Hi,
I've enabled fips in sshd (OpenSSH 5.5p1) and linked it against
openssl-fips-1.2. Everytime time sshd is spawned, the cpu utilization
shoots up and remains high (40% to 90%) for around 5 seconds. By taking
backtraces at time intervals (please see below), I found that, during this
entire 5 sec period, sshd was executing BN_mod_mul_montgomery() function. Is
this expected? Is there a workaround to avoid cpu spike? This is adding
delay to ssh login.
#0 0xb7a74a7f in bn_sqr_comba8 (r=0x80de020, a=0x80ddfe0) at bn_asm.c:728
#1 0xb7a5d2a4 in bn_sqr_recursive (r=0x80de020, a=0x80ddfe0, n2=8,
t=0x80de060) at bn_sqr.c:229
#2 0xb7a5d11d in bn_sqr_recursive (r=0x80ddd58, a=0x80d98a8, n2=16,
t=0x80ddfe0) at bn_sqr.c:252
#3 0xb7a5d166 in bn_sqr_recursive (r=0x80ddcd8, a=0x80d9868, n2=32,
t=0x80ddee0) at bn_sqr.c:256
#4 0xb7a5d55e in BN_sqr (r=0x80d8eb4, a=0x80d8cf0, ctx=0x80d8bd0) at
bn_sqr.c:127
#5 0xb7a58ed8 in BN_mod_mul_montgomery (r=0x80d8cf0, a=0x80d8cf0,
b=0x80d8cf0, mont=0x80d9790, ctx=0x80d8bd0)
at bn_mont.c:153
#6 0xb7a55607 in BN_mod_exp_mont (rr=0x80d8cc8, a=0x80d8cc8, p=0x80d8cb4,
m=0x80d8c78, ctx=0x80d8bd0, in_mont=0x80d9790) at bn_exp.c:495
#7 0xb7a5b44e in witness (mont=<value optimized out>, ctx=<value optimized
out>, k=<value optimized out>,
a1_odd=<value optimized out>, a1=<value optimized out>, a=<value optimized
out>, w=<value optimized out>)
at bn_prime.c:355
#8 BN_is_prime_fasttest_ex (a=0x80d8c78, checks=50, ctx_passed=0x80d8bd0,
do_trial_division=1, cb=0x0)
at bn_prime.c:328
#9 0xb7a81c54 in dsa_builtin_paramgen (cb=<value optimized out>,
h_ret=<value optimized out>,
counter_ret=<value optimized out>, seed_len=<value optimized out>,
seed_in=<value optimized out>,
bits=<value optimized out>, ret=<value optimized out>) at fips_dsa_gen.c:271
#10 DSA_generate_parameters_ex (ret=0x80d8ab8, bits=1024, seed_in=0x0,
seed_len=20, counter_ret=0xbfd3d4f8, h_ret=0xbfd3d4f0, cb=0x0) at
fips_dsa_gen.c:99
#11 0xb7a82091 in FIPS_selftest_dsa () at fips_dsa_selftest.c:131
#12 0xb7a50415 in FIPS_selftest () at fips.c:178
Thanks,
Prakash
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org