On Sun, Jan 29, 2017 at 10:44:49PM +0100, Kurt Roeckx wrote:
> On Sun, Jan 29, 2017 at 09:09:56PM +, Greg Rubin wrote:
> > Mind running the timings with the legacy interfaces as well? We may
> > determine that the speed benefits are outweighed by the risks and
> > complexities of an older API,
Hal Murray :
>
> e...@thyrsus.com said:
> [context is cleaning up crypto code]
> > Oh dear Goddess you are right. I think I noticed that before but spaced it.
> > I'll fix that up once I've had some sleep.
>
> My straw man is that the table that holds keys has
> password
> password length
>
e...@thyrsus.com said:
[context is cleaning up crypto code]
> Oh dear Goddess you are right. I think I noticed that before but spaced it.
> I'll fix that up once I've had some sleep.
My straw man is that the table that holds keys has
password
password length
digest length
the magic that
Hal Murray :
> There shouldn't be any MD5 code. Both MD5 and SHA1 should use a generic
> routing to calculate the digest.
They both do, now that everyting goes through OpenSSL. What I meant by the MD5
code was the calls in a_md5encrypt.c, as opposed to the ones in ntp_leapsec.c.
> I copied som
e...@thyrsus.com said:
> Please commit it, then.
There are two issues tangled up in this area.
Build fails on Debian sid (#237)
https://gitlab.com/NTPsec/ntpsec/issues/237
Debian sid has openssl 1.1.0c
OpenSSL v1.1 compatibility (!306)
https://gitlab.com/NTPsec/ntpsec/merge_requests/306
I
On Sun, Jan 29, 2017 at 09:09:56PM +, Greg Rubin wrote:
> Mind running the timings with the legacy interfaces as well? We may
> determine that the speed benefits are outweighed by the risks and
> complexities of an older API, but it would be good to have the data so we
> can make an informed d
Mind running the timings with the legacy interfaces as well? We may
determine that the speed benefits are outweighed by the risks and
complexities of an older API, but it would be good to have the data so we
can make an informed decision.
https://www.openssl.org/docs/man1.0.2/crypto/md5.html
http
Hal Murray :
> The speedup applies to any type of crypto. I didn't bother implementing the
> MD5 half. The change is just cleaning up the per-digest initialization.
> We'll want it for anything going forward.
Please commit it, then. And please do the MD5 code in libntp/a_md5encrypt.c
and lib
e...@thyrsus.com said:
> I'm not sure we care a lot about this performance gain, given that SHA-1 use
> seems to be uncommon. But the change seems simple enough and would only need
> to be done in two places. Would it change the floor version of OpenSSL we
> can use?
The speedup applies to any t
Hal Murray :
>
> This is computing the digest for a password and a 48 byte packet, then
> dropping it on the floor.
>
> The "old" version uses EVP_DigestInit, like the current code in ntpd.
> The new version uses EVP_DigestInit_ex and a static context.
>
>
> Intel(R) Core(TM) i3-2120 CPU @ 3.3
This is computing the digest for a password and a 48 byte packet, then
dropping it on the floor.
The "old" version uses EVP_DigestInit, like the current code in ntpd.
The new version uses EVP_DigestInit_ex and a static context.
Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
100 MD5 encrypts took
11 matches
Mail list logo
