On Tue, Aug 02, 2022 at 09:32:34AM -0700, Hal Murray wrote: > mlich...@redhat.com said: > > I was surprised to see they switched arc4random in glibc to getrandom(). > > That > > has a significant performance impact on chronyd, as it calls the function > > for > > each generated RX and TX timestamp. In my > > NTPsec uses OpenSSL and their crypto package. I noticed significant CPU > going > into randomness. On investigation, there is high overhead. The cycles per > byte isn't horrible for longer chunks. It's things like calling getpid() > called during setup.
Is OpenSSL required in NTPsec? chrony can be built with no crypto library, so it needs a random generator that's always available. That's /dev/urandom. > > I've contemplated using a big buffer. Fill it with one call to amortize the > overhead. Pass out small chunks as needed. I haven't written any code. That's what chrony does, but not with arc4random as that is assumed to have its own buffer. -- Miroslav Lichvar -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.