Prohibit low level cipher APIs in FIPS mode.

[openssl.git] / apps / speed.c
diff --git a/apps/speed.c b/apps/speed.c

index 1bd2ce264c213618f5384b0c996d10cec2ff0d1e..3fee15c5b7389068e31b361a43ccf53b5ff1e2bf 100644 (file)
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -184,8 +184,27 @@
  #include <openssl/ecdh.h>
  #endif
  
-#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE)
-# define HAVE_FORK 1
+#ifdef OPENSSL_FIPS
+#define BF_set_key     private_BF_set_key
+#define CAST_set_key   private_CAST_set_key
+#define idea_set_encrypt_key   private_idea_set_encrypt_key
+#define SEED_set_key   private_SEED_set_key
+#define RC2_set_key    private_RC2_set_key
+#define DES_set_key_unchecked  private_DES_set_key_unchecked
+#endif
+
+#ifndef HAVE_FORK
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
+#  define HAVE_FORK 0
+# else
+#  define HAVE_FORK 1
+# endif
+#endif
+
+#if HAVE_FORK
+#undef NO_FORK
+#else
+#define NO_FORK
  #endif
  
  #undef BUFSIZE
@@ -200,7 +219,7 @@ static void print_message(const char *s,long num,int length);
  static void pkey_print_message(const char *str, const char *str2,
         long num, int bits, int sec);
  static void print_result(int alg,int run_no,int count,double time_used);
-#ifdef HAVE_FORK
+#ifndef NO_FORK
  static int do_multi(int multi);
  #endif
  
@@ -222,8 +241,12 @@ static const char *names[ALGOR_NUM]={
    "aes-128 ige","aes-192 ige","aes-256 ige"};
  static double results[ALGOR_NUM][SIZE_NUM];
  static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
+#ifndef OPENSSL_NO_RSA
  static double rsa_results[RSA_NUM][2];
+#endif
+#ifndef OPENSSL_NO_DSA
  static double dsa_results[DSA_NUM][2];
+#endif
  #ifndef OPENSSL_NO_ECDSA
  static double ecdsa_results[EC_NUM][2];
  #endif
@@ -320,9 +343,6 @@ int MAIN(int, char **);
  
  int MAIN(int argc, char **argv)
         {
-#ifndef OPENSSL_NO_ENGINE
-       ENGINE *e = NULL;
-#endif
         unsigned char *buf=NULL,*buf2=NULL;
         int mret=1;
         long count=0,save_count=0;
@@ -416,7 +436,6 @@ int MAIN(int argc, char **argv)
         unsigned char DES_iv[8];
         unsigned char iv[2*MAX_BLOCK_SIZE/8];
  #ifndef OPENSSL_NO_DES
-       DES_cblock *buf_as_des_cblock = NULL;
         static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
         static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
         static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
@@ -587,7 +606,7 @@ int MAIN(int argc, char **argv)
         const EVP_CIPHER *evp_cipher=NULL;
         const EVP_MD *evp_md=NULL;
         int decrypt=0;
-#ifdef HAVE_FORK
+#ifndef NO_FORK
         int multi=0;
  #endif
  
@@ -630,9 +649,6 @@ int MAIN(int argc, char **argv)
                 BIO_printf(bio_err,"out of memory\n");
                 goto end;
                 }
-#ifndef OPENSSL_NO_DES
-       buf_as_des_cblock = (DES_cblock *)buf;
-#endif
         if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
                 {
                 BIO_printf(bio_err,"out of memory\n");
@@ -707,7 +723,7 @@ int MAIN(int argc, char **argv)
                                 BIO_printf(bio_err,"no engine given\n");
                                 goto end;
                                 }
-                        e = setup_engine(bio_err, *argv, 0);
+                        setup_engine(bio_err, *argv, 0);
                         /* j will be increased again further down.  We just
                            don't want speed to confuse an engine with an
                            algorithm, especially when none is given (which
@@ -715,7 +731,7 @@ int MAIN(int argc, char **argv)
                         j--;
                         }
  #endif
-#ifdef HAVE_FORK
+#ifndef NO_FORK
                 else if ((argc > 0) && (strcmp(*argv,"-multi") == 0))
                         {
                         argc--;
@@ -1103,7 +1119,7 @@ int MAIN(int argc, char **argv)
                         BIO_printf(bio_err,"-evp e          use EVP e.\n");
                         BIO_printf(bio_err,"-decrypt        time decryption instead of encryption (only EVP).\n");
                         BIO_printf(bio_err,"-mr             produce machine readable output.\n");
-#ifdef HAVE_FORK
+#ifndef NO_FORK
                         BIO_printf(bio_err,"-multi n        run n benchmarks in parallel.\n");
  #endif
                         goto end;
@@ -1113,7 +1129,7 @@ int MAIN(int argc, char **argv)
                 j++;
                 }
  
-#ifdef HAVE_FORK
+#ifndef NO_FORK
         if(multi && do_multi(multi))
                 goto show_res;
  #endif
@@ -1129,6 +1145,14 @@ int MAIN(int argc, char **argv)
                         rsa_doit[i]=1;
                 for (i=0; i<DSA_NUM; i++)
                         dsa_doit[i]=1;
+#ifndef OPENSSL_NO_ECDSA
+               for (i=0; i<EC_NUM; i++)
+                       ecdsa_doit[i]=1;
+#endif
+#ifndef OPENSSL_NO_ECDH
+               for (i=0; i<EC_NUM; i++)
+                       ecdh_doit[i]=1;
+#endif
                 }
         for (i=0; i<ALGOR_NUM; i++)
                 if (doit[i]) pr_header++;
@@ -1215,7 +1239,8 @@ int MAIN(int argc, char **argv)
                 count*=2;
                 Time_F(START);
                 for (it=count; it; it--)
-                       DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
+                       DES_ecb_encrypt((DES_cblock *)buf,
+                               (DES_cblock *)buf,
                                 &sch,DES_ENCRYPT);
                 d=Time_F(STOP);
                 } while (d <3);
@@ -2324,7 +2349,7 @@ int MAIN(int argc, char **argv)
                 }
         if (rnd_fake) RAND_cleanup();
  #endif
-#ifdef HAVE_FORK
+#ifndef NO_FORK
  show_res:
  #endif
         if(!mr)
@@ -2550,7 +2575,7 @@ static void print_result(int alg,int run_no,int count,double time_used)
         results[alg][run_no]=((double)count)/time_used*lengths[run_no];
         }
  
-#ifdef HAVE_FORK
+#ifndef NO_FORK
  static char *sstrsep(char **string, const char *delim)
      {
      char isdelim[256];
@@ -2592,7 +2617,11 @@ static int do_multi(int multi)
         fds=malloc(multi*sizeof *fds);
         for(n=0 ; n < multi ; ++n)
                 {
-               pipe(fd);
+               if (pipe(fd) == -1)
+                       {
+                       fprintf(stderr, "pipe failure\n");
+                       exit(1);
+                       }
                 fflush(stdout);
                 fflush(stderr);
                 if(fork())
@@ -2604,7 +2633,11 @@ static int do_multi(int multi)
                         {
                         close(fd[0]);
                         close(1);
-                       dup(fd[1]);
+                       if (dup(fd[1]) == -1)
+                               {
+                               fprintf(stderr, "dup failed\n");
+                               exit(1);
+                               }
                         close(fd[1]);
                         mr=1;
                         usertime=0;
@@ -2687,6 +2720,7 @@ static int do_multi(int multi)
                                 else
                                         rsa_results[k][1]=d;
                                 }
+#ifndef OPENSSL_NO_DSA
                         else if(!strncmp(buf,"+F3:",4))
                                 {
                                 int k;
@@ -2708,6 +2742,7 @@ static int do_multi(int multi)
                                 else
                                         dsa_results[k][1]=d;
                                 }
+#endif
  #ifndef OPENSSL_NO_ECDSA
                         else if(!strncmp(buf,"+F4:",4))
                                 {