Public bug reported: The FIPS changes added in 1.0.2g-1ubuntu3/1.0.2g-1ubuntu4 as discussed in https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309 always run the FIPS self tests independent of FIPS being enabled (via /proc/sys/crypto/fips_enabled).
The performance impact of running these FIPS tests on armhf (beaglebone and raspberry pi 2&3) is significant (~ 700ms). On amd64 it is measurable but far less significant (~ 10ms). On a long running process this may be insignificant, but for command line tools this is problematic. I've seen performance differences with wget, dig, nslookup, and host. I am sure there are others. The specific numbers above are from the sample code below. The relevant initialization can be found in crypto/o_init.c: static void init_fips_mode(void) { char buf[2] = "0"; int fd; /* Ensure the selftests always run */ FIPS_mode_set(1); /* For now, do not enforce fips mode via env var if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) { buf[0] = '1'; } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { */ if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; close(fd); } /* Failure reading the fips mode switch file means just not * switching into FIPS mode. We would break too many things * otherwise.. */ if (buf[0] != '1') { /* drop down to non-FIPS mode if it is not requested */ FIPS_mode_set(0); } else { /* abort if selftest failed */ FIPS_selftest_check(); } } I would like to see these tests only run if /proc/sys/crypto/fips_enabled exists, and is 1. This still meets the original proposal as written in the 1553309 thread: 1. openssl must read a 1 from /proc/sys/crypto/fips_enabled. 2. The selftests must pass 3. The integrity check must pass To see the performance differences you can build and time the following program: #include <stdio.h> #include <openssl/ssl.h> int main() { OpenSSL_add_ssl_algorithms(); } To measure the system performance without FIPS I installed 1.0.2g- 1ubuntu2 from: https://launchpad.net/ubuntu/+source/openssl/1.0.2g- 1ubuntu2 on both armhf and amd64. I have also recompiled 1.0.2g- 1ubuntu4.1 with the call to FIPS_mode_set(1) commented out. When I run the original 1.0.2g-1ubuntu4.1 on my Raspberry Pi I see the following times: real 0m0.690s real 0m0.683s real 0m0.705s real 0m0.690s The same system with 1.0.2g-1ubuntu4.1 modified and the call to FIPS_mode_set(1) commented out: real 0m0.010s real 0m0.010s real 0m0.009s real 0m0.012s real 0m0.010s The same system with 1.0.2g-1ubuntu2: real 0m0.010s real 0m0.009s real 0m0.009s real 0m0.011s real 0m0.012s Here is some information about my system: $ lsb_release -rd Description: Ubuntu 16.04 LTS Release: 16.04 $ apt-cache policy libssl1.0.0 libssl1.0.0: Installed: 1.0.2g-1ubuntu4.1 Candidate: 1.0.2g-1ubuntu4.1 Version table: *** 1.0.2g-1ubuntu4.1 500 500 http://ports.ubuntu.com/ubuntu-ports xenial-security/main armhf Packages 500 http://ports.ubuntu.com/ubuntu-ports xenial-updates/main armhf Packages 100 /var/lib/dpkg/status 1.0.2g-1ubuntu4 500 500 http://ports.ubuntu.com/ubuntu-ports xenial/main armhf Packages ** Affects: openssl (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1591797 Title: Only run FIPS self tests when FIPS is enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1591797/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs