Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 17 Mar 2012 07:38:52 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: SSH thread-safety

On Sat, Mar 17, 2012 at 5:35 AM, Solar Designer <solar@...nwall.com> wrote:
> On Fri, Mar 16, 2012 at 09:33:40PM +0530, Dhiru Kholia wrote:
>> I have implemented the callbacks required and segfaults are gone. Can
>> you give the new code a shot? Thanks!
>
> I am testing the new code now (in magnum-jumbo).  No segfaults yet, but
> the first thing I noticed is that this does not scale beyond the speed
> of two threads anymore. :-(

Heh, the Cure Is Worse Than the Disease it seems!. On my system
multi-core performance is worse than single-core performance. What
were the OpenSSL guys smoking when they implemented such functionality
(or am I using the callbacks wrongly?). My guess is that in real-life
situations the error path code is invoked rarely (from PEM_do_header)
whereas in our use case we are hitting it almost in every call (due to
wrong password).

I have an (untested idea). Why not copy PEM_do_header function from
OpenSSL and remove all thread-unsafe error handling which we don't use
anyway?

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ