On 5/28/2019 10:39 AM, Jay Foster wrote:
I built OpenSSL 1.1.1c from the recent release, but have noticed what
seems like a significant performance drop compared with 1.1.1b. I
notice this when starting lighttpd. With 1.1.1b, lighttpd starts in a
few seconds, but with 1.1.1c, it takes several minutes.
I also noticed that with 1.1.1b, the CFLAGS automatically included
'-Wall -O3', but with 1.1.1c, '-Wall -O3' is no longer included in the
CFLAGS. was this dropped? I added '-Wall -O3' to the CFLAGS, but
this did not seem to have any affect on the performance issue
(unrelated?).
This is for a 32-bit ARM build.
Jay
I think I have tracked down the change in 1.1.1c that is causing this.
It is the addition of the DEVRANDOM_WAIT functionality for linux in
e_os.h and crypto/rand/rand_unix.c. lighttpd (libcrypto) is waiting in
a select() call on /dev/random. After this eventually wakes up, it then
reads from /dev/urandom. OpenSSL 1.1.1b did not do this, but instead
just read from /dev/urandom. Is there more information about this
change (i.e., a rationale)? I did not see anything in the CHANGES file
about it.
Jay
