Closed Trott closed 8 years ago
No surprise. The test normally generates 256 bits DH primes but in FIPS mode it switches to 1024 bits, which is hugely slow and variable:
$ perf stat -r 10 ./out/Release/node -e 'crypto.createDiffieHellman(1024)'
# ...
5440.264700 task-clock (msec) # 0.999 CPUs utilized ( +- 30.04% )
# ...
5.443948026 seconds time elapsed ( +- 30.03% )
The percentages are the standard deviation from the mean over 10 runs. For 256 bits primes it's much lower, as is the total running time:
$ perf stat -r 10 ./out/Release/node -e 'crypto.createDiffieHellman(256)'
# ...
178.755007 task-clock (msec) # 0.994 CPUs utilized ( +- 6.88% )
# ...
0.179777933 seconds time elapsed ( +- 6.82% )
Which is to be expected because 'generating primes' is really just searching for primes in an n-bit range, testing candidates for primality and other properties (because not all primes are created equal.)
There is an upper bound but it's very large so for practical purposes the total running time of the test is indeterminate. There are always going to be outliers that hit the timeout.
(That also applies to 256 bits primes, just much less frequent.)
@nodejs/build Is it possible to run a node-stress-single-test task on CI that forces FIPS mode? If so, how can I do that?
Stress test on non-FIPS as a baseline: https://ci.nodejs.org/job/node-stress-single-test/903/nodes=ubuntu1404-64/console
@Trott the node-stress-single-test-fips
should be good again. Here is a run with the same parameters: https://ci.nodejs.org/view/Node.js/job/node-stress-single-test-fips/10/nodes=ubuntu1404-64/console
0 failures in 9999 runs on FIPS and non-FIPS. I'm going to close this. If it crops up again, we can look at it more, I suppose.
Example failure at https://ci.nodejs.org/job/node-test-commit-linux-fips/3569/nodes=ubuntu1404-64/console:
@mhdawson