GnuTLS guile self checks takes a lot of time

Simon Josefsson simon at josefsson.org
Sun Oct 17 23:31:26 CEST 2010


ludo at chbouib.org (Ludovic Courtès) writes:

> Hi Simon,
>
> Sorry for not answering earlier.
>
> Simon Josefsson <simon at josefsson.org> writes:
>
>> Simon Josefsson <simon at josefsson.org> writes:
>>
>>> Ludo,
>>>
>>> I just ran 'make distcheck' with GnuTLS and noticed that the guile self
>>> checks are taken a lot of time.  They are stuck reading /dev/*random to
>>> generate DH parameters or RSA parameters.  Search for
>>> 'make-dh-parameters'.  Is there any reason you need a fresh DH/RSA
>>> parameter every time these self tests run?  In the C self tests, it
>>> loads a static DH/RSA parameter hard coded in the binary instead, which
>>> avoids expensive prime generation.
>>
>> I have fixed this:
>>
>> http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=e8decd82ed4be106b5ba9ca250b8b54e1aec522b
>>
>> This is mostly cut'n'paste, so please correct my guile code.
>
> This looks great to me, thanks–and welcome to Guile!  ;-)
>
> ISTR that this was much slower after the switch to Nettle.  Did you
> measure that?

Yes, it seems the DH parameter generating code is much slower with
Nettle compared to libgcrypt.  We are looking into that separately.  It
is stuck in bignum operations (not /dev/*random), so possibly it is just
a question of choosing the right number of Miller-Rabin iterations.

/Simon




More information about the Gnutls-devel mailing list