prakgen wrote:
Hi,

I've enabled fips in sshd (OpenSSH 5.5p1) and linked it against openssl-fips-1.2. Everytime time sshd is spawned, the cpu utilization shoots up and remains high (40% to 90%) for around 5 seconds. By taking backtraces at time intervals (please see below), I found that, during this entire 5 sec period, sshd was executing BN_mod_mul_montgomery() function. Is this expected? Is there a workaround to avoid cpu spike? This is adding delay to ssh login.

You are seeing the "POST" (Power Up Self Test) mandated by FIPS 140-2. It is a huge performance hit on low powered platforms (sometimes taking tens or even hundreds of seconds). We're going to make it significantly less painful for the upcoming new validation now in progress, but there will always be a performance hit relative to the same software without enabling FIPS mode.

-Steve M.

--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to