mirror of git://git.gnupg.org/gnupg.git
g10: Avoid extra hash contexts when decrypting MDC input
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_mdc'.
(release_list): Clear 'seen_pkt_encrypted_mdc'.
(proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
(have_seen_pkt_encrypted_aead): Rename to...
(have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
'seen_pkt_encrypted_mdc'.
(proc_plaintext): Do not enable extra hash contexts when decrypting
MDC input.
--
Avoiding extra hash contexts speeds up CFB/MDC decryption quite
a lot. For example, decrypting symmetric-key AES-256 encrypted
4 GiB file from RAM to /dev/null sees ~3.4x speed increase on
AMD Ryzen 5800X:
AES256.CFB encryption: 783 MB/s
AES256.CFB decryption: 386 MB/s (before)
AES256.CFB encryption: 1.3 GB/s (after patch)
Note, AEAD is still significantly faster:
AES256.OCB encryption: 2.2 GB/s
AES256.OCB decryption: 3.0 GB/s
GnuPG-bug-id: T5820
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
(cherry picked from commit ab177eed51)
Even 2.2 with the older Libgcrypt 1.8 gets a threefold speedup; see
https://dev.gnupg.org/T5820#155447 (AES-128 vs. AES-256 does not make
a substanial difference)
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Jussi Kivilinna
Werner Koch
parent
a2db490de5
commit
9116fd1e9a
|
|
@ -98,6 +98,7 @@ struct mainproc_context
|
|||
ulong symkeys; /* Number of symmetrically encrypted session keys. */
|
||||
struct kidlist_item *pkenc_list; /* List of encryption packets. */
|
||||
int seen_pkt_encrypted_aead; /* PKT_ENCRYPTED_AEAD packet seen. */
|
||||
int seen_pkt_encrypted_mdc; /* PKT_ENCRYPTED_MDC packet seen. */
|
||||
struct {
|
||||
unsigned int sig_seen:1; /* Set to true if a signature packet
|
||||
has been seen. */
|
||||
|
|
@ -147,6 +148,7 @@ release_list( CTX c )
|
|||
c->any.uncompress_failed = 0;
|
||||
c->last_was_session_key = 0;
|
||||
c->seen_pkt_encrypted_aead = 0;
|
||||
c->seen_pkt_encrypted_mdc = 0;
|
||||
xfree (c->dek);
|
||||
c->dek = NULL;
|
||||
}
|
||||
|
|
@ -639,6 +641,8 @@ proc_encrypted (CTX c, PACKET *pkt)
|
|||
|
||||
if (pkt->pkttype == PKT_ENCRYPTED_AEAD)
|
||||
c->seen_pkt_encrypted_aead = 1;
|
||||
if (pkt->pkttype == PKT_ENCRYPTED_MDC)
|
||||
c->seen_pkt_encrypted_mdc = 1;
|
||||
|
||||
if (early_plaintext)
|
||||
{
|
||||
|
|
@ -864,7 +868,7 @@ proc_encrypted (CTX c, PACKET *pkt)
|
|||
|
||||
|
||||
static int
|
||||
have_seen_pkt_encrypted_aead( CTX c )
|
||||
have_seen_pkt_encrypted_aead_or_mdc( CTX c )
|
||||
{
|
||||
CTX cc;
|
||||
|
||||
|
|
@ -872,6 +876,8 @@ have_seen_pkt_encrypted_aead( CTX c )
|
|||
{
|
||||
if (cc->seen_pkt_encrypted_aead)
|
||||
return 1;
|
||||
if (cc->seen_pkt_encrypted_mdc)
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
@ -953,7 +959,7 @@ proc_plaintext( CTX c, PACKET *pkt )
|
|||
}
|
||||
}
|
||||
|
||||
if (!any && !opt.skip_verify && !have_seen_pkt_encrypted_aead(c))
|
||||
if (!any && !opt.skip_verify && !have_seen_pkt_encrypted_aead_or_mdc(c))
|
||||
{
|
||||
/* This is for the old GPG LITERAL+SIG case. It's not legal
|
||||
according to 2440, so hopefully it won't come up that often.
|
||||
|
|
|
|||
Loading…
Reference in New Issue