Last Comment Bug 305693 - shlibsign generates PQG for every run, slows build
: shlibsign generates PQG for every run, slows build
Status: RESOLVED FIXED
: perf
Product: NSS
Classification: Components
Component: Tools (show other bugs)
: 3.10
: All All
: P2 normal (vote)
: 3.12.2
Assigned To: Nelson Bolyard (seldom reads bugmail)
:
:
Mentors:
Depends on: 372162
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-23 17:36 PDT by Nelson Bolyard (seldom reads bugmail)
Modified: 2009-02-04 14:16 PST (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
replace PQGgen with constant PQG params (5.97 KB, patch)
2008-08-20 21:32 PDT, Nelson Bolyard (seldom reads bugmail)
rrelyea: review+
Details | Diff | Splinter Review

Description Nelson Bolyard (seldom reads bugmail) 2005-08-23 17:36:39 PDT
For NSS 3.11, shlibsign will run up to 4 times in a single NSS build, and 
up to 7 times when building both 32-bit and 64-bit for the same platform.

Each time it runs, it generates a large prime number, which often
takes quite a while, slowing the builds.  It was bad enough when we
only did one or two shlibsigns per build, but 7 is taking too long.

Given that these are DSA signatures, the only prime that is needed
is P, part of the PQG parameters.  Surely we don't need to generate
new PQG parmeters for every shlibsign run.  One would think that a 
single set of PQG params would suffice for all future NSS builds.

I can see at least the following two alternatives:

a) Use a file of PQG params in nss/cmd/shlibsign/$OBJDIR.  If the file
doesn't exist, then generate it.  If it does exist, use it.  This allows
us to build at most one set of PQG params per build.

b) like a, but either 
b1) put the file in nss/cmd/shlibsign and check it in, or 
b2) just compile the PQG params into shlibsign itself.
Either way, this obviates prime number finding during builds.

Bob, would you be willing to do this?
Comment 1 Julien Pierre 2006-08-30 19:50:36 PDT
This is not going to make 3.11.x, so I'm retargetting to 3.12 . IMO, machines are fast enough that the build time isn't a problem, even with 4 libraries to sign, and this is a good candidate for a WONTFIX .
Comment 2 Nelson Bolyard (seldom reads bugmail) 2008-08-20 12:12:49 PDT
I propose to change shlibsign to use these precompiled PQG values.
Any objections?

    Prime:
        97:44:1d:cc:0d:39:0d:8d:cb:75:dc:24:25:6f:01:92:
        a1:11:07:6b:70:ac:73:d7:82:28:df:ab:82:0c:41:0c:
        95:b3:3c:3d:ea:8a:e6:44:0a:b8:ab:90:15:41:11:e8:
        48:7b:8d:b0:9c:d3:f2:69:66:ff:66:4b:70:2b:bf:fb:
        d6:68:85:76:1e:34:aa:c5:57:6e:23:02:08:60:6e:fd:
        67:76:e1:7c:c8:cb:51:77:cf:b1:3b:00:2e:fa:21:cd:
        34:76:75:01:19:fe:f8:5d:43:c5:34:f3:7a:95:dc:c2:
        58:07:19:2f:1d:6f:9a:77:7e:55:aa:e7:5a:50:43:d3
    Subprime:
        d8:16:23:34:8a:9e:3a:f5:d9:10:13:35:aa:f3:f3:54:
        0b:31:24:f1
    Base:
        03:3a:ad:fa:3a:0c:ea:0a:4e:43:32:92:bb:87:f1:11:
        c0:ad:39:38:56:1a:db:23:66:b1:08:da:b6:19:51:42:
        93:4f:c3:44:43:a8:05:c1:f8:71:62:6f:3d:e2:ab:6f:
        d7:80:22:6f:ca:0d:f6:9f:45:27:83:ec:86:0c:da:aa:
        d6:e0:d0:84:fd:b1:4f:dc:08:cd:68:3a:77:c2:c5:f1:
        99:0f:15:1b:6a:8c:3d:18:2b:6f:dc:2b:d8:b5:9b:b8:
        2d:57:92:1c:46:27:af:6d:e1:45:cf:0b:3f:fa:07:cc:
        14:8e:e7:b8:aa:d5:d1:36:1d:7e:5e:7d:fa:5b:77:1f

    h:
        41:87:47:79:d8:ba:4e:ac:44:4f:6b:d2:16:5e:04:c6:
        c2:29:93:5e:bd:c7:a9:8f:23:a1:c8:ee:80:64:d5:67:
        3c:ba:59:9a:06:0c:cc:29:56:c0:b2:21:e0:5b:52:cd:
        84:73:57:fd:d8:c3:5b:13:54:d7:4a:06:86:63:09:a5:
        b0:59:e2:32:9e:09:a3:9f:49:62:cc:a6:f9:54:d5:b2:
        c3:08:71:7e:e3:37:50:d6:7b:a7:c2:60:c1:eb:51:32:
        fa:ad:35:25:17:f0:7f:23:e5:a8:01:52:cf:2f:d9:a9:
        f6:00:21:15:f1:f7:70:b7:57:8a:d0:59:6a:82:dc:9c
    SEED:
        cc:4c:69:74:f6:72:24:68:24:4f:d7:50:11:40:81:ed:
        19:3c:8a:25:bc:78:0a:85:82:53:70:20:f6:54:a5:1b:
        f4:15:cd:ff:c4:88:a7:9d:f3:47:1c:0a:be:10:29:83:
        b9:0f:4c:df:90:16:83:a2:b3:e3:2e:c1:c2:24:6a:c4:
        9d:57:ba:cb:0f:18:75:00:33:46:82:ec:d6:94:77:c3:
        4f:4c:58:1c:7f:61:3c:36:d5:2f:a5:66:d8:2f:ce:6e:
        8e:20:48:4a:bb:e3:e0:b2:50:33:63:8a:5b:2d:6a:be:
        4c:28:81:53:5b:e4:f6:fc:64:06:13:51:eb:4a:91:9c
    g:       1024
    counter: 1496
Comment 3 Nelson Bolyard (seldom reads bugmail) 2008-08-20 21:32:00 PDT
Created attachment 334823 [details] [diff] [review]
replace PQGgen with constant PQG params

This seems to do the trick.
Comment 4 Nelson Bolyard (seldom reads bugmail) 2008-08-22 19:46:47 PDT
Julien, please review.
Comment 5 Robert Relyea 2008-08-25 15:09:25 PDT
Comment on attachment 334823 [details] [diff] [review]
replace PQGgen with constant PQG params

r+

can check in as is, though I would like it if shlibsign had an option to generate new PQG on the fly.

But not enough to reject the patch as is to get the performance win of pregenerated.

(I think a reading from a file is overkill -- especially for a tool that hopefully will start generating SHA-2 MACs soon instead:).
Comment 6 Nelson Bolyard (seldom reads bugmail) 2008-09-29 21:33:32 PDT
Checking in shlibsign.c; new revision: 1.17; previous revision: 1.16

Note You need to log in before you can comment on or make changes to this bug.