Le samedi 29 juillet 2006 à 13:50 +0200, Simon Josefsson a écrit : > Eric Leblond <[EMAIL PROTECTED]> writes: > > > Hi, > > > > After a long benchmark week, we found some slowness in our program > > (NuFW : http://www;nufw.org). > > Hi! Cool. I don't think we have really spent much time on optimizing > GnuTLS, so your efforts are great. > > > The main point is that gnutls_handshake() is "slow". Slow means : > > * ~200ms on an AMD 2GHz > > * ~500 ms on an IBM PowerPC with 4 CPU bicore !? > > The weirdest thing is that it takes only about 30ms on a laptop (Intel > > Celeron 1.6Ghz) > > Maybe some thread or locking issue. > > > For that test, we use the same clients and only switch the server > > target, thus time comes from the server. > > > > We dig into gnutls code, and we found *the* function which takes so much > > time. At the server site, the function is: > > _gnutls_pkcs1_rsa_decrypt() -- lib/auth_rsa.c > > Can you tell whether the majority of that time is spent in > gcry_pk_decrypt or somewhere else? > > I have been working on an abstract crypto layer between GnuTLS and > gcrypt, to simplify adding specialized routines for a particular > algorithm, or even hardware accelerators. Hashing and symmetric > operations have already been finished, but unfortunately I ran out of > spare time for the MPI/PK part. > > > Another *BAD* point is that the handshake doesn't look to be possible on > > multiple threads whereas server code uses a lot of thread. > > I'm not sure I follow here. Why doesn't this work? You shouldn't use > the same gnutls_session from several threads at the same time, but > presumably, you have one thread for each gnutls_session don't you?
Yes this is it, one thread per gnutls_handshake. > I > haven't tried it, but I think it should work. No sadly, it seems there's a lot in gcrypt and all gets serialized. > > > So, any idea to explain why _gnutls_pkcs1_rsa_decrypt() is so slow on my > > computer and really faster on another one? > > Hm. Libgcrypt seem to need strong randomness for blinding purposes, > maybe this is what stalls everything? > > Try disabling blinding in libgcrypt and try again. I.e., insert > 'flags |= PUBKEY_FLAG_NO_BLINDING;' into cipher/rsa.c at the top of > _gcry_rsa_decrypt(). Ok, I'm giving a try to this. > > > And do you think that gnutls_handshake() can be used in two > > different threads at the same time? > > If you use different gnutls_session objects in each thread, I think > this should work. But I haven't tested it. Maybe you need extra > copies of other structures too, used by the gnutls_session. > > Hope this helps, > Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
