[gnutls-dev] Re: Gnutls4Win: gnutls_global_init takes > 10 seconds

Tim Kosse tim.kosse at filezilla-project.org
Mon Nov 6 16:06:31 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Simon Josefsson wrote:
> Werner Koch <wk at gnupg.org> writes:
> 
>> On Fri,  3 Nov 2006 22:33, Simon Josefsson said:
>>
>>> Which file and SVN version?  Last time I tried libgcrypt 1.3.0/svn it
>>> didn't build for mingw at all, so I'm staying with 1.2.2 for now.
>> 2006-09-11  Werner Koch  <wk at g10code.com>
>>
>> 	* rndw32.c (slow_gatherer_windowsNT): While adding data use the
>> 	size of the diskPerformance and not its address. Has been fixed in
>> 	GnuPG more than a year ago.  Noted by Lee Fisher.
>>
>> At the same day fixed in trunk and 1.2.  No releases yet.

> Tim, are you able to test whether this solves your problem or not?

As I wrote earlier, gathering the disk IO performance stats did not
cause any noticeable delay.

Werner Koch wrote:
> You mind what to track Peter Gutmann's changes to cryptlib to
> check what he changed over time.  We might be able to merges some
> chnages.  Hoever this needs to be done with great care.

I had a brief look. What I noticed:
- - Cryptlib uses CryptGenRandom from the CryptoAPI
- - The heap walking is limited in size, the entire heap is no longer
walked. In cryptolib, at most 20 heaps are walked, and for each heap
only the 20 first entries. Compared to libgcrypt, which walks everything
(about 30k heap blocks in my case, still rising as my program gets more
complex)
- - Cryptolib makes use of Intel's hardware RNG found on some motherboards.

A safe optimization, which is neither used by libgcrypt nor cryptolib,
which does not have any drawbacks as far as I can see, is to increase
the PERFORMANCE_BUFFER_SIZE and PERFORMANCE_BUFFER_STEP constants.
Setting PERFORMANCE_BUFFER_SIZE to at least 150k yields a 2 second
improvement on my system.
Tim

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFT0938N9+lcqiUkURAghiAKDCuBmErkbpqejd5Gce5FUJtPDhBwCfV9qo
OnuhDOZwXUS75hod6Xw4WIY=
=wUke
-----END PGP SIGNATURE-----



More information about the Gnutls-dev mailing list