[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS guile self checks takes a lot of time
|
From: |
Simon Josefsson |
|
Subject: |
Re: GnuTLS guile self checks takes a lot of time |
|
Date: |
Sun, 17 Oct 2010 23:31:26 +0200 |
|
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.2 (gnu/linux) |
address@hidden (Ludovic Courtès) writes:
> Hi Simon,
>
> Sorry for not answering earlier.
>
> Simon Josefsson <address@hidden> writes:
>
>> Simon Josefsson <address@hidden> writes:
>>
>>> Ludo,
>>>
>>> I just ran 'make distcheck' with GnuTLS and noticed that the guile self
>>> checks are taken a lot of time. They are stuck reading /dev/*random to
>>> generate DH parameters or RSA parameters. Search for
>>> 'make-dh-parameters'. Is there any reason you need a fresh DH/RSA
>>> parameter every time these self tests run? In the C self tests, it
>>> loads a static DH/RSA parameter hard coded in the binary instead, which
>>> avoids expensive prime generation.
>>
>> I have fixed this:
>>
>> http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=e8decd82ed4be106b5ba9ca250b8b54e1aec522b
>>
>> This is mostly cut'n'paste, so please correct my guile code.
>
> This looks great to me, thanks–and welcome to Guile! ;-)
>
> ISTR that this was much slower after the switch to Nettle. Did you
> measure that?
Yes, it seems the DH parameter generating code is much slower with
Nettle compared to libgcrypt. We are looking into that separately. It
is stuck in bignum operations (not /dev/*random), so possibly it is just
a question of choosing the right number of Miller-Rabin iterations.
/Simon