On Sun, Jan 18, 2015 at 10:17 PM, Noel Carboni <ncarb...@prodigitalsoftware.com> wrote: > ... > Trouble is, the OpenSSL startup is taking over 1 second on a modern computer > running Windows 8.1 x64. > ... > > We tracked the delay down to OpenSSL's entropy gathering heap walking logic > in the RAND_poll() function in rand_win.c. The Heap32First() and > Heap32Next() Windows API calls are monstrously inefficient - each iteration > taking a significant part of a second just to return a pointer to the first > or next heap entry. Since the logic attempts to walk through the entire > heap, it doesn't take many calls at all to exceed the MAXDELAY time of 1000 > milliseconds (one full second).
You should seed OpenSSL's random number generator directly using CryptGenRandom (and other entropy you might have). Once the generator is seeded, it won't attempt to auto-seed itself with the RAND_poll gear. Also see http://wiki.openssl.org/index.php/Random_Numbers. It advises that you seed the generator directly rather than depending on the library doing it through RAND_poll. Jeff _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
