OpenSSL 3.0.0

[Kurt Roeckx]

On Mon, Jun 15, 2020 at 11:54:57PM -0700, Hal Murray via devel wrote:
> 
> They are up to alpha3.  I've been trying it.
> 
> I added a tweak to wscript to support this, and some notes in HOWTO-OpenSSL
> That recipe also works for getting 1.1.1 on old systems so they can use NTS.
> 
> ---------
> 
> There are several big changes in 3.0.0
>   The CMAC_* API that we have been using is now DEPRECATED.
>   The low level crypto stuff that we use has slowed down.
>   There is a blizzard of shadow warnings for freefunc if Python.h is included.
> 
> I added attic/cmac-timing to time the various ways to do the CMAC calculations.
> It's also a convenient place to debug the recipe.  In addition to the old way, 
> there is a way that works on both old and new OpenSSL, and another way that 
> only works with the new code.
> 
> The new way has split the setup/init code into two parts.  One does the setup 
> stuff derived from a key.  The other initializes the internal data.  The 
> second part is quick.  If we can afford the memory for a context for each key, 
> we can speed up CMAC calculations a whole lot.  We should be able to get half 
> of that speedup on the server by having the transmit side reuse the context 
> setup by the receive side.  But the new way is so slow that even with that 
> hack, the CMAC calculation much slower than the old code.

Note that we're still waiting for a reply from you about your
test code. I would like to see if it's possible to improve the
speed in 3.0.0, or at least understand where the slowdown comes
from.


Kurt