commit 5f3d5be52f02d2d149cc11ec4a511d022444d2b1
author Darren Tucker <dtucker@zip.com.au> Tue Jun 05 18:30:18 2007 +1000
committer Darren Tucker <dtucker@zip.com.au> Tue Jun 05 18:30:18 2007 +1000
tree de550fe7966f77cc548a1d4029ceaef4774cce4c
parent 7b21cb5bdc6d0e587f646397b6c6f6ef87505e0b

   - djm@cvs.openbsd.org 2007/06/05 06:52:37
     [kex.c monitor_wrap.c packet.c mac.h kex.h mac.c]
     Preserve MAC ctx between packets, saving 2xhash calls per-packet.
     Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5
     patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm
     committing at his request)

packet.c

diff --git a/packet.c b/packet.c
index a2e9f59..2748980 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.146 2007/05/31 23:34:29 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.147 2007/06/05 06:52:37 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -629,7 +629,8 @@
 		enc  = &newkeys[mode]->enc;
 		mac  = &newkeys[mode]->mac;
 		comp = &newkeys[mode]->comp;
-		memset(mac->key, 0, mac->key_len);
+		if (mac->md != NULL)
+			mac_clear(mac);
 		xfree(enc->name);
 		xfree(enc->iv);
 		xfree(enc->key);
@@ -644,14 +645,17 @@
 	enc  = &newkeys[mode]->enc;
 	mac  = &newkeys[mode]->mac;
 	comp = &newkeys[mode]->comp;
-	if (mac->md != NULL)
+	if (mac->md != NULL) {
+		mac_init(mac);
 		mac->enabled = 1;
+	}
 	DBG(debug("cipher_init_context: %d", mode));
 	cipher_init(cc, enc->cipher, enc->key, enc->key_len,
 	    enc->iv, enc->block_size, crypt_type);
 	/* Deleting the keys does not gain extra security */
 	/* memset(enc->iv,  0, enc->block_size);
-	   memset(enc->key, 0, enc->key_len); */
+	   memset(enc->key, 0, enc->key_len);
+	   memset(mac->key, 0, mac->key_len); */
 	if ((comp->type == COMP_ZLIB ||
 	    (comp->type == COMP_DELAYED && after_authentication)) &&
 	    comp->enabled == 0) {