Public bug reported:
The FIPS changes added in 1.0.2g-1ubuntu3/1.0.2g-1ubuntu4 as discussed
in https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309 always
run the FIPS self tests independent of FIPS being enabled (via
/proc/sys/crypto/fips_enabled).
The performance impact of running these FIPS tests on armhf (beaglebone
and raspberry pi 2&3) is significant (~ 700ms). On amd64 it is
measurable but far less significant (~ 10ms). On a long running process
this may be insignificant, but for command line tools this is
problematic. I've seen performance differences with wget, dig,
nslookup, and host. I am sure there are others. The specific numbers
above are from the sample code below.
The relevant initialization can be found in crypto/o_init.c:
static void init_fips_mode(void)
{
char buf[2] = "0";
int fd;
/* Ensure the selftests always run */
FIPS_mode_set(1);
/* For now, do not enforce fips mode via env var
if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
buf[0] = '1';
} else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { */
if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; close(fd);
}
/* Failure reading the fips mode switch file means just not
* switching into FIPS mode. We would break too many things
* otherwise..
*/
if (buf[0] != '1') {
/* drop down to non-FIPS mode if it is not requested */
FIPS_mode_set(0);
} else {
/* abort if selftest failed */
FIPS_selftest_check();
}
}
I would like to see these tests only run if /proc/sys/crypto/fips_enabled
exists, and is 1. This still meets the original proposal as written in the
1553309 thread:
1. openssl must read a 1 from /proc/sys/crypto/fips_enabled.
2. The selftests must pass
3. The integrity check must pass
To see the performance differences you can build and time the following program:
#include <stdio.h>
#include <openssl/ssl.h>
int main() {
OpenSSL_add_ssl_algorithms();
}
To measure the system performance without FIPS I installed 1.0.2g-
1ubuntu2 from: https://launchpad.net/ubuntu/+source/openssl/1.0.2g-
1ubuntu2 on both armhf and amd64. I have also recompiled 1.0.2g-
1ubuntu4.1 with the call to FIPS_mode_set(1) commented out.
When I run the original 1.0.2g-1ubuntu4.1 on my Raspberry Pi I see the
following times:
real 0m0.690s
real 0m0.683s
real 0m0.705s
real 0m0.690s
The same system with 1.0.2g-1ubuntu4.1 modified and the call to
FIPS_mode_set(1) commented out:
real 0m0.010s
real 0m0.010s
real 0m0.009s
real 0m0.012s
real 0m0.010s
The same system with 1.0.2g-1ubuntu2:
real 0m0.010s
real 0m0.009s
real 0m0.009s
real 0m0.011s
real 0m0.012s
Here is some information about my system:
$ lsb_release -rd
Description: Ubuntu 16.04 LTS
Release: 16.04
$ apt-cache policy libssl1.0.0
libssl1.0.0:
Installed: 1.0.2g-1ubuntu4.1
Candidate: 1.0.2g-1ubuntu4.1
Version table:
*** 1.0.2g-1ubuntu4.1 500
500 http://ports.ubuntu.com/ubuntu-ports xenial-security/main armhf
Packages 500 http://ports.ubuntu.com/ubuntu-ports xenial-updates/main armhf
Packages 100 /var/lib/dpkg/status
1.0.2g-1ubuntu4 500
500 http://ports.ubuntu.com/ubuntu-ports xenial/main armhf Packages
** Affects: openssl (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1591797
Title:
Only run FIPS self tests when FIPS is enabled
Status in openssl package in Ubuntu:
New
Bug description:
The FIPS changes added in 1.0.2g-1ubuntu3/1.0.2g-1ubuntu4 as discussed
in https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309
always run the FIPS self tests independent of FIPS being enabled (via
/proc/sys/crypto/fips_enabled).
The performance impact of running these FIPS tests on armhf
(beaglebone and raspberry pi 2&3) is significant (~ 700ms). On amd64
it is measurable but far less significant (~ 10ms). On a long running
process this may be insignificant, but for command line tools this is
problematic. I've seen performance differences with wget, dig,
nslookup, and host. I am sure there are others. The specific numbers
above are from the sample code below.
The relevant initialization can be found in crypto/o_init.c:
static void init_fips_mode(void)
{
char buf[2] = "0";
int fd;
/* Ensure the selftests always run */
FIPS_mode_set(1);
/* For now, do not enforce fips mode via env var
if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
buf[0] = '1';
} else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { */
if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; close(fd);
}
/* Failure reading the fips mode switch file means just not
* switching into FIPS mode. We would break too many things
* otherwise..
*/
if (buf[0] != '1') {
/* drop down to non-FIPS mode if it is not requested */
FIPS_mode_set(0);
} else {
/* abort if selftest failed */
FIPS_selftest_check();
}
}
I would like to see these tests only run if /proc/sys/crypto/fips_enabled
exists, and is 1. This still meets the original proposal as written in the
1553309 thread:
1. openssl must read a 1 from /proc/sys/crypto/fips_enabled.
2. The selftests must pass
3. The integrity check must pass
To see the performance differences you can build and time the following
program:
#include <stdio.h>
#include <openssl/ssl.h>
int main() {
OpenSSL_add_ssl_algorithms();
}
To measure the system performance without FIPS I installed 1.0.2g-
1ubuntu2 from: https://launchpad.net/ubuntu/+source/openssl/1.0.2g-
1ubuntu2 on both armhf and amd64. I have also recompiled 1.0.2g-
1ubuntu4.1 with the call to FIPS_mode_set(1) commented out.
When I run the original 1.0.2g-1ubuntu4.1 on my Raspberry Pi I see the
following times:
real 0m0.690s
real 0m0.683s
real 0m0.705s
real 0m0.690s
The same system with 1.0.2g-1ubuntu4.1 modified and the call to
FIPS_mode_set(1) commented out:
real 0m0.010s
real 0m0.010s
real 0m0.009s
real 0m0.012s
real 0m0.010s
The same system with 1.0.2g-1ubuntu2:
real 0m0.010s
real 0m0.009s
real 0m0.009s
real 0m0.011s
real 0m0.012s
Here is some information about my system:
$ lsb_release -rd
Description: Ubuntu 16.04 LTS
Release: 16.04
$ apt-cache policy libssl1.0.0
libssl1.0.0:
Installed: 1.0.2g-1ubuntu4.1
Candidate: 1.0.2g-1ubuntu4.1
Version table:
*** 1.0.2g-1ubuntu4.1 500
500 http://ports.ubuntu.com/ubuntu-ports xenial-security/main armhf
Packages 500 http://ports.ubuntu.com/ubuntu-ports xenial-updates/main armhf
Packages 100 /var/lib/dpkg/status
1.0.2g-1ubuntu4 500
500 http://ports.ubuntu.com/ubuntu-ports xenial/main armhf Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1591797/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
