Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

BN_mod_mul_montgomery() causing cpu spike

3 views
Skip to first unread message

prakgen

unread,
Mar 2, 2011, 1:23:33 PM3/2/11
to
Hi,

I've enabled fips in sshd (OpenSSH 5.5p1) and linked it against
openssl-fips-1.2. Everytime time sshd is spawned, the cpu utilization
shoots up and remains high (40% to 90%) for around 5 seconds. By taking
backtraces at time intervals (please see below), I found that, during this
entire 5 sec period, sshd was executing BN_mod_mul_montgomery() function. Is
this expected? Is there a workaround to avoid cpu spike? This is adding
delay to ssh login.

#0 0xb7a74a7f in bn_sqr_comba8 (r=0x80de020, a=0x80ddfe0) at bn_asm.c:728
#1 0xb7a5d2a4 in bn_sqr_recursive (r=0x80de020, a=0x80ddfe0, n2=8,
t=0x80de060) at bn_sqr.c:229
#2 0xb7a5d11d in bn_sqr_recursive (r=0x80ddd58, a=0x80d98a8, n2=16,
t=0x80ddfe0) at bn_sqr.c:252
#3 0xb7a5d166 in bn_sqr_recursive (r=0x80ddcd8, a=0x80d9868, n2=32,
t=0x80ddee0) at bn_sqr.c:256
#4 0xb7a5d55e in BN_sqr (r=0x80d8eb4, a=0x80d8cf0, ctx=0x80d8bd0) at
bn_sqr.c:127
#5 0xb7a58ed8 in BN_mod_mul_montgomery (r=0x80d8cf0, a=0x80d8cf0,
b=0x80d8cf0, mont=0x80d9790, ctx=0x80d8bd0)
at bn_mont.c:153
#6 0xb7a55607 in BN_mod_exp_mont (rr=0x80d8cc8, a=0x80d8cc8, p=0x80d8cb4,
m=0x80d8c78, ctx=0x80d8bd0, in_mont=0x80d9790) at bn_exp.c:495
#7 0xb7a5b44e in witness (mont=<value optimized out>, ctx=<value optimized
out>, k=<value optimized out>,
a1_odd=<value optimized out>, a1=<value optimized out>, a=<value optimized
out>, w=<value optimized out>)
at bn_prime.c:355
#8 BN_is_prime_fasttest_ex (a=0x80d8c78, checks=50, ctx_passed=0x80d8bd0,
do_trial_division=1, cb=0x0)
at bn_prime.c:328
#9 0xb7a81c54 in dsa_builtin_paramgen (cb=<value optimized out>,
h_ret=<value optimized out>,
counter_ret=<value optimized out>, seed_len=<value optimized out>,
seed_in=<value optimized out>,
bits=<value optimized out>, ret=<value optimized out>) at fips_dsa_gen.c:271
#10 DSA_generate_parameters_ex (ret=0x80d8ab8, bits=1024, seed_in=0x0,
seed_len=20, counter_ret=0xbfd3d4f8, h_ret=0xbfd3d4f0, cb=0x0) at
fips_dsa_gen.c:99
#11 0xb7a82091 in FIPS_selftest_dsa () at fips_dsa_selftest.c:131
#12 0xb7a50415 in FIPS_selftest () at fips.c:178

Thanks,
Prakash

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Steve Marquess

unread,
Mar 2, 2011, 3:14:04 PM3/2/11
to
prakgen wrote:
> Hi,
>
> I've enabled fips in sshd (OpenSSH 5.5p1) and linked it against
> openssl-fips-1.2. Everytime time sshd is spawned, the cpu utilization
> shoots up and remains high (40% to 90%) for around 5 seconds. By
> taking backtraces at time intervals (please see below), I found that,
> during this entire 5 sec period, sshd was executing
> BN_mod_mul_montgomery() function. Is this expected? Is there a
> workaround to avoid cpu spike? This is adding delay to ssh login.

You are seeing the "POST" (Power Up Self Test) mandated by FIPS 140-2.
It is a huge performance hit on low powered platforms (sometimes taking
tens or even hundreds of seconds). We're going to make it significantly
less painful for the upcoming new validation now in progress, but there
will always be a performance hit relative to the same software without
enabling FIPS mode.

-Steve M.

--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marq...@opensslfoundation.com

prakgen

unread,
Mar 3, 2011, 12:09:18 PM3/3/11
to
Thanks Steve. This happened on a system with Intel dual core 2.4ghz
processor and 2gig ram. Is the observed cpu pattern expected on such
platforms? You mentioned it will be less painful after upcoming validation.
Do you mean change in implementation for speedier self-tests?

Thanks,
Prakash

Steve Marquess

unread,
Mar 3, 2011, 2:07:10 PM3/3/11
to
prakgen wrote:
> Thanks Steve. This happened on a system with Intel dual core 2.4ghz
> processor and 2gig ram. Is the observed cpu pattern expected on such
> platforms? You mentioned it will be less painful after upcoming
> validation. Do you mean change in implementation for speedier self-tests?
>
> ...

>>
>> You are seeing the "POST" (Power Up Self Test) mandated by FIPS
>> 140-2. It is a huge performance hit on low powered platforms
>> (sometimes taking tens or even hundreds of seconds). We're going to
>> make it significantly less painful for the upcoming new validation
>> now in progress, but there will always be a performance hit relative
>> to the same software without enabling FIPS mode.

Yes, we will be making the POST as time efficient as we can within the
boundaries of what is mandated by FIPS 140-2. Those tests are very
compute-intensive and so will tax any CPU for some period of time.

David Schwartz

unread,
Mar 5, 2011, 5:37:27 AM3/5/11
to
On 3/2/2011 10:23 AM, prakgen wrote:

> I've enabled fips in sshd (OpenSSH 5.5p1)

Why?

> and linked it against
> openssl-fips-1.2. Everytime time sshd is spawned, the cpu utilization
> shoots up and remains high (40% to 90%) for around 5 seconds.

"Doctor, it hurts when I do that."
"Then don't do that."

DS

Steve Marquess

unread,
Mar 5, 2011, 10:19:59 AM3/5/11
to
David Schwartz wrote:
> On 3/2/2011 10:23 AM, prakgen wrote:
>
>> I've enabled fips in sshd (OpenSSH 5.5p1)
>
> Why?

He either works in, or develops products for, a DoD or federal
government environment where use of FIPS validated cryptography is mandated.

No one uses FIPS validated cryptography for fun (there is no technical,
functional, or security advantage, in fact FIPS validated crypto is
undesirable from any purely practical perspective).

-Steve M.

--
Steve Marquess


OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marq...@opensslfoundation.com

0 new messages