Thanks for your reply. I did a test with openssl 1.0.2.d and FIPS 2.0, CPU only went up to 7% in my host, this is the same as openssl.exe.
Thanks Lily -----Original Message----- From: Stephen Henson via RT [mailto:[email protected]] Sent: Wednesday, October 14, 2015 2:04 AM To: Zhang, Lily (USD) Cc: [email protected] Subject: [openssl.org #4088] RE: [Bug] Openssl caused CPU high to 100% On Mon Oct 12 01:33:17 2015, [email protected] wrote: > > I debugged our client, when calling API below, I saw the client > prococess's CPU went to 25% in my host(my host has 8 GB RAM which is > more powerful). > > We reproduce this issue in different host, CPU can rise to 25%, 66%, > 100% (different hosts have different RAMs, processors). > > FIPS_mode_set(1); > > Please let me know what info are needed for this issue. > This is caused by the POST in the FIPS module which runs some tests which are resource hungry. That can't be changed because the code is part of the validated module code. The 1.2 FIPS module used with OpenSSL 0.9.8 is obsolete anyway and OpenSSL 0.9.8 itself is soon to be EOLed. The 2.0 FIPS module used in OpenSSL 1.0.1 and later has had the POST optimised so it is not as computationally intensive. If possible use that instead. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
