Indeed, their have been already a modification to OpenSSL in order to
limit the observed delay but that doesn't completely solve the problem.
This issue is linked to an internal design of OpenSSL which uses heap
walking as a mean to gather entropy and unfortunately Windows 7 have
made this mechanism more expensive than previous Windows versions. So,
this issue won't be solved unless there is a major change to OpenSSL
entropy gathering architecture, which doesn't appear to be coming any
time soon.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 5/4/2011 6:14 PM, Ashwin Chandra wrote:
Okay I read the complete bug report and it looks like there is a fix in
the latest openssl. However I checked it out and it limits the maximum
time RAND_poll will take to a second. 1000ms. Is there any other way to
speed this up?
-----Original Message-----
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Mounir IDRASSI
Sent: Wednesday, May 04, 2011 4:47 AM
To: openssl-users@openssl.org
Subject: Re: RSA_private_decrypt across processes
Hi,
This could be related to the slowness of RAND_poll under Windows 7. See
:
http://rt.openssl.org/Ticket/Display.html?id=2100&user=guest&pass=guest
Your second process is certainly trying to initialize its RNG and that's
why you see this delay.
Do you confirm that you are executing these processes under Windows 7?
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 5/4/2011 7:02 AM, Ashwin Chandra wrote:
I generate an RSA key using RSA_generate_key in one process. I then
take the RSA structure that is generated and serialize it and send it
to another process via an RPC mechanism. In the other process I then
de-serialize the RSA data and use that as input to an
RSA_private_decrypt function to decrypt some data that was previously
encrypted with the RSA public key.
This works fine and I am able to decrypt the data successful, HOWEVER,
it takes a long time to do so, like up to 2 seconds. It is almost as
if it is doing another key generation in the background. Note that if
I do this RSA_private_decrypt in the same process as the one that
generated the key, it takes around 20-30 ms.
This leads me to think that maybe there is some static data that the
openssl library uses in RSA_private_decrypt that was cached when I
generated the key and now is not available since it is a new process.
Can anyone enlighten me on this?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
