Fix openssl speed for aes-ccm #4480
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
richsalz
approved these changes
Oct 7, 2017
richsalz
added
branch: master
paulidale
requested changes
Oct 8, 2017
apps/speed.c
Outdated
There was a problem hiding this comment.
The ARIA cipher also supports CCM mode. This scheme could be extended like this:
#ifndef OPENSSL_NO_ARIA
case NID_aria_128_ccm:
case NID_aria_192_ccm:
case NID_aria_256_ccm:
#endif
However, I'd greatly prefer to see a more generic way to determine this (using EVP_CIPHER_mode perhaps) that doesn't require a list of possible ciphers to be maintained.
switch (EVP_CIPHER_mode(evp_cipher)) {
case EVP_CIPH_CCM_MODE:
loopfunc = EVP_Update_loop_ccm;
break;
default:
loopfunc = EVP_Update_loop;
}
It also looks like the documentation in doc/man3/EVP_EncryptInit.pod could use a refresh to mention CTR, GCM, CCM, OCB, WRAP and XTS modes
There was a problem hiding this comment.
agreed. implemented the EVP_CIPHER_mode-based solution.
addressed the doc issue in a separate PR: #4498
CCM does not support streaming: An additional call to (EVP_...)Update must precede each call to Update to pass the total message length. The generic Update_loop calls Update one time such that in case of CCM only the total message length is passed. No encryption/decryption measured. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
paulidale
added
approval: done
|
Merged. |
levitte
pushed a commit
that referenced
this pull request
Oct 9, 2017
CCM does not support streaming: An additional call to (EVP_...)Update must precede each call to Update to pass the total message length. The generic Update_loop calls Update one time such that in case of CCM only the total message length is passed. No encryption/decryption measured. Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from #4480)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CCM does not support streaming: An additional call to (EVP_...)Update must
precede each call to Update to pass the total message length. The generic
Update_loop calls Update one time such that in case of CCM only the total
message length is passed. No encryption/decryption measured.
... Therefore, 'openssl speed -evp aes-xxx-ccm' shows 'infinite' numbers.
I use this patch for some time to measure actual aes-ccm performance. Im not completely happy with it because the aes-ccm results are not 100% comparable with the other ciphers. However, its more useful than the present 'infinite' results. Opinions ?