Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
crypto/tls: tls.X509KeyPair is slow #6626
I was investigating why some code was taking a noticeable (260ms) time to run, and found that it was because it was calling tls.X509KeyPair a few times. The time taken by tls.X509KeyPair is dominated by the time taken by rsa.PrivateKey.Validate, which is itself dominated by the probabilistic prime test, which takes ~30ms. Since the test is not that great (cf. the comment in the function), perhaps we could lose it. The time taken by the code in my test case dropped to 50ms with that test removed, with X509KeyPair no longer being the dominant factor. go version go1.2rc2 linux/amd64
Not going to touch anything for Go 1.2. That said, what if you change rsa.PrivateKey.Validate's ProbablyPrime(20) to ProbablyPrime(1)? There was a mistake transcribing Knuth's pseudocode in creating Plan 9's probably_prime function, so that even when asked to do 20 rounds it did just 1 round, so I looked into the importance of the extra rounds a while back. My summary is at http://9fans.net/archive/2010/03/250. For real RSA keys, I believe one round suffices. A followup message suggested that it might be worth varying the number of rounds based on the length of the prime. http://9fans.net/archive/2010/03/252
Labels changed: added priority-later, go1.3maybe, removed priority-triage.
Status changed to Accepted.
I would like to see this issue added to the 1.5 milestone. RSA private key validation is prohibitively slow, to the point where it is dominating the startup time for a server that loads just a few keypairs.
I have submitted a CL for benchmarks that cover tls.X509KeyPair. Here is a sample run on my machine: