I think 16k was enough to demonstrate that the timing difference
becomes more marginal the larger the amount of data to encrypt in the
same session is.
This makes me think that we might want to rethink the reset functions,
i.e. the likes of EVP_CIPHER_CTX_reset()... could we change that
function to become a call down to provider code? We do allow that for
the non-provider back-ends, they can implement a 'cleanup' function.
Right now, EVP_CIPHER_CTX_reset() just calls the provider's function
to free its operation context, which forces us to re-initialize
everything with a restarted session, i.e. pass the key anew, etc etc
etc.
Cheers,
Richard
On Thu, 18 Jun 2020 06:50:45 +0200,
Hal Murray wrote:
How does it look for large input? As in many kilobytes or megabytes?
16K is all I was willing to wait for. Timing for really long blocks turns
into a memory test. The right unit is ns/byte. If that's an interesting
case, I'll hack some code to do longer blocks.
pp>
1.1.1g
AES-128 16 48 16 225 0.225 475ac1c053379e7dbd4ce80b87d2178e
AES-128 16 1024 16 1682 1.682 159d6d5c13f35d37c72efc5f6dbf40ad
AES-128 16 16384 16 24566 24.566 581f7b133ad6f3697f33c3f836fdb6e6
3.0.0 alpha3
AES-128 16 48 16 496 0.496 475ac1c053379e7dbd4ce80b87d2178e
AES-128 16 1024 16 1953 1.953 159d6d5c13f35d37c72efc5f6dbf40ad
AES-128 16 16384 16 24820 24.820 581f7b133ad6f3697f33c3f836fdb6e6
-----------
3.0.0 alpha3:
CMAC
AES-128 16 16384 16 25270 25.270 581f7b133ad6f3697f33c3f836fdb6e6
PKEY
AES-128 16 16384 16 24839 24.839 581f7b133ad6f3697f33c3f836fdb6e6
EVP_MAC
AES-128 16 16384 16 25462 25.462 581f7b133ad6f3697f33c3f836fdb6e6
EVP_MAC with Preload cipher and key
AES-128 16 16384 16 24567 24.567 581f7b133ad6f3697f33c3f836fdb6e6
--
These are my opinions. I hate spam.
--
Richard Levitte
levitte@xxxxxxxxxxxOpenSSL Project
http://www.openssl.org/~levitte/