Stephen Sprunk wrote: > > Thus spake Dr S N Henson: > > > > Maybe. It would be good to the the CFB and OFB modes working properly in > > general for other numbers of bits. > > The code for this is trivial; define me an API and I'll write the code > underneath. >
Well I was thinking of something almost identical to the variable key length code. Have a call EVP_CIPHER_CTX_set_feedback_bits() or whatever to allow it to be set to a non default value. > > I thought about moving the whole cipher mode handling to the EVP layer > > and trimming down the individual block ciphers to just encrypt/decrypt a > > single block at one point. However tests suggested that this would have > > a considerably impact on performance so we're probably stuck with the > > duplicate mode code for now. > > I'd like to see exactly where the performace problem was; I can't > imagien it'd be statistically significant. > Well you can get some idea of the overhead using 'openssl speed' and comparing the times for the low level routines and the EVP wrappers. You'd expect some kind of slowdown with fast ciphers like RC4 but the slowdown for things like DES is also significant. > > > I wonder if we could do better by moving some of the mode handling to > > the assembly language routines and take advantage of some special cases > > to avoid function call overhead. > > I tried this for AES and got ~10% speed increase for CBC in about 5 > minutes using some generic assembly. Another 17% by throwing some MMX > stuff in over my lunch hour. And I haven't even touched the C > algorithm itself :) > > Again, it's not worth doing this for each algorithm/mode, but if we > had either a mode API or at least macro sets, it would be. > Maybe could be done by adding some perl functions in the perl assembly language generator? Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
