Commit b4f0abd2 authored by Andy Polyakov's avatar Andy Polyakov
Browse files

evp/e_aes_cbc_hmac_sha*.c: limit multi-block fragmentation to 1KB. 

Excessive fragmentation put additional burden (of addtional MAC
calculations) on the other size and limiting fragments it to 1KB
limits the overhead to ~6%.
parent 7e1e3334

crypto/evp/e_aes_cbc_hmac_sha1.c

+2 −1
Original line number Diff line number Diff line
@@ -719,7 +719,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void 


			if (inp_len<4096) return 0;	/* too short */



			if (OPENSSL_ia32cap_P[2]&(1<<5)) n4x=2;	/* AVX2 */

			if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5))

				n4x=2;	/* AVX2 */



			key->md = key->head;

			SHA1_Update(&key->md,param->inp,13);

crypto/evp/e_aes_cbc_hmac_sha256.c

+3 −2
Original line number Diff line number Diff line
@@ -744,9 +744,10 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo 
			if ((param->inp[9]<<8|param->inp[10]) < TLS1_1_VERSION)

				return -1;



			if (inp_len<2048) return 0;	/* too short */

			if (inp_len<4096) return 0;	/* too short */



			if (OPENSSL_ia32cap_P[2]&(1<<5)) n4x=2;	/* AVX2 */

			if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5))

				n4x=2;	/* AVX2 */



			key->md = key->head;

			SHA256_Update(&key->md,param->inp,13);