Hi, Thank you. I just notice that the main time consumer is not the getpid(). I also found thousands of “FIPS_selftest_failed” during FIPS mode setup which indeed induce the getpid call. Is it normal that FIPS_mode_set(1) needs 5 seconds to finish?
Do you have any idea about the main time consumer here? The call stack is followed. If the self-test has some problem, how should I debug to root cause? Here is the call stack, the following call log just repeated thousands of times in my case. Breakpoint 1, 0x7af3a278 in getpid+0 () from /usr/lib/libc.2 #0 0x7af3a278 in getpid+0 () from /usr/lib/libc.2 #1 0x7a41c454 in CRYPTO_thread_id+0x24 () from libcrypto.sl.0.9.8 #2 0x7a40b5ec in FIPS_selftest_failed+0x6c () from libcrypto.sl.0.9.8 #3 0x7a420764 in EVP_DigestInit_ex+0x34 () from libcrypto.sl.0.9.8 #4 0x7a4251b8 in ssleay_rand_add#HLO_CL_#i1_0x14+0x130 () from libcrypto.sl.0.9.8 #5 0x7a4248e4 in ssleay_rand_bytes+0x1a4 () from libcrypto.sl.0.9.8 #6 0x7a4265b8 in RAND_bytes+0x80 () from libcrypto.sl.0.9.8 #7 0x7a40bd58 in FIPS_mode_set+0x270 () from libcrypto.sl.0.9.8 Breakpoint 1, 0x7af3a278 in getpid+0 () from /usr/lib/libc.2 #0 0x7af3a278 in getpid+0 () from /usr/lib/libc.2 #1 0x7a41c454 in CRYPTO_thread_id+0x24 () from libcrypto.sl.0.9.8 #2 0x7a40b3b0 in FIPS_mode+0x70 () from libcrypto.sl.0.9.8 #3 0x7a420824 in EVP_DigestInit_ex+0xf4 () from libcrypto.sl.0.9.8 #4 0x7a4251b8 in ssleay_rand_add#HLO_CL_#i1_0x14+0x130 () from libcrypto.sl.0.9.8 #5 0x7a4248e4 in ssleay_rand_bytes+0x1a4 () from libcrypto.sl.0.9.8 #6 0x7a4265b8 in RAND_bytes+0x80 () from libcrypto.sl.0.9.8 #7 0x7a40bd58 in FIPS_mode_set+0x270 () from libcrypto.sl.0.9.8 Breakpoint 1, 0x7af3a278 in getpid+0 () from /usr/lib/libc.2 #0 0x7af3a278 in getpid+0 () from /usr/lib/libc.2 #1 0x7a41c454 in CRYPTO_thread_id+0x24 () from libcrypto.sl.0.9.8 #2 0x7a425120 in ssleay_rand_add#HLO_CL_#i1_0x14+0x98 () from libcrypto.sl.0.9.8 #3 0x7a4248e4 in ssleay_rand_bytes+0x1a4 () from libcrypto.sl.0.9.8 #4 0x7a4265b8 in RAND_bytes+0x80 () from libcrypto.sl.0.9.8 #5 0x7a40bd58 in FIPS_mode_set+0x270 () from libcrypto.sl.0.9.8 Breakpoint 1, 0x7af3a278 in getpid+0 () from /usr/lib/libc.2 #0 0x7af3a278 in getpid+0 () from /usr/lib/libc.2 #1 0x7a41c454 in CRYPTO_thread_id+0x24 () from libcrypto.sl.0.9.8 #2 0x7a40b5ec in FIPS_selftest_failed+0x6c () from libcrypto.sl.0.9.8 #3 0x7a420764 in EVP_DigestInit_ex+0x34 () from libcrypto.sl.0.9.8 #4 0x7a4251b8 in ssleay_rand_add#HLO_CL_#i1_0x14+0x130 () from libcrypto.sl.0.9.8 #5 0x7a4248e4 in ssleay_rand_bytes+0x1a4 () from libcrypto.sl.0.9.8 #6 0x7a4265b8 in RAND_bytes+0x80 () from libcrypto.sl.0.9.8 #7 0x7a40bd58 in FIPS_mode_set+0x270 () from libcrypto.sl.0.9.8 Best Regards, -Meiling -----Original Message----- From: Stephen Henson via RT [mailto:[email protected]] Sent: Thursday, December 27, 2012 6:26 AM To: Ge, Meiling Cc: [email protected] Subject: [openssl.org #2948] thousands of getpid called inside libcrypto.sl.0.9.8 > [[email protected] - Wed Dec 26 21:07:57 2012]: > > Hi Openssl team, > I have an performance issue with openssl_fips. > My application use openssl_fips version 0.9.8. > Recently, I found that the fips lib make my application slow. > When my application initialize the fips setting, it introduces 7000+ > getpid() call. > And this will cost 5 seconds. > > Is this an real issue? > Looking forward to your reply. > Thanks. > > > The call trace is as followed: > Breakpoint 1, 0x7af3a278 in getpid+0 () from /usr/lib/libc.2 > #0 0x7af3a278 in getpid+0 () from /usr/lib/libc.2 > #1 0x7a41c454 in CRYPTO_thread_id+0x24 () from libcrypto.sl.0.9.8 > #2 0x7a40bbd8 in FIPS_mode_set+0xf0 () from libcrypto.sl.0.9.8 > #3 0x2695f8 in main+0x168 () > These all go through a user settable callback which defaults to getpid() on most platforms. You can supply a more efficient equivalent in an application. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
