summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndy Polyakov <appro@openssl.org>2014-01-03 21:52:49 +0100
committerAndy Polyakov <appro@openssl.org>2014-01-03 21:56:03 +0100
commit4abe148444d739b033dc6fe8613eba0b8ac82270 (patch)
tree7747268c57d78951e66b9920113cdfa5141a8d6a
parent04d69404367a5e85b8d3cadb75072db5d1c6b104 (diff)
ssl/t1_enc.c: optimize PRF (suggested by Intel).
(cherry picked from commit e8b0dd57c0e9c53fd0708f0f458a7a2fd7a95c91)
Diffstat
-rw-r--r--ssl/t1_enc.c17
1 files changed, 8 insertions, 9 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 78ce5256e3..96c85a4d1b 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -160,7 +160,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
{
int chunk;
size_t j;
- EVP_MD_CTX ctx, ctx_tmp;
+ EVP_MD_CTX ctx, ctx_tmp, ctx_init;
EVP_PKEY *mac_key;
unsigned char A1[EVP_MAX_MD_SIZE];
size_t A1_len;
@@ -171,14 +171,14 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
EVP_MD_CTX_init(&ctx);
EVP_MD_CTX_init(&ctx_tmp);
- EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_MD_CTX_init(&ctx_init);
+ EVP_MD_CTX_set_flags(&ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
if (!mac_key)
goto err;
- if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key))
+ if (!EVP_DigestSignInit(&ctx_init,NULL,md, NULL, mac_key))
goto err;
- if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key))
+ if (!EVP_MD_CTX_copy_ex(&ctx,&ctx_init))
goto err;
if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
goto err;
@@ -196,13 +196,11 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
for (;;)
{
/* Reinit mac contexts */
- if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key))
- goto err;
- if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key))
+ if (!EVP_MD_CTX_copy_ex(&ctx,&ctx_init))
goto err;
if (!EVP_DigestSignUpdate(&ctx,A1,A1_len))
goto err;
- if (!EVP_DigestSignUpdate(&ctx_tmp,A1,A1_len))
+ if (olen>chunk && !EVP_MD_CTX_copy_ex(&ctx_tmp,&ctx))
goto err;
if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
goto err;
@@ -238,6 +236,7 @@ err:
EVP_PKEY_free(mac_key);
EVP_MD_CTX_cleanup(&ctx);
EVP_MD_CTX_cleanup(&ctx_tmp);
+ EVP_MD_CTX_cleanup(&ctx_init);
OPENSSL_cleanse(A1,sizeof(A1));
return ret;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-06 12:17:17 +0000