Hi, Not sure whether this query belongs in users or the dev group, so sending to both.
We have a windows client application where we use Open SSL (1.0.1e) for some encryption as well as for SSL support. This application will run on Windows XP and above. There is a key requirement that this application should launch in 2 seconds. We have been able to bring to little over 3 seconds and based on profiling results we have no other hot spot over 300ms except for RAND_poll in Open SSL which takes about 1 second. I have gone through the history of how this function is used for generating the seed value of sufficient entropy by taking bytes of data from various sources like heap lists, thread, process and others. I have also gone though the history of performance issues due to heap walking under windows and how they are addressed by putting a timeout on the loops for each of the loops collecting the bytes in this function. The MAXDELAY macro which defines this timeout is currently set to 1 second. I tried changing this value to 200ms and everything still works fine. I have also run the Open SSL unit tests to verify functionality. The hot spot has reduced to 175~180ms after this. The key question for us is whether this is an acceptable change for our usage. What is the impact on security or functionality that we are not aware of? If I got it right, its the heap walking loop that takes the max time, but there are other sources where its collecting the data for the seed. Is it a safe change for us to do for our custom build of Open SSL. If its not recommended, are there any other solutions that we can use in its place to reduce this hot spot? Do note that our application is actively supported for Win XP and above only.
