[Help-gnutls] Re: gnutls_handshake() is slow and is a big lock

Simon Josefsson jas at extundo.com
Sat Jul 29 13:50:06 CEST 2006

Eric Leblond <regit at inl.fr> writes:

> Hi,
> After a long benchmark week, we found some slowness in our program
> (NuFW : http://www;nufw.org).

Hi!  Cool.  I don't think we have really spent much time on optimizing
GnuTLS, so your efforts are great.

> The main point is that gnutls_handshake() is "slow". Slow means :
>       * ~200ms on an AMD 2GHz
>       * ~500 ms on an IBM PowerPC with 4 CPU bicore !?
> The weirdest thing is that it takes only about 30ms on a laptop (Intel
> Celeron 1.6Ghz)

Maybe some thread or locking issue.

> For that test, we use the same clients and only switch the server
> target, thus time comes from the server.
> We dig into gnutls code, and we found *the* function which takes so much
> time. At the server site, the function is:
>    _gnutls_pkcs1_rsa_decrypt() -- lib/auth_rsa.c

Can you tell whether the majority of that time is spent in
gcry_pk_decrypt or somewhere else?

I have been working on an abstract crypto layer between GnuTLS and
gcrypt, to simplify adding specialized routines for a particular
algorithm, or even hardware accelerators.  Hashing and symmetric
operations have already been finished, but unfortunately I ran out of
spare time for the MPI/PK part.

> Another *BAD* point is that the handshake doesn't look to be possible on
> multiple threads whereas server code uses a lot of thread.

I'm not sure I follow here.  Why doesn't this work?  You shouldn't use
the same gnutls_session from several threads at the same time, but
presumably, you have one thread for each gnutls_session don't you?  I
haven't tried it, but I think it should work.

> So, any idea to explain why _gnutls_pkcs1_rsa_decrypt() is so slow on my
> computer and really faster on another one?

Hm.  Libgcrypt seem to need strong randomness for blinding purposes,
maybe this is what stalls everything?

Try disabling blinding in libgcrypt and try again.  I.e., insert
'flags |= PUBKEY_FLAG_NO_BLINDING;' into cipher/rsa.c at the top of

> And do you think that gnutls_handshake() can be used in two
> different threads at the same time?

If you use different gnutls_session objects in each thread, I think
this should work.  But I haven't tested it.  Maybe you need extra
copies of other structures too, used by the gnutls_session.

Hope this helps,

More information about the Gnutls-help mailing list