[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: performance in 0.9.7c vs. 0.9.6e : HMAC much slower ?
From:       "Dr. Stephen Henson" <steve () openssl ! org>
Date:       2004-01-22 17:02:49
Message-ID: 20040122170247.GA67920 () openssl ! org
[Download RAW message or body]

On Thu, Jan 22, 2004, Reza Curtmola wrote:

> 
> Thanks for the quick answer.
> Actually in my application I use HMAC for blocks of 150 bytes, but for
> each block that gets HMAC-ed, I use a different key. I noticed the
> slow-down in my application from 0.9.6e to 0.9.7c, and then I needed to
> post this problem I have in a way that other people can understand it too.
> I couldn't just post a piece of my code (the context might be confusing),
> so I performed the 'speed' test in OpenSSL.
> 
> The 'speed' test in OpenSSL probably reuses the same key for the
> tests it performs, and the difference in performance between the two
> version is still considerable.
> 
> In my case, since I use a different key for each HMAC, I suppose that
> memory needs to be allocated each time for the context, there is no key
> reuse. So, do I just have to accept the fact that HMAC needs to be slower
> and that's it? If so, then I will probably have to rely on a non-OpenSSL
> implementation for HMAC.
> 

The allocation is done when a context is first used. If it is reused and the
context size is equal to or less than the one already present it doesn't have
to reallocate. So if you use a new key and the same digest it should reuse the
existing memory.

However you'll have to use the HMAC_*_ex() functions for that, well when the
are fixed.

The old none _ex() functions however assumed (and lots of code depended on
this) that the whatever_ctx was totally unitialized and so the allocation and
freeing has to be done on each call for the old functions.

There may be some cases where due to some inefficiencies contexts are reused
more than they should be. Those will be fixed as and when someone notices them
:-)

> Also, the lack of memory allocation overheads  in 0.9.6e (present in the
> EVP changes in 0.9.7) was something that really needed to be changed?
> 

In 0.9.6 and earlier there was no allocation and the contexts were all
allocated on the stack. This meant that new ciphers and digests couldn't use
more space than was already present. Additionally the context had to use the
maximum space required, in one extereme case each context allocate 7K+ on the
stack which would cause problems on restricted stack environments.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]