optimization capabilities missing in openssl fips provider #23978
Replies: 8 comments 5 replies
-
You should not do that. The certificate for the FIPS provider is only valid for the software defined algorithms in the FIPS provider. Enabling hardware acceleration within the FIPS provider nullifies that validation. |
Beta Was this translation helpful? Give feedback.
-
Not sure I get. The |
Beta Was this translation helpful? Give feedback.
-
IMO @nhorman is correct, but also incorrect, depending on ways on how you look at the problem. I would call this a bug as this is certainly unintentional side effect of having the capability variable unset in the FIPS provider's copy. I actually wonder if the FIPS provider on x86_64 and aarch64 has the same problem. If so, and that is likely, then this is definitely a problem and unintended. On the other hand the ppc64 platforms where those accelerating instructions are available are not among those platforms where the OpenSSL FIPS module is tested and validated. Due to this it is much closer to FIPS compliance to use the non-accelerated default implementation that is being used due to this issue. With x86_64 and aarch64 this is much worse issue as it was fully intended to have the accelerated code-paths tested and validated but if this issue is present on these platforms, these code paths actually weren't tested and validated and they are not used at all. Which is fairly bad due to much worse properties in terms of performance and side-channel resistance of the C implementation. |
Beta Was this translation helpful? Give feedback.
-
Why was this moved to a discussion? |
Beta Was this translation helpful? Give feedback.
-
thats my fault, I had assumed that our current FIPS validation intended to not enable hardware acceleration. I'll move this back |
Beta Was this translation helpful? Give feedback.
-
recreated here: |
Beta Was this translation helpful? Give feedback.
-
BTW fortunately x86_64 is not affected by this issue. According to my testing the CPU feature detection works fine there even for the fips provider. |
Beta Was this translation helpful? Give feedback.
-
But surprisingly the So I think something else plays here. No idea what, though. |
Beta Was this translation helpful? Give feedback.
-
Hello
I am using openssl 3.0.10 version and have built the fips provider using the make enable_fips flags for aix-cc platform.
However the openssl speed command shows that it is not using the hardware capabilities of Power, and instead uses the software implementations of the algorithms.
This is seen when fips provider is enabled in the openssl.cnf configuration file (with default disabled).
The issue is that the OPENSSL_cpuid_setup function which sets the power hardware capabilities (OPENSSL_ppccap_P variable) gets called only in the context of default provider.
Since fips provider is loaded as a shared object, it has its own copy of OPENSSL_ppccap_P which gets initialized to 0 as we do not call OPENSSL_cpuid_setup function in the context of FIPS provider. Since this value is 0, any algorithm implementation calls done with fips provider uses the software based implementation of the algorithms.
Can you advice how to fix this?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions