WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit b4f0abd2 authored Oct 12, 2013 by Andy Polyakov

evp/e_aes_cbc_hmac_sha*.c: limit multi-block fragmentation to 1KB.

Excessive fragmentation put additional burden (of addtional MAC
calculations) on the other size and limiting fragments it to 1KB
limits the overhead to ~6%.

parent 7e1e3334

crypto/evp/e_aes_cbc_hmac_sha1.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -719,7 +719,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void

		if (inp_len<4096) return 0; /* too short */

		if (OPENSSL_ia32cap_P[2]&(1<<5)) n4x=2; /* AVX2 */
		if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5))
		n4x=2; /* AVX2 */

		key->md = key->head;
		SHA1_Update(&key->md,param->inp,13);

crypto/evp/e_aes_cbc_hmac_sha256.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -744,9 +744,10 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo
		if ((param->inp[9]<<8\|param->inp[10]) < TLS1_1_VERSION)
		return -1;

		if (inp_len<2048) return 0; /* too short */
		if (inp_len<4096) return 0; /* too short */

		if (OPENSSL_ia32cap_P[2]&(1<<5)) n4x=2; /* AVX2 */
		if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5))
		n4x=2; /* AVX2 */

		key->md = key->head;
		SHA256_Update(&key->md,param->inp,13);