Public bug reported:

The FIPS changes added in 1.0.2g-1ubuntu3/1.0.2g-1ubuntu4 as discussed
in https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309 always
run the FIPS self tests independent of FIPS being enabled (via
/proc/sys/crypto/fips_enabled).

The performance impact of running these FIPS tests on armhf (beaglebone
and raspberry pi 2&3) is significant (~ 700ms).  On amd64 it is
measurable but far less significant (~ 10ms).  On a long running process
this may be insignificant, but for command line tools this is
problematic.  I've seen performance differences with wget, dig,
nslookup, and host.  I am sure there are others.  The specific numbers
above are from the sample code below.

The relevant initialization can be found in crypto/o_init.c:
static void init_fips_mode(void)
{
    char buf[2] = "0";
    int fd;

    /* Ensure the selftests always run */
    FIPS_mode_set(1);

    /* For now, do not enforce fips mode via env var
    if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
        buf[0] = '1';
    } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { */
    if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
        while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; close(fd);
    }
    /* Failure reading the fips mode switch file means just not
     * switching into FIPS mode. We would break too many things
     * otherwise..
     */

    if (buf[0] != '1') {
        /* drop down to non-FIPS mode if it is not requested */
        FIPS_mode_set(0);
    } else {
        /* abort if selftest failed */
        FIPS_selftest_check();
    }
}

I would like to see these tests only run if /proc/sys/crypto/fips_enabled 
exists, and is 1.  This still meets the original proposal as written in the 
1553309 thread:
1. openssl must read a 1 from /proc/sys/crypto/fips_enabled.
2. The selftests must pass
3. The integrity check must pass

To see the performance differences you can build and time the following program:
#include <stdio.h>
#include <openssl/ssl.h>

int main() {
  OpenSSL_add_ssl_algorithms();
}

To measure the system performance without FIPS I installed 1.0.2g-
1ubuntu2 from: https://launchpad.net/ubuntu/+source/openssl/1.0.2g-
1ubuntu2 on both armhf and amd64.  I have also recompiled 1.0.2g-
1ubuntu4.1 with the call to FIPS_mode_set(1) commented out.

When I run the original 1.0.2g-1ubuntu4.1 on my Raspberry Pi I see the 
following times:
real    0m0.690s
real    0m0.683s
real    0m0.705s
real    0m0.690s

The same system with 1.0.2g-1ubuntu4.1 modified and the call to 
FIPS_mode_set(1) commented out:
real    0m0.010s
real    0m0.010s
real    0m0.009s
real    0m0.012s
real    0m0.010s

The same system with 1.0.2g-1ubuntu2:
real    0m0.010s
real    0m0.009s
real    0m0.009s
real    0m0.011s
real    0m0.012s


Here is some information about my system:
$ lsb_release -rd
Description:    Ubuntu 16.04 LTS
Release:        16.04

$ apt-cache policy libssl1.0.0
libssl1.0.0:
  Installed: 1.0.2g-1ubuntu4.1
  Candidate: 1.0.2g-1ubuntu4.1
  Version table:
 *** 1.0.2g-1ubuntu4.1 500
        500 http://ports.ubuntu.com/ubuntu-ports xenial-security/main armhf 
Packages 500 http://ports.ubuntu.com/ubuntu-ports xenial-updates/main armhf 
Packages 100 /var/lib/dpkg/status
     1.0.2g-1ubuntu4 500
        500 http://ports.ubuntu.com/ubuntu-ports xenial/main armhf Packages

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1591797

Title:
  Only run FIPS self tests when FIPS is enabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1591797/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to