[Bug 1620345] [NEW] Slow startup due to FIPS selftest if openssl loaded

Nikita Popov nikita.ppv at googlemail.com
Mon Sep 5 15:14:56 UTC 2016 

Public bug reported:

I recently noticed that the PHP testsuite runs significantly slower if
openssl is enabled. E.g. running "make test TESTS=tests" takes 7 seconds
without openssl and 37 seconds with. This is a factor of five
difference.

After a quick check using callgrind, it turns out that the vast majority
of the time is spent in performing a FIPS_selftest(). This was very
surprising, and I was initially afraid that Ubuntu had enabled the
OpenSSL FIPS mode, which is well known to degrade security. However, it
seems that this is not the case, and Ubuntu has simply patched OpenSSL
to always perform the FIPS_selftest(), independently of whether FIPS
mode is used.

I'm not entirely sure what should/can be done about this. I understand
the motivation for always performing a self-test and that it is not a
common workload to start a process many hundreds of times in a row to
perform a small task. However, it should be noted that OpenSSL
acknowledges [0] that the test is unnecessarily slow, because they
cannot change the current implementation without invalidating the FIPS
certification. This indicates that it should be possible to perform a
cheaper self-test.

 [0]: https://www.openssl.org/docs/fipsnotes.html

---

Description:	Ubuntu 16.04.1 LTS
Release:	16.04

libssl-dev:
  Installed: 1.0.2g-1ubuntu4.2
  Candidate: 1.0.2g-1ubuntu4.2

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1620345

Title:
  Slow startup due to FIPS selftest if openssl loaded

Status in openssl package in Ubuntu:
  New

Bug description:
  I recently noticed that the PHP testsuite runs significantly slower if
  openssl is enabled. E.g. running "make test TESTS=tests" takes 7
  seconds without openssl and 37 seconds with. This is a factor of five
  difference.

  After a quick check using callgrind, it turns out that the vast
  majority of the time is spent in performing a FIPS_selftest(). This
  was very surprising, and I was initially afraid that Ubuntu had
  enabled the OpenSSL FIPS mode, which is well known to degrade
  security. However, it seems that this is not the case, and Ubuntu has
  simply patched OpenSSL to always perform the FIPS_selftest(),
  independently of whether FIPS mode is used.

  I'm not entirely sure what should/can be done about this. I understand
  the motivation for always performing a self-test and that it is not a
  common workload to start a process many hundreds of times in a row to
  perform a small task. However, it should be noted that OpenSSL
  acknowledges [0] that the test is unnecessarily slow, because they
  cannot change the current implementation without invalidating the FIPS
  certification. This indicates that it should be possible to perform a
  cheaper self-test.

   [0]: https://www.openssl.org/docs/fipsnotes.html

  ---

  Description:	Ubuntu 16.04.1 LTS
  Release:	16.04

  libssl-dev:
    Installed: 1.0.2g-1ubuntu4.2
    Candidate: 1.0.2g-1ubuntu4.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1620345/+subscriptions

More information about the foundations-bugs mailing list