I know this has been brought up a few times on this list - but since I consider it a severe problem and I haven't found an acceptable solution anywhere, I bring it up again.
Random number generation in "crypto/rand/rand_win.c" can be extremely slow! In our application (connecting to a SSL web service), it takes up to 30 (THIRTY) seconds to initialize the random number. (On a 2.4 GHz Pentium 4) The reason is the "heap walking" algorithm (the "Heap32Next" procedure in the "Toolhelp32 snapshot" section). What makes the problem harder is that it only occurs if the calling process' heap is large, i.e. you don't notice the problem with a small test program. I know little about SSL and very little about random number generation, so I can't provide a patch. I just lowered the number of heap entries to 2, i.e. changed int entrycnt = 80; in the RAND_poll() procedure in rand_win.c to int entrycnt = 2; which made it fast enough for me - but if it's secure enough in the general case, I can't say. I know the problem only affects the windows implementation, so maybe this problem persists in order to prove that windows is slow :-) If that isn't the case, couldn't some reliable intelligent person do one of the following: - provide info how to avoid this problem without hacking the source - check or add code to check if a lower "entrycnt" would be acceptable in the general case - check or add code to check if the heap walking is necessary at all - make the "entrycnt" configurable and add it to the "INSTALL.W32" file - add this problem to the PROBLEMS file Thanks Frank Ammeter ------------------------------------------- Versendet mit dem IPSHOST.CH E-Mail Service WEBHOSTING:500MB Speicherplatz f�r Fr.24.95 http://www.ipshost.ch ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
