bnoordhuis
commented
8 years ago No surprise. The test normally generates 256 bits DH primes but in FIPS mode it switches to 1024 bits, which is hugely slow and variable:
$ perf stat -r 10 ./out/Release/node -e 'crypto.createDiffieHellman(1024)'
# ...
5440.264700 task-clock (msec) # 0.999 CPUs utilized ( +- 30.04% )
# ...
5.443948026 seconds time elapsed ( +- 30.03% )The percentages are the standard deviation from the mean over 10 runs. For 256 bits primes it's much lower, as is the total running time:
$ perf stat -r 10 ./out/Release/node -e 'crypto.createDiffieHellman(256)'
# ...
178.755007 task-clock (msec) # 0.994 CPUs utilized ( +- 6.88% )
# ...
0.179777933 seconds time elapsed ( +- 6.82% )Which is to be expected because 'generating primes' is really just searching for primes in an n-bit range, testing candidates for primality and other properties (because not all primes are created equal.)
There is an upper bound but it's very large so for practical purposes the total running time of the test is indeterminate. There are always going to be outliers that hit the timeout.
(That also applies to 256 bits primes, just much less frequent.)
Trott
joaocgreis
Example failure at https://ci.nodejs.org/job/node-test-commit-linux-fips/3569/nodes=ubuntu1404-64/console:
@mhdawson