BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
Start second process as a daemon so it only does the entropy
gathering at process start-up?
On Wed 04/05/11 5:35 PM , Mounir IDRASSI mounir.idra...@idrix.net
sent:
Indeed, their have been already a modification to OpenSSL in order
to
limit the observed delay but that doesn't completely solve the
problem.
This issue is linked to an internal design of OpenSSL which uses
heap
walking as a mean to gather entropy and unfortunately Windows 7 have
made this mechanism more expensive than previous Windows versions.
So,
this issue won't be solved unless there is a major change to OpenSSL
entropy gathering architecture, which doesn't appear to be coming
any
time soon.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr [1]
On 5/4/2011 6:14 PM, Ashwin Chandra wrote:
> Okay I read the complete bug report and it looks like there is a
fix in
> the latest openssl. However I checked it out and it limits the
maximum
> time RAND_poll will take to a second. 1000ms. Is there any other
way to
> speed this up?
>
> -----Original Message-----
> From: owner-openssl-us...@openssl.org [2]
> [owner-openssl-us...@openssl.org [3]] On Behalf Of Mounir IDRASSI
> Sent: Wednesday, May 04, 2011 4:47 AM
> To: openssl-users@openssl.org [4]
> Subject: Re: RSA_private_decrypt across processes
>
> Hi,
>
> This could be related to the slowness of RAND_poll under Windows
7. See
> :
>
http://rt.openssl.org/Ticket/Display.html?id=2100&user=guest&pass=guest
[5]
> Your second process is certainly trying to initialize its RNG and
that's
> why you see this delay.
> Do you confirm that you are executing these processes under
Windows 7?
>
> --
> Mounir IDRASSI
> IDRIX
> http://www.idrix.fr [6]
>
> On 5/4/2011 7:02 AM, Ashwin Chandra wrote:
>> I generate an RSA key using RSA_generate_key in one process. I
then
>> take the RSA structure that is generated and serialize it and
send it
>> to another process via an RPC mechanism. In the other process I
then
>> de-serialize the RSA data and use that as input to an
>> RSA_private_decrypt function to decrypt some data that was
previously
>> encrypted with the RSA public key.
>>
>> This works fine and I am able to decrypt the data successful,
HOWEVER,
>> it takes a long time to do so, like up to 2 seconds. It is almost
as
>> if it is doing another key generation in the background. Note
that if
>> I do this RSA_private_decrypt in the same process as the one that
>> generated the key, it takes around 20-30 ms.
>>
>> This leads me to think that maybe there is some static data that
the
>> openssl library uses in RSA_private_decrypt that was cached when
I
>> generated the key and now is not available since it is a new
process.
>>
>> Can anyone enlighten me on this?
>>
>
______________________________________________________________________
> OpenSSL Project http://www.openssl.org [7]
> User Support Mailing List openssl-users@openssl.org [8]
> Automated List Manager majord...@openssl.org [9]
>
>
>
______________________________________________________________________
> OpenSSL Project http://www.openssl.org [10]
> User Support Mailing List openssl-users@openssl.org [11]
> Automated List Manager majord...@openssl.org [12]
______________________________________________________________________
OpenSSL Project http://www.openssl.org [13]
User Support Mailing List openssl-users@openssl.org [14]
Automated List Manager majord...@openssl.org [15]
Links:
------
[1] http://www.idrix.fr
[2] mailto:owner-openssl-us...@openssl.org
[3] mailto:owner-openssl-us...@openssl.org
[4] mailto:openssl-users@openssl.org
[5]
http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Frt.openssl.org%2FTicket%2FDisplay.html%3Fid%3D2100%26user%3Dguest%26pass%3Dguest
[6]
http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.idrix.fr
[7]
http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.openssl.org
[8] mailto:openssl-users@openssl.org
[9] mailto:majord...@openssl.org
[10]
http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.openssl.org
[11] mailto:openssl-users@openssl.org
[12] mailto:majord...@openssl.org
[13] http://www.openssl.org
[14] mailto:openssl-users@openssl.org
[15] mailto:majord...@openssl.org
