On 28/05/2019 23:48, Steffen Nurpmeso wrote:
Jay Foster wrote in <84571f12-68b3-f7ee-7896-c891a2e253e7@xxxxxxxxxxxxxx>: |On 5/28/2019 10:39 AM, Jay Foster wrote: |> I built OpenSSL 1.1.1c from the recent release, but have noticed what |> seems like a significant performance drop compared with 1.1.1b. I |> notice this when starting lighttpd. With 1.1.1b, lighttpd starts in a |> few seconds, but with 1.1.1c, it takes several minutes. |> |> I also noticed that with 1.1.1b, the CFLAGS automatically included |> '-Wall -O3', but with 1.1.1c, '-Wall -O3' is no longer included in the |> CFLAGS. was this dropped? I added '-Wall -O3' to the CFLAGS, but |> this did not seem to have any affect on the performance issue |> (unrelated?). |> |> This is for a 32-bit ARM build. |> |> Jay |> |I think I have tracked down the change in 1.1.1c that is causing this. |It is the addition of the DEVRANDOM_WAIT functionality for linux in |e_os.h and crypto/rand/rand_unix.c. lighttpd (libcrypto) is waiting in |a select() call on /dev/random. After this eventually wakes up, it then |reads from /dev/urandom. OpenSSL 1.1.1b did not do this, but instead |just read from /dev/urandom. Is there more information about this |change (i.e., a rationale)? I did not see anything in the CHANGES file |about it. I do not know why lighttpd ends up on /dev/random for you, but in my opinion the Linux random stuff is both sophisticated and sucks. The latter because (it seems that many) people end up using haveged or similar to pimp up their entropy artificially, whereas on the other side the initial OS seeding is no longer truly supported. Writing some seed to /dev/urandom does not bring any entropy to the "real" pool.
Something equivalent to your program (but not storing a bitcount field) used to be standard in Linux boot scripts before systemd. But it typically used the old method of just writing the saved random bits into /dev/{u,}random . This makes me very surprised that they removed such a widely used interface, can you point out when that was removed from the Linux kernel? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded