On Wed May 4 2011, Mounir IDRASSI wrote: > > Well, this is not quiet adapted to the situation. OpenSSL is a library > and it doesn't spawn any process. Moreover, the issue is with the > internal builtin RNG of OpenSSL and a simple user of OpenSSL can not > change its implementation. > Apart from a change to OpenSSL internal, the only option is to implement > an engine that exports its own RNG implementation through a custom > RAND_METHOD structure. >
Since the OP is running win-7, that probably means an Intel processor that supports SSE2 (P-4 or newer) instructions. Depending on the OP requirements for a cryptographically 'hard' RNG - this may help (as one of the random components): http://software.intel.com/en-us/articles/fast-random-number-generator-on-the-intel-pentiumr-4-processor/ Mike > Cheers, > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr > > > On 5/4/2011 7:02 PM, carlyo...@keycomm.co.uk wrote: > > Start second process as a daemon so it only does the entropy gathering > > at process start-up? > > > > > > > > *On Wed 04/05/11 5:35 PM , Mounir IDRASSI mounir.idra...@idrix.net sent: > > * > > > > > > Indeed, their have been already a modification to OpenSSL in order to > > limit the observed delay but that doesn't completely solve the > > problem. > > This issue is linked to an internal design of OpenSSL which uses heap > > walking as a mean to gather entropy and unfortunately Windows 7 have > > made this mechanism more expensive than previous Windows versions. > > So, > > this issue won't be solved unless there is a major change to OpenSSL > > entropy gathering architecture, which doesn't appear to be coming any > > time soon. > > > > Cheers, > > -- > > Mounir IDRASSI > > IDRIX > > http://www.idrix.fr > > > > On 5/4/2011 6:14 PM, Ashwin Chandra wrote: > > > Okay I read the complete bug report and it looks like there is a > > fix in > > > the latest openssl. However I checked it out and it limits the > > maximum > > > time RAND_poll will take to a second. 1000ms. Is there any other > > way to > > > speed this up? > > > > > > -----Original Message----- > > > From: owner-openssl-us...@openssl.org > > <mailto:owner-openssl-us...@openssl.org> > > > [owner-openssl-us...@openssl.org > > <mailto:owner-openssl-us...@openssl.org>] On Behalf Of Mounir IDRASSI > > > Sent: Wednesday, May 04, 2011 4:47 AM > > > To: openssl-users@openssl.org <mailto:openssl-users@openssl.org> > > > Subject: Re: RSA_private_decrypt across processes > > > > > > Hi, > > > > > > This could be related to the slowness of RAND_poll under Windows > > 7. See > > > : > > > > > http://rt.openssl.org/Ticket/Display.html?id=2100&user=guest&pass=guest > > <http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Frt.openssl.org%2FTicket%2FDisplay.html%3Fid%3D2100%26user%3Dguest%26pass%3Dguest> > > > Your second process is certainly trying to initialize its RNG and > > that's > > > why you see this delay. > > > Do you confirm that you are executing these processes under > > Windows 7? > > > > > > -- > > > Mounir IDRASSI > > > IDRIX > > > http://www.idrix.fr > > > > <http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.idrix.fr> > > > > > > On 5/4/2011 7:02 AM, Ashwin Chandra wrote: > > >> I generate an RSA key using RSA_generate_key in one process. I then > > >> take the RSA structure that is generated and serialize it and > > send it > > >> to another process via an RPC mechanism. In the other process I then > > >> de-serialize the RSA data and use that as input to an > > >> RSA_private_decrypt function to decrypt some data that was > > previously > > >> encrypted with the RSA public key. > > >> > > >> This works fine and I am able to decrypt the data successful, > > HOWEVER, > > >> it takes a long time to do so, like up to 2 seconds. It is almost as > > >> if it is doing another key generation in the background. Note > > that if > > >> I do this RSA_private_decrypt in the same process as the one that > > >> generated the key, it takes around 20-30 ms. > > >> > > >> This leads me to think that maybe there is some static data that the > > >> openssl library uses in RSA_private_decrypt that was cached when I > > >> generated the key and now is not available since it is a new > > process. > > >> > > >> Can anyone enlighten me on this? > > >> > > > ______________________________________________________________________ > > > OpenSSL Project http://www.openssl.org > > > > <http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.openssl.org> > > > User Support Mailing List openssl-users@openssl.org > > <mailto:openssl-users@openssl.org> > > > Automated List Manager majord...@openssl.org > > <mailto:majord...@openssl.org> > > > > > > > > > ______________________________________________________________________ > > > OpenSSL Project http://www.openssl.org > > > > <http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.openssl.org> > > > User Support Mailing List openssl-users@openssl.org > > <mailto:openssl-users@openssl.org> > > > Automated List Manager majord...@openssl.org > > <mailto:majord...@openssl.org> > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > <mailto:openssl-users@openssl.org> > > Automated List Manager majord...@openssl.org > > <mailto:majord...@openssl.org> > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
