diff options
author | David Benjamin <davidben@google.com> | 2022-01-23 11:11:17 -0500 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2022-01-24 19:05:20 +0000 |
commit | 345c86b1cfcc478a71a9a71f0206893fd16ae912 (patch) | |
tree | 1e6dfc9460a19ab2ba8c3199bbd8bf3763061aae /tool | |
parent | 50e7ea5f09d15a65f5dd0b63b64504d6d4815001 (diff) | |
download | boringssl-345c86b1cfcc478a71a9a71f0206893fd16ae912.zip boringssl-345c86b1cfcc478a71a9a71f0206893fd16ae912.tar.gz boringssl-345c86b1cfcc478a71a9a71f0206893fd16ae912.tar.bz2 |
Switch CRYPTO_BUFFER_POOL to SipHash-2-4.
This hash table, in applications that use pooling, can dedup received
certificates in memory and thus should use a keyed hash.
Change-Id: Idc40dc8f7463025183121642b30ea0de43ebac0e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51125
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'tool')
-rw-r--r-- | tool/speed.cc | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/tool/speed.cc b/tool/speed.cc index b91a4ce..c12ebb2 100644 --- a/tool/speed.cc +++ b/tool/speed.cc @@ -41,6 +41,7 @@ #include <openssl/nid.h> #include <openssl/rand.h> #include <openssl/rsa.h> +#include <openssl/siphash.h> #include <openssl/trust_token.h> #if defined(OPENSSL_WINDOWS) @@ -561,20 +562,20 @@ static bool SpeedAESBlock(const std::string &name, unsigned bits, static bool SpeedHashChunk(const EVP_MD *md, std::string name, size_t chunk_len) { bssl::ScopedEVP_MD_CTX ctx; - uint8_t scratch[16384]; + uint8_t input[16384] = {0}; - if (chunk_len > sizeof(scratch)) { + if (chunk_len > sizeof(input)) { return false; } name += ChunkLenSuffix(chunk_len); TimeResults results; - if (!TimeFunction(&results, [&ctx, md, chunk_len, &scratch]() -> bool { + if (!TimeFunction(&results, [&ctx, md, chunk_len, &input]() -> bool { uint8_t digest[EVP_MAX_MD_SIZE]; unsigned int md_len; return EVP_DigestInit_ex(ctx.get(), md, NULL /* ENGINE */) && - EVP_DigestUpdate(ctx.get(), scratch, chunk_len) && + EVP_DigestUpdate(ctx.get(), input, chunk_len) && EVP_DigestFinal_ex(ctx.get(), digest, &md_len); })) { fprintf(stderr, "EVP_DigestInit_ex failed.\n"); @@ -1035,6 +1036,29 @@ static bool SpeedBase64(const std::string &selected) { return true; } +static bool SpeedSipHash(const std::string &selected) { + if (!selected.empty() && selected.find("siphash") == std::string::npos) { + return true; + } + + uint64_t key[2] = {0}; + for (size_t len : g_chunk_lengths) { + std::vector<uint8_t> input(len); + TimeResults results; + if (!TimeFunction(&results, [&]() -> bool { + SIPHASH_24(key, input.data(), input.size()); + return true; + })) { + fprintf(stderr, "SIPHASH_24 failed.\n"); + ERR_print_errors_fp(stderr); + return false; + } + results.PrintWithBytes("SipHash-2-4" + ChunkLenSuffix(len), len); + } + + return true; +} + static TRUST_TOKEN_PRETOKEN *trust_token_pretoken_dup( TRUST_TOKEN_PRETOKEN *in) { TRUST_TOKEN_PRETOKEN *out = @@ -1434,7 +1458,8 @@ bool Speed(const std::vector<std::string> &args) { TRUST_TOKEN_experiment_v2_pmb(), 1, selected) || !SpeedTrustToken("TrustToken-Exp2PMB-Batch10", TRUST_TOKEN_experiment_v2_pmb(), 10, selected) || - !SpeedBase64(selected)) { + !SpeedBase64(selected) || + !SpeedSipHash(selected)) { return false; } #if defined(BORINGSSL_FIPS) |