openssh-portable icon indicating copy to clipboard operation
openssh-portable copied to clipboard
verified publisher icon openssh

cipher-chachapoly: use OpenSSL's implementation of Poly1305

Open iucoen opened this issue 9 months ago • 2 comments

OpenSSL starting in version 3.0.0 has a new EVP_MAC API which allows POLY1305 algorithm to be used as a standalone MAC. OpenSSL's implementation is significantly faster, so we should use it when it's available.

With this change on an Intel N5105 (Jasperlake), I observed a 26% speedup for the entire [email protected] cipher from 276MB/s to 350MB/s.

iucoen avatar Mar 11 '25 04:03 iucoen

Any interest in taking this change?

iucoen avatar May 17 '25 10:05 iucoen

I've discussed this with one of the LibreSSL developers and I think we'll probably prefer to use the BoringSSL poly1305 API (which LibreSSL will also adopt), and add a shim to support EVP_MAC in OpenSSL. I'll wait until the LibreSSL people let me know once it's ready to look at.

djmdjm avatar May 19 '25 03:05 djmdjm