Thanks Steve. This happened on a system with Intel dual core 2.4ghz
processor and 2gig ram. Is the observed cpu pattern expected on such
platforms? You mentioned it will be less painful after upcoming validation.
Do you mean change in implementation for speedier self-tests?
Thanks,
Prakash
----- Original Message -----
From: "Steve Marquess" <marqu...@opensslfoundation.com>
To: <openssl-users@openssl.org>
Sent: Thursday, March 03, 2011 1:44 AM
Subject: Re: BN_mod_mul_montgomery() causing cpu spike
prakgen wrote:
Hi,
I've enabled fips in sshd (OpenSSH 5.5p1) and linked it against
openssl-fips-1.2. Everytime time sshd is spawned, the cpu utilization
shoots up and remains high (40% to 90%) for around 5 seconds. By taking
backtraces at time intervals (please see below), I found that, during
this entire 5 sec period, sshd was executing BN_mod_mul_montgomery()
function. Is this expected? Is there a workaround to avoid cpu spike?
This is adding delay to ssh login.
You are seeing the "POST" (Power Up Self Test) mandated by FIPS 140-2. It
is a huge performance hit on low powered platforms (sometimes taking tens
or even hundreds of seconds). We're going to make it significantly less
painful for the upcoming new validation now in progress, but there will
always be a performance hit relative to the same software without enabling
FIPS mode.
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
