Project

General

Profile

Bug #12139

return OpenSSL::Random.random_bytes(n) call takes to long. OpenSSL:: bug on windows.

Added by Justin (Justin Ward) over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:74105]

Description

I have been a windows dev for a while now. I have never solved this rails startup issue. Running one Rspec test takes rails 22 seconds to load on my PC. When I (temporarily) comment out the line in securerandom.rb and replace it with a hardcoded return the startup time is reduced to 10 seconds.

#return OpenSSL::Random.random_bytes(n)
return "\xD3\x04F\f0\xD6{G\xB9\x81"

I can duplicate this on a windows 7 and windows 10 PC.

I have the lastest version of OpenSSL (1.02) installed.

Tickets like this have been reported before, but they get closed without being solved for unknown reasons. Please share the joy of Ruby with us PC users :).
See this more more info: http://stackoverflow.com/questions/29984838/openssl-causing-very-slow-rails-boot-time-on-windows/35749120#35749120

Associated revisions

Revision 6545327e
Added by naruse (Yui NARUSE) over 3 years ago

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54144 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 54144
Added by naruse (Yui NARUSE) over 3 years ago

Revision 54144
Added by naruse (Yui NARUSE) over 3 years ago

Revision 54144
Added by naruse (Yui NARUSE) over 3 years ago

Revision 54144
Added by naruse (Yui NARUSE) over 3 years ago

Revision cb66eaab
Added by usa (Usaku NAKAMURA) over 3 years ago

merge revision(s) 54144: [Backport #12139]

    * lib/securerandom.rb (gen_random): to avoid blocking on Windows.
      On Windows OpenSSL RAND_bytes (underlying implementation is
      RAND_poll in crypto/rand/rand_win.c) may be blocked at
      NetStatisticsGet.
      https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues
      Instead of this, use Random.raw_seed directory (whose implementation
      CryptGenRandom is one of the source of
      entropy of RAND_poll on Windows).
      https://wiki.openssl.org/index.php/Random_Numbers
      Note: CryptGenRandom function is PRNG and doesn't check its entropy,
      so it won't block. [Bug #12139]
      https://msdn.microsoft.com/ja-jp/library/windows/desktop/aa379942.aspx
      https://tools.ietf.org/html/rfc4086#section-7.1.3
      https://eprint.iacr.org/2007/419.pdf
      http://www.cs.huji.ac.il/~dolev/pubs/thesis/msc-thesis-leo.pdf

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@54693 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 54693
Added by usa (Usaku NAKAMURA) over 3 years ago

merge revision(s) 54144: [Backport #12139]

* lib/securerandom.rb (gen_random): to avoid blocking on Windows.
  On Windows OpenSSL RAND_bytes (underlying implementation is
  RAND_poll in crypto/rand/rand_win.c) may be blocked at
  NetStatisticsGet.
  https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues
  Instead of this, use Random.raw_seed directory (whose implementation
  CryptGenRandom is one of the source of
  entropy of RAND_poll on Windows).
  https://wiki.openssl.org/index.php/Random_Numbers
  Note: CryptGenRandom function is PRNG and doesn't check its entropy,
  so it won't block. [Bug #12139]
  https://msdn.microsoft.com/ja-jp/library/windows/desktop/aa379942.aspx
  https://tools.ietf.org/html/rfc4086#section-7.1.3
  https://eprint.iacr.org/2007/419.pdf
  http://www.cs.huji.ac.il/~dolev/pubs/thesis/msc-thesis-leo.pdf

Revision a8acc95f
Added by nagachika (Tomoyuki Chikanaga) over 3 years ago

merge revision(s) 54144,54699: [Backport #12139]

    * lib/securerandom.rb (gen_random): to avoid blocking on Windows.
      On Windows OpenSSL RAND_bytes (underlying implementation is
      RAND_poll in crypto/rand/rand_win.c) may be blocked at
      NetStatisticsGet.
      https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues
      Instead of this, use Random.raw_seed directory (whose implementation
      CryptGenRandom is one of the source of
      entropy of RAND_poll on Windows).
      https://wiki.openssl.org/index.php/Random_Numbers
      Note: CryptGenRandom function is PRNG and doesn't check its entropy,
      so it won't block. [Bug #12139]
      https://msdn.microsoft.com/ja-jp/library/windows/desktop/aa379942.aspx
      https://tools.ietf.org/html/rfc4086#section-7.1.3
      https://eprint.iacr.org/2007/419.pdf
      http://www.cs.huji.ac.il/~dolev/pubs/thesis/msc-thesis-leo.pdf
      Instead of this, use Random.raw_seed directly (whose implementation

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@54713 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 54713
Added by nagachika (Tomoyuki Chikanaga) over 3 years ago

merge revision(s) 54144,54699: [Backport #12139]

* lib/securerandom.rb (gen_random): to avoid blocking on Windows.
  On Windows OpenSSL RAND_bytes (underlying implementation is
  RAND_poll in crypto/rand/rand_win.c) may be blocked at
  NetStatisticsGet.
  https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues
  Instead of this, use Random.raw_seed directory (whose implementation
  CryptGenRandom is one of the source of
  entropy of RAND_poll on Windows).
  https://wiki.openssl.org/index.php/Random_Numbers
  Note: CryptGenRandom function is PRNG and doesn't check its entropy,
  so it won't block. [Bug #12139]
  https://msdn.microsoft.com/ja-jp/library/windows/desktop/aa379942.aspx
  https://tools.ietf.org/html/rfc4086#section-7.1.3
  https://eprint.iacr.org/2007/419.pdf
  http://www.cs.huji.ac.il/~dolev/pubs/thesis/msc-thesis-leo.pdf
  Instead of this, use Random.raw_seed directly (whose implementation

History

Updated by nobu (Nobuyoshi Nakada) over 3 years ago

  • Status changed from Open to Feedback

Maybe the entropy pool exhausted?
Does moving mouse or typing keyboard wake up OpenSSL?

Updated by nobu (Nobuyoshi Nakada) over 3 years ago

  • Description updated (diff)

Updated by naruse (Yui NARUSE) over 3 years ago

Your issue sounds related with https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues
But Bug 2100 the heap walk issue is closed.

Anyway maybe SecureRandom, RSpec actually calls, should use CryptGenRandom instead of openssl.

Updated by Justin (Justin Ward) over 3 years ago

Nobuyoshi Nakada wrote:

Maybe the entropy pool exhausted?
Does moving mouse or typing keyboard wake up OpenSSL?

In the 22 seconds it takes rails to load i am usually writing code, so OpenSSL does not get woken up by keyboard or mouse activity.

Updated by Justin (Justin Ward) over 3 years ago

Yui NARUSE wrote:

Your issue sounds related with https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues
But Bug 2100 the heap walk issue is closed.

Anyway maybe SecureRandom, RSpec actually calls, should use CryptGenRandom instead of openssl.

CryptGenRandom would be an excellent solution in my opinion :)

Updated by usa (Usaku NAKAMURA) over 3 years ago

Random.raw_seed is an alternative to OpenSSL::Random.random_seed.
This calls CryptGenRandom internally.

BTW, I could not reproduce the problem on my environment (x64-mswin64, Win7, OpenSSL 1.0.2f).
Calling OpenSSL::Random.random_bytes 10,000,000 times takes about 11 seconds, but I think it's not so slow.
Calling Random.raw_seed is a little faster, but only 6.7%.

D:\ruby> ruby -ropenssl -e"t = Time.now; 10_000_000.times{}; p Time.now - t"
0.541031

D:\ruby> ruby -ropenssl -e"t = Time.now; 10_000_000.times{OpenSSL::Random.random_bytes(16)}; p Time.now - t"
11.243643

D:\ruby> ruby -e"t = Time.now; 10_000_000.times{Random.raw_seed(16)}; p Time.now - t"
10.533603

Updated by usa (Usaku NAKAMURA) over 3 years ago

Sorry, I've forgotten to note that Random.raw_seed is Ruby 2.3 feature.

#8

Updated by naruse (Yui NARUSE) over 3 years ago

  • Status changed from Feedback to Closed

Applied in changeset r54144.


Updated by usa (Usaku NAKAMURA) over 3 years ago

  • Backport changed from 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN to 2.1: WONTFIX, 2.2: REQUIRED, 2.3: REQUIRED

Updated by usa (Usaku NAKAMURA) over 3 years ago

  • Backport changed from 2.1: WONTFIX, 2.2: REQUIRED, 2.3: REQUIRED to 2.1: WONTFIX, 2.2: DONE, 2.3: REQUIRED

ruby_2_2 r54693 merged revision(s) 54144.

Updated by nagachika (Tomoyuki Chikanaga) over 3 years ago

  • Backport changed from 2.1: WONTFIX, 2.2: DONE, 2.3: REQUIRED to 2.1: WONTFIX, 2.2: DONE, 2.3: DONE

ruby_2_3 r54713 merged revision(s) 54144,54699.

Also available in: Atom PDF