<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:220215184;
mso-list-type:hybrid;
mso-list-template-ids:-821790642 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='font-size:13.0pt'>Hello, this is my first post to this list.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'>I'm a software developer. The product line I'm developing indirectly uses OpenSSL through a 3<sup>rd</sup> party library. Specifically, the library does a decryption of a license file right at the startup of our application. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'>Trouble is, the OpenSSL startup is taking over 1 second on a modern computer running Windows 8.1 x64.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'>1 second doesn't sound like much, but that's time our user has to wait every time to see our user interface. The entire rest of our startup logic literally takes a few tens of milliseconds. It's making our application sluggish, and we need the license file verified before the application starts up.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'>We tracked the delay down to OpenSSL's entropy gathering heap walking logic in the RAND_poll() function in rand_win.c. The Heap32First() and Heap32Next() Windows API calls are monstrously inefficient - each iteration taking a significant part of a second just to return a pointer to the first or next heap entry. Since the logic attempts to walk through the entire heap, it doesn't take many calls at all to exceed the MAXDELAY time of 1000 milliseconds (one full second).<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'>I have the impression, looking at the RAND_poll() code, that the MAXDELAY of 1000 milliseconds is a "watchdog" timeout meant to prevent a complete lockup under some unspecified condition, and it is not expected to be exercised in the normal case. Researching a bit further, MAXDELAY appears to have been added to RAND_Poll() some 5+ years ago.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'>As a source of entropy, the number of bytes that COULD be "added" together by RAND_add() in the heap walking loop should be monstrous - millions or even billions. But in practice that's just not happening, since it's taking so long to get the pointers. It literally can just be a few thousands of bytes.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'>So... Two things:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'><o:p> </o:p></span></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:13.0pt'><span style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:13.0pt'>Since Heap32First() and Heap32Next() move glacially, not very many heap blocks are traversed in 1000 milliseconds (possibly only one or a handful on an average computer). This implies the heap walking loop is a VERY poor source of entropy given the amount of CPU time spent. I'm no expert on entropy, but this appears to reduce the security of the library.<br><br><o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:13.0pt'><span style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:13.0pt'>The library in our case is being used in a client application where (unlike a server that starts OpenSSL up once and stays up) it's initialized every time the application is opened, and so the startup time is important. Can the watchdog timeout for the heap walk loop be reduced to something more reasonable? Say 100 milliseconds?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'>It's pretty clear that if a more efficient method is implemented to walk through heap blocks, a LOT more entropy can be gathered in a LOT less time. Bear in mind also that computers are a LOT faster than they were even 5 years ago when the 1 second MAXDELAY timeout was first implemented.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'>If need be, I can likely put together source code to accomplish the above.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'>Thanks.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'>-Noel Carboni<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:13.0pt'> ProDigital Software<o:p></o:p></span></p></div></body></html>