> [openssl-dev@openssl.org - Tue Dec 11 00:48:42 2012]: > > > In my case, handshake rate drops down to 5-6% on the same hardware > in 1.0.1c > in comparison to 1.0.0i. > I was wrong. Handshake performance degradation is about 10%. > > First guilty function is EVP_DigestSignFinal what is perform copying > of > supplied context. >
That's documented behaviour but there's no reason why a flag couldn't be added which stops the copying if it isn't needed. > > Eliminating EVP_DigestSignFinal overhead in tls1_P_hash() by replasing > it > with calls, what do not perform context copying is trivial. > But how can we properly perfrom MAC true re-initialization instead of > creation from very beggining? > Looking the way HMAC is translated into EVP_DigestSign* could be made more efficient so it supports a proper HMAC context reset instead of reinitialising with the same key all the time. I also notice that even the original HMAC version initialises two HMAC contexts with the same key. That could be improved by initialising one and copying the context across. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org