Only run FIPS self tests when FIPS is enabled

Bug #1591797 reported by Ken Baker on 2016-06-13
28
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Undecided
Unassigned

Bug Description

The FIPS changes added in 1.0.2g-1ubuntu3/1.0.2g-1ubuntu4 as discussed in https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309 always run the FIPS self tests independent of FIPS being enabled (via /proc/sys/crypto/fips_enabled).

The performance impact of running these FIPS tests on armhf (beaglebone and raspberry pi 2&3) is significant (~ 700ms). On amd64 it is measurable but far less significant (~ 10ms). On a long running process this may be insignificant, but for command line tools this is problematic. I've seen performance differences with wget, dig, nslookup, and host. I am sure there are others. The specific numbers above are from the sample code below.

The relevant initialization can be found in crypto/o_init.c:
static void init_fips_mode(void)
{
    char buf[2] = "0";
    int fd;

    /* Ensure the selftests always run */
    FIPS_mode_set(1);

    /* For now, do not enforce fips mode via env var
    if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
        buf[0] = '1';
    } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) { */
    if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
        while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ; close(fd);
    }
    /* Failure reading the fips mode switch file means just not
     * switching into FIPS mode. We would break too many things
     * otherwise..
     */

    if (buf[0] != '1') {
        /* drop down to non-FIPS mode if it is not requested */
        FIPS_mode_set(0);
    } else {
        /* abort if selftest failed */
        FIPS_selftest_check();
    }
}

I would like to see these tests only run if /proc/sys/crypto/fips_enabled exists, and is 1. This still meets the original proposal as written in the 1553309 thread:
1. openssl must read a 1 from /proc/sys/crypto/fips_enabled.
2. The selftests must pass
3. The integrity check must pass

To see the performance differences you can build and time the following program:
#include <stdio.h>
#include <openssl/ssl.h>

int main() {
  OpenSSL_add_ssl_algorithms();
}

To measure the system performance without FIPS I installed 1.0.2g-1ubuntu2 from: https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu2 on both armhf and amd64. I have also recompiled 1.0.2g-1ubuntu4.1 with the call to FIPS_mode_set(1) commented out.

When I run the original 1.0.2g-1ubuntu4.1 on my Raspberry Pi I see the following times:
real 0m0.690s
real 0m0.683s
real 0m0.705s
real 0m0.690s

The same system with 1.0.2g-1ubuntu4.1 modified and the call to FIPS_mode_set(1) commented out:
real 0m0.010s
real 0m0.010s
real 0m0.009s
real 0m0.012s
real 0m0.010s

The same system with 1.0.2g-1ubuntu2:
real 0m0.010s
real 0m0.009s
real 0m0.009s
real 0m0.011s
real 0m0.012s

Here is some information about my system:
$ lsb_release -rd
Description: Ubuntu 16.04 LTS
Release: 16.04

$ apt-cache policy libssl1.0.0
libssl1.0.0:
  Installed: 1.0.2g-1ubuntu4.1
  Candidate: 1.0.2g-1ubuntu4.1
  Version table:
 *** 1.0.2g-1ubuntu4.1 500
        500 http://ports.ubuntu.com/ubuntu-ports xenial-security/main armhf Packages 500 http://ports.ubuntu.com/ubuntu-ports xenial-updates/main armhf Packages 100 /var/lib/dpkg/status
     1.0.2g-1ubuntu4 500
        500 http://ports.ubuntu.com/ubuntu-ports xenial/main armhf Packages

Joy Latten (j-latten) wrote :

This is a FIPS 140-2 requirement.
The FIPS_mode_set(1) in init_fips_mode() called from OPENSSL_init_library is to satisfy the FIPS 140-2, Section 4.9 requirement that power-up selftest be run when the module is powered-up. This must be done regardless of whether the module is to be run in FIPS mode or not. Reading /proc entry only indicates whether to run the module in FIPS mode.

Note: The FIPS code in openssl in Xenial is a work-in-progress and is not complete.
All effort is made to optimize the power-up selftest as mush as possible.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.2g-1ubuntu8

---------------
openssl (1.0.2g-1ubuntu8) yakkety; urgency=medium

  * Remove unused FIPS patches for now. (LP: #1594748, LP: #1593953,
    LP: #1591797, LP: #1588524)

 -- Marc Deslauriers <email address hidden> Mon, 15 Aug 2016 14:20:42 -0400

Changed in openssl (Ubuntu):
status: New → Fix Released
Ken Baker (bakerkj) wrote :

Marc Deslauriers,

Will this change to remove the FIPS patches be backported and released in Xenial?

-- Ken

Marc Deslauriers (mdeslaur) wrote :

Yes, see bug 1614210 for the SRU to xenial.

Hello Ken, or anyone else affected,

Accepted openssl into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Ken Baker (bakerkj) wrote :

Chris, I can confirm that 1.0.2g-1ubuntu4.3 in xenial-proposed on armhf works as expected.

tags: added: verification-done
removed: verification-needed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers