Performance Issue With OpenSSL 1.1.1c
jayf0ster at roadrunner.com
Tue May 28 21:15:51 UTC 2019
On 5/28/2019 10:39 AM, Jay Foster wrote:
> I built OpenSSL 1.1.1c from the recent release, but have noticed what
> seems like a significant performance drop compared with 1.1.1b. I
> notice this when starting lighttpd. With 1.1.1b, lighttpd starts in a
> few seconds, but with 1.1.1c, it takes several minutes.
> I also noticed that with 1.1.1b, the CFLAGS automatically included
> '-Wall -O3', but with 1.1.1c, '-Wall -O3' is no longer included in the
> CFLAGS. was this dropped? I added '-Wall -O3' to the CFLAGS, but
> this did not seem to have any affect on the performance issue
> This is for a 32-bit ARM build.
I think I have tracked down the change in 1.1.1c that is causing this.
It is the addition of the DEVRANDOM_WAIT functionality for linux in
e_os.h and crypto/rand/rand_unix.c. lighttpd (libcrypto) is waiting in
a select() call on /dev/random. After this eventually wakes up, it then
reads from /dev/urandom. OpenSSL 1.1.1b did not do this, but instead
just read from /dev/urandom. Is there more information about this
change (i.e., a rationale)? I did not see anything in the CHANGES file
More information about the openssl-users