[Help-gnutls] Re: windows startup still slow -- what to do?

Mahesh M. Nayak mahesh.nayak at mgl.com
Tue Sep 18 15:30:36 CEST 2007


 " gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); "  works on Linux. I gave it after the gnutls_global_init(). But then I am not sure whether it would work if it is given before the init function call. The gcry_control () should also be listed in the Linux PDF manual. I had trouble finding this API. After using this function, definitely there wont be any delay during random number generation and it works awesome!
 
Mahesh

________________________________

From: help-gnutls-bounces+mahesh.nayak=mgl.com at gnu.org on behalf of Simon Josefsson
Sent: Tue 9/18/2007 1:42 PM
To: Evan Martin
Cc: help-gnutls at gnu.org
Subject: [Help-gnutls] Re: windows startup still slow -- what to do?



"Evan Martin" <martine at danga.com> writes:

> Hello,
> I've been [reluctantly] porting some software from Linux to Windows
> and I was happy to discover that GnuTLS had a nice Windows installer.
> After getting things mostly working, I started looking into why
> startup was so slow and discovered that gnutls_global_init() takes
> maybe five seconds to run on this machine.  (Laptop, "Core Duo T2400 @
> 1.83GHz" says the System control panel.)

Hi!  Thanks for feedback, the culprit here is actually libgcrypt.

> I've read over the old threads on this phenomenon, so I appreciate
> that the problem is at least known.  My questions are:
>
> - Is this something that's likely to be ever fixed?  If so, can I help out?

The problem is that libgcrypt is slow to gather entropy under Windows,
and that should very much be fixable if someone sits down and work on
it.  The reason this has probably taken so long is that it is easy to
make the code faster, but difficult to maintain security.  So I think
the patches that have been proposed so far simply do not lead to the
same amount of entropy being available.  That's bad, and such patches
are not likely to be accepted by the libgcrypt folks.

> - Otherwise, what's the best way to temporarily work around this?
> (http://josefsson.org/gnutls4win/ links to
> http://www.securitypunk.com/libgcrypt/ but that site appears to be
> down.)

Maybe some web archive site still carry their patch and pre-built DLL...
however, I think it is unclear whether their patch leads to the same
amount of good entropy, that's why it hasn't been approved.

> I suppose I can deal with a very slow startup on Windows with the
> final release, but while I'm debugging it's killing me to have to wait
> each time I run...

I think you can tell libgcrypt to not bother gathering entropy, by:

      gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);

There is some ordering issue here, and I don't recall whether you need
to call that before or after you initialize libgcrypt (via
gnutls_global_init).

Does this work?  If so, I'll add it to the GnuTLS4Win page, it may help
others in your situation.

/Simon


_______________________________________________
Help-gnutls mailing list
Help-gnutls at gnu.org
http://lists.gnu.org/mailman/listinfo/help-gnutls


-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20070918/e656306a/attachment.htm>


More information about the Gnutls-help mailing list