[openssl-dev] [openssl.org #4088] RE: [Bug] Openssl caused CPU high to 100%
Stephen Henson via RT
rt at openssl.org
Tue Oct 13 18:03:44 UTC 2015
On Mon Oct 12 01:33:17 2015, lily.zhang at emc.com wrote:
>
> I debugged our client, when calling API below, I saw the client
> prococess's CPU went to 25% in my host(my host has 8 GB RAM which is
> more powerful).
>
> We reproduce this issue in different host, CPU can rise to 25%, 66%,
> 100% (different hosts have different RAMs, processors).
>
> FIPS_mode_set(1);
>
> Please let me know what info are needed for this issue.
>
This is caused by the POST in the FIPS module which runs some tests which are
resource hungry. That can't be changed because the code is part of the
validated module code. The 1.2 FIPS module used with OpenSSL 0.9.8 is obsolete
anyway and OpenSSL 0.9.8 itself is soon to be EOLed.
The 2.0 FIPS module used in OpenSSL 1.0.1 and later has had the POST optimised
so it is not as computationally intensive. If possible use that instead.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list