Comments (7)
@nhorman In general when I've written tests like this for other systems, I've gone in the direction you state (perform a genuine encryption and use that to test decryption performance). However, OpenSSL hasn't done that, so we are purely testing performance here, not correctness (which is why my original fix here, that didn't quite fix it). Since the algorithms we are testing always perform the decryption and tag computations, and only diverge in behaviour when checking the tag at the very last step, performance is still representative. We might want a note to that effect, either as a comment in the code or "elsewhere" (but I not sure where that else might be!)
from openssl.
@tom-cosgrove-arm can you comment on the fix you made in #23757? I'm having trouble seeing how a fake tag can be used with aes in ccm or gcm mode? I think it makes sense in aead mode because (again I think) the tag is validated independently of the decrypt operation, but in ccm mode the tag is never checked in the decrypt operation. Its only checked in gcm mode, and I can't see how an arbitrary tag will pass that check. It seems like instead for gcm mode, we should do an initial encryption of a buffer to obtain a tag and use that computed value consistently during the decrypt operation
from openssl.
The original failure was due to there not being a tag, and the change I made did fix that. However, it looks rather embarrassingly as if I did the work on an out-of-date branch and then rebased without re-testing. I made a comment about "We don't check the return value" which used to be true, but which certainly isn't true these days.
I think the best fix would be something like this - what do you think?
diff --git a/apps/speed.c b/apps/speed.c
index 1fd7eb26b6..ca87302e22 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -882,10 +882,12 @@ static int EVP_Update_loop(void *args)
}
}
}
- if (decrypt)
- rc = EVP_DecryptFinal_ex(ctx, buf, &outl);
- else
+ if (decrypt) {
+ (void)EVP_DecryptFinal_ex(ctx, buf, &outl);
+ rc = 1; /* DecryptFinal will fail because the tag won't verify */
+ } else {
rc = EVP_EncryptFinal_ex(ctx, buf, &outl);
+ }
if (rc == 0)
BIO_printf(bio_err, "Error finalizing cipher loop\n");
from openssl.
It seems like instead for gcm mode, we should do an initial encryption of a buffer to obtain a tag and use that computed value consistently during the decrypt operation
That would definitely be the best option
from openssl.
@ravulapx it seems like the consensus here is that the appropriate fix is, for gcm mode speed tests:
- Modify the speed_main function such that, when loopfunction is set to EVP_Update_loop, and -decrypt is selected, that we preform an initial encryption of a data buffer, and extract the tag from that result
- Modify EVP_Update_loop such that if a tag is assigned in speed_main, we use that as the input tag for decryption
that should avoid this problem. Unfortunately I don't know when we are going to be able to get to this. Would you be willing to create a PR for this effort?
from openssl.
@tom-cosgrove-arm your solution would certainly work. I guess the question is "is it ok for us to test algorithm speed on failing inputs"? If so, that would be a faster solution
from openssl.
@ravulapx are you interested in attempting to write a patch for this and submit it as a pull request, guided by the conversation above?
from openssl.
Related Issues (20)
- OSSL_STORE_LOADER_free() has conflicting documentation HOT 5
- iteration 19 evokes undefined behaviour [gentoo] HOT 7
- Unable to load PKCS7 object with EC key HOT 2
- Issue while installing the riscv-pk -- ../pk/pk.c:188: Error: unknown CSR `senvcfg' HOT 2
- Unable to install OpenSSL on Wndows 11 HOT 4
- s_client seems not using client certificate when connecting via proxy HOT 5
- v3.3.0: CMS + EC keys + PKCS#11 does not work HOT 4
- no NDK arm-linux-androideabi-gcc on $PATH at (eval 12) line 143 error in windows and make[1]: *** [Makefile:3285: apps/libapps.a] Error 127 error when using wsl in windows HOT 10
- Provide a way to access OpenSSL source code via plain HTTP now that ftp.openssl.org is no more HOT 8
- Are RC5 and MDC2 algorithms are disabled by default in OpenSSL 3.3.0? HOT 1
- s_client/s_server: Read PSK from file instead of taking it as CLI parameter HOT 3
- How to visualize providers function call paths?
- 3.3.1: ${prefix} missing in /usr/lib/pkg-config HOT 13
- Base 64 decoding truncation
- memory leak in OPENSSL_config HOT 5
- `apps/openssl.cnf` default is to not enforce TLS. Should default to: enforce TLS HOT 7
- `SSL_get_ex_data_X509_STORE_CTX_idx` does not respect `OSSL_LIB_CTX` HOT 3
- OpenSSL 3.0.8 - How to fallback to default provider when property fips=yes set and FIPS provider is loaded
- OS Zoo CI currently broken HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openssl.