prakgen wrote:
Hi,
I've enabled fips in sshd (OpenSSH 5.5p1) and linked it against
openssl-fips-1.2. Everytime time sshd is spawned, the cpu utilization
shoots up and remains high (40% to 90%) for around 5 seconds. By
taking backtraces at time intervals (please see below), I found that,
during this entire 5 sec period, sshd was executing
BN_mod_mul_montgomery() function. Is this expected? Is there a
workaround to avoid cpu spike? This is adding delay to ssh login.
You are seeing the "POST" (Power Up Self Test) mandated by FIPS 140-2.
It is a huge performance hit on low powered platforms (sometimes taking
tens or even hundreds of seconds). We're going to make it significantly
less painful for the upcoming new validation now in progress, but there
will always be a performance hit relative to the same software without
enabling FIPS mode.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
