Comments (4)
There is some limited support for this already via the so-called "stitched" ciphers. I say limited because the support is only for certain ciphersuites and only when Encrypt-Then-Mac is not in use. This is mostly a legacy feature that has not been updated for Encrypt-Then-Mac. See for example:
Lines 584 to 628 in b9e084f
The idea here is that certain composite cipher + MAC combinations are treated like a single AEAD cipher. These are very much "special" ciphersuites and are treated slightly differently to other ciphersuites.
Generally there has not been much interest in pursuing this idea since in recent years AEAD ciphers are the preferred approach so you do not have this split of separate cipher and MAC stages. It is also preferred to try and keep the ciphers "standard" without having special case TLS knowledge inside the cipher implementation. Since all TLSv1.3 ciphersuites are AEAD anyway and the most preferred TLSv1.2 ciphersuites are also AEAD the benefits are small.
from openssl.
Hi Matt,
Thanks for your reply.
I have seen this stitched cipher implementation earlier. Still this is just a (enc+mac) operation together. It doesn't do any addition of padding, record header to the payload on TX and removal of padding, record header stripping on RX. I am trying to see all of this can be cooked into this new feature.
from openssl.
Hi @mattcaswell ,
As part of our next exercise, we plan to do code profiling in the code. The goal of this exercise is to quantify the benefits of adding complete record processing feature by measuring cycles of each of these record APIs. If we can provide the performance benefits of this feature, can we plan this feature for future release?
from openssl.
As part of our next exercise, we plan to do code profiling in the code. The goal of this exercise is to quantify the benefits of adding complete record processing feature by measuring cycles of each of these record APIs. If we can provide the performance benefits of this feature, can we plan this feature for future release?
We would of course be interested in seeing any statistics you have on a performance benefit. I can't say whether we would include such a feature or not. We would need to consider the potential benefits weighed against how invasive or extensive the changes are, and how many people are likely to see the benefits.
from openssl.
Related Issues (20)
- Provide a way to access OpenSSL source code via plain HTTP now that ftp.openssl.org is no more HOT 8
- Are RC5 and MDC2 algorithms are disabled by default in OpenSSL 3.3.0? HOT 1
- s_client/s_server: Read PSK from file instead of taking it as CLI parameter HOT 4
- How to visualize providers function call paths?
- 3.3.1: ${prefix} missing in /usr/lib/pkg-config HOT 13
- Base 64 decoding truncation HOT 1
- memory leak in OPENSSL_config HOT 5
- `apps/openssl.cnf` default is to not enforce TLS. Should default to: enforce TLS HOT 8
- `SSL_get_ex_data_X509_STORE_CTX_idx` does not respect `OSSL_LIB_CTX` HOT 4
- OpenSSL 3.0.8 - How to fallback to default provider when property fips=yes set and FIPS provider is loaded
- OS Zoo CI currently broken HOT 12
- Use of RSA_test_flags generates Segmentation fault HOT 4
- The EVP_PKEY_derive() does not returns maximum size of the output buffer for ECDH with X963KDF HOT 9
- add default cases to switch statements HOT 14
- want to install openssl HOT 1
- -Werror missing from many unit tests HOT 2
- [email protected]
- error during make : For bug reporting instructions, please see: <file:///usr/share/doc/gcc-13/README.Bugs>. ar: providers/common/der/libdefault-lib-der_rsa_sig.o: No such file or directory make[1]: *** [Makefile:22733: providers/libdefault.a] Error 1 make[1]: Leaving directory '/home/alexandre/Téléchargements/openssl' make: *** [Makefile:3731 : build_sw] Erreur 2 HOT 8
- [BUG] asn1_time_test started failing on NonStop as of 3.2 HOT 6
- Investigate Clusterfuzz heap buffer overflow
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openssl.