[openssl-users] Long startup time and poor entropy on Windows due to inefficient heap walking In RAND_poll()

Jeffrey Walton noloader at gmail.com
Mon Jan 19 05:02:05 UTC 2015

On Sun, Jan 18, 2015 at 10:17 PM, Noel Carboni
<NCarboni at prodigitalsoftware.com> wrote:
> ...
> Trouble is, the OpenSSL startup is taking over 1 second on a modern computer
> running Windows 8.1 x64.
> ...
> We tracked the delay down to OpenSSL's entropy gathering heap walking logic
> in the RAND_poll() function in rand_win.c.  The Heap32First() and
> Heap32Next() Windows API calls are monstrously inefficient - each iteration
> taking a significant part of a second just to return a pointer to the first
> or next heap entry.  Since the logic attempts to walk through the entire
> heap, it doesn't take many calls at all to exceed the MAXDELAY time of 1000
> milliseconds (one full second).

You should seed OpenSSL's random number generator directly using
CryptGenRandom (and other entropy you might have).

Once the generator is seeded, it won't attempt to auto-seed itself
with the RAND_poll gear.

Also see http://wiki.openssl.org/index.php/Random_Numbers. It advises
that you seed the generator directly rather than depending on the
library doing it through RAND_poll.


More information about the openssl-users mailing list