AW: Performance Issue With OpenSSL 1.1.1c

Matthias St. Pierre Matthias.St.Pierre at ncp-e.com
Tue Jun 4 15:49:37 UTC 2019


Hi,

I opened an issue on GitHub to discuss this problem in more detail.

https://github.com/openssl/openssl/issues/9078

It would be nice if you could join the discussion there.


Matthias


@Jay:  in particular I'm interested to learn, which linux version and distribution
you were using. On newer systems, `getentropy()` should be the method of
choice, because it does not share the deficiencies of the `/dev/urandom` device.




On 30.05.19 02:11, Dr. Matthias St. Pierre wrote:
>> To workaround the /dev/random blocking issue, you can just add:
>>
>> -DDEVRANDOM="\"/dev/urandom\""
>>
>> as a parameter to ./Configure
>>
>> This will remove the special handling of /dev/urandom and /dev/random
>> in 1.1.1c.
>
> Tomáš, Jay,
>
> I'm afraid this suggestion won't help, because `DEVRANDOM_WAIT` is defined
> unconditionally in e_os.h:
>
> https://github.com/openssl/openssl/blob/OpenSSL_1_1_1c/e_os.h#L30-L34
>
> This means that the select() call will happen on linux independently of what
> `DEVRANDOM` is defined to be:
>
> https://github.com/openssl/openssl/blob/OpenSSL_1_1_1c/crypto/rand/rand_unix.c#L509-L535
>
> I think that pull request #8251 needs to be reconsidered. Give me one day or two,
> I'll create a GitHub issue for that and post the link here when it's ready.
>
> Matthias
>
>



More information about the openssl-users mailing list