Re: Performance Issue With OpenSSL 1.1.1c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 28/05/2019 23:48, Steffen Nurpmeso wrote:

Jay Foster wrote in <84571f12-68b3-f7ee-7896-c891a2e253e7@xxxxxxxxxxxxxx>:
  |On 5/28/2019 10:39 AM, Jay Foster wrote:
  |> I built OpenSSL 1.1.1c from the recent release, but have noticed what
  |> seems like a significant performance drop compared with 1.1.1b.  I
  |> notice this when starting lighttpd.  With 1.1.1b, lighttpd starts in a
  |> few seconds, but with 1.1.1c, it takes several minutes.
  |>
  |> I also noticed that with 1.1.1b, the CFLAGS automatically included
  |> '-Wall -O3', but with 1.1.1c, '-Wall -O3' is no longer included in the
  |> CFLAGS.  was this dropped?  I  added '-Wall -O3' to the CFLAGS, but
  |> this did not seem to have any affect on the performance issue
  |> (unrelated?).
  |>
  |> This is for a 32-bit ARM build.
  |>
  |> Jay
  |>
  |I think I have tracked down the change in 1.1.1c that is causing this.
  |It is the addition of the DEVRANDOM_WAIT functionality for linux in
  |e_os.h and crypto/rand/rand_unix.c.  lighttpd (libcrypto) is waiting in
  |a select() call on /dev/random.  After this eventually wakes up, it then
  |reads from /dev/urandom.  OpenSSL 1.1.1b did not do this, but instead
  |just read from /dev/urandom.  Is there more information about this
  |change (i.e., a rationale)?  I did not see anything in the CHANGES file
  |about it.

I do not know why lighttpd ends up on /dev/random for you, but in
my opinion the Linux random stuff is both sophisticated and sucks.
The latter because (it seems that many) people end up using
haveged or similar to pimp up their entropy artificially, whereas
on the other side the initial OS seeding is no longer truly
supported.  Writing some seed to /dev/urandom does not bring any
entropy to the "real" pool.

Something equivalent to your program (but not storing a bitcount field)
used to be standard in Linux boot scripts before systemd.  But it
typically used the old method of just writing the saved random bits
into /dev/{u,}random .

This makes me very surprised that they removed such a widely used
interface, can you point out when that was removed from the Linux
kernel?

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux