xref: /freebsd/crypto/openssl/apps/speed.c (revision 0d0c8621fd181e507f0fb50ffcca606faf66a8c2)
1 /*
2  * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4  *
5  * Licensed under the Apache License 2.0 (the "License").  You may not use
6  * this file except in compliance with the License.  You can obtain a copy
7  * in the file LICENSE in the source distribution or at
8  * https://www.openssl.org/source/license.html
9  */
10 
11 #undef SECONDS
12 #define SECONDS          3
13 #define PKEY_SECONDS    10
14 
15 #define RSA_SECONDS     PKEY_SECONDS
16 #define DSA_SECONDS     PKEY_SECONDS
17 #define ECDSA_SECONDS   PKEY_SECONDS
18 #define ECDH_SECONDS    PKEY_SECONDS
19 #define EdDSA_SECONDS   PKEY_SECONDS
20 #define SM2_SECONDS     PKEY_SECONDS
21 #define FFDH_SECONDS    PKEY_SECONDS
22 
23 /* We need to use some deprecated APIs */
24 #define OPENSSL_SUPPRESS_DEPRECATED
25 
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <math.h>
30 #include "apps.h"
31 #include "progs.h"
32 #include "internal/numbers.h"
33 #include <openssl/crypto.h>
34 #include <openssl/rand.h>
35 #include <openssl/err.h>
36 #include <openssl/evp.h>
37 #include <openssl/objects.h>
38 #include <openssl/core_names.h>
39 #include <openssl/async.h>
40 #if !defined(OPENSSL_SYS_MSDOS)
41 # include <unistd.h>
42 #endif
43 
44 #if defined(__TANDEM)
45 # if defined(OPENSSL_TANDEM_FLOSS)
46 #  include <floss.h(floss_fork)>
47 # endif
48 #endif
49 
50 #if defined(_WIN32)
51 # include <windows.h>
52 #endif
53 
54 #include <openssl/bn.h>
55 #include <openssl/rsa.h>
56 #include "./testrsa.h"
57 #ifndef OPENSSL_NO_DH
58 # include <openssl/dh.h>
59 #endif
60 #include <openssl/x509.h>
61 #include <openssl/dsa.h>
62 #include "./testdsa.h"
63 #include <openssl/modes.h>
64 
65 #ifndef HAVE_FORK
66 # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
67 #  define HAVE_FORK 0
68 # else
69 #  define HAVE_FORK 1
70 #  include <sys/wait.h>
71 # endif
72 #endif
73 
74 #if HAVE_FORK
75 # undef NO_FORK
76 #else
77 # define NO_FORK
78 #endif
79 
80 #define MAX_MISALIGNMENT 63
81 #define MAX_ECDH_SIZE   256
82 #define MISALIGN        64
83 #define MAX_FFDH_SIZE 1024
84 
85 #ifndef RSA_DEFAULT_PRIME_NUM
86 # define RSA_DEFAULT_PRIME_NUM 2
87 #endif
88 
89 typedef struct openssl_speed_sec_st {
90     int sym;
91     int rsa;
92     int dsa;
93     int ecdsa;
94     int ecdh;
95     int eddsa;
96     int sm2;
97     int ffdh;
98 } openssl_speed_sec_t;
99 
100 static volatile int run = 0;
101 
102 static int mr = 0;  /* machine-readeable output format to merge fork results */
103 static int usertime = 1;
104 
105 static double Time_F(int s);
106 static void print_message(const char *s, long num, int length, int tm);
107 static void pkey_print_message(const char *str, const char *str2,
108                                long num, unsigned int bits, int sec);
109 static void print_result(int alg, int run_no, int count, double time_used);
110 #ifndef NO_FORK
111 static int do_multi(int multi, int size_num);
112 #endif
113 
114 static const int lengths_list[] = {
115     16, 64, 256, 1024, 8 * 1024, 16 * 1024
116 };
117 #define SIZE_NUM         OSSL_NELEM(lengths_list)
118 static const int *lengths = lengths_list;
119 
120 static const int aead_lengths_list[] = {
121     2, 31, 136, 1024, 8 * 1024, 16 * 1024
122 };
123 
124 #define START   0
125 #define STOP    1
126 
127 #ifdef SIGALRM
128 
alarmed(int sig)129 static void alarmed(int sig)
130 {
131     signal(SIGALRM, alarmed);
132     run = 0;
133 }
134 
Time_F(int s)135 static double Time_F(int s)
136 {
137     double ret = app_tminterval(s, usertime);
138     if (s == STOP)
139         alarm(0);
140     return ret;
141 }
142 
143 #elif defined(_WIN32)
144 
145 # define SIGALRM -1
146 
147 static unsigned int lapse;
148 static volatile unsigned int schlock;
alarm_win32(unsigned int secs)149 static void alarm_win32(unsigned int secs)
150 {
151     lapse = secs * 1000;
152 }
153 
154 # define alarm alarm_win32
155 
sleepy(VOID * arg)156 static DWORD WINAPI sleepy(VOID * arg)
157 {
158     schlock = 1;
159     Sleep(lapse);
160     run = 0;
161     return 0;
162 }
163 
Time_F(int s)164 static double Time_F(int s)
165 {
166     double ret;
167     static HANDLE thr;
168 
169     if (s == START) {
170         schlock = 0;
171         thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
172         if (thr == NULL) {
173             DWORD err = GetLastError();
174             BIO_printf(bio_err, "unable to CreateThread (%lu)", err);
175             ExitProcess(err);
176         }
177         while (!schlock)
178             Sleep(0);           /* scheduler spinlock */
179         ret = app_tminterval(s, usertime);
180     } else {
181         ret = app_tminterval(s, usertime);
182         if (run)
183             TerminateThread(thr, 0);
184         CloseHandle(thr);
185     }
186 
187     return ret;
188 }
189 #else
190 # error "SIGALRM not defined and the platform is not Windows"
191 #endif
192 
193 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
194                              const openssl_speed_sec_t *seconds);
195 
opt_found(const char * name,unsigned int * result,const OPT_PAIR pairs[],unsigned int nbelem)196 static int opt_found(const char *name, unsigned int *result,
197                      const OPT_PAIR pairs[], unsigned int nbelem)
198 {
199     unsigned int idx;
200 
201     for (idx = 0; idx < nbelem; ++idx, pairs++)
202         if (strcmp(name, pairs->name) == 0) {
203             *result = pairs->retval;
204             return 1;
205         }
206     return 0;
207 }
208 #define opt_found(value, pairs, result)\
209     opt_found(value, result, pairs, OSSL_NELEM(pairs))
210 
211 typedef enum OPTION_choice {
212     OPT_COMMON,
213     OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
214     OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM,
215     OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC
216 } OPTION_CHOICE;
217 
218 const OPTIONS speed_options[] = {
219     {OPT_HELP_STR, 1, '-', "Usage: %s [options] [algorithm...]\n"},
220 
221     OPT_SECTION("General"),
222     {"help", OPT_HELP, '-', "Display this summary"},
223     {"mb", OPT_MB, '-',
224      "Enable (tls1>=1) multi-block mode on EVP-named cipher"},
225     {"mr", OPT_MR, '-', "Produce machine readable output"},
226 #ifndef NO_FORK
227     {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
228 #endif
229 #ifndef OPENSSL_NO_ASYNC
230     {"async_jobs", OPT_ASYNCJOBS, 'p',
231      "Enable async mode and start specified number of jobs"},
232 #endif
233 #ifndef OPENSSL_NO_ENGINE
234     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
235 #endif
236     {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
237 
238     OPT_SECTION("Selection"),
239     {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
240     {"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"},
241     {"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"},
242     {"decrypt", OPT_DECRYPT, '-',
243      "Time decryption instead of encryption (only EVP)"},
244     {"aead", OPT_AEAD, '-',
245      "Benchmark EVP-named AEAD cipher in TLS-like sequence"},
246 
247     OPT_SECTION("Timing"),
248     {"elapsed", OPT_ELAPSED, '-',
249      "Use wall-clock time instead of CPU user time as divisor"},
250     {"seconds", OPT_SECONDS, 'p',
251      "Run benchmarks for specified amount of seconds"},
252     {"bytes", OPT_BYTES, 'p',
253      "Run [non-PKI] benchmarks on custom-sized buffer"},
254     {"misalign", OPT_MISALIGN, 'p',
255      "Use specified offset to mis-align buffers"},
256 
257     OPT_R_OPTIONS,
258     OPT_PROV_OPTIONS,
259 
260     OPT_PARAMETERS(),
261     {"algorithm", 0, 0, "Algorithm(s) to test (optional; otherwise tests all)"},
262     {NULL}
263 };
264 
265 enum {
266     D_MD2, D_MDC2, D_MD4, D_MD5, D_SHA1, D_RMD160,
267     D_SHA256, D_SHA512, D_WHIRLPOOL, D_HMAC,
268     D_CBC_DES, D_EDE3_DES, D_RC4, D_CBC_IDEA, D_CBC_SEED,
269     D_CBC_RC2, D_CBC_RC5, D_CBC_BF, D_CBC_CAST,
270     D_CBC_128_AES, D_CBC_192_AES, D_CBC_256_AES,
271     D_CBC_128_CML, D_CBC_192_CML, D_CBC_256_CML,
272     D_EVP, D_GHASH, D_RAND, D_EVP_CMAC, ALGOR_NUM
273 };
274 /* name of algorithms to test. MUST BE KEEP IN SYNC with above enum ! */
275 static const char *names[ALGOR_NUM] = {
276     "md2", "mdc2", "md4", "md5", "sha1", "rmd160",
277     "sha256", "sha512", "whirlpool", "hmac(md5)",
278     "des-cbc", "des-ede3", "rc4", "idea-cbc", "seed-cbc",
279     "rc2-cbc", "rc5-cbc", "blowfish", "cast-cbc",
280     "aes-128-cbc", "aes-192-cbc", "aes-256-cbc",
281     "camellia-128-cbc", "camellia-192-cbc", "camellia-256-cbc",
282     "evp", "ghash", "rand", "cmac"
283 };
284 
285 /* list of configured algorithm (remaining), with some few alias */
286 static const OPT_PAIR doit_choices[] = {
287     {"md2", D_MD2},
288     {"mdc2", D_MDC2},
289     {"md4", D_MD4},
290     {"md5", D_MD5},
291     {"hmac", D_HMAC},
292     {"sha1", D_SHA1},
293     {"sha256", D_SHA256},
294     {"sha512", D_SHA512},
295     {"whirlpool", D_WHIRLPOOL},
296     {"ripemd", D_RMD160},
297     {"rmd160", D_RMD160},
298     {"ripemd160", D_RMD160},
299     {"rc4", D_RC4},
300     {"des-cbc", D_CBC_DES},
301     {"des-ede3", D_EDE3_DES},
302     {"aes-128-cbc", D_CBC_128_AES},
303     {"aes-192-cbc", D_CBC_192_AES},
304     {"aes-256-cbc", D_CBC_256_AES},
305     {"camellia-128-cbc", D_CBC_128_CML},
306     {"camellia-192-cbc", D_CBC_192_CML},
307     {"camellia-256-cbc", D_CBC_256_CML},
308     {"rc2-cbc", D_CBC_RC2},
309     {"rc2", D_CBC_RC2},
310     {"rc5-cbc", D_CBC_RC5},
311     {"rc5", D_CBC_RC5},
312     {"idea-cbc", D_CBC_IDEA},
313     {"idea", D_CBC_IDEA},
314     {"seed-cbc", D_CBC_SEED},
315     {"seed", D_CBC_SEED},
316     {"bf-cbc", D_CBC_BF},
317     {"blowfish", D_CBC_BF},
318     {"bf", D_CBC_BF},
319     {"cast-cbc", D_CBC_CAST},
320     {"cast", D_CBC_CAST},
321     {"cast5", D_CBC_CAST},
322     {"ghash", D_GHASH},
323     {"rand", D_RAND}
324 };
325 
326 static double results[ALGOR_NUM][SIZE_NUM];
327 
328 enum { R_DSA_512, R_DSA_1024, R_DSA_2048, DSA_NUM };
329 static const OPT_PAIR dsa_choices[DSA_NUM] = {
330     {"dsa512", R_DSA_512},
331     {"dsa1024", R_DSA_1024},
332     {"dsa2048", R_DSA_2048}
333 };
334 static double dsa_results[DSA_NUM][2];  /* 2 ops: sign then verify */
335 
336 enum {
337     R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680,
338     R_RSA_15360, RSA_NUM
339 };
340 static const OPT_PAIR rsa_choices[RSA_NUM] = {
341     {"rsa512", R_RSA_512},
342     {"rsa1024", R_RSA_1024},
343     {"rsa2048", R_RSA_2048},
344     {"rsa3072", R_RSA_3072},
345     {"rsa4096", R_RSA_4096},
346     {"rsa7680", R_RSA_7680},
347     {"rsa15360", R_RSA_15360}
348 };
349 
350 static double rsa_results[RSA_NUM][2];  /* 2 ops: sign then verify */
351 
352 #ifndef OPENSSL_NO_DH
353 enum ff_params_t {
354     R_FFDH_2048, R_FFDH_3072, R_FFDH_4096, R_FFDH_6144, R_FFDH_8192, FFDH_NUM
355 };
356 
357 static const OPT_PAIR ffdh_choices[FFDH_NUM] = {
358     {"ffdh2048", R_FFDH_2048},
359     {"ffdh3072", R_FFDH_3072},
360     {"ffdh4096", R_FFDH_4096},
361     {"ffdh6144", R_FFDH_6144},
362     {"ffdh8192", R_FFDH_8192},
363 };
364 
365 static double ffdh_results[FFDH_NUM][1];  /* 1 op: derivation */
366 #endif /* OPENSSL_NO_DH */
367 
368 enum ec_curves_t {
369     R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
370 #ifndef OPENSSL_NO_EC2M
371     R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
372     R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
373 #endif
374     R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1,
375     R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM
376 };
377 /* list of ecdsa curves */
378 static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
379     {"ecdsap160", R_EC_P160},
380     {"ecdsap192", R_EC_P192},
381     {"ecdsap224", R_EC_P224},
382     {"ecdsap256", R_EC_P256},
383     {"ecdsap384", R_EC_P384},
384     {"ecdsap521", R_EC_P521},
385 #ifndef OPENSSL_NO_EC2M
386     {"ecdsak163", R_EC_K163},
387     {"ecdsak233", R_EC_K233},
388     {"ecdsak283", R_EC_K283},
389     {"ecdsak409", R_EC_K409},
390     {"ecdsak571", R_EC_K571},
391     {"ecdsab163", R_EC_B163},
392     {"ecdsab233", R_EC_B233},
393     {"ecdsab283", R_EC_B283},
394     {"ecdsab409", R_EC_B409},
395     {"ecdsab571", R_EC_B571},
396 #endif
397     {"ecdsabrp256r1", R_EC_BRP256R1},
398     {"ecdsabrp256t1", R_EC_BRP256T1},
399     {"ecdsabrp384r1", R_EC_BRP384R1},
400     {"ecdsabrp384t1", R_EC_BRP384T1},
401     {"ecdsabrp512r1", R_EC_BRP512R1},
402     {"ecdsabrp512t1", R_EC_BRP512T1}
403 };
404 enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
405 /* list of ecdh curves, extension of |ecdsa_choices| list above */
406 static const OPT_PAIR ecdh_choices[EC_NUM] = {
407     {"ecdhp160", R_EC_P160},
408     {"ecdhp192", R_EC_P192},
409     {"ecdhp224", R_EC_P224},
410     {"ecdhp256", R_EC_P256},
411     {"ecdhp384", R_EC_P384},
412     {"ecdhp521", R_EC_P521},
413 #ifndef OPENSSL_NO_EC2M
414     {"ecdhk163", R_EC_K163},
415     {"ecdhk233", R_EC_K233},
416     {"ecdhk283", R_EC_K283},
417     {"ecdhk409", R_EC_K409},
418     {"ecdhk571", R_EC_K571},
419     {"ecdhb163", R_EC_B163},
420     {"ecdhb233", R_EC_B233},
421     {"ecdhb283", R_EC_B283},
422     {"ecdhb409", R_EC_B409},
423     {"ecdhb571", R_EC_B571},
424 #endif
425     {"ecdhbrp256r1", R_EC_BRP256R1},
426     {"ecdhbrp256t1", R_EC_BRP256T1},
427     {"ecdhbrp384r1", R_EC_BRP384R1},
428     {"ecdhbrp384t1", R_EC_BRP384T1},
429     {"ecdhbrp512r1", R_EC_BRP512R1},
430     {"ecdhbrp512t1", R_EC_BRP512T1},
431     {"ecdhx25519", R_EC_X25519},
432     {"ecdhx448", R_EC_X448}
433 };
434 
435 static double ecdh_results[EC_NUM][1];      /* 1 op: derivation */
436 static double ecdsa_results[ECDSA_NUM][2];  /* 2 ops: sign then verify */
437 
438 enum { R_EC_Ed25519, R_EC_Ed448, EdDSA_NUM };
439 static const OPT_PAIR eddsa_choices[EdDSA_NUM] = {
440     {"ed25519", R_EC_Ed25519},
441     {"ed448", R_EC_Ed448}
442 
443 };
444 static double eddsa_results[EdDSA_NUM][2];    /* 2 ops: sign then verify */
445 
446 #ifndef OPENSSL_NO_SM2
447 enum { R_EC_CURVESM2, SM2_NUM };
448 static const OPT_PAIR sm2_choices[SM2_NUM] = {
449     {"curveSM2", R_EC_CURVESM2}
450 };
451 # define SM2_ID        "TLSv1.3+GM+Cipher+Suite"
452 # define SM2_ID_LEN    sizeof("TLSv1.3+GM+Cipher+Suite") - 1
453 static double sm2_results[SM2_NUM][2];    /* 2 ops: sign then verify */
454 #endif /* OPENSSL_NO_SM2 */
455 
456 #define COND(unused_cond) (run && count < INT_MAX)
457 #define COUNT(d) (count)
458 
459 #define TAG_LEN 16
460 
461 static unsigned int mode_op; /* AE Mode of operation */
462 static unsigned int aead = 0; /* AEAD flag */
463 static unsigned char aead_iv[12]; /* For AEAD modes */
464 static unsigned char aad[EVP_AEAD_TLS1_AAD_LEN] = { 0xcc };
465 static int aead_ivlen = sizeof(aead_iv);
466 
467 typedef struct loopargs_st {
468     ASYNC_JOB *inprogress_job;
469     ASYNC_WAIT_CTX *wait_ctx;
470     unsigned char *buf;
471     unsigned char *buf2;
472     unsigned char *buf_malloc;
473     unsigned char *buf2_malloc;
474     unsigned char *key;
475     unsigned char tag[TAG_LEN];
476     size_t buflen;
477     size_t sigsize;
478     EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM];
479     EVP_PKEY_CTX *rsa_verify_ctx[RSA_NUM];
480     EVP_PKEY_CTX *dsa_sign_ctx[DSA_NUM];
481     EVP_PKEY_CTX *dsa_verify_ctx[DSA_NUM];
482     EVP_PKEY_CTX *ecdsa_sign_ctx[ECDSA_NUM];
483     EVP_PKEY_CTX *ecdsa_verify_ctx[ECDSA_NUM];
484     EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
485     EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
486     EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM];
487 #ifndef OPENSSL_NO_SM2
488     EVP_MD_CTX *sm2_ctx[SM2_NUM];
489     EVP_MD_CTX *sm2_vfy_ctx[SM2_NUM];
490     EVP_PKEY *sm2_pkey[SM2_NUM];
491 #endif
492     unsigned char *secret_a;
493     unsigned char *secret_b;
494     size_t outlen[EC_NUM];
495 #ifndef OPENSSL_NO_DH
496     EVP_PKEY_CTX *ffdh_ctx[FFDH_NUM];
497     unsigned char *secret_ff_a;
498     unsigned char *secret_ff_b;
499 #endif
500     EVP_CIPHER_CTX *ctx;
501     EVP_MAC_CTX *mctx;
502 } loopargs_t;
503 static int run_benchmark(int async_jobs, int (*loop_function) (void *),
504                          loopargs_t * loopargs);
505 
506 static unsigned int testnum;
507 
508 /* Nb of iterations to do per algorithm and key-size */
509 static long c[ALGOR_NUM][SIZE_NUM];
510 
511 static char *evp_mac_mdname = "md5";
512 static char *evp_hmac_name = NULL;
513 static const char *evp_md_name = NULL;
514 static char *evp_mac_ciphername = "aes-128-cbc";
515 static char *evp_cmac_name = NULL;
516 
have_md(const char * name)517 static int have_md(const char *name)
518 {
519     int ret = 0;
520     EVP_MD *md = NULL;
521 
522     if (opt_md_silent(name, &md)) {
523         EVP_MD_CTX *ctx = EVP_MD_CTX_new();
524 
525         if (ctx != NULL && EVP_DigestInit(ctx, md) > 0)
526             ret = 1;
527         EVP_MD_CTX_free(ctx);
528         EVP_MD_free(md);
529     }
530     return ret;
531 }
532 
have_cipher(const char * name)533 static int have_cipher(const char *name)
534 {
535     int ret = 0;
536     EVP_CIPHER *cipher = NULL;
537 
538     if (opt_cipher_silent(name, &cipher)) {
539         EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
540 
541         if (ctx != NULL
542             && EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) > 0)
543             ret = 1;
544         EVP_CIPHER_CTX_free(ctx);
545         EVP_CIPHER_free(cipher);
546     }
547     return ret;
548 }
549 
EVP_Digest_loop(const char * mdname,int algindex,void * args)550 static int EVP_Digest_loop(const char *mdname, int algindex, void *args)
551 {
552     loopargs_t *tempargs = *(loopargs_t **) args;
553     unsigned char *buf = tempargs->buf;
554     unsigned char digest[EVP_MAX_MD_SIZE];
555     int count;
556     EVP_MD *md = NULL;
557 
558     if (!opt_md_silent(mdname, &md))
559         return -1;
560     for (count = 0; COND(c[algindex][testnum]); count++) {
561         if (!EVP_Digest(buf, (size_t)lengths[testnum], digest, NULL, md,
562                         NULL)) {
563             count = -1;
564             break;
565         }
566     }
567     EVP_MD_free(md);
568     return count;
569 }
570 
EVP_Digest_md_loop(void * args)571 static int EVP_Digest_md_loop(void *args)
572 {
573     return EVP_Digest_loop(evp_md_name, D_EVP, args);
574 }
575 
EVP_Digest_MD2_loop(void * args)576 static int EVP_Digest_MD2_loop(void *args)
577 {
578     return EVP_Digest_loop("md2", D_MD2, args);
579 }
580 
EVP_Digest_MDC2_loop(void * args)581 static int EVP_Digest_MDC2_loop(void *args)
582 {
583     return EVP_Digest_loop("mdc2", D_MDC2, args);
584 }
585 
EVP_Digest_MD4_loop(void * args)586 static int EVP_Digest_MD4_loop(void *args)
587 {
588     return EVP_Digest_loop("md4", D_MD4, args);
589 }
590 
MD5_loop(void * args)591 static int MD5_loop(void *args)
592 {
593     return EVP_Digest_loop("md5", D_MD5, args);
594 }
595 
EVP_MAC_loop(int algindex,void * args)596 static int EVP_MAC_loop(int algindex, void *args)
597 {
598     loopargs_t *tempargs = *(loopargs_t **) args;
599     unsigned char *buf = tempargs->buf;
600     EVP_MAC_CTX *mctx = tempargs->mctx;
601     unsigned char mac[EVP_MAX_MD_SIZE];
602     int count;
603 
604     for (count = 0; COND(c[algindex][testnum]); count++) {
605         size_t outl;
606 
607         if (!EVP_MAC_init(mctx, NULL, 0, NULL)
608             || !EVP_MAC_update(mctx, buf, lengths[testnum])
609             || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
610             return -1;
611     }
612     return count;
613 }
614 
HMAC_loop(void * args)615 static int HMAC_loop(void *args)
616 {
617     return EVP_MAC_loop(D_HMAC, args);
618 }
619 
CMAC_loop(void * args)620 static int CMAC_loop(void *args)
621 {
622     return EVP_MAC_loop(D_EVP_CMAC, args);
623 }
624 
SHA1_loop(void * args)625 static int SHA1_loop(void *args)
626 {
627     return EVP_Digest_loop("sha1", D_SHA1, args);
628 }
629 
SHA256_loop(void * args)630 static int SHA256_loop(void *args)
631 {
632     return EVP_Digest_loop("sha256", D_SHA256, args);
633 }
634 
SHA512_loop(void * args)635 static int SHA512_loop(void *args)
636 {
637     return EVP_Digest_loop("sha512", D_SHA512, args);
638 }
639 
WHIRLPOOL_loop(void * args)640 static int WHIRLPOOL_loop(void *args)
641 {
642     return EVP_Digest_loop("whirlpool", D_WHIRLPOOL, args);
643 }
644 
EVP_Digest_RMD160_loop(void * args)645 static int EVP_Digest_RMD160_loop(void *args)
646 {
647     return EVP_Digest_loop("ripemd160", D_RMD160, args);
648 }
649 
650 static int algindex;
651 
EVP_Cipher_loop(void * args)652 static int EVP_Cipher_loop(void *args)
653 {
654     loopargs_t *tempargs = *(loopargs_t **) args;
655     unsigned char *buf = tempargs->buf;
656     int count;
657 
658     if (tempargs->ctx == NULL)
659         return -1;
660     for (count = 0; COND(c[algindex][testnum]); count++)
661         if (EVP_Cipher(tempargs->ctx, buf, buf, (size_t)lengths[testnum]) <= 0)
662             return -1;
663     return count;
664 }
665 
GHASH_loop(void * args)666 static int GHASH_loop(void *args)
667 {
668     loopargs_t *tempargs = *(loopargs_t **) args;
669     unsigned char *buf = tempargs->buf;
670     EVP_MAC_CTX *mctx = tempargs->mctx;
671     int count;
672 
673     /* just do the update in the loop to be comparable with 1.1.1 */
674     for (count = 0; COND(c[D_GHASH][testnum]); count++) {
675         if (!EVP_MAC_update(mctx, buf, lengths[testnum]))
676             return -1;
677     }
678     return count;
679 }
680 
681 #define MAX_BLOCK_SIZE 128
682 
683 static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
684 
init_evp_cipher_ctx(const char * ciphername,const unsigned char * key,int keylen)685 static EVP_CIPHER_CTX *init_evp_cipher_ctx(const char *ciphername,
686                                            const unsigned char *key,
687                                            int keylen)
688 {
689     EVP_CIPHER_CTX *ctx = NULL;
690     EVP_CIPHER *cipher = NULL;
691 
692     if (!opt_cipher_silent(ciphername, &cipher))
693         return NULL;
694 
695     if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
696         goto end;
697 
698     if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)) {
699         EVP_CIPHER_CTX_free(ctx);
700         ctx = NULL;
701         goto end;
702     }
703 
704     if (EVP_CIPHER_CTX_set_key_length(ctx, keylen) <= 0) {
705         EVP_CIPHER_CTX_free(ctx);
706         ctx = NULL;
707         goto end;
708     }
709 
710     if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1)) {
711         EVP_CIPHER_CTX_free(ctx);
712         ctx = NULL;
713         goto end;
714     }
715 
716 end:
717     EVP_CIPHER_free(cipher);
718     return ctx;
719 }
720 
RAND_bytes_loop(void * args)721 static int RAND_bytes_loop(void *args)
722 {
723     loopargs_t *tempargs = *(loopargs_t **) args;
724     unsigned char *buf = tempargs->buf;
725     int count;
726 
727     for (count = 0; COND(c[D_RAND][testnum]); count++)
728         RAND_bytes(buf, lengths[testnum]);
729     return count;
730 }
731 
732 static int decrypt = 0;
EVP_Update_loop(void * args)733 static int EVP_Update_loop(void *args)
734 {
735     loopargs_t *tempargs = *(loopargs_t **) args;
736     unsigned char *buf = tempargs->buf;
737     EVP_CIPHER_CTX *ctx = tempargs->ctx;
738     int outl, count, rc;
739 
740     if (decrypt) {
741         for (count = 0; COND(c[D_EVP][testnum]); count++) {
742             rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
743             if (rc != 1) {
744                 /* reset iv in case of counter overflow */
745                 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
746             }
747         }
748     } else {
749         for (count = 0; COND(c[D_EVP][testnum]); count++) {
750             rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
751             if (rc != 1) {
752                 /* reset iv in case of counter overflow */
753                 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
754             }
755         }
756     }
757     if (decrypt)
758         EVP_DecryptFinal_ex(ctx, buf, &outl);
759     else
760         EVP_EncryptFinal_ex(ctx, buf, &outl);
761     return count;
762 }
763 
764 /*
765  * To make AEAD benchmarking more relevant perform TLS-like operations,
766  * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
767  * payload length is not actually limited by 16KB...
768  * CCM does not support streaming. For the purpose of performance measurement,
769  * each message is encrypted using the same (key,iv)-pair. Do not use this
770  * code in your application.
771  */
EVP_Update_loop_aead_enc(void * args)772 static int EVP_Update_loop_aead_enc(void *args)
773 {
774     loopargs_t *tempargs = *(loopargs_t **) args;
775     unsigned char *buf = tempargs->buf;
776     unsigned char *key = tempargs->key;
777     EVP_CIPHER_CTX *ctx = tempargs->ctx;
778     int outl, count, realcount = 0;
779 
780     for (count = 0; COND(c[D_EVP][testnum]); count++) {
781         /* Set length of iv (Doesn't apply to SIV mode) */
782         if (mode_op != EVP_CIPH_SIV_MODE) {
783             if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
784                                      aead_ivlen, NULL)) {
785                 BIO_printf(bio_err, "\nFailed to set iv length\n");
786                 ERR_print_errors(bio_err);
787                 exit(1);
788             }
789         }
790         /* Set tag_len (Not for GCM/SIV at encryption stage) */
791         if (mode_op != EVP_CIPH_GCM_MODE
792             && mode_op != EVP_CIPH_SIV_MODE) {
793             if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
794                                      TAG_LEN, NULL)) {
795                 BIO_printf(bio_err, "\nFailed to set tag length\n");
796                 ERR_print_errors(bio_err);
797                 exit(1);
798             }
799         }
800         if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) {
801             BIO_printf(bio_err, "\nFailed to set key and iv\n");
802             ERR_print_errors(bio_err);
803             exit(1);
804         }
805         /* Set total length of input. Only required for CCM */
806         if (mode_op == EVP_CIPH_CCM_MODE) {
807             if (!EVP_EncryptUpdate(ctx, NULL, &outl,
808                                    NULL, lengths[testnum])) {
809                 BIO_printf(bio_err, "\nCouldn't set input text length\n");
810                 ERR_print_errors(bio_err);
811                 exit(1);
812             }
813         }
814         if (aead) {
815             if (!EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) {
816                 BIO_printf(bio_err, "\nCouldn't insert AAD when encrypting\n");
817                 ERR_print_errors(bio_err);
818                 exit(1);
819             }
820         }
821         if (!EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum])) {
822             BIO_printf(bio_err, "\nFailed to encrypt the data\n");
823             ERR_print_errors(bio_err);
824             exit(1);
825         }
826         if (EVP_EncryptFinal_ex(ctx, buf, &outl))
827             realcount++;
828     }
829     return realcount;
830 }
831 
832 /*
833  * To make AEAD benchmarking more relevant perform TLS-like operations,
834  * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
835  * payload length is not actually limited by 16KB...
836  * CCM does not support streaming. For the purpose of performance measurement,
837  * each message is decrypted using the same (key,iv)-pair. Do not use this
838  * code in your application.
839  * For decryption, we will use buf2 to preserve the input text in buf.
840  */
EVP_Update_loop_aead_dec(void * args)841 static int EVP_Update_loop_aead_dec(void *args)
842 {
843     loopargs_t *tempargs = *(loopargs_t **) args;
844     unsigned char *buf = tempargs->buf;
845     unsigned char *outbuf = tempargs->buf2;
846     unsigned char *key = tempargs->key;
847     unsigned char tag[TAG_LEN];
848     EVP_CIPHER_CTX *ctx = tempargs->ctx;
849     int outl, count, realcount = 0;
850 
851     for (count = 0; COND(c[D_EVP][testnum]); count++) {
852         /* Set the length of iv (Doesn't apply to SIV mode) */
853         if (mode_op != EVP_CIPH_SIV_MODE) {
854             if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
855                                      aead_ivlen, NULL)) {
856                 BIO_printf(bio_err, "\nFailed to set iv length\n");
857                 ERR_print_errors(bio_err);
858                 exit(1);
859             }
860         }
861 
862         /* Set the tag length (Doesn't apply to SIV mode) */
863         if (mode_op != EVP_CIPH_SIV_MODE
864             && mode_op != EVP_CIPH_GCM_MODE) {
865             if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
866                                      TAG_LEN, NULL)) {
867                 BIO_printf(bio_err, "\nFailed to set tag length\n");
868                 ERR_print_errors(bio_err);
869                 exit(1);
870             }
871         }
872         if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) {
873             BIO_printf(bio_err, "\nFailed to set key and iv\n");
874             ERR_print_errors(bio_err);
875             exit(1);
876         }
877         /* Set iv before decryption (Doesn't apply to SIV mode) */
878         if (mode_op != EVP_CIPH_SIV_MODE) {
879             if (!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, aead_iv)) {
880                 BIO_printf(bio_err, "\nFailed to set iv\n");
881                 ERR_print_errors(bio_err);
882                 exit(1);
883             }
884         }
885         memcpy(tag, tempargs->tag, TAG_LEN);
886 
887         if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
888                                  TAG_LEN, tag)) {
889             BIO_printf(bio_err, "\nFailed to set tag\n");
890             ERR_print_errors(bio_err);
891             exit(1);
892         }
893         /* Set the total length of cipher text. Only required for CCM */
894         if (mode_op == EVP_CIPH_CCM_MODE) {
895             if (!EVP_DecryptUpdate(ctx, NULL, &outl,
896                                    NULL, lengths[testnum])) {
897                 BIO_printf(bio_err, "\nCouldn't set cipher text length\n");
898                 ERR_print_errors(bio_err);
899                 exit(1);
900             }
901         }
902         if (aead) {
903             if (!EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) {
904                 BIO_printf(bio_err, "\nCouldn't insert AAD when decrypting\n");
905                 ERR_print_errors(bio_err);
906                 exit(1);
907             }
908         }
909         if (!EVP_DecryptUpdate(ctx, outbuf, &outl, buf, lengths[testnum])) {
910             BIO_printf(bio_err, "\nFailed to decrypt the data\n");
911             ERR_print_errors(bio_err);
912             exit(1);
913         }
914         if (EVP_DecryptFinal_ex(ctx, outbuf, &outl))
915             realcount++;
916     }
917     return realcount;
918 }
919 
920 static long rsa_c[RSA_NUM][2];  /* # RSA iteration test */
921 
RSA_sign_loop(void * args)922 static int RSA_sign_loop(void *args)
923 {
924     loopargs_t *tempargs = *(loopargs_t **) args;
925     unsigned char *buf = tempargs->buf;
926     unsigned char *buf2 = tempargs->buf2;
927     size_t *rsa_num = &tempargs->sigsize;
928     EVP_PKEY_CTX **rsa_sign_ctx = tempargs->rsa_sign_ctx;
929     int ret, count;
930 
931     for (count = 0; COND(rsa_c[testnum][0]); count++) {
932         *rsa_num = tempargs->buflen;
933         ret = EVP_PKEY_sign(rsa_sign_ctx[testnum], buf2, rsa_num, buf, 36);
934         if (ret <= 0) {
935             BIO_printf(bio_err, "RSA sign failure\n");
936             ERR_print_errors(bio_err);
937             count = -1;
938             break;
939         }
940     }
941     return count;
942 }
943 
RSA_verify_loop(void * args)944 static int RSA_verify_loop(void *args)
945 {
946     loopargs_t *tempargs = *(loopargs_t **) args;
947     unsigned char *buf = tempargs->buf;
948     unsigned char *buf2 = tempargs->buf2;
949     size_t rsa_num = tempargs->sigsize;
950     EVP_PKEY_CTX **rsa_verify_ctx = tempargs->rsa_verify_ctx;
951     int ret, count;
952 
953     for (count = 0; COND(rsa_c[testnum][1]); count++) {
954         ret = EVP_PKEY_verify(rsa_verify_ctx[testnum], buf2, rsa_num, buf, 36);
955         if (ret <= 0) {
956             BIO_printf(bio_err, "RSA verify failure\n");
957             ERR_print_errors(bio_err);
958             count = -1;
959             break;
960         }
961     }
962     return count;
963 }
964 
965 #ifndef OPENSSL_NO_DH
966 static long ffdh_c[FFDH_NUM][1];
967 
FFDH_derive_key_loop(void * args)968 static int FFDH_derive_key_loop(void *args)
969 {
970     loopargs_t *tempargs = *(loopargs_t **) args;
971     EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum];
972     unsigned char *derived_secret = tempargs->secret_ff_a;
973     int count;
974 
975     for (count = 0; COND(ffdh_c[testnum][0]); count++) {
976         /* outlen can be overwritten with a too small value (no padding used) */
977         size_t outlen = MAX_FFDH_SIZE;
978 
979         EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen);
980     }
981     return count;
982 }
983 #endif /* OPENSSL_NO_DH */
984 
985 static long dsa_c[DSA_NUM][2];
DSA_sign_loop(void * args)986 static int DSA_sign_loop(void *args)
987 {
988     loopargs_t *tempargs = *(loopargs_t **) args;
989     unsigned char *buf = tempargs->buf;
990     unsigned char *buf2 = tempargs->buf2;
991     size_t *dsa_num = &tempargs->sigsize;
992     EVP_PKEY_CTX **dsa_sign_ctx = tempargs->dsa_sign_ctx;
993     int ret, count;
994 
995     for (count = 0; COND(dsa_c[testnum][0]); count++) {
996         *dsa_num = tempargs->buflen;
997         ret = EVP_PKEY_sign(dsa_sign_ctx[testnum], buf2, dsa_num, buf, 20);
998         if (ret <= 0) {
999             BIO_printf(bio_err, "DSA sign failure\n");
1000             ERR_print_errors(bio_err);
1001             count = -1;
1002             break;
1003         }
1004     }
1005     return count;
1006 }
1007 
DSA_verify_loop(void * args)1008 static int DSA_verify_loop(void *args)
1009 {
1010     loopargs_t *tempargs = *(loopargs_t **) args;
1011     unsigned char *buf = tempargs->buf;
1012     unsigned char *buf2 = tempargs->buf2;
1013     size_t dsa_num = tempargs->sigsize;
1014     EVP_PKEY_CTX **dsa_verify_ctx = tempargs->dsa_verify_ctx;
1015     int ret, count;
1016 
1017     for (count = 0; COND(dsa_c[testnum][1]); count++) {
1018         ret = EVP_PKEY_verify(dsa_verify_ctx[testnum], buf2, dsa_num, buf, 20);
1019         if (ret <= 0) {
1020             BIO_printf(bio_err, "DSA verify failure\n");
1021             ERR_print_errors(bio_err);
1022             count = -1;
1023             break;
1024         }
1025     }
1026     return count;
1027 }
1028 
1029 static long ecdsa_c[ECDSA_NUM][2];
ECDSA_sign_loop(void * args)1030 static int ECDSA_sign_loop(void *args)
1031 {
1032     loopargs_t *tempargs = *(loopargs_t **) args;
1033     unsigned char *buf = tempargs->buf;
1034     unsigned char *buf2 = tempargs->buf2;
1035     size_t *ecdsa_num = &tempargs->sigsize;
1036     EVP_PKEY_CTX **ecdsa_sign_ctx = tempargs->ecdsa_sign_ctx;
1037     int ret, count;
1038 
1039     for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
1040         *ecdsa_num = tempargs->buflen;
1041         ret = EVP_PKEY_sign(ecdsa_sign_ctx[testnum], buf2, ecdsa_num, buf, 20);
1042         if (ret <= 0) {
1043             BIO_printf(bio_err, "ECDSA sign failure\n");
1044             ERR_print_errors(bio_err);
1045             count = -1;
1046             break;
1047         }
1048     }
1049     return count;
1050 }
1051 
ECDSA_verify_loop(void * args)1052 static int ECDSA_verify_loop(void *args)
1053 {
1054     loopargs_t *tempargs = *(loopargs_t **) args;
1055     unsigned char *buf = tempargs->buf;
1056     unsigned char *buf2 = tempargs->buf2;
1057     size_t ecdsa_num = tempargs->sigsize;
1058     EVP_PKEY_CTX **ecdsa_verify_ctx = tempargs->ecdsa_verify_ctx;
1059     int ret, count;
1060 
1061     for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
1062         ret = EVP_PKEY_verify(ecdsa_verify_ctx[testnum], buf2, ecdsa_num,
1063                               buf, 20);
1064         if (ret <= 0) {
1065             BIO_printf(bio_err, "ECDSA verify failure\n");
1066             ERR_print_errors(bio_err);
1067             count = -1;
1068             break;
1069         }
1070     }
1071     return count;
1072 }
1073 
1074 /* ******************************************************************** */
1075 static long ecdh_c[EC_NUM][1];
1076 
ECDH_EVP_derive_key_loop(void * args)1077 static int ECDH_EVP_derive_key_loop(void *args)
1078 {
1079     loopargs_t *tempargs = *(loopargs_t **) args;
1080     EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum];
1081     unsigned char *derived_secret = tempargs->secret_a;
1082     int count;
1083     size_t *outlen = &(tempargs->outlen[testnum]);
1084 
1085     for (count = 0; COND(ecdh_c[testnum][0]); count++)
1086         EVP_PKEY_derive(ctx, derived_secret, outlen);
1087 
1088     return count;
1089 }
1090 
1091 static long eddsa_c[EdDSA_NUM][2];
EdDSA_sign_loop(void * args)1092 static int EdDSA_sign_loop(void *args)
1093 {
1094     loopargs_t *tempargs = *(loopargs_t **) args;
1095     unsigned char *buf = tempargs->buf;
1096     EVP_MD_CTX **edctx = tempargs->eddsa_ctx;
1097     unsigned char *eddsasig = tempargs->buf2;
1098     size_t *eddsasigsize = &tempargs->sigsize;
1099     int ret, count;
1100 
1101     for (count = 0; COND(eddsa_c[testnum][0]); count++) {
1102         ret = EVP_DigestSignInit(edctx[testnum], NULL, NULL, NULL, NULL);
1103         if (ret == 0) {
1104             BIO_printf(bio_err, "EdDSA sign init failure\n");
1105             ERR_print_errors(bio_err);
1106             count = -1;
1107             break;
1108         }
1109         ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
1110         if (ret == 0) {
1111             BIO_printf(bio_err, "EdDSA sign failure\n");
1112             ERR_print_errors(bio_err);
1113             count = -1;
1114             break;
1115         }
1116     }
1117     return count;
1118 }
1119 
EdDSA_verify_loop(void * args)1120 static int EdDSA_verify_loop(void *args)
1121 {
1122     loopargs_t *tempargs = *(loopargs_t **) args;
1123     unsigned char *buf = tempargs->buf;
1124     EVP_MD_CTX **edctx = tempargs->eddsa_ctx2;
1125     unsigned char *eddsasig = tempargs->buf2;
1126     size_t eddsasigsize = tempargs->sigsize;
1127     int ret, count;
1128 
1129     for (count = 0; COND(eddsa_c[testnum][1]); count++) {
1130         ret = EVP_DigestVerifyInit(edctx[testnum], NULL, NULL, NULL, NULL);
1131         if (ret == 0) {
1132             BIO_printf(bio_err, "EdDSA verify init failure\n");
1133             ERR_print_errors(bio_err);
1134             count = -1;
1135             break;
1136         }
1137         ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
1138         if (ret != 1) {
1139             BIO_printf(bio_err, "EdDSA verify failure\n");
1140             ERR_print_errors(bio_err);
1141             count = -1;
1142             break;
1143         }
1144     }
1145     return count;
1146 }
1147 
1148 #ifndef OPENSSL_NO_SM2
1149 static long sm2_c[SM2_NUM][2];
SM2_sign_loop(void * args)1150 static int SM2_sign_loop(void *args)
1151 {
1152     loopargs_t *tempargs = *(loopargs_t **) args;
1153     unsigned char *buf = tempargs->buf;
1154     EVP_MD_CTX **sm2ctx = tempargs->sm2_ctx;
1155     unsigned char *sm2sig = tempargs->buf2;
1156     size_t sm2sigsize;
1157     int ret, count;
1158     EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
1159     const size_t max_size = EVP_PKEY_get_size(sm2_pkey[testnum]);
1160 
1161     for (count = 0; COND(sm2_c[testnum][0]); count++) {
1162         sm2sigsize = max_size;
1163 
1164         if (!EVP_DigestSignInit(sm2ctx[testnum], NULL, EVP_sm3(),
1165                                 NULL, sm2_pkey[testnum])) {
1166             BIO_printf(bio_err, "SM2 init sign failure\n");
1167             ERR_print_errors(bio_err);
1168             count = -1;
1169             break;
1170         }
1171         ret = EVP_DigestSign(sm2ctx[testnum], sm2sig, &sm2sigsize,
1172                              buf, 20);
1173         if (ret == 0) {
1174             BIO_printf(bio_err, "SM2 sign failure\n");
1175             ERR_print_errors(bio_err);
1176             count = -1;
1177             break;
1178         }
1179         /* update the latest returned size and always use the fixed buffer size */
1180         tempargs->sigsize = sm2sigsize;
1181     }
1182 
1183     return count;
1184 }
1185 
SM2_verify_loop(void * args)1186 static int SM2_verify_loop(void *args)
1187 {
1188     loopargs_t *tempargs = *(loopargs_t **) args;
1189     unsigned char *buf = tempargs->buf;
1190     EVP_MD_CTX **sm2ctx = tempargs->sm2_vfy_ctx;
1191     unsigned char *sm2sig = tempargs->buf2;
1192     size_t sm2sigsize = tempargs->sigsize;
1193     int ret, count;
1194     EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
1195 
1196     for (count = 0; COND(sm2_c[testnum][1]); count++) {
1197         if (!EVP_DigestVerifyInit(sm2ctx[testnum], NULL, EVP_sm3(),
1198                                   NULL, sm2_pkey[testnum])) {
1199             BIO_printf(bio_err, "SM2 verify init failure\n");
1200             ERR_print_errors(bio_err);
1201             count = -1;
1202             break;
1203         }
1204         ret = EVP_DigestVerify(sm2ctx[testnum], sm2sig, sm2sigsize,
1205                                buf, 20);
1206         if (ret != 1) {
1207             BIO_printf(bio_err, "SM2 verify failure\n");
1208             ERR_print_errors(bio_err);
1209             count = -1;
1210             break;
1211         }
1212     }
1213     return count;
1214 }
1215 #endif                         /* OPENSSL_NO_SM2 */
1216 
run_benchmark(int async_jobs,int (* loop_function)(void *),loopargs_t * loopargs)1217 static int run_benchmark(int async_jobs,
1218                          int (*loop_function) (void *), loopargs_t * loopargs)
1219 {
1220     int job_op_count = 0;
1221     int total_op_count = 0;
1222     int num_inprogress = 0;
1223     int error = 0, i = 0, ret = 0;
1224     OSSL_ASYNC_FD job_fd = 0;
1225     size_t num_job_fds = 0;
1226 
1227     if (async_jobs == 0) {
1228         return loop_function((void *)&loopargs);
1229     }
1230 
1231     for (i = 0; i < async_jobs && !error; i++) {
1232         loopargs_t *looparg_item = loopargs + i;
1233 
1234         /* Copy pointer content (looparg_t item address) into async context */
1235         ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
1236                               &job_op_count, loop_function,
1237                               (void *)&looparg_item, sizeof(looparg_item));
1238         switch (ret) {
1239         case ASYNC_PAUSE:
1240             ++num_inprogress;
1241             break;
1242         case ASYNC_FINISH:
1243             if (job_op_count == -1) {
1244                 error = 1;
1245             } else {
1246                 total_op_count += job_op_count;
1247             }
1248             break;
1249         case ASYNC_NO_JOBS:
1250         case ASYNC_ERR:
1251             BIO_printf(bio_err, "Failure in the job\n");
1252             ERR_print_errors(bio_err);
1253             error = 1;
1254             break;
1255         }
1256     }
1257 
1258     while (num_inprogress > 0) {
1259 #if defined(OPENSSL_SYS_WINDOWS)
1260         DWORD avail = 0;
1261 #elif defined(OPENSSL_SYS_UNIX)
1262         int select_result = 0;
1263         OSSL_ASYNC_FD max_fd = 0;
1264         fd_set waitfdset;
1265 
1266         FD_ZERO(&waitfdset);
1267 
1268         for (i = 0; i < async_jobs && num_inprogress > 0; i++) {
1269             if (loopargs[i].inprogress_job == NULL)
1270                 continue;
1271 
1272             if (!ASYNC_WAIT_CTX_get_all_fds
1273                 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1274                 || num_job_fds > 1) {
1275                 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1276                 ERR_print_errors(bio_err);
1277                 error = 1;
1278                 break;
1279             }
1280             ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1281                                        &num_job_fds);
1282             FD_SET(job_fd, &waitfdset);
1283             if (job_fd > max_fd)
1284                 max_fd = job_fd;
1285         }
1286 
1287         if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
1288             BIO_printf(bio_err,
1289                        "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
1290                        "Decrease the value of async_jobs\n",
1291                        max_fd, FD_SETSIZE);
1292             ERR_print_errors(bio_err);
1293             error = 1;
1294             break;
1295         }
1296 
1297         select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL);
1298         if (select_result == -1 && errno == EINTR)
1299             continue;
1300 
1301         if (select_result == -1) {
1302             BIO_printf(bio_err, "Failure in the select\n");
1303             ERR_print_errors(bio_err);
1304             error = 1;
1305             break;
1306         }
1307 
1308         if (select_result == 0)
1309             continue;
1310 #endif
1311 
1312         for (i = 0; i < async_jobs; i++) {
1313             if (loopargs[i].inprogress_job == NULL)
1314                 continue;
1315 
1316             if (!ASYNC_WAIT_CTX_get_all_fds
1317                 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1318                 || num_job_fds > 1) {
1319                 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1320                 ERR_print_errors(bio_err);
1321                 error = 1;
1322                 break;
1323             }
1324             ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1325                                        &num_job_fds);
1326 
1327 #if defined(OPENSSL_SYS_UNIX)
1328             if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
1329                 continue;
1330 #elif defined(OPENSSL_SYS_WINDOWS)
1331             if (num_job_fds == 1
1332                 && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
1333                 && avail > 0)
1334                 continue;
1335 #endif
1336 
1337             ret = ASYNC_start_job(&loopargs[i].inprogress_job,
1338                                   loopargs[i].wait_ctx, &job_op_count,
1339                                   loop_function, (void *)(loopargs + i),
1340                                   sizeof(loopargs_t));
1341             switch (ret) {
1342             case ASYNC_PAUSE:
1343                 break;
1344             case ASYNC_FINISH:
1345                 if (job_op_count == -1) {
1346                     error = 1;
1347                 } else {
1348                     total_op_count += job_op_count;
1349                 }
1350                 --num_inprogress;
1351                 loopargs[i].inprogress_job = NULL;
1352                 break;
1353             case ASYNC_NO_JOBS:
1354             case ASYNC_ERR:
1355                 --num_inprogress;
1356                 loopargs[i].inprogress_job = NULL;
1357                 BIO_printf(bio_err, "Failure in the job\n");
1358                 ERR_print_errors(bio_err);
1359                 error = 1;
1360                 break;
1361             }
1362         }
1363     }
1364 
1365     return error ? -1 : total_op_count;
1366 }
1367 
1368 typedef struct ec_curve_st {
1369     const char *name;
1370     unsigned int nid;
1371     unsigned int bits;
1372     size_t sigsize; /* only used for EdDSA curves */
1373 } EC_CURVE;
1374 
get_ecdsa(const EC_CURVE * curve)1375 static EVP_PKEY *get_ecdsa(const EC_CURVE *curve)
1376 {
1377     EVP_PKEY_CTX *kctx = NULL;
1378     EVP_PKEY *key = NULL;
1379 
1380     /* Ensure that the error queue is empty */
1381     if (ERR_peek_error()) {
1382         BIO_printf(bio_err,
1383                    "WARNING: the error queue contains previous unhandled errors.\n");
1384         ERR_print_errors(bio_err);
1385     }
1386 
1387     /*
1388      * Let's try to create a ctx directly from the NID: this works for
1389      * curves like Curve25519 that are not implemented through the low
1390      * level EC interface.
1391      * If this fails we try creating a EVP_PKEY_EC generic param ctx,
1392      * then we set the curve by NID before deriving the actual keygen
1393      * ctx for that specific curve.
1394      */
1395     kctx = EVP_PKEY_CTX_new_id(curve->nid, NULL);
1396     if (kctx == NULL) {
1397         EVP_PKEY_CTX *pctx = NULL;
1398         EVP_PKEY *params = NULL;
1399         /*
1400          * If we reach this code EVP_PKEY_CTX_new_id() failed and a
1401          * "int_ctx_new:unsupported algorithm" error was added to the
1402          * error queue.
1403          * We remove it from the error queue as we are handling it.
1404          */
1405         unsigned long error = ERR_peek_error();
1406 
1407         if (error == ERR_peek_last_error() /* oldest and latest errors match */
1408             /* check that the error origin matches */
1409             && ERR_GET_LIB(error) == ERR_LIB_EVP
1410             && (ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM
1411                 || ERR_GET_REASON(error) == ERR_R_UNSUPPORTED))
1412             ERR_get_error(); /* pop error from queue */
1413         if (ERR_peek_error()) {
1414             BIO_printf(bio_err,
1415                        "Unhandled error in the error queue during EC key setup.\n");
1416             ERR_print_errors(bio_err);
1417             return NULL;
1418         }
1419 
1420         /* Create the context for parameter generation */
1421         if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL
1422             || EVP_PKEY_paramgen_init(pctx) <= 0
1423             || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1424                                                       curve->nid) <= 0
1425             || EVP_PKEY_paramgen(pctx, &params) <= 0) {
1426             BIO_printf(bio_err, "EC params init failure.\n");
1427             ERR_print_errors(bio_err);
1428             EVP_PKEY_CTX_free(pctx);
1429             return NULL;
1430         }
1431         EVP_PKEY_CTX_free(pctx);
1432 
1433         /* Create the context for the key generation */
1434         kctx = EVP_PKEY_CTX_new(params, NULL);
1435         EVP_PKEY_free(params);
1436     }
1437     if (kctx == NULL
1438         || EVP_PKEY_keygen_init(kctx) <= 0
1439         || EVP_PKEY_keygen(kctx, &key) <= 0) {
1440         BIO_printf(bio_err, "EC key generation failure.\n");
1441         ERR_print_errors(bio_err);
1442         key = NULL;
1443     }
1444     EVP_PKEY_CTX_free(kctx);
1445     return key;
1446 }
1447 
1448 #define stop_it(do_it, test_num)\
1449     memset(do_it + test_num, 0, OSSL_NELEM(do_it) - test_num);
1450 
speed_main(int argc,char ** argv)1451 int speed_main(int argc, char **argv)
1452 {
1453     ENGINE *e = NULL;
1454     loopargs_t *loopargs = NULL;
1455     const char *prog;
1456     const char *engine_id = NULL;
1457     EVP_CIPHER *evp_cipher = NULL;
1458     EVP_MAC *mac = NULL;
1459     double d = 0.0;
1460     OPTION_CHOICE o;
1461     int async_init = 0, multiblock = 0, pr_header = 0;
1462     uint8_t doit[ALGOR_NUM] = { 0 };
1463     int ret = 1, misalign = 0, lengths_single = 0;
1464     long count = 0;
1465     unsigned int size_num = SIZE_NUM;
1466     unsigned int i, k, loopargs_len = 0, async_jobs = 0;
1467     int keylen = 0;
1468     int buflen;
1469     BIGNUM *bn = NULL;
1470     EVP_PKEY_CTX *genctx = NULL;
1471 #ifndef NO_FORK
1472     int multi = 0;
1473 #endif
1474     long op_count = 1;
1475     openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
1476                                     ECDSA_SECONDS, ECDH_SECONDS,
1477                                     EdDSA_SECONDS, SM2_SECONDS,
1478                                     FFDH_SECONDS };
1479 
1480     static const unsigned char key32[32] = {
1481         0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1482         0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1483         0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
1484         0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
1485     };
1486     static const unsigned char deskey[] = {
1487         0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, /* key1 */
1488         0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, /* key2 */
1489         0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34  /* key3 */
1490     };
1491     static const struct {
1492         const unsigned char *data;
1493         unsigned int length;
1494         unsigned int bits;
1495     } rsa_keys[] = {
1496         {   test512,   sizeof(test512),   512 },
1497         {  test1024,  sizeof(test1024),  1024 },
1498         {  test2048,  sizeof(test2048),  2048 },
1499         {  test3072,  sizeof(test3072),  3072 },
1500         {  test4096,  sizeof(test4096),  4096 },
1501         {  test7680,  sizeof(test7680),  7680 },
1502         { test15360, sizeof(test15360), 15360 }
1503     };
1504     uint8_t rsa_doit[RSA_NUM] = { 0 };
1505     int primes = RSA_DEFAULT_PRIME_NUM;
1506 #ifndef OPENSSL_NO_DH
1507     typedef struct ffdh_params_st {
1508         const char *name;
1509         unsigned int nid;
1510         unsigned int bits;
1511     } FFDH_PARAMS;
1512 
1513     static const FFDH_PARAMS ffdh_params[FFDH_NUM] = {
1514         {"ffdh2048", NID_ffdhe2048, 2048},
1515         {"ffdh3072", NID_ffdhe3072, 3072},
1516         {"ffdh4096", NID_ffdhe4096, 4096},
1517         {"ffdh6144", NID_ffdhe6144, 6144},
1518         {"ffdh8192", NID_ffdhe8192, 8192}
1519     };
1520     uint8_t ffdh_doit[FFDH_NUM] = { 0 };
1521 
1522 #endif /* OPENSSL_NO_DH */
1523     static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
1524     uint8_t dsa_doit[DSA_NUM] = { 0 };
1525     /*
1526      * We only test over the following curves as they are representative, To
1527      * add tests over more curves, simply add the curve NID and curve name to
1528      * the following arrays and increase the |ecdh_choices| and |ecdsa_choices|
1529      * lists accordingly.
1530      */
1531     static const EC_CURVE ec_curves[EC_NUM] = {
1532         /* Prime Curves */
1533         {"secp160r1", NID_secp160r1, 160},
1534         {"nistp192", NID_X9_62_prime192v1, 192},
1535         {"nistp224", NID_secp224r1, 224},
1536         {"nistp256", NID_X9_62_prime256v1, 256},
1537         {"nistp384", NID_secp384r1, 384},
1538         {"nistp521", NID_secp521r1, 521},
1539 #ifndef OPENSSL_NO_EC2M
1540         /* Binary Curves */
1541         {"nistk163", NID_sect163k1, 163},
1542         {"nistk233", NID_sect233k1, 233},
1543         {"nistk283", NID_sect283k1, 283},
1544         {"nistk409", NID_sect409k1, 409},
1545         {"nistk571", NID_sect571k1, 571},
1546         {"nistb163", NID_sect163r2, 163},
1547         {"nistb233", NID_sect233r1, 233},
1548         {"nistb283", NID_sect283r1, 283},
1549         {"nistb409", NID_sect409r1, 409},
1550         {"nistb571", NID_sect571r1, 571},
1551 #endif
1552         {"brainpoolP256r1", NID_brainpoolP256r1, 256},
1553         {"brainpoolP256t1", NID_brainpoolP256t1, 256},
1554         {"brainpoolP384r1", NID_brainpoolP384r1, 384},
1555         {"brainpoolP384t1", NID_brainpoolP384t1, 384},
1556         {"brainpoolP512r1", NID_brainpoolP512r1, 512},
1557         {"brainpoolP512t1", NID_brainpoolP512t1, 512},
1558         /* Other and ECDH only ones */
1559         {"X25519", NID_X25519, 253},
1560         {"X448", NID_X448, 448}
1561     };
1562     static const EC_CURVE ed_curves[EdDSA_NUM] = {
1563         /* EdDSA */
1564         {"Ed25519", NID_ED25519, 253, 64},
1565         {"Ed448", NID_ED448, 456, 114}
1566     };
1567 #ifndef OPENSSL_NO_SM2
1568     static const EC_CURVE sm2_curves[SM2_NUM] = {
1569         /* SM2 */
1570         {"CurveSM2", NID_sm2, 256}
1571     };
1572     uint8_t sm2_doit[SM2_NUM] = { 0 };
1573 #endif
1574     uint8_t ecdsa_doit[ECDSA_NUM] = { 0 };
1575     uint8_t ecdh_doit[EC_NUM] = { 0 };
1576     uint8_t eddsa_doit[EdDSA_NUM] = { 0 };
1577 
1578     /* checks declarated curves against choices list. */
1579     OPENSSL_assert(ed_curves[EdDSA_NUM - 1].nid == NID_ED448);
1580     OPENSSL_assert(strcmp(eddsa_choices[EdDSA_NUM - 1].name, "ed448") == 0);
1581 
1582     OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448);
1583     OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0);
1584 
1585     OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1);
1586     OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0);
1587 
1588 #ifndef OPENSSL_NO_SM2
1589     OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);
1590     OPENSSL_assert(strcmp(sm2_choices[SM2_NUM - 1].name, "curveSM2") == 0);
1591 #endif
1592 
1593     prog = opt_init(argc, argv, speed_options);
1594     while ((o = opt_next()) != OPT_EOF) {
1595         switch (o) {
1596         case OPT_EOF:
1597         case OPT_ERR:
1598  opterr:
1599             BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
1600             goto end;
1601         case OPT_HELP:
1602             opt_help(speed_options);
1603             ret = 0;
1604             goto end;
1605         case OPT_ELAPSED:
1606             usertime = 0;
1607             break;
1608         case OPT_EVP:
1609             if (doit[D_EVP]) {
1610                 BIO_printf(bio_err, "%s: -evp option cannot be used more than once\n", prog);
1611                 goto opterr;
1612             }
1613             ERR_set_mark();
1614             if (!opt_cipher_silent(opt_arg(), &evp_cipher)) {
1615                 if (have_md(opt_arg()))
1616                     evp_md_name = opt_arg();
1617             }
1618             if (evp_cipher == NULL && evp_md_name == NULL) {
1619                 ERR_clear_last_mark();
1620                 BIO_printf(bio_err,
1621                            "%s: %s is an unknown cipher or digest\n",
1622                            prog, opt_arg());
1623                 goto end;
1624             }
1625             ERR_pop_to_mark();
1626             doit[D_EVP] = 1;
1627             break;
1628         case OPT_HMAC:
1629             if (!have_md(opt_arg())) {
1630                 BIO_printf(bio_err, "%s: %s is an unknown digest\n",
1631                            prog, opt_arg());
1632                 goto end;
1633             }
1634             evp_mac_mdname = opt_arg();
1635             doit[D_HMAC] = 1;
1636             break;
1637         case OPT_CMAC:
1638             if (!have_cipher(opt_arg())) {
1639                 BIO_printf(bio_err, "%s: %s is an unknown cipher\n",
1640                            prog, opt_arg());
1641                 goto end;
1642             }
1643             evp_mac_ciphername = opt_arg();
1644             doit[D_EVP_CMAC] = 1;
1645             break;
1646         case OPT_DECRYPT:
1647             decrypt = 1;
1648             break;
1649         case OPT_ENGINE:
1650             /*
1651              * In a forked execution, an engine might need to be
1652              * initialised by each child process, not by the parent.
1653              * So store the name here and run setup_engine() later on.
1654              */
1655             engine_id = opt_arg();
1656             break;
1657         case OPT_MULTI:
1658 #ifndef NO_FORK
1659             multi = atoi(opt_arg());
1660             if ((size_t)multi >= SIZE_MAX / sizeof(int)) {
1661                 BIO_printf(bio_err, "%s: multi argument too large\n", prog);
1662                 return 0;
1663             }
1664 #endif
1665             break;
1666         case OPT_ASYNCJOBS:
1667 #ifndef OPENSSL_NO_ASYNC
1668             async_jobs = atoi(opt_arg());
1669             if (!ASYNC_is_capable()) {
1670                 BIO_printf(bio_err,
1671                            "%s: async_jobs specified but async not supported\n",
1672                            prog);
1673                 goto opterr;
1674             }
1675             if (async_jobs > 99999) {
1676                 BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
1677                 goto opterr;
1678             }
1679 #endif
1680             break;
1681         case OPT_MISALIGN:
1682             misalign = opt_int_arg();
1683             if (misalign > MISALIGN) {
1684                 BIO_printf(bio_err,
1685                            "%s: Maximum offset is %d\n", prog, MISALIGN);
1686                 goto opterr;
1687             }
1688             break;
1689         case OPT_MR:
1690             mr = 1;
1691             break;
1692         case OPT_MB:
1693             multiblock = 1;
1694 #ifdef OPENSSL_NO_MULTIBLOCK
1695             BIO_printf(bio_err,
1696                        "%s: -mb specified but multi-block support is disabled\n",
1697                        prog);
1698             goto end;
1699 #endif
1700             break;
1701         case OPT_R_CASES:
1702             if (!opt_rand(o))
1703                 goto end;
1704             break;
1705         case OPT_PROV_CASES:
1706             if (!opt_provider(o))
1707                 goto end;
1708             break;
1709         case OPT_PRIMES:
1710             primes = opt_int_arg();
1711             break;
1712         case OPT_SECONDS:
1713             seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
1714                         = seconds.ecdh = seconds.eddsa
1715                         = seconds.sm2 = seconds.ffdh = atoi(opt_arg());
1716             break;
1717         case OPT_BYTES:
1718             lengths_single = atoi(opt_arg());
1719             lengths = &lengths_single;
1720             size_num = 1;
1721             break;
1722         case OPT_AEAD:
1723             aead = 1;
1724             break;
1725         }
1726     }
1727 
1728     /* Remaining arguments are algorithms. */
1729     argc = opt_num_rest();
1730     argv = opt_rest();
1731 
1732     if (!app_RAND_load())
1733         goto end;
1734 
1735     for (; *argv; argv++) {
1736         const char *algo = *argv;
1737 
1738         if (opt_found(algo, doit_choices, &i)) {
1739             doit[i] = 1;
1740             continue;
1741         }
1742         if (strcmp(algo, "des") == 0) {
1743             doit[D_CBC_DES] = doit[D_EDE3_DES] = 1;
1744             continue;
1745         }
1746         if (strcmp(algo, "sha") == 0) {
1747             doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
1748             continue;
1749         }
1750 #ifndef OPENSSL_NO_DEPRECATED_3_0
1751         if (strcmp(algo, "openssl") == 0) /* just for compatibility */
1752             continue;
1753 #endif
1754         if (strncmp(algo, "rsa", 3) == 0) {
1755             if (algo[3] == '\0') {
1756                 memset(rsa_doit, 1, sizeof(rsa_doit));
1757                 continue;
1758             }
1759             if (opt_found(algo, rsa_choices, &i)) {
1760                 rsa_doit[i] = 1;
1761                 continue;
1762             }
1763         }
1764 #ifndef OPENSSL_NO_DH
1765         if (strncmp(algo, "ffdh", 4) == 0) {
1766             if (algo[4] == '\0') {
1767                 memset(ffdh_doit, 1, sizeof(ffdh_doit));
1768                 continue;
1769             }
1770             if (opt_found(algo, ffdh_choices, &i)) {
1771                 ffdh_doit[i] = 2;
1772                 continue;
1773             }
1774         }
1775 #endif
1776         if (strncmp(algo, "dsa", 3) == 0) {
1777             if (algo[3] == '\0') {
1778                 memset(dsa_doit, 1, sizeof(dsa_doit));
1779                 continue;
1780             }
1781             if (opt_found(algo, dsa_choices, &i)) {
1782                 dsa_doit[i] = 2;
1783                 continue;
1784             }
1785         }
1786         if (strcmp(algo, "aes") == 0) {
1787             doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1;
1788             continue;
1789         }
1790         if (strcmp(algo, "camellia") == 0) {
1791             doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
1792             continue;
1793         }
1794         if (strncmp(algo, "ecdsa", 5) == 0) {
1795             if (algo[5] == '\0') {
1796                 memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
1797                 continue;
1798             }
1799             if (opt_found(algo, ecdsa_choices, &i)) {
1800                 ecdsa_doit[i] = 2;
1801                 continue;
1802             }
1803         }
1804         if (strncmp(algo, "ecdh", 4) == 0) {
1805             if (algo[4] == '\0') {
1806                 memset(ecdh_doit, 1, sizeof(ecdh_doit));
1807                 continue;
1808             }
1809             if (opt_found(algo, ecdh_choices, &i)) {
1810                 ecdh_doit[i] = 2;
1811                 continue;
1812             }
1813         }
1814         if (strcmp(algo, "eddsa") == 0) {
1815             memset(eddsa_doit, 1, sizeof(eddsa_doit));
1816             continue;
1817         }
1818         if (opt_found(algo, eddsa_choices, &i)) {
1819             eddsa_doit[i] = 2;
1820             continue;
1821         }
1822 #ifndef OPENSSL_NO_SM2
1823         if (strcmp(algo, "sm2") == 0) {
1824             memset(sm2_doit, 1, sizeof(sm2_doit));
1825             continue;
1826         }
1827         if (opt_found(algo, sm2_choices, &i)) {
1828             sm2_doit[i] = 2;
1829             continue;
1830         }
1831 #endif
1832         BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, algo);
1833         goto end;
1834     }
1835 
1836     /* Sanity checks */
1837     if (aead) {
1838         if (evp_cipher == NULL) {
1839             BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
1840             goto end;
1841         } else if (!(EVP_CIPHER_get_flags(evp_cipher) &
1842                      EVP_CIPH_FLAG_AEAD_CIPHER)) {
1843             BIO_printf(bio_err, "%s is not an AEAD cipher\n",
1844                        EVP_CIPHER_get0_name(evp_cipher));
1845             goto end;
1846         }
1847     }
1848     if (multiblock) {
1849         if (evp_cipher == NULL) {
1850             BIO_printf(bio_err, "-mb can be used only with a multi-block"
1851                                 " capable cipher\n");
1852             goto end;
1853         } else if (!(EVP_CIPHER_get_flags(evp_cipher) &
1854                      EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
1855             BIO_printf(bio_err, "%s is not a multi-block capable\n",
1856                        EVP_CIPHER_get0_name(evp_cipher));
1857             goto end;
1858         } else if (async_jobs > 0) {
1859             BIO_printf(bio_err, "Async mode is not supported with -mb");
1860             goto end;
1861         }
1862     }
1863 
1864     /* Initialize the job pool if async mode is enabled */
1865     if (async_jobs > 0) {
1866         async_init = ASYNC_init_thread(async_jobs, async_jobs);
1867         if (!async_init) {
1868             BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
1869             goto end;
1870         }
1871     }
1872 
1873     loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
1874     loopargs =
1875         app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
1876     memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
1877 
1878     for (i = 0; i < loopargs_len; i++) {
1879         if (async_jobs > 0) {
1880             loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new();
1881             if (loopargs[i].wait_ctx == NULL) {
1882                 BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n");
1883                 goto end;
1884             }
1885         }
1886 
1887         buflen = lengths[size_num - 1];
1888         if (buflen < 36)    /* size of random vector in RSA benchmark */
1889             buflen = 36;
1890         if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) {
1891             BIO_printf(bio_err, "Error: buffer size too large\n");
1892             goto end;
1893         }
1894         buflen += MAX_MISALIGNMENT + 1;
1895         loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
1896         loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
1897         memset(loopargs[i].buf_malloc, 0, buflen);
1898         memset(loopargs[i].buf2_malloc, 0, buflen);
1899 
1900         /* Align the start of buffers on a 64 byte boundary */
1901         loopargs[i].buf = loopargs[i].buf_malloc + misalign;
1902         loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
1903         loopargs[i].buflen = buflen - misalign;
1904         loopargs[i].sigsize = buflen - misalign;
1905         loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
1906         loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
1907 #ifndef OPENSSL_NO_DH
1908         loopargs[i].secret_ff_a = app_malloc(MAX_FFDH_SIZE, "FFDH secret a");
1909         loopargs[i].secret_ff_b = app_malloc(MAX_FFDH_SIZE, "FFDH secret b");
1910 #endif
1911     }
1912 
1913 #ifndef NO_FORK
1914     if (multi && do_multi(multi, size_num))
1915         goto show_res;
1916 #endif
1917 
1918     /* Initialize the engine after the fork */
1919     e = setup_engine(engine_id, 0);
1920 
1921     /* No parameters; turn on everything. */
1922     if (argc == 0 && !doit[D_EVP] && !doit[D_HMAC] && !doit[D_EVP_CMAC]) {
1923         memset(doit, 1, sizeof(doit));
1924         doit[D_EVP] = doit[D_EVP_CMAC] = 0;
1925         ERR_set_mark();
1926         for (i = D_MD2; i <= D_WHIRLPOOL; i++) {
1927             if (!have_md(names[i]))
1928                 doit[i] = 0;
1929         }
1930         for (i = D_CBC_DES; i <= D_CBC_256_CML; i++) {
1931             if (!have_cipher(names[i]))
1932                 doit[i] = 0;
1933         }
1934         if ((mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC",
1935                                  app_get0_propq())) != NULL) {
1936             EVP_MAC_free(mac);
1937             mac = NULL;
1938         } else {
1939             doit[D_GHASH] = 0;
1940         }
1941         if ((mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC",
1942                                  app_get0_propq())) != NULL) {
1943             EVP_MAC_free(mac);
1944             mac = NULL;
1945         } else {
1946             doit[D_HMAC] = 0;
1947         }
1948         ERR_pop_to_mark();
1949         memset(rsa_doit, 1, sizeof(rsa_doit));
1950 #ifndef OPENSSL_NO_DH
1951         memset(ffdh_doit, 1, sizeof(ffdh_doit));
1952 #endif
1953         memset(dsa_doit, 1, sizeof(dsa_doit));
1954         memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
1955         memset(ecdh_doit, 1, sizeof(ecdh_doit));
1956         memset(eddsa_doit, 1, sizeof(eddsa_doit));
1957 #ifndef OPENSSL_NO_SM2
1958         memset(sm2_doit, 1, sizeof(sm2_doit));
1959 #endif
1960     }
1961     for (i = 0; i < ALGOR_NUM; i++)
1962         if (doit[i])
1963             pr_header++;
1964 
1965     if (usertime == 0 && !mr)
1966         BIO_printf(bio_err,
1967                    "You have chosen to measure elapsed time "
1968                    "instead of user CPU time.\n");
1969 
1970 #if SIGALRM > 0
1971     signal(SIGALRM, alarmed);
1972 #endif
1973 
1974     if (doit[D_MD2]) {
1975         for (testnum = 0; testnum < size_num; testnum++) {
1976             print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum],
1977                           seconds.sym);
1978             Time_F(START);
1979             count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
1980             d = Time_F(STOP);
1981             print_result(D_MD2, testnum, count, d);
1982             if (count < 0)
1983                 break;
1984         }
1985     }
1986 
1987     if (doit[D_MDC2]) {
1988         for (testnum = 0; testnum < size_num; testnum++) {
1989             print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum],
1990                           seconds.sym);
1991             Time_F(START);
1992             count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
1993             d = Time_F(STOP);
1994             print_result(D_MDC2, testnum, count, d);
1995             if (count < 0)
1996                 break;
1997         }
1998     }
1999 
2000     if (doit[D_MD4]) {
2001         for (testnum = 0; testnum < size_num; testnum++) {
2002             print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum],
2003                           seconds.sym);
2004             Time_F(START);
2005             count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
2006             d = Time_F(STOP);
2007             print_result(D_MD4, testnum, count, d);
2008             if (count < 0)
2009                 break;
2010         }
2011     }
2012 
2013     if (doit[D_MD5]) {
2014         for (testnum = 0; testnum < size_num; testnum++) {
2015             print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum],
2016                           seconds.sym);
2017             Time_F(START);
2018             count = run_benchmark(async_jobs, MD5_loop, loopargs);
2019             d = Time_F(STOP);
2020             print_result(D_MD5, testnum, count, d);
2021             if (count < 0)
2022                 break;
2023         }
2024     }
2025 
2026     if (doit[D_SHA1]) {
2027         for (testnum = 0; testnum < size_num; testnum++) {
2028             print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum],
2029                           seconds.sym);
2030             Time_F(START);
2031             count = run_benchmark(async_jobs, SHA1_loop, loopargs);
2032             d = Time_F(STOP);
2033             print_result(D_SHA1, testnum, count, d);
2034             if (count < 0)
2035                 break;
2036         }
2037     }
2038 
2039     if (doit[D_SHA256]) {
2040         for (testnum = 0; testnum < size_num; testnum++) {
2041             print_message(names[D_SHA256], c[D_SHA256][testnum],
2042                           lengths[testnum], seconds.sym);
2043             Time_F(START);
2044             count = run_benchmark(async_jobs, SHA256_loop, loopargs);
2045             d = Time_F(STOP);
2046             print_result(D_SHA256, testnum, count, d);
2047             if (count < 0)
2048                 break;
2049         }
2050     }
2051 
2052     if (doit[D_SHA512]) {
2053         for (testnum = 0; testnum < size_num; testnum++) {
2054             print_message(names[D_SHA512], c[D_SHA512][testnum],
2055                           lengths[testnum], seconds.sym);
2056             Time_F(START);
2057             count = run_benchmark(async_jobs, SHA512_loop, loopargs);
2058             d = Time_F(STOP);
2059             print_result(D_SHA512, testnum, count, d);
2060             if (count < 0)
2061                 break;
2062         }
2063     }
2064 
2065     if (doit[D_WHIRLPOOL]) {
2066         for (testnum = 0; testnum < size_num; testnum++) {
2067             print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum],
2068                           lengths[testnum], seconds.sym);
2069             Time_F(START);
2070             count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
2071             d = Time_F(STOP);
2072             print_result(D_WHIRLPOOL, testnum, count, d);
2073             if (count < 0)
2074                 break;
2075         }
2076     }
2077 
2078     if (doit[D_RMD160]) {
2079         for (testnum = 0; testnum < size_num; testnum++) {
2080             print_message(names[D_RMD160], c[D_RMD160][testnum],
2081                           lengths[testnum], seconds.sym);
2082             Time_F(START);
2083             count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
2084             d = Time_F(STOP);
2085             print_result(D_RMD160, testnum, count, d);
2086             if (count < 0)
2087                 break;
2088         }
2089     }
2090 
2091     if (doit[D_HMAC]) {
2092         static const char hmac_key[] = "This is a key...";
2093         int len = strlen(hmac_key);
2094         size_t hmac_name_len = sizeof("hmac()") + strlen(evp_mac_mdname);
2095         OSSL_PARAM params[3];
2096 
2097         mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC", app_get0_propq());
2098         if (mac == NULL || evp_mac_mdname == NULL)
2099             goto end;
2100         evp_hmac_name = app_malloc(hmac_name_len, "HMAC name");
2101         BIO_snprintf(evp_hmac_name, hmac_name_len, "hmac(%s)", evp_mac_mdname);
2102         names[D_HMAC] = evp_hmac_name;
2103 
2104         params[0] =
2105             OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
2106                                              evp_mac_mdname, 0);
2107         params[1] =
2108             OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
2109                                               (char *)hmac_key, len);
2110         params[2] = OSSL_PARAM_construct_end();
2111 
2112         for (i = 0; i < loopargs_len; i++) {
2113             loopargs[i].mctx = EVP_MAC_CTX_new(mac);
2114             if (loopargs[i].mctx == NULL)
2115                 goto end;
2116 
2117             if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
2118                 goto skip_hmac; /* Digest not found */
2119         }
2120         for (testnum = 0; testnum < size_num; testnum++) {
2121             print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
2122                           seconds.sym);
2123             Time_F(START);
2124             count = run_benchmark(async_jobs, HMAC_loop, loopargs);
2125             d = Time_F(STOP);
2126             print_result(D_HMAC, testnum, count, d);
2127             if (count < 0)
2128                 break;
2129         }
2130         for (i = 0; i < loopargs_len; i++)
2131             EVP_MAC_CTX_free(loopargs[i].mctx);
2132         EVP_MAC_free(mac);
2133         mac = NULL;
2134     }
2135 skip_hmac:
2136     if (doit[D_CBC_DES]) {
2137         int st = 1;
2138 
2139         for (i = 0; st && i < loopargs_len; i++) {
2140             loopargs[i].ctx = init_evp_cipher_ctx("des-cbc", deskey,
2141                                                   sizeof(deskey) / 3);
2142             st = loopargs[i].ctx != NULL;
2143         }
2144         algindex = D_CBC_DES;
2145         for (testnum = 0; st && testnum < size_num; testnum++) {
2146             print_message(names[D_CBC_DES], c[D_CBC_DES][testnum],
2147                           lengths[testnum], seconds.sym);
2148             Time_F(START);
2149             count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2150             d = Time_F(STOP);
2151             print_result(D_CBC_DES, testnum, count, d);
2152         }
2153         for (i = 0; i < loopargs_len; i++)
2154             EVP_CIPHER_CTX_free(loopargs[i].ctx);
2155     }
2156 
2157     if (doit[D_EDE3_DES]) {
2158         int st = 1;
2159 
2160         for (i = 0; st && i < loopargs_len; i++) {
2161             loopargs[i].ctx = init_evp_cipher_ctx("des-ede3-cbc", deskey,
2162                                                   sizeof(deskey));
2163             st = loopargs[i].ctx != NULL;
2164         }
2165         algindex = D_EDE3_DES;
2166         for (testnum = 0; st && testnum < size_num; testnum++) {
2167             print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum],
2168                           lengths[testnum], seconds.sym);
2169             Time_F(START);
2170             count =
2171                 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2172             d = Time_F(STOP);
2173             print_result(D_EDE3_DES, testnum, count, d);
2174         }
2175         for (i = 0; i < loopargs_len; i++)
2176             EVP_CIPHER_CTX_free(loopargs[i].ctx);
2177     }
2178 
2179     for (k = 0; k < 3; k++) {
2180         algindex = D_CBC_128_AES + k;
2181         if (doit[algindex]) {
2182             int st = 1;
2183 
2184             keylen = 16 + k * 8;
2185             for (i = 0; st && i < loopargs_len; i++) {
2186                 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2187                                                       key32, keylen);
2188                 st = loopargs[i].ctx != NULL;
2189             }
2190 
2191             for (testnum = 0; st && testnum < size_num; testnum++) {
2192                 print_message(names[algindex], c[algindex][testnum],
2193                               lengths[testnum], seconds.sym);
2194                 Time_F(START);
2195                 count =
2196                     run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2197                 d = Time_F(STOP);
2198                 print_result(algindex, testnum, count, d);
2199             }
2200             for (i = 0; i < loopargs_len; i++)
2201                 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2202         }
2203     }
2204 
2205     for (k = 0; k < 3; k++) {
2206         algindex = D_CBC_128_CML + k;
2207         if (doit[algindex]) {
2208             int st = 1;
2209 
2210             keylen = 16 + k * 8;
2211             for (i = 0; st && i < loopargs_len; i++) {
2212                 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2213                                                       key32, keylen);
2214                 st = loopargs[i].ctx != NULL;
2215             }
2216 
2217             for (testnum = 0; st && testnum < size_num; testnum++) {
2218                 print_message(names[algindex], c[algindex][testnum],
2219                               lengths[testnum], seconds.sym);
2220                 Time_F(START);
2221                 count =
2222                     run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2223                 d = Time_F(STOP);
2224                 print_result(algindex, testnum, count, d);
2225             }
2226             for (i = 0; i < loopargs_len; i++)
2227                 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2228         }
2229     }
2230 
2231     for (algindex = D_RC4; algindex <= D_CBC_CAST; algindex++) {
2232         if (doit[algindex]) {
2233             int st = 1;
2234 
2235             keylen = 16;
2236             for (i = 0; st && i < loopargs_len; i++) {
2237                 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2238                                                       key32, keylen);
2239                 st = loopargs[i].ctx != NULL;
2240             }
2241 
2242             for (testnum = 0; st && testnum < size_num; testnum++) {
2243                 print_message(names[algindex], c[algindex][testnum],
2244                               lengths[testnum], seconds.sym);
2245                 Time_F(START);
2246                 count =
2247                     run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2248                 d = Time_F(STOP);
2249                 print_result(algindex, testnum, count, d);
2250             }
2251             for (i = 0; i < loopargs_len; i++)
2252                 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2253         }
2254     }
2255     if (doit[D_GHASH]) {
2256         static const char gmac_iv[] = "0123456789ab";
2257         OSSL_PARAM params[3];
2258 
2259         mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC", app_get0_propq());
2260         if (mac == NULL)
2261             goto end;
2262 
2263         params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
2264                                                      "aes-128-gcm", 0);
2265         params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
2266                                                       (char *)gmac_iv,
2267                                                       sizeof(gmac_iv) - 1);
2268         params[2] = OSSL_PARAM_construct_end();
2269 
2270         for (i = 0; i < loopargs_len; i++) {
2271             loopargs[i].mctx = EVP_MAC_CTX_new(mac);
2272             if (loopargs[i].mctx == NULL)
2273                 goto end;
2274 
2275             if (!EVP_MAC_init(loopargs[i].mctx, key32, 16, params))
2276                 goto end;
2277         }
2278         for (testnum = 0; testnum < size_num; testnum++) {
2279             print_message(names[D_GHASH], c[D_GHASH][testnum], lengths[testnum],
2280                           seconds.sym);
2281             Time_F(START);
2282             count = run_benchmark(async_jobs, GHASH_loop, loopargs);
2283             d = Time_F(STOP);
2284             print_result(D_GHASH, testnum, count, d);
2285             if (count < 0)
2286                 break;
2287         }
2288         for (i = 0; i < loopargs_len; i++)
2289             EVP_MAC_CTX_free(loopargs[i].mctx);
2290         EVP_MAC_free(mac);
2291         mac = NULL;
2292     }
2293 
2294     if (doit[D_RAND]) {
2295         for (testnum = 0; testnum < size_num; testnum++) {
2296             print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum],
2297                           seconds.sym);
2298             Time_F(START);
2299             count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs);
2300             d = Time_F(STOP);
2301             print_result(D_RAND, testnum, count, d);
2302         }
2303     }
2304 
2305     /*-
2306      * There are three scenarios for D_EVP:
2307      * 1- Using authenticated encryption (AE) e.g. CCM, GCM, OCB etc.
2308      * 2- Using AE + associated data (AD) i.e. AEAD using CCM, GCM, OCB etc.
2309      * 3- Not using AE or AD e.g. ECB, CBC, CFB etc.
2310      */
2311     if (doit[D_EVP]) {
2312         if (evp_cipher != NULL) {
2313             int (*loopfunc) (void *);
2314             int outlen = 0;
2315             unsigned int ae_mode = 0;
2316 
2317             if (multiblock && (EVP_CIPHER_get_flags(evp_cipher)
2318                                & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
2319                 multiblock_speed(evp_cipher, lengths_single, &seconds);
2320                 ret = 0;
2321                 goto end;
2322             }
2323 
2324             names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher);
2325 
2326             mode_op = EVP_CIPHER_get_mode(evp_cipher);
2327 
2328             if (aead) {
2329                 if (lengths == lengths_list) {
2330                     lengths = aead_lengths_list;
2331                     size_num = OSSL_NELEM(aead_lengths_list);
2332                 }
2333             }
2334             if (mode_op == EVP_CIPH_GCM_MODE
2335                 || mode_op == EVP_CIPH_CCM_MODE
2336                 || mode_op == EVP_CIPH_OCB_MODE
2337                 || mode_op == EVP_CIPH_SIV_MODE) {
2338                 ae_mode = 1;
2339                 if (decrypt)
2340                     loopfunc = EVP_Update_loop_aead_dec;
2341                 else
2342                     loopfunc = EVP_Update_loop_aead_enc;
2343             } else {
2344                 loopfunc = EVP_Update_loop;
2345             }
2346 
2347             for (testnum = 0; testnum < size_num; testnum++) {
2348                 print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
2349                               seconds.sym);
2350 
2351                 for (k = 0; k < loopargs_len; k++) {
2352                     loopargs[k].ctx = EVP_CIPHER_CTX_new();
2353                     if (loopargs[k].ctx == NULL) {
2354                         BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
2355                         exit(1);
2356                     }
2357 
2358                     /*
2359                      * For AE modes, we must first encrypt the data to get
2360                      * a valid tag that enables us to decrypt. If we don't
2361                      * encrypt first, we won't have a valid tag that enables
2362                      * authenticity and hence decryption will fail.
2363                      */
2364                     if (!EVP_CipherInit_ex(loopargs[k].ctx,
2365                                            evp_cipher, NULL, NULL, NULL,
2366                                            ae_mode ? 1 : !decrypt)) {
2367                         BIO_printf(bio_err, "\nCouldn't init the context\n");
2368                         ERR_print_errors(bio_err);
2369                         exit(1);
2370                     }
2371 
2372                     /* Padding isn't needed */
2373                     EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
2374 
2375                     keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx);
2376                     loopargs[k].key = app_malloc(keylen, "evp_cipher key");
2377                     EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
2378 
2379                     if (!ae_mode) {
2380                         if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
2381                                                loopargs[k].key, iv, -1)) {
2382                             BIO_printf(bio_err, "\nFailed to set the key\n");
2383                             ERR_print_errors(bio_err);
2384                             exit(1);
2385                         }
2386                     } else if (mode_op == EVP_CIPH_SIV_MODE) {
2387                         EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
2388                                             EVP_CTRL_SET_SPEED, 1, NULL);
2389                     }
2390                     if (ae_mode && decrypt) {
2391                         /* Set length of iv (Doesn't apply to SIV mode) */
2392                         if (mode_op != EVP_CIPH_SIV_MODE) {
2393                             if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
2394                                                      EVP_CTRL_AEAD_SET_IVLEN,
2395                                                      aead_ivlen, NULL)) {
2396                                 BIO_printf(bio_err, "\nFailed to set iv length\n");
2397                                 ERR_print_errors(bio_err);
2398                                 exit(1);
2399                             }
2400                         }
2401                         /* Set tag_len (Not for SIV at encryption stage) */
2402                         if (mode_op != EVP_CIPH_GCM_MODE
2403                             && mode_op != EVP_CIPH_SIV_MODE) {
2404                             if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
2405                                                      EVP_CTRL_AEAD_SET_TAG,
2406                                                      TAG_LEN, NULL)) {
2407                                 BIO_printf(bio_err,
2408                                            "\nFailed to set tag length\n");
2409                                 ERR_print_errors(bio_err);
2410                                 exit(1);
2411                             }
2412                         }
2413                         if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
2414                                                loopargs[k].key, aead_iv, -1)) {
2415                             BIO_printf(bio_err, "\nFailed to set the key\n");
2416                             ERR_print_errors(bio_err);
2417                             exit(1);
2418                         }
2419                         /* Set total length of input. Only required for CCM */
2420                         if (mode_op == EVP_CIPH_CCM_MODE) {
2421                             if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
2422                                                    &outlen, NULL,
2423                                                    lengths[testnum])) {
2424                                 BIO_printf(bio_err,
2425                                            "\nCouldn't set input text length\n");
2426                                 ERR_print_errors(bio_err);
2427                                 exit(1);
2428                             }
2429                         }
2430                         if (aead) {
2431                             if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
2432                                                    &outlen, aad, sizeof(aad))) {
2433                                 BIO_printf(bio_err,
2434                                            "\nCouldn't insert AAD when encrypting\n");
2435                                 ERR_print_errors(bio_err);
2436                                 exit(1);
2437                             }
2438                         }
2439                         if (!EVP_EncryptUpdate(loopargs[k].ctx, loopargs[k].buf,
2440                                                &outlen, loopargs[k].buf,
2441                                                lengths[testnum])) {
2442                             BIO_printf(bio_err,
2443                                        "\nFailed to to encrypt the data\n");
2444                             ERR_print_errors(bio_err);
2445                             exit(1);
2446                         }
2447 
2448                         if (!EVP_EncryptFinal_ex(loopargs[k].ctx,
2449                                                  loopargs[k].buf, &outlen)) {
2450                             BIO_printf(bio_err,
2451                                        "\nFailed finalize the encryption\n");
2452                             ERR_print_errors(bio_err);
2453                             exit(1);
2454                         }
2455 
2456                         if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
2457                                                  EVP_CTRL_AEAD_GET_TAG,
2458                                                  TAG_LEN, &loopargs[k].tag)) {
2459                             BIO_printf(bio_err, "\nFailed to get the tag\n");
2460                             ERR_print_errors(bio_err);
2461                             exit(1);
2462                         }
2463 
2464                         EVP_CIPHER_CTX_free(loopargs[k].ctx);
2465                         loopargs[k].ctx = EVP_CIPHER_CTX_new();
2466                         if (loopargs[k].ctx == NULL) {
2467                             BIO_printf(bio_err,
2468                                        "\nEVP_CIPHER_CTX_new failure\n");
2469                             exit(1);
2470                         }
2471                         if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher,
2472                                                NULL, NULL, NULL, 0)) {
2473                             BIO_printf(bio_err,
2474                                        "\nFailed initializing the context\n");
2475                             ERR_print_errors(bio_err);
2476                             exit(1);
2477                         }
2478 
2479                         EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
2480 
2481                         /* SIV only allows for one Update operation */
2482                         if (mode_op == EVP_CIPH_SIV_MODE)
2483                             EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
2484                                                 EVP_CTRL_SET_SPEED, 1, NULL);
2485                     }
2486                 }
2487 
2488                 Time_F(START);
2489                 count = run_benchmark(async_jobs, loopfunc, loopargs);
2490                 d = Time_F(STOP);
2491                 for (k = 0; k < loopargs_len; k++) {
2492                     OPENSSL_clear_free(loopargs[k].key, keylen);
2493                     EVP_CIPHER_CTX_free(loopargs[k].ctx);
2494                 }
2495                 print_result(D_EVP, testnum, count, d);
2496             }
2497         } else if (evp_md_name != NULL) {
2498             names[D_EVP] = evp_md_name;
2499 
2500             for (testnum = 0; testnum < size_num; testnum++) {
2501                 print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
2502                               seconds.sym);
2503                 Time_F(START);
2504                 count = run_benchmark(async_jobs, EVP_Digest_md_loop, loopargs);
2505                 d = Time_F(STOP);
2506                 print_result(D_EVP, testnum, count, d);
2507                 if (count < 0)
2508                     break;
2509             }
2510         }
2511     }
2512 
2513     if (doit[D_EVP_CMAC]) {
2514         size_t len = sizeof("cmac()") + strlen(evp_mac_ciphername);
2515         OSSL_PARAM params[3];
2516         EVP_CIPHER *cipher = NULL;
2517 
2518         mac = EVP_MAC_fetch(app_get0_libctx(), "CMAC", app_get0_propq());
2519         if (mac == NULL || evp_mac_ciphername == NULL)
2520             goto end;
2521         if (!opt_cipher(evp_mac_ciphername, &cipher))
2522             goto end;
2523 
2524         keylen = EVP_CIPHER_get_key_length(cipher);
2525         EVP_CIPHER_free(cipher);
2526         if (keylen <= 0 || keylen > (int)sizeof(key32)) {
2527             BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n");
2528             goto end;
2529         }
2530         evp_cmac_name = app_malloc(len, "CMAC name");
2531         BIO_snprintf(evp_cmac_name, len, "cmac(%s)", evp_mac_ciphername);
2532         names[D_EVP_CMAC] = evp_cmac_name;
2533 
2534         params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
2535                                                      evp_mac_ciphername, 0);
2536         params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
2537                                                       (char *)key32, keylen);
2538         params[2] = OSSL_PARAM_construct_end();
2539 
2540         for (i = 0; i < loopargs_len; i++) {
2541             loopargs[i].mctx = EVP_MAC_CTX_new(mac);
2542             if (loopargs[i].mctx == NULL)
2543                 goto end;
2544 
2545             if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
2546                 goto end;
2547         }
2548 
2549         for (testnum = 0; testnum < size_num; testnum++) {
2550             print_message(names[D_EVP_CMAC], c[D_EVP_CMAC][testnum],
2551                           lengths[testnum], seconds.sym);
2552             Time_F(START);
2553             count = run_benchmark(async_jobs, CMAC_loop, loopargs);
2554             d = Time_F(STOP);
2555             print_result(D_EVP_CMAC, testnum, count, d);
2556             if (count < 0)
2557                 break;
2558         }
2559         for (i = 0; i < loopargs_len; i++)
2560             EVP_MAC_CTX_free(loopargs[i].mctx);
2561         EVP_MAC_free(mac);
2562         mac = NULL;
2563     }
2564 
2565     for (i = 0; i < loopargs_len; i++)
2566         if (RAND_bytes(loopargs[i].buf, 36) <= 0)
2567             goto end;
2568 
2569     for (testnum = 0; testnum < RSA_NUM; testnum++) {
2570         EVP_PKEY *rsa_key = NULL;
2571         int st = 0;
2572 
2573         if (!rsa_doit[testnum])
2574             continue;
2575 
2576         if (primes > RSA_DEFAULT_PRIME_NUM) {
2577             /* we haven't set keys yet,  generate multi-prime RSA keys */
2578             bn = BN_new();
2579             st = bn != NULL
2580                 && BN_set_word(bn, RSA_F4)
2581                 && init_gen_str(&genctx, "RSA", NULL, 0, NULL, NULL)
2582                 && EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, rsa_keys[testnum].bits) > 0
2583                 && EVP_PKEY_CTX_set1_rsa_keygen_pubexp(genctx, bn) > 0
2584                 && EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) > 0
2585                 && EVP_PKEY_keygen(genctx, &rsa_key);
2586             BN_free(bn);
2587             bn = NULL;
2588             EVP_PKEY_CTX_free(genctx);
2589             genctx = NULL;
2590         } else {
2591             const unsigned char *p = rsa_keys[testnum].data;
2592 
2593             st = (rsa_key = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p,
2594                                            rsa_keys[testnum].length)) != NULL;
2595         }
2596 
2597         for (i = 0; st && i < loopargs_len; i++) {
2598             loopargs[i].rsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL);
2599             loopargs[i].sigsize = loopargs[i].buflen;
2600             if (loopargs[i].rsa_sign_ctx[testnum] == NULL
2601                 || EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0
2602                 || EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum],
2603                                  loopargs[i].buf2,
2604                                  &loopargs[i].sigsize,
2605                                  loopargs[i].buf, 36) <= 0)
2606                 st = 0;
2607         }
2608         if (!st) {
2609             BIO_printf(bio_err,
2610                        "RSA sign setup failure.  No RSA sign will be done.\n");
2611             ERR_print_errors(bio_err);
2612             op_count = 1;
2613         } else {
2614             pkey_print_message("private", "rsa",
2615                                rsa_c[testnum][0], rsa_keys[testnum].bits,
2616                                seconds.rsa);
2617             /* RSA_blinding_on(rsa_key[testnum],NULL); */
2618             Time_F(START);
2619             count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
2620             d = Time_F(STOP);
2621             BIO_printf(bio_err,
2622                        mr ? "+R1:%ld:%d:%.2f\n"
2623                        : "%ld %u bits private RSA's in %.2fs\n",
2624                        count, rsa_keys[testnum].bits, d);
2625             rsa_results[testnum][0] = (double)count / d;
2626             op_count = count;
2627         }
2628 
2629         for (i = 0; st && i < loopargs_len; i++) {
2630             loopargs[i].rsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key,
2631                                                                    NULL);
2632             if (loopargs[i].rsa_verify_ctx[testnum] == NULL
2633                 || EVP_PKEY_verify_init(loopargs[i].rsa_verify_ctx[testnum]) <= 0
2634                 || EVP_PKEY_verify(loopargs[i].rsa_verify_ctx[testnum],
2635                                    loopargs[i].buf2,
2636                                    loopargs[i].sigsize,
2637                                    loopargs[i].buf, 36) <= 0)
2638                 st = 0;
2639         }
2640         if (!st) {
2641             BIO_printf(bio_err,
2642                        "RSA verify setup failure.  No RSA verify will be done.\n");
2643             ERR_print_errors(bio_err);
2644             rsa_doit[testnum] = 0;
2645         } else {
2646             pkey_print_message("public", "rsa",
2647                                rsa_c[testnum][1], rsa_keys[testnum].bits,
2648                                seconds.rsa);
2649             Time_F(START);
2650             count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
2651             d = Time_F(STOP);
2652             BIO_printf(bio_err,
2653                        mr ? "+R2:%ld:%d:%.2f\n"
2654                        : "%ld %u bits public RSA's in %.2fs\n",
2655                        count, rsa_keys[testnum].bits, d);
2656             rsa_results[testnum][1] = (double)count / d;
2657         }
2658 
2659         if (op_count <= 1) {
2660             /* if longer than 10s, don't do any more */
2661             stop_it(rsa_doit, testnum);
2662         }
2663         EVP_PKEY_free(rsa_key);
2664     }
2665 
2666     for (testnum = 0; testnum < DSA_NUM; testnum++) {
2667         EVP_PKEY *dsa_key = NULL;
2668         int st;
2669 
2670         if (!dsa_doit[testnum])
2671             continue;
2672 
2673         st = (dsa_key = get_dsa(dsa_bits[testnum])) != NULL;
2674 
2675         for (i = 0; st && i < loopargs_len; i++) {
2676             loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
2677                                                                  NULL);
2678             loopargs[i].sigsize = loopargs[i].buflen;
2679             if (loopargs[i].dsa_sign_ctx[testnum] == NULL
2680                 || EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0
2681 
2682                 || EVP_PKEY_sign(loopargs[i].dsa_sign_ctx[testnum],
2683                                  loopargs[i].buf2,
2684                                  &loopargs[i].sigsize,
2685                                  loopargs[i].buf, 20) <= 0)
2686                 st = 0;
2687         }
2688         if (!st) {
2689             BIO_printf(bio_err,
2690                        "DSA sign setup failure.  No DSA sign will be done.\n");
2691             ERR_print_errors(bio_err);
2692             op_count = 1;
2693         } else {
2694             pkey_print_message("sign", "dsa",
2695                                dsa_c[testnum][0], dsa_bits[testnum],
2696                                seconds.dsa);
2697             Time_F(START);
2698             count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
2699             d = Time_F(STOP);
2700             BIO_printf(bio_err,
2701                        mr ? "+R3:%ld:%u:%.2f\n"
2702                        : "%ld %u bits DSA signs in %.2fs\n",
2703                        count, dsa_bits[testnum], d);
2704             dsa_results[testnum][0] = (double)count / d;
2705             op_count = count;
2706         }
2707 
2708         for (i = 0; st && i < loopargs_len; i++) {
2709             loopargs[i].dsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
2710                                                                    NULL);
2711             if (loopargs[i].dsa_verify_ctx[testnum] == NULL
2712                 || EVP_PKEY_verify_init(loopargs[i].dsa_verify_ctx[testnum]) <= 0
2713                 || EVP_PKEY_verify(loopargs[i].dsa_verify_ctx[testnum],
2714                                    loopargs[i].buf2,
2715                                    loopargs[i].sigsize,
2716                                    loopargs[i].buf, 36) <= 0)
2717                 st = 0;
2718         }
2719         if (!st) {
2720             BIO_printf(bio_err,
2721                        "DSA verify setup failure.  No DSA verify will be done.\n");
2722             ERR_print_errors(bio_err);
2723             dsa_doit[testnum] = 0;
2724         } else {
2725             pkey_print_message("verify", "dsa",
2726                                dsa_c[testnum][1], dsa_bits[testnum],
2727                                seconds.dsa);
2728             Time_F(START);
2729             count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
2730             d = Time_F(STOP);
2731             BIO_printf(bio_err,
2732                        mr ? "+R4:%ld:%u:%.2f\n"
2733                        : "%ld %u bits DSA verify in %.2fs\n",
2734                        count, dsa_bits[testnum], d);
2735             dsa_results[testnum][1] = (double)count / d;
2736         }
2737 
2738         if (op_count <= 1) {
2739             /* if longer than 10s, don't do any more */
2740             stop_it(dsa_doit, testnum);
2741         }
2742         EVP_PKEY_free(dsa_key);
2743     }
2744 
2745     for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
2746         EVP_PKEY *ecdsa_key = NULL;
2747         int st;
2748 
2749         if (!ecdsa_doit[testnum])
2750             continue;
2751 
2752         st = (ecdsa_key = get_ecdsa(&ec_curves[testnum])) != NULL;
2753 
2754         for (i = 0; st && i < loopargs_len; i++) {
2755             loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
2756                                                                    NULL);
2757             loopargs[i].sigsize = loopargs[i].buflen;
2758             if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL
2759                 || EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0
2760 
2761                 || EVP_PKEY_sign(loopargs[i].ecdsa_sign_ctx[testnum],
2762                                  loopargs[i].buf2,
2763                                  &loopargs[i].sigsize,
2764                                  loopargs[i].buf, 20) <= 0)
2765                 st = 0;
2766         }
2767         if (!st) {
2768             BIO_printf(bio_err,
2769                        "ECDSA sign setup failure.  No ECDSA sign will be done.\n");
2770             ERR_print_errors(bio_err);
2771             op_count = 1;
2772         } else {
2773             pkey_print_message("sign", "ecdsa",
2774                                ecdsa_c[testnum][0], ec_curves[testnum].bits,
2775                                seconds.ecdsa);
2776             Time_F(START);
2777             count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
2778             d = Time_F(STOP);
2779             BIO_printf(bio_err,
2780                        mr ? "+R5:%ld:%u:%.2f\n"
2781                        : "%ld %u bits ECDSA signs in %.2fs\n",
2782                        count, ec_curves[testnum].bits, d);
2783             ecdsa_results[testnum][0] = (double)count / d;
2784             op_count = count;
2785         }
2786 
2787         for (i = 0; st && i < loopargs_len; i++) {
2788             loopargs[i].ecdsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
2789                                                                      NULL);
2790             if (loopargs[i].ecdsa_verify_ctx[testnum] == NULL
2791                 || EVP_PKEY_verify_init(loopargs[i].ecdsa_verify_ctx[testnum]) <= 0
2792                 || EVP_PKEY_verify(loopargs[i].ecdsa_verify_ctx[testnum],
2793                                    loopargs[i].buf2,
2794                                    loopargs[i].sigsize,
2795                                    loopargs[i].buf, 20) <= 0)
2796                 st = 0;
2797         }
2798         if (!st) {
2799             BIO_printf(bio_err,
2800                        "ECDSA verify setup failure.  No ECDSA verify will be done.\n");
2801             ERR_print_errors(bio_err);
2802             ecdsa_doit[testnum] = 0;
2803         } else {
2804             pkey_print_message("verify", "ecdsa",
2805                                ecdsa_c[testnum][1], ec_curves[testnum].bits,
2806                                seconds.ecdsa);
2807             Time_F(START);
2808             count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
2809             d = Time_F(STOP);
2810             BIO_printf(bio_err,
2811                        mr ? "+R6:%ld:%u:%.2f\n"
2812                        : "%ld %u bits ECDSA verify in %.2fs\n",
2813                        count, ec_curves[testnum].bits, d);
2814             ecdsa_results[testnum][1] = (double)count / d;
2815         }
2816 
2817         if (op_count <= 1) {
2818             /* if longer than 10s, don't do any more */
2819             stop_it(ecdsa_doit, testnum);
2820         }
2821     }
2822 
2823     for (testnum = 0; testnum < EC_NUM; testnum++) {
2824         int ecdh_checks = 1;
2825 
2826         if (!ecdh_doit[testnum])
2827             continue;
2828 
2829         for (i = 0; i < loopargs_len; i++) {
2830             EVP_PKEY_CTX *test_ctx = NULL;
2831             EVP_PKEY_CTX *ctx = NULL;
2832             EVP_PKEY *key_A = NULL;
2833             EVP_PKEY *key_B = NULL;
2834             size_t outlen;
2835             size_t test_outlen;
2836 
2837             if ((key_A = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key A */
2838                 || (key_B = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key B */
2839                 || (ctx = EVP_PKEY_CTX_new(key_A, NULL)) == NULL /* derivation ctx from skeyA */
2840                 || EVP_PKEY_derive_init(ctx) <= 0 /* init derivation ctx */
2841                 || EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 /* set peer pubkey in ctx */
2842                 || EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 /* determine max length */
2843                 || outlen == 0 /* ensure outlen is a valid size */
2844                 || outlen > MAX_ECDH_SIZE /* avoid buffer overflow */) {
2845                 ecdh_checks = 0;
2846                 BIO_printf(bio_err, "ECDH key generation failure.\n");
2847                 ERR_print_errors(bio_err);
2848                 op_count = 1;
2849                 break;
2850             }
2851 
2852             /*
2853              * Here we perform a test run, comparing the output of a*B and b*A;
2854              * we try this here and assume that further EVP_PKEY_derive calls
2855              * never fail, so we can skip checks in the actually benchmarked
2856              * code, for maximum performance.
2857              */
2858             if ((test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) == NULL /* test ctx from skeyB */
2859                 || EVP_PKEY_derive_init(test_ctx) <= 0 /* init derivation test_ctx */
2860                 || EVP_PKEY_derive_set_peer(test_ctx, key_A) <= 0 /* set peer pubkey in test_ctx */
2861                 || EVP_PKEY_derive(test_ctx, NULL, &test_outlen) <= 0 /* determine max length */
2862                 || EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) <= 0 /* compute a*B */
2863                 || EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) <= 0 /* compute b*A */
2864                 || test_outlen != outlen /* compare output length */) {
2865                 ecdh_checks = 0;
2866                 BIO_printf(bio_err, "ECDH computation failure.\n");
2867                 ERR_print_errors(bio_err);
2868                 op_count = 1;
2869                 break;
2870             }
2871 
2872             /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
2873             if (CRYPTO_memcmp(loopargs[i].secret_a,
2874                               loopargs[i].secret_b, outlen)) {
2875                 ecdh_checks = 0;
2876                 BIO_printf(bio_err, "ECDH computations don't match.\n");
2877                 ERR_print_errors(bio_err);
2878                 op_count = 1;
2879                 break;
2880             }
2881 
2882             loopargs[i].ecdh_ctx[testnum] = ctx;
2883             loopargs[i].outlen[testnum] = outlen;
2884 
2885             EVP_PKEY_free(key_A);
2886             EVP_PKEY_free(key_B);
2887             EVP_PKEY_CTX_free(test_ctx);
2888             test_ctx = NULL;
2889         }
2890         if (ecdh_checks != 0) {
2891             pkey_print_message("", "ecdh",
2892                                ecdh_c[testnum][0],
2893                                ec_curves[testnum].bits, seconds.ecdh);
2894             Time_F(START);
2895             count =
2896                 run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
2897             d = Time_F(STOP);
2898             BIO_printf(bio_err,
2899                        mr ? "+R7:%ld:%d:%.2f\n" :
2900                        "%ld %u-bits ECDH ops in %.2fs\n", count,
2901                        ec_curves[testnum].bits, d);
2902             ecdh_results[testnum][0] = (double)count / d;
2903             op_count = count;
2904         }
2905 
2906         if (op_count <= 1) {
2907             /* if longer than 10s, don't do any more */
2908             stop_it(ecdh_doit, testnum);
2909         }
2910     }
2911 
2912     for (testnum = 0; testnum < EdDSA_NUM; testnum++) {
2913         int st = 1;
2914         EVP_PKEY *ed_pkey = NULL;
2915         EVP_PKEY_CTX *ed_pctx = NULL;
2916 
2917         if (!eddsa_doit[testnum])
2918             continue;           /* Ignore Curve */
2919         for (i = 0; i < loopargs_len; i++) {
2920             loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new();
2921             if (loopargs[i].eddsa_ctx[testnum] == NULL) {
2922                 st = 0;
2923                 break;
2924             }
2925             loopargs[i].eddsa_ctx2[testnum] = EVP_MD_CTX_new();
2926             if (loopargs[i].eddsa_ctx2[testnum] == NULL) {
2927                 st = 0;
2928                 break;
2929             }
2930 
2931             if ((ed_pctx = EVP_PKEY_CTX_new_id(ed_curves[testnum].nid,
2932                                                NULL)) == NULL
2933                 || EVP_PKEY_keygen_init(ed_pctx) <= 0
2934                 || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) {
2935                 st = 0;
2936                 EVP_PKEY_CTX_free(ed_pctx);
2937                 break;
2938             }
2939             EVP_PKEY_CTX_free(ed_pctx);
2940 
2941             if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL,
2942                                     NULL, ed_pkey)) {
2943                 st = 0;
2944                 EVP_PKEY_free(ed_pkey);
2945                 break;
2946             }
2947             if (!EVP_DigestVerifyInit(loopargs[i].eddsa_ctx2[testnum], NULL,
2948                                       NULL, NULL, ed_pkey)) {
2949                 st = 0;
2950                 EVP_PKEY_free(ed_pkey);
2951                 break;
2952             }
2953 
2954             EVP_PKEY_free(ed_pkey);
2955             ed_pkey = NULL;
2956         }
2957         if (st == 0) {
2958             BIO_printf(bio_err, "EdDSA failure.\n");
2959             ERR_print_errors(bio_err);
2960             op_count = 1;
2961         } else {
2962             for (i = 0; i < loopargs_len; i++) {
2963                 /* Perform EdDSA signature test */
2964                 loopargs[i].sigsize = ed_curves[testnum].sigsize;
2965                 st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum],
2966                                     loopargs[i].buf2, &loopargs[i].sigsize,
2967                                     loopargs[i].buf, 20);
2968                 if (st == 0)
2969                     break;
2970             }
2971             if (st == 0) {
2972                 BIO_printf(bio_err,
2973                            "EdDSA sign failure.  No EdDSA sign will be done.\n");
2974                 ERR_print_errors(bio_err);
2975                 op_count = 1;
2976             } else {
2977                 pkey_print_message("sign", ed_curves[testnum].name,
2978                                    eddsa_c[testnum][0],
2979                                    ed_curves[testnum].bits, seconds.eddsa);
2980                 Time_F(START);
2981                 count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs);
2982                 d = Time_F(STOP);
2983 
2984                 BIO_printf(bio_err,
2985                            mr ? "+R8:%ld:%u:%s:%.2f\n" :
2986                            "%ld %u bits %s signs in %.2fs \n",
2987                            count, ed_curves[testnum].bits,
2988                            ed_curves[testnum].name, d);
2989                 eddsa_results[testnum][0] = (double)count / d;
2990                 op_count = count;
2991             }
2992             /* Perform EdDSA verification test */
2993             for (i = 0; i < loopargs_len; i++) {
2994                 st = EVP_DigestVerify(loopargs[i].eddsa_ctx2[testnum],
2995                                       loopargs[i].buf2, loopargs[i].sigsize,
2996                                       loopargs[i].buf, 20);
2997                 if (st != 1)
2998                     break;
2999             }
3000             if (st != 1) {
3001                 BIO_printf(bio_err,
3002                            "EdDSA verify failure.  No EdDSA verify will be done.\n");
3003                 ERR_print_errors(bio_err);
3004                 eddsa_doit[testnum] = 0;
3005             } else {
3006                 pkey_print_message("verify", ed_curves[testnum].name,
3007                                    eddsa_c[testnum][1],
3008                                    ed_curves[testnum].bits, seconds.eddsa);
3009                 Time_F(START);
3010                 count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs);
3011                 d = Time_F(STOP);
3012                 BIO_printf(bio_err,
3013                            mr ? "+R9:%ld:%u:%s:%.2f\n"
3014                            : "%ld %u bits %s verify in %.2fs\n",
3015                            count, ed_curves[testnum].bits,
3016                            ed_curves[testnum].name, d);
3017                 eddsa_results[testnum][1] = (double)count / d;
3018             }
3019 
3020             if (op_count <= 1) {
3021                 /* if longer than 10s, don't do any more */
3022                 stop_it(eddsa_doit, testnum);
3023             }
3024         }
3025     }
3026 
3027 #ifndef OPENSSL_NO_SM2
3028     for (testnum = 0; testnum < SM2_NUM; testnum++) {
3029         int st = 1;
3030         EVP_PKEY *sm2_pkey = NULL;
3031 
3032         if (!sm2_doit[testnum])
3033             continue;           /* Ignore Curve */
3034         /* Init signing and verification */
3035         for (i = 0; i < loopargs_len; i++) {
3036             EVP_PKEY_CTX *sm2_pctx = NULL;
3037             EVP_PKEY_CTX *sm2_vfy_pctx = NULL;
3038             EVP_PKEY_CTX *pctx = NULL;
3039             st = 0;
3040 
3041             loopargs[i].sm2_ctx[testnum] = EVP_MD_CTX_new();
3042             loopargs[i].sm2_vfy_ctx[testnum] = EVP_MD_CTX_new();
3043             if (loopargs[i].sm2_ctx[testnum] == NULL
3044                     || loopargs[i].sm2_vfy_ctx[testnum] == NULL)
3045                 break;
3046 
3047             sm2_pkey = NULL;
3048 
3049             st = !((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL)) == NULL
3050                 || EVP_PKEY_keygen_init(pctx) <= 0
3051                 || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
3052                     sm2_curves[testnum].nid) <= 0
3053                 || EVP_PKEY_keygen(pctx, &sm2_pkey) <= 0);
3054             EVP_PKEY_CTX_free(pctx);
3055             if (st == 0)
3056                 break;
3057 
3058             st = 0; /* set back to zero */
3059             /* attach it sooner to rely on main final cleanup */
3060             loopargs[i].sm2_pkey[testnum] = sm2_pkey;
3061             loopargs[i].sigsize = EVP_PKEY_get_size(sm2_pkey);
3062 
3063             sm2_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
3064             sm2_vfy_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
3065             if (sm2_pctx == NULL || sm2_vfy_pctx == NULL) {
3066                 EVP_PKEY_CTX_free(sm2_vfy_pctx);
3067                 break;
3068             }
3069 
3070             /* attach them directly to respective ctx */
3071             EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_ctx[testnum], sm2_pctx);
3072             EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_vfy_ctx[testnum], sm2_vfy_pctx);
3073 
3074             /*
3075              * No need to allow user to set an explicit ID here, just use
3076              * the one defined in the 'draft-yang-tls-tl13-sm-suites' I-D.
3077              */
3078             if (EVP_PKEY_CTX_set1_id(sm2_pctx, SM2_ID, SM2_ID_LEN) != 1
3079                 || EVP_PKEY_CTX_set1_id(sm2_vfy_pctx, SM2_ID, SM2_ID_LEN) != 1)
3080                 break;
3081 
3082             if (!EVP_DigestSignInit(loopargs[i].sm2_ctx[testnum], NULL,
3083                                     EVP_sm3(), NULL, sm2_pkey))
3084                 break;
3085             if (!EVP_DigestVerifyInit(loopargs[i].sm2_vfy_ctx[testnum], NULL,
3086                                       EVP_sm3(), NULL, sm2_pkey))
3087                 break;
3088             st = 1;         /* mark loop as succeeded */
3089         }
3090         if (st == 0) {
3091             BIO_printf(bio_err, "SM2 init failure.\n");
3092             ERR_print_errors(bio_err);
3093             op_count = 1;
3094         } else {
3095             for (i = 0; i < loopargs_len; i++) {
3096                 /* Perform SM2 signature test */
3097                 st = EVP_DigestSign(loopargs[i].sm2_ctx[testnum],
3098                                     loopargs[i].buf2, &loopargs[i].sigsize,
3099                                     loopargs[i].buf, 20);
3100                 if (st == 0)
3101                     break;
3102             }
3103             if (st == 0) {
3104                 BIO_printf(bio_err,
3105                            "SM2 sign failure.  No SM2 sign will be done.\n");
3106                 ERR_print_errors(bio_err);
3107                 op_count = 1;
3108             } else {
3109                 pkey_print_message("sign", sm2_curves[testnum].name,
3110                                    sm2_c[testnum][0],
3111                                    sm2_curves[testnum].bits, seconds.sm2);
3112                 Time_F(START);
3113                 count = run_benchmark(async_jobs, SM2_sign_loop, loopargs);
3114                 d = Time_F(STOP);
3115 
3116                 BIO_printf(bio_err,
3117                            mr ? "+R10:%ld:%u:%s:%.2f\n" :
3118                            "%ld %u bits %s signs in %.2fs \n",
3119                            count, sm2_curves[testnum].bits,
3120                            sm2_curves[testnum].name, d);
3121                 sm2_results[testnum][0] = (double)count / d;
3122                 op_count = count;
3123             }
3124 
3125             /* Perform SM2 verification test */
3126             for (i = 0; i < loopargs_len; i++) {
3127                 st = EVP_DigestVerify(loopargs[i].sm2_vfy_ctx[testnum],
3128                                       loopargs[i].buf2, loopargs[i].sigsize,
3129                                       loopargs[i].buf, 20);
3130                 if (st != 1)
3131                     break;
3132             }
3133             if (st != 1) {
3134                 BIO_printf(bio_err,
3135                            "SM2 verify failure.  No SM2 verify will be done.\n");
3136                 ERR_print_errors(bio_err);
3137                 sm2_doit[testnum] = 0;
3138             } else {
3139                 pkey_print_message("verify", sm2_curves[testnum].name,
3140                                    sm2_c[testnum][1],
3141                                    sm2_curves[testnum].bits, seconds.sm2);
3142                 Time_F(START);
3143                 count = run_benchmark(async_jobs, SM2_verify_loop, loopargs);
3144                 d = Time_F(STOP);
3145                 BIO_printf(bio_err,
3146                            mr ? "+R11:%ld:%u:%s:%.2f\n"
3147                            : "%ld %u bits %s verify in %.2fs\n",
3148                            count, sm2_curves[testnum].bits,
3149                            sm2_curves[testnum].name, d);
3150                 sm2_results[testnum][1] = (double)count / d;
3151             }
3152 
3153             if (op_count <= 1) {
3154                 /* if longer than 10s, don't do any more */
3155                 for (testnum++; testnum < SM2_NUM; testnum++)
3156                     sm2_doit[testnum] = 0;
3157             }
3158         }
3159     }
3160 #endif                         /* OPENSSL_NO_SM2 */
3161 
3162 #ifndef OPENSSL_NO_DH
3163     for (testnum = 0; testnum < FFDH_NUM; testnum++) {
3164         int ffdh_checks = 1;
3165 
3166         if (!ffdh_doit[testnum])
3167             continue;
3168 
3169         for (i = 0; i < loopargs_len; i++) {
3170             EVP_PKEY *pkey_A = NULL;
3171             EVP_PKEY *pkey_B = NULL;
3172             EVP_PKEY_CTX *ffdh_ctx = NULL;
3173             EVP_PKEY_CTX *test_ctx = NULL;
3174             size_t secret_size;
3175             size_t test_out;
3176 
3177             /* Ensure that the error queue is empty */
3178             if (ERR_peek_error()) {
3179                 BIO_printf(bio_err,
3180                            "WARNING: the error queue contains previous unhandled errors.\n");
3181                 ERR_print_errors(bio_err);
3182             }
3183 
3184             pkey_A = EVP_PKEY_new();
3185             if (!pkey_A) {
3186                 BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
3187                 ERR_print_errors(bio_err);
3188                 op_count = 1;
3189                 ffdh_checks = 0;
3190                 break;
3191             }
3192             pkey_B = EVP_PKEY_new();
3193             if (!pkey_B) {
3194                 BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
3195                 ERR_print_errors(bio_err);
3196                 op_count = 1;
3197                 ffdh_checks = 0;
3198                 break;
3199             }
3200 
3201             ffdh_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
3202             if (!ffdh_ctx) {
3203                 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
3204                 ERR_print_errors(bio_err);
3205                 op_count = 1;
3206                 ffdh_checks = 0;
3207                 break;
3208             }
3209 
3210             if (EVP_PKEY_keygen_init(ffdh_ctx) <= 0) {
3211                 BIO_printf(bio_err, "Error while initialising EVP_PKEY_CTX.\n");
3212                 ERR_print_errors(bio_err);
3213                 op_count = 1;
3214                 ffdh_checks = 0;
3215                 break;
3216             }
3217             if (EVP_PKEY_CTX_set_dh_nid(ffdh_ctx, ffdh_params[testnum].nid) <= 0) {
3218                 BIO_printf(bio_err, "Error setting DH key size for keygen.\n");
3219                 ERR_print_errors(bio_err);
3220                 op_count = 1;
3221                 ffdh_checks = 0;
3222                 break;
3223             }
3224 
3225             if (EVP_PKEY_keygen(ffdh_ctx, &pkey_A) <= 0 ||
3226                 EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) {
3227                 BIO_printf(bio_err, "FFDH key generation failure.\n");
3228                 ERR_print_errors(bio_err);
3229                 op_count = 1;
3230                 ffdh_checks = 0;
3231                 break;
3232             }
3233 
3234             EVP_PKEY_CTX_free(ffdh_ctx);
3235 
3236             /*
3237              * check if the derivation works correctly both ways so that
3238              * we know if future derive calls will fail, and we can skip
3239              * error checking in benchmarked code
3240              */
3241             ffdh_ctx = EVP_PKEY_CTX_new(pkey_A, NULL);
3242             if (ffdh_ctx == NULL) {
3243                 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
3244                 ERR_print_errors(bio_err);
3245                 op_count = 1;
3246                 ffdh_checks = 0;
3247                 break;
3248             }
3249             if (EVP_PKEY_derive_init(ffdh_ctx) <= 0) {
3250                 BIO_printf(bio_err, "FFDH derivation context init failure.\n");
3251                 ERR_print_errors(bio_err);
3252                 op_count = 1;
3253                 ffdh_checks = 0;
3254                 break;
3255             }
3256             if (EVP_PKEY_derive_set_peer(ffdh_ctx, pkey_B) <= 0) {
3257                 BIO_printf(bio_err, "Assigning peer key for derivation failed.\n");
3258                 ERR_print_errors(bio_err);
3259                 op_count = 1;
3260                 ffdh_checks = 0;
3261                 break;
3262             }
3263             if (EVP_PKEY_derive(ffdh_ctx, NULL, &secret_size) <= 0) {
3264                 BIO_printf(bio_err, "Checking size of shared secret failed.\n");
3265                 ERR_print_errors(bio_err);
3266                 op_count = 1;
3267                 ffdh_checks = 0;
3268                 break;
3269             }
3270             if (secret_size > MAX_FFDH_SIZE) {
3271                 BIO_printf(bio_err, "Assertion failure: shared secret too large.\n");
3272                 op_count = 1;
3273                 ffdh_checks = 0;
3274                 break;
3275             }
3276             if (EVP_PKEY_derive(ffdh_ctx,
3277                                 loopargs[i].secret_ff_a,
3278                                 &secret_size) <= 0) {
3279                 BIO_printf(bio_err, "Shared secret derive failure.\n");
3280                 ERR_print_errors(bio_err);
3281                 op_count = 1;
3282                 ffdh_checks = 0;
3283                 break;
3284             }
3285             /* Now check from side B */
3286             test_ctx = EVP_PKEY_CTX_new(pkey_B, NULL);
3287             if (!test_ctx) {
3288                 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
3289                 ERR_print_errors(bio_err);
3290                 op_count = 1;
3291                 ffdh_checks = 0;
3292                 break;
3293             }
3294             if (EVP_PKEY_derive_init(test_ctx) <= 0 ||
3295                 EVP_PKEY_derive_set_peer(test_ctx, pkey_A) <= 0 ||
3296                 EVP_PKEY_derive(test_ctx, NULL, &test_out) <= 0 ||
3297                 EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) <= 0 ||
3298                 test_out != secret_size) {
3299                 BIO_printf(bio_err, "FFDH computation failure.\n");
3300                 op_count = 1;
3301                 ffdh_checks = 0;
3302                 break;
3303             }
3304 
3305             /* compare the computed secrets */
3306             if (CRYPTO_memcmp(loopargs[i].secret_ff_a,
3307                               loopargs[i].secret_ff_b, secret_size)) {
3308                 BIO_printf(bio_err, "FFDH computations don't match.\n");
3309                 ERR_print_errors(bio_err);
3310                 op_count = 1;
3311                 ffdh_checks = 0;
3312                 break;
3313             }
3314 
3315             loopargs[i].ffdh_ctx[testnum] = ffdh_ctx;
3316 
3317             EVP_PKEY_free(pkey_A);
3318             pkey_A = NULL;
3319             EVP_PKEY_free(pkey_B);
3320             pkey_B = NULL;
3321             EVP_PKEY_CTX_free(test_ctx);
3322             test_ctx = NULL;
3323         }
3324         if (ffdh_checks != 0) {
3325             pkey_print_message("", "ffdh", ffdh_c[testnum][0],
3326                                ffdh_params[testnum].bits, seconds.ffdh);
3327             Time_F(START);
3328             count =
3329                 run_benchmark(async_jobs, FFDH_derive_key_loop, loopargs);
3330             d = Time_F(STOP);
3331             BIO_printf(bio_err,
3332                        mr ? "+R12:%ld:%d:%.2f\n" :
3333                        "%ld %u-bits FFDH ops in %.2fs\n", count,
3334                        ffdh_params[testnum].bits, d);
3335             ffdh_results[testnum][0] = (double)count / d;
3336             op_count = count;
3337         }
3338         if (op_count <= 1) {
3339             /* if longer than 10s, don't do any more */
3340             stop_it(ffdh_doit, testnum);
3341         }
3342     }
3343 #endif  /* OPENSSL_NO_DH */
3344 #ifndef NO_FORK
3345  show_res:
3346 #endif
3347     if (!mr) {
3348         printf("version: %s\n", OpenSSL_version(OPENSSL_FULL_VERSION_STRING));
3349         printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
3350         printf("options: %s\n", BN_options());
3351         printf("%s\n", OpenSSL_version(OPENSSL_CFLAGS));
3352         printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO));
3353     }
3354 
3355     if (pr_header) {
3356         if (mr) {
3357             printf("+H");
3358         } else {
3359             printf("The 'numbers' are in 1000s of bytes per second processed.\n");
3360             printf("type        ");
3361         }
3362         for (testnum = 0; testnum < size_num; testnum++)
3363             printf(mr ? ":%d" : "%7d bytes", lengths[testnum]);
3364         printf("\n");
3365     }
3366 
3367     for (k = 0; k < ALGOR_NUM; k++) {
3368         const char *alg_name = names[k];
3369 
3370         if (!doit[k])
3371             continue;
3372 
3373         if (k == D_EVP) {
3374             if (evp_cipher == NULL)
3375                 alg_name = evp_md_name;
3376             else if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
3377                 app_bail_out("failed to get name of cipher '%s'\n", evp_cipher);
3378         }
3379 
3380         if (mr)
3381             printf("+F:%u:%s", k, alg_name);
3382         else
3383             printf("%-13s", alg_name);
3384         for (testnum = 0; testnum < size_num; testnum++) {
3385             if (results[k][testnum] > 10000 && !mr)
3386                 printf(" %11.2fk", results[k][testnum] / 1e3);
3387             else
3388                 printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
3389         }
3390         printf("\n");
3391     }
3392     testnum = 1;
3393     for (k = 0; k < RSA_NUM; k++) {
3394         if (!rsa_doit[k])
3395             continue;
3396         if (testnum && !mr) {
3397             printf("%18ssign    verify    sign/s verify/s\n", " ");
3398             testnum = 0;
3399         }
3400         if (mr)
3401             printf("+F2:%u:%u:%f:%f\n",
3402                    k, rsa_keys[k].bits, rsa_results[k][0], rsa_results[k][1]);
3403         else
3404             printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3405                    rsa_keys[k].bits, 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1],
3406                    rsa_results[k][0], rsa_results[k][1]);
3407     }
3408     testnum = 1;
3409     for (k = 0; k < DSA_NUM; k++) {
3410         if (!dsa_doit[k])
3411             continue;
3412         if (testnum && !mr) {
3413             printf("%18ssign    verify    sign/s verify/s\n", " ");
3414             testnum = 0;
3415         }
3416         if (mr)
3417             printf("+F3:%u:%u:%f:%f\n",
3418                    k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
3419         else
3420             printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3421                    dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
3422                    dsa_results[k][0], dsa_results[k][1]);
3423     }
3424     testnum = 1;
3425     for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
3426         if (!ecdsa_doit[k])
3427             continue;
3428         if (testnum && !mr) {
3429             printf("%30ssign    verify    sign/s verify/s\n", " ");
3430             testnum = 0;
3431         }
3432 
3433         if (mr)
3434             printf("+F4:%u:%u:%f:%f\n",
3435                    k, ec_curves[k].bits,
3436                    ecdsa_results[k][0], ecdsa_results[k][1]);
3437         else
3438             printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3439                    ec_curves[k].bits, ec_curves[k].name,
3440                    1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
3441                    ecdsa_results[k][0], ecdsa_results[k][1]);
3442     }
3443 
3444     testnum = 1;
3445     for (k = 0; k < EC_NUM; k++) {
3446         if (!ecdh_doit[k])
3447             continue;
3448         if (testnum && !mr) {
3449             printf("%30sop      op/s\n", " ");
3450             testnum = 0;
3451         }
3452         if (mr)
3453             printf("+F5:%u:%u:%f:%f\n",
3454                    k, ec_curves[k].bits,
3455                    ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
3456 
3457         else
3458             printf("%4u bits ecdh (%s) %8.4fs %8.1f\n",
3459                    ec_curves[k].bits, ec_curves[k].name,
3460                    1.0 / ecdh_results[k][0], ecdh_results[k][0]);
3461     }
3462 
3463     testnum = 1;
3464     for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) {
3465         if (!eddsa_doit[k])
3466             continue;
3467         if (testnum && !mr) {
3468             printf("%30ssign    verify    sign/s verify/s\n", " ");
3469             testnum = 0;
3470         }
3471 
3472         if (mr)
3473             printf("+F6:%u:%u:%s:%f:%f\n",
3474                    k, ed_curves[k].bits, ed_curves[k].name,
3475                    eddsa_results[k][0], eddsa_results[k][1]);
3476         else
3477             printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3478                    ed_curves[k].bits, ed_curves[k].name,
3479                    1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1],
3480                    eddsa_results[k][0], eddsa_results[k][1]);
3481     }
3482 
3483 #ifndef OPENSSL_NO_SM2
3484     testnum = 1;
3485     for (k = 0; k < OSSL_NELEM(sm2_doit); k++) {
3486         if (!sm2_doit[k])
3487             continue;
3488         if (testnum && !mr) {
3489             printf("%30ssign    verify    sign/s verify/s\n", " ");
3490             testnum = 0;
3491         }
3492 
3493         if (mr)
3494             printf("+F7:%u:%u:%s:%f:%f\n",
3495                    k, sm2_curves[k].bits, sm2_curves[k].name,
3496                    sm2_results[k][0], sm2_results[k][1]);
3497         else
3498             printf("%4u bits SM2 (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3499                    sm2_curves[k].bits, sm2_curves[k].name,
3500                    1.0 / sm2_results[k][0], 1.0 / sm2_results[k][1],
3501                    sm2_results[k][0], sm2_results[k][1]);
3502     }
3503 #endif
3504 #ifndef OPENSSL_NO_DH
3505     testnum = 1;
3506     for (k = 0; k < FFDH_NUM; k++) {
3507         if (!ffdh_doit[k])
3508             continue;
3509         if (testnum && !mr) {
3510             printf("%23sop     op/s\n", " ");
3511             testnum = 0;
3512         }
3513         if (mr)
3514             printf("+F8:%u:%u:%f:%f\n",
3515                    k, ffdh_params[k].bits,
3516                    ffdh_results[k][0], 1.0 / ffdh_results[k][0]);
3517 
3518         else
3519             printf("%4u bits ffdh %8.4fs %8.1f\n",
3520                    ffdh_params[k].bits,
3521                    1.0 / ffdh_results[k][0], ffdh_results[k][0]);
3522     }
3523 #endif /* OPENSSL_NO_DH */
3524 
3525     ret = 0;
3526 
3527  end:
3528     ERR_print_errors(bio_err);
3529     for (i = 0; i < loopargs_len; i++) {
3530         OPENSSL_free(loopargs[i].buf_malloc);
3531         OPENSSL_free(loopargs[i].buf2_malloc);
3532 
3533         BN_free(bn);
3534         EVP_PKEY_CTX_free(genctx);
3535         for (k = 0; k < RSA_NUM; k++) {
3536             EVP_PKEY_CTX_free(loopargs[i].rsa_sign_ctx[k]);
3537             EVP_PKEY_CTX_free(loopargs[i].rsa_verify_ctx[k]);
3538         }
3539 #ifndef OPENSSL_NO_DH
3540         OPENSSL_free(loopargs[i].secret_ff_a);
3541         OPENSSL_free(loopargs[i].secret_ff_b);
3542         for (k = 0; k < FFDH_NUM; k++)
3543             EVP_PKEY_CTX_free(loopargs[i].ffdh_ctx[k]);
3544 #endif
3545         for (k = 0; k < DSA_NUM; k++) {
3546             EVP_PKEY_CTX_free(loopargs[i].dsa_sign_ctx[k]);
3547             EVP_PKEY_CTX_free(loopargs[i].dsa_verify_ctx[k]);
3548         }
3549         for (k = 0; k < ECDSA_NUM; k++) {
3550             EVP_PKEY_CTX_free(loopargs[i].ecdsa_sign_ctx[k]);
3551             EVP_PKEY_CTX_free(loopargs[i].ecdsa_verify_ctx[k]);
3552         }
3553         for (k = 0; k < EC_NUM; k++)
3554             EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
3555         for (k = 0; k < EdDSA_NUM; k++) {
3556             EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]);
3557             EVP_MD_CTX_free(loopargs[i].eddsa_ctx2[k]);
3558         }
3559 #ifndef OPENSSL_NO_SM2
3560         for (k = 0; k < SM2_NUM; k++) {
3561             EVP_PKEY_CTX *pctx = NULL;
3562 
3563             /* free signing ctx */
3564             if (loopargs[i].sm2_ctx[k] != NULL
3565                 && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL)
3566                 EVP_PKEY_CTX_free(pctx);
3567             EVP_MD_CTX_free(loopargs[i].sm2_ctx[k]);
3568             /* free verification ctx */
3569             if (loopargs[i].sm2_vfy_ctx[k] != NULL
3570                 && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL)
3571                 EVP_PKEY_CTX_free(pctx);
3572             EVP_MD_CTX_free(loopargs[i].sm2_vfy_ctx[k]);
3573             /* free pkey */
3574             EVP_PKEY_free(loopargs[i].sm2_pkey[k]);
3575         }
3576 #endif
3577         OPENSSL_free(loopargs[i].secret_a);
3578         OPENSSL_free(loopargs[i].secret_b);
3579     }
3580     OPENSSL_free(evp_hmac_name);
3581     OPENSSL_free(evp_cmac_name);
3582 
3583     if (async_jobs > 0) {
3584         for (i = 0; i < loopargs_len; i++)
3585             ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
3586     }
3587 
3588     if (async_init) {
3589         ASYNC_cleanup_thread();
3590     }
3591     OPENSSL_free(loopargs);
3592     release_engine(e);
3593     EVP_CIPHER_free(evp_cipher);
3594     EVP_MAC_free(mac);
3595     return ret;
3596 }
3597 
print_message(const char * s,long num,int length,int tm)3598 static void print_message(const char *s, long num, int length, int tm)
3599 {
3600     BIO_printf(bio_err,
3601                mr ? "+DT:%s:%d:%d\n"
3602                : "Doing %s for %ds on %d size blocks: ", s, tm, length);
3603     (void)BIO_flush(bio_err);
3604     run = 1;
3605     alarm(tm);
3606 }
3607 
pkey_print_message(const char * str,const char * str2,long num,unsigned int bits,int tm)3608 static void pkey_print_message(const char *str, const char *str2, long num,
3609                                unsigned int bits, int tm)
3610 {
3611     BIO_printf(bio_err,
3612                mr ? "+DTP:%d:%s:%s:%d\n"
3613                : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
3614     (void)BIO_flush(bio_err);
3615     run = 1;
3616     alarm(tm);
3617 }
3618 
print_result(int alg,int run_no,int count,double time_used)3619 static void print_result(int alg, int run_no, int count, double time_used)
3620 {
3621     if (count == -1) {
3622         BIO_printf(bio_err, "%s error!\n", names[alg]);
3623         ERR_print_errors(bio_err);
3624         return;
3625     }
3626     BIO_printf(bio_err,
3627                mr ? "+R:%d:%s:%f\n"
3628                : "%d %s's in %.2fs\n", count, names[alg], time_used);
3629     results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
3630 }
3631 
3632 #ifndef NO_FORK
sstrsep(char ** string,const char * delim)3633 static char *sstrsep(char **string, const char *delim)
3634 {
3635     char isdelim[256];
3636     char *token = *string;
3637 
3638     if (**string == 0)
3639         return NULL;
3640 
3641     memset(isdelim, 0, sizeof(isdelim));
3642     isdelim[0] = 1;
3643 
3644     while (*delim) {
3645         isdelim[(unsigned char)(*delim)] = 1;
3646         delim++;
3647     }
3648 
3649     while (!isdelim[(unsigned char)(**string)])
3650         (*string)++;
3651 
3652     if (**string) {
3653         **string = 0;
3654         (*string)++;
3655     }
3656 
3657     return token;
3658 }
3659 
do_multi(int multi,int size_num)3660 static int do_multi(int multi, int size_num)
3661 {
3662     int n;
3663     int fd[2];
3664     int *fds;
3665     int status;
3666     static char sep[] = ":";
3667 
3668     fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
3669     for (n = 0; n < multi; ++n) {
3670         if (pipe(fd) == -1) {
3671             BIO_printf(bio_err, "pipe failure\n");
3672             exit(1);
3673         }
3674         fflush(stdout);
3675         (void)BIO_flush(bio_err);
3676         if (fork()) {
3677             close(fd[1]);
3678             fds[n] = fd[0];
3679         } else {
3680             close(fd[0]);
3681             close(1);
3682             if (dup(fd[1]) == -1) {
3683                 BIO_printf(bio_err, "dup failed\n");
3684                 exit(1);
3685             }
3686             close(fd[1]);
3687             mr = 1;
3688             usertime = 0;
3689             OPENSSL_free(fds);
3690             return 0;
3691         }
3692         printf("Forked child %d\n", n);
3693     }
3694 
3695     /* for now, assume the pipe is long enough to take all the output */
3696     for (n = 0; n < multi; ++n) {
3697         FILE *f;
3698         char buf[1024];
3699         char *p;
3700 
3701         if ((f = fdopen(fds[n], "r")) == NULL) {
3702             BIO_printf(bio_err, "fdopen failure with 0x%x\n",
3703                        errno);
3704             OPENSSL_free(fds);
3705             return 1;
3706         }
3707         while (fgets(buf, sizeof(buf), f)) {
3708             p = strchr(buf, '\n');
3709             if (p)
3710                 *p = '\0';
3711             if (buf[0] != '+') {
3712                 BIO_printf(bio_err,
3713                            "Don't understand line '%s' from child %d\n", buf,
3714                            n);
3715                 continue;
3716             }
3717             printf("Got: %s from %d\n", buf, n);
3718             if (strncmp(buf, "+F:", 3) == 0) {
3719                 int alg;
3720                 int j;
3721 
3722                 p = buf + 3;
3723                 alg = atoi(sstrsep(&p, sep));
3724                 sstrsep(&p, sep);
3725                 for (j = 0; j < size_num; ++j)
3726                     results[alg][j] += atof(sstrsep(&p, sep));
3727             } else if (strncmp(buf, "+F2:", 4) == 0) {
3728                 int k;
3729                 double d;
3730 
3731                 p = buf + 4;
3732                 k = atoi(sstrsep(&p, sep));
3733                 sstrsep(&p, sep);
3734 
3735                 d = atof(sstrsep(&p, sep));
3736                 rsa_results[k][0] += d;
3737 
3738                 d = atof(sstrsep(&p, sep));
3739                 rsa_results[k][1] += d;
3740             } else if (strncmp(buf, "+F3:", 4) == 0) {
3741                 int k;
3742                 double d;
3743 
3744                 p = buf + 4;
3745                 k = atoi(sstrsep(&p, sep));
3746                 sstrsep(&p, sep);
3747 
3748                 d = atof(sstrsep(&p, sep));
3749                 dsa_results[k][0] += d;
3750 
3751                 d = atof(sstrsep(&p, sep));
3752                 dsa_results[k][1] += d;
3753             } else if (strncmp(buf, "+F4:", 4) == 0) {
3754                 int k;
3755                 double d;
3756 
3757                 p = buf + 4;
3758                 k = atoi(sstrsep(&p, sep));
3759                 sstrsep(&p, sep);
3760 
3761                 d = atof(sstrsep(&p, sep));
3762                 ecdsa_results[k][0] += d;
3763 
3764                 d = atof(sstrsep(&p, sep));
3765                 ecdsa_results[k][1] += d;
3766             } else if (strncmp(buf, "+F5:", 4) == 0) {
3767                 int k;
3768                 double d;
3769 
3770                 p = buf + 4;
3771                 k = atoi(sstrsep(&p, sep));
3772                 sstrsep(&p, sep);
3773 
3774                 d = atof(sstrsep(&p, sep));
3775                 ecdh_results[k][0] += d;
3776             } else if (strncmp(buf, "+F6:", 4) == 0) {
3777                 int k;
3778                 double d;
3779 
3780                 p = buf + 4;
3781                 k = atoi(sstrsep(&p, sep));
3782                 sstrsep(&p, sep);
3783                 sstrsep(&p, sep);
3784 
3785                 d = atof(sstrsep(&p, sep));
3786                 eddsa_results[k][0] += d;
3787 
3788                 d = atof(sstrsep(&p, sep));
3789                 eddsa_results[k][1] += d;
3790 # ifndef OPENSSL_NO_SM2
3791             } else if (strncmp(buf, "+F7:", 4) == 0) {
3792                 int k;
3793                 double d;
3794 
3795                 p = buf + 4;
3796                 k = atoi(sstrsep(&p, sep));
3797                 sstrsep(&p, sep);
3798                 sstrsep(&p, sep);
3799 
3800                 d = atof(sstrsep(&p, sep));
3801                 sm2_results[k][0] += d;
3802 
3803                 d = atof(sstrsep(&p, sep));
3804                 sm2_results[k][1] += d;
3805 # endif /* OPENSSL_NO_SM2 */
3806 # ifndef OPENSSL_NO_DH
3807             } else if (strncmp(buf, "+F8:", 4) == 0) {
3808                 int k;
3809                 double d;
3810 
3811                 p = buf + 4;
3812                 k = atoi(sstrsep(&p, sep));
3813                 sstrsep(&p, sep);
3814 
3815                 d = atof(sstrsep(&p, sep));
3816                 ffdh_results[k][0] += d;
3817 # endif /* OPENSSL_NO_DH */
3818             } else if (strncmp(buf, "+H:", 3) == 0) {
3819                 ;
3820             } else {
3821                 BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
3822                            n);
3823             }
3824         }
3825 
3826         fclose(f);
3827     }
3828     OPENSSL_free(fds);
3829     for (n = 0; n < multi; ++n) {
3830         while (wait(&status) == -1)
3831             if (errno != EINTR) {
3832                 BIO_printf(bio_err, "Waitng for child failed with 0x%x\n",
3833                            errno);
3834                 return 1;
3835             }
3836         if (WIFEXITED(status) && WEXITSTATUS(status)) {
3837             BIO_printf(bio_err, "Child exited with %d\n", WEXITSTATUS(status));
3838         } else if (WIFSIGNALED(status)) {
3839             BIO_printf(bio_err, "Child terminated by signal %d\n",
3840                        WTERMSIG(status));
3841         }
3842     }
3843     return 1;
3844 }
3845 #endif
3846 
multiblock_speed(const EVP_CIPHER * evp_cipher,int lengths_single,const openssl_speed_sec_t * seconds)3847 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
3848                              const openssl_speed_sec_t *seconds)
3849 {
3850     static const int mblengths_list[] =
3851         { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
3852     const int *mblengths = mblengths_list;
3853     int j, count, keylen, num = OSSL_NELEM(mblengths_list);
3854     const char *alg_name;
3855     unsigned char *inp = NULL, *out = NULL, *key, no_key[32], no_iv[16];
3856     EVP_CIPHER_CTX *ctx = NULL;
3857     double d = 0.0;
3858 
3859     if (lengths_single) {
3860         mblengths = &lengths_single;
3861         num = 1;
3862     }
3863 
3864     inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
3865     out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
3866     if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
3867         app_bail_out("failed to allocate cipher context\n");
3868     if (!EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv))
3869         app_bail_out("failed to initialise cipher context\n");
3870 
3871     if ((keylen = EVP_CIPHER_CTX_get_key_length(ctx)) < 0) {
3872         BIO_printf(bio_err, "Impossible negative key length: %d\n", keylen);
3873         goto err;
3874     }
3875     key = app_malloc(keylen, "evp_cipher key");
3876     if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
3877         app_bail_out("failed to generate random cipher key\n");
3878     if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL))
3879         app_bail_out("failed to set cipher key\n");
3880     OPENSSL_clear_free(key, keylen);
3881 
3882     if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
3883                              sizeof(no_key), no_key) <= 0)
3884         app_bail_out("failed to set AEAD key\n");
3885     if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
3886         app_bail_out("failed to get cipher name\n");
3887 
3888     for (j = 0; j < num; j++) {
3889         print_message(alg_name, 0, mblengths[j], seconds->sym);
3890         Time_F(START);
3891         for (count = 0; run && count < INT_MAX; count++) {
3892             EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
3893             size_t len = mblengths[j];
3894             int packlen;
3895 
3896             memset(aad, 0, 8);  /* avoid uninitialized values */
3897             aad[8] = 23;        /* SSL3_RT_APPLICATION_DATA */
3898             aad[9] = 3;         /* version */
3899             aad[10] = 2;
3900             aad[11] = 0;        /* length */
3901             aad[12] = 0;
3902             mb_param.out = NULL;
3903             mb_param.inp = aad;
3904             mb_param.len = len;
3905             mb_param.interleave = 8;
3906 
3907             packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
3908                                           sizeof(mb_param), &mb_param);
3909 
3910             if (packlen > 0) {
3911                 mb_param.out = out;
3912                 mb_param.inp = inp;
3913                 mb_param.len = len;
3914                 (void)EVP_CIPHER_CTX_ctrl(ctx,
3915                                           EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
3916                                           sizeof(mb_param), &mb_param);
3917             } else {
3918                 int pad;
3919 
3920                 if (RAND_bytes(inp, 16) <= 0)
3921                     app_bail_out("error setting random bytes\n");
3922                 len += 16;
3923                 aad[11] = (unsigned char)(len >> 8);
3924                 aad[12] = (unsigned char)(len);
3925                 pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
3926                                           EVP_AEAD_TLS1_AAD_LEN, aad);
3927                 EVP_Cipher(ctx, out, inp, len + pad);
3928             }
3929         }
3930         d = Time_F(STOP);
3931         BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
3932                    : "%d %s's in %.2fs\n", count, "evp", d);
3933         results[D_EVP][j] = ((double)count) / d * mblengths[j];
3934     }
3935 
3936     if (mr) {
3937         fprintf(stdout, "+H");
3938         for (j = 0; j < num; j++)
3939             fprintf(stdout, ":%d", mblengths[j]);
3940         fprintf(stdout, "\n");
3941         fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
3942         for (j = 0; j < num; j++)
3943             fprintf(stdout, ":%.2f", results[D_EVP][j]);
3944         fprintf(stdout, "\n");
3945     } else {
3946         fprintf(stdout,
3947                 "The 'numbers' are in 1000s of bytes per second processed.\n");
3948         fprintf(stdout, "type                    ");
3949         for (j = 0; j < num; j++)
3950             fprintf(stdout, "%7d bytes", mblengths[j]);
3951         fprintf(stdout, "\n");
3952         fprintf(stdout, "%-24s", alg_name);
3953 
3954         for (j = 0; j < num; j++) {
3955             if (results[D_EVP][j] > 10000)
3956                 fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
3957             else
3958                 fprintf(stdout, " %11.2f ", results[D_EVP][j]);
3959         }
3960         fprintf(stdout, "\n");
3961     }
3962 
3963  err:
3964     OPENSSL_free(inp);
3965     OPENSSL_free(out);
3966     EVP_CIPHER_CTX_free(ctx);
3967 }
3968