X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=apps%2Fspeed.c;h=02e7b1f9b2c5ba8552b4aaa5607d807d3dea9778;hb=15b7175f558bf9eb057ec3266685486f727dd70f;hp=e867448015992bcc6935fe776d41c7f3391ede83;hpb=c2279499fd17673b631785887c339cf35f088c41;p=openssl.git diff --git a/apps/speed.c b/apps/speed.c index e867448015..02e7b1f9b2 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -9,14 +9,16 @@ */ #undef SECONDS -#define SECONDS 3 -#define RSA_SECONDS 10 -#define DSA_SECONDS 10 -#define ECDSA_SECONDS 10 -#define ECDH_SECONDS 10 -#define EdDSA_SECONDS 10 -#define SM2_SECONDS 10 -#define FFDH_SECONDS 10 +#define SECONDS 3 +#define PKEY_SECONDS 10 + +#define RSA_SECONDS PKEY_SECONDS +#define DSA_SECONDS PKEY_SECONDS +#define ECDSA_SECONDS PKEY_SECONDS +#define ECDH_SECONDS PKEY_SECONDS +#define EdDSA_SECONDS PKEY_SECONDS +#define SM2_SECONDS PKEY_SECONDS +#define FFDH_SECONDS PKEY_SECONDS /* We need to use some deprecated APIs */ #define OPENSSL_SUPPRESS_DEPRECATED @@ -32,6 +34,7 @@ #include #include #include +#include #include #if !defined(OPENSSL_SYS_MSDOS) # include @@ -48,74 +51,14 @@ #endif #include -#ifndef OPENSSL_NO_DES -# include -#endif -#ifndef OPENSSL_NO_DEPRECATED_3_0 -#include -#endif -#ifndef OPENSSL_NO_CAMELLIA -# include -#endif -#ifndef OPENSSL_NO_MD2 -# include -#endif -#ifndef OPENSSL_NO_MDC2 -# include -#endif -#ifndef OPENSSL_NO_MD4 -# include -#endif -#ifndef OPENSSL_NO_MD5 -# include -#endif -#include -#ifndef OPENSSL_NO_CMAC -#include -#endif -#include -#ifndef OPENSSL_NO_RMD160 -# include -#endif -#ifndef OPENSSL_NO_WHIRLPOOL -# include -#endif -#ifndef OPENSSL_NO_RC4 -# include -#endif -#ifndef OPENSSL_NO_RC5 -# include -#endif -#ifndef OPENSSL_NO_RC2 -# include -#endif -#ifndef OPENSSL_NO_IDEA -# include -#endif -#ifndef OPENSSL_NO_SEED -# include -#endif -#ifndef OPENSSL_NO_BF -# include -#endif -#ifndef OPENSSL_NO_CAST -# include -#endif -#ifndef OPENSSL_NO_DEPRECATED_3_0 -# include -# include "./testrsa.h" -#endif +#include +#include "./testrsa.h" #ifndef OPENSSL_NO_DH # include #endif #include -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) -# include -# include "./testdsa.h" -#endif -#ifndef OPENSSL_NO_EC -# include -#endif +#include +#include "./testdsa.h" #include #ifndef HAVE_FORK @@ -137,6 +80,10 @@ #define MISALIGN 64 #define MAX_FFDH_SIZE 1024 +#ifndef RSA_DEFAULT_PRIME_NUM +# define RSA_DEFAULT_PRIME_NUM 2 +#endif + typedef struct openssl_speed_sec_st { int sym; int rsa; @@ -155,13 +102,8 @@ static int usertime = 1; static double Time_F(int s); static void print_message(const char *s, long num, int length, int tm); -#if !defined(OPENSSL_NO_DEPRECATED_3_0) \ - || !defined(OPENSSL_NO_DSA) \ - || !defined(OPENSSL_NO_DH) \ - || !defined(OPENSSL_NO_EC) static void pkey_print_message(const char *str, const char *str2, long num, unsigned int bits, int sec); -#endif static void print_result(int alg, int run_no, int count, double time_used); #ifndef NO_FORK static int do_multi(int multi, int size_num); @@ -243,10 +185,7 @@ static double Time_F(int s) return ret; } #else -static double Time_F(int s) -{ - return app_tminterval(s, usertime); -} +# error "SIGALRM not defined and the platform is not Windows" #endif static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, @@ -268,7 +207,7 @@ static int opt_found(const char *name, unsigned int *result, opt_found(value, result, pairs, OSSL_NELEM(pairs)) typedef enum OPTION_choice { - OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, + OPT_COMMON, OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI, OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM, OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC @@ -296,12 +235,8 @@ const OPTIONS speed_options[] = { OPT_SECTION("Selection"), {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"}, -#ifndef OPENSSL_NO_DEPRECATED_3_0 {"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"}, -#endif -#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"}, -#endif {"decrypt", OPT_DECRYPT, '-', "Time decryption instead of encryption (only EVP)"}, {"aead", OPT_AEAD, '-', @@ -326,105 +261,68 @@ const OPTIONS speed_options[] = { }; enum { - D_MD2, D_MDC2, D_MD4, D_MD5 , D_HMAC, D_SHA1, D_RMD160, D_RC4, - D_CBC_DES, D_EDE3_DES, D_CBC_IDEA, D_CBC_SEED, + D_MD2, D_MDC2, D_MD4, D_MD5, D_SHA1, D_RMD160, + D_SHA256, D_SHA512, D_WHIRLPOOL, D_HMAC, + D_CBC_DES, D_EDE3_DES, D_RC4, D_CBC_IDEA, D_CBC_SEED, D_CBC_RC2, D_CBC_RC5, D_CBC_BF, D_CBC_CAST, D_CBC_128_AES, D_CBC_192_AES, D_CBC_256_AES, D_CBC_128_CML, D_CBC_192_CML, D_CBC_256_CML, - D_EVP, D_SHA256, D_SHA512, D_WHIRLPOOL, - D_IGE_128_AES, D_IGE_192_AES, D_IGE_256_AES, - D_GHASH, D_RAND, D_EVP_HMAC, D_EVP_CMAC, ALGOR_NUM + D_EVP, D_GHASH, D_RAND, D_EVP_CMAC, ALGOR_NUM }; /* name of algorithms to test. MUST BE KEEP IN SYNC with above enum ! */ static const char *names[ALGOR_NUM] = { - "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", - "des cbc", "des ede3", "idea cbc", "seed cbc", - "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc", - "aes-128 cbc", "aes-192 cbc", "aes-256 cbc", - "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", - "evp", "sha256", "sha512", "whirlpool", - "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash", - "rand", "hmac", "cmac" + "md2", "mdc2", "md4", "md5", "sha1", "rmd160", + "sha256", "sha512", "whirlpool", "hmac(md5)", + "des-cbc", "des-ede3", "rc4", "idea-cbc", "seed-cbc", + "rc2-cbc", "rc5-cbc", "blowfish", "cast-cbc", + "aes-128-cbc", "aes-192-cbc", "aes-256-cbc", + "camellia-128-cbc", "camellia-192-cbc", "camellia-256-cbc", + "evp", "ghash", "rand", "cmac" }; /* list of configured algorithm (remaining), with some few alias */ static const OPT_PAIR doit_choices[] = { -#if !defined(OPENSSL_NO_MD2) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"md2", D_MD2}, -#endif -#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"mdc2", D_MDC2}, -#endif -#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"md4", D_MD4}, -#endif -#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"md5", D_MD5}, -# ifndef OPENSSL_NO_DEPRECATED_3_0 {"hmac", D_HMAC}, -# endif -#endif -#ifndef OPENSSL_NO_DEPRECATED_3_0 {"sha1", D_SHA1}, {"sha256", D_SHA256}, {"sha512", D_SHA512}, -#endif -#if !defined(OPENSSL_NO_WHIRLPOOL) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"whirlpool", D_WHIRLPOOL}, -#endif -#if !defined(OPENSSL_NO_RMD160) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"ripemd", D_RMD160}, {"rmd160", D_RMD160}, {"ripemd160", D_RMD160}, -#endif -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"rc4", D_RC4}, -#endif -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"des-cbc", D_CBC_DES}, {"des-ede3", D_EDE3_DES}, -#endif -#ifndef OPENSSL_NO_DEPRECATED_3_0 {"aes-128-cbc", D_CBC_128_AES}, {"aes-192-cbc", D_CBC_192_AES}, {"aes-256-cbc", D_CBC_256_AES}, - {"aes-128-ige", D_IGE_128_AES}, - {"aes-192-ige", D_IGE_192_AES}, - {"aes-256-ige", D_IGE_256_AES}, -#endif -#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) + {"camellia-128-cbc", D_CBC_128_CML}, + {"camellia-192-cbc", D_CBC_192_CML}, + {"camellia-256-cbc", D_CBC_256_CML}, {"rc2-cbc", D_CBC_RC2}, {"rc2", D_CBC_RC2}, -#endif -#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"rc5-cbc", D_CBC_RC5}, {"rc5", D_CBC_RC5}, -#endif -#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"idea-cbc", D_CBC_IDEA}, {"idea", D_CBC_IDEA}, -#endif -#if !defined(OPENSSL_NO_SEED) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"seed-cbc", D_CBC_SEED}, {"seed", D_CBC_SEED}, -#endif -#if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"bf-cbc", D_CBC_BF}, {"blowfish", D_CBC_BF}, {"bf", D_CBC_BF}, -#endif -#if !defined(OPENSSL_NO_CAST) && !defined(OPENSSL_NO_DEPRECATED_3_0) {"cast-cbc", D_CBC_CAST}, {"cast", D_CBC_CAST}, {"cast5", D_CBC_CAST}, -#endif {"ghash", D_GHASH}, {"rand", D_RAND} }; static double results[ALGOR_NUM][SIZE_NUM]; -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) enum { R_DSA_512, R_DSA_1024, R_DSA_2048, DSA_NUM }; static const OPT_PAIR dsa_choices[DSA_NUM] = { {"dsa512", R_DSA_512}, @@ -432,9 +330,7 @@ static const OPT_PAIR dsa_choices[DSA_NUM] = { {"dsa2048", R_DSA_2048} }; static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ -#endif /* OPENSSL_NO_DSA */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 enum { R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680, R_RSA_15360, RSA_NUM @@ -450,7 +346,6 @@ static const OPT_PAIR rsa_choices[RSA_NUM] = { }; static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ -#endif /* OPENSSL_NO_DEPRECATED_3_0 */ #ifndef OPENSSL_NO_DH enum ff_params_t { @@ -468,13 +363,12 @@ static const OPT_PAIR ffdh_choices[FFDH_NUM] = { static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */ #endif /* OPENSSL_NO_DH */ -#ifndef OPENSSL_NO_EC enum ec_curves_t { R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, -# endif +#endif R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1, R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM }; @@ -486,7 +380,7 @@ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { {"ecdsap256", R_EC_P256}, {"ecdsap384", R_EC_P384}, {"ecdsap521", R_EC_P521}, -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M {"ecdsak163", R_EC_K163}, {"ecdsak233", R_EC_K233}, {"ecdsak283", R_EC_K283}, @@ -497,7 +391,7 @@ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { {"ecdsab283", R_EC_B283}, {"ecdsab409", R_EC_B409}, {"ecdsab571", R_EC_B571}, -# endif +#endif {"ecdsabrp256r1", R_EC_BRP256R1}, {"ecdsabrp256t1", R_EC_BRP256T1}, {"ecdsabrp384r1", R_EC_BRP384R1}, @@ -514,7 +408,7 @@ static const OPT_PAIR ecdh_choices[EC_NUM] = { {"ecdhp256", R_EC_P256}, {"ecdhp384", R_EC_P384}, {"ecdhp521", R_EC_P521}, -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M {"ecdhk163", R_EC_K163}, {"ecdhk233", R_EC_K233}, {"ecdhk283", R_EC_K283}, @@ -525,7 +419,7 @@ static const OPT_PAIR ecdh_choices[EC_NUM] = { {"ecdhb283", R_EC_B283}, {"ecdhb409", R_EC_B409}, {"ecdhb571", R_EC_B571}, -# endif +#endif {"ecdhbrp256r1", R_EC_BRP256R1}, {"ecdhbrp256t1", R_EC_BRP256T1}, {"ecdhbrp384r1", R_EC_BRP384R1}, @@ -547,24 +441,18 @@ static const OPT_PAIR eddsa_choices[EdDSA_NUM] = { }; static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */ -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 enum { R_EC_CURVESM2, SM2_NUM }; static const OPT_PAIR sm2_choices[SM2_NUM] = { {"curveSM2", R_EC_CURVESM2} }; -# define SM2_ID "TLSv1.3+GM+Cipher+Suite" -# define SM2_ID_LEN sizeof("TLSv1.3+GM+Cipher+Suite") - 1 +# define SM2_ID "TLSv1.3+GM+Cipher+Suite" +# define SM2_ID_LEN sizeof("TLSv1.3+GM+Cipher+Suite") - 1 static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */ -# endif /* OPENSSL_NO_SM2 */ -#endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_SM2 */ -#ifndef SIGALRM -# define COND(d) (count < (d)) -# define COUNT(d) (d) -#else -# define COND(unused_cond) (run && count<0x7fffffff) -# define COUNT(d) (count) -#endif /* SIGALRM */ +#define COND(unused_cond) (run && count < 0x7fffffff) +#define COUNT(d) (count) typedef struct loopargs_st { ASYNC_JOB *inprogress_job; @@ -574,43 +462,32 @@ typedef struct loopargs_st { unsigned char *buf_malloc; unsigned char *buf2_malloc; unsigned char *key; - unsigned int siglen; + size_t buflen; size_t sigsize; -#ifndef OPENSSL_NO_DEPRECATED_3_0 - RSA *rsa_key[RSA_NUM]; -#endif -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) - DSA *dsa_key[DSA_NUM]; -#endif -#ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_DEPRECATED_3_0 - EC_KEY *ecdsa[ECDSA_NUM]; -# endif + EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM]; + EVP_PKEY_CTX *rsa_verify_ctx[RSA_NUM]; + EVP_PKEY_CTX *dsa_sign_ctx[DSA_NUM]; + EVP_PKEY_CTX *dsa_verify_ctx[DSA_NUM]; + EVP_PKEY_CTX *ecdsa_sign_ctx[ECDSA_NUM]; + EVP_PKEY_CTX *ecdsa_verify_ctx[ECDSA_NUM]; EVP_PKEY_CTX *ecdh_ctx[EC_NUM]; EVP_MD_CTX *eddsa_ctx[EdDSA_NUM]; EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM]; -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 EVP_MD_CTX *sm2_ctx[SM2_NUM]; EVP_MD_CTX *sm2_vfy_ctx[SM2_NUM]; EVP_PKEY *sm2_pkey[SM2_NUM]; -# endif +#endif unsigned char *secret_a; unsigned char *secret_b; size_t outlen[EC_NUM]; -#endif #ifndef OPENSSL_NO_DH EVP_PKEY_CTX *ffdh_ctx[FFDH_NUM]; unsigned char *secret_ff_a; unsigned char *secret_ff_b; #endif EVP_CIPHER_CTX *ctx; -#ifndef OPENSSL_NO_DEPRECATED_3_0 - HMAC_CTX *hctx; -#endif -#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0) - CMAC_CTX *cmac_ctx; -#endif - GCM128_CONTEXT *gcm_ctx; + EVP_MAC_CTX *mctx; } loopargs_t; static int run_benchmark(int async_jobs, int (*loop_function) (void *), loopargs_t * loopargs); @@ -620,277 +497,215 @@ static unsigned int testnum; /* Nb of iterations to do per algorithm and key-size */ static long c[ALGOR_NUM][SIZE_NUM]; -#if !defined(OPENSSL_NO_MD2) && !defined(OPENSSL_NO_DEPRECATED_3_0) -static int EVP_Digest_MD2_loop(void *args) +static char *evp_mac_mdname = "md5"; +static char *evp_hmac_name = NULL; +static const char *evp_md_name = NULL; +static char *evp_mac_ciphername = "aes-128-cbc"; +static char *evp_cmac_name = NULL; + +static int have_md(const char *name) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char md2[MD2_DIGEST_LENGTH]; - int count; + int ret = 0; + EVP_MD *md = NULL; - for (count = 0; COND(c[D_MD2][testnum]); count++) { - if (!EVP_Digest(buf, (size_t)lengths[testnum], md2, NULL, EVP_md2(), - NULL)) - return -1; + if (opt_md_silent(name, &md)) { + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + + if (ctx != NULL && EVP_DigestInit(ctx, md) > 0) + ret = 1; + EVP_MD_CTX_free(ctx); + EVP_MD_free(md); } - return count; + return ret; } -#endif -#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) -static int EVP_Digest_MDC2_loop(void *args) +static int have_cipher(const char *name) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char mdc2[MDC2_DIGEST_LENGTH]; - int count; + int ret = 0; + EVP_CIPHER *cipher = NULL; - for (count = 0; COND(c[D_MDC2][testnum]); count++) { - if (!EVP_Digest(buf, (size_t)lengths[testnum], mdc2, NULL, EVP_mdc2(), - NULL)) - return -1; + if (opt_cipher_silent(name, &cipher)) { + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + + if (ctx != NULL + && EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) > 0) + ret = 1; + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_free(cipher); } - return count; + return ret; } -#endif -#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DEPRECATED_3_0) -static int EVP_Digest_MD4_loop(void *args) +static int EVP_Digest_loop(const char *mdname, int algindex, void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; - unsigned char md4[MD4_DIGEST_LENGTH]; + unsigned char digest[EVP_MAX_MD_SIZE]; int count; + EVP_MD *md = NULL; - for (count = 0; COND(c[D_MD4][testnum]); count++) { - if (!EVP_Digest(buf, (size_t)lengths[testnum], md4, NULL, EVP_md4(), - NULL)) - return -1; + if (!opt_md_silent(mdname, &md)) + return -1; + for (count = 0; COND(c[algindex][testnum]); count++) { + if (!EVP_Digest(buf, (size_t)lengths[testnum], digest, NULL, md, + NULL)) { + count = -1; + break; + } } + EVP_MD_free(md); return count; } -#endif -#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0) -static int MD5_loop(void *args) +static int EVP_Digest_md_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char md5[MD5_DIGEST_LENGTH]; - int count; - for (count = 0; COND(c[D_MD5][testnum]); count++) - MD5(buf, lengths[testnum], md5); - return count; + return EVP_Digest_loop(evp_md_name, D_EVP, args); } -# ifndef OPENSSL_NO_DEPRECATED_3_0 -static int HMAC_loop(void *args) +static int EVP_Digest_MD2_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - HMAC_CTX *hctx = tempargs->hctx; - unsigned char hmac[MD5_DIGEST_LENGTH]; - int count; - - for (count = 0; COND(c[D_HMAC][testnum]); count++) { - HMAC_Init_ex(hctx, NULL, 0, NULL, NULL); - HMAC_Update(hctx, buf, lengths[testnum]); - HMAC_Final(hctx, hmac, NULL); - } - return count; + return EVP_Digest_loop("md2", D_MD2, args); } -# endif -#endif -#ifndef OPENSSL_NO_DEPRECATED_3_0 -static int SHA1_loop(void *args) +static int EVP_Digest_MDC2_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char sha[SHA_DIGEST_LENGTH]; - int count; - for (count = 0; COND(c[D_SHA1][testnum]); count++) - SHA1(buf, lengths[testnum], sha); - return count; + return EVP_Digest_loop("mdc2", D_MDC2, args); } -static int SHA256_loop(void *args) +static int EVP_Digest_MD4_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char sha256[SHA256_DIGEST_LENGTH]; - int count; - for (count = 0; COND(c[D_SHA256][testnum]); count++) - SHA256(buf, lengths[testnum], sha256); - return count; + return EVP_Digest_loop("md4", D_MD4, args); } -static int SHA512_loop(void *args) +static int MD5_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char sha512[SHA512_DIGEST_LENGTH]; - int count; - for (count = 0; COND(c[D_SHA512][testnum]); count++) - SHA512(buf, lengths[testnum], sha512); - return count; + return EVP_Digest_loop("md5", D_MD5, args); } -#endif -#if !defined(OPENSSL_NO_WHIRLPOOL) && !defined(OPENSSL_NO_DEPRECATED_3_0) -static int WHIRLPOOL_loop(void *args) +static int EVP_MAC_loop(int algindex, void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; - unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH]; + EVP_MAC_CTX *mctx = tempargs->mctx; + unsigned char mac[EVP_MAX_MD_SIZE]; int count; - for (count = 0; COND(c[D_WHIRLPOOL][testnum]); count++) - WHIRLPOOL(buf, lengths[testnum], whirlpool); - return count; -} -#endif -#if !defined(OPENSSL_NO_RMD160) && !defined(OPENSSL_NO_DEPRECATED_3_0) -static int EVP_Digest_RMD160_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; - int count; - for (count = 0; COND(c[D_RMD160][testnum]); count++) { - if (!EVP_Digest(buf, (size_t)lengths[testnum], &(rmd160[0]), - NULL, EVP_ripemd160(), NULL)) + for (count = 0; COND(c[algindex][testnum]); count++) { + size_t outl; + + if (!EVP_MAC_init(mctx, NULL, 0, NULL) + || !EVP_MAC_update(mctx, buf, lengths[testnum]) + || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) return -1; } return count; } -#endif -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0) -static RC4_KEY rc4_ks; -static int RC4_loop(void *args) +static int HMAC_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - int count; - for (count = 0; COND(c[D_RC4][testnum]); count++) - RC4(&rc4_ks, (size_t)lengths[testnum], buf, buf); - return count; + return EVP_MAC_loop(D_HMAC, args); } -#endif -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) -static unsigned char DES_iv[8]; -static DES_key_schedule sch[3]; -static int DES_ncbc_encrypt_loop(void *args) +static int CMAC_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - int count; - for (count = 0; COND(c[D_CBC_DES][testnum]); count++) - DES_ncbc_encrypt(buf, buf, lengths[testnum], &sch[0], - &DES_iv, DES_ENCRYPT); - return count; + return EVP_MAC_loop(D_EVP_CMAC, args); } -static int DES_ede3_cbc_encrypt_loop(void *args) +static int SHA1_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - int count; - for (count = 0; COND(c[D_EDE3_DES][testnum]); count++) - DES_ede3_cbc_encrypt(buf, buf, lengths[testnum], - &sch[0], &sch[1], &sch[2], &DES_iv, DES_ENCRYPT); - return count; + return EVP_Digest_loop("sha1", D_SHA1, args); } -#endif - -#define MAX_BLOCK_SIZE 128 - -static unsigned char iv[2 * MAX_BLOCK_SIZE / 8]; -#ifndef OPENSSL_NO_DEPRECATED_3_0 -static AES_KEY aes_ks1, aes_ks2, aes_ks3; -static int AES_cbc_128_encrypt_loop(void *args) +static int SHA256_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - int count; - for (count = 0; COND(c[D_CBC_128_AES][testnum]); count++) - AES_cbc_encrypt(buf, buf, - (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT); - return count; + return EVP_Digest_loop("sha256", D_SHA256, args); } -static int AES_cbc_192_encrypt_loop(void *args) +static int SHA512_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - int count; - for (count = 0; COND(c[D_CBC_192_AES][testnum]); count++) - AES_cbc_encrypt(buf, buf, - (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT); - return count; + return EVP_Digest_loop("sha512", D_SHA512, args); } -static int AES_cbc_256_encrypt_loop(void *args) +static int WHIRLPOOL_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - int count; - for (count = 0; COND(c[D_CBC_256_AES][testnum]); count++) - AES_cbc_encrypt(buf, buf, - (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT); - return count; + return EVP_Digest_loop("whirlpool", D_WHIRLPOOL, args); } -static int AES_ige_128_encrypt_loop(void *args) +static int EVP_Digest_RMD160_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char *buf2 = tempargs->buf2; - int count; - for (count = 0; COND(c[D_IGE_128_AES][testnum]); count++) - AES_ige_encrypt(buf, buf2, - (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT); - return count; + return EVP_Digest_loop("ripemd160", D_RMD160, args); } -static int AES_ige_192_encrypt_loop(void *args) +static int algindex; + +static int EVP_Cipher_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; - unsigned char *buf2 = tempargs->buf2; int count; - for (count = 0; COND(c[D_IGE_192_AES][testnum]); count++) - AES_ige_encrypt(buf, buf2, - (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT); + + if (tempargs->ctx == NULL) + return -1; + for (count = 0; COND(c[algindex][testnum]); count++) + if (EVP_Cipher(tempargs->ctx, buf, buf, (size_t)lengths[testnum]) <= 0) + return -1; return count; } -static int AES_ige_256_encrypt_loop(void *args) +static int GHASH_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; - unsigned char *buf2 = tempargs->buf2; + EVP_MAC_CTX *mctx = tempargs->mctx; int count; - for (count = 0; COND(c[D_IGE_256_AES][testnum]); count++) - AES_ige_encrypt(buf, buf2, - (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT); + + /* just do the update in the loop to be comparable with 1.1.1 */ + for (count = 0; COND(c[D_GHASH][testnum]); count++) { + if (!EVP_MAC_update(mctx, buf, lengths[testnum])) + return -1; + } return count; } -static int CRYPTO_gcm128_aad_loop(void *args) +#define MAX_BLOCK_SIZE 128 + +static unsigned char iv[2 * MAX_BLOCK_SIZE / 8]; + +static EVP_CIPHER_CTX *init_evp_cipher_ctx(const char *ciphername, + const unsigned char *key, + int keylen) { - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - GCM128_CONTEXT *gcm_ctx = tempargs->gcm_ctx; - int count; - for (count = 0; COND(c[D_GHASH][testnum]); count++) - CRYPTO_gcm128_aad(gcm_ctx, buf, lengths[testnum]); - return count; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *cipher = NULL; + + if (!opt_cipher_silent(ciphername, &cipher)) + return NULL; + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + goto end; + + if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)) { + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + goto end; + } + + if (!EVP_CIPHER_CTX_set_key_length(ctx, keylen)) { + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + goto end; + } + + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1)) { + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + goto end; + } + +end: + EVP_CIPHER_free(cipher); + return ctx; } -#endif static int RAND_bytes_loop(void *args) { @@ -950,24 +765,25 @@ static int EVP_Update_loop_ccm(void *args) if (decrypt) { for (count = 0; COND(c[D_EVP][testnum]); count++) { - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), tag); + (void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), + tag); /* reset iv */ - EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); + (void)EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); /* counter is reset on every update */ - EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + (void)EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); } } else { for (count = 0; COND(c[D_EVP][testnum]); count++) { /* restore iv length field */ - EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]); + (void)EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]); /* counter is reset on every update */ - EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + (void)EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); } } if (decrypt) - EVP_DecryptFinal_ex(ctx, buf, &outl); + (void)EVP_DecryptFinal_ex(ctx, buf, &outl); else - EVP_EncryptFinal_ex(ctx, buf, &outl); + (void)EVP_EncryptFinal_ex(ctx, buf, &outl); return count; } @@ -987,160 +803,100 @@ static int EVP_Update_loop_aead(void *args) if (decrypt) { for (count = 0; COND(c[D_EVP][testnum]); count++) { - EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - sizeof(faketag), faketag); - EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)); - EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); - EVP_DecryptFinal_ex(ctx, buf + outl, &outl); + (void)EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); + (void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + sizeof(faketag), faketag); + (void)EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)); + (void)EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + (void)EVP_DecryptFinal_ex(ctx, buf + outl, &outl); } } else { for (count = 0; COND(c[D_EVP][testnum]); count++) { - EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv); - EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)); - EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); - EVP_EncryptFinal_ex(ctx, buf + outl, &outl); + (void)EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv); + (void)EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)); + (void)EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + (void)EVP_EncryptFinal_ex(ctx, buf + outl, &outl); } } return count; } -static EVP_MD *evp_md = NULL; -static int fetched_alg = 0; +static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ -static int EVP_Digest_loop(void *args) +static int RSA_sign_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; - unsigned char md[EVP_MAX_MD_SIZE]; - int count; + unsigned char *buf2 = tempargs->buf2; + size_t *rsa_num = &tempargs->sigsize; + EVP_PKEY_CTX **rsa_sign_ctx = tempargs->rsa_sign_ctx; + int ret, count; - for (count = 0; COND(c[D_EVP][testnum]); count++) { - if (!EVP_Digest(buf, lengths[testnum], md, NULL, evp_md, NULL)) - return -1; + for (count = 0; COND(rsa_c[testnum][0]); count++) { + *rsa_num = tempargs->buflen; + ret = EVP_PKEY_sign(rsa_sign_ctx[testnum], buf2, rsa_num, buf, 36); + if (ret <= 0) { + BIO_printf(bio_err, "RSA sign failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } } return count; } -#ifndef OPENSSL_NO_DEPRECATED_3_0 -static const EVP_MD *evp_hmac_md = NULL; -static char *evp_hmac_name = NULL; -static int EVP_HMAC_loop(void *args) +static int RSA_verify_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; - unsigned char no_key[32]; - int count; + unsigned char *buf2 = tempargs->buf2; + size_t rsa_num = tempargs->sigsize; + EVP_PKEY_CTX **rsa_verify_ctx = tempargs->rsa_verify_ctx; + int ret, count; - for (count = 0; COND(c[D_EVP_HMAC][testnum]); count++) { - if (HMAC(evp_hmac_md, no_key, sizeof(no_key), buf, lengths[testnum], - NULL, NULL) == NULL) - return -1; + for (count = 0; COND(rsa_c[testnum][1]); count++) { + ret = EVP_PKEY_verify(rsa_verify_ctx[testnum], buf2, rsa_num, buf, 36); + if (ret <= 0) { + BIO_printf(bio_err, "RSA verify failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } } return count; } -#endif -#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0) -static const EVP_CIPHER *evp_cmac_cipher = NULL; -static char *evp_cmac_name = NULL; +#ifndef OPENSSL_NO_DH +static long ffdh_c[FFDH_NUM][1]; -static int EVP_CMAC_loop(void *args) +static int FFDH_derive_key_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - CMAC_CTX *cmac_ctx = tempargs->cmac_ctx; - static const char key[16] = "This is a key..."; - unsigned char mac[16]; - size_t len = sizeof(mac); + EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum]; + unsigned char *derived_secret = tempargs->secret_ff_a; + size_t outlen = MAX_FFDH_SIZE; int count; - for (count = 0; COND(c[D_EVP_CMAC][testnum]); count++) { - if (!CMAC_Init(cmac_ctx, key, sizeof(key), evp_cmac_cipher, NULL) - || !CMAC_Update(cmac_ctx, buf, lengths[testnum]) - || !CMAC_Final(cmac_ctx, mac, &len)) - return -1; - } - return count; -} -#endif - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ - -static int RSA_sign_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char *buf2 = tempargs->buf2; - unsigned int *rsa_num = &tempargs->siglen; - RSA **rsa_key = tempargs->rsa_key; - int ret, count; - for (count = 0; COND(rsa_c[testnum][0]); count++) { - ret = RSA_sign(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]); - if (ret == 0) { - BIO_printf(bio_err, "RSA sign failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - } - return count; -} - -static int RSA_verify_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char *buf2 = tempargs->buf2; - unsigned int rsa_num = tempargs->siglen; - RSA **rsa_key = tempargs->rsa_key; - int ret, count; - for (count = 0; COND(rsa_c[testnum][1]); count++) { - ret = - RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]); - if (ret <= 0) { - BIO_printf(bio_err, "RSA verify failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - } + for (count = 0; COND(ffdh_c[testnum][0]); count++) + EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen); return count; } -#endif - -#ifndef OPENSSL_NO_DH -static long ffdh_c[FFDH_NUM][1]; - -static int FFDH_derive_key_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum]; - unsigned char *derived_secret = tempargs->secret_ff_a; - size_t outlen = MAX_FFDH_SIZE; - int count; - - for (count = 0; COND(ffdh_c[testnum][0]); count++) - EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen); - - return count; -} #endif /* OPENSSL_NO_DH */ -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) static long dsa_c[DSA_NUM][2]; static int DSA_sign_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; - DSA **dsa_key = tempargs->dsa_key; - unsigned int *siglen = &tempargs->siglen; + size_t *dsa_num = &tempargs->sigsize; + EVP_PKEY_CTX **dsa_sign_ctx = tempargs->dsa_sign_ctx; int ret, count; + for (count = 0; COND(dsa_c[testnum][0]); count++) { - ret = DSA_sign(0, buf, 20, buf2, siglen, dsa_key[testnum]); - if (ret == 0) { + *dsa_num = tempargs->buflen; + ret = EVP_PKEY_sign(dsa_sign_ctx[testnum], buf2, dsa_num, buf, 20); + if (ret <= 0) { BIO_printf(bio_err, "DSA sign failure\n"); ERR_print_errors(bio_err); count = -1; @@ -1155,11 +911,12 @@ static int DSA_verify_loop(void *args) loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; - DSA **dsa_key = tempargs->dsa_key; - unsigned int siglen = tempargs->siglen; + size_t dsa_num = tempargs->sigsize; + EVP_PKEY_CTX **dsa_verify_ctx = tempargs->dsa_verify_ctx; int ret, count; + for (count = 0; COND(dsa_c[testnum][1]); count++) { - ret = DSA_verify(0, buf, 20, buf2, siglen, dsa_key[testnum]); + ret = EVP_PKEY_verify(dsa_verify_ctx[testnum], buf2, dsa_num, buf, 20); if (ret <= 0) { BIO_printf(bio_err, "DSA verify failure\n"); ERR_print_errors(bio_err); @@ -1169,22 +926,21 @@ static int DSA_verify_loop(void *args) } return count; } -#endif -#ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_DEPRECATED_3_0 static long ecdsa_c[ECDSA_NUM][2]; static int ECDSA_sign_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; - EC_KEY **ecdsa = tempargs->ecdsa; - unsigned char *ecdsasig = tempargs->buf2; - unsigned int *ecdsasiglen = &tempargs->siglen; + unsigned char *buf2 = tempargs->buf2; + size_t *ecdsa_num = &tempargs->sigsize; + EVP_PKEY_CTX **ecdsa_sign_ctx = tempargs->ecdsa_sign_ctx; int ret, count; + for (count = 0; COND(ecdsa_c[testnum][0]); count++) { - ret = ECDSA_sign(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]); - if (ret == 0) { + *ecdsa_num = tempargs->buflen; + ret = EVP_PKEY_sign(ecdsa_sign_ctx[testnum], buf2, ecdsa_num, buf, 20); + if (ret <= 0) { BIO_printf(bio_err, "ECDSA sign failure\n"); ERR_print_errors(bio_err); count = -1; @@ -1198,13 +954,15 @@ static int ECDSA_verify_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; - EC_KEY **ecdsa = tempargs->ecdsa; - unsigned char *ecdsasig = tempargs->buf2; - unsigned int ecdsasiglen = tempargs->siglen; + unsigned char *buf2 = tempargs->buf2; + size_t ecdsa_num = tempargs->sigsize; + EVP_PKEY_CTX **ecdsa_verify_ctx = tempargs->ecdsa_verify_ctx; int ret, count; + for (count = 0; COND(ecdsa_c[testnum][1]); count++) { - ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]); - if (ret != 1) { + ret = EVP_PKEY_verify(ecdsa_verify_ctx[testnum], buf2, ecdsa_num, + buf, 20); + if (ret <= 0) { BIO_printf(bio_err, "ECDSA verify failure\n"); ERR_print_errors(bio_err); count = -1; @@ -1213,7 +971,6 @@ static int ECDSA_verify_loop(void *args) } return count; } -# endif /* ******************************************************************** */ static long ecdh_c[EC_NUM][1]; @@ -1275,7 +1032,7 @@ static int EdDSA_verify_loop(void *args) return count; } -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 static long sm2_c[SM2_NUM][2]; static int SM2_sign_loop(void *args) { @@ -1286,7 +1043,7 @@ static int SM2_sign_loop(void *args) size_t sm2sigsize; int ret, count; EVP_PKEY **sm2_pkey = tempargs->sm2_pkey; - const size_t max_size = EVP_PKEY_size(sm2_pkey[testnum]); + const size_t max_size = EVP_PKEY_get_size(sm2_pkey[testnum]); for (count = 0; COND(sm2_c[testnum][0]); count++) { sm2sigsize = max_size; @@ -1342,8 +1099,7 @@ static int SM2_verify_loop(void *args) } return count; } -# endif /* OPENSSL_NO_SM2 */ -#endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_SM2 */ static int run_benchmark(int async_jobs, int (*loop_function) (void *), loopargs_t * loopargs) @@ -1496,36 +1252,84 @@ static int run_benchmark(int async_jobs, return error ? -1 : total_op_count; } -static EVP_MD *obtain_md(const char *name) +typedef struct ec_curve_st { + const char *name; + unsigned int nid; + unsigned int bits; + size_t sigsize; /* only used for EdDSA curves */ +} EC_CURVE; + +static EVP_PKEY *get_ecdsa(const EC_CURVE *curve) { - EVP_MD *md = NULL; + EVP_PKEY_CTX *kctx = NULL; + EVP_PKEY *key = NULL; - /* Look through providers' digests */ - ERR_set_mark(); - md = EVP_MD_fetch(NULL, name, NULL); - ERR_pop_to_mark(); - if (md != NULL) { - fetched_alg = 1; - return md; + /* Ensure that the error queue is empty */ + if (ERR_peek_error()) { + BIO_printf(bio_err, + "WARNING: the error queue contains previous unhandled errors.\n"); + ERR_print_errors(bio_err); } - return (EVP_MD *)EVP_get_digestbyname(name); -} + /* + * Let's try to create a ctx directly from the NID: this works for + * curves like Curve25519 that are not implemented through the low + * level EC interface. + * If this fails we try creating a EVP_PKEY_EC generic param ctx, + * then we set the curve by NID before deriving the actual keygen + * ctx for that specific curve. + */ + kctx = EVP_PKEY_CTX_new_id(curve->nid, NULL); + if (kctx == NULL) { + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *params = NULL; + /* + * If we reach this code EVP_PKEY_CTX_new_id() failed and a + * "int_ctx_new:unsupported algorithm" error was added to the + * error queue. + * We remove it from the error queue as we are handling it. + */ + unsigned long error = ERR_peek_error(); + + if (error == ERR_peek_last_error() /* oldest and latest errors match */ + /* check that the error origin matches */ + && ERR_GET_LIB(error) == ERR_LIB_EVP + && (ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM + || ERR_GET_REASON(error) == ERR_R_UNSUPPORTED)) + ERR_get_error(); /* pop error from queue */ + if (ERR_peek_error()) { + BIO_printf(bio_err, + "Unhandled error in the error queue during EC key setup.\n"); + ERR_print_errors(bio_err); + return NULL; + } -static EVP_CIPHER *obtain_cipher(const char *name) -{ - EVP_CIPHER *cipher = NULL; + /* Create the context for parameter generation */ + if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL + || EVP_PKEY_paramgen_init(pctx) <= 0 + || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, + curve->nid) <= 0 + || EVP_PKEY_paramgen(pctx, ¶ms) <= 0) { + BIO_printf(bio_err, "EC params init failure.\n"); + ERR_print_errors(bio_err); + EVP_PKEY_CTX_free(pctx); + return NULL; + } + EVP_PKEY_CTX_free(pctx); - /* Look through providers' ciphers */ - ERR_set_mark(); - cipher = EVP_CIPHER_fetch(NULL, name, NULL); - ERR_pop_to_mark(); - if (cipher != NULL) { - fetched_alg = 1; - return cipher; + /* Create the context for the key generation */ + kctx = EVP_PKEY_CTX_new(params, NULL); + EVP_PKEY_free(params); } - - return (EVP_CIPHER *)EVP_get_cipherbyname(name); + if (kctx == NULL + || EVP_PKEY_keygen_init(kctx) <= 0 + || EVP_PKEY_keygen(kctx, &key) <= 0) { + BIO_printf(bio_err, "EC key generation failure.\n"); + ERR_print_errors(bio_err); + key = NULL; + } + EVP_PKEY_CTX_free(kctx); + return key; } #define stop_it(do_it, test_num)\ @@ -1538,6 +1342,7 @@ int speed_main(int argc, char **argv) const char *prog; const char *engine_id = NULL; EVP_CIPHER *evp_cipher = NULL; + EVP_MAC *mac = NULL; double d = 0.0; OPTION_CHOICE o; int async_init = 0, multiblock = 0, pr_header = 0; @@ -1548,60 +1353,28 @@ int speed_main(int argc, char **argv) unsigned int i, k, loopargs_len = 0, async_jobs = 0; int keylen; int buflen; + BIGNUM *bn = NULL; + EVP_PKEY_CTX *genctx = NULL; #ifndef NO_FORK int multi = 0; #endif -#if !defined(OPENSSL_NO_DEPRECATED_3_0) \ - || !defined(OPENSSL_NO_DSA) \ - || !defined(OPENSSL_NO_DH) \ - || !defined(OPENSSL_NO_EC) - long op_count = 1; -#endif + long op_count = 1; openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS, ECDSA_SECONDS, ECDH_SECONDS, EdDSA_SECONDS, SM2_SECONDS, FFDH_SECONDS }; - /* What follows are the buffers and key material. */ -#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0) - RC5_32_KEY rc5_ks; -#endif -#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) - RC2_KEY rc2_ks; -#endif -#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0) - IDEA_KEY_SCHEDULE idea_ks; -#endif -#if !defined(OPENSSL_NO_SEED) && !defined(OPENSSL_NO_DEPRECATED_3_0) - SEED_KEY_SCHEDULE seed_ks; -#endif -#if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0) - BF_KEY bf_ks; -#endif -#if !defined(OPENSSL_NO_CAST) && !defined(OPENSSL_NO_DEPRECATED_3_0) - CAST_KEY cast_ks; -#endif -#ifndef OPENSSL_NO_DEPRECATED_3_0 - static const unsigned char key16[16] = { - 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, - 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12 - }; - static const unsigned char key24[24] = { - 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, - 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, - 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 - }; static const unsigned char key32[32] = { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56 }; -#endif -#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0) - CAMELLIA_KEY camellia_ks[3]; -#endif -#ifndef OPENSSL_NO_DEPRECATED_3_0 + static const unsigned char deskey[] = { + 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, /* key1 */ + 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, /* key2 */ + 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 /* key3 */ + }; static const struct { const unsigned char *data; unsigned int length; @@ -1611,13 +1384,12 @@ int speed_main(int argc, char **argv) { test1024, sizeof(test1024), 1024 }, { test2048, sizeof(test2048), 2048 }, { test3072, sizeof(test3072), 3072 }, - { test4096, sizeof(test4096), 4092 }, + { test4096, sizeof(test4096), 4096 }, { test7680, sizeof(test7680), 7680 }, { test15360, sizeof(test15360), 15360 } }; uint8_t rsa_doit[RSA_NUM] = { 0 }; int primes = RSA_DEFAULT_PRIME_NUM; -#endif #ifndef OPENSSL_NO_DH typedef struct ffdh_params_st { const char *name; @@ -1635,17 +1407,8 @@ int speed_main(int argc, char **argv) uint8_t ffdh_doit[FFDH_NUM] = { 0 }; #endif /* OPENSSL_NO_DH */ -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 }; uint8_t dsa_doit[DSA_NUM] = { 0 }; -#endif -#ifndef OPENSSL_NO_EC - typedef struct ec_curve_st { - const char *name; - unsigned int nid; - unsigned int bits; - size_t sigsize; /* only used for EdDSA curves */ - } EC_CURVE; /* * We only test over the following curves as they are representative, To * add tests over more curves, simply add the curve NID and curve name to @@ -1660,7 +1423,7 @@ int speed_main(int argc, char **argv) {"nistp256", NID_X9_62_prime256v1, 256}, {"nistp384", NID_secp384r1, 384}, {"nistp521", NID_secp521r1, 521}, -# ifndef OPENSSL_NO_EC2M +#ifndef OPENSSL_NO_EC2M /* Binary Curves */ {"nistk163", NID_sect163k1, 163}, {"nistk233", NID_sect233k1, 233}, @@ -1672,7 +1435,7 @@ int speed_main(int argc, char **argv) {"nistb283", NID_sect283r1, 283}, {"nistb409", NID_sect409r1, 409}, {"nistb571", NID_sect571r1, 571}, -# endif +#endif {"brainpoolP256r1", NID_brainpoolP256r1, 256}, {"brainpoolP256t1", NID_brainpoolP256t1, 256}, {"brainpoolP384r1", NID_brainpoolP384r1, 384}, @@ -1688,13 +1451,13 @@ int speed_main(int argc, char **argv) {"Ed25519", NID_ED25519, 253, 64}, {"Ed448", NID_ED448, 456, 114} }; -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 static const EC_CURVE sm2_curves[SM2_NUM] = { /* SM2 */ {"CurveSM2", NID_sm2, 256} }; uint8_t sm2_doit[SM2_NUM] = { 0 }; -# endif +#endif uint8_t ecdsa_doit[ECDSA_NUM] = { 0 }; uint8_t ecdh_doit[EC_NUM] = { 0 }; uint8_t eddsa_doit[EdDSA_NUM] = { 0 }; @@ -1709,11 +1472,10 @@ int speed_main(int argc, char **argv) OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1); OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0); -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2); OPENSSL_assert(strcmp(sm2_choices[SM2_NUM - 1].name, "curveSM2") == 0); -# endif -#endif /* ndef OPENSSL_NO_EC */ +#endif prog = opt_init(argc, argv, speed_options); while ((o = opt_next()) != OPT_EOF) { @@ -1735,39 +1497,38 @@ int speed_main(int argc, char **argv) BIO_printf(bio_err, "%s: -evp option cannot be used more than once\n", prog); goto opterr; } - evp_md = NULL; - evp_cipher = obtain_cipher(opt_arg()); - if (evp_cipher == NULL) - evp_md = obtain_md(opt_arg()); - if (evp_cipher == NULL && evp_md == NULL) { + ERR_set_mark(); + if (!opt_cipher_silent(opt_arg(), &evp_cipher)) { + if (have_md(opt_arg())) + evp_md_name = opt_arg(); + } + if (evp_cipher == NULL && evp_md_name == NULL) { + ERR_clear_last_mark(); BIO_printf(bio_err, "%s: %s is an unknown cipher or digest\n", prog, opt_arg()); goto end; } + ERR_pop_to_mark(); doit[D_EVP] = 1; break; case OPT_HMAC: -#ifndef OPENSSL_NO_DEPRECATED_3_0 - evp_hmac_md = EVP_get_digestbyname(opt_arg()); - if (evp_hmac_md == NULL) { + if (!have_md(opt_arg())) { BIO_printf(bio_err, "%s: %s is an unknown digest\n", prog, opt_arg()); goto end; } - doit[D_EVP_HMAC] = 1; + evp_mac_mdname = opt_arg(); + doit[D_HMAC] = 1; break; -#endif case OPT_CMAC: -#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0) - evp_cmac_cipher = EVP_get_cipherbyname(opt_arg()); - if (evp_cmac_cipher == NULL) { + if (!have_cipher(opt_arg())) { BIO_printf(bio_err, "%s: %s is an unknown cipher\n", prog, opt_arg()); goto end; } + evp_mac_ciphername = opt_arg(); doit[D_EVP_CMAC] = 1; -#endif break; case OPT_DECRYPT: decrypt = 1; @@ -1783,6 +1544,10 @@ int speed_main(int argc, char **argv) case OPT_MULTI: #ifndef NO_FORK multi = atoi(opt_arg()); + if ((size_t)multi >= SIZE_MAX / sizeof(int)) { + BIO_printf(bio_err, "%s: multi argument too large\n", prog); + return 0; + } #endif break; case OPT_ASYNCJOBS: @@ -1801,8 +1566,7 @@ int speed_main(int argc, char **argv) #endif break; case OPT_MISALIGN: - if (!opt_int(opt_arg(), &misalign)) - goto end; + misalign = opt_int_arg(); if (misalign > MISALIGN) { BIO_printf(bio_err, "%s: Maximum offset is %d\n", prog, MISALIGN); @@ -1830,10 +1594,7 @@ int speed_main(int argc, char **argv) goto end; break; case OPT_PRIMES: -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if (!opt_int(opt_arg(), &primes)) - goto end; -#endif + primes = opt_int_arg(); break; case OPT_SECONDS: seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa @@ -1855,7 +1616,9 @@ int speed_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - app_RAND_load(); + if (!app_RAND_load()) + goto end; + for (; *argv; argv++) { const char *algo = *argv; @@ -1863,12 +1626,10 @@ int speed_main(int argc, char **argv) doit[i] = 1; continue; } -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (strcmp(algo, "des") == 0) { doit[D_CBC_DES] = doit[D_EDE3_DES] = 1; continue; } -#endif if (strcmp(algo, "sha") == 0) { doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1; continue; @@ -1876,8 +1637,9 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_DEPRECATED_3_0 if (strcmp(algo, "openssl") == 0) /* just for compatibility */ continue; - if (strncmp(algo, "rsa", 3) == 0) { - if (algo[3] == '\0') { +#endif + if (HAS_PREFIX(algo, "rsa")) { + if (algo[sizeof("rsa") - 1] == '\0') { memset(rsa_doit, 1, sizeof(rsa_doit)); continue; } @@ -1886,10 +1648,9 @@ int speed_main(int argc, char **argv) continue; } } -#endif #ifndef OPENSSL_NO_DH - if (strncmp(algo, "ffdh", 4) == 0) { - if (algo[4] == '\0') { + if (HAS_PREFIX(algo, "ffdh")) { + if (algo[sizeof("ffdh") - 1] == '\0') { memset(ffdh_doit, 1, sizeof(ffdh_doit)); continue; } @@ -1899,9 +1660,8 @@ int speed_main(int argc, char **argv) } } #endif -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (strncmp(algo, "dsa", 3) == 0) { - if (algo[3] == '\0') { + if (HAS_PREFIX(algo, "dsa")) { + if (algo[sizeof("dsa") - 1] == '\0') { memset(dsa_doit, 1, sizeof(dsa_doit)); continue; } @@ -1910,22 +1670,16 @@ int speed_main(int argc, char **argv) continue; } } -#endif -#ifndef OPENSSL_NO_DEPRECATED_3_0 if (strcmp(algo, "aes") == 0) { doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1; continue; } -#endif -#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (strcmp(algo, "camellia") == 0) { doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1; continue; } -#endif -#ifndef OPENSSL_NO_EC - if (strncmp(algo, "ecdsa", 5) == 0) { - if (algo[5] == '\0') { + if (HAS_PREFIX(algo, "ecdsa")) { + if (algo[sizeof("ecdsa") - 1] == '\0') { memset(ecdsa_doit, 1, sizeof(ecdsa_doit)); continue; } @@ -1934,8 +1688,8 @@ int speed_main(int argc, char **argv) continue; } } - if (strncmp(algo, "ecdh", 4) == 0) { - if (algo[4] == '\0') { + if (HAS_PREFIX(algo, "ecdh")) { + if (algo[sizeof("ecdh") - 1] == '\0') { memset(ecdh_doit, 1, sizeof(ecdh_doit)); continue; } @@ -1952,7 +1706,7 @@ int speed_main(int argc, char **argv) eddsa_doit[i] = 2; continue; } -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 if (strcmp(algo, "sm2") == 0) { memset(sm2_doit, 1, sizeof(sm2_doit)); continue; @@ -1961,8 +1715,7 @@ int speed_main(int argc, char **argv) sm2_doit[i] = 2; continue; } -# endif -#endif /* OPENSSL_NO_EC */ +#endif BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, algo); goto end; } @@ -1972,22 +1725,22 @@ int speed_main(int argc, char **argv) if (evp_cipher == NULL) { BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n"); goto end; - } else if (!(EVP_CIPHER_flags(evp_cipher) & + } else if (!(EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { BIO_printf(bio_err, "%s is not an AEAD cipher\n", - OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher))); + EVP_CIPHER_get0_name(evp_cipher)); goto end; } } if (multiblock) { if (evp_cipher == NULL) { - BIO_printf(bio_err,"-mb can be used only with a multi-block" - " capable cipher\n"); + BIO_printf(bio_err, "-mb can be used only with a multi-block" + " capable cipher\n"); goto end; - } else if (!(EVP_CIPHER_flags(evp_cipher) & + } else if (!(EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { BIO_printf(bio_err, "%s is not a multi-block capable\n", - OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher))); + EVP_CIPHER_get0_name(evp_cipher)); goto end; } else if (async_jobs > 0) { BIO_printf(bio_err, "Async mode is not supported with -mb"); @@ -2030,10 +1783,10 @@ int speed_main(int argc, char **argv) /* Align the start of buffers on a 64 byte boundary */ loopargs[i].buf = loopargs[i].buf_malloc + misalign; loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign; -#ifndef OPENSSL_NO_EC + loopargs[i].buflen = buflen - misalign; + loopargs[i].sigsize = buflen - misalign; loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a"); loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b"); -#endif #ifndef OPENSSL_NO_DH loopargs[i].secret_ff_a = app_malloc(MAX_FFDH_SIZE, "FFDH secret a"); loopargs[i].secret_ff_b = app_malloc(MAX_FFDH_SIZE, "FFDH secret b"); @@ -2049,34 +1802,43 @@ int speed_main(int argc, char **argv) e = setup_engine(engine_id, 0); /* No parameters; turn on everything. */ - if (argc == 0 && !doit[D_EVP] && !doit[D_EVP_HMAC] && !doit[D_EVP_CMAC]) { + if (argc == 0 && !doit[D_EVP] && !doit[D_HMAC] && !doit[D_EVP_CMAC]) { memset(doit, 1, sizeof(doit)); - doit[D_EVP] = doit[D_EVP_HMAC] = doit[D_EVP_CMAC] = 0; -#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) - doit[D_MDC2] = 0; -#endif -#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DEPRECATED_3_0) - doit[D_MD4] = 0; -#endif -#if !defined(OPENSSL_NO_RMD160) && !defined(OPENSSL_NO_DEPRECATED_3_0) - doit[D_RMD160] = 0; -#endif -#ifndef OPENSSL_NO_DEPRECATED_3_0 + doit[D_EVP] = doit[D_EVP_CMAC] = 0; + ERR_set_mark(); + for (i = D_MD2; i <= D_WHIRLPOOL; i++) { + if (!have_md(names[i])) + doit[i] = 0; + } + for (i = D_CBC_DES; i <= D_CBC_256_CML; i++) { + if (!have_cipher(names[i])) + doit[i] = 0; + } + if ((mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC", + app_get0_propq())) != NULL) { + EVP_MAC_free(mac); + mac = NULL; + } else { + doit[D_GHASH] = 0; + } + if ((mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC", + app_get0_propq())) != NULL) { + EVP_MAC_free(mac); + mac = NULL; + } else { + doit[D_HMAC] = 0; + } + ERR_pop_to_mark(); memset(rsa_doit, 1, sizeof(rsa_doit)); -#endif #ifndef OPENSSL_NO_DH memset(ffdh_doit, 1, sizeof(ffdh_doit)); #endif -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) memset(dsa_doit, 1, sizeof(dsa_doit)); -#endif -#ifndef OPENSSL_NO_EC memset(ecdsa_doit, 1, sizeof(ecdsa_doit)); memset(ecdh_doit, 1, sizeof(ecdh_doit)); memset(eddsa_doit, 1, sizeof(eddsa_doit)); -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 memset(sm2_doit, 1, sizeof(sm2_doit)); -# endif #endif } for (i = 0; i < ALGOR_NUM; i++) @@ -2088,348 +1850,10 @@ int speed_main(int argc, char **argv) "You have chosen to measure elapsed time " "instead of user CPU time.\n"); -#ifndef OPENSSL_NO_DEPRECATED_3_0 - for (i = 0; i < loopargs_len; i++) { - if (primes > RSA_DEFAULT_PRIME_NUM) { - /* for multi-prime RSA, skip this */ - break; - } - for (k = 0; k < RSA_NUM; k++) { - const unsigned char *p = rsa_keys[k].data; - - loopargs[i].rsa_key[k] = - d2i_RSAPrivateKey(NULL, &p, rsa_keys[k].length); - if (loopargs[i].rsa_key[k] == NULL) { - BIO_printf(bio_err, - "internal error loading RSA key number %d\n", k); - goto end; - } - } - } -#endif -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) - for (i = 0; i < loopargs_len; i++) { - loopargs[i].dsa_key[0] = get_dsa(512); - loopargs[i].dsa_key[1] = get_dsa(1024); - loopargs[i].dsa_key[2] = get_dsa(2048); - } -#endif -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_DES] || doit[D_EDE3_DES]) { - static DES_cblock keys[] = { - { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0 }, /* keys[0] */ - { 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12 }, /* keys[1] */ - { 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 } /* keys[3] */ - }; - DES_set_key_unchecked(&keys[0], &sch[0]); - DES_set_key_unchecked(&keys[1], &sch[1]); - DES_set_key_unchecked(&keys[2], &sch[2]); - } -#endif -#ifndef OPENSSL_NO_DEPRECATED_3_0 - AES_set_encrypt_key(key16, 128, &aes_ks1); - AES_set_encrypt_key(key24, 192, &aes_ks2); - AES_set_encrypt_key(key32, 256, &aes_ks3); -#endif -#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_128_CML] || doit[D_CBC_192_CML] || doit[D_CBC_256_CML]) { - Camellia_set_key(key16, 128, &camellia_ks[0]); - Camellia_set_key(key24, 192, &camellia_ks[1]); - Camellia_set_key(key32, 256, &camellia_ks[2]); - } -#endif -#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_IDEA]) - IDEA_set_encrypt_key(key16, &idea_ks); -#endif -#if !defined(OPENSSL_NO_SEED) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_SEED]) - SEED_set_key(key16, &seed_ks); -#endif -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_RC4]) - RC4_set_key(&rc4_ks, 16, key16); -#endif -#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_RC2]) - RC2_set_key(&rc2_ks, 16, key16, 128); -#endif -#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_RC5]) - if (!RC5_32_set_key(&rc5_ks, 16, key16, 12)) { - BIO_printf(bio_err, "Failed setting RC5 key\n"); - goto end; - } -#endif -#if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_BF]) - BF_set_key(&bf_ks, 16, key16); -#endif -#if !defined(OPENSSL_NO_CAST) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_CAST]) - CAST_set_key(&cast_ks, 16, key16); -#endif -#ifndef SIGALRM -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) - BIO_printf(bio_err, "First we calculate the approximate speed ...\n"); - count = 10; - do { - long it; - count *= 2; - Time_F(START); - for (it = count; it; it--) - DES_ecb_encrypt((DES_cblock *)loopargs[0].buf, - (DES_cblock *)loopargs[0].buf, &sch, DES_ENCRYPT); - d = Time_F(STOP); - } while (d < 3); - c[D_MD2][0] = count / 10; - c[D_MDC2][0] = count / 10; - c[D_MD4][0] = count; - c[D_MD5][0] = count; - c[D_HMAC][0] = count; - c[D_SHA1][0] = count; - c[D_RMD160][0] = count; - c[D_RC4][0] = count * 5; - c[D_CBC_DES][0] = count; - c[D_EDE3_DES][0] = count / 3; - c[D_CBC_IDEA][0] = count; - c[D_CBC_SEED][0] = count; - c[D_CBC_RC2][0] = count; - c[D_CBC_RC5][0] = count; - c[D_CBC_BF][0] = count; - c[D_CBC_CAST][0] = count; - c[D_CBC_128_AES][0] = count; - c[D_CBC_192_AES][0] = count; - c[D_CBC_256_AES][0] = count; - c[D_CBC_128_CML][0] = count; - c[D_CBC_192_CML][0] = count; - c[D_CBC_256_CML][0] = count; - c[D_EVP][0] = count; - c[D_SHA256][0] = count; - c[D_SHA512][0] = count; - c[D_WHIRLPOOL][0] = count; - c[D_IGE_128_AES][0] = count; - c[D_IGE_192_AES][0] = count; - c[D_IGE_256_AES][0] = count; - c[D_GHASH][0] = count; - c[D_RAND][0] = count; - c[D_EVP_HMAC][0] = count; - c[D_EVP_CMAC][0] = count; - - for (i = 1; i < size_num; i++) { - long l0 = (long)lengths[0]; - long l1 = (long)lengths[i]; - - c[D_MD2][i] = c[D_MD2][0] * 4 * l0 / l1; - c[D_MDC2][i] = c[D_MDC2][0] * 4 * l0 / l1; - c[D_MD4][i] = c[D_MD4][0] * 4 * l0 / l1; - c[D_MD5][i] = c[D_MD5][0] * 4 * l0 / l1; - c[D_HMAC][i] = c[D_HMAC][0] * 4 * l0 / l1; - c[D_SHA1][i] = c[D_SHA1][0] * 4 * l0 / l1; - c[D_RMD160][i] = c[D_RMD160][0] * 4 * l0 / l1; - c[D_EVP][i] = = c[D_EVP][0] * 4 * l0 / l1; - c[D_SHA256][i] = c[D_SHA256][0] * 4 * l0 / l1; - c[D_SHA512][i] = c[D_SHA512][0] * 4 * l0 / l1; - c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * l0 / l1; - c[D_GHASH][i] = c[D_GHASH][0] * 4 * l0 / l1; - c[D_RAND][i] = c[D_RAND][0] * 4 * l0 / l1; - c[D_EVP_HMAC][i] = = c[D_EVP_HMAC][0] * 4 * l0 / l1; - c[D_EVP_CMAC][i] = = c[D_EVP_CMAC][0] * 4 * l0 / l1; - - l0 = (long)lengths[i - 1]; - - c[D_RC4][i] = c[D_RC4][i - 1] * l0 / l1; - c[D_CBC_DES][i] = c[D_CBC_DES][i - 1] * l0 / l1; - c[D_EDE3_DES][i] = c[D_EDE3_DES][i - 1] * l0 / l1; - c[D_CBC_IDEA][i] = c[D_CBC_IDEA][i - 1] * l0 / l1; - c[D_CBC_SEED][i] = c[D_CBC_SEED][i - 1] * l0 / l1; - c[D_CBC_RC2][i] = c[D_CBC_RC2][i - 1] * l0 / l1; - c[D_CBC_RC5][i] = c[D_CBC_RC5][i - 1] * l0 / l1; - c[D_CBC_BF][i] = c[D_CBC_BF][i - 1] * l0 / l1; - c[D_CBC_CAST][i] = c[D_CBC_CAST][i - 1] * l0 / l1; - c[D_CBC_128_AES][i] = c[D_CBC_128_AES][i - 1] * l0 / l1; - c[D_CBC_192_AES][i] = c[D_CBC_192_AES][i - 1] * l0 / l1; - c[D_CBC_256_AES][i] = c[D_CBC_256_AES][i - 1] * l0 / l1; - c[D_CBC_128_CML][i] = c[D_CBC_128_CML][i - 1] * l0 / l1; - c[D_CBC_192_CML][i] = c[D_CBC_192_CML][i - 1] * l0 / l1; - c[D_CBC_256_CML][i] = c[D_CBC_256_CML][i - 1] * l0 / l1; - c[D_IGE_128_AES][i] = c[D_IGE_128_AES][i - 1] * l0 / l1; - c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1; - c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1; - } - -# ifndef OPENSSL_NO_DEPRECATED_3_0 - rsa_c[R_RSA_512][0] = count / 2000; - rsa_c[R_RSA_512][1] = count / 400; - for (i = 1; i < RSA_NUM; i++) { - rsa_c[i][0] = rsa_c[i - 1][0] / 8; - rsa_c[i][1] = rsa_c[i - 1][1] / 4; - if (rsa_doit[i] <= 1 && rsa_c[i][0] == 0) - rsa_doit[i] = 0; - else { - if (rsa_c[i][0] == 0) { - rsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */ - rsa_c[i][1] = 20; - } - } - } -# endif - -# if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) - dsa_c[R_DSA_512][0] = count / 1000; - dsa_c[R_DSA_512][1] = count / 1000 / 2; - for (i = 1; i < DSA_NUM; i++) { - dsa_c[i][0] = dsa_c[i - 1][0] / 4; - dsa_c[i][1] = dsa_c[i - 1][1] / 4; - if (dsa_doit[i] <= 1 && dsa_c[i][0] == 0) - dsa_doit[i] = 0; - else { - if (dsa_c[i][0] == 0) { - dsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */ - dsa_c[i][1] = 1; - } - } - } -# endif - -# ifndef OPENSSL_NO_EC - ecdsa_c[R_EC_P160][0] = count / 1000; - ecdsa_c[R_EC_P160][1] = count / 1000 / 2; - for (i = R_EC_P192; i <= R_EC_P521; i++) { - ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2; - ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2; - if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0) - ecdsa_doit[i] = 0; - else { - if (ecdsa_c[i][0] == 0) { - ecdsa_c[i][0] = 1; - ecdsa_c[i][1] = 1; - } - } - } -# ifndef OPENSSL_NO_EC2M - ecdsa_c[R_EC_K163][0] = count / 1000; - ecdsa_c[R_EC_K163][1] = count / 1000 / 2; - for (i = R_EC_K233; i <= R_EC_K571; i++) { - ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2; - ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2; - if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0) - ecdsa_doit[i] = 0; - else { - if (ecdsa_c[i][0] == 0) { - ecdsa_c[i][0] = 1; - ecdsa_c[i][1] = 1; - } - } - } - ecdsa_c[R_EC_B163][0] = count / 1000; - ecdsa_c[R_EC_B163][1] = count / 1000 / 2; - for (i = R_EC_B233; i <= R_EC_B571; i++) { - ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2; - ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2; - if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0) - ecdsa_doit[i] = 0; - else { - if (ecdsa_c[i][0] == 0) { - ecdsa_c[i][0] = 1; - ecdsa_c[i][1] = 1; - } - } - } -# endif - - ecdh_c[R_EC_P160][0] = count / 1000; - for (i = R_EC_P192; i <= R_EC_P521; i++) { - ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; - if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) - ecdh_doit[i] = 0; - else { - if (ecdh_c[i][0] == 0) { - ecdh_c[i][0] = 1; - } - } - } -# ifndef OPENSSL_NO_EC2M - ecdh_c[R_EC_K163][0] = count / 1000; - for (i = R_EC_K233; i <= R_EC_K571; i++) { - ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; - if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) - ecdh_doit[i] = 0; - else { - if (ecdh_c[i][0] == 0) { - ecdh_c[i][0] = 1; - } - } - } - ecdh_c[R_EC_B163][0] = count / 1000; - for (i = R_EC_B233; i <= R_EC_B571; i++) { - ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; - if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) - ecdh_doit[i] = 0; - else { - if (ecdh_c[i][0] == 0) { - ecdh_c[i][0] = 1; - } - } - } -# endif - /* repeated code good to factorize */ - ecdh_c[R_EC_BRP256R1][0] = count / 1000; - for (i = R_EC_BRP384R1; i <= R_EC_BRP512R1; i += 2) { - ecdh_c[i][0] = ecdh_c[i - 2][0] / 2; - if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) - ecdh_doit[i] = 0; - else { - if (ecdh_c[i][0] == 0) { - ecdh_c[i][0] = 1; - } - } - } - ecdh_c[R_EC_BRP256T1][0] = count / 1000; - for (i = R_EC_BRP384T1; i <= R_EC_BRP512T1; i += 2) { - ecdh_c[i][0] = ecdh_c[i - 2][0] / 2; - if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) - ecdh_doit[i] = 0; - else { - if (ecdh_c[i][0] == 0) { - ecdh_c[i][0] = 1; - } - } - } - /* default iteration count for the last two EC Curves */ - ecdh_c[R_EC_X25519][0] = count / 1800; - ecdh_c[R_EC_X448][0] = count / 7200; - - eddsa_c[R_EC_Ed25519][0] = count / 1800; - eddsa_c[R_EC_Ed448][0] = count / 7200; - -# ifndef OPENSSL_NO_SM2 - sm2_c[R_EC_SM2P256][0] = count / 1800; -# endif -# endif /* OPENSSL_NO_EC */ - -# ifndef OPENSSL_NO_DH - ffdh_c[R_FFDH_2048][0] = count / 1000; - for (i = R_FFDH_3072; i <= R_FFDH_8192; i++) { - ffdh_c[i][0] = ffdh_c[i - 1][0] / 2; - if (ffdh_doit[i] <= 1 && ffdh_c[i][0] == 0) { - ffdh_doit[i] = 0; - } else { - if (ffdh_c[i][0] == 0) - ffdh_c[i][0] = 1; - } - } -# endif /* OPENSSL_NO_DH */ - -# else -/* not worth fixing */ -# error "You cannot disable DES on systems without SIGALRM." -# endif /* OPENSSL_NO_DES */ -#elif SIGALRM > 0 +#if SIGALRM > 0 signal(SIGALRM, alarmed); -#endif /* SIGALRM */ +#endif -#if !defined(OPENSSL_NO_MD2) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_MD2]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum], @@ -2438,10 +1862,11 @@ int speed_main(int argc, char **argv) count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs); d = Time_F(STOP); print_result(D_MD2, testnum, count, d); + if (count < 0) + break; } } -#endif -#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) + if (doit[D_MDC2]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum], @@ -2454,9 +1879,7 @@ int speed_main(int argc, char **argv) break; } } -#endif -#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_MD4]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum], @@ -2469,9 +1892,7 @@ int speed_main(int argc, char **argv) break; } } -#endif -#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_MD5]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum], @@ -2480,37 +1901,11 @@ int speed_main(int argc, char **argv) count = run_benchmark(async_jobs, MD5_loop, loopargs); d = Time_F(STOP); print_result(D_MD5, testnum, count, d); + if (count < 0) + break; } } -# ifndef OPENSSL_NO_DEPRECATED_3_0 - if (doit[D_HMAC]) { - static const char hmac_key[] = "This is a key..."; - int len = strlen(hmac_key); - - for (i = 0; i < loopargs_len; i++) { - loopargs[i].hctx = HMAC_CTX_new(); - if (loopargs[i].hctx == NULL) { - BIO_printf(bio_err, "HMAC malloc failure, exiting..."); - exit(1); - } - - HMAC_Init_ex(loopargs[i].hctx, hmac_key, len, EVP_md5(), NULL); - } - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum], - seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, HMAC_loop, loopargs); - d = Time_F(STOP); - print_result(D_HMAC, testnum, count, d); - } - for (i = 0; i < loopargs_len; i++) - HMAC_CTX_free(loopargs[i].hctx); - } -# endif -#endif -#ifndef OPENSSL_NO_DEPRECATED_3_0 if (doit[D_SHA1]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum], @@ -2519,8 +1914,11 @@ int speed_main(int argc, char **argv) count = run_benchmark(async_jobs, SHA1_loop, loopargs); d = Time_F(STOP); print_result(D_SHA1, testnum, count, d); + if (count < 0) + break; } } + if (doit[D_SHA256]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_SHA256], c[D_SHA256][testnum], @@ -2529,8 +1927,11 @@ int speed_main(int argc, char **argv) count = run_benchmark(async_jobs, SHA256_loop, loopargs); d = Time_F(STOP); print_result(D_SHA256, testnum, count, d); + if (count < 0) + break; } } + if (doit[D_SHA512]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_SHA512], c[D_SHA512][testnum], @@ -2539,10 +1940,11 @@ int speed_main(int argc, char **argv) count = run_benchmark(async_jobs, SHA512_loop, loopargs); d = Time_F(STOP); print_result(D_SHA512, testnum, count, d); + if (count < 0) + break; } } -#endif -#if !defined(OPENSSL_NO_WHIRLPOOL) && !defined(OPENSSL_NO_DEPRECATED_3_0) + if (doit[D_WHIRLPOOL]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum], @@ -2551,11 +1953,11 @@ int speed_main(int argc, char **argv) count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs); d = Time_F(STOP); print_result(D_WHIRLPOOL, testnum, count, d); + if (count < 0) + break; } } -#endif -#if !defined(OPENSSL_NO_RMD160) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (doit[D_RMD160]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_RMD160], c[D_RMD160][testnum], @@ -2568,320 +1970,211 @@ int speed_main(int argc, char **argv) break; } } -#endif -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_RC4]) { + + if (doit[D_HMAC]) { + static const char hmac_key[] = "This is a key..."; + int len = strlen(hmac_key); + OSSL_PARAM params[3]; + + mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC", app_get0_propq()); + if (mac == NULL || evp_mac_mdname == NULL) + goto end; + + evp_hmac_name = app_malloc(sizeof("hmac()") + strlen(evp_mac_mdname), + "HMAC name"); + sprintf(evp_hmac_name, "hmac(%s)", evp_mac_mdname); + names[D_HMAC] = evp_hmac_name; + + params[0] = + OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, + evp_mac_mdname, 0); + params[1] = + OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, + (char *)hmac_key, len); + params[2] = OSSL_PARAM_construct_end(); + + for (i = 0; i < loopargs_len; i++) { + loopargs[i].mctx = EVP_MAC_CTX_new(mac); + if (loopargs[i].mctx == NULL) + goto end; + + if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) + goto end; + } for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_RC4], c[D_RC4][testnum], lengths[testnum], + print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, RC4_loop, loopargs); + count = run_benchmark(async_jobs, HMAC_loop, loopargs); d = Time_F(STOP); - print_result(D_RC4, testnum, count, d); + print_result(D_HMAC, testnum, count, d); + if (count < 0) + break; } + for (i = 0; i < loopargs_len; i++) + EVP_MAC_CTX_free(loopargs[i].mctx); + EVP_MAC_free(mac); + mac = NULL; } -#endif -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) + if (doit[D_CBC_DES]) { - for (testnum = 0; testnum < size_num; testnum++) { + int st = 1; + + for (i = 0; st && i < loopargs_len; i++) { + loopargs[i].ctx = init_evp_cipher_ctx("des-cbc", deskey, + sizeof(deskey) / 3); + st = loopargs[i].ctx != NULL; + } + algindex = D_CBC_DES; + for (testnum = 0; st && testnum < size_num; testnum++) { print_message(names[D_CBC_DES], c[D_CBC_DES][testnum], lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, DES_ncbc_encrypt_loop, loopargs); + count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); d = Time_F(STOP); print_result(D_CBC_DES, testnum, count, d); } + for (i = 0; i < loopargs_len; i++) + EVP_CIPHER_CTX_free(loopargs[i].ctx); } if (doit[D_EDE3_DES]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = - run_benchmark(async_jobs, DES_ede3_cbc_encrypt_loop, loopargs); - d = Time_F(STOP); - print_result(D_EDE3_DES, testnum, count, d); - } - } -#endif + int st = 1; -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if (doit[D_CBC_128_AES]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = - run_benchmark(async_jobs, AES_cbc_128_encrypt_loop, loopargs); - d = Time_F(STOP); - print_result(D_CBC_128_AES, testnum, count, d); + for (i = 0; st && i < loopargs_len; i++) { + loopargs[i].ctx = init_evp_cipher_ctx("des-ede3-cbc", deskey, + sizeof(deskey)); + st = loopargs[i].ctx != NULL; } - } - if (doit[D_CBC_192_AES]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = - run_benchmark(async_jobs, AES_cbc_192_encrypt_loop, loopargs); - d = Time_F(STOP); - print_result(D_CBC_192_AES, testnum, count, d); - } - } - if (doit[D_CBC_256_AES]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][testnum], + algindex = D_EDE3_DES; + for (testnum = 0; st && testnum < size_num; testnum++) { + print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum], lengths[testnum], seconds.sym); Time_F(START); count = - run_benchmark(async_jobs, AES_cbc_256_encrypt_loop, loopargs); + run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); d = Time_F(STOP); - print_result(D_CBC_256_AES, testnum, count, d); + print_result(D_EDE3_DES, testnum, count, d); } + for (i = 0; i < loopargs_len; i++) + EVP_CIPHER_CTX_free(loopargs[i].ctx); } + for (k = 0; k < 3; k++) { + algindex = D_CBC_128_AES + k; + if (doit[algindex]) { + int st = 1; - if (doit[D_IGE_128_AES]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = - run_benchmark(async_jobs, AES_ige_128_encrypt_loop, loopargs); - d = Time_F(STOP); - print_result(D_IGE_128_AES, testnum, count, d); - } - } - if (doit[D_IGE_192_AES]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = - run_benchmark(async_jobs, AES_ige_192_encrypt_loop, loopargs); - d = Time_F(STOP); - print_result(D_IGE_192_AES, testnum, count, d); - } - } - if (doit[D_IGE_256_AES]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = - run_benchmark(async_jobs, AES_ige_256_encrypt_loop, loopargs); - d = Time_F(STOP); - print_result(D_IGE_256_AES, testnum, count, d); - } - } - if (doit[D_GHASH]) { - for (i = 0; i < loopargs_len; i++) { - loopargs[i].gcm_ctx = - CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt); - CRYPTO_gcm128_setiv(loopargs[i].gcm_ctx, - (unsigned char *)"0123456789ab", 12); - } - - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_GHASH], c[D_GHASH][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, CRYPTO_gcm128_aad_loop, loopargs); - d = Time_F(STOP); - print_result(D_GHASH, testnum, count, d); - } - for (i = 0; i < loopargs_len; i++) - CRYPTO_gcm128_release(loopargs[i].gcm_ctx); - } -#endif /* OPENSSL_NO_DEPRECATED_3_0 */ -#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_128_CML]) { - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported with %s\n", - names[D_CBC_128_CML]); - doit[D_CBC_128_CML] = 0; - } - for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { - print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - for (count = 0; COND(c[D_CBC_128_CML][testnum]); count++) - Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, - (size_t)lengths[testnum], &camellia_ks[0], - iv, CAMELLIA_ENCRYPT); - d = Time_F(STOP); - print_result(D_CBC_128_CML, testnum, count, d); - } - } - if (doit[D_CBC_192_CML]) { - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported with %s\n", - names[D_CBC_192_CML]); - doit[D_CBC_192_CML] = 0; - } - for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { - print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][testnum], - lengths[testnum], seconds.sym); - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported, exiting..."); - exit(1); + keylen = 16 + k * 8; + for (i = 0; st && i < loopargs_len; i++) { + loopargs[i].ctx = init_evp_cipher_ctx(names[algindex], + key32, keylen); + st = loopargs[i].ctx != NULL; } - Time_F(START); - for (count = 0; COND(c[D_CBC_192_CML][testnum]); count++) - Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, - (size_t)lengths[testnum], &camellia_ks[1], - iv, CAMELLIA_ENCRYPT); - d = Time_F(STOP); - print_result(D_CBC_192_CML, testnum, count, d); - } - } - if (doit[D_CBC_256_CML]) { - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported with %s\n", - names[D_CBC_256_CML]); - doit[D_CBC_256_CML] = 0; - } - for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { - print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - for (count = 0; COND(c[D_CBC_256_CML][testnum]); count++) - Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, - (size_t)lengths[testnum], &camellia_ks[2], - iv, CAMELLIA_ENCRYPT); - d = Time_F(STOP); - print_result(D_CBC_256_CML, testnum, count, d); - } - } -#endif -#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_IDEA]) { - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported with %s\n", - names[D_CBC_IDEA]); - doit[D_CBC_IDEA] = 0; - } - for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { - print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - for (count = 0; COND(c[D_CBC_IDEA][testnum]); count++) - IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, - (size_t)lengths[testnum], &idea_ks, - iv, IDEA_ENCRYPT); - d = Time_F(STOP); - print_result(D_CBC_IDEA, testnum, count, d); - } - } -#endif -#if !defined(OPENSSL_NO_SEED) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_SEED]) { - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported with %s\n", - names[D_CBC_SEED]); - doit[D_CBC_SEED] = 0; - } - for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { - print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - for (count = 0; COND(c[D_CBC_SEED][testnum]); count++) - SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, - (size_t)lengths[testnum], &seed_ks, iv, 1); - d = Time_F(STOP); - print_result(D_CBC_SEED, testnum, count, d); - } - } -#endif -#if !defined(OPENSSL_NO_RC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_RC2]) { - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported with %s\n", - names[D_CBC_RC2]); - doit[D_CBC_RC2] = 0; - } - for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { - print_message(names[D_CBC_RC2], c[D_CBC_RC2][testnum], - lengths[testnum], seconds.sym); - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported, exiting..."); - exit(1); + + for (testnum = 0; st && testnum < size_num; testnum++) { + print_message(names[algindex], c[algindex][testnum], + lengths[testnum], seconds.sym); + Time_F(START); + count = + run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); + d = Time_F(STOP); + print_result(algindex, testnum, count, d); } - Time_F(START); - for (count = 0; COND(c[D_CBC_RC2][testnum]); count++) - RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, - (size_t)lengths[testnum], &rc2_ks, - iv, RC2_ENCRYPT); - d = Time_F(STOP); - print_result(D_CBC_RC2, testnum, count, d); + for (i = 0; i < loopargs_len; i++) + EVP_CIPHER_CTX_free(loopargs[i].ctx); } } -#endif -#if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_RC5]) { - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported with %s\n", - names[D_CBC_RC5]); - doit[D_CBC_RC5] = 0; - } - for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { - print_message(names[D_CBC_RC5], c[D_CBC_RC5][testnum], - lengths[testnum], seconds.sym); - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported, exiting..."); - exit(1); + + for (k = 0; k < 3; k++) { + algindex = D_CBC_128_CML + k; + if (doit[algindex]) { + int st = 1; + + keylen = 16 + k * 8; + for (i = 0; st && i < loopargs_len; i++) { + loopargs[i].ctx = init_evp_cipher_ctx(names[algindex], + key32, keylen); + st = loopargs[i].ctx != NULL; } - Time_F(START); - for (count = 0; COND(c[D_CBC_RC5][testnum]); count++) - RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, - (size_t)lengths[testnum], &rc5_ks, - iv, RC5_ENCRYPT); - d = Time_F(STOP); - print_result(D_CBC_RC5, testnum, count, d); + + for (testnum = 0; st && testnum < size_num; testnum++) { + print_message(names[algindex], c[algindex][testnum], + lengths[testnum], seconds.sym); + Time_F(START); + count = + run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); + d = Time_F(STOP); + print_result(algindex, testnum, count, d); + } + for (i = 0; i < loopargs_len; i++) + EVP_CIPHER_CTX_free(loopargs[i].ctx); } } -#endif -#if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_BF]) { - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported with %s\n", - names[D_CBC_BF]); - doit[D_CBC_BF] = 0; - } - for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { - print_message(names[D_CBC_BF], c[D_CBC_BF][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - for (count = 0; COND(c[D_CBC_BF][testnum]); count++) - BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, - (size_t)lengths[testnum], &bf_ks, - iv, BF_ENCRYPT); - d = Time_F(STOP); - print_result(D_CBC_BF, testnum, count, d); + + for (algindex = D_RC4; algindex <= D_CBC_CAST; algindex++) { + if (doit[algindex]) { + int st = 1; + + keylen = 16; + for (i = 0; st && i < loopargs_len; i++) { + loopargs[i].ctx = init_evp_cipher_ctx(names[algindex], + key32, keylen); + st = loopargs[i].ctx != NULL; + } + + for (testnum = 0; st && testnum < size_num; testnum++) { + print_message(names[algindex], c[algindex][testnum], + lengths[testnum], seconds.sym); + Time_F(START); + count = + run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); + d = Time_F(STOP); + print_result(algindex, testnum, count, d); + } + for (i = 0; i < loopargs_len; i++) + EVP_CIPHER_CTX_free(loopargs[i].ctx); } } -#endif -#if !defined(OPENSSL_NO_CAST) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_CBC_CAST]) { - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported with %s\n", - names[D_CBC_CAST]); - doit[D_CBC_CAST] = 0; + if (doit[D_GHASH]) { + static const char gmac_iv[] = "0123456789ab"; + OSSL_PARAM params[3]; + + mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC", app_get0_propq()); + if (mac == NULL) + goto end; + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER, + "aes-128-gcm", 0); + params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, + (char *)gmac_iv, + sizeof(gmac_iv) - 1); + params[2] = OSSL_PARAM_construct_end(); + + for (i = 0; i < loopargs_len; i++) { + loopargs[i].mctx = EVP_MAC_CTX_new(mac); + if (loopargs[i].mctx == NULL) + goto end; + + if (!EVP_MAC_init(loopargs[i].mctx, key32, 16, params)) + goto end; } - for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { - print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum], - lengths[testnum], seconds.sym); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_GHASH], c[D_GHASH][testnum], lengths[testnum], + seconds.sym); Time_F(START); - for (count = 0; COND(c[D_CBC_CAST][testnum]); count++) - CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, - (size_t)lengths[testnum], &cast_ks, - iv, CAST_ENCRYPT); + count = run_benchmark(async_jobs, GHASH_loop, loopargs); d = Time_F(STOP); - print_result(D_CBC_CAST, testnum, count, d); + print_result(D_GHASH, testnum, count, d); + if (count < 0) + break; } + for (i = 0; i < loopargs_len; i++) + EVP_MAC_CTX_free(loopargs[i].mctx); + EVP_MAC_free(mac); + mac = NULL; } -#endif + if (doit[D_RAND]) { for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum], @@ -2897,18 +2190,18 @@ int speed_main(int argc, char **argv) if (evp_cipher != NULL) { int (*loopfunc) (void *) = EVP_Update_loop; - if (multiblock && (EVP_CIPHER_flags(evp_cipher) & + if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { multiblock_speed(evp_cipher, lengths_single, &seconds); ret = 0; goto end; } - names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)); + names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher); - if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) { + if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_CCM_MODE) { loopfunc = EVP_Update_loop_ccm; - } else if (aead && (EVP_CIPHER_flags(evp_cipher) & + } else if (aead && (EVP_CIPHER_get_flags(evp_cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { loopfunc = EVP_Update_loop_aead; if (lengths == lengths_list) { @@ -2936,7 +2229,7 @@ int speed_main(int argc, char **argv) EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0); - keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx); + keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx); loopargs[k].key = app_malloc(keylen, "evp_cipher key"); EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key); if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, @@ -2948,127 +2241,132 @@ int speed_main(int argc, char **argv) OPENSSL_clear_free(loopargs[k].key, keylen); /* SIV mode only allows for a single Update operation */ - if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_SIV_MODE) - EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, EVP_CTRL_SET_SPEED, 1, NULL); + if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_SIV_MODE) + (void)EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, + EVP_CTRL_SET_SPEED, 1, NULL); } Time_F(START); count = run_benchmark(async_jobs, loopfunc, loopargs); d = Time_F(STOP); - for (k = 0; k < loopargs_len; k++) { + for (k = 0; k < loopargs_len; k++) EVP_CIPHER_CTX_free(loopargs[k].ctx); - } print_result(D_EVP, testnum, count, d); } - } else if (evp_md != NULL) { - names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md)); + } else if (evp_md_name != NULL) { + names[D_EVP] = evp_md_name; for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs); + count = run_benchmark(async_jobs, EVP_Digest_md_loop, loopargs); d = Time_F(STOP); print_result(D_EVP, testnum, count, d); + if (count < 0) + break; } } } -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if (doit[D_EVP_HMAC] && evp_hmac_md != NULL) { - const char *md_name = OBJ_nid2ln(EVP_MD_type(evp_hmac_md)); + if (doit[D_EVP_CMAC]) { + OSSL_PARAM params[3]; + EVP_CIPHER *cipher = NULL; - evp_hmac_name = app_malloc(sizeof("HMAC()") + strlen(md_name), - "HMAC name"); - sprintf(evp_hmac_name, "HMAC(%s)", md_name); - names[D_EVP_HMAC] = evp_hmac_name; + mac = EVP_MAC_fetch(app_get0_libctx(), "CMAC", app_get0_propq()); + if (mac == NULL || evp_mac_ciphername == NULL) + goto end; + if (!opt_cipher(evp_mac_ciphername, &cipher)) + goto end; - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_EVP_HMAC], c[D_EVP_HMAC][testnum], lengths[testnum], - seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, EVP_HMAC_loop, loopargs); - d = Time_F(STOP); - print_result(D_EVP_HMAC, testnum, count, d); + keylen = EVP_CIPHER_get_key_length(cipher); + EVP_CIPHER_free(cipher); + if (keylen <= 0 || keylen > (int)sizeof(key32)) { + BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n"); + goto end; } - } -#endif - -#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0) - if (doit[D_EVP_CMAC] && evp_cmac_cipher != NULL) { - const char *cipher_name = OBJ_nid2ln(EVP_CIPHER_type(evp_cmac_cipher)); - - evp_cmac_name = app_malloc(sizeof("CMAC()") + strlen(cipher_name), - "CMAC name"); - sprintf(evp_cmac_name, "CMAC(%s)", cipher_name); + evp_cmac_name = app_malloc(sizeof("cmac()") + + strlen(evp_mac_ciphername), "CMAC name"); + sprintf(evp_cmac_name, "cmac(%s)", evp_mac_ciphername); names[D_EVP_CMAC] = evp_cmac_name; + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER, + evp_mac_ciphername, 0); + params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, + (char *)key32, keylen); + params[2] = OSSL_PARAM_construct_end(); + for (i = 0; i < loopargs_len; i++) { - loopargs[i].cmac_ctx = CMAC_CTX_new(); - if (loopargs[i].cmac_ctx == NULL) { - BIO_printf(bio_err, "CMAC malloc failure, exiting..."); - exit(1); - } + loopargs[i].mctx = EVP_MAC_CTX_new(mac); + if (loopargs[i].mctx == NULL) + goto end; + + if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) + goto end; } + for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_EVP_CMAC], c[D_EVP_CMAC][testnum], lengths[testnum], - seconds.sym); + print_message(names[D_EVP_CMAC], c[D_EVP_CMAC][testnum], + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, EVP_CMAC_loop, loopargs); + count = run_benchmark(async_jobs, CMAC_loop, loopargs); d = Time_F(STOP); print_result(D_EVP_CMAC, testnum, count, d); + if (count < 0) + break; } for (i = 0; i < loopargs_len; i++) - CMAC_CTX_free(loopargs[i].cmac_ctx); + EVP_MAC_CTX_free(loopargs[i].mctx); + EVP_MAC_free(mac); + mac = NULL; } -#endif for (i = 0; i < loopargs_len; i++) if (RAND_bytes(loopargs[i].buf, 36) <= 0) goto end; -#ifndef OPENSSL_NO_DEPRECATED_3_0 for (testnum = 0; testnum < RSA_NUM; testnum++) { + EVP_PKEY *rsa_key = NULL; int st = 0; + if (!rsa_doit[testnum]) continue; - for (i = 0; i < loopargs_len; i++) { - if (primes > RSA_DEFAULT_PRIME_NUM) { - /* we haven't set keys yet, generate multi-prime RSA keys */ - BIGNUM *bn = BN_new(); - - if (bn == NULL) - goto end; - if (!BN_set_word(bn, RSA_F4)) { - BN_free(bn); - goto end; - } - BIO_printf(bio_err, "Generate multi-prime RSA key for %s\n", - rsa_choices[testnum].name); + if (primes > RSA_DEFAULT_PRIME_NUM) { + /* we haven't set keys yet, generate multi-prime RSA keys */ + bn = BN_new(); + st = bn != NULL + && BN_set_word(bn, RSA_F4) + && init_gen_str(&genctx, "RSA", NULL, 0, NULL, NULL) + && EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, rsa_keys[testnum].bits) > 0 + && EVP_PKEY_CTX_set1_rsa_keygen_pubexp(genctx, bn) > 0 + && EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) > 0 + && EVP_PKEY_keygen(genctx, &rsa_key); + BN_free(bn); + bn = NULL; + EVP_PKEY_CTX_free(genctx); + genctx = NULL; + } else { + const unsigned char *p = rsa_keys[testnum].data; - loopargs[i].rsa_key[testnum] = RSA_new(); - if (loopargs[i].rsa_key[testnum] == NULL) { - BN_free(bn); - goto end; - } + st = (rsa_key = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, + rsa_keys[testnum].length)) != NULL; + } - if (!RSA_generate_multi_prime_key(loopargs[i].rsa_key[testnum], - rsa_keys[testnum].bits, - primes, bn, NULL)) { - BN_free(bn); - goto end; - } - BN_free(bn); - } - st = RSA_sign(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2, - &loopargs[i].siglen, loopargs[i].rsa_key[testnum]); - if (st == 0) - break; + for (i = 0; st && i < loopargs_len; i++) { + loopargs[i].rsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL); + loopargs[i].sigsize = loopargs[i].buflen; + if (loopargs[i].rsa_sign_ctx[testnum] == NULL + || EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0 + || EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum], + loopargs[i].buf2, + &loopargs[i].sigsize, + loopargs[i].buf, 36) <= 0) + st = 0; } - if (st == 0) { + if (!st) { BIO_printf(bio_err, - "RSA sign failure. No RSA sign will be done.\n"); + "RSA sign setup failure. No RSA sign will be done.\n"); ERR_print_errors(bio_err); op_count = 1; } else { @@ -3087,15 +2385,20 @@ int speed_main(int argc, char **argv) op_count = count; } - for (i = 0; i < loopargs_len; i++) { - st = RSA_verify(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2, - loopargs[i].siglen, loopargs[i].rsa_key[testnum]); - if (st <= 0) - break; + for (i = 0; st && i < loopargs_len; i++) { + loopargs[i].rsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, + NULL); + if (loopargs[i].rsa_verify_ctx[testnum] == NULL + || EVP_PKEY_verify_init(loopargs[i].rsa_verify_ctx[testnum]) <= 0 + || EVP_PKEY_verify(loopargs[i].rsa_verify_ctx[testnum], + loopargs[i].buf2, + loopargs[i].sigsize, + loopargs[i].buf, 36) <= 0) + st = 0; } - if (st <= 0) { + if (!st) { BIO_printf(bio_err, - "RSA verify failure. No RSA verify will be done.\n"); + "RSA verify setup failure. No RSA verify will be done.\n"); ERR_print_errors(bio_err); rsa_doit[testnum] = 0; } else { @@ -3116,30 +2419,34 @@ int speed_main(int argc, char **argv) /* if longer than 10s, don't do any more */ stop_it(rsa_doit, testnum); } + EVP_PKEY_free(rsa_key); } -#endif /* OPENSSL_NO_DEPRECATED_3_0 */ - - for (i = 0; i < loopargs_len; i++) - if (RAND_bytes(loopargs[i].buf, 36) <= 0) - goto end; -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) for (testnum = 0; testnum < DSA_NUM; testnum++) { - int st = 0; + EVP_PKEY *dsa_key = NULL; + int st; + if (!dsa_doit[testnum]) continue; - /* DSA_generate_key(dsa_key[testnum]); */ - /* DSA_sign_setup(dsa_key[testnum],NULL); */ - for (i = 0; i < loopargs_len; i++) { - st = DSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2, - &loopargs[i].siglen, loopargs[i].dsa_key[testnum]); - if (st == 0) - break; + st = (dsa_key = get_dsa(dsa_bits[testnum])) != NULL; + + for (i = 0; st && i < loopargs_len; i++) { + loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key, + NULL); + loopargs[i].sigsize = loopargs[i].buflen; + if (loopargs[i].dsa_sign_ctx[testnum] == NULL + || EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0 + + || EVP_PKEY_sign(loopargs[i].dsa_sign_ctx[testnum], + loopargs[i].buf2, + &loopargs[i].sigsize, + loopargs[i].buf, 20) <= 0) + st = 0; } - if (st == 0) { + if (!st) { BIO_printf(bio_err, - "DSA sign failure. No DSA sign will be done.\n"); + "DSA sign setup failure. No DSA sign will be done.\n"); ERR_print_errors(bio_err); op_count = 1; } else { @@ -3157,15 +2464,20 @@ int speed_main(int argc, char **argv) op_count = count; } - for (i = 0; i < loopargs_len; i++) { - st = DSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2, - loopargs[i].siglen, loopargs[i].dsa_key[testnum]); - if (st <= 0) - break; + for (i = 0; st && i < loopargs_len; i++) { + loopargs[i].dsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key, + NULL); + if (loopargs[i].dsa_verify_ctx[testnum] == NULL + || EVP_PKEY_verify_init(loopargs[i].dsa_verify_ctx[testnum]) <= 0 + || EVP_PKEY_verify(loopargs[i].dsa_verify_ctx[testnum], + loopargs[i].buf2, + loopargs[i].sigsize, + loopargs[i].buf, 36) <= 0) + st = 0; } - if (st <= 0) { + if (!st) { BIO_printf(bio_err, - "DSA verify failure. No DSA verify will be done.\n"); + "DSA verify setup failure. No DSA verify will be done.\n"); ERR_print_errors(bio_err); dsa_doit[testnum] = 0; } else { @@ -3186,93 +2498,86 @@ int speed_main(int argc, char **argv) /* if longer than 10s, don't do any more */ stop_it(dsa_doit, testnum); } + EVP_PKEY_free(dsa_key); } -#endif /* OPENSSL_NO_DSA */ -#ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_DEPRECATED_3_0 for (testnum = 0; testnum < ECDSA_NUM; testnum++) { - int st = 1; + EVP_PKEY *ecdsa_key = NULL; + int st; if (!ecdsa_doit[testnum]) - continue; /* Ignore Curve */ - for (i = 0; i < loopargs_len; i++) { - loopargs[i].ecdsa[testnum] = - EC_KEY_new_by_curve_name(ec_curves[testnum].nid); - if (loopargs[i].ecdsa[testnum] == NULL) { + continue; + + st = (ecdsa_key = get_ecdsa(&ec_curves[testnum])) != NULL; + + for (i = 0; st && i < loopargs_len; i++) { + loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key, + NULL); + loopargs[i].sigsize = loopargs[i].buflen; + if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL + || EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0 + + || EVP_PKEY_sign(loopargs[i].ecdsa_sign_ctx[testnum], + loopargs[i].buf2, + &loopargs[i].sigsize, + loopargs[i].buf, 20) <= 0) st = 0; - break; - } } - if (st == 0) { - BIO_printf(bio_err, "ECDSA failure.\n"); + if (!st) { + BIO_printf(bio_err, + "ECDSA sign setup failure. No ECDSA sign will be done.\n"); ERR_print_errors(bio_err); op_count = 1; } else { - for (i = 0; i < loopargs_len; i++) { - /* Perform ECDSA signature test */ - EC_KEY_generate_key(loopargs[i].ecdsa[testnum]); - st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2, - &loopargs[i].siglen, - loopargs[i].ecdsa[testnum]); - if (st == 0) - break; - } - if (st == 0) { - BIO_printf(bio_err, - "ECDSA sign failure. No ECDSA sign will be done.\n"); - ERR_print_errors(bio_err); - op_count = 1; - } else { - pkey_print_message("sign", "ecdsa", - ecdsa_c[testnum][0], - ec_curves[testnum].bits, seconds.ecdsa); - Time_F(START); - count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs); - d = Time_F(STOP); - - BIO_printf(bio_err, - mr ? "+R5:%ld:%u:%.2f\n" : - "%ld %u bits ECDSA signs in %.2fs \n", - count, ec_curves[testnum].bits, d); - ecdsa_results[testnum][0] = (double)count / d; - op_count = count; - } + pkey_print_message("sign", "ecdsa", + ecdsa_c[testnum][0], ec_curves[testnum].bits, + seconds.ecdsa); + Time_F(START); + count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs); + d = Time_F(STOP); + BIO_printf(bio_err, + mr ? "+R5:%ld:%u:%.2f\n" + : "%ld %u bits ECDSA signs in %.2fs\n", + count, ec_curves[testnum].bits, d); + ecdsa_results[testnum][0] = (double)count / d; + op_count = count; + } - /* Perform ECDSA verification test */ - for (i = 0; i < loopargs_len; i++) { - st = ECDSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2, - loopargs[i].siglen, - loopargs[i].ecdsa[testnum]); - if (st != 1) - break; - } - if (st != 1) { - BIO_printf(bio_err, - "ECDSA verify failure. No ECDSA verify will be done.\n"); - ERR_print_errors(bio_err); - ecdsa_doit[testnum] = 0; - } else { - pkey_print_message("verify", "ecdsa", - ecdsa_c[testnum][1], - ec_curves[testnum].bits, seconds.ecdsa); - Time_F(START); - count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs); - d = Time_F(STOP); - BIO_printf(bio_err, - mr ? "+R6:%ld:%u:%.2f\n" - : "%ld %u bits ECDSA verify in %.2fs\n", - count, ec_curves[testnum].bits, d); - ecdsa_results[testnum][1] = (double)count / d; - } + for (i = 0; st && i < loopargs_len; i++) { + loopargs[i].ecdsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key, + NULL); + if (loopargs[i].ecdsa_verify_ctx[testnum] == NULL + || EVP_PKEY_verify_init(loopargs[i].ecdsa_verify_ctx[testnum]) <= 0 + || EVP_PKEY_verify(loopargs[i].ecdsa_verify_ctx[testnum], + loopargs[i].buf2, + loopargs[i].sigsize, + loopargs[i].buf, 20) <= 0) + st = 0; + } + if (!st) { + BIO_printf(bio_err, + "ECDSA verify setup failure. No ECDSA verify will be done.\n"); + ERR_print_errors(bio_err); + ecdsa_doit[testnum] = 0; + } else { + pkey_print_message("verify", "ecdsa", + ecdsa_c[testnum][1], ec_curves[testnum].bits, + seconds.ecdsa); + Time_F(START); + count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs); + d = Time_F(STOP); + BIO_printf(bio_err, + mr ? "+R6:%ld:%u:%.2f\n" + : "%ld %u bits ECDSA verify in %.2fs\n", + count, ec_curves[testnum].bits, d); + ecdsa_results[testnum][1] = (double)count / d; + } - if (op_count <= 1) { - /* if longer than 10s, don't do any more */ - stop_it(ecdsa_doit, testnum); - } + if (op_count <= 1) { + /* if longer than 10s, don't do any more */ + stop_it(ecdsa_doit, testnum); } } -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ for (testnum = 0; testnum < EC_NUM; testnum++) { int ecdh_checks = 1; @@ -3281,7 +2586,6 @@ int speed_main(int argc, char **argv) continue; for (i = 0; i < loopargs_len; i++) { - EVP_PKEY_CTX *kctx = NULL; EVP_PKEY_CTX *test_ctx = NULL; EVP_PKEY_CTX *ctx = NULL; EVP_PKEY *key_A = NULL; @@ -3289,83 +2593,14 @@ int speed_main(int argc, char **argv) size_t outlen; size_t test_outlen; - /* Ensure that the error queue is empty */ - if (ERR_peek_error()) { - BIO_printf(bio_err, - "WARNING: the error queue contains previous unhandled errors.\n"); - ERR_print_errors(bio_err); - } - - /* Let's try to create a ctx directly from the NID: this works for - * curves like Curve25519 that are not implemented through the low - * level EC interface. - * If this fails we try creating a EVP_PKEY_EC generic param ctx, - * then we set the curve by NID before deriving the actual keygen - * ctx for that specific curve. */ - kctx = EVP_PKEY_CTX_new_id(ec_curves[testnum].nid, NULL); /* keygen ctx from NID */ - if (!kctx) { - EVP_PKEY_CTX *pctx = NULL; - EVP_PKEY *params = NULL; - - /* If we reach this code EVP_PKEY_CTX_new_id() failed and a - * "int_ctx_new:unsupported algorithm" error was added to the - * error queue. - * We remove it from the error queue as we are handling it. */ - unsigned long error = ERR_peek_error(); /* peek the latest error in the queue */ - if (error == ERR_peek_last_error() && /* oldest and latest errors match */ - /* check that the error origin matches */ - ERR_GET_LIB(error) == ERR_LIB_EVP && - ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM) - ERR_get_error(); /* pop error from queue */ - if (ERR_peek_error()) { - BIO_printf(bio_err, - "Unhandled error in the error queue during ECDH init.\n"); - ERR_print_errors(bio_err); - op_count = 1; - break; - } - - /* Create the context for parameter generation */ - if (!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) || - /* Initialise the parameter generation */ - !EVP_PKEY_paramgen_init(pctx) || - /* Set the curve by NID */ - !EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, - ec_curves - [testnum].nid) || - /* Create the parameter object params */ - !EVP_PKEY_paramgen(pctx, ¶ms)) { - ecdh_checks = 0; - BIO_printf(bio_err, "ECDH EC params init failure.\n"); - ERR_print_errors(bio_err); - op_count = 1; - break; - } - /* Create the context for the key generation */ - kctx = EVP_PKEY_CTX_new(params, NULL); - - EVP_PKEY_free(params); - params = NULL; - EVP_PKEY_CTX_free(pctx); - pctx = NULL; - } - if (kctx == NULL || /* keygen ctx is not null */ - EVP_PKEY_keygen_init(kctx) <= 0/* init keygen ctx */ ) { - ecdh_checks = 0; - BIO_printf(bio_err, "ECDH keygen failure.\n"); - ERR_print_errors(bio_err); - op_count = 1; - break; - } - - if (EVP_PKEY_keygen(kctx, &key_A) <= 0 || /* generate secret key A */ - EVP_PKEY_keygen(kctx, &key_B) <= 0 || /* generate secret key B */ - !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */ - EVP_PKEY_derive_init(ctx) <= 0 || /* init derivation ctx */ - EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 || /* set peer pubkey in ctx */ - EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 || /* determine max length */ - outlen == 0 || /* ensure outlen is a valid size */ - outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) { + if ((key_A = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key A */ + || (key_B = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key B */ + || (ctx = EVP_PKEY_CTX_new(key_A, NULL)) == NULL /* derivation ctx from skeyA */ + || EVP_PKEY_derive_init(ctx) <= 0 /* init derivation ctx */ + || EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 /* set peer pubkey in ctx */ + || EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 /* determine max length */ + || outlen == 0 /* ensure outlen is a valid size */ + || outlen > MAX_ECDH_SIZE /* avoid buffer overflow */) { ecdh_checks = 0; BIO_printf(bio_err, "ECDH key generation failure.\n"); ERR_print_errors(bio_err); @@ -3373,17 +2608,19 @@ int speed_main(int argc, char **argv) break; } - /* Here we perform a test run, comparing the output of a*B and b*A; + /* + * Here we perform a test run, comparing the output of a*B and b*A; * we try this here and assume that further EVP_PKEY_derive calls * never fail, so we can skip checks in the actually benchmarked - * code, for maximum performance. */ - if (!(test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) || /* test ctx from skeyB */ - !EVP_PKEY_derive_init(test_ctx) || /* init derivation test_ctx */ - !EVP_PKEY_derive_set_peer(test_ctx, key_A) || /* set peer pubkey in test_ctx */ - !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) || /* determine max length */ - !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) || /* compute a*B */ - !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) || /* compute b*A */ - test_outlen != outlen /* compare output length */ ) { + * code, for maximum performance. + */ + if ((test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) == NULL /* test ctx from skeyB */ + || !EVP_PKEY_derive_init(test_ctx) /* init derivation test_ctx */ + || !EVP_PKEY_derive_set_peer(test_ctx, key_A) /* set peer pubkey in test_ctx */ + || !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) /* determine max length */ + || !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) /* compute a*B */ + || !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) /* compute b*A */ + || test_outlen != outlen /* compare output length */) { ecdh_checks = 0; BIO_printf(bio_err, "ECDH computation failure.\n"); ERR_print_errors(bio_err); @@ -3406,8 +2643,6 @@ int speed_main(int argc, char **argv) EVP_PKEY_free(key_A); EVP_PKEY_free(key_B); - EVP_PKEY_CTX_free(kctx); - kctx = NULL; EVP_PKEY_CTX_free(test_ctx); test_ctx = NULL; } @@ -3452,8 +2687,8 @@ int speed_main(int argc, char **argv) break; } - if ((ed_pctx = EVP_PKEY_CTX_new_id(ed_curves[testnum].nid, NULL)) - == NULL + if ((ed_pctx = EVP_PKEY_CTX_new_id(ed_curves[testnum].nid, + NULL)) == NULL || EVP_PKEY_keygen_init(ed_pctx) <= 0 || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) { st = 0; @@ -3468,8 +2703,8 @@ int speed_main(int argc, char **argv) EVP_PKEY_free(ed_pkey); break; } - if (!EVP_DigestVerifyInit(loopargs[i].eddsa_ctx2[testnum], NULL, - NULL, NULL, ed_pkey)) { + if (!EVP_DigestVerifyInit(loopargs[i].eddsa_ctx2[testnum], NULL, + NULL, NULL, ed_pkey)) { st = 0; EVP_PKEY_free(ed_pkey); break; @@ -3548,7 +2783,7 @@ int speed_main(int argc, char **argv) } } -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 for (testnum = 0; testnum < SM2_NUM; testnum++) { int st = 1; EVP_PKEY *sm2_pkey = NULL; @@ -3582,7 +2817,7 @@ int speed_main(int argc, char **argv) st = 0; /* set back to zero */ /* attach it sooner to rely on main final cleanup */ loopargs[i].sm2_pkey[testnum] = sm2_pkey; - loopargs[i].sigsize = EVP_PKEY_size(sm2_pkey); + loopargs[i].sigsize = EVP_PKEY_get_size(sm2_pkey); sm2_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL); sm2_vfy_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL); @@ -3681,8 +2916,7 @@ int speed_main(int argc, char **argv) } } } -# endif /* OPENSSL_NO_SM2 */ -#endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_SM2 */ #ifndef OPENSSL_NO_DH for (testnum = 0; testnum < FFDH_NUM; testnum++) { @@ -3758,11 +2992,13 @@ int speed_main(int argc, char **argv) EVP_PKEY_CTX_free(ffdh_ctx); - /* check if the derivation works correctly both ways so that + /* + * check if the derivation works correctly both ways so that * we know if future derive calls will fail, and we can skip - * error checking in benchmarked code */ + * error checking in benchmarked code + */ ffdh_ctx = EVP_PKEY_CTX_new(pkey_A, NULL); - if (!ffdh_ctx) { + if (ffdh_ctx == NULL) { BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n"); ERR_print_errors(bio_err); op_count = 1; @@ -3857,7 +3093,7 @@ int speed_main(int argc, char **argv) ffdh_params[testnum].bits, d); ffdh_results[testnum][0] = (double)count / d; op_count = count; - }; + } if (op_count <= 1) { /* if longer than 10s, don't do any more */ stop_it(ffdh_doit, testnum); @@ -3869,37 +3105,17 @@ int speed_main(int argc, char **argv) #endif if (!mr) { printf("version: %s\n", OpenSSL_version(OPENSSL_FULL_VERSION_STRING)); - printf("built on: %s\n", OpenSSL_version(OPENSSL_BUILT_ON)); - printf("options:"); - printf("%s ", BN_options()); -#if !defined(OPENSSL_NO_MD2) && !defined(OPENSSL_NO_DEPRECATED_3_0) - printf("%s ", MD2_options()); -#endif -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_DEPRECATED_3_0) - printf("%s ", RC4_options()); -#endif -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) - printf("%s ", DES_options()); -#endif -#ifndef OPENSSL_NO_DEPRECATED_3_0 - printf("%s ", AES_options()); -#endif -#if !defined(OPENSSL_NO_IDEA) && !defined(OPENSSL_NO_DEPRECATED_3_0) - printf("%s ", IDEA_options()); -#endif -#if !defined(OPENSSL_NO_BF) && !defined(OPENSSL_NO_DEPRECATED_3_0) - printf("%s ", BF_options()); -#endif - printf("\n%s\n", OpenSSL_version(OPENSSL_CFLAGS)); + printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON)); + printf("options: %s\n", BN_options()); + printf("%s\n", OpenSSL_version(OPENSSL_CFLAGS)); printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO)); } if (pr_header) { - if (mr) + if (mr) { printf("+H"); - else { - printf - ("The 'numbers' are in 1000s of bytes per second processed.\n"); + } else { + printf("The 'numbers' are in 1000s of bytes per second processed.\n"); printf("type "); } for (testnum = 0; testnum < size_num; testnum++) @@ -3922,7 +3138,6 @@ int speed_main(int argc, char **argv) } printf("\n"); } -#ifndef OPENSSL_NO_DEPRECATED_3_0 testnum = 1; for (k = 0; k < RSA_NUM; k++) { if (!rsa_doit[k]) @@ -3939,8 +3154,6 @@ int speed_main(int argc, char **argv) rsa_keys[k].bits, 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1], rsa_results[k][0], rsa_results[k][1]); } -#endif -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) testnum = 1; for (k = 0; k < DSA_NUM; k++) { if (!dsa_doit[k]) @@ -3957,8 +3170,6 @@ int speed_main(int argc, char **argv) dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1], dsa_results[k][0], dsa_results[k][1]); } -#endif -#ifndef OPENSSL_NO_EC testnum = 1; for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) { if (!ecdsa_doit[k]) @@ -4018,7 +3229,7 @@ int speed_main(int argc, char **argv) eddsa_results[k][0], eddsa_results[k][1]); } -# ifndef OPENSSL_NO_SM2 +#ifndef OPENSSL_NO_SM2 testnum = 1; for (k = 0; k < OSSL_NELEM(sm2_doit); k++) { if (!sm2_doit[k]) @@ -4038,8 +3249,7 @@ int speed_main(int argc, char **argv) 1.0 / sm2_results[k][0], 1.0 / sm2_results[k][1], sm2_results[k][0], sm2_results[k][1]); } -# endif -#endif /* OPENSSL_NO_EC */ +#endif #ifndef OPENSSL_NO_DH testnum = 1; for (k = 0; k < FFDH_NUM; k++) { @@ -4069,60 +3279,55 @@ int speed_main(int argc, char **argv) OPENSSL_free(loopargs[i].buf_malloc); OPENSSL_free(loopargs[i].buf2_malloc); -#ifndef OPENSSL_NO_DEPRECATED_3_0 - for (k = 0; k < RSA_NUM; k++) - RSA_free(loopargs[i].rsa_key[k]); -#endif + BN_free(bn); + EVP_PKEY_CTX_free(genctx); + for (k = 0; k < RSA_NUM; k++) { + EVP_PKEY_CTX_free(loopargs[i].rsa_sign_ctx[k]); + EVP_PKEY_CTX_free(loopargs[i].rsa_verify_ctx[k]); + } #ifndef OPENSSL_NO_DH OPENSSL_free(loopargs[i].secret_ff_a); OPENSSL_free(loopargs[i].secret_ff_b); - for (k = 0; k < FFDH_NUM; k++) { + for (k = 0; k < FFDH_NUM; k++) EVP_PKEY_CTX_free(loopargs[i].ffdh_ctx[k]); - } #endif -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) - for (k = 0; k < DSA_NUM; k++) - DSA_free(loopargs[i].dsa_key[k]); -#endif -#ifndef OPENSSL_NO_EC -# if !defined(OPENSSL_NO_DEPRECATED_3_0) - for (k = 0; k < ECDSA_NUM; k++) - EC_KEY_free(loopargs[i].ecdsa[k]); -# endif + for (k = 0; k < DSA_NUM; k++) { + EVP_PKEY_CTX_free(loopargs[i].dsa_sign_ctx[k]); + EVP_PKEY_CTX_free(loopargs[i].dsa_verify_ctx[k]); + } + for (k = 0; k < ECDSA_NUM; k++) { + EVP_PKEY_CTX_free(loopargs[i].ecdsa_sign_ctx[k]); + EVP_PKEY_CTX_free(loopargs[i].ecdsa_verify_ctx[k]); + } for (k = 0; k < EC_NUM; k++) EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]); for (k = 0; k < EdDSA_NUM; k++) { EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]); EVP_MD_CTX_free(loopargs[i].eddsa_ctx2[k]); - } -# ifndef OPENSSL_NO_SM2 + } +#ifndef OPENSSL_NO_SM2 for (k = 0; k < SM2_NUM; k++) { EVP_PKEY_CTX *pctx = NULL; /* free signing ctx */ if (loopargs[i].sm2_ctx[k] != NULL - && (pctx = EVP_MD_CTX_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL) + && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL) EVP_PKEY_CTX_free(pctx); EVP_MD_CTX_free(loopargs[i].sm2_ctx[k]); /* free verification ctx */ if (loopargs[i].sm2_vfy_ctx[k] != NULL - && (pctx = EVP_MD_CTX_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL) + && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL) EVP_PKEY_CTX_free(pctx); EVP_MD_CTX_free(loopargs[i].sm2_vfy_ctx[k]); /* free pkey */ EVP_PKEY_free(loopargs[i].sm2_pkey[k]); } -# endif +#endif OPENSSL_free(loopargs[i].secret_a); OPENSSL_free(loopargs[i].secret_b); -#endif } -#ifndef OPENSSL_NO_DEPRECATED_3_0 OPENSSL_free(evp_hmac_name); -#endif -#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_DEPRECATED_3_0) OPENSSL_free(evp_cmac_name); -#endif if (async_jobs > 0) { for (i = 0; i < loopargs_len; i++) @@ -4134,59 +3339,37 @@ int speed_main(int argc, char **argv) } OPENSSL_free(loopargs); release_engine(e); - if (fetched_alg) { - EVP_MD_free(evp_md); - EVP_CIPHER_free(evp_cipher); - } + EVP_CIPHER_free(evp_cipher); + EVP_MAC_free(mac); return ret; } static void print_message(const char *s, long num, int length, int tm) { -#ifdef SIGALRM BIO_printf(bio_err, mr ? "+DT:%s:%d:%d\n" : "Doing %s for %ds on %d size blocks: ", s, tm, length); (void)BIO_flush(bio_err); run = 1; alarm(tm); -#else - BIO_printf(bio_err, - mr ? "+DN:%s:%ld:%d\n" - : "Doing %s %ld times on %d size blocks: ", s, num, length); - (void)BIO_flush(bio_err); -#endif } -#if !defined(OPENSSL_NO_DEPRECATED_3_0) \ - || !defined(OPENSSL_NO_DSA) \ - || !defined(OPENSSL_NO_DH) \ - || !defined(OPENSSL_NO_EC) static void pkey_print_message(const char *str, const char *str2, long num, unsigned int bits, int tm) { -# ifdef SIGALRM BIO_printf(bio_err, mr ? "+DTP:%d:%s:%s:%d\n" : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm); (void)BIO_flush(bio_err); run = 1; alarm(tm); -# else - BIO_printf(bio_err, - mr ? "+DNP:%ld:%d:%s:%s\n" - : "Doing %ld %u bits %s %s's: ", num, bits, str, str2); - (void)BIO_flush(bio_err); -# endif } -#endif static void print_result(int alg, int run_no, int count, double time_used) { if (count == -1) { BIO_printf(bio_err, "%s error!\n", names[alg]); ERR_print_errors(bio_err); - /* exit(1); disable exit until default provider enabled */ return; } BIO_printf(bio_err, @@ -4212,9 +3395,8 @@ static char *sstrsep(char **string, const char *delim) delim++; } - while (!isdelim[(unsigned char)(**string)]) { + while (!isdelim[(unsigned char)(**string)]) (*string)++; - } if (**string) { **string = 0; @@ -4276,22 +3458,19 @@ static int do_multi(int multi, int size_num) continue; } printf("Got: %s from %d\n", buf, n); - if (strncmp(buf, "+F:", 3) == 0) { + p = buf; + if (CHECK_AND_SKIP_PREFIX(p, "+F:")) { int alg; int j; - p = buf + 3; alg = atoi(sstrsep(&p, sep)); sstrsep(&p, sep); for (j = 0; j < size_num; ++j) results[alg][j] += atof(sstrsep(&p, sep)); - } -#ifndef OPENSSL_NO_DEPRECATED_3_0 - else if (strncmp(buf, "+F2:", 4) == 0) { + } else if (CHECK_AND_SKIP_PREFIX(p, "+F2:")) { int k; double d; - p = buf + 4; k = atoi(sstrsep(&p, sep)); sstrsep(&p, sep); @@ -4300,14 +3479,10 @@ static int do_multi(int multi, int size_num) d = atof(sstrsep(&p, sep)); rsa_results[k][1] += d; - } -#endif -#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) - else if (strncmp(buf, "+F3:", 4) == 0) { + } else if (CHECK_AND_SKIP_PREFIX(p, "+F3:")) { int k; double d; - p = buf + 4; k = atoi(sstrsep(&p, sep)); sstrsep(&p, sep); @@ -4316,14 +3491,10 @@ static int do_multi(int multi, int size_num) d = atof(sstrsep(&p, sep)); dsa_results[k][1] += d; - } -# endif -# ifndef OPENSSL_NO_EC - else if (strncmp(buf, "+F4:", 4) == 0) { + } else if (CHECK_AND_SKIP_PREFIX(p, "+F4:")) { int k; double d; - p = buf + 4; k = atoi(sstrsep(&p, sep)); sstrsep(&p, sep); @@ -4332,21 +3503,19 @@ static int do_multi(int multi, int size_num) d = atof(sstrsep(&p, sep)); ecdsa_results[k][1] += d; - } else if (strncmp(buf, "+F5:", 4) == 0) { + } else if (CHECK_AND_SKIP_PREFIX(p, "+F5:")) { int k; double d; - p = buf + 4; k = atoi(sstrsep(&p, sep)); sstrsep(&p, sep); d = atof(sstrsep(&p, sep)); ecdh_results[k][0] += d; - } else if (strncmp(buf, "+F6:", 4) == 0) { + } else if (CHECK_AND_SKIP_PREFIX(p, "+F6:")) { int k; double d; - p = buf + 4; k = atoi(sstrsep(&p, sep)); sstrsep(&p, sep); sstrsep(&p, sep); @@ -4356,13 +3525,11 @@ static int do_multi(int multi, int size_num) d = atof(sstrsep(&p, sep)); eddsa_results[k][1] += d; - } -# ifndef OPENSSL_NO_SM2 - else if (strncmp(buf, "+F7:", 4) == 0) { +# ifndef OPENSSL_NO_SM2 + } else if (CHECK_AND_SKIP_PREFIX(p, "+F7:")) { int k; double d; - p = buf + 4; k = atoi(sstrsep(&p, sep)); sstrsep(&p, sep); sstrsep(&p, sep); @@ -4372,28 +3539,22 @@ static int do_multi(int multi, int size_num) d = atof(sstrsep(&p, sep)); sm2_results[k][1] += d; - } -# endif /* OPENSSL_NO_SM2 */ -# endif /* OPENSSL_NO_EC */ +# endif /* OPENSSL_NO_SM2 */ # ifndef OPENSSL_NO_DH - else if (strncmp(buf, "+F8:", 4) == 0) { + } else if (CHECK_AND_SKIP_PREFIX(p, "+F8:")) { int k; double d; - p = buf + 4; k = atoi(sstrsep(&p, sep)); sstrsep(&p, sep); d = atof(sstrsep(&p, sep)); ffdh_results[k][0] += d; - } # endif /* OPENSSL_NO_DH */ - - else if (strncmp(buf, "+H:", 3) == 0) { - ; - } else + } else if (!HAS_PREFIX(buf, "+H:")) { BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf, n); + } } fclose(f); @@ -4411,8 +3572,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, const int *mblengths = mblengths_list; int j, count, keylen, num = OSSL_NELEM(mblengths_list); const char *alg_name; - unsigned char *inp, *out, *key, no_key[32], no_iv[16]; - EVP_CIPHER_CTX *ctx; + unsigned char *inp = NULL, *out = NULL, *key, no_key[32], no_iv[16]; + EVP_CIPHER_CTX *ctx = NULL; double d = 0.0; if (lengths_single) { @@ -4422,17 +3583,27 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, inp = app_malloc(mblengths[num - 1], "multiblock input buffer"); out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer"); - ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv); + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + app_bail_out("failed to allocate cipher context\n"); + if (!EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv)) + app_bail_out("failed to initialise cipher context\n"); - keylen = EVP_CIPHER_CTX_key_length(ctx); + if ((keylen = EVP_CIPHER_CTX_get_key_length(ctx)) < 0) { + BIO_printf(bio_err, "Impossible negative key length: %d\n", keylen); + goto err; + } key = app_malloc(keylen, "evp_cipher key"); - EVP_CIPHER_CTX_rand_key(ctx, key); - EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL); + if (!EVP_CIPHER_CTX_rand_key(ctx, key)) + app_bail_out("failed to generate random cipher key\n"); + if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL)) + app_bail_out("failed to set cipher key\n"); OPENSSL_clear_free(key, keylen); - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), no_key); - alg_name = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)); + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, + sizeof(no_key), no_key)) + app_bail_out("failed to set AEAD key\n"); + if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL) + app_bail_out("failed to get cipher name\n"); for (j = 0; j < num; j++) { print_message(alg_name, 0, mblengths[j], seconds->sym); @@ -4461,8 +3632,9 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, mb_param.out = out; mb_param.inp = inp; mb_param.len = len; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, - sizeof(mb_param), &mb_param); + (void)EVP_CIPHER_CTX_ctrl(ctx, + EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, + sizeof(mb_param), &mb_param); } else { int pad; @@ -4508,6 +3680,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, fprintf(stdout, "\n"); } + err: OPENSSL_free(inp); OPENSSL_free(out); EVP_CIPHER_CTX_free(ctx);