提交 b4f0abd2 编写于 作者: A Andy Polyakov

evp/e_aes_cbc_hmac_sha*.c: limit multi-block fragmentation to 1KB.

Excessive fragmentation put additional burden (of addtional MAC
calculations) on the other size and limiting fragments it to 1KB
limits the overhead to ~6%.
上级 7e1e3334
...@@ -719,7 +719,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void ...@@ -719,7 +719,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
if (inp_len<4096) return 0; /* too short */ if (inp_len<4096) return 0; /* too short */
if (OPENSSL_ia32cap_P[2]&(1<<5)) n4x=2; /* AVX2 */ if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5))
n4x=2; /* AVX2 */
key->md = key->head; key->md = key->head;
SHA1_Update(&key->md,param->inp,13); SHA1_Update(&key->md,param->inp,13);
......
...@@ -744,9 +744,10 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo ...@@ -744,9 +744,10 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo
if ((param->inp[9]<<8|param->inp[10]) < TLS1_1_VERSION) if ((param->inp[9]<<8|param->inp[10]) < TLS1_1_VERSION)
return -1; return -1;
if (inp_len<2048) return 0; /* too short */ if (inp_len<4096) return 0; /* too short */
if (OPENSSL_ia32cap_P[2]&(1<<5)) n4x=2; /* AVX2 */ if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5))
n4x=2; /* AVX2 */
key->md = key->head; key->md = key->head;
SHA256_Update(&key->md,param->inp,13); SHA256_Update(&key->md,param->inp,13);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册