The default bug view has changed. See this FAQ.

shlibsign generates PQG for every run, slows build

RESOLVED FIXED in 3.12.2

Status

NSS
Tools
P2
normal
RESOLVED FIXED
12 years ago
8 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Nelson Bolyard (seldom reads bugmail))

Tracking

({perf})

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

For NSS 3.11, shlibsign will run up to 4 times in a single NSS build, and 
up to 7 times when building both 32-bit and 64-bit for the same platform.

Each time it runs, it generates a large prime number, which often
takes quite a while, slowing the builds.  It was bad enough when we
only did one or two shlibsigns per build, but 7 is taking too long.

Given that these are DSA signatures, the only prime that is needed
is P, part of the PQG parameters.  Surely we don't need to generate
new PQG parmeters for every shlibsign run.  One would think that a 
single set of PQG params would suffice for all future NSS builds.

I can see at least the following two alternatives:

a) Use a file of PQG params in nss/cmd/shlibsign/$OBJDIR.  If the file
doesn't exist, then generate it.  If it does exist, use it.  This allows
us to build at most one set of PQG params per build.

b) like a, but either 
b1) put the file in nss/cmd/shlibsign and check it in, or 
b2) just compile the PQG params into shlibsign itself.
Either way, this obviates prime number finding during builds.

Bob, would you be willing to do this?
(Assignee)

Updated

12 years ago
Priority: -- → P2
Whiteboard: help wanted
Target Milestone: --- → 3.11
(Assignee)

Updated

11 years ago
QA Contact: jason.m.reid → tools

Comment 1

11 years ago
This is not going to make 3.11.x, so I'm retargetting to 3.12 . IMO, machines are fast enough that the build time isn't a problem, even with 4 libraries to sign, and this is a good candidate for a WONTFIX .
Target Milestone: 3.11 → 3.12

Updated

10 years ago
Depends on: 372162

Updated

10 years ago
Keywords: perf
I propose to change shlibsign to use these precompiled PQG values.
Any objections?

    Prime:
        97:44:1d:cc:0d:39:0d:8d:cb:75:dc:24:25:6f:01:92:
        a1:11:07:6b:70:ac:73:d7:82:28:df:ab:82:0c:41:0c:
        95:b3:3c:3d:ea:8a:e6:44:0a:b8:ab:90:15:41:11:e8:
        48:7b:8d:b0:9c:d3:f2:69:66:ff:66:4b:70:2b:bf:fb:
        d6:68:85:76:1e:34:aa:c5:57:6e:23:02:08:60:6e:fd:
        67:76:e1:7c:c8:cb:51:77:cf:b1:3b:00:2e:fa:21:cd:
        34:76:75:01:19:fe:f8:5d:43:c5:34:f3:7a:95:dc:c2:
        58:07:19:2f:1d:6f:9a:77:7e:55:aa:e7:5a:50:43:d3
    Subprime:
        d8:16:23:34:8a:9e:3a:f5:d9:10:13:35:aa:f3:f3:54:
        0b:31:24:f1
    Base:
        03:3a:ad:fa:3a:0c:ea:0a:4e:43:32:92:bb:87:f1:11:
        c0:ad:39:38:56:1a:db:23:66:b1:08:da:b6:19:51:42:
        93:4f:c3:44:43:a8:05:c1:f8:71:62:6f:3d:e2:ab:6f:
        d7:80:22:6f:ca:0d:f6:9f:45:27:83:ec:86:0c:da:aa:
        d6:e0:d0:84:fd:b1:4f:dc:08:cd:68:3a:77:c2:c5:f1:
        99:0f:15:1b:6a:8c:3d:18:2b:6f:dc:2b:d8:b5:9b:b8:
        2d:57:92:1c:46:27:af:6d:e1:45:cf:0b:3f:fa:07:cc:
        14:8e:e7:b8:aa:d5:d1:36:1d:7e:5e:7d:fa:5b:77:1f

    h:
        41:87:47:79:d8:ba:4e:ac:44:4f:6b:d2:16:5e:04:c6:
        c2:29:93:5e:bd:c7:a9:8f:23:a1:c8:ee:80:64:d5:67:
        3c:ba:59:9a:06:0c:cc:29:56:c0:b2:21:e0:5b:52:cd:
        84:73:57:fd:d8:c3:5b:13:54:d7:4a:06:86:63:09:a5:
        b0:59:e2:32:9e:09:a3:9f:49:62:cc:a6:f9:54:d5:b2:
        c3:08:71:7e:e3:37:50:d6:7b:a7:c2:60:c1:eb:51:32:
        fa:ad:35:25:17:f0:7f:23:e5:a8:01:52:cf:2f:d9:a9:
        f6:00:21:15:f1:f7:70:b7:57:8a:d0:59:6a:82:dc:9c
    SEED:
        cc:4c:69:74:f6:72:24:68:24:4f:d7:50:11:40:81:ed:
        19:3c:8a:25:bc:78:0a:85:82:53:70:20:f6:54:a5:1b:
        f4:15:cd:ff:c4:88:a7:9d:f3:47:1c:0a:be:10:29:83:
        b9:0f:4c:df:90:16:83:a2:b3:e3:2e:c1:c2:24:6a:c4:
        9d:57:ba:cb:0f:18:75:00:33:46:82:ec:d6:94:77:c3:
        4f:4c:58:1c:7f:61:3c:36:d5:2f:a5:66:d8:2f:ce:6e:
        8e:20:48:4a:bb:e3:e0:b2:50:33:63:8a:5b:2d:6a:be:
        4c:28:81:53:5b:e4:f6:fc:64:06:13:51:eb:4a:91:9c
    g:       1024
    counter: 1496
Assignee: wtc → nelson
Target Milestone: 3.12 → 3.12.2
Created attachment 334823 [details] [diff] [review]
replace PQGgen with constant PQG params

This seems to do the trick.
Attachment #334823 - Flags: superreview?(julien.pierre.boogz)
Attachment #334823 - Flags: review?(rrelyea)
Julien, please review.
Whiteboard: help wanted

Comment 5

9 years ago
Comment on attachment 334823 [details] [diff] [review]
replace PQGgen with constant PQG params

r+

can check in as is, though I would like it if shlibsign had an option to generate new PQG on the fly.

But not enough to reject the patch as is to get the performance win of pregenerated.

(I think a reading from a file is overkill -- especially for a tool that hopefully will start generating SHA-2 MACs soon instead:).
Attachment #334823 - Flags: review?(rrelyea) → review+
Checking in shlibsign.c; new revision: 1.17; previous revision: 1.16
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
(Assignee)

Updated

8 years ago
Attachment #334823 - Flags: superreview?(julien.pierre.boogz)
You need to log in before you can comment on or make changes to this bug.