The patches were large and added new features and API's which isn't appropriate
for bugfix releases.
In the master branch, branch the PRF functionality has been redirected to
libcrypto so it's possible it can be optimised by using a more efficient
implementation in crypto/kdf or in an engine.
On 11 December 2012 04:00, Stephen Henson via RT r...@openssl.org wrote:
I also notice that even the original HMAC version initialises two HMAC
contexts with the same key. That could be improved by initialising one
and copying the context across.
This kind of optimization can be also
Please find attached two patches, together implementing proper HMAC context
re-initialization instead of full re-creation.
In comparison to openssl-1.0.1c it gives ~10% handshake performance
improvements when some engine-specific MAC are used.
In order to apply patches use command
patch -p1 -i
In my case, handshake rate drops down to 5-6% on the same hardware in 1.0.1c
in comparison to 1.0.0i.
I was wrong. Handshake performance degradation is about 10%.
First guilty function is EVP_DigestSignFinal what is perform copying of
supplied context.
When I replaces in tls1_P_hash()
[openssl-dev@openssl.org - Tue Dec 11 00:48:42 2012]:
In my case, handshake rate drops down to 5-6% on the same hardware
in 1.0.1c
in comparison to 1.0.0i.
I was wrong. Handshake performance degradation is about 10%.
First guilty function is EVP_DigestSignFinal what is perform copying
In comparison to 1.0.0, in 1.0.1 the implementation of PRF have been
changed.
In order to supporf TLS 1.1/1.2 features, in file ssl/t1_enc.c, in function
tls_P_hash() calls to HMAC_Init/HMAC_Update/HMAC_Final where replaced by
EVP_DigestSignInit/EVP_DigestSignUpdate/EVP_DigestSignFinal.
As a