tel:+49%2089%20673460635" value="+4989673460635" target="_blank">+49-89-673460-635

E-Mail:     [hidden email]

Web:        www.telic.de

Telic AG

Raiffeisenallee 12b

82041 Oberhaching

Germany

cid:image003.png@01D2336E.70B45010


Local Court Munich, Register Number: HRB 143 723 | Vorstandsvorsitzender: Dr. Ditmar Prigge; Vorstand: Frank Heineck

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Evaluation of OpenSSL stack software

Viktor Dukhovni


> On Dec 22, 2017, at 10:21 PM, J Decker <[hidden email]> wrote:
>
> I would also suggest check out LibreSSL which uses the same API as OpenSSL

Very similar to OpenSSL 1.0.2, plus its own extensions.  That's not exactly
"same".

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Evaluation of OpenSSL stack software

d3x0r


On Fri, Dec 22, 2017 at 7:23 PM, Viktor Dukhovni <[hidden email]> wrote:


> On Dec 22, 2017, at 10:21 PM, J Decker <[hidden email]> wrote:
>
> I would also suggest check out LibreSSL which uses the same API as OpenSSL

Very similar to OpenSSL 1.0.2, plus its own extensions.  That's not exactly
"same".

The same in that I can link/compile against either and not change any application code... not speaking of internals, just the API. 

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Evaluation of OpenSSL stack software

Viktor Dukhovni


> On Dec 22, 2017, at 11:33 PM, J Decker <[hidden email]> wrote:
>
> Very similar to OpenSSL 1.0.2, plus its own extensions.  That's not exactly
> "same".
>
> The same in that I can link/compile against either and not change any application code... not speaking of internals, just the API.

Well, that's not actually true.  There are API differences.  There
is a large common intersection that covers many legacy applications,
but newer features in each library are not present in the other.

--
--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Evaluation of OpenSSL stack software

d3x0r


On Fri, Dec 22, 2017 at 8:40 PM, Viktor Dukhovni <[hidden email]> wrote:


> On Dec 22, 2017, at 11:33 PM, J Decker <[hidden email]> wrote:
>
> Very similar to OpenSSL 1.0.2, plus its own extensions.  That's not exactly
> "same".
>
> The same in that I can link/compile against either and not change any application code... not speaking of internals, just the API.

Well, that's not actually true.  There are API differences.  There
is a large common intersection that covers many legacy applications,
but newer features in each library are not present in the other.

Any many current applications.  This app was all done with recent docs on recent version and I found 0 incompabilities.
I did run into a beta feature for 1.1.0 that was something about setting the fragment size... https://github.com/libressl-portable/portable/issues/214  but again that wasn't in 1.0 stable openssl either so...
 

--
--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users