提交 e8b0dd57 编写于 作者: A Andy Polyakov

ssl/t1_enc.c: optimize PRF (suggested by Intel).

上级 2f3af3dc
...@@ -160,7 +160,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, ...@@ -160,7 +160,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
{ {
int chunk; int chunk;
size_t j; size_t j;
EVP_MD_CTX ctx, ctx_tmp; EVP_MD_CTX ctx, ctx_tmp, ctx_init;
EVP_PKEY *mac_key; EVP_PKEY *mac_key;
unsigned char A1[EVP_MAX_MD_SIZE]; unsigned char A1[EVP_MAX_MD_SIZE];
size_t A1_len; size_t A1_len;
...@@ -171,14 +171,14 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, ...@@ -171,14 +171,14 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx);
EVP_MD_CTX_init(&ctx_tmp); EVP_MD_CTX_init(&ctx_tmp);
EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_init(&ctx_init);
EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
if (!mac_key) if (!mac_key)
goto err; goto err;
if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key)) if (!EVP_DigestSignInit(&ctx_init,NULL,md, NULL, mac_key))
goto err; goto err;
if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key)) if (!EVP_MD_CTX_copy_ex(&ctx,&ctx_init))
goto err; goto err;
if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len)) if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
goto err; goto err;
...@@ -196,13 +196,11 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, ...@@ -196,13 +196,11 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
for (;;) for (;;)
{ {
/* Reinit mac contexts */ /* Reinit mac contexts */
if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key)) if (!EVP_MD_CTX_copy_ex(&ctx,&ctx_init))
goto err;
if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key))
goto err; goto err;
if (!EVP_DigestSignUpdate(&ctx,A1,A1_len)) if (!EVP_DigestSignUpdate(&ctx,A1,A1_len))
goto err; goto err;
if (!EVP_DigestSignUpdate(&ctx_tmp,A1,A1_len)) if (olen>chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp,&ctx))
goto err; goto err;
if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len)) if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
goto err; goto err;
...@@ -238,6 +236,7 @@ err: ...@@ -238,6 +236,7 @@ err:
EVP_PKEY_free(mac_key); EVP_PKEY_free(mac_key);
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_cleanup(&ctx);
EVP_MD_CTX_cleanup(&ctx_tmp); EVP_MD_CTX_cleanup(&ctx_tmp);
EVP_MD_CTX_cleanup(&ctx_init);
OPENSSL_cleanse(A1,sizeof(A1)); OPENSSL_cleanse(A1,sizeof(A1));
return ret; return ret;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册