Ubuntu
openssl package

Only run FIPS self tests when FIPS is enabled

Bug #1591797 reported by Ken Baker
28
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

The FIPS changes added in 1.0.2g-1ubuntu3/1.0.2g-1ubuntu4 as discussed in https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309 always run the FIPS self tests independent of FIPS being enabled (via /proc/sys/crypto/fips_enabled).

The performance impact of running these FIPS tests on armhf (beaglebone and raspberry pi 2&3) is significant (~ 700ms). On amd64 it is measurable but far less significant (~ 10ms). On a long running process this may be insignificant, but for command line tools this is problematic. I've seen performance differences with wget, dig, nslookup, and host. I am sure there are others. The specific numbers above are from the sample code below.

The relevant initialization can be found in crypto/o_init.c:
static void init_fips_mode(void)
{
    char buf[2] = "0";
    int fd;

    /* Ensure the selftests always run */
    FIPS_mode_set(1);

    /* For now, do not enforce fips mode via env var
    if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
        buf[0] = '1';
    } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { */
    if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
        while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; close(fd);
    }
    /* Failure reading the fips mode switch file means just not
     * switching into FIPS mode. We would break too many things
     * otherwise..
     */

    if (buf[0] != '1') {
        /* drop down to non-FIPS mode if it is not requested */
        FIPS_mode_set(0);
    } else {
        /* abort if selftest failed */
        FIPS_selftest_check();
    }
}

I would like to see these tests only run if /proc/sys/crypto/fips_enabled exists, and is 1. This still meets the original proposal as written in the 1553309 thread:
1. openssl must read a 1 from /proc/sys/crypto/fips_enabled.
2. The selftests must pass
3. The integrity check must pass

To see the performance differences you can build and time the following program:
#include <stdio.h>
#include <openssl/ssl.h>

int main() {
  OpenSSL_add_ssl_algorithms();
}

To measure the system performance without FIPS I installed 1.0.2g-1ubuntu2 from: https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu2 on both armhf and amd64. I have also recompiled 1.0.2g-1ubuntu4.1 with the call to FIPS_mode_set(1) commented out.

When I run the original 1.0.2g-1ubuntu4.1 on my Raspberry Pi I see the following times:
real 0m0.690s
real 0m0.683s
real 0m0.705s
real 0m0.690s

The same system with 1.0.2g-1ubuntu4.1 modified and the call to FIPS_mode_set(1) commented out:
real 0m0.010s
real 0m0.010s
real 0m0.009s
real 0m0.012s
real 0m0.010s

The same system with 1.0.2g-1ubuntu2:
real 0m0.010s
real 0m0.009s
real 0m0.009s
real 0m0.011s
real 0m0.012s

Here is some information about my system:
$ lsb_release -rd
Description: Ubuntu 16.04 LTS
Release: 16.04

$ apt-cache policy libssl1.0.0
libssl1.0.0:
  Installed: 1.0.2g-1ubuntu4.1
  Candidate: 1.0.2g-1ubuntu4.1
  Version table:
 *** 1.0.2g-1ubuntu4.1 500
        500 http://ports.ubuntu.com/ubuntu-ports xenial-security/main armhf Packages 500 http://ports.ubuntu.com/ubuntu-ports xenial-updates/main armhf Packages 100 /var/lib/dpkg/status
     1.0.2g-1ubuntu4 500
        500 http://ports.ubuntu.com/ubuntu-ports xenial/main armhf Packages

Revision history for this message
Joy Latten (j-latten) wrote :

This is a FIPS 140-2 requirement.
The FIPS_mode_set(1) in init_fips_mode() called from OPENSSL_init_library is to satisfy the FIPS 140-2, Section 4.9 requirement that power-up selftest be run when the module is powered-up. This must be done regardless of whether the module is to be run in FIPS mode or not. Reading /proc entry only indicates whether to run the module in FIPS mode.

Note: The FIPS code in openssl in Xenial is a work-in-progress and is not complete.
All effort is made to optimize the power-up selftest as mush as possible.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.2g-1ubuntu8

---------------
openssl (1.0.2g-1ubuntu8) yakkety; urgency=medium

  * Remove unused FIPS patches for now. (LP: #1594748, LP: #1593953,
    LP: #1591797, LP: #1588524)

 -- Marc Deslauriers <email address hidden> Mon, 15 Aug 2016 14:20:42 -0400

Changed in openssl (Ubuntu):
status: New → Fix Released
Revision history for this message
Ken Baker (bakerkj) wrote :

Marc Deslauriers,

Will this change to remove the FIPS patches be backported and released in Xenial?

-- Ken

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Yes, see bug 1614210 for the SRU to xenial.

Revision history for this message
Chris J Arges (arges) wrote : Please test proposed package

Hello Ken, or anyone else affected,

Accepted openssl into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Revision history for this message
Ken Baker (bakerkj) wrote :

Chris, I can confirm that 1.0.2g-1ubuntu4.3 in xenial-proposed on armhf works as expected.

tags: added: verification-done
removed: verification-needed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.