In comparison to 1.0.0, in 1.0.1 the implementation of PRF have been changed. In order to supporf TLS 1.1/1.2 features, in file ssl/t1_enc.c, in function tls_P_hash() calls to HMAC_Init/HMAC_Update/HMAC_Final where replaced by EVP_DigestSignInit/EVP_DigestSignUpdate/EVP_DigestSignFinal.
As a drawback, keyblock setup for a chiphersuites with 256-bit encryption and MAC key require about 3 times more intensive usage of hash objects. For example, in order to perform one handshake, in OpenSSL 1.0.0i Digest init called 30 times. Digest copy called 69 times. Digest cleanup called 98 times. OpenSSL 1.0.1c Digest init called 105 times. Digest copy called 160 times. Digest cleanup called 264 times. ~3 times more intensive hashes objects usage definitely not good for performance. In my case, handshake rate drops down to 5-6% on the same hardware in 1.0.1c in comparison to 1.0.0i. Also, more intense malloc usage leads to faster head fragmentation. But I didn't able to measure impact of that factor yet. Is there any way to reduce hash objects usage, while keeping TLS 1.1/1.2 features?In comparison to 1.0.0, in 1.0.1 the implementation of PRF have been changed.
In order to supporf TLS 1.1/1.2 features, in file ssl/t1_enc.c, in function tls_P_hash() calls to HMAC_Init/HMAC_Update/HMAC_Final where replaced by EVP_DigestSignInit/EVP_DigestSignUpdate/EVP_DigestSignFinal.
As a drawback, keyblock setup for a chiphersuites with 256-bit encryption and MAC key require about 3 times more intensive usage of hash objects.
For example, in order to perform one handshake,
in OpenSSL 1.0.0i
Digest init called 30 times.
Digest copy called 69 times.
Digest cleanup called 98 times.
OpenSSL 1.0.1c
Digest init called 105 times.
Digest copy called 160 times.
Digest cleanup called 264 times.
~3 times more intensive hashes objects usage definitely not good for performance.
In my case, handshake rate drops down to 5-6% on the same hardware in 1.0.1c in comparison to 1.0.0i.
Also, more intense malloc usage leads to faster head fragmentation. But I didn't able to measure impact of that factor yet.
Is there any way to reduce hash objects usage, while keeping TLS 1.1/1.2 features?
