On Wed May 4 2011, Michael S. Zick wrote: > On Wed May 4 2011, Mounir IDRASSI wrote: > > > > Well, this is not quiet adapted to the situation. OpenSSL is a library > > and it doesn't spawn any process. Moreover, the issue is with the > > internal builtin RNG of OpenSSL and a simple user of OpenSSL can not > > change its implementation. > > Apart from a change to OpenSSL internal, the only option is to implement > > an engine that exports its own RNG implementation through a custom > > RAND_METHOD structure. > > > > Since the OP is running win-7, that probably means an Intel processor > that supports SSE2 (P-4 or newer) instructions. > > Depending on the OP requirements for a cryptographically 'hard' RNG - > this may help (as one of the random components): > http://software.intel.com/en-us/articles/fast-random-number-generator-on-the-intel-pentiumr-4-processor/ >
Also check out the linked-to page in the comments of that one: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/SFMT/index.html Mike > Mike > > Cheers, > > -- > > Mounir IDRASSI > > IDRIX > > http://www.idrix.fr > > > > > > On 5/4/2011 7:02 PM, carlyo...@keycomm.co.uk wrote: > > > Start second process as a daemon so it only does the entropy gathering > > > at process start-up? > > > > > > > > > > > > *On Wed 04/05/11 5:35 PM , Mounir IDRASSI mounir.idra...@idrix.net sent: > > > * > > > > > > > > > Indeed, their have been already a modification to OpenSSL in order to > > > limit the observed delay but that doesn't completely solve the > > > problem. > > > This issue is linked to an internal design of OpenSSL which uses heap > > > walking as a mean to gather entropy and unfortunately Windows 7 have > > > made this mechanism more expensive than previous Windows versions. > > > So, > > > this issue won't be solved unless there is a major change to OpenSSL > > > entropy gathering architecture, which doesn't appear to be coming any > > > time soon. > > > > > > Cheers, > > > -- > > > Mounir IDRASSI > > > IDRIX > > > http://www.idrix.fr > > > > > > On 5/4/2011 6:14 PM, Ashwin Chandra wrote: > > > > Okay I read the complete bug report and it looks like there is a > > > fix in > > > > the latest openssl. However I checked it out and it limits the > > > maximum > > > > time RAND_poll will take to a second. 1000ms. Is there any other > > > way to > > > > speed this up? > > > > > > > > -----Original Message----- > > > > From: owner-openssl-us...@openssl.org > > > <mailto:owner-openssl-us...@openssl.org> > > > > [owner-openssl-us...@openssl.org > > > <mailto:owner-openssl-us...@openssl.org>] On Behalf Of Mounir IDRASSI > > > > Sent: Wednesday, May 04, 2011 4:47 AM > > > > To: openssl-users@openssl.org <mailto:openssl-users@openssl.org> > > > > Subject: Re: RSA_private_decrypt across processes > > > > > > > > Hi, > > > > > > > > This could be related to the slowness of RAND_poll under Windows > > > 7. See > > > > : > > > > > > > http://rt.openssl.org/Ticket/Display.html?id=2100&user=guest&pass=guest > > > <http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Frt.openssl.org%2FTicket%2FDisplay.html%3Fid%3D2100%26user%3Dguest%26pass%3Dguest> > > > > Your second process is certainly trying to initialize its RNG and > > > that's > > > > why you see this delay. > > > > Do you confirm that you are executing these processes under > > > Windows 7? > > > > > > > > -- > > > > Mounir IDRASSI > > > > IDRIX > > > > http://www.idrix.fr > > > > > > <http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.idrix.fr> > > > > > > > > On 5/4/2011 7:02 AM, Ashwin Chandra wrote: > > > >> I generate an RSA key using RSA_generate_key in one process. I then > > > >> take the RSA structure that is generated and serialize it and > > > send it > > > >> to another process via an RPC mechanism. In the other process I > > > then > > > >> de-serialize the RSA data and use that as input to an > > > >> RSA_private_decrypt function to decrypt some data that was > > > previously > > > >> encrypted with the RSA public key. > > > >> > > > >> This works fine and I am able to decrypt the data successful, > > > HOWEVER, > > > >> it takes a long time to do so, like up to 2 seconds. It is almost > > > as > > > >> if it is doing another key generation in the background. Note > > > that if > > > >> I do this RSA_private_decrypt in the same process as the one that > > > >> generated the key, it takes around 20-30 ms. > > > >> > > > >> This leads me to think that maybe there is some static data that > > > the > > > >> openssl library uses in RSA_private_decrypt that was cached when I > > > >> generated the key and now is not available since it is a new > > > process. > > > >> > > > >> Can anyone enlighten me on this? > > > >> > > > > > > > ______________________________________________________________________ > > > > OpenSSL Project http://www.openssl.org > > > > > > <http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.openssl.org> > > > > User Support Mailing List openssl-users@openssl.org > > > <mailto:openssl-users@openssl.org> > > > > Automated List Manager majord...@openssl.org > > > <mailto:majord...@openssl.org> > > > > > > > > > > > > > > > ______________________________________________________________________ > > > > OpenSSL Project http://www.openssl.org > > > > > > <http://webmail.keycomm.co.uk/parse.php?redirect=http%3A%2F%2Fwww.openssl.org> > > > > User Support Mailing List openssl-users@openssl.org > > > <mailto:openssl-users@openssl.org> > > > > Automated List Manager majord...@openssl.org > > > <mailto:majord...@openssl.org> > > > > > > ______________________________________________________________________ > > > OpenSSL Project http://www.openssl.org > > > User Support Mailing List openssl-users@openssl.org > > > <mailto:openssl-users@openssl.org> > > > Automated List Manager majord...@openssl.org > > > <mailto:majord...@openssl.org> > > > > > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
