1 /*
2 * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 #undef SECONDS
12 #define SECONDS 3
13 #define PKEY_SECONDS 10
14
15 #define RSA_SECONDS PKEY_SECONDS
16 #define DSA_SECONDS PKEY_SECONDS
17 #define ECDSA_SECONDS PKEY_SECONDS
18 #define ECDH_SECONDS PKEY_SECONDS
19 #define EdDSA_SECONDS PKEY_SECONDS
20 #define SM2_SECONDS PKEY_SECONDS
21 #define FFDH_SECONDS PKEY_SECONDS
22
23 /* We need to use some deprecated APIs */
24 #define OPENSSL_SUPPRESS_DEPRECATED
25
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <math.h>
30 #include "apps.h"
31 #include "progs.h"
32 #include "internal/numbers.h"
33 #include <openssl/crypto.h>
34 #include <openssl/rand.h>
35 #include <openssl/err.h>
36 #include <openssl/evp.h>
37 #include <openssl/objects.h>
38 #include <openssl/core_names.h>
39 #include <openssl/async.h>
40 #if !defined(OPENSSL_SYS_MSDOS)
41 # include <unistd.h>
42 #endif
43
44 #if defined(__TANDEM)
45 # if defined(OPENSSL_TANDEM_FLOSS)
46 # include <floss.h(floss_fork)>
47 # endif
48 #endif
49
50 #if defined(_WIN32)
51 # include <windows.h>
52 #endif
53
54 #include <openssl/bn.h>
55 #include <openssl/rsa.h>
56 #include "./testrsa.h"
57 #ifndef OPENSSL_NO_DH
58 # include <openssl/dh.h>
59 #endif
60 #include <openssl/x509.h>
61 #include <openssl/dsa.h>
62 #include "./testdsa.h"
63 #include <openssl/modes.h>
64
65 #ifndef HAVE_FORK
66 # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
67 # define HAVE_FORK 0
68 # else
69 # define HAVE_FORK 1
70 # include <sys/wait.h>
71 # endif
72 #endif
73
74 #if HAVE_FORK
75 # undef NO_FORK
76 #else
77 # define NO_FORK
78 #endif
79
80 #define MAX_MISALIGNMENT 63
81 #define MAX_ECDH_SIZE 256
82 #define MISALIGN 64
83 #define MAX_FFDH_SIZE 1024
84
85 #ifndef RSA_DEFAULT_PRIME_NUM
86 # define RSA_DEFAULT_PRIME_NUM 2
87 #endif
88
89 typedef struct openssl_speed_sec_st {
90 int sym;
91 int rsa;
92 int dsa;
93 int ecdsa;
94 int ecdh;
95 int eddsa;
96 int sm2;
97 int ffdh;
98 } openssl_speed_sec_t;
99
100 static volatile int run = 0;
101
102 static int mr = 0; /* machine-readeable output format to merge fork results */
103 static int usertime = 1;
104
105 static double Time_F(int s);
106 static void print_message(const char *s, long num, int length, int tm);
107 static void pkey_print_message(const char *str, const char *str2,
108 long num, unsigned int bits, int sec);
109 static void print_result(int alg, int run_no, int count, double time_used);
110 #ifndef NO_FORK
111 static int do_multi(int multi, int size_num);
112 #endif
113
114 static const int lengths_list[] = {
115 16, 64, 256, 1024, 8 * 1024, 16 * 1024
116 };
117 #define SIZE_NUM OSSL_NELEM(lengths_list)
118 static const int *lengths = lengths_list;
119
120 static const int aead_lengths_list[] = {
121 2, 31, 136, 1024, 8 * 1024, 16 * 1024
122 };
123
124 #define START 0
125 #define STOP 1
126
127 #ifdef SIGALRM
128
alarmed(int sig)129 static void alarmed(int sig)
130 {
131 signal(SIGALRM, alarmed);
132 run = 0;
133 }
134
Time_F(int s)135 static double Time_F(int s)
136 {
137 double ret = app_tminterval(s, usertime);
138 if (s == STOP)
139 alarm(0);
140 return ret;
141 }
142
143 #elif defined(_WIN32)
144
145 # define SIGALRM -1
146
147 static unsigned int lapse;
148 static volatile unsigned int schlock;
alarm_win32(unsigned int secs)149 static void alarm_win32(unsigned int secs)
150 {
151 lapse = secs * 1000;
152 }
153
154 # define alarm alarm_win32
155
sleepy(VOID * arg)156 static DWORD WINAPI sleepy(VOID * arg)
157 {
158 schlock = 1;
159 Sleep(lapse);
160 run = 0;
161 return 0;
162 }
163
Time_F(int s)164 static double Time_F(int s)
165 {
166 double ret;
167 static HANDLE thr;
168
169 if (s == START) {
170 schlock = 0;
171 thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
172 if (thr == NULL) {
173 DWORD err = GetLastError();
174 BIO_printf(bio_err, "unable to CreateThread (%lu)", err);
175 ExitProcess(err);
176 }
177 while (!schlock)
178 Sleep(0); /* scheduler spinlock */
179 ret = app_tminterval(s, usertime);
180 } else {
181 ret = app_tminterval(s, usertime);
182 if (run)
183 TerminateThread(thr, 0);
184 CloseHandle(thr);
185 }
186
187 return ret;
188 }
189 #else
190 # error "SIGALRM not defined and the platform is not Windows"
191 #endif
192
193 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
194 const openssl_speed_sec_t *seconds);
195
opt_found(const char * name,unsigned int * result,const OPT_PAIR pairs[],unsigned int nbelem)196 static int opt_found(const char *name, unsigned int *result,
197 const OPT_PAIR pairs[], unsigned int nbelem)
198 {
199 unsigned int idx;
200
201 for (idx = 0; idx < nbelem; ++idx, pairs++)
202 if (strcmp(name, pairs->name) == 0) {
203 *result = pairs->retval;
204 return 1;
205 }
206 return 0;
207 }
208 #define opt_found(value, pairs, result)\
209 opt_found(value, result, pairs, OSSL_NELEM(pairs))
210
211 typedef enum OPTION_choice {
212 OPT_COMMON,
213 OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
214 OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM,
215 OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC
216 } OPTION_CHOICE;
217
218 const OPTIONS speed_options[] = {
219 {OPT_HELP_STR, 1, '-', "Usage: %s [options] [algorithm...]\n"},
220
221 OPT_SECTION("General"),
222 {"help", OPT_HELP, '-', "Display this summary"},
223 {"mb", OPT_MB, '-',
224 "Enable (tls1>=1) multi-block mode on EVP-named cipher"},
225 {"mr", OPT_MR, '-', "Produce machine readable output"},
226 #ifndef NO_FORK
227 {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
228 #endif
229 #ifndef OPENSSL_NO_ASYNC
230 {"async_jobs", OPT_ASYNCJOBS, 'p',
231 "Enable async mode and start specified number of jobs"},
232 #endif
233 #ifndef OPENSSL_NO_ENGINE
234 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
235 #endif
236 {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
237
238 OPT_SECTION("Selection"),
239 {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
240 {"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"},
241 {"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"},
242 {"decrypt", OPT_DECRYPT, '-',
243 "Time decryption instead of encryption (only EVP)"},
244 {"aead", OPT_AEAD, '-',
245 "Benchmark EVP-named AEAD cipher in TLS-like sequence"},
246
247 OPT_SECTION("Timing"),
248 {"elapsed", OPT_ELAPSED, '-',
249 "Use wall-clock time instead of CPU user time as divisor"},
250 {"seconds", OPT_SECONDS, 'p',
251 "Run benchmarks for specified amount of seconds"},
252 {"bytes", OPT_BYTES, 'p',
253 "Run [non-PKI] benchmarks on custom-sized buffer"},
254 {"misalign", OPT_MISALIGN, 'p',
255 "Use specified offset to mis-align buffers"},
256
257 OPT_R_OPTIONS,
258 OPT_PROV_OPTIONS,
259
260 OPT_PARAMETERS(),
261 {"algorithm", 0, 0, "Algorithm(s) to test (optional; otherwise tests all)"},
262 {NULL}
263 };
264
265 enum {
266 D_MD2, D_MDC2, D_MD4, D_MD5, D_SHA1, D_RMD160,
267 D_SHA256, D_SHA512, D_WHIRLPOOL, D_HMAC,
268 D_CBC_DES, D_EDE3_DES, D_RC4, D_CBC_IDEA, D_CBC_SEED,
269 D_CBC_RC2, D_CBC_RC5, D_CBC_BF, D_CBC_CAST,
270 D_CBC_128_AES, D_CBC_192_AES, D_CBC_256_AES,
271 D_CBC_128_CML, D_CBC_192_CML, D_CBC_256_CML,
272 D_EVP, D_GHASH, D_RAND, D_EVP_CMAC, ALGOR_NUM
273 };
274 /* name of algorithms to test. MUST BE KEEP IN SYNC with above enum ! */
275 static const char *names[ALGOR_NUM] = {
276 "md2", "mdc2", "md4", "md5", "sha1", "rmd160",
277 "sha256", "sha512", "whirlpool", "hmac(md5)",
278 "des-cbc", "des-ede3", "rc4", "idea-cbc", "seed-cbc",
279 "rc2-cbc", "rc5-cbc", "blowfish", "cast-cbc",
280 "aes-128-cbc", "aes-192-cbc", "aes-256-cbc",
281 "camellia-128-cbc", "camellia-192-cbc", "camellia-256-cbc",
282 "evp", "ghash", "rand", "cmac"
283 };
284
285 /* list of configured algorithm (remaining), with some few alias */
286 static const OPT_PAIR doit_choices[] = {
287 {"md2", D_MD2},
288 {"mdc2", D_MDC2},
289 {"md4", D_MD4},
290 {"md5", D_MD5},
291 {"hmac", D_HMAC},
292 {"sha1", D_SHA1},
293 {"sha256", D_SHA256},
294 {"sha512", D_SHA512},
295 {"whirlpool", D_WHIRLPOOL},
296 {"ripemd", D_RMD160},
297 {"rmd160", D_RMD160},
298 {"ripemd160", D_RMD160},
299 {"rc4", D_RC4},
300 {"des-cbc", D_CBC_DES},
301 {"des-ede3", D_EDE3_DES},
302 {"aes-128-cbc", D_CBC_128_AES},
303 {"aes-192-cbc", D_CBC_192_AES},
304 {"aes-256-cbc", D_CBC_256_AES},
305 {"camellia-128-cbc", D_CBC_128_CML},
306 {"camellia-192-cbc", D_CBC_192_CML},
307 {"camellia-256-cbc", D_CBC_256_CML},
308 {"rc2-cbc", D_CBC_RC2},
309 {"rc2", D_CBC_RC2},
310 {"rc5-cbc", D_CBC_RC5},
311 {"rc5", D_CBC_RC5},
312 {"idea-cbc", D_CBC_IDEA},
313 {"idea", D_CBC_IDEA},
314 {"seed-cbc", D_CBC_SEED},
315 {"seed", D_CBC_SEED},
316 {"bf-cbc", D_CBC_BF},
317 {"blowfish", D_CBC_BF},
318 {"bf", D_CBC_BF},
319 {"cast-cbc", D_CBC_CAST},
320 {"cast", D_CBC_CAST},
321 {"cast5", D_CBC_CAST},
322 {"ghash", D_GHASH},
323 {"rand", D_RAND}
324 };
325
326 static double results[ALGOR_NUM][SIZE_NUM];
327
328 enum { R_DSA_512, R_DSA_1024, R_DSA_2048, DSA_NUM };
329 static const OPT_PAIR dsa_choices[DSA_NUM] = {
330 {"dsa512", R_DSA_512},
331 {"dsa1024", R_DSA_1024},
332 {"dsa2048", R_DSA_2048}
333 };
334 static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
335
336 enum {
337 R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680,
338 R_RSA_15360, RSA_NUM
339 };
340 static const OPT_PAIR rsa_choices[RSA_NUM] = {
341 {"rsa512", R_RSA_512},
342 {"rsa1024", R_RSA_1024},
343 {"rsa2048", R_RSA_2048},
344 {"rsa3072", R_RSA_3072},
345 {"rsa4096", R_RSA_4096},
346 {"rsa7680", R_RSA_7680},
347 {"rsa15360", R_RSA_15360}
348 };
349
350 static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
351
352 #ifndef OPENSSL_NO_DH
353 enum ff_params_t {
354 R_FFDH_2048, R_FFDH_3072, R_FFDH_4096, R_FFDH_6144, R_FFDH_8192, FFDH_NUM
355 };
356
357 static const OPT_PAIR ffdh_choices[FFDH_NUM] = {
358 {"ffdh2048", R_FFDH_2048},
359 {"ffdh3072", R_FFDH_3072},
360 {"ffdh4096", R_FFDH_4096},
361 {"ffdh6144", R_FFDH_6144},
362 {"ffdh8192", R_FFDH_8192},
363 };
364
365 static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
366 #endif /* OPENSSL_NO_DH */
367
368 enum ec_curves_t {
369 R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
370 #ifndef OPENSSL_NO_EC2M
371 R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
372 R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
373 #endif
374 R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1,
375 R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM
376 };
377 /* list of ecdsa curves */
378 static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
379 {"ecdsap160", R_EC_P160},
380 {"ecdsap192", R_EC_P192},
381 {"ecdsap224", R_EC_P224},
382 {"ecdsap256", R_EC_P256},
383 {"ecdsap384", R_EC_P384},
384 {"ecdsap521", R_EC_P521},
385 #ifndef OPENSSL_NO_EC2M
386 {"ecdsak163", R_EC_K163},
387 {"ecdsak233", R_EC_K233},
388 {"ecdsak283", R_EC_K283},
389 {"ecdsak409", R_EC_K409},
390 {"ecdsak571", R_EC_K571},
391 {"ecdsab163", R_EC_B163},
392 {"ecdsab233", R_EC_B233},
393 {"ecdsab283", R_EC_B283},
394 {"ecdsab409", R_EC_B409},
395 {"ecdsab571", R_EC_B571},
396 #endif
397 {"ecdsabrp256r1", R_EC_BRP256R1},
398 {"ecdsabrp256t1", R_EC_BRP256T1},
399 {"ecdsabrp384r1", R_EC_BRP384R1},
400 {"ecdsabrp384t1", R_EC_BRP384T1},
401 {"ecdsabrp512r1", R_EC_BRP512R1},
402 {"ecdsabrp512t1", R_EC_BRP512T1}
403 };
404 enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
405 /* list of ecdh curves, extension of |ecdsa_choices| list above */
406 static const OPT_PAIR ecdh_choices[EC_NUM] = {
407 {"ecdhp160", R_EC_P160},
408 {"ecdhp192", R_EC_P192},
409 {"ecdhp224", R_EC_P224},
410 {"ecdhp256", R_EC_P256},
411 {"ecdhp384", R_EC_P384},
412 {"ecdhp521", R_EC_P521},
413 #ifndef OPENSSL_NO_EC2M
414 {"ecdhk163", R_EC_K163},
415 {"ecdhk233", R_EC_K233},
416 {"ecdhk283", R_EC_K283},
417 {"ecdhk409", R_EC_K409},
418 {"ecdhk571", R_EC_K571},
419 {"ecdhb163", R_EC_B163},
420 {"ecdhb233", R_EC_B233},
421 {"ecdhb283", R_EC_B283},
422 {"ecdhb409", R_EC_B409},
423 {"ecdhb571", R_EC_B571},
424 #endif
425 {"ecdhbrp256r1", R_EC_BRP256R1},
426 {"ecdhbrp256t1", R_EC_BRP256T1},
427 {"ecdhbrp384r1", R_EC_BRP384R1},
428 {"ecdhbrp384t1", R_EC_BRP384T1},
429 {"ecdhbrp512r1", R_EC_BRP512R1},
430 {"ecdhbrp512t1", R_EC_BRP512T1},
431 {"ecdhx25519", R_EC_X25519},
432 {"ecdhx448", R_EC_X448}
433 };
434
435 static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */
436 static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
437
438 enum { R_EC_Ed25519, R_EC_Ed448, EdDSA_NUM };
439 static const OPT_PAIR eddsa_choices[EdDSA_NUM] = {
440 {"ed25519", R_EC_Ed25519},
441 {"ed448", R_EC_Ed448}
442
443 };
444 static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */
445
446 #ifndef OPENSSL_NO_SM2
447 enum { R_EC_CURVESM2, SM2_NUM };
448 static const OPT_PAIR sm2_choices[SM2_NUM] = {
449 {"curveSM2", R_EC_CURVESM2}
450 };
451 # define SM2_ID "TLSv1.3+GM+Cipher+Suite"
452 # define SM2_ID_LEN sizeof("TLSv1.3+GM+Cipher+Suite") - 1
453 static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */
454 #endif /* OPENSSL_NO_SM2 */
455
456 #define COND(unused_cond) (run && count < INT_MAX)
457 #define COUNT(d) (count)
458
459 #define TAG_LEN 16
460
461 static unsigned int mode_op; /* AE Mode of operation */
462 static unsigned int aead = 0; /* AEAD flag */
463 static unsigned char aead_iv[12]; /* For AEAD modes */
464 static unsigned char aad[EVP_AEAD_TLS1_AAD_LEN] = { 0xcc };
465 static int aead_ivlen = sizeof(aead_iv);
466
467 typedef struct loopargs_st {
468 ASYNC_JOB *inprogress_job;
469 ASYNC_WAIT_CTX *wait_ctx;
470 unsigned char *buf;
471 unsigned char *buf2;
472 unsigned char *buf_malloc;
473 unsigned char *buf2_malloc;
474 unsigned char *key;
475 unsigned char tag[TAG_LEN];
476 size_t buflen;
477 size_t sigsize;
478 EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM];
479 EVP_PKEY_CTX *rsa_verify_ctx[RSA_NUM];
480 EVP_PKEY_CTX *dsa_sign_ctx[DSA_NUM];
481 EVP_PKEY_CTX *dsa_verify_ctx[DSA_NUM];
482 EVP_PKEY_CTX *ecdsa_sign_ctx[ECDSA_NUM];
483 EVP_PKEY_CTX *ecdsa_verify_ctx[ECDSA_NUM];
484 EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
485 EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
486 EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM];
487 #ifndef OPENSSL_NO_SM2
488 EVP_MD_CTX *sm2_ctx[SM2_NUM];
489 EVP_MD_CTX *sm2_vfy_ctx[SM2_NUM];
490 EVP_PKEY *sm2_pkey[SM2_NUM];
491 #endif
492 unsigned char *secret_a;
493 unsigned char *secret_b;
494 size_t outlen[EC_NUM];
495 #ifndef OPENSSL_NO_DH
496 EVP_PKEY_CTX *ffdh_ctx[FFDH_NUM];
497 unsigned char *secret_ff_a;
498 unsigned char *secret_ff_b;
499 #endif
500 EVP_CIPHER_CTX *ctx;
501 EVP_MAC_CTX *mctx;
502 } loopargs_t;
503 static int run_benchmark(int async_jobs, int (*loop_function) (void *),
504 loopargs_t * loopargs);
505
506 static unsigned int testnum;
507
508 /* Nb of iterations to do per algorithm and key-size */
509 static long c[ALGOR_NUM][SIZE_NUM];
510
511 static char *evp_mac_mdname = "md5";
512 static char *evp_hmac_name = NULL;
513 static const char *evp_md_name = NULL;
514 static char *evp_mac_ciphername = "aes-128-cbc";
515 static char *evp_cmac_name = NULL;
516
have_md(const char * name)517 static int have_md(const char *name)
518 {
519 int ret = 0;
520 EVP_MD *md = NULL;
521
522 if (opt_md_silent(name, &md)) {
523 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
524
525 if (ctx != NULL && EVP_DigestInit(ctx, md) > 0)
526 ret = 1;
527 EVP_MD_CTX_free(ctx);
528 EVP_MD_free(md);
529 }
530 return ret;
531 }
532
have_cipher(const char * name)533 static int have_cipher(const char *name)
534 {
535 int ret = 0;
536 EVP_CIPHER *cipher = NULL;
537
538 if (opt_cipher_silent(name, &cipher)) {
539 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
540
541 if (ctx != NULL
542 && EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) > 0)
543 ret = 1;
544 EVP_CIPHER_CTX_free(ctx);
545 EVP_CIPHER_free(cipher);
546 }
547 return ret;
548 }
549
EVP_Digest_loop(const char * mdname,int algindex,void * args)550 static int EVP_Digest_loop(const char *mdname, int algindex, void *args)
551 {
552 loopargs_t *tempargs = *(loopargs_t **) args;
553 unsigned char *buf = tempargs->buf;
554 unsigned char digest[EVP_MAX_MD_SIZE];
555 int count;
556 EVP_MD *md = NULL;
557
558 if (!opt_md_silent(mdname, &md))
559 return -1;
560 for (count = 0; COND(c[algindex][testnum]); count++) {
561 if (!EVP_Digest(buf, (size_t)lengths[testnum], digest, NULL, md,
562 NULL)) {
563 count = -1;
564 break;
565 }
566 }
567 EVP_MD_free(md);
568 return count;
569 }
570
EVP_Digest_md_loop(void * args)571 static int EVP_Digest_md_loop(void *args)
572 {
573 return EVP_Digest_loop(evp_md_name, D_EVP, args);
574 }
575
EVP_Digest_MD2_loop(void * args)576 static int EVP_Digest_MD2_loop(void *args)
577 {
578 return EVP_Digest_loop("md2", D_MD2, args);
579 }
580
EVP_Digest_MDC2_loop(void * args)581 static int EVP_Digest_MDC2_loop(void *args)
582 {
583 return EVP_Digest_loop("mdc2", D_MDC2, args);
584 }
585
EVP_Digest_MD4_loop(void * args)586 static int EVP_Digest_MD4_loop(void *args)
587 {
588 return EVP_Digest_loop("md4", D_MD4, args);
589 }
590
MD5_loop(void * args)591 static int MD5_loop(void *args)
592 {
593 return EVP_Digest_loop("md5", D_MD5, args);
594 }
595
EVP_MAC_loop(int algindex,void * args)596 static int EVP_MAC_loop(int algindex, void *args)
597 {
598 loopargs_t *tempargs = *(loopargs_t **) args;
599 unsigned char *buf = tempargs->buf;
600 EVP_MAC_CTX *mctx = tempargs->mctx;
601 unsigned char mac[EVP_MAX_MD_SIZE];
602 int count;
603
604 for (count = 0; COND(c[algindex][testnum]); count++) {
605 size_t outl;
606
607 if (!EVP_MAC_init(mctx, NULL, 0, NULL)
608 || !EVP_MAC_update(mctx, buf, lengths[testnum])
609 || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
610 return -1;
611 }
612 return count;
613 }
614
HMAC_loop(void * args)615 static int HMAC_loop(void *args)
616 {
617 return EVP_MAC_loop(D_HMAC, args);
618 }
619
CMAC_loop(void * args)620 static int CMAC_loop(void *args)
621 {
622 return EVP_MAC_loop(D_EVP_CMAC, args);
623 }
624
SHA1_loop(void * args)625 static int SHA1_loop(void *args)
626 {
627 return EVP_Digest_loop("sha1", D_SHA1, args);
628 }
629
SHA256_loop(void * args)630 static int SHA256_loop(void *args)
631 {
632 return EVP_Digest_loop("sha256", D_SHA256, args);
633 }
634
SHA512_loop(void * args)635 static int SHA512_loop(void *args)
636 {
637 return EVP_Digest_loop("sha512", D_SHA512, args);
638 }
639
WHIRLPOOL_loop(void * args)640 static int WHIRLPOOL_loop(void *args)
641 {
642 return EVP_Digest_loop("whirlpool", D_WHIRLPOOL, args);
643 }
644
EVP_Digest_RMD160_loop(void * args)645 static int EVP_Digest_RMD160_loop(void *args)
646 {
647 return EVP_Digest_loop("ripemd160", D_RMD160, args);
648 }
649
650 static int algindex;
651
EVP_Cipher_loop(void * args)652 static int EVP_Cipher_loop(void *args)
653 {
654 loopargs_t *tempargs = *(loopargs_t **) args;
655 unsigned char *buf = tempargs->buf;
656 int count;
657
658 if (tempargs->ctx == NULL)
659 return -1;
660 for (count = 0; COND(c[algindex][testnum]); count++)
661 if (EVP_Cipher(tempargs->ctx, buf, buf, (size_t)lengths[testnum]) <= 0)
662 return -1;
663 return count;
664 }
665
GHASH_loop(void * args)666 static int GHASH_loop(void *args)
667 {
668 loopargs_t *tempargs = *(loopargs_t **) args;
669 unsigned char *buf = tempargs->buf;
670 EVP_MAC_CTX *mctx = tempargs->mctx;
671 int count;
672
673 /* just do the update in the loop to be comparable with 1.1.1 */
674 for (count = 0; COND(c[D_GHASH][testnum]); count++) {
675 if (!EVP_MAC_update(mctx, buf, lengths[testnum]))
676 return -1;
677 }
678 return count;
679 }
680
681 #define MAX_BLOCK_SIZE 128
682
683 static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
684
init_evp_cipher_ctx(const char * ciphername,const unsigned char * key,int keylen)685 static EVP_CIPHER_CTX *init_evp_cipher_ctx(const char *ciphername,
686 const unsigned char *key,
687 int keylen)
688 {
689 EVP_CIPHER_CTX *ctx = NULL;
690 EVP_CIPHER *cipher = NULL;
691
692 if (!opt_cipher_silent(ciphername, &cipher))
693 return NULL;
694
695 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
696 goto end;
697
698 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)) {
699 EVP_CIPHER_CTX_free(ctx);
700 ctx = NULL;
701 goto end;
702 }
703
704 if (EVP_CIPHER_CTX_set_key_length(ctx, keylen) <= 0) {
705 EVP_CIPHER_CTX_free(ctx);
706 ctx = NULL;
707 goto end;
708 }
709
710 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1)) {
711 EVP_CIPHER_CTX_free(ctx);
712 ctx = NULL;
713 goto end;
714 }
715
716 end:
717 EVP_CIPHER_free(cipher);
718 return ctx;
719 }
720
RAND_bytes_loop(void * args)721 static int RAND_bytes_loop(void *args)
722 {
723 loopargs_t *tempargs = *(loopargs_t **) args;
724 unsigned char *buf = tempargs->buf;
725 int count;
726
727 for (count = 0; COND(c[D_RAND][testnum]); count++)
728 RAND_bytes(buf, lengths[testnum]);
729 return count;
730 }
731
732 static int decrypt = 0;
EVP_Update_loop(void * args)733 static int EVP_Update_loop(void *args)
734 {
735 loopargs_t *tempargs = *(loopargs_t **) args;
736 unsigned char *buf = tempargs->buf;
737 EVP_CIPHER_CTX *ctx = tempargs->ctx;
738 int outl, count, rc;
739
740 if (decrypt) {
741 for (count = 0; COND(c[D_EVP][testnum]); count++) {
742 rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
743 if (rc != 1) {
744 /* reset iv in case of counter overflow */
745 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
746 }
747 }
748 } else {
749 for (count = 0; COND(c[D_EVP][testnum]); count++) {
750 rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
751 if (rc != 1) {
752 /* reset iv in case of counter overflow */
753 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
754 }
755 }
756 }
757 if (decrypt)
758 EVP_DecryptFinal_ex(ctx, buf, &outl);
759 else
760 EVP_EncryptFinal_ex(ctx, buf, &outl);
761 return count;
762 }
763
764 /*
765 * To make AEAD benchmarking more relevant perform TLS-like operations,
766 * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
767 * payload length is not actually limited by 16KB...
768 * CCM does not support streaming. For the purpose of performance measurement,
769 * each message is encrypted using the same (key,iv)-pair. Do not use this
770 * code in your application.
771 */
EVP_Update_loop_aead_enc(void * args)772 static int EVP_Update_loop_aead_enc(void *args)
773 {
774 loopargs_t *tempargs = *(loopargs_t **) args;
775 unsigned char *buf = tempargs->buf;
776 unsigned char *key = tempargs->key;
777 EVP_CIPHER_CTX *ctx = tempargs->ctx;
778 int outl, count, realcount = 0;
779
780 for (count = 0; COND(c[D_EVP][testnum]); count++) {
781 /* Set length of iv (Doesn't apply to SIV mode) */
782 if (mode_op != EVP_CIPH_SIV_MODE) {
783 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
784 aead_ivlen, NULL)) {
785 BIO_printf(bio_err, "\nFailed to set iv length\n");
786 ERR_print_errors(bio_err);
787 exit(1);
788 }
789 }
790 /* Set tag_len (Not for GCM/SIV at encryption stage) */
791 if (mode_op != EVP_CIPH_GCM_MODE
792 && mode_op != EVP_CIPH_SIV_MODE) {
793 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
794 TAG_LEN, NULL)) {
795 BIO_printf(bio_err, "\nFailed to set tag length\n");
796 ERR_print_errors(bio_err);
797 exit(1);
798 }
799 }
800 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) {
801 BIO_printf(bio_err, "\nFailed to set key and iv\n");
802 ERR_print_errors(bio_err);
803 exit(1);
804 }
805 /* Set total length of input. Only required for CCM */
806 if (mode_op == EVP_CIPH_CCM_MODE) {
807 if (!EVP_EncryptUpdate(ctx, NULL, &outl,
808 NULL, lengths[testnum])) {
809 BIO_printf(bio_err, "\nCouldn't set input text length\n");
810 ERR_print_errors(bio_err);
811 exit(1);
812 }
813 }
814 if (aead) {
815 if (!EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) {
816 BIO_printf(bio_err, "\nCouldn't insert AAD when encrypting\n");
817 ERR_print_errors(bio_err);
818 exit(1);
819 }
820 }
821 if (!EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum])) {
822 BIO_printf(bio_err, "\nFailed to encrypt the data\n");
823 ERR_print_errors(bio_err);
824 exit(1);
825 }
826 if (EVP_EncryptFinal_ex(ctx, buf, &outl))
827 realcount++;
828 }
829 return realcount;
830 }
831
832 /*
833 * To make AEAD benchmarking more relevant perform TLS-like operations,
834 * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
835 * payload length is not actually limited by 16KB...
836 * CCM does not support streaming. For the purpose of performance measurement,
837 * each message is decrypted using the same (key,iv)-pair. Do not use this
838 * code in your application.
839 * For decryption, we will use buf2 to preserve the input text in buf.
840 */
EVP_Update_loop_aead_dec(void * args)841 static int EVP_Update_loop_aead_dec(void *args)
842 {
843 loopargs_t *tempargs = *(loopargs_t **) args;
844 unsigned char *buf = tempargs->buf;
845 unsigned char *outbuf = tempargs->buf2;
846 unsigned char *key = tempargs->key;
847 unsigned char tag[TAG_LEN];
848 EVP_CIPHER_CTX *ctx = tempargs->ctx;
849 int outl, count, realcount = 0;
850
851 for (count = 0; COND(c[D_EVP][testnum]); count++) {
852 /* Set the length of iv (Doesn't apply to SIV mode) */
853 if (mode_op != EVP_CIPH_SIV_MODE) {
854 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
855 aead_ivlen, NULL)) {
856 BIO_printf(bio_err, "\nFailed to set iv length\n");
857 ERR_print_errors(bio_err);
858 exit(1);
859 }
860 }
861
862 /* Set the tag length (Doesn't apply to SIV mode) */
863 if (mode_op != EVP_CIPH_SIV_MODE
864 && mode_op != EVP_CIPH_GCM_MODE) {
865 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
866 TAG_LEN, NULL)) {
867 BIO_printf(bio_err, "\nFailed to set tag length\n");
868 ERR_print_errors(bio_err);
869 exit(1);
870 }
871 }
872 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) {
873 BIO_printf(bio_err, "\nFailed to set key and iv\n");
874 ERR_print_errors(bio_err);
875 exit(1);
876 }
877 /* Set iv before decryption (Doesn't apply to SIV mode) */
878 if (mode_op != EVP_CIPH_SIV_MODE) {
879 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, aead_iv)) {
880 BIO_printf(bio_err, "\nFailed to set iv\n");
881 ERR_print_errors(bio_err);
882 exit(1);
883 }
884 }
885 memcpy(tag, tempargs->tag, TAG_LEN);
886
887 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
888 TAG_LEN, tag)) {
889 BIO_printf(bio_err, "\nFailed to set tag\n");
890 ERR_print_errors(bio_err);
891 exit(1);
892 }
893 /* Set the total length of cipher text. Only required for CCM */
894 if (mode_op == EVP_CIPH_CCM_MODE) {
895 if (!EVP_DecryptUpdate(ctx, NULL, &outl,
896 NULL, lengths[testnum])) {
897 BIO_printf(bio_err, "\nCouldn't set cipher text length\n");
898 ERR_print_errors(bio_err);
899 exit(1);
900 }
901 }
902 if (aead) {
903 if (!EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) {
904 BIO_printf(bio_err, "\nCouldn't insert AAD when decrypting\n");
905 ERR_print_errors(bio_err);
906 exit(1);
907 }
908 }
909 if (!EVP_DecryptUpdate(ctx, outbuf, &outl, buf, lengths[testnum])) {
910 BIO_printf(bio_err, "\nFailed to decrypt the data\n");
911 ERR_print_errors(bio_err);
912 exit(1);
913 }
914 if (EVP_DecryptFinal_ex(ctx, outbuf, &outl))
915 realcount++;
916 }
917 return realcount;
918 }
919
920 static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
921
RSA_sign_loop(void * args)922 static int RSA_sign_loop(void *args)
923 {
924 loopargs_t *tempargs = *(loopargs_t **) args;
925 unsigned char *buf = tempargs->buf;
926 unsigned char *buf2 = tempargs->buf2;
927 size_t *rsa_num = &tempargs->sigsize;
928 EVP_PKEY_CTX **rsa_sign_ctx = tempargs->rsa_sign_ctx;
929 int ret, count;
930
931 for (count = 0; COND(rsa_c[testnum][0]); count++) {
932 *rsa_num = tempargs->buflen;
933 ret = EVP_PKEY_sign(rsa_sign_ctx[testnum], buf2, rsa_num, buf, 36);
934 if (ret <= 0) {
935 BIO_printf(bio_err, "RSA sign failure\n");
936 ERR_print_errors(bio_err);
937 count = -1;
938 break;
939 }
940 }
941 return count;
942 }
943
RSA_verify_loop(void * args)944 static int RSA_verify_loop(void *args)
945 {
946 loopargs_t *tempargs = *(loopargs_t **) args;
947 unsigned char *buf = tempargs->buf;
948 unsigned char *buf2 = tempargs->buf2;
949 size_t rsa_num = tempargs->sigsize;
950 EVP_PKEY_CTX **rsa_verify_ctx = tempargs->rsa_verify_ctx;
951 int ret, count;
952
953 for (count = 0; COND(rsa_c[testnum][1]); count++) {
954 ret = EVP_PKEY_verify(rsa_verify_ctx[testnum], buf2, rsa_num, buf, 36);
955 if (ret <= 0) {
956 BIO_printf(bio_err, "RSA verify failure\n");
957 ERR_print_errors(bio_err);
958 count = -1;
959 break;
960 }
961 }
962 return count;
963 }
964
965 #ifndef OPENSSL_NO_DH
966 static long ffdh_c[FFDH_NUM][1];
967
FFDH_derive_key_loop(void * args)968 static int FFDH_derive_key_loop(void *args)
969 {
970 loopargs_t *tempargs = *(loopargs_t **) args;
971 EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum];
972 unsigned char *derived_secret = tempargs->secret_ff_a;
973 int count;
974
975 for (count = 0; COND(ffdh_c[testnum][0]); count++) {
976 /* outlen can be overwritten with a too small value (no padding used) */
977 size_t outlen = MAX_FFDH_SIZE;
978
979 EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen);
980 }
981 return count;
982 }
983 #endif /* OPENSSL_NO_DH */
984
985 static long dsa_c[DSA_NUM][2];
DSA_sign_loop(void * args)986 static int DSA_sign_loop(void *args)
987 {
988 loopargs_t *tempargs = *(loopargs_t **) args;
989 unsigned char *buf = tempargs->buf;
990 unsigned char *buf2 = tempargs->buf2;
991 size_t *dsa_num = &tempargs->sigsize;
992 EVP_PKEY_CTX **dsa_sign_ctx = tempargs->dsa_sign_ctx;
993 int ret, count;
994
995 for (count = 0; COND(dsa_c[testnum][0]); count++) {
996 *dsa_num = tempargs->buflen;
997 ret = EVP_PKEY_sign(dsa_sign_ctx[testnum], buf2, dsa_num, buf, 20);
998 if (ret <= 0) {
999 BIO_printf(bio_err, "DSA sign failure\n");
1000 ERR_print_errors(bio_err);
1001 count = -1;
1002 break;
1003 }
1004 }
1005 return count;
1006 }
1007
DSA_verify_loop(void * args)1008 static int DSA_verify_loop(void *args)
1009 {
1010 loopargs_t *tempargs = *(loopargs_t **) args;
1011 unsigned char *buf = tempargs->buf;
1012 unsigned char *buf2 = tempargs->buf2;
1013 size_t dsa_num = tempargs->sigsize;
1014 EVP_PKEY_CTX **dsa_verify_ctx = tempargs->dsa_verify_ctx;
1015 int ret, count;
1016
1017 for (count = 0; COND(dsa_c[testnum][1]); count++) {
1018 ret = EVP_PKEY_verify(dsa_verify_ctx[testnum], buf2, dsa_num, buf, 20);
1019 if (ret <= 0) {
1020 BIO_printf(bio_err, "DSA verify failure\n");
1021 ERR_print_errors(bio_err);
1022 count = -1;
1023 break;
1024 }
1025 }
1026 return count;
1027 }
1028
1029 static long ecdsa_c[ECDSA_NUM][2];
ECDSA_sign_loop(void * args)1030 static int ECDSA_sign_loop(void *args)
1031 {
1032 loopargs_t *tempargs = *(loopargs_t **) args;
1033 unsigned char *buf = tempargs->buf;
1034 unsigned char *buf2 = tempargs->buf2;
1035 size_t *ecdsa_num = &tempargs->sigsize;
1036 EVP_PKEY_CTX **ecdsa_sign_ctx = tempargs->ecdsa_sign_ctx;
1037 int ret, count;
1038
1039 for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
1040 *ecdsa_num = tempargs->buflen;
1041 ret = EVP_PKEY_sign(ecdsa_sign_ctx[testnum], buf2, ecdsa_num, buf, 20);
1042 if (ret <= 0) {
1043 BIO_printf(bio_err, "ECDSA sign failure\n");
1044 ERR_print_errors(bio_err);
1045 count = -1;
1046 break;
1047 }
1048 }
1049 return count;
1050 }
1051
ECDSA_verify_loop(void * args)1052 static int ECDSA_verify_loop(void *args)
1053 {
1054 loopargs_t *tempargs = *(loopargs_t **) args;
1055 unsigned char *buf = tempargs->buf;
1056 unsigned char *buf2 = tempargs->buf2;
1057 size_t ecdsa_num = tempargs->sigsize;
1058 EVP_PKEY_CTX **ecdsa_verify_ctx = tempargs->ecdsa_verify_ctx;
1059 int ret, count;
1060
1061 for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
1062 ret = EVP_PKEY_verify(ecdsa_verify_ctx[testnum], buf2, ecdsa_num,
1063 buf, 20);
1064 if (ret <= 0) {
1065 BIO_printf(bio_err, "ECDSA verify failure\n");
1066 ERR_print_errors(bio_err);
1067 count = -1;
1068 break;
1069 }
1070 }
1071 return count;
1072 }
1073
1074 /* ******************************************************************** */
1075 static long ecdh_c[EC_NUM][1];
1076
ECDH_EVP_derive_key_loop(void * args)1077 static int ECDH_EVP_derive_key_loop(void *args)
1078 {
1079 loopargs_t *tempargs = *(loopargs_t **) args;
1080 EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum];
1081 unsigned char *derived_secret = tempargs->secret_a;
1082 int count;
1083 size_t *outlen = &(tempargs->outlen[testnum]);
1084
1085 for (count = 0; COND(ecdh_c[testnum][0]); count++)
1086 EVP_PKEY_derive(ctx, derived_secret, outlen);
1087
1088 return count;
1089 }
1090
1091 static long eddsa_c[EdDSA_NUM][2];
EdDSA_sign_loop(void * args)1092 static int EdDSA_sign_loop(void *args)
1093 {
1094 loopargs_t *tempargs = *(loopargs_t **) args;
1095 unsigned char *buf = tempargs->buf;
1096 EVP_MD_CTX **edctx = tempargs->eddsa_ctx;
1097 unsigned char *eddsasig = tempargs->buf2;
1098 size_t *eddsasigsize = &tempargs->sigsize;
1099 int ret, count;
1100
1101 for (count = 0; COND(eddsa_c[testnum][0]); count++) {
1102 ret = EVP_DigestSignInit(edctx[testnum], NULL, NULL, NULL, NULL);
1103 if (ret == 0) {
1104 BIO_printf(bio_err, "EdDSA sign init failure\n");
1105 ERR_print_errors(bio_err);
1106 count = -1;
1107 break;
1108 }
1109 ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
1110 if (ret == 0) {
1111 BIO_printf(bio_err, "EdDSA sign failure\n");
1112 ERR_print_errors(bio_err);
1113 count = -1;
1114 break;
1115 }
1116 }
1117 return count;
1118 }
1119
EdDSA_verify_loop(void * args)1120 static int EdDSA_verify_loop(void *args)
1121 {
1122 loopargs_t *tempargs = *(loopargs_t **) args;
1123 unsigned char *buf = tempargs->buf;
1124 EVP_MD_CTX **edctx = tempargs->eddsa_ctx2;
1125 unsigned char *eddsasig = tempargs->buf2;
1126 size_t eddsasigsize = tempargs->sigsize;
1127 int ret, count;
1128
1129 for (count = 0; COND(eddsa_c[testnum][1]); count++) {
1130 ret = EVP_DigestVerifyInit(edctx[testnum], NULL, NULL, NULL, NULL);
1131 if (ret == 0) {
1132 BIO_printf(bio_err, "EdDSA verify init failure\n");
1133 ERR_print_errors(bio_err);
1134 count = -1;
1135 break;
1136 }
1137 ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
1138 if (ret != 1) {
1139 BIO_printf(bio_err, "EdDSA verify failure\n");
1140 ERR_print_errors(bio_err);
1141 count = -1;
1142 break;
1143 }
1144 }
1145 return count;
1146 }
1147
1148 #ifndef OPENSSL_NO_SM2
1149 static long sm2_c[SM2_NUM][2];
SM2_sign_loop(void * args)1150 static int SM2_sign_loop(void *args)
1151 {
1152 loopargs_t *tempargs = *(loopargs_t **) args;
1153 unsigned char *buf = tempargs->buf;
1154 EVP_MD_CTX **sm2ctx = tempargs->sm2_ctx;
1155 unsigned char *sm2sig = tempargs->buf2;
1156 size_t sm2sigsize;
1157 int ret, count;
1158 EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
1159 const size_t max_size = EVP_PKEY_get_size(sm2_pkey[testnum]);
1160
1161 for (count = 0; COND(sm2_c[testnum][0]); count++) {
1162 sm2sigsize = max_size;
1163
1164 if (!EVP_DigestSignInit(sm2ctx[testnum], NULL, EVP_sm3(),
1165 NULL, sm2_pkey[testnum])) {
1166 BIO_printf(bio_err, "SM2 init sign failure\n");
1167 ERR_print_errors(bio_err);
1168 count = -1;
1169 break;
1170 }
1171 ret = EVP_DigestSign(sm2ctx[testnum], sm2sig, &sm2sigsize,
1172 buf, 20);
1173 if (ret == 0) {
1174 BIO_printf(bio_err, "SM2 sign failure\n");
1175 ERR_print_errors(bio_err);
1176 count = -1;
1177 break;
1178 }
1179 /* update the latest returned size and always use the fixed buffer size */
1180 tempargs->sigsize = sm2sigsize;
1181 }
1182
1183 return count;
1184 }
1185
SM2_verify_loop(void * args)1186 static int SM2_verify_loop(void *args)
1187 {
1188 loopargs_t *tempargs = *(loopargs_t **) args;
1189 unsigned char *buf = tempargs->buf;
1190 EVP_MD_CTX **sm2ctx = tempargs->sm2_vfy_ctx;
1191 unsigned char *sm2sig = tempargs->buf2;
1192 size_t sm2sigsize = tempargs->sigsize;
1193 int ret, count;
1194 EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
1195
1196 for (count = 0; COND(sm2_c[testnum][1]); count++) {
1197 if (!EVP_DigestVerifyInit(sm2ctx[testnum], NULL, EVP_sm3(),
1198 NULL, sm2_pkey[testnum])) {
1199 BIO_printf(bio_err, "SM2 verify init failure\n");
1200 ERR_print_errors(bio_err);
1201 count = -1;
1202 break;
1203 }
1204 ret = EVP_DigestVerify(sm2ctx[testnum], sm2sig, sm2sigsize,
1205 buf, 20);
1206 if (ret != 1) {
1207 BIO_printf(bio_err, "SM2 verify failure\n");
1208 ERR_print_errors(bio_err);
1209 count = -1;
1210 break;
1211 }
1212 }
1213 return count;
1214 }
1215 #endif /* OPENSSL_NO_SM2 */
1216
run_benchmark(int async_jobs,int (* loop_function)(void *),loopargs_t * loopargs)1217 static int run_benchmark(int async_jobs,
1218 int (*loop_function) (void *), loopargs_t * loopargs)
1219 {
1220 int job_op_count = 0;
1221 int total_op_count = 0;
1222 int num_inprogress = 0;
1223 int error = 0, i = 0, ret = 0;
1224 OSSL_ASYNC_FD job_fd = 0;
1225 size_t num_job_fds = 0;
1226
1227 if (async_jobs == 0) {
1228 return loop_function((void *)&loopargs);
1229 }
1230
1231 for (i = 0; i < async_jobs && !error; i++) {
1232 loopargs_t *looparg_item = loopargs + i;
1233
1234 /* Copy pointer content (looparg_t item address) into async context */
1235 ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
1236 &job_op_count, loop_function,
1237 (void *)&looparg_item, sizeof(looparg_item));
1238 switch (ret) {
1239 case ASYNC_PAUSE:
1240 ++num_inprogress;
1241 break;
1242 case ASYNC_FINISH:
1243 if (job_op_count == -1) {
1244 error = 1;
1245 } else {
1246 total_op_count += job_op_count;
1247 }
1248 break;
1249 case ASYNC_NO_JOBS:
1250 case ASYNC_ERR:
1251 BIO_printf(bio_err, "Failure in the job\n");
1252 ERR_print_errors(bio_err);
1253 error = 1;
1254 break;
1255 }
1256 }
1257
1258 while (num_inprogress > 0) {
1259 #if defined(OPENSSL_SYS_WINDOWS)
1260 DWORD avail = 0;
1261 #elif defined(OPENSSL_SYS_UNIX)
1262 int select_result = 0;
1263 OSSL_ASYNC_FD max_fd = 0;
1264 fd_set waitfdset;
1265
1266 FD_ZERO(&waitfdset);
1267
1268 for (i = 0; i < async_jobs && num_inprogress > 0; i++) {
1269 if (loopargs[i].inprogress_job == NULL)
1270 continue;
1271
1272 if (!ASYNC_WAIT_CTX_get_all_fds
1273 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1274 || num_job_fds > 1) {
1275 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1276 ERR_print_errors(bio_err);
1277 error = 1;
1278 break;
1279 }
1280 ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1281 &num_job_fds);
1282 FD_SET(job_fd, &waitfdset);
1283 if (job_fd > max_fd)
1284 max_fd = job_fd;
1285 }
1286
1287 if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
1288 BIO_printf(bio_err,
1289 "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
1290 "Decrease the value of async_jobs\n",
1291 max_fd, FD_SETSIZE);
1292 ERR_print_errors(bio_err);
1293 error = 1;
1294 break;
1295 }
1296
1297 select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL);
1298 if (select_result == -1 && errno == EINTR)
1299 continue;
1300
1301 if (select_result == -1) {
1302 BIO_printf(bio_err, "Failure in the select\n");
1303 ERR_print_errors(bio_err);
1304 error = 1;
1305 break;
1306 }
1307
1308 if (select_result == 0)
1309 continue;
1310 #endif
1311
1312 for (i = 0; i < async_jobs; i++) {
1313 if (loopargs[i].inprogress_job == NULL)
1314 continue;
1315
1316 if (!ASYNC_WAIT_CTX_get_all_fds
1317 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1318 || num_job_fds > 1) {
1319 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1320 ERR_print_errors(bio_err);
1321 error = 1;
1322 break;
1323 }
1324 ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1325 &num_job_fds);
1326
1327 #if defined(OPENSSL_SYS_UNIX)
1328 if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
1329 continue;
1330 #elif defined(OPENSSL_SYS_WINDOWS)
1331 if (num_job_fds == 1
1332 && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
1333 && avail > 0)
1334 continue;
1335 #endif
1336
1337 ret = ASYNC_start_job(&loopargs[i].inprogress_job,
1338 loopargs[i].wait_ctx, &job_op_count,
1339 loop_function, (void *)(loopargs + i),
1340 sizeof(loopargs_t));
1341 switch (ret) {
1342 case ASYNC_PAUSE:
1343 break;
1344 case ASYNC_FINISH:
1345 if (job_op_count == -1) {
1346 error = 1;
1347 } else {
1348 total_op_count += job_op_count;
1349 }
1350 --num_inprogress;
1351 loopargs[i].inprogress_job = NULL;
1352 break;
1353 case ASYNC_NO_JOBS:
1354 case ASYNC_ERR:
1355 --num_inprogress;
1356 loopargs[i].inprogress_job = NULL;
1357 BIO_printf(bio_err, "Failure in the job\n");
1358 ERR_print_errors(bio_err);
1359 error = 1;
1360 break;
1361 }
1362 }
1363 }
1364
1365 return error ? -1 : total_op_count;
1366 }
1367
1368 typedef struct ec_curve_st {
1369 const char *name;
1370 unsigned int nid;
1371 unsigned int bits;
1372 size_t sigsize; /* only used for EdDSA curves */
1373 } EC_CURVE;
1374
get_ecdsa(const EC_CURVE * curve)1375 static EVP_PKEY *get_ecdsa(const EC_CURVE *curve)
1376 {
1377 EVP_PKEY_CTX *kctx = NULL;
1378 EVP_PKEY *key = NULL;
1379
1380 /* Ensure that the error queue is empty */
1381 if (ERR_peek_error()) {
1382 BIO_printf(bio_err,
1383 "WARNING: the error queue contains previous unhandled errors.\n");
1384 ERR_print_errors(bio_err);
1385 }
1386
1387 /*
1388 * Let's try to create a ctx directly from the NID: this works for
1389 * curves like Curve25519 that are not implemented through the low
1390 * level EC interface.
1391 * If this fails we try creating a EVP_PKEY_EC generic param ctx,
1392 * then we set the curve by NID before deriving the actual keygen
1393 * ctx for that specific curve.
1394 */
1395 kctx = EVP_PKEY_CTX_new_id(curve->nid, NULL);
1396 if (kctx == NULL) {
1397 EVP_PKEY_CTX *pctx = NULL;
1398 EVP_PKEY *params = NULL;
1399 /*
1400 * If we reach this code EVP_PKEY_CTX_new_id() failed and a
1401 * "int_ctx_new:unsupported algorithm" error was added to the
1402 * error queue.
1403 * We remove it from the error queue as we are handling it.
1404 */
1405 unsigned long error = ERR_peek_error();
1406
1407 if (error == ERR_peek_last_error() /* oldest and latest errors match */
1408 /* check that the error origin matches */
1409 && ERR_GET_LIB(error) == ERR_LIB_EVP
1410 && (ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM
1411 || ERR_GET_REASON(error) == ERR_R_UNSUPPORTED))
1412 ERR_get_error(); /* pop error from queue */
1413 if (ERR_peek_error()) {
1414 BIO_printf(bio_err,
1415 "Unhandled error in the error queue during EC key setup.\n");
1416 ERR_print_errors(bio_err);
1417 return NULL;
1418 }
1419
1420 /* Create the context for parameter generation */
1421 if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL
1422 || EVP_PKEY_paramgen_init(pctx) <= 0
1423 || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1424 curve->nid) <= 0
1425 || EVP_PKEY_paramgen(pctx, ¶ms) <= 0) {
1426 BIO_printf(bio_err, "EC params init failure.\n");
1427 ERR_print_errors(bio_err);
1428 EVP_PKEY_CTX_free(pctx);
1429 return NULL;
1430 }
1431 EVP_PKEY_CTX_free(pctx);
1432
1433 /* Create the context for the key generation */
1434 kctx = EVP_PKEY_CTX_new(params, NULL);
1435 EVP_PKEY_free(params);
1436 }
1437 if (kctx == NULL
1438 || EVP_PKEY_keygen_init(kctx) <= 0
1439 || EVP_PKEY_keygen(kctx, &key) <= 0) {
1440 BIO_printf(bio_err, "EC key generation failure.\n");
1441 ERR_print_errors(bio_err);
1442 key = NULL;
1443 }
1444 EVP_PKEY_CTX_free(kctx);
1445 return key;
1446 }
1447
1448 #define stop_it(do_it, test_num)\
1449 memset(do_it + test_num, 0, OSSL_NELEM(do_it) - test_num);
1450
speed_main(int argc,char ** argv)1451 int speed_main(int argc, char **argv)
1452 {
1453 ENGINE *e = NULL;
1454 loopargs_t *loopargs = NULL;
1455 const char *prog;
1456 const char *engine_id = NULL;
1457 EVP_CIPHER *evp_cipher = NULL;
1458 EVP_MAC *mac = NULL;
1459 double d = 0.0;
1460 OPTION_CHOICE o;
1461 int async_init = 0, multiblock = 0, pr_header = 0;
1462 uint8_t doit[ALGOR_NUM] = { 0 };
1463 int ret = 1, misalign = 0, lengths_single = 0;
1464 long count = 0;
1465 unsigned int size_num = SIZE_NUM;
1466 unsigned int i, k, loopargs_len = 0, async_jobs = 0;
1467 int keylen = 0;
1468 int buflen;
1469 BIGNUM *bn = NULL;
1470 EVP_PKEY_CTX *genctx = NULL;
1471 #ifndef NO_FORK
1472 int multi = 0;
1473 #endif
1474 long op_count = 1;
1475 openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
1476 ECDSA_SECONDS, ECDH_SECONDS,
1477 EdDSA_SECONDS, SM2_SECONDS,
1478 FFDH_SECONDS };
1479
1480 static const unsigned char key32[32] = {
1481 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1482 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1483 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
1484 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
1485 };
1486 static const unsigned char deskey[] = {
1487 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, /* key1 */
1488 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, /* key2 */
1489 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 /* key3 */
1490 };
1491 static const struct {
1492 const unsigned char *data;
1493 unsigned int length;
1494 unsigned int bits;
1495 } rsa_keys[] = {
1496 { test512, sizeof(test512), 512 },
1497 { test1024, sizeof(test1024), 1024 },
1498 { test2048, sizeof(test2048), 2048 },
1499 { test3072, sizeof(test3072), 3072 },
1500 { test4096, sizeof(test4096), 4096 },
1501 { test7680, sizeof(test7680), 7680 },
1502 { test15360, sizeof(test15360), 15360 }
1503 };
1504 uint8_t rsa_doit[RSA_NUM] = { 0 };
1505 int primes = RSA_DEFAULT_PRIME_NUM;
1506 #ifndef OPENSSL_NO_DH
1507 typedef struct ffdh_params_st {
1508 const char *name;
1509 unsigned int nid;
1510 unsigned int bits;
1511 } FFDH_PARAMS;
1512
1513 static const FFDH_PARAMS ffdh_params[FFDH_NUM] = {
1514 {"ffdh2048", NID_ffdhe2048, 2048},
1515 {"ffdh3072", NID_ffdhe3072, 3072},
1516 {"ffdh4096", NID_ffdhe4096, 4096},
1517 {"ffdh6144", NID_ffdhe6144, 6144},
1518 {"ffdh8192", NID_ffdhe8192, 8192}
1519 };
1520 uint8_t ffdh_doit[FFDH_NUM] = { 0 };
1521
1522 #endif /* OPENSSL_NO_DH */
1523 static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
1524 uint8_t dsa_doit[DSA_NUM] = { 0 };
1525 /*
1526 * We only test over the following curves as they are representative, To
1527 * add tests over more curves, simply add the curve NID and curve name to
1528 * the following arrays and increase the |ecdh_choices| and |ecdsa_choices|
1529 * lists accordingly.
1530 */
1531 static const EC_CURVE ec_curves[EC_NUM] = {
1532 /* Prime Curves */
1533 {"secp160r1", NID_secp160r1, 160},
1534 {"nistp192", NID_X9_62_prime192v1, 192},
1535 {"nistp224", NID_secp224r1, 224},
1536 {"nistp256", NID_X9_62_prime256v1, 256},
1537 {"nistp384", NID_secp384r1, 384},
1538 {"nistp521", NID_secp521r1, 521},
1539 #ifndef OPENSSL_NO_EC2M
1540 /* Binary Curves */
1541 {"nistk163", NID_sect163k1, 163},
1542 {"nistk233", NID_sect233k1, 233},
1543 {"nistk283", NID_sect283k1, 283},
1544 {"nistk409", NID_sect409k1, 409},
1545 {"nistk571", NID_sect571k1, 571},
1546 {"nistb163", NID_sect163r2, 163},
1547 {"nistb233", NID_sect233r1, 233},
1548 {"nistb283", NID_sect283r1, 283},
1549 {"nistb409", NID_sect409r1, 409},
1550 {"nistb571", NID_sect571r1, 571},
1551 #endif
1552 {"brainpoolP256r1", NID_brainpoolP256r1, 256},
1553 {"brainpoolP256t1", NID_brainpoolP256t1, 256},
1554 {"brainpoolP384r1", NID_brainpoolP384r1, 384},
1555 {"brainpoolP384t1", NID_brainpoolP384t1, 384},
1556 {"brainpoolP512r1", NID_brainpoolP512r1, 512},
1557 {"brainpoolP512t1", NID_brainpoolP512t1, 512},
1558 /* Other and ECDH only ones */
1559 {"X25519", NID_X25519, 253},
1560 {"X448", NID_X448, 448}
1561 };
1562 static const EC_CURVE ed_curves[EdDSA_NUM] = {
1563 /* EdDSA */
1564 {"Ed25519", NID_ED25519, 253, 64},
1565 {"Ed448", NID_ED448, 456, 114}
1566 };
1567 #ifndef OPENSSL_NO_SM2
1568 static const EC_CURVE sm2_curves[SM2_NUM] = {
1569 /* SM2 */
1570 {"CurveSM2", NID_sm2, 256}
1571 };
1572 uint8_t sm2_doit[SM2_NUM] = { 0 };
1573 #endif
1574 uint8_t ecdsa_doit[ECDSA_NUM] = { 0 };
1575 uint8_t ecdh_doit[EC_NUM] = { 0 };
1576 uint8_t eddsa_doit[EdDSA_NUM] = { 0 };
1577
1578 /* checks declarated curves against choices list. */
1579 OPENSSL_assert(ed_curves[EdDSA_NUM - 1].nid == NID_ED448);
1580 OPENSSL_assert(strcmp(eddsa_choices[EdDSA_NUM - 1].name, "ed448") == 0);
1581
1582 OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448);
1583 OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0);
1584
1585 OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1);
1586 OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0);
1587
1588 #ifndef OPENSSL_NO_SM2
1589 OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);
1590 OPENSSL_assert(strcmp(sm2_choices[SM2_NUM - 1].name, "curveSM2") == 0);
1591 #endif
1592
1593 prog = opt_init(argc, argv, speed_options);
1594 while ((o = opt_next()) != OPT_EOF) {
1595 switch (o) {
1596 case OPT_EOF:
1597 case OPT_ERR:
1598 opterr:
1599 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
1600 goto end;
1601 case OPT_HELP:
1602 opt_help(speed_options);
1603 ret = 0;
1604 goto end;
1605 case OPT_ELAPSED:
1606 usertime = 0;
1607 break;
1608 case OPT_EVP:
1609 if (doit[D_EVP]) {
1610 BIO_printf(bio_err, "%s: -evp option cannot be used more than once\n", prog);
1611 goto opterr;
1612 }
1613 ERR_set_mark();
1614 if (!opt_cipher_silent(opt_arg(), &evp_cipher)) {
1615 if (have_md(opt_arg()))
1616 evp_md_name = opt_arg();
1617 }
1618 if (evp_cipher == NULL && evp_md_name == NULL) {
1619 ERR_clear_last_mark();
1620 BIO_printf(bio_err,
1621 "%s: %s is an unknown cipher or digest\n",
1622 prog, opt_arg());
1623 goto end;
1624 }
1625 ERR_pop_to_mark();
1626 doit[D_EVP] = 1;
1627 break;
1628 case OPT_HMAC:
1629 if (!have_md(opt_arg())) {
1630 BIO_printf(bio_err, "%s: %s is an unknown digest\n",
1631 prog, opt_arg());
1632 goto end;
1633 }
1634 evp_mac_mdname = opt_arg();
1635 doit[D_HMAC] = 1;
1636 break;
1637 case OPT_CMAC:
1638 if (!have_cipher(opt_arg())) {
1639 BIO_printf(bio_err, "%s: %s is an unknown cipher\n",
1640 prog, opt_arg());
1641 goto end;
1642 }
1643 evp_mac_ciphername = opt_arg();
1644 doit[D_EVP_CMAC] = 1;
1645 break;
1646 case OPT_DECRYPT:
1647 decrypt = 1;
1648 break;
1649 case OPT_ENGINE:
1650 /*
1651 * In a forked execution, an engine might need to be
1652 * initialised by each child process, not by the parent.
1653 * So store the name here and run setup_engine() later on.
1654 */
1655 engine_id = opt_arg();
1656 break;
1657 case OPT_MULTI:
1658 #ifndef NO_FORK
1659 multi = atoi(opt_arg());
1660 if ((size_t)multi >= SIZE_MAX / sizeof(int)) {
1661 BIO_printf(bio_err, "%s: multi argument too large\n", prog);
1662 return 0;
1663 }
1664 #endif
1665 break;
1666 case OPT_ASYNCJOBS:
1667 #ifndef OPENSSL_NO_ASYNC
1668 async_jobs = atoi(opt_arg());
1669 if (!ASYNC_is_capable()) {
1670 BIO_printf(bio_err,
1671 "%s: async_jobs specified but async not supported\n",
1672 prog);
1673 goto opterr;
1674 }
1675 if (async_jobs > 99999) {
1676 BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
1677 goto opterr;
1678 }
1679 #endif
1680 break;
1681 case OPT_MISALIGN:
1682 misalign = opt_int_arg();
1683 if (misalign > MISALIGN) {
1684 BIO_printf(bio_err,
1685 "%s: Maximum offset is %d\n", prog, MISALIGN);
1686 goto opterr;
1687 }
1688 break;
1689 case OPT_MR:
1690 mr = 1;
1691 break;
1692 case OPT_MB:
1693 multiblock = 1;
1694 #ifdef OPENSSL_NO_MULTIBLOCK
1695 BIO_printf(bio_err,
1696 "%s: -mb specified but multi-block support is disabled\n",
1697 prog);
1698 goto end;
1699 #endif
1700 break;
1701 case OPT_R_CASES:
1702 if (!opt_rand(o))
1703 goto end;
1704 break;
1705 case OPT_PROV_CASES:
1706 if (!opt_provider(o))
1707 goto end;
1708 break;
1709 case OPT_PRIMES:
1710 primes = opt_int_arg();
1711 break;
1712 case OPT_SECONDS:
1713 seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
1714 = seconds.ecdh = seconds.eddsa
1715 = seconds.sm2 = seconds.ffdh = atoi(opt_arg());
1716 break;
1717 case OPT_BYTES:
1718 lengths_single = atoi(opt_arg());
1719 lengths = &lengths_single;
1720 size_num = 1;
1721 break;
1722 case OPT_AEAD:
1723 aead = 1;
1724 break;
1725 }
1726 }
1727
1728 /* Remaining arguments are algorithms. */
1729 argc = opt_num_rest();
1730 argv = opt_rest();
1731
1732 if (!app_RAND_load())
1733 goto end;
1734
1735 for (; *argv; argv++) {
1736 const char *algo = *argv;
1737
1738 if (opt_found(algo, doit_choices, &i)) {
1739 doit[i] = 1;
1740 continue;
1741 }
1742 if (strcmp(algo, "des") == 0) {
1743 doit[D_CBC_DES] = doit[D_EDE3_DES] = 1;
1744 continue;
1745 }
1746 if (strcmp(algo, "sha") == 0) {
1747 doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
1748 continue;
1749 }
1750 #ifndef OPENSSL_NO_DEPRECATED_3_0
1751 if (strcmp(algo, "openssl") == 0) /* just for compatibility */
1752 continue;
1753 #endif
1754 if (strncmp(algo, "rsa", 3) == 0) {
1755 if (algo[3] == '\0') {
1756 memset(rsa_doit, 1, sizeof(rsa_doit));
1757 continue;
1758 }
1759 if (opt_found(algo, rsa_choices, &i)) {
1760 rsa_doit[i] = 1;
1761 continue;
1762 }
1763 }
1764 #ifndef OPENSSL_NO_DH
1765 if (strncmp(algo, "ffdh", 4) == 0) {
1766 if (algo[4] == '\0') {
1767 memset(ffdh_doit, 1, sizeof(ffdh_doit));
1768 continue;
1769 }
1770 if (opt_found(algo, ffdh_choices, &i)) {
1771 ffdh_doit[i] = 2;
1772 continue;
1773 }
1774 }
1775 #endif
1776 if (strncmp(algo, "dsa", 3) == 0) {
1777 if (algo[3] == '\0') {
1778 memset(dsa_doit, 1, sizeof(dsa_doit));
1779 continue;
1780 }
1781 if (opt_found(algo, dsa_choices, &i)) {
1782 dsa_doit[i] = 2;
1783 continue;
1784 }
1785 }
1786 if (strcmp(algo, "aes") == 0) {
1787 doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1;
1788 continue;
1789 }
1790 if (strcmp(algo, "camellia") == 0) {
1791 doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
1792 continue;
1793 }
1794 if (strncmp(algo, "ecdsa", 5) == 0) {
1795 if (algo[5] == '\0') {
1796 memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
1797 continue;
1798 }
1799 if (opt_found(algo, ecdsa_choices, &i)) {
1800 ecdsa_doit[i] = 2;
1801 continue;
1802 }
1803 }
1804 if (strncmp(algo, "ecdh", 4) == 0) {
1805 if (algo[4] == '\0') {
1806 memset(ecdh_doit, 1, sizeof(ecdh_doit));
1807 continue;
1808 }
1809 if (opt_found(algo, ecdh_choices, &i)) {
1810 ecdh_doit[i] = 2;
1811 continue;
1812 }
1813 }
1814 if (strcmp(algo, "eddsa") == 0) {
1815 memset(eddsa_doit, 1, sizeof(eddsa_doit));
1816 continue;
1817 }
1818 if (opt_found(algo, eddsa_choices, &i)) {
1819 eddsa_doit[i] = 2;
1820 continue;
1821 }
1822 #ifndef OPENSSL_NO_SM2
1823 if (strcmp(algo, "sm2") == 0) {
1824 memset(sm2_doit, 1, sizeof(sm2_doit));
1825 continue;
1826 }
1827 if (opt_found(algo, sm2_choices, &i)) {
1828 sm2_doit[i] = 2;
1829 continue;
1830 }
1831 #endif
1832 BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, algo);
1833 goto end;
1834 }
1835
1836 /* Sanity checks */
1837 if (aead) {
1838 if (evp_cipher == NULL) {
1839 BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
1840 goto end;
1841 } else if (!(EVP_CIPHER_get_flags(evp_cipher) &
1842 EVP_CIPH_FLAG_AEAD_CIPHER)) {
1843 BIO_printf(bio_err, "%s is not an AEAD cipher\n",
1844 EVP_CIPHER_get0_name(evp_cipher));
1845 goto end;
1846 }
1847 }
1848 if (multiblock) {
1849 if (evp_cipher == NULL) {
1850 BIO_printf(bio_err, "-mb can be used only with a multi-block"
1851 " capable cipher\n");
1852 goto end;
1853 } else if (!(EVP_CIPHER_get_flags(evp_cipher) &
1854 EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
1855 BIO_printf(bio_err, "%s is not a multi-block capable\n",
1856 EVP_CIPHER_get0_name(evp_cipher));
1857 goto end;
1858 } else if (async_jobs > 0) {
1859 BIO_printf(bio_err, "Async mode is not supported with -mb");
1860 goto end;
1861 }
1862 }
1863
1864 /* Initialize the job pool if async mode is enabled */
1865 if (async_jobs > 0) {
1866 async_init = ASYNC_init_thread(async_jobs, async_jobs);
1867 if (!async_init) {
1868 BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
1869 goto end;
1870 }
1871 }
1872
1873 loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
1874 loopargs =
1875 app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
1876 memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
1877
1878 for (i = 0; i < loopargs_len; i++) {
1879 if (async_jobs > 0) {
1880 loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new();
1881 if (loopargs[i].wait_ctx == NULL) {
1882 BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n");
1883 goto end;
1884 }
1885 }
1886
1887 buflen = lengths[size_num - 1];
1888 if (buflen < 36) /* size of random vector in RSA benchmark */
1889 buflen = 36;
1890 if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) {
1891 BIO_printf(bio_err, "Error: buffer size too large\n");
1892 goto end;
1893 }
1894 buflen += MAX_MISALIGNMENT + 1;
1895 loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
1896 loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
1897 memset(loopargs[i].buf_malloc, 0, buflen);
1898 memset(loopargs[i].buf2_malloc, 0, buflen);
1899
1900 /* Align the start of buffers on a 64 byte boundary */
1901 loopargs[i].buf = loopargs[i].buf_malloc + misalign;
1902 loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
1903 loopargs[i].buflen = buflen - misalign;
1904 loopargs[i].sigsize = buflen - misalign;
1905 loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
1906 loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
1907 #ifndef OPENSSL_NO_DH
1908 loopargs[i].secret_ff_a = app_malloc(MAX_FFDH_SIZE, "FFDH secret a");
1909 loopargs[i].secret_ff_b = app_malloc(MAX_FFDH_SIZE, "FFDH secret b");
1910 #endif
1911 }
1912
1913 #ifndef NO_FORK
1914 if (multi && do_multi(multi, size_num))
1915 goto show_res;
1916 #endif
1917
1918 /* Initialize the engine after the fork */
1919 e = setup_engine(engine_id, 0);
1920
1921 /* No parameters; turn on everything. */
1922 if (argc == 0 && !doit[D_EVP] && !doit[D_HMAC] && !doit[D_EVP_CMAC]) {
1923 memset(doit, 1, sizeof(doit));
1924 doit[D_EVP] = doit[D_EVP_CMAC] = 0;
1925 ERR_set_mark();
1926 for (i = D_MD2; i <= D_WHIRLPOOL; i++) {
1927 if (!have_md(names[i]))
1928 doit[i] = 0;
1929 }
1930 for (i = D_CBC_DES; i <= D_CBC_256_CML; i++) {
1931 if (!have_cipher(names[i]))
1932 doit[i] = 0;
1933 }
1934 if ((mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC",
1935 app_get0_propq())) != NULL) {
1936 EVP_MAC_free(mac);
1937 mac = NULL;
1938 } else {
1939 doit[D_GHASH] = 0;
1940 }
1941 if ((mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC",
1942 app_get0_propq())) != NULL) {
1943 EVP_MAC_free(mac);
1944 mac = NULL;
1945 } else {
1946 doit[D_HMAC] = 0;
1947 }
1948 ERR_pop_to_mark();
1949 memset(rsa_doit, 1, sizeof(rsa_doit));
1950 #ifndef OPENSSL_NO_DH
1951 memset(ffdh_doit, 1, sizeof(ffdh_doit));
1952 #endif
1953 memset(dsa_doit, 1, sizeof(dsa_doit));
1954 memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
1955 memset(ecdh_doit, 1, sizeof(ecdh_doit));
1956 memset(eddsa_doit, 1, sizeof(eddsa_doit));
1957 #ifndef OPENSSL_NO_SM2
1958 memset(sm2_doit, 1, sizeof(sm2_doit));
1959 #endif
1960 }
1961 for (i = 0; i < ALGOR_NUM; i++)
1962 if (doit[i])
1963 pr_header++;
1964
1965 if (usertime == 0 && !mr)
1966 BIO_printf(bio_err,
1967 "You have chosen to measure elapsed time "
1968 "instead of user CPU time.\n");
1969
1970 #if SIGALRM > 0
1971 signal(SIGALRM, alarmed);
1972 #endif
1973
1974 if (doit[D_MD2]) {
1975 for (testnum = 0; testnum < size_num; testnum++) {
1976 print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum],
1977 seconds.sym);
1978 Time_F(START);
1979 count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
1980 d = Time_F(STOP);
1981 print_result(D_MD2, testnum, count, d);
1982 if (count < 0)
1983 break;
1984 }
1985 }
1986
1987 if (doit[D_MDC2]) {
1988 for (testnum = 0; testnum < size_num; testnum++) {
1989 print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum],
1990 seconds.sym);
1991 Time_F(START);
1992 count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
1993 d = Time_F(STOP);
1994 print_result(D_MDC2, testnum, count, d);
1995 if (count < 0)
1996 break;
1997 }
1998 }
1999
2000 if (doit[D_MD4]) {
2001 for (testnum = 0; testnum < size_num; testnum++) {
2002 print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum],
2003 seconds.sym);
2004 Time_F(START);
2005 count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
2006 d = Time_F(STOP);
2007 print_result(D_MD4, testnum, count, d);
2008 if (count < 0)
2009 break;
2010 }
2011 }
2012
2013 if (doit[D_MD5]) {
2014 for (testnum = 0; testnum < size_num; testnum++) {
2015 print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum],
2016 seconds.sym);
2017 Time_F(START);
2018 count = run_benchmark(async_jobs, MD5_loop, loopargs);
2019 d = Time_F(STOP);
2020 print_result(D_MD5, testnum, count, d);
2021 if (count < 0)
2022 break;
2023 }
2024 }
2025
2026 if (doit[D_SHA1]) {
2027 for (testnum = 0; testnum < size_num; testnum++) {
2028 print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum],
2029 seconds.sym);
2030 Time_F(START);
2031 count = run_benchmark(async_jobs, SHA1_loop, loopargs);
2032 d = Time_F(STOP);
2033 print_result(D_SHA1, testnum, count, d);
2034 if (count < 0)
2035 break;
2036 }
2037 }
2038
2039 if (doit[D_SHA256]) {
2040 for (testnum = 0; testnum < size_num; testnum++) {
2041 print_message(names[D_SHA256], c[D_SHA256][testnum],
2042 lengths[testnum], seconds.sym);
2043 Time_F(START);
2044 count = run_benchmark(async_jobs, SHA256_loop, loopargs);
2045 d = Time_F(STOP);
2046 print_result(D_SHA256, testnum, count, d);
2047 if (count < 0)
2048 break;
2049 }
2050 }
2051
2052 if (doit[D_SHA512]) {
2053 for (testnum = 0; testnum < size_num; testnum++) {
2054 print_message(names[D_SHA512], c[D_SHA512][testnum],
2055 lengths[testnum], seconds.sym);
2056 Time_F(START);
2057 count = run_benchmark(async_jobs, SHA512_loop, loopargs);
2058 d = Time_F(STOP);
2059 print_result(D_SHA512, testnum, count, d);
2060 if (count < 0)
2061 break;
2062 }
2063 }
2064
2065 if (doit[D_WHIRLPOOL]) {
2066 for (testnum = 0; testnum < size_num; testnum++) {
2067 print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum],
2068 lengths[testnum], seconds.sym);
2069 Time_F(START);
2070 count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
2071 d = Time_F(STOP);
2072 print_result(D_WHIRLPOOL, testnum, count, d);
2073 if (count < 0)
2074 break;
2075 }
2076 }
2077
2078 if (doit[D_RMD160]) {
2079 for (testnum = 0; testnum < size_num; testnum++) {
2080 print_message(names[D_RMD160], c[D_RMD160][testnum],
2081 lengths[testnum], seconds.sym);
2082 Time_F(START);
2083 count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
2084 d = Time_F(STOP);
2085 print_result(D_RMD160, testnum, count, d);
2086 if (count < 0)
2087 break;
2088 }
2089 }
2090
2091 if (doit[D_HMAC]) {
2092 static const char hmac_key[] = "This is a key...";
2093 int len = strlen(hmac_key);
2094 size_t hmac_name_len = sizeof("hmac()") + strlen(evp_mac_mdname);
2095 OSSL_PARAM params[3];
2096
2097 mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC", app_get0_propq());
2098 if (mac == NULL || evp_mac_mdname == NULL)
2099 goto end;
2100 evp_hmac_name = app_malloc(hmac_name_len, "HMAC name");
2101 BIO_snprintf(evp_hmac_name, hmac_name_len, "hmac(%s)", evp_mac_mdname);
2102 names[D_HMAC] = evp_hmac_name;
2103
2104 params[0] =
2105 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
2106 evp_mac_mdname, 0);
2107 params[1] =
2108 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
2109 (char *)hmac_key, len);
2110 params[2] = OSSL_PARAM_construct_end();
2111
2112 for (i = 0; i < loopargs_len; i++) {
2113 loopargs[i].mctx = EVP_MAC_CTX_new(mac);
2114 if (loopargs[i].mctx == NULL)
2115 goto end;
2116
2117 if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
2118 goto skip_hmac; /* Digest not found */
2119 }
2120 for (testnum = 0; testnum < size_num; testnum++) {
2121 print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
2122 seconds.sym);
2123 Time_F(START);
2124 count = run_benchmark(async_jobs, HMAC_loop, loopargs);
2125 d = Time_F(STOP);
2126 print_result(D_HMAC, testnum, count, d);
2127 if (count < 0)
2128 break;
2129 }
2130 for (i = 0; i < loopargs_len; i++)
2131 EVP_MAC_CTX_free(loopargs[i].mctx);
2132 EVP_MAC_free(mac);
2133 mac = NULL;
2134 }
2135 skip_hmac:
2136 if (doit[D_CBC_DES]) {
2137 int st = 1;
2138
2139 for (i = 0; st && i < loopargs_len; i++) {
2140 loopargs[i].ctx = init_evp_cipher_ctx("des-cbc", deskey,
2141 sizeof(deskey) / 3);
2142 st = loopargs[i].ctx != NULL;
2143 }
2144 algindex = D_CBC_DES;
2145 for (testnum = 0; st && testnum < size_num; testnum++) {
2146 print_message(names[D_CBC_DES], c[D_CBC_DES][testnum],
2147 lengths[testnum], seconds.sym);
2148 Time_F(START);
2149 count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2150 d = Time_F(STOP);
2151 print_result(D_CBC_DES, testnum, count, d);
2152 }
2153 for (i = 0; i < loopargs_len; i++)
2154 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2155 }
2156
2157 if (doit[D_EDE3_DES]) {
2158 int st = 1;
2159
2160 for (i = 0; st && i < loopargs_len; i++) {
2161 loopargs[i].ctx = init_evp_cipher_ctx("des-ede3-cbc", deskey,
2162 sizeof(deskey));
2163 st = loopargs[i].ctx != NULL;
2164 }
2165 algindex = D_EDE3_DES;
2166 for (testnum = 0; st && testnum < size_num; testnum++) {
2167 print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum],
2168 lengths[testnum], seconds.sym);
2169 Time_F(START);
2170 count =
2171 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2172 d = Time_F(STOP);
2173 print_result(D_EDE3_DES, testnum, count, d);
2174 }
2175 for (i = 0; i < loopargs_len; i++)
2176 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2177 }
2178
2179 for (k = 0; k < 3; k++) {
2180 algindex = D_CBC_128_AES + k;
2181 if (doit[algindex]) {
2182 int st = 1;
2183
2184 keylen = 16 + k * 8;
2185 for (i = 0; st && i < loopargs_len; i++) {
2186 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2187 key32, keylen);
2188 st = loopargs[i].ctx != NULL;
2189 }
2190
2191 for (testnum = 0; st && testnum < size_num; testnum++) {
2192 print_message(names[algindex], c[algindex][testnum],
2193 lengths[testnum], seconds.sym);
2194 Time_F(START);
2195 count =
2196 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2197 d = Time_F(STOP);
2198 print_result(algindex, testnum, count, d);
2199 }
2200 for (i = 0; i < loopargs_len; i++)
2201 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2202 }
2203 }
2204
2205 for (k = 0; k < 3; k++) {
2206 algindex = D_CBC_128_CML + k;
2207 if (doit[algindex]) {
2208 int st = 1;
2209
2210 keylen = 16 + k * 8;
2211 for (i = 0; st && i < loopargs_len; i++) {
2212 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2213 key32, keylen);
2214 st = loopargs[i].ctx != NULL;
2215 }
2216
2217 for (testnum = 0; st && testnum < size_num; testnum++) {
2218 print_message(names[algindex], c[algindex][testnum],
2219 lengths[testnum], seconds.sym);
2220 Time_F(START);
2221 count =
2222 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2223 d = Time_F(STOP);
2224 print_result(algindex, testnum, count, d);
2225 }
2226 for (i = 0; i < loopargs_len; i++)
2227 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2228 }
2229 }
2230
2231 for (algindex = D_RC4; algindex <= D_CBC_CAST; algindex++) {
2232 if (doit[algindex]) {
2233 int st = 1;
2234
2235 keylen = 16;
2236 for (i = 0; st && i < loopargs_len; i++) {
2237 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2238 key32, keylen);
2239 st = loopargs[i].ctx != NULL;
2240 }
2241
2242 for (testnum = 0; st && testnum < size_num; testnum++) {
2243 print_message(names[algindex], c[algindex][testnum],
2244 lengths[testnum], seconds.sym);
2245 Time_F(START);
2246 count =
2247 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2248 d = Time_F(STOP);
2249 print_result(algindex, testnum, count, d);
2250 }
2251 for (i = 0; i < loopargs_len; i++)
2252 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2253 }
2254 }
2255 if (doit[D_GHASH]) {
2256 static const char gmac_iv[] = "0123456789ab";
2257 OSSL_PARAM params[3];
2258
2259 mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC", app_get0_propq());
2260 if (mac == NULL)
2261 goto end;
2262
2263 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
2264 "aes-128-gcm", 0);
2265 params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
2266 (char *)gmac_iv,
2267 sizeof(gmac_iv) - 1);
2268 params[2] = OSSL_PARAM_construct_end();
2269
2270 for (i = 0; i < loopargs_len; i++) {
2271 loopargs[i].mctx = EVP_MAC_CTX_new(mac);
2272 if (loopargs[i].mctx == NULL)
2273 goto end;
2274
2275 if (!EVP_MAC_init(loopargs[i].mctx, key32, 16, params))
2276 goto end;
2277 }
2278 for (testnum = 0; testnum < size_num; testnum++) {
2279 print_message(names[D_GHASH], c[D_GHASH][testnum], lengths[testnum],
2280 seconds.sym);
2281 Time_F(START);
2282 count = run_benchmark(async_jobs, GHASH_loop, loopargs);
2283 d = Time_F(STOP);
2284 print_result(D_GHASH, testnum, count, d);
2285 if (count < 0)
2286 break;
2287 }
2288 for (i = 0; i < loopargs_len; i++)
2289 EVP_MAC_CTX_free(loopargs[i].mctx);
2290 EVP_MAC_free(mac);
2291 mac = NULL;
2292 }
2293
2294 if (doit[D_RAND]) {
2295 for (testnum = 0; testnum < size_num; testnum++) {
2296 print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum],
2297 seconds.sym);
2298 Time_F(START);
2299 count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs);
2300 d = Time_F(STOP);
2301 print_result(D_RAND, testnum, count, d);
2302 }
2303 }
2304
2305 /*-
2306 * There are three scenarios for D_EVP:
2307 * 1- Using authenticated encryption (AE) e.g. CCM, GCM, OCB etc.
2308 * 2- Using AE + associated data (AD) i.e. AEAD using CCM, GCM, OCB etc.
2309 * 3- Not using AE or AD e.g. ECB, CBC, CFB etc.
2310 */
2311 if (doit[D_EVP]) {
2312 if (evp_cipher != NULL) {
2313 int (*loopfunc) (void *);
2314 int outlen = 0;
2315 unsigned int ae_mode = 0;
2316
2317 if (multiblock && (EVP_CIPHER_get_flags(evp_cipher)
2318 & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
2319 multiblock_speed(evp_cipher, lengths_single, &seconds);
2320 ret = 0;
2321 goto end;
2322 }
2323
2324 names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher);
2325
2326 mode_op = EVP_CIPHER_get_mode(evp_cipher);
2327
2328 if (aead) {
2329 if (lengths == lengths_list) {
2330 lengths = aead_lengths_list;
2331 size_num = OSSL_NELEM(aead_lengths_list);
2332 }
2333 }
2334 if (mode_op == EVP_CIPH_GCM_MODE
2335 || mode_op == EVP_CIPH_CCM_MODE
2336 || mode_op == EVP_CIPH_OCB_MODE
2337 || mode_op == EVP_CIPH_SIV_MODE) {
2338 ae_mode = 1;
2339 if (decrypt)
2340 loopfunc = EVP_Update_loop_aead_dec;
2341 else
2342 loopfunc = EVP_Update_loop_aead_enc;
2343 } else {
2344 loopfunc = EVP_Update_loop;
2345 }
2346
2347 for (testnum = 0; testnum < size_num; testnum++) {
2348 print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
2349 seconds.sym);
2350
2351 for (k = 0; k < loopargs_len; k++) {
2352 loopargs[k].ctx = EVP_CIPHER_CTX_new();
2353 if (loopargs[k].ctx == NULL) {
2354 BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
2355 exit(1);
2356 }
2357
2358 /*
2359 * For AE modes, we must first encrypt the data to get
2360 * a valid tag that enables us to decrypt. If we don't
2361 * encrypt first, we won't have a valid tag that enables
2362 * authenticity and hence decryption will fail.
2363 */
2364 if (!EVP_CipherInit_ex(loopargs[k].ctx,
2365 evp_cipher, NULL, NULL, NULL,
2366 ae_mode ? 1 : !decrypt)) {
2367 BIO_printf(bio_err, "\nCouldn't init the context\n");
2368 ERR_print_errors(bio_err);
2369 exit(1);
2370 }
2371
2372 /* Padding isn't needed */
2373 EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
2374
2375 keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx);
2376 loopargs[k].key = app_malloc(keylen, "evp_cipher key");
2377 EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
2378
2379 if (!ae_mode) {
2380 if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
2381 loopargs[k].key, iv, -1)) {
2382 BIO_printf(bio_err, "\nFailed to set the key\n");
2383 ERR_print_errors(bio_err);
2384 exit(1);
2385 }
2386 } else if (mode_op == EVP_CIPH_SIV_MODE) {
2387 EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
2388 EVP_CTRL_SET_SPEED, 1, NULL);
2389 }
2390 if (ae_mode && decrypt) {
2391 /* Set length of iv (Doesn't apply to SIV mode) */
2392 if (mode_op != EVP_CIPH_SIV_MODE) {
2393 if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
2394 EVP_CTRL_AEAD_SET_IVLEN,
2395 aead_ivlen, NULL)) {
2396 BIO_printf(bio_err, "\nFailed to set iv length\n");
2397 ERR_print_errors(bio_err);
2398 exit(1);
2399 }
2400 }
2401 /* Set tag_len (Not for SIV at encryption stage) */
2402 if (mode_op != EVP_CIPH_GCM_MODE
2403 && mode_op != EVP_CIPH_SIV_MODE) {
2404 if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
2405 EVP_CTRL_AEAD_SET_TAG,
2406 TAG_LEN, NULL)) {
2407 BIO_printf(bio_err,
2408 "\nFailed to set tag length\n");
2409 ERR_print_errors(bio_err);
2410 exit(1);
2411 }
2412 }
2413 if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
2414 loopargs[k].key, aead_iv, -1)) {
2415 BIO_printf(bio_err, "\nFailed to set the key\n");
2416 ERR_print_errors(bio_err);
2417 exit(1);
2418 }
2419 /* Set total length of input. Only required for CCM */
2420 if (mode_op == EVP_CIPH_CCM_MODE) {
2421 if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
2422 &outlen, NULL,
2423 lengths[testnum])) {
2424 BIO_printf(bio_err,
2425 "\nCouldn't set input text length\n");
2426 ERR_print_errors(bio_err);
2427 exit(1);
2428 }
2429 }
2430 if (aead) {
2431 if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
2432 &outlen, aad, sizeof(aad))) {
2433 BIO_printf(bio_err,
2434 "\nCouldn't insert AAD when encrypting\n");
2435 ERR_print_errors(bio_err);
2436 exit(1);
2437 }
2438 }
2439 if (!EVP_EncryptUpdate(loopargs[k].ctx, loopargs[k].buf,
2440 &outlen, loopargs[k].buf,
2441 lengths[testnum])) {
2442 BIO_printf(bio_err,
2443 "\nFailed to to encrypt the data\n");
2444 ERR_print_errors(bio_err);
2445 exit(1);
2446 }
2447
2448 if (!EVP_EncryptFinal_ex(loopargs[k].ctx,
2449 loopargs[k].buf, &outlen)) {
2450 BIO_printf(bio_err,
2451 "\nFailed finalize the encryption\n");
2452 ERR_print_errors(bio_err);
2453 exit(1);
2454 }
2455
2456 if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
2457 EVP_CTRL_AEAD_GET_TAG,
2458 TAG_LEN, &loopargs[k].tag)) {
2459 BIO_printf(bio_err, "\nFailed to get the tag\n");
2460 ERR_print_errors(bio_err);
2461 exit(1);
2462 }
2463
2464 EVP_CIPHER_CTX_free(loopargs[k].ctx);
2465 loopargs[k].ctx = EVP_CIPHER_CTX_new();
2466 if (loopargs[k].ctx == NULL) {
2467 BIO_printf(bio_err,
2468 "\nEVP_CIPHER_CTX_new failure\n");
2469 exit(1);
2470 }
2471 if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher,
2472 NULL, NULL, NULL, 0)) {
2473 BIO_printf(bio_err,
2474 "\nFailed initializing the context\n");
2475 ERR_print_errors(bio_err);
2476 exit(1);
2477 }
2478
2479 EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
2480
2481 /* SIV only allows for one Update operation */
2482 if (mode_op == EVP_CIPH_SIV_MODE)
2483 EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
2484 EVP_CTRL_SET_SPEED, 1, NULL);
2485 }
2486 }
2487
2488 Time_F(START);
2489 count = run_benchmark(async_jobs, loopfunc, loopargs);
2490 d = Time_F(STOP);
2491 for (k = 0; k < loopargs_len; k++) {
2492 OPENSSL_clear_free(loopargs[k].key, keylen);
2493 EVP_CIPHER_CTX_free(loopargs[k].ctx);
2494 }
2495 print_result(D_EVP, testnum, count, d);
2496 }
2497 } else if (evp_md_name != NULL) {
2498 names[D_EVP] = evp_md_name;
2499
2500 for (testnum = 0; testnum < size_num; testnum++) {
2501 print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
2502 seconds.sym);
2503 Time_F(START);
2504 count = run_benchmark(async_jobs, EVP_Digest_md_loop, loopargs);
2505 d = Time_F(STOP);
2506 print_result(D_EVP, testnum, count, d);
2507 if (count < 0)
2508 break;
2509 }
2510 }
2511 }
2512
2513 if (doit[D_EVP_CMAC]) {
2514 size_t len = sizeof("cmac()") + strlen(evp_mac_ciphername);
2515 OSSL_PARAM params[3];
2516 EVP_CIPHER *cipher = NULL;
2517
2518 mac = EVP_MAC_fetch(app_get0_libctx(), "CMAC", app_get0_propq());
2519 if (mac == NULL || evp_mac_ciphername == NULL)
2520 goto end;
2521 if (!opt_cipher(evp_mac_ciphername, &cipher))
2522 goto end;
2523
2524 keylen = EVP_CIPHER_get_key_length(cipher);
2525 EVP_CIPHER_free(cipher);
2526 if (keylen <= 0 || keylen > (int)sizeof(key32)) {
2527 BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n");
2528 goto end;
2529 }
2530 evp_cmac_name = app_malloc(len, "CMAC name");
2531 BIO_snprintf(evp_cmac_name, len, "cmac(%s)", evp_mac_ciphername);
2532 names[D_EVP_CMAC] = evp_cmac_name;
2533
2534 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
2535 evp_mac_ciphername, 0);
2536 params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
2537 (char *)key32, keylen);
2538 params[2] = OSSL_PARAM_construct_end();
2539
2540 for (i = 0; i < loopargs_len; i++) {
2541 loopargs[i].mctx = EVP_MAC_CTX_new(mac);
2542 if (loopargs[i].mctx == NULL)
2543 goto end;
2544
2545 if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
2546 goto end;
2547 }
2548
2549 for (testnum = 0; testnum < size_num; testnum++) {
2550 print_message(names[D_EVP_CMAC], c[D_EVP_CMAC][testnum],
2551 lengths[testnum], seconds.sym);
2552 Time_F(START);
2553 count = run_benchmark(async_jobs, CMAC_loop, loopargs);
2554 d = Time_F(STOP);
2555 print_result(D_EVP_CMAC, testnum, count, d);
2556 if (count < 0)
2557 break;
2558 }
2559 for (i = 0; i < loopargs_len; i++)
2560 EVP_MAC_CTX_free(loopargs[i].mctx);
2561 EVP_MAC_free(mac);
2562 mac = NULL;
2563 }
2564
2565 for (i = 0; i < loopargs_len; i++)
2566 if (RAND_bytes(loopargs[i].buf, 36) <= 0)
2567 goto end;
2568
2569 for (testnum = 0; testnum < RSA_NUM; testnum++) {
2570 EVP_PKEY *rsa_key = NULL;
2571 int st = 0;
2572
2573 if (!rsa_doit[testnum])
2574 continue;
2575
2576 if (primes > RSA_DEFAULT_PRIME_NUM) {
2577 /* we haven't set keys yet, generate multi-prime RSA keys */
2578 bn = BN_new();
2579 st = bn != NULL
2580 && BN_set_word(bn, RSA_F4)
2581 && init_gen_str(&genctx, "RSA", NULL, 0, NULL, NULL)
2582 && EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, rsa_keys[testnum].bits) > 0
2583 && EVP_PKEY_CTX_set1_rsa_keygen_pubexp(genctx, bn) > 0
2584 && EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) > 0
2585 && EVP_PKEY_keygen(genctx, &rsa_key);
2586 BN_free(bn);
2587 bn = NULL;
2588 EVP_PKEY_CTX_free(genctx);
2589 genctx = NULL;
2590 } else {
2591 const unsigned char *p = rsa_keys[testnum].data;
2592
2593 st = (rsa_key = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p,
2594 rsa_keys[testnum].length)) != NULL;
2595 }
2596
2597 for (i = 0; st && i < loopargs_len; i++) {
2598 loopargs[i].rsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL);
2599 loopargs[i].sigsize = loopargs[i].buflen;
2600 if (loopargs[i].rsa_sign_ctx[testnum] == NULL
2601 || EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0
2602 || EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum],
2603 loopargs[i].buf2,
2604 &loopargs[i].sigsize,
2605 loopargs[i].buf, 36) <= 0)
2606 st = 0;
2607 }
2608 if (!st) {
2609 BIO_printf(bio_err,
2610 "RSA sign setup failure. No RSA sign will be done.\n");
2611 ERR_print_errors(bio_err);
2612 op_count = 1;
2613 } else {
2614 pkey_print_message("private", "rsa",
2615 rsa_c[testnum][0], rsa_keys[testnum].bits,
2616 seconds.rsa);
2617 /* RSA_blinding_on(rsa_key[testnum],NULL); */
2618 Time_F(START);
2619 count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
2620 d = Time_F(STOP);
2621 BIO_printf(bio_err,
2622 mr ? "+R1:%ld:%d:%.2f\n"
2623 : "%ld %u bits private RSA's in %.2fs\n",
2624 count, rsa_keys[testnum].bits, d);
2625 rsa_results[testnum][0] = (double)count / d;
2626 op_count = count;
2627 }
2628
2629 for (i = 0; st && i < loopargs_len; i++) {
2630 loopargs[i].rsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key,
2631 NULL);
2632 if (loopargs[i].rsa_verify_ctx[testnum] == NULL
2633 || EVP_PKEY_verify_init(loopargs[i].rsa_verify_ctx[testnum]) <= 0
2634 || EVP_PKEY_verify(loopargs[i].rsa_verify_ctx[testnum],
2635 loopargs[i].buf2,
2636 loopargs[i].sigsize,
2637 loopargs[i].buf, 36) <= 0)
2638 st = 0;
2639 }
2640 if (!st) {
2641 BIO_printf(bio_err,
2642 "RSA verify setup failure. No RSA verify will be done.\n");
2643 ERR_print_errors(bio_err);
2644 rsa_doit[testnum] = 0;
2645 } else {
2646 pkey_print_message("public", "rsa",
2647 rsa_c[testnum][1], rsa_keys[testnum].bits,
2648 seconds.rsa);
2649 Time_F(START);
2650 count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
2651 d = Time_F(STOP);
2652 BIO_printf(bio_err,
2653 mr ? "+R2:%ld:%d:%.2f\n"
2654 : "%ld %u bits public RSA's in %.2fs\n",
2655 count, rsa_keys[testnum].bits, d);
2656 rsa_results[testnum][1] = (double)count / d;
2657 }
2658
2659 if (op_count <= 1) {
2660 /* if longer than 10s, don't do any more */
2661 stop_it(rsa_doit, testnum);
2662 }
2663 EVP_PKEY_free(rsa_key);
2664 }
2665
2666 for (testnum = 0; testnum < DSA_NUM; testnum++) {
2667 EVP_PKEY *dsa_key = NULL;
2668 int st;
2669
2670 if (!dsa_doit[testnum])
2671 continue;
2672
2673 st = (dsa_key = get_dsa(dsa_bits[testnum])) != NULL;
2674
2675 for (i = 0; st && i < loopargs_len; i++) {
2676 loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
2677 NULL);
2678 loopargs[i].sigsize = loopargs[i].buflen;
2679 if (loopargs[i].dsa_sign_ctx[testnum] == NULL
2680 || EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0
2681
2682 || EVP_PKEY_sign(loopargs[i].dsa_sign_ctx[testnum],
2683 loopargs[i].buf2,
2684 &loopargs[i].sigsize,
2685 loopargs[i].buf, 20) <= 0)
2686 st = 0;
2687 }
2688 if (!st) {
2689 BIO_printf(bio_err,
2690 "DSA sign setup failure. No DSA sign will be done.\n");
2691 ERR_print_errors(bio_err);
2692 op_count = 1;
2693 } else {
2694 pkey_print_message("sign", "dsa",
2695 dsa_c[testnum][0], dsa_bits[testnum],
2696 seconds.dsa);
2697 Time_F(START);
2698 count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
2699 d = Time_F(STOP);
2700 BIO_printf(bio_err,
2701 mr ? "+R3:%ld:%u:%.2f\n"
2702 : "%ld %u bits DSA signs in %.2fs\n",
2703 count, dsa_bits[testnum], d);
2704 dsa_results[testnum][0] = (double)count / d;
2705 op_count = count;
2706 }
2707
2708 for (i = 0; st && i < loopargs_len; i++) {
2709 loopargs[i].dsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
2710 NULL);
2711 if (loopargs[i].dsa_verify_ctx[testnum] == NULL
2712 || EVP_PKEY_verify_init(loopargs[i].dsa_verify_ctx[testnum]) <= 0
2713 || EVP_PKEY_verify(loopargs[i].dsa_verify_ctx[testnum],
2714 loopargs[i].buf2,
2715 loopargs[i].sigsize,
2716 loopargs[i].buf, 36) <= 0)
2717 st = 0;
2718 }
2719 if (!st) {
2720 BIO_printf(bio_err,
2721 "DSA verify setup failure. No DSA verify will be done.\n");
2722 ERR_print_errors(bio_err);
2723 dsa_doit[testnum] = 0;
2724 } else {
2725 pkey_print_message("verify", "dsa",
2726 dsa_c[testnum][1], dsa_bits[testnum],
2727 seconds.dsa);
2728 Time_F(START);
2729 count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
2730 d = Time_F(STOP);
2731 BIO_printf(bio_err,
2732 mr ? "+R4:%ld:%u:%.2f\n"
2733 : "%ld %u bits DSA verify in %.2fs\n",
2734 count, dsa_bits[testnum], d);
2735 dsa_results[testnum][1] = (double)count / d;
2736 }
2737
2738 if (op_count <= 1) {
2739 /* if longer than 10s, don't do any more */
2740 stop_it(dsa_doit, testnum);
2741 }
2742 EVP_PKEY_free(dsa_key);
2743 }
2744
2745 for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
2746 EVP_PKEY *ecdsa_key = NULL;
2747 int st;
2748
2749 if (!ecdsa_doit[testnum])
2750 continue;
2751
2752 st = (ecdsa_key = get_ecdsa(&ec_curves[testnum])) != NULL;
2753
2754 for (i = 0; st && i < loopargs_len; i++) {
2755 loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
2756 NULL);
2757 loopargs[i].sigsize = loopargs[i].buflen;
2758 if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL
2759 || EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0
2760
2761 || EVP_PKEY_sign(loopargs[i].ecdsa_sign_ctx[testnum],
2762 loopargs[i].buf2,
2763 &loopargs[i].sigsize,
2764 loopargs[i].buf, 20) <= 0)
2765 st = 0;
2766 }
2767 if (!st) {
2768 BIO_printf(bio_err,
2769 "ECDSA sign setup failure. No ECDSA sign will be done.\n");
2770 ERR_print_errors(bio_err);
2771 op_count = 1;
2772 } else {
2773 pkey_print_message("sign", "ecdsa",
2774 ecdsa_c[testnum][0], ec_curves[testnum].bits,
2775 seconds.ecdsa);
2776 Time_F(START);
2777 count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
2778 d = Time_F(STOP);
2779 BIO_printf(bio_err,
2780 mr ? "+R5:%ld:%u:%.2f\n"
2781 : "%ld %u bits ECDSA signs in %.2fs\n",
2782 count, ec_curves[testnum].bits, d);
2783 ecdsa_results[testnum][0] = (double)count / d;
2784 op_count = count;
2785 }
2786
2787 for (i = 0; st && i < loopargs_len; i++) {
2788 loopargs[i].ecdsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
2789 NULL);
2790 if (loopargs[i].ecdsa_verify_ctx[testnum] == NULL
2791 || EVP_PKEY_verify_init(loopargs[i].ecdsa_verify_ctx[testnum]) <= 0
2792 || EVP_PKEY_verify(loopargs[i].ecdsa_verify_ctx[testnum],
2793 loopargs[i].buf2,
2794 loopargs[i].sigsize,
2795 loopargs[i].buf, 20) <= 0)
2796 st = 0;
2797 }
2798 if (!st) {
2799 BIO_printf(bio_err,
2800 "ECDSA verify setup failure. No ECDSA verify will be done.\n");
2801 ERR_print_errors(bio_err);
2802 ecdsa_doit[testnum] = 0;
2803 } else {
2804 pkey_print_message("verify", "ecdsa",
2805 ecdsa_c[testnum][1], ec_curves[testnum].bits,
2806 seconds.ecdsa);
2807 Time_F(START);
2808 count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
2809 d = Time_F(STOP);
2810 BIO_printf(bio_err,
2811 mr ? "+R6:%ld:%u:%.2f\n"
2812 : "%ld %u bits ECDSA verify in %.2fs\n",
2813 count, ec_curves[testnum].bits, d);
2814 ecdsa_results[testnum][1] = (double)count / d;
2815 }
2816
2817 if (op_count <= 1) {
2818 /* if longer than 10s, don't do any more */
2819 stop_it(ecdsa_doit, testnum);
2820 }
2821 }
2822
2823 for (testnum = 0; testnum < EC_NUM; testnum++) {
2824 int ecdh_checks = 1;
2825
2826 if (!ecdh_doit[testnum])
2827 continue;
2828
2829 for (i = 0; i < loopargs_len; i++) {
2830 EVP_PKEY_CTX *test_ctx = NULL;
2831 EVP_PKEY_CTX *ctx = NULL;
2832 EVP_PKEY *key_A = NULL;
2833 EVP_PKEY *key_B = NULL;
2834 size_t outlen;
2835 size_t test_outlen;
2836
2837 if ((key_A = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key A */
2838 || (key_B = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key B */
2839 || (ctx = EVP_PKEY_CTX_new(key_A, NULL)) == NULL /* derivation ctx from skeyA */
2840 || EVP_PKEY_derive_init(ctx) <= 0 /* init derivation ctx */
2841 || EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 /* set peer pubkey in ctx */
2842 || EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 /* determine max length */
2843 || outlen == 0 /* ensure outlen is a valid size */
2844 || outlen > MAX_ECDH_SIZE /* avoid buffer overflow */) {
2845 ecdh_checks = 0;
2846 BIO_printf(bio_err, "ECDH key generation failure.\n");
2847 ERR_print_errors(bio_err);
2848 op_count = 1;
2849 break;
2850 }
2851
2852 /*
2853 * Here we perform a test run, comparing the output of a*B and b*A;
2854 * we try this here and assume that further EVP_PKEY_derive calls
2855 * never fail, so we can skip checks in the actually benchmarked
2856 * code, for maximum performance.
2857 */
2858 if ((test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) == NULL /* test ctx from skeyB */
2859 || EVP_PKEY_derive_init(test_ctx) <= 0 /* init derivation test_ctx */
2860 || EVP_PKEY_derive_set_peer(test_ctx, key_A) <= 0 /* set peer pubkey in test_ctx */
2861 || EVP_PKEY_derive(test_ctx, NULL, &test_outlen) <= 0 /* determine max length */
2862 || EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) <= 0 /* compute a*B */
2863 || EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) <= 0 /* compute b*A */
2864 || test_outlen != outlen /* compare output length */) {
2865 ecdh_checks = 0;
2866 BIO_printf(bio_err, "ECDH computation failure.\n");
2867 ERR_print_errors(bio_err);
2868 op_count = 1;
2869 break;
2870 }
2871
2872 /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
2873 if (CRYPTO_memcmp(loopargs[i].secret_a,
2874 loopargs[i].secret_b, outlen)) {
2875 ecdh_checks = 0;
2876 BIO_printf(bio_err, "ECDH computations don't match.\n");
2877 ERR_print_errors(bio_err);
2878 op_count = 1;
2879 break;
2880 }
2881
2882 loopargs[i].ecdh_ctx[testnum] = ctx;
2883 loopargs[i].outlen[testnum] = outlen;
2884
2885 EVP_PKEY_free(key_A);
2886 EVP_PKEY_free(key_B);
2887 EVP_PKEY_CTX_free(test_ctx);
2888 test_ctx = NULL;
2889 }
2890 if (ecdh_checks != 0) {
2891 pkey_print_message("", "ecdh",
2892 ecdh_c[testnum][0],
2893 ec_curves[testnum].bits, seconds.ecdh);
2894 Time_F(START);
2895 count =
2896 run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
2897 d = Time_F(STOP);
2898 BIO_printf(bio_err,
2899 mr ? "+R7:%ld:%d:%.2f\n" :
2900 "%ld %u-bits ECDH ops in %.2fs\n", count,
2901 ec_curves[testnum].bits, d);
2902 ecdh_results[testnum][0] = (double)count / d;
2903 op_count = count;
2904 }
2905
2906 if (op_count <= 1) {
2907 /* if longer than 10s, don't do any more */
2908 stop_it(ecdh_doit, testnum);
2909 }
2910 }
2911
2912 for (testnum = 0; testnum < EdDSA_NUM; testnum++) {
2913 int st = 1;
2914 EVP_PKEY *ed_pkey = NULL;
2915 EVP_PKEY_CTX *ed_pctx = NULL;
2916
2917 if (!eddsa_doit[testnum])
2918 continue; /* Ignore Curve */
2919 for (i = 0; i < loopargs_len; i++) {
2920 loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new();
2921 if (loopargs[i].eddsa_ctx[testnum] == NULL) {
2922 st = 0;
2923 break;
2924 }
2925 loopargs[i].eddsa_ctx2[testnum] = EVP_MD_CTX_new();
2926 if (loopargs[i].eddsa_ctx2[testnum] == NULL) {
2927 st = 0;
2928 break;
2929 }
2930
2931 if ((ed_pctx = EVP_PKEY_CTX_new_id(ed_curves[testnum].nid,
2932 NULL)) == NULL
2933 || EVP_PKEY_keygen_init(ed_pctx) <= 0
2934 || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) {
2935 st = 0;
2936 EVP_PKEY_CTX_free(ed_pctx);
2937 break;
2938 }
2939 EVP_PKEY_CTX_free(ed_pctx);
2940
2941 if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL,
2942 NULL, ed_pkey)) {
2943 st = 0;
2944 EVP_PKEY_free(ed_pkey);
2945 break;
2946 }
2947 if (!EVP_DigestVerifyInit(loopargs[i].eddsa_ctx2[testnum], NULL,
2948 NULL, NULL, ed_pkey)) {
2949 st = 0;
2950 EVP_PKEY_free(ed_pkey);
2951 break;
2952 }
2953
2954 EVP_PKEY_free(ed_pkey);
2955 ed_pkey = NULL;
2956 }
2957 if (st == 0) {
2958 BIO_printf(bio_err, "EdDSA failure.\n");
2959 ERR_print_errors(bio_err);
2960 op_count = 1;
2961 } else {
2962 for (i = 0; i < loopargs_len; i++) {
2963 /* Perform EdDSA signature test */
2964 loopargs[i].sigsize = ed_curves[testnum].sigsize;
2965 st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum],
2966 loopargs[i].buf2, &loopargs[i].sigsize,
2967 loopargs[i].buf, 20);
2968 if (st == 0)
2969 break;
2970 }
2971 if (st == 0) {
2972 BIO_printf(bio_err,
2973 "EdDSA sign failure. No EdDSA sign will be done.\n");
2974 ERR_print_errors(bio_err);
2975 op_count = 1;
2976 } else {
2977 pkey_print_message("sign", ed_curves[testnum].name,
2978 eddsa_c[testnum][0],
2979 ed_curves[testnum].bits, seconds.eddsa);
2980 Time_F(START);
2981 count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs);
2982 d = Time_F(STOP);
2983
2984 BIO_printf(bio_err,
2985 mr ? "+R8:%ld:%u:%s:%.2f\n" :
2986 "%ld %u bits %s signs in %.2fs \n",
2987 count, ed_curves[testnum].bits,
2988 ed_curves[testnum].name, d);
2989 eddsa_results[testnum][0] = (double)count / d;
2990 op_count = count;
2991 }
2992 /* Perform EdDSA verification test */
2993 for (i = 0; i < loopargs_len; i++) {
2994 st = EVP_DigestVerify(loopargs[i].eddsa_ctx2[testnum],
2995 loopargs[i].buf2, loopargs[i].sigsize,
2996 loopargs[i].buf, 20);
2997 if (st != 1)
2998 break;
2999 }
3000 if (st != 1) {
3001 BIO_printf(bio_err,
3002 "EdDSA verify failure. No EdDSA verify will be done.\n");
3003 ERR_print_errors(bio_err);
3004 eddsa_doit[testnum] = 0;
3005 } else {
3006 pkey_print_message("verify", ed_curves[testnum].name,
3007 eddsa_c[testnum][1],
3008 ed_curves[testnum].bits, seconds.eddsa);
3009 Time_F(START);
3010 count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs);
3011 d = Time_F(STOP);
3012 BIO_printf(bio_err,
3013 mr ? "+R9:%ld:%u:%s:%.2f\n"
3014 : "%ld %u bits %s verify in %.2fs\n",
3015 count, ed_curves[testnum].bits,
3016 ed_curves[testnum].name, d);
3017 eddsa_results[testnum][1] = (double)count / d;
3018 }
3019
3020 if (op_count <= 1) {
3021 /* if longer than 10s, don't do any more */
3022 stop_it(eddsa_doit, testnum);
3023 }
3024 }
3025 }
3026
3027 #ifndef OPENSSL_NO_SM2
3028 for (testnum = 0; testnum < SM2_NUM; testnum++) {
3029 int st = 1;
3030 EVP_PKEY *sm2_pkey = NULL;
3031
3032 if (!sm2_doit[testnum])
3033 continue; /* Ignore Curve */
3034 /* Init signing and verification */
3035 for (i = 0; i < loopargs_len; i++) {
3036 EVP_PKEY_CTX *sm2_pctx = NULL;
3037 EVP_PKEY_CTX *sm2_vfy_pctx = NULL;
3038 EVP_PKEY_CTX *pctx = NULL;
3039 st = 0;
3040
3041 loopargs[i].sm2_ctx[testnum] = EVP_MD_CTX_new();
3042 loopargs[i].sm2_vfy_ctx[testnum] = EVP_MD_CTX_new();
3043 if (loopargs[i].sm2_ctx[testnum] == NULL
3044 || loopargs[i].sm2_vfy_ctx[testnum] == NULL)
3045 break;
3046
3047 sm2_pkey = NULL;
3048
3049 st = !((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL)) == NULL
3050 || EVP_PKEY_keygen_init(pctx) <= 0
3051 || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
3052 sm2_curves[testnum].nid) <= 0
3053 || EVP_PKEY_keygen(pctx, &sm2_pkey) <= 0);
3054 EVP_PKEY_CTX_free(pctx);
3055 if (st == 0)
3056 break;
3057
3058 st = 0; /* set back to zero */
3059 /* attach it sooner to rely on main final cleanup */
3060 loopargs[i].sm2_pkey[testnum] = sm2_pkey;
3061 loopargs[i].sigsize = EVP_PKEY_get_size(sm2_pkey);
3062
3063 sm2_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
3064 sm2_vfy_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
3065 if (sm2_pctx == NULL || sm2_vfy_pctx == NULL) {
3066 EVP_PKEY_CTX_free(sm2_vfy_pctx);
3067 break;
3068 }
3069
3070 /* attach them directly to respective ctx */
3071 EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_ctx[testnum], sm2_pctx);
3072 EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_vfy_ctx[testnum], sm2_vfy_pctx);
3073
3074 /*
3075 * No need to allow user to set an explicit ID here, just use
3076 * the one defined in the 'draft-yang-tls-tl13-sm-suites' I-D.
3077 */
3078 if (EVP_PKEY_CTX_set1_id(sm2_pctx, SM2_ID, SM2_ID_LEN) != 1
3079 || EVP_PKEY_CTX_set1_id(sm2_vfy_pctx, SM2_ID, SM2_ID_LEN) != 1)
3080 break;
3081
3082 if (!EVP_DigestSignInit(loopargs[i].sm2_ctx[testnum], NULL,
3083 EVP_sm3(), NULL, sm2_pkey))
3084 break;
3085 if (!EVP_DigestVerifyInit(loopargs[i].sm2_vfy_ctx[testnum], NULL,
3086 EVP_sm3(), NULL, sm2_pkey))
3087 break;
3088 st = 1; /* mark loop as succeeded */
3089 }
3090 if (st == 0) {
3091 BIO_printf(bio_err, "SM2 init failure.\n");
3092 ERR_print_errors(bio_err);
3093 op_count = 1;
3094 } else {
3095 for (i = 0; i < loopargs_len; i++) {
3096 /* Perform SM2 signature test */
3097 st = EVP_DigestSign(loopargs[i].sm2_ctx[testnum],
3098 loopargs[i].buf2, &loopargs[i].sigsize,
3099 loopargs[i].buf, 20);
3100 if (st == 0)
3101 break;
3102 }
3103 if (st == 0) {
3104 BIO_printf(bio_err,
3105 "SM2 sign failure. No SM2 sign will be done.\n");
3106 ERR_print_errors(bio_err);
3107 op_count = 1;
3108 } else {
3109 pkey_print_message("sign", sm2_curves[testnum].name,
3110 sm2_c[testnum][0],
3111 sm2_curves[testnum].bits, seconds.sm2);
3112 Time_F(START);
3113 count = run_benchmark(async_jobs, SM2_sign_loop, loopargs);
3114 d = Time_F(STOP);
3115
3116 BIO_printf(bio_err,
3117 mr ? "+R10:%ld:%u:%s:%.2f\n" :
3118 "%ld %u bits %s signs in %.2fs \n",
3119 count, sm2_curves[testnum].bits,
3120 sm2_curves[testnum].name, d);
3121 sm2_results[testnum][0] = (double)count / d;
3122 op_count = count;
3123 }
3124
3125 /* Perform SM2 verification test */
3126 for (i = 0; i < loopargs_len; i++) {
3127 st = EVP_DigestVerify(loopargs[i].sm2_vfy_ctx[testnum],
3128 loopargs[i].buf2, loopargs[i].sigsize,
3129 loopargs[i].buf, 20);
3130 if (st != 1)
3131 break;
3132 }
3133 if (st != 1) {
3134 BIO_printf(bio_err,
3135 "SM2 verify failure. No SM2 verify will be done.\n");
3136 ERR_print_errors(bio_err);
3137 sm2_doit[testnum] = 0;
3138 } else {
3139 pkey_print_message("verify", sm2_curves[testnum].name,
3140 sm2_c[testnum][1],
3141 sm2_curves[testnum].bits, seconds.sm2);
3142 Time_F(START);
3143 count = run_benchmark(async_jobs, SM2_verify_loop, loopargs);
3144 d = Time_F(STOP);
3145 BIO_printf(bio_err,
3146 mr ? "+R11:%ld:%u:%s:%.2f\n"
3147 : "%ld %u bits %s verify in %.2fs\n",
3148 count, sm2_curves[testnum].bits,
3149 sm2_curves[testnum].name, d);
3150 sm2_results[testnum][1] = (double)count / d;
3151 }
3152
3153 if (op_count <= 1) {
3154 /* if longer than 10s, don't do any more */
3155 for (testnum++; testnum < SM2_NUM; testnum++)
3156 sm2_doit[testnum] = 0;
3157 }
3158 }
3159 }
3160 #endif /* OPENSSL_NO_SM2 */
3161
3162 #ifndef OPENSSL_NO_DH
3163 for (testnum = 0; testnum < FFDH_NUM; testnum++) {
3164 int ffdh_checks = 1;
3165
3166 if (!ffdh_doit[testnum])
3167 continue;
3168
3169 for (i = 0; i < loopargs_len; i++) {
3170 EVP_PKEY *pkey_A = NULL;
3171 EVP_PKEY *pkey_B = NULL;
3172 EVP_PKEY_CTX *ffdh_ctx = NULL;
3173 EVP_PKEY_CTX *test_ctx = NULL;
3174 size_t secret_size;
3175 size_t test_out;
3176
3177 /* Ensure that the error queue is empty */
3178 if (ERR_peek_error()) {
3179 BIO_printf(bio_err,
3180 "WARNING: the error queue contains previous unhandled errors.\n");
3181 ERR_print_errors(bio_err);
3182 }
3183
3184 pkey_A = EVP_PKEY_new();
3185 if (!pkey_A) {
3186 BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
3187 ERR_print_errors(bio_err);
3188 op_count = 1;
3189 ffdh_checks = 0;
3190 break;
3191 }
3192 pkey_B = EVP_PKEY_new();
3193 if (!pkey_B) {
3194 BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
3195 ERR_print_errors(bio_err);
3196 op_count = 1;
3197 ffdh_checks = 0;
3198 break;
3199 }
3200
3201 ffdh_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
3202 if (!ffdh_ctx) {
3203 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
3204 ERR_print_errors(bio_err);
3205 op_count = 1;
3206 ffdh_checks = 0;
3207 break;
3208 }
3209
3210 if (EVP_PKEY_keygen_init(ffdh_ctx) <= 0) {
3211 BIO_printf(bio_err, "Error while initialising EVP_PKEY_CTX.\n");
3212 ERR_print_errors(bio_err);
3213 op_count = 1;
3214 ffdh_checks = 0;
3215 break;
3216 }
3217 if (EVP_PKEY_CTX_set_dh_nid(ffdh_ctx, ffdh_params[testnum].nid) <= 0) {
3218 BIO_printf(bio_err, "Error setting DH key size for keygen.\n");
3219 ERR_print_errors(bio_err);
3220 op_count = 1;
3221 ffdh_checks = 0;
3222 break;
3223 }
3224
3225 if (EVP_PKEY_keygen(ffdh_ctx, &pkey_A) <= 0 ||
3226 EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) {
3227 BIO_printf(bio_err, "FFDH key generation failure.\n");
3228 ERR_print_errors(bio_err);
3229 op_count = 1;
3230 ffdh_checks = 0;
3231 break;
3232 }
3233
3234 EVP_PKEY_CTX_free(ffdh_ctx);
3235
3236 /*
3237 * check if the derivation works correctly both ways so that
3238 * we know if future derive calls will fail, and we can skip
3239 * error checking in benchmarked code
3240 */
3241 ffdh_ctx = EVP_PKEY_CTX_new(pkey_A, NULL);
3242 if (ffdh_ctx == NULL) {
3243 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
3244 ERR_print_errors(bio_err);
3245 op_count = 1;
3246 ffdh_checks = 0;
3247 break;
3248 }
3249 if (EVP_PKEY_derive_init(ffdh_ctx) <= 0) {
3250 BIO_printf(bio_err, "FFDH derivation context init failure.\n");
3251 ERR_print_errors(bio_err);
3252 op_count = 1;
3253 ffdh_checks = 0;
3254 break;
3255 }
3256 if (EVP_PKEY_derive_set_peer(ffdh_ctx, pkey_B) <= 0) {
3257 BIO_printf(bio_err, "Assigning peer key for derivation failed.\n");
3258 ERR_print_errors(bio_err);
3259 op_count = 1;
3260 ffdh_checks = 0;
3261 break;
3262 }
3263 if (EVP_PKEY_derive(ffdh_ctx, NULL, &secret_size) <= 0) {
3264 BIO_printf(bio_err, "Checking size of shared secret failed.\n");
3265 ERR_print_errors(bio_err);
3266 op_count = 1;
3267 ffdh_checks = 0;
3268 break;
3269 }
3270 if (secret_size > MAX_FFDH_SIZE) {
3271 BIO_printf(bio_err, "Assertion failure: shared secret too large.\n");
3272 op_count = 1;
3273 ffdh_checks = 0;
3274 break;
3275 }
3276 if (EVP_PKEY_derive(ffdh_ctx,
3277 loopargs[i].secret_ff_a,
3278 &secret_size) <= 0) {
3279 BIO_printf(bio_err, "Shared secret derive failure.\n");
3280 ERR_print_errors(bio_err);
3281 op_count = 1;
3282 ffdh_checks = 0;
3283 break;
3284 }
3285 /* Now check from side B */
3286 test_ctx = EVP_PKEY_CTX_new(pkey_B, NULL);
3287 if (!test_ctx) {
3288 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
3289 ERR_print_errors(bio_err);
3290 op_count = 1;
3291 ffdh_checks = 0;
3292 break;
3293 }
3294 if (EVP_PKEY_derive_init(test_ctx) <= 0 ||
3295 EVP_PKEY_derive_set_peer(test_ctx, pkey_A) <= 0 ||
3296 EVP_PKEY_derive(test_ctx, NULL, &test_out) <= 0 ||
3297 EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) <= 0 ||
3298 test_out != secret_size) {
3299 BIO_printf(bio_err, "FFDH computation failure.\n");
3300 op_count = 1;
3301 ffdh_checks = 0;
3302 break;
3303 }
3304
3305 /* compare the computed secrets */
3306 if (CRYPTO_memcmp(loopargs[i].secret_ff_a,
3307 loopargs[i].secret_ff_b, secret_size)) {
3308 BIO_printf(bio_err, "FFDH computations don't match.\n");
3309 ERR_print_errors(bio_err);
3310 op_count = 1;
3311 ffdh_checks = 0;
3312 break;
3313 }
3314
3315 loopargs[i].ffdh_ctx[testnum] = ffdh_ctx;
3316
3317 EVP_PKEY_free(pkey_A);
3318 pkey_A = NULL;
3319 EVP_PKEY_free(pkey_B);
3320 pkey_B = NULL;
3321 EVP_PKEY_CTX_free(test_ctx);
3322 test_ctx = NULL;
3323 }
3324 if (ffdh_checks != 0) {
3325 pkey_print_message("", "ffdh", ffdh_c[testnum][0],
3326 ffdh_params[testnum].bits, seconds.ffdh);
3327 Time_F(START);
3328 count =
3329 run_benchmark(async_jobs, FFDH_derive_key_loop, loopargs);
3330 d = Time_F(STOP);
3331 BIO_printf(bio_err,
3332 mr ? "+R12:%ld:%d:%.2f\n" :
3333 "%ld %u-bits FFDH ops in %.2fs\n", count,
3334 ffdh_params[testnum].bits, d);
3335 ffdh_results[testnum][0] = (double)count / d;
3336 op_count = count;
3337 }
3338 if (op_count <= 1) {
3339 /* if longer than 10s, don't do any more */
3340 stop_it(ffdh_doit, testnum);
3341 }
3342 }
3343 #endif /* OPENSSL_NO_DH */
3344 #ifndef NO_FORK
3345 show_res:
3346 #endif
3347 if (!mr) {
3348 printf("version: %s\n", OpenSSL_version(OPENSSL_FULL_VERSION_STRING));
3349 printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
3350 printf("options: %s\n", BN_options());
3351 printf("%s\n", OpenSSL_version(OPENSSL_CFLAGS));
3352 printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO));
3353 }
3354
3355 if (pr_header) {
3356 if (mr) {
3357 printf("+H");
3358 } else {
3359 printf("The 'numbers' are in 1000s of bytes per second processed.\n");
3360 printf("type ");
3361 }
3362 for (testnum = 0; testnum < size_num; testnum++)
3363 printf(mr ? ":%d" : "%7d bytes", lengths[testnum]);
3364 printf("\n");
3365 }
3366
3367 for (k = 0; k < ALGOR_NUM; k++) {
3368 const char *alg_name = names[k];
3369
3370 if (!doit[k])
3371 continue;
3372
3373 if (k == D_EVP) {
3374 if (evp_cipher == NULL)
3375 alg_name = evp_md_name;
3376 else if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
3377 app_bail_out("failed to get name of cipher '%s'\n", evp_cipher);
3378 }
3379
3380 if (mr)
3381 printf("+F:%u:%s", k, alg_name);
3382 else
3383 printf("%-13s", alg_name);
3384 for (testnum = 0; testnum < size_num; testnum++) {
3385 if (results[k][testnum] > 10000 && !mr)
3386 printf(" %11.2fk", results[k][testnum] / 1e3);
3387 else
3388 printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
3389 }
3390 printf("\n");
3391 }
3392 testnum = 1;
3393 for (k = 0; k < RSA_NUM; k++) {
3394 if (!rsa_doit[k])
3395 continue;
3396 if (testnum && !mr) {
3397 printf("%18ssign verify sign/s verify/s\n", " ");
3398 testnum = 0;
3399 }
3400 if (mr)
3401 printf("+F2:%u:%u:%f:%f\n",
3402 k, rsa_keys[k].bits, rsa_results[k][0], rsa_results[k][1]);
3403 else
3404 printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3405 rsa_keys[k].bits, 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1],
3406 rsa_results[k][0], rsa_results[k][1]);
3407 }
3408 testnum = 1;
3409 for (k = 0; k < DSA_NUM; k++) {
3410 if (!dsa_doit[k])
3411 continue;
3412 if (testnum && !mr) {
3413 printf("%18ssign verify sign/s verify/s\n", " ");
3414 testnum = 0;
3415 }
3416 if (mr)
3417 printf("+F3:%u:%u:%f:%f\n",
3418 k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
3419 else
3420 printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3421 dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
3422 dsa_results[k][0], dsa_results[k][1]);
3423 }
3424 testnum = 1;
3425 for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
3426 if (!ecdsa_doit[k])
3427 continue;
3428 if (testnum && !mr) {
3429 printf("%30ssign verify sign/s verify/s\n", " ");
3430 testnum = 0;
3431 }
3432
3433 if (mr)
3434 printf("+F4:%u:%u:%f:%f\n",
3435 k, ec_curves[k].bits,
3436 ecdsa_results[k][0], ecdsa_results[k][1]);
3437 else
3438 printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3439 ec_curves[k].bits, ec_curves[k].name,
3440 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
3441 ecdsa_results[k][0], ecdsa_results[k][1]);
3442 }
3443
3444 testnum = 1;
3445 for (k = 0; k < EC_NUM; k++) {
3446 if (!ecdh_doit[k])
3447 continue;
3448 if (testnum && !mr) {
3449 printf("%30sop op/s\n", " ");
3450 testnum = 0;
3451 }
3452 if (mr)
3453 printf("+F5:%u:%u:%f:%f\n",
3454 k, ec_curves[k].bits,
3455 ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
3456
3457 else
3458 printf("%4u bits ecdh (%s) %8.4fs %8.1f\n",
3459 ec_curves[k].bits, ec_curves[k].name,
3460 1.0 / ecdh_results[k][0], ecdh_results[k][0]);
3461 }
3462
3463 testnum = 1;
3464 for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) {
3465 if (!eddsa_doit[k])
3466 continue;
3467 if (testnum && !mr) {
3468 printf("%30ssign verify sign/s verify/s\n", " ");
3469 testnum = 0;
3470 }
3471
3472 if (mr)
3473 printf("+F6:%u:%u:%s:%f:%f\n",
3474 k, ed_curves[k].bits, ed_curves[k].name,
3475 eddsa_results[k][0], eddsa_results[k][1]);
3476 else
3477 printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3478 ed_curves[k].bits, ed_curves[k].name,
3479 1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1],
3480 eddsa_results[k][0], eddsa_results[k][1]);
3481 }
3482
3483 #ifndef OPENSSL_NO_SM2
3484 testnum = 1;
3485 for (k = 0; k < OSSL_NELEM(sm2_doit); k++) {
3486 if (!sm2_doit[k])
3487 continue;
3488 if (testnum && !mr) {
3489 printf("%30ssign verify sign/s verify/s\n", " ");
3490 testnum = 0;
3491 }
3492
3493 if (mr)
3494 printf("+F7:%u:%u:%s:%f:%f\n",
3495 k, sm2_curves[k].bits, sm2_curves[k].name,
3496 sm2_results[k][0], sm2_results[k][1]);
3497 else
3498 printf("%4u bits SM2 (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3499 sm2_curves[k].bits, sm2_curves[k].name,
3500 1.0 / sm2_results[k][0], 1.0 / sm2_results[k][1],
3501 sm2_results[k][0], sm2_results[k][1]);
3502 }
3503 #endif
3504 #ifndef OPENSSL_NO_DH
3505 testnum = 1;
3506 for (k = 0; k < FFDH_NUM; k++) {
3507 if (!ffdh_doit[k])
3508 continue;
3509 if (testnum && !mr) {
3510 printf("%23sop op/s\n", " ");
3511 testnum = 0;
3512 }
3513 if (mr)
3514 printf("+F8:%u:%u:%f:%f\n",
3515 k, ffdh_params[k].bits,
3516 ffdh_results[k][0], 1.0 / ffdh_results[k][0]);
3517
3518 else
3519 printf("%4u bits ffdh %8.4fs %8.1f\n",
3520 ffdh_params[k].bits,
3521 1.0 / ffdh_results[k][0], ffdh_results[k][0]);
3522 }
3523 #endif /* OPENSSL_NO_DH */
3524
3525 ret = 0;
3526
3527 end:
3528 ERR_print_errors(bio_err);
3529 for (i = 0; i < loopargs_len; i++) {
3530 OPENSSL_free(loopargs[i].buf_malloc);
3531 OPENSSL_free(loopargs[i].buf2_malloc);
3532
3533 BN_free(bn);
3534 EVP_PKEY_CTX_free(genctx);
3535 for (k = 0; k < RSA_NUM; k++) {
3536 EVP_PKEY_CTX_free(loopargs[i].rsa_sign_ctx[k]);
3537 EVP_PKEY_CTX_free(loopargs[i].rsa_verify_ctx[k]);
3538 }
3539 #ifndef OPENSSL_NO_DH
3540 OPENSSL_free(loopargs[i].secret_ff_a);
3541 OPENSSL_free(loopargs[i].secret_ff_b);
3542 for (k = 0; k < FFDH_NUM; k++)
3543 EVP_PKEY_CTX_free(loopargs[i].ffdh_ctx[k]);
3544 #endif
3545 for (k = 0; k < DSA_NUM; k++) {
3546 EVP_PKEY_CTX_free(loopargs[i].dsa_sign_ctx[k]);
3547 EVP_PKEY_CTX_free(loopargs[i].dsa_verify_ctx[k]);
3548 }
3549 for (k = 0; k < ECDSA_NUM; k++) {
3550 EVP_PKEY_CTX_free(loopargs[i].ecdsa_sign_ctx[k]);
3551 EVP_PKEY_CTX_free(loopargs[i].ecdsa_verify_ctx[k]);
3552 }
3553 for (k = 0; k < EC_NUM; k++)
3554 EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
3555 for (k = 0; k < EdDSA_NUM; k++) {
3556 EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]);
3557 EVP_MD_CTX_free(loopargs[i].eddsa_ctx2[k]);
3558 }
3559 #ifndef OPENSSL_NO_SM2
3560 for (k = 0; k < SM2_NUM; k++) {
3561 EVP_PKEY_CTX *pctx = NULL;
3562
3563 /* free signing ctx */
3564 if (loopargs[i].sm2_ctx[k] != NULL
3565 && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL)
3566 EVP_PKEY_CTX_free(pctx);
3567 EVP_MD_CTX_free(loopargs[i].sm2_ctx[k]);
3568 /* free verification ctx */
3569 if (loopargs[i].sm2_vfy_ctx[k] != NULL
3570 && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL)
3571 EVP_PKEY_CTX_free(pctx);
3572 EVP_MD_CTX_free(loopargs[i].sm2_vfy_ctx[k]);
3573 /* free pkey */
3574 EVP_PKEY_free(loopargs[i].sm2_pkey[k]);
3575 }
3576 #endif
3577 OPENSSL_free(loopargs[i].secret_a);
3578 OPENSSL_free(loopargs[i].secret_b);
3579 }
3580 OPENSSL_free(evp_hmac_name);
3581 OPENSSL_free(evp_cmac_name);
3582
3583 if (async_jobs > 0) {
3584 for (i = 0; i < loopargs_len; i++)
3585 ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
3586 }
3587
3588 if (async_init) {
3589 ASYNC_cleanup_thread();
3590 }
3591 OPENSSL_free(loopargs);
3592 release_engine(e);
3593 EVP_CIPHER_free(evp_cipher);
3594 EVP_MAC_free(mac);
3595 return ret;
3596 }
3597
print_message(const char * s,long num,int length,int tm)3598 static void print_message(const char *s, long num, int length, int tm)
3599 {
3600 BIO_printf(bio_err,
3601 mr ? "+DT:%s:%d:%d\n"
3602 : "Doing %s for %ds on %d size blocks: ", s, tm, length);
3603 (void)BIO_flush(bio_err);
3604 run = 1;
3605 alarm(tm);
3606 }
3607
pkey_print_message(const char * str,const char * str2,long num,unsigned int bits,int tm)3608 static void pkey_print_message(const char *str, const char *str2, long num,
3609 unsigned int bits, int tm)
3610 {
3611 BIO_printf(bio_err,
3612 mr ? "+DTP:%d:%s:%s:%d\n"
3613 : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
3614 (void)BIO_flush(bio_err);
3615 run = 1;
3616 alarm(tm);
3617 }
3618
print_result(int alg,int run_no,int count,double time_used)3619 static void print_result(int alg, int run_no, int count, double time_used)
3620 {
3621 if (count == -1) {
3622 BIO_printf(bio_err, "%s error!\n", names[alg]);
3623 ERR_print_errors(bio_err);
3624 return;
3625 }
3626 BIO_printf(bio_err,
3627 mr ? "+R:%d:%s:%f\n"
3628 : "%d %s's in %.2fs\n", count, names[alg], time_used);
3629 results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
3630 }
3631
3632 #ifndef NO_FORK
sstrsep(char ** string,const char * delim)3633 static char *sstrsep(char **string, const char *delim)
3634 {
3635 char isdelim[256];
3636 char *token = *string;
3637
3638 if (**string == 0)
3639 return NULL;
3640
3641 memset(isdelim, 0, sizeof(isdelim));
3642 isdelim[0] = 1;
3643
3644 while (*delim) {
3645 isdelim[(unsigned char)(*delim)] = 1;
3646 delim++;
3647 }
3648
3649 while (!isdelim[(unsigned char)(**string)])
3650 (*string)++;
3651
3652 if (**string) {
3653 **string = 0;
3654 (*string)++;
3655 }
3656
3657 return token;
3658 }
3659
do_multi(int multi,int size_num)3660 static int do_multi(int multi, int size_num)
3661 {
3662 int n;
3663 int fd[2];
3664 int *fds;
3665 int status;
3666 static char sep[] = ":";
3667
3668 fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
3669 for (n = 0; n < multi; ++n) {
3670 if (pipe(fd) == -1) {
3671 BIO_printf(bio_err, "pipe failure\n");
3672 exit(1);
3673 }
3674 fflush(stdout);
3675 (void)BIO_flush(bio_err);
3676 if (fork()) {
3677 close(fd[1]);
3678 fds[n] = fd[0];
3679 } else {
3680 close(fd[0]);
3681 close(1);
3682 if (dup(fd[1]) == -1) {
3683 BIO_printf(bio_err, "dup failed\n");
3684 exit(1);
3685 }
3686 close(fd[1]);
3687 mr = 1;
3688 usertime = 0;
3689 OPENSSL_free(fds);
3690 return 0;
3691 }
3692 printf("Forked child %d\n", n);
3693 }
3694
3695 /* for now, assume the pipe is long enough to take all the output */
3696 for (n = 0; n < multi; ++n) {
3697 FILE *f;
3698 char buf[1024];
3699 char *p;
3700
3701 if ((f = fdopen(fds[n], "r")) == NULL) {
3702 BIO_printf(bio_err, "fdopen failure with 0x%x\n",
3703 errno);
3704 OPENSSL_free(fds);
3705 return 1;
3706 }
3707 while (fgets(buf, sizeof(buf), f)) {
3708 p = strchr(buf, '\n');
3709 if (p)
3710 *p = '\0';
3711 if (buf[0] != '+') {
3712 BIO_printf(bio_err,
3713 "Don't understand line '%s' from child %d\n", buf,
3714 n);
3715 continue;
3716 }
3717 printf("Got: %s from %d\n", buf, n);
3718 if (strncmp(buf, "+F:", 3) == 0) {
3719 int alg;
3720 int j;
3721
3722 p = buf + 3;
3723 alg = atoi(sstrsep(&p, sep));
3724 sstrsep(&p, sep);
3725 for (j = 0; j < size_num; ++j)
3726 results[alg][j] += atof(sstrsep(&p, sep));
3727 } else if (strncmp(buf, "+F2:", 4) == 0) {
3728 int k;
3729 double d;
3730
3731 p = buf + 4;
3732 k = atoi(sstrsep(&p, sep));
3733 sstrsep(&p, sep);
3734
3735 d = atof(sstrsep(&p, sep));
3736 rsa_results[k][0] += d;
3737
3738 d = atof(sstrsep(&p, sep));
3739 rsa_results[k][1] += d;
3740 } else if (strncmp(buf, "+F3:", 4) == 0) {
3741 int k;
3742 double d;
3743
3744 p = buf + 4;
3745 k = atoi(sstrsep(&p, sep));
3746 sstrsep(&p, sep);
3747
3748 d = atof(sstrsep(&p, sep));
3749 dsa_results[k][0] += d;
3750
3751 d = atof(sstrsep(&p, sep));
3752 dsa_results[k][1] += d;
3753 } else if (strncmp(buf, "+F4:", 4) == 0) {
3754 int k;
3755 double d;
3756
3757 p = buf + 4;
3758 k = atoi(sstrsep(&p, sep));
3759 sstrsep(&p, sep);
3760
3761 d = atof(sstrsep(&p, sep));
3762 ecdsa_results[k][0] += d;
3763
3764 d = atof(sstrsep(&p, sep));
3765 ecdsa_results[k][1] += d;
3766 } else if (strncmp(buf, "+F5:", 4) == 0) {
3767 int k;
3768 double d;
3769
3770 p = buf + 4;
3771 k = atoi(sstrsep(&p, sep));
3772 sstrsep(&p, sep);
3773
3774 d = atof(sstrsep(&p, sep));
3775 ecdh_results[k][0] += d;
3776 } else if (strncmp(buf, "+F6:", 4) == 0) {
3777 int k;
3778 double d;
3779
3780 p = buf + 4;
3781 k = atoi(sstrsep(&p, sep));
3782 sstrsep(&p, sep);
3783 sstrsep(&p, sep);
3784
3785 d = atof(sstrsep(&p, sep));
3786 eddsa_results[k][0] += d;
3787
3788 d = atof(sstrsep(&p, sep));
3789 eddsa_results[k][1] += d;
3790 # ifndef OPENSSL_NO_SM2
3791 } else if (strncmp(buf, "+F7:", 4) == 0) {
3792 int k;
3793 double d;
3794
3795 p = buf + 4;
3796 k = atoi(sstrsep(&p, sep));
3797 sstrsep(&p, sep);
3798 sstrsep(&p, sep);
3799
3800 d = atof(sstrsep(&p, sep));
3801 sm2_results[k][0] += d;
3802
3803 d = atof(sstrsep(&p, sep));
3804 sm2_results[k][1] += d;
3805 # endif /* OPENSSL_NO_SM2 */
3806 # ifndef OPENSSL_NO_DH
3807 } else if (strncmp(buf, "+F8:", 4) == 0) {
3808 int k;
3809 double d;
3810
3811 p = buf + 4;
3812 k = atoi(sstrsep(&p, sep));
3813 sstrsep(&p, sep);
3814
3815 d = atof(sstrsep(&p, sep));
3816 ffdh_results[k][0] += d;
3817 # endif /* OPENSSL_NO_DH */
3818 } else if (strncmp(buf, "+H:", 3) == 0) {
3819 ;
3820 } else {
3821 BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
3822 n);
3823 }
3824 }
3825
3826 fclose(f);
3827 }
3828 OPENSSL_free(fds);
3829 for (n = 0; n < multi; ++n) {
3830 while (wait(&status) == -1)
3831 if (errno != EINTR) {
3832 BIO_printf(bio_err, "Waitng for child failed with 0x%x\n",
3833 errno);
3834 return 1;
3835 }
3836 if (WIFEXITED(status) && WEXITSTATUS(status)) {
3837 BIO_printf(bio_err, "Child exited with %d\n", WEXITSTATUS(status));
3838 } else if (WIFSIGNALED(status)) {
3839 BIO_printf(bio_err, "Child terminated by signal %d\n",
3840 WTERMSIG(status));
3841 }
3842 }
3843 return 1;
3844 }
3845 #endif
3846
multiblock_speed(const EVP_CIPHER * evp_cipher,int lengths_single,const openssl_speed_sec_t * seconds)3847 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
3848 const openssl_speed_sec_t *seconds)
3849 {
3850 static const int mblengths_list[] =
3851 { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
3852 const int *mblengths = mblengths_list;
3853 int j, count, keylen, num = OSSL_NELEM(mblengths_list);
3854 const char *alg_name;
3855 unsigned char *inp = NULL, *out = NULL, *key, no_key[32], no_iv[16];
3856 EVP_CIPHER_CTX *ctx = NULL;
3857 double d = 0.0;
3858
3859 if (lengths_single) {
3860 mblengths = &lengths_single;
3861 num = 1;
3862 }
3863
3864 inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
3865 out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
3866 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
3867 app_bail_out("failed to allocate cipher context\n");
3868 if (!EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv))
3869 app_bail_out("failed to initialise cipher context\n");
3870
3871 if ((keylen = EVP_CIPHER_CTX_get_key_length(ctx)) < 0) {
3872 BIO_printf(bio_err, "Impossible negative key length: %d\n", keylen);
3873 goto err;
3874 }
3875 key = app_malloc(keylen, "evp_cipher key");
3876 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
3877 app_bail_out("failed to generate random cipher key\n");
3878 if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL))
3879 app_bail_out("failed to set cipher key\n");
3880 OPENSSL_clear_free(key, keylen);
3881
3882 if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
3883 sizeof(no_key), no_key) <= 0)
3884 app_bail_out("failed to set AEAD key\n");
3885 if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
3886 app_bail_out("failed to get cipher name\n");
3887
3888 for (j = 0; j < num; j++) {
3889 print_message(alg_name, 0, mblengths[j], seconds->sym);
3890 Time_F(START);
3891 for (count = 0; run && count < INT_MAX; count++) {
3892 EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
3893 size_t len = mblengths[j];
3894 int packlen;
3895
3896 memset(aad, 0, 8); /* avoid uninitialized values */
3897 aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */
3898 aad[9] = 3; /* version */
3899 aad[10] = 2;
3900 aad[11] = 0; /* length */
3901 aad[12] = 0;
3902 mb_param.out = NULL;
3903 mb_param.inp = aad;
3904 mb_param.len = len;
3905 mb_param.interleave = 8;
3906
3907 packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
3908 sizeof(mb_param), &mb_param);
3909
3910 if (packlen > 0) {
3911 mb_param.out = out;
3912 mb_param.inp = inp;
3913 mb_param.len = len;
3914 (void)EVP_CIPHER_CTX_ctrl(ctx,
3915 EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
3916 sizeof(mb_param), &mb_param);
3917 } else {
3918 int pad;
3919
3920 if (RAND_bytes(inp, 16) <= 0)
3921 app_bail_out("error setting random bytes\n");
3922 len += 16;
3923 aad[11] = (unsigned char)(len >> 8);
3924 aad[12] = (unsigned char)(len);
3925 pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
3926 EVP_AEAD_TLS1_AAD_LEN, aad);
3927 EVP_Cipher(ctx, out, inp, len + pad);
3928 }
3929 }
3930 d = Time_F(STOP);
3931 BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
3932 : "%d %s's in %.2fs\n", count, "evp", d);
3933 results[D_EVP][j] = ((double)count) / d * mblengths[j];
3934 }
3935
3936 if (mr) {
3937 fprintf(stdout, "+H");
3938 for (j = 0; j < num; j++)
3939 fprintf(stdout, ":%d", mblengths[j]);
3940 fprintf(stdout, "\n");
3941 fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
3942 for (j = 0; j < num; j++)
3943 fprintf(stdout, ":%.2f", results[D_EVP][j]);
3944 fprintf(stdout, "\n");
3945 } else {
3946 fprintf(stdout,
3947 "The 'numbers' are in 1000s of bytes per second processed.\n");
3948 fprintf(stdout, "type ");
3949 for (j = 0; j < num; j++)
3950 fprintf(stdout, "%7d bytes", mblengths[j]);
3951 fprintf(stdout, "\n");
3952 fprintf(stdout, "%-24s", alg_name);
3953
3954 for (j = 0; j < num; j++) {
3955 if (results[D_EVP][j] > 10000)
3956 fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
3957 else
3958 fprintf(stdout, " %11.2f ", results[D_EVP][j]);
3959 }
3960 fprintf(stdout, "\n");
3961 }
3962
3963 err:
3964 OPENSSL_free(inp);
3965 OPENSSL_free(out);
3966 EVP_CIPHER_CTX_free(ctx);
3967 }
3968