Databases
StackOverflow2013
Postsdbo
POAccidental Complexity in OpenSSL HMAC functions
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POAccidental Complexity in OpenSSL HMAC functions
    primarykey
    data
    text
    <p><strong>SSL Documentation Analaysis</strong></p> <p>This question is pertaining the usage of the HMAC routines in OpenSSL.</p> <p>Since Openssl documentation is a tad on the weak side in certain areas, profiling has revealed that using the:</p> <pre><code> unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, int n, unsigned char *md, unsigned int *md_len); </code></pre> <p>From <a href="http://www.openssl.org/docs/crypto/hmac.html#" rel="nofollow noreferrer">here</a>, shows <strong>40% of my library runtime</strong> is devoted to creating and taking down <strong>HMAC_CTX</strong>'s behind the scenes.</p> <p>There are also two additional function to create and destroy a <strong>HMAC_CTX</strong> explicetly:</p> <blockquote> <p>HMAC_CTX_init() initialises a HMAC_CTX before first use. It must be called.</p> <p>HMAC_CTX_cleanup() erases the key and other data from the HMAC_CTX and releases any associated resources. It must be called when an HMAC_CTX is no longer required.</p> </blockquote> <p>These two function calls are prefixed with:</p> <blockquote> <p>The following functions may be used if the message is not completely stored in memory</p> </blockquote> <p>My data fits entirely in memory, so I choose the HMAC function -- the one whose signature is shown above.</p> <p>The context, as described by the man page, is made use of by using the following two functions:</p> <blockquote> <p>HMAC_Update() can be called repeatedly with chunks of the message to be authenticated (len bytes at data).</p> <p>HMAC_Final() places the message authentication code in md, which must have space for the hash function output.</p> </blockquote> <hr> <p><strong>The Scope of the Application</strong></p> <p>My application generates a authentic (HMAC, which is also used a nonce), CBC-BF encrypted protocol buffer string. The code will be interfaced with various web-servers and frameworks Windows / Linux as OS, nginx, Apache and IIS as webservers and Python / .NET and C++ web-server filters. </p> <p>The description above should clarify that the library needs to be thread safe, and <strong>potentially</strong> have resumeable processing state -- i.e., lightweight threads sharing a OS thread (which might leave thread local memory out of the picture).</p> <hr> <p><strong>The Question</strong></p> <p>How do I get rid of the <strong>40% overhead on each invocation</strong> in a (1) thread-safe / (2) resume-able state way ? (2) is optional since I have all of the source-data present in one go, and can make sure a digest is created in place without relinquishing control of the thread mid-digest-creation. So,</p> <p>(1) can probably be done using thread local memory -- but how do I resuse the CTX's ? does the <strong>HMAC_final()</strong> call make the CTX reusable ?. </p> <p>(2) optional: in this case I would have to create a pool of CTX's.</p> <p>(3) how does the HMAC function do this ? does it create a CTX in the scope of the function call and destroy it ? </p> <p><strong>Psuedocode and commentary will be useful.</strong></p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USHassan Syed
    1. USHassan Syed
    plurals
    1. This table or related slice is empty.
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POAccidental Complexity in OpenSSL HMAC functions
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POAccidental Complexity in OpenSSL HMAC functions
      1. This table or related slice is empty.
      1. VTUpMod
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload