Preserve MAC ctx between packets, saving 2xhash calls per-packet.

Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5

patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm
committing at his request)

1 files changed, 8 insertions, 4 deletions

diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c
index 8738e9fad2c..3cc4b87c10d 100644
--- a/usr.bin/ssh/packet.c
+++ b/usr.bin/ssh/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.146 2007/05/31 23:34:29 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.147 2007/06/05 06:52:37 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -620,7 +620,8 @@ set_newkeys(int mode)
 		enc  = &newkeys[mode]->enc;
 		mac  = &newkeys[mode]->mac;
 		comp = &newkeys[mode]->comp;
-		memset(mac->key, 0, mac->key_len);
+		if (mac->md != NULL)
+			mac_clear(mac);
 		xfree(enc->name);
 		xfree(enc->iv);
 		xfree(enc->key);
@@ -635,14 +636,17 @@ set_newkeys(int mode)
 	enc  = &newkeys[mode]->enc;
 	mac  = &newkeys[mode]->mac;
 	comp = &newkeys[mode]->comp;
-	if (mac->md != NULL)
+	if (mac->md != NULL) {
+		mac_init(mac);
 		mac->enabled = 1;
+	}
 	DBG(debug("cipher_init_context: %d", mode));
 	cipher_init(cc, enc->cipher, enc->key, enc->key_len,
 	    enc->iv, enc->block_size, crypt_type);
 	/* Deleting the keys does not gain extra security */
 	/* memset(enc->iv,  0, enc->block_size);
-	   memset(enc->key, 0, enc->key_len); */
+	   memset(enc->key, 0, enc->key_len);
+	   memset(mac->key, 0, mac->key_len); */
 	if ((comp->type == COMP_ZLIB ||
 	    (comp->type == COMP_DELAYED && after_authentication)) &&
 	    comp->enabled == 0) {