mirror of
https://github.com/openssl/openssl.git
synced 2024-12-04 15:34:41 +08:00
evp/e_aes_cbc_hmac_sha*.c: limit multi-block fragmentation to 1KB.
Excessive fragmentation put additional burden (of addtional MAC calculations) on the other size and limiting fragments it to 1KB limits the overhead to ~6%.
This commit is contained in:
parent
7e1e3334f6
commit
b4f0abd246
@ -719,7 +719,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void
|
||||
|
||||
if (inp_len<4096) return 0; /* too short */
|
||||
|
||||
if (OPENSSL_ia32cap_P[2]&(1<<5)) n4x=2; /* AVX2 */
|
||||
if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5))
|
||||
n4x=2; /* AVX2 */
|
||||
|
||||
key->md = key->head;
|
||||
SHA1_Update(&key->md,param->inp,13);
|
||||
|
@ -744,9 +744,10 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, vo
|
||||
if ((param->inp[9]<<8|param->inp[10]) < TLS1_1_VERSION)
|
||||
return -1;
|
||||
|
||||
if (inp_len<2048) return 0; /* too short */
|
||||
if (inp_len<4096) return 0; /* too short */
|
||||
|
||||
if (OPENSSL_ia32cap_P[2]&(1<<5)) n4x=2; /* AVX2 */
|
||||
if (inp_len>=8192 && OPENSSL_ia32cap_P[2]&(1<<5))
|
||||
n4x=2; /* AVX2 */
|
||||
|
||||
key->md = key->head;
|
||||
SHA256_Update(&key->md,param->inp,13);
|
||||
|
Loading…
Reference in New Issue
Block a user