[openssl/openssl] f45bb9: Precompute some helper objects in each SSL_CTX
0 views
Skip to first unread message
openssl-machine
Apr 13, 2026, 5:07:44 AM (yesterday) Apr 13
to openssl...@openssl.org
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: f45bb9967069bdb37edfad9737d6b9d07ffb7db1
https://github.com/openssl/openssl/commit/f45bb9967069bdb37edfad9737d6b9d07ffb7db1
Author: Viktor Dukhovni <openss...@dukhovni.org>
Date: 2026-04-13 (Mon, 13 Apr 2026)
Changed paths:
M ssl/ssl_lib.c
M ssl/ssl_local.h
M ssl/statem/statem_clnt.c
M ssl/statem/statem_srvr.c
M ssl/t1_enc.c
M ssl/t1_lib.c
M ssl/tls_depr.c
Log Message:
-----------
Precompute some helper objects in each SSL_CTX
Instead of repeated fetching, precompute the below per the library
context and properties of the SSL_CTX and use them for the lifetime of
the SSL_CTX.
- HMAC algorithm handle (session ticket HMAC)
- SHA2-256 algorithm handle (session ticket HMAC)
- AES_256-CBC algorithm handle (session ticket en/decryption)
- TLS1 PRF (when TLS <= 1.2 is supported)
The "sha1" and "md5" handles are no longer used, and those fields are
removed.
The `SSL_HMAC` objects used internally are now stack allocated, and the
associated "new" and "free" functions are now called "construct" and
"destruct" respectively.
Reviewed-by: Matt Caswell <ma...@openssl.foundation>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
MergeDate: Mon Apr 13 09:03:45 2026
(Merged from https://github.com/openssl/openssl/pull/30696)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: f45bb9967069bdb37edfad9737d6b9d07ffb7db1
https://github.com/openssl/openssl/commit/f45bb9967069bdb37edfad9737d6b9d07ffb7db1
Author: Viktor Dukhovni <openss...@dukhovni.org>
Date: 2026-04-13 (Mon, 13 Apr 2026)
Changed paths:
M ssl/ssl_lib.c
M ssl/ssl_local.h
M ssl/statem/statem_clnt.c
M ssl/statem/statem_srvr.c
M ssl/t1_enc.c
M ssl/t1_lib.c
M ssl/tls_depr.c
Log Message:
-----------
Precompute some helper objects in each SSL_CTX
Instead of repeated fetching, precompute the below per the library
context and properties of the SSL_CTX and use them for the lifetime of
the SSL_CTX.
- HMAC algorithm handle (session ticket HMAC)
- SHA2-256 algorithm handle (session ticket HMAC)
- AES_256-CBC algorithm handle (session ticket en/decryption)
- TLS1 PRF (when TLS <= 1.2 is supported)
The "sha1" and "md5" handles are no longer used, and those fields are
removed.
The `SSL_HMAC` objects used internally are now stack allocated, and the
associated "new" and "free" functions are now called "construct" and
"destruct" respectively.
Reviewed-by: Matt Caswell <ma...@openssl.foundation>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
MergeDate: Mon Apr 13 09:03:45 2026
(Merged from https://github.com/openssl/openssl/pull/30696)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages