OpenSSL 1.1.1g Windows build slow rsa tests

Dr Paul Dale pauli at
Thu Jan 21 02:27:35 UTC 2021

I'd suggest giving a build without the no-asm option a try.  The 
performance difference is usually quite significant.

Statis vs dynamic builds wouldn't normally be associated with such a 
large difference.  If the difference were routinely this large, nobody 
would use dynamic linking.


On 21/1/21 10:37 am, Michael Wojcik wrote:
>> From: openssl-users <openssl-users-bounces at> On Behalf Of Dr Paul
>> Dale
>> Sent: Wednesday, 20 January, 2021 16:19
>> Try building without the no-asm configuration option.
> That was my first thought, but according to Dan's message, the firedaemon version is also built with no-asm.
> The only relevant differences I see between the two builds are static (Dan's) versus dynamic (firedaemon's) linkage:
>> On 21/1/21 6:18 am, Dan Heinz wrote:
>>> compiler: cl /Fdossl_static.pdb  /Gs0 /GF /Gy /MT /Zi /W3 /wd4090
> /MT uses the static-linked MSVC runtime.
>>> Here is the downloaded binary from
>>> <>:
>>> compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo
> /MD uses the dynamic-linked MSVC runtime.
>>> Here are my configure parameters:
>>> Configure VC-WIN64A no-shared  no-asm no-idea no-mdc2 no-rc5 no-ssl2
>>> no-ssl3 no-zlib no-comp no-pinshared no-ui-console
>>>    -DOPENSSL_NO_DEPRECATED --api=1.1.0
>>> And their configure parameters:
>>> Configure VC-WIN64Ano-asm no-ssl3 no-zlib no-comp no-ui-console
>>> --api=1.1.0 --prefix="%openssl-dst%" --openssldir=ssl
> Assuming the lack of a space between "VC_WIN64A" and "no-asm" is a typo, they're also building with no-asm, and the only significant difference for this case that I can see is no-shared. (no-pinshared looks even less likely to affect this test, and does it even have any effect when building no-shared?)
> Linking with /MT will affect code size and layout, which could adversely affect code caching. It's not impossible that would have a factor-of-four penalty on compute-bound code. I'm reluctant to conclude that's the problem, though, without more evidence.
> Unfortunately tracking this down would likely require profiling.
> That's assuming Dan is correct about the firedaemon build being configured with no-asm.
> --
> Michael Wojcik

More information about the openssl-users mailing list