On Wed, Dec 26, 2012 at 09:07:58PM +0100, Ge, Meiling via RT wrote: > Hi Openssl team, > I have an performance issue with openssl_fips. > My application use openssl_fips version 0.9.8. > Recently, I found that the fips lib make my application slow. > When my application initialize the fips setting, it introduces 7000+ getpid() > call. > And this will cost 5 seconds. > > Is this an real issue?
Yes, the cost of the getpid() calls made by OpenSSL is real, and users often patch them away. If these calls come from code within the FIPS canister, you may not be able to easily do so except by linking to or preloading another library that reimplements fork() and getpid(), so that the PID is cached in a global variable. There's just no reason why getpid() should require a trap into the kernel... Thor ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
