[gnutls-dev] [PATCH] Fix slow startup under Windows

Werner Koch wk at gnupg.org
Thu Feb 1 09:27:08 CET 2007


On Thu,  1 Feb 2007 09:05, simon at josefsson.org said:

> Thanks.  Ultimately, the patch will have to be reviewed and installed
> by the libgcrypt people, but I took a quick look.  I may end up
> installing a patch for gnutls4win before it has been applied to
> libgcrypt, but only if I think it looks good.  I'd wish that you could
> get Werner to look at and approve your patch, though.

The problem with this patch is that it uses the W32 crypto API.  We
have never made efforts to use and thus I would need to have a look at
it.  What we should do is to compare rndw32.c with the latest version
of Peter Gutmann's cryptlib.  rndw32.c is heavily based upon it.

>> +  /* These random bytes might be used as key material, so we want to clear
>> +   * them now. */
>> +  memset(rand_bytes, 0, sizeof(rand_bytes));

That is pointless.

We are using the same code for many years in GnuPG for Windows and we
never got any complaints about a slow startup.  In fact the Windows
entropy ghatherer is much faster than the Unix one and that actually
scares me a little bit.

I guess it is more a problem on how you use libgcrypt.  For example,
if you are not running a long living process, you should save the
current state of libgcrypt's random pool so that at the next startup
it does not need to refill completey with fresh entropy.



Salam-Shalom,

   Werner





More information about the Gnutls-dev mailing list