" gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); "
works on Linux. I gave it after the gnutls_global_init(). But then I am not sure
whether it would work if it is given before the init function call. The
gcry_control () should also be listed in the Linux PDF manual. I had trouble
finding this API. After using this function, definitely there wont be any delay
during random number generation and it works awesome!
Mahesh
"Evan Martin" <address@hidden> writes:
>
Hello,
> I've been [reluctantly] porting some software from Linux to
Windows
> and I was happy to discover that GnuTLS had a nice Windows
installer.
> After getting things mostly working, I started looking into
why
> startup was so slow and discovered that gnutls_global_init()
takes
> maybe five seconds to run on this machine. (Laptop, "Core
Duo T2400 @
> 1.83GHz" says the System control panel.)
Hi!
Thanks for feedback, the culprit here is actually libgcrypt.
> I've
read over the old threads on this phenomenon, so I appreciate
> that the
problem is at least known. My questions are:
>
> - Is this
something that's likely to be ever fixed? If so, can I help
out?
The problem is that libgcrypt is slow to gather entropy under
Windows,
and that should very much be fixable if someone sits down and work
on
it. The reason this has probably taken so long is that it is easy
to
make the code faster, but difficult to maintain security. So I
think
the patches that have been proposed so far simply do not lead to
the
same amount of entropy being available. That's bad, and such
patches
are not likely to be accepted by the libgcrypt folks.
> -
Otherwise, what's the best way to temporarily work around this?
> (http://josefsson.org/gnutls4win/
links to
> http://www.securitypunk.com/libgcrypt/
but that site appears to be
> down.)
Maybe some web archive site
still carry their patch and pre-built DLL...
however, I think it is unclear
whether their patch leads to the same
amount of good entropy, that's why it
hasn't been approved.
> I suppose I can deal with a very slow startup
on Windows with the
> final release, but while I'm debugging it's killing
me to have to wait
> each time I run...
I think you can tell
libgcrypt to not bother gathering entropy,
by:
gcry_control
(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
There is some ordering issue here, and
I don't recall whether you need
to call that before or after you initialize
libgcrypt (via
gnutls_global_init).
Does this work? If so, I'll
add it to the GnuTLS4Win page, it may help
others in your
situation.
/Simon
_______________________________________________
Help-gnutls
mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/help-gnutls