[gnutls-dev] Re: Gnutls4Win: gnutls_global_init takes > 10 seconds

Simon Josefsson jas at extundo.com
Fri Nov 3 11:36:07 CET 2006


Tim Kosse <tim.kosse at filezilla-project.org> writes:

> On my system (Windows XP SP2), calling gnutls_global_init takes over 10
> seconds.
>
> While analyzing this problem, I found out that it is caused by
> libgcrypt. It's random number generator is extremely slow under Windows.
>
> While searching for a solution, I found a patch from J. Salvatore Testa
> on the this page: http://www.securitypunk.com/libgcrypt/
>
> The patch enables libgcrypt to use Windows' own Crypto API. Replacing
> the libgcrypt-11.dll from GnuTLS4Win with the one from that page solved
> the problem for me, making gnutls_global_init almost instant.

Hi!  I have added a discussion of this, and the link, to
<http://josefsson.org/gnutls4win/>.

It is weird that it takes a long time only on some systems.  I have
one old Windows 2000 laptop and one Windows XP SP2 desktop, and it
definitely doesn't take 10 seconds.  Max 2 seconds is more likely.
I'm curious, how fast is your machine?

> Would it be possible to apply this patch to the next Gnutls4Win version?
> Without, Gnutls4Win is almost unusable for me.
>
> I'll also contact the libgcrypt developers to get this patch into libgcrypt.

I'm not sure the patch is secure, and I'd rather defer this decision
to the libgcrypt maintainers.  Until we know for certain that the
patch won't be included in libgcrypt, I prefer to not include the
patch in Gnutls4win, and instead wait for an improved libgcrypt.  I
recall that there were discussions on the quality of the patch on the
libgcrypt list.

I'm certainly willing to reconsider if there is more information, I
understand a 10s delay is unacceptable...

/Simon




More information about the Gnutls-devel mailing list