Bug 1038906 - python import hashlib is slow
python import hashlib is slow
Status: RESOLVED DUPLICATE of bug 1042392
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other
Other openSUSE 13.2
: P5 - None : Normal (vote)
: ---
Assigned To: Vítězslav Čížek
E-mail List
Depends on:
  Show dependency treegraph
Reported: 2017-05-12 15:28 UTC by Bernhard Wiedemann
Modified: 2017-07-03 15:36 UTC (History)
2 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

example reproducer code tarball (10.00 KB, application/x-tar)
2017-05-12 15:56 UTC, Bernhard Wiedemann

Note You need to log in before you can comment on or make changes to this bug.
Description Bernhard Wiedemann 2017-05-12 15:28:34 UTC
Reproducible: Always
Steps To Reproduce:
time python -c 'import hashlib' ; time python -c ''

Actual Results:
real    0m0.062s
user    0m0.052s
sys     0m0.008s

real    0m0.024s
user    0m0.012s
sys     0m0.008s

I had filed
about this, but it turned out that on Debian (openssl-1.0.1t) and Fedora,
import hashlib just adds 3ms

so there is something SUSE specific happening here, slowing it by a factor of 10.

It seems SLE-11 and SLE-12-SP1 are also not affected,
but SLE-12-SP2 is affected, though both have python-2.7.13
but there is a difference in

so it might be related to the openssl-1.0.2 doing slower stuff on init
e.g. in
Comment 1 Bernhard Wiedemann 2017-05-12 15:56:34 UTC
Created attachment 724918 [details]
example reproducer code tarball

actually, even a simple C program (attached) becomes slow
when just linking against libcrypto,
without actually calling any lib function.

and strace -ttt shows the most time being spent again
between the 4th and 5th time /dev/urandom is opened

that is the one getting 256 bytes of randomness while the others get less
Comment 2 Vítězslav Čížek 2017-07-03 15:34:55 UTC
The slowdown is caused by FIPS selftests, which are run by default on our openssl 1.0.2. They are a set of power-up tests which check the library functionality and integrity, run on the library initialization.
These tests could be run if FIPS mode is requested only (which was our openssl 1.0.1 behaviour). There's a pending SLE-12-SP2 submission which does that.
That submission is currently on-hold because of problems in OpenQA. Once the maintenance request is accepted, I'll synchronize the Factory package with it.
Comment 3 Vítězslav Čížek 2017-07-03 15:36:48 UTC
Bug 1042392 is a SLE bug with the same cause.

*** This bug has been marked as a duplicate of bug 1042392 ***