Print CA names in s_server, add -requestCAfile to s_client

[openssl.git] / apps / speed.c
diff --git a/apps/speed.c b/apps/speed.c

index 68e232a94c97200490485f84fc7cd37079b10fb3..50522ae25a75debec763f57dd7cc5c5838acb62c 100644 (file)
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1214,7 +1214,7 @@ int speed_main(int argc, char **argv)
  #ifndef NO_FORK
      int multi = 0;
  #endif
-    int async_jobs = 0;
+    unsigned int async_jobs = 0;
  #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \
      || !defined(OPENSSL_NO_EC)
      long rsa_count = 1;
@@ -1393,6 +1393,12 @@ int speed_main(int argc, char **argv)
                             prog);
                  goto opterr;
              }
+            if (async_jobs > 99999) {
+                BIO_printf(bio_err,
+                           "%s: too many async_jobs\n",
+                           prog);
+                goto opterr;
+            }
  #endif
              break;
          case OPT_MISALIGN:
@@ -2274,7 +2280,6 @@ int speed_main(int argc, char **argv)
  #endif
  
      if (doit[D_EVP]) {
-#ifdef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
          if (multiblock && evp_cipher) {
              if (!
                  (EVP_CIPHER_flags(evp_cipher) &
@@ -2291,7 +2296,6 @@ int speed_main(int argc, char **argv)
              ret = 0;
              goto end;
          }
-#endif
          for (testnum = 0; testnum < SIZE_NUM; testnum++) {
              if (evp_cipher) {
  
@@ -2362,7 +2366,7 @@ int speed_main(int argc, char **argv)
                         mr ? "+R1:%ld:%d:%.2f\n"
                         : "%ld %d bit private RSA's in %.2fs\n",
                         count, rsa_bits[testnum], d);
-            rsa_results[testnum][0] = d / (double)count;
+            rsa_results[testnum][0] = (double)count / d;
              rsa_count = count;
          }
  
@@ -2388,7 +2392,7 @@ int speed_main(int argc, char **argv)
                         mr ? "+R2:%ld:%d:%.2f\n"
                         : "%ld %d bit public RSA's in %.2fs\n",
                         count, rsa_bits[testnum], d);
-            rsa_results[testnum][1] = d / (double)count;
+            rsa_results[testnum][1] = (double)count / d;
          }
  
          if (rsa_count <= 1) {
@@ -2435,7 +2439,7 @@ int speed_main(int argc, char **argv)
                         mr ? "+R3:%ld:%d:%.2f\n"
                         : "%ld %d bit DSA signs in %.2fs\n",
                         count, dsa_bits[testnum], d);
-            dsa_results[testnum][0] = d / (double)count;
+            dsa_results[testnum][0] = (double)count / d;
              rsa_count = count;
          }
  
@@ -2461,7 +2465,7 @@ int speed_main(int argc, char **argv)
                         mr ? "+R4:%ld:%d:%.2f\n"
                         : "%ld %d bit DSA verify in %.2fs\n",
                         count, dsa_bits[testnum], d);
-            dsa_results[testnum][1] = d / (double)count;
+            dsa_results[testnum][1] = (double)count / d;
          }
  
          if (rsa_count <= 1) {
@@ -2521,7 +2525,7 @@ int speed_main(int argc, char **argv)
                             mr ? "+R5:%ld:%d:%.2f\n" :
                             "%ld %d bit ECDSA signs in %.2fs \n",
                             count, test_curves_bits[testnum], d);
-                ecdsa_results[testnum][0] = d / (double)count;
+                ecdsa_results[testnum][0] = (double)count / d;
                  rsa_count = count;
              }
  
@@ -2549,7 +2553,7 @@ int speed_main(int argc, char **argv)
                             mr ? "+R6:%ld:%d:%.2f\n"
                             : "%ld %d bit ECDSA verify in %.2fs\n",
                             count, test_curves_bits[testnum], d);
-                ecdsa_results[testnum][1] = d / (double)count;
+                ecdsa_results[testnum][1] = (double)count / d;
              }
  
              if (rsa_count <= 1) {
@@ -2578,12 +2582,43 @@ int speed_main(int argc, char **argv)
              size_t outlen;
              size_t test_outlen;
  
-            if (testnum == R_EC_X25519) {
-                kctx = EVP_PKEY_CTX_new_id(test_curves[testnum], NULL); /* keygen ctx from NID */
-            } else {
+            /* Ensure that the error queue is empty */
+            if (ERR_peek_error()) {
+                BIO_printf(bio_err,
+                           "WARNING: the error queue contains previous unhandled errors.\n");
+                ERR_print_errors(bio_err);
+            }
+
+            /* Let's try to create a ctx directly from the NID: this works for
+             * curves like Curve25519 that are not implemented through the low
+             * level EC interface.
+             * If this fails we try creating a EVP_PKEY_EC generic param ctx,
+             * then we set the curve by NID before deriving the actual keygen
+             * ctx for that specific curve. */
+            kctx = EVP_PKEY_CTX_new_id(test_curves[testnum], NULL); /* keygen ctx from NID */
+            if (!kctx) {
                  EVP_PKEY_CTX *pctx = NULL;
                  EVP_PKEY *params = NULL;
  
+                /* If we reach this code EVP_PKEY_CTX_new_id() failed and a
+                 * "int_ctx_new:unsupported algorithm" error was added to the
+                 * error queue.
+                 * We remove it from the error queue as we are handling it. */
+                unsigned long error = ERR_peek_error(); /* peek the latest error in the queue */
+                if (error == ERR_peek_last_error() && /* oldest and latest errors match */
+                    /* check that the error origin matches */
+                    ERR_GET_LIB(error) == ERR_LIB_EVP &&
+                    ERR_GET_FUNC(error) == EVP_F_INT_CTX_NEW &&
+                    ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM)
+                    ERR_get_error(); /* pop error from queue */
+                if (ERR_peek_error()) {
+                    BIO_printf(bio_err,
+                               "Unhandled error in the error queue during ECDH init.\n");
+                    ERR_print_errors(bio_err);
+                    rsa_count = 1;
+                    break;
+                }
+
                  if (            /* Create the context for parameter generation */
                         !(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) ||
                         /* Initialise the parameter generation */
@@ -2595,7 +2630,7 @@ int speed_main(int argc, char **argv)
                         /* Create the parameter object params */
                         !EVP_PKEY_paramgen(pctx, &params)) {
                      ecdh_checks = 0;
-                    BIO_printf(bio_err, "ECDH init failure.\n");
+                    BIO_printf(bio_err, "ECDH EC params init failure.\n");
                      ERR_print_errors(bio_err);
                      rsa_count = 1;
                      break;
@@ -2680,7 +2715,7 @@ int speed_main(int argc, char **argv)
                         mr ? "+R7:%ld:%d:%.2f\n" :
                         "%ld %d-bit ECDH ops in %.2fs\n", count,
                         test_curves_bits[testnum], d);
-            ecdh_results[testnum][0] = d / (double)count;
+            ecdh_results[testnum][0] = (double)count / d;
              rsa_count = count;
          }
  
@@ -2760,8 +2795,8 @@ int speed_main(int argc, char **argv)
                     k, rsa_bits[k], rsa_results[k][0], rsa_results[k][1]);
          else
              printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
-                   rsa_bits[k], rsa_results[k][0], rsa_results[k][1],
-                   1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1]);
+                   rsa_bits[k], 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1],
+                   rsa_results[k][0], rsa_results[k][1]);
      }
  #endif
  #ifndef OPENSSL_NO_DSA
@@ -2778,8 +2813,8 @@ int speed_main(int argc, char **argv)
                     k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
          else
              printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
-                   dsa_bits[k], dsa_results[k][0], dsa_results[k][1],
-                   1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]);
+                   dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
+                   dsa_results[k][0], dsa_results[k][1]);
      }
  #endif
  #ifndef OPENSSL_NO_EC
@@ -2800,8 +2835,8 @@ int speed_main(int argc, char **argv)
              printf("%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
                     test_curves_bits[k],
                     test_curves_names[k],
-                   ecdsa_results[k][0], ecdsa_results[k][1],
-                   1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]);
+                   1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
+                   ecdsa_results[k][0], ecdsa_results[k][1]);
      }
  
      testnum = 1;
@@ -2821,7 +2856,7 @@ int speed_main(int argc, char **argv)
              printf("%4u bit ecdh (%s) %8.4fs %8.1f\n",
                     test_curves_bits[k],
                     test_curves_names[k],
-                   ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
+                   1.0 / ecdh_results[k][0], ecdh_results[k][0]);
      }
  #endif
  
@@ -3008,16 +3043,10 @@ static int do_multi(int multi)
                  sstrsep(&p, sep);
  
                  d = atof(sstrsep(&p, sep));
-                if (n)
-                    rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d);
-                else
-                    rsa_results[k][0] = d;
+                rsa_results[k][0] += d;
  
                  d = atof(sstrsep(&p, sep));
-                if (n)
-                    rsa_results[k][1] = 1 / (1 / rsa_results[k][1] + 1 / d);
-                else
-                    rsa_results[k][1] = d;
+                rsa_results[k][1] += d;
              }
  # ifndef OPENSSL_NO_DSA
              else if (strncmp(buf, "+F3:", 4) == 0) {
@@ -3029,16 +3058,10 @@ static int do_multi(int multi)
                  sstrsep(&p, sep);
  
                  d = atof(sstrsep(&p, sep));
-                if (n)
-                    dsa_results[k][0] = 1 / (1 / dsa_results[k][0] + 1 / d);
-                else
-                    dsa_results[k][0] = d;
+                dsa_results[k][0] += d;
  
                  d = atof(sstrsep(&p, sep));
-                if (n)
-                    dsa_results[k][1] = 1 / (1 / dsa_results[k][1] + 1 / d);
-                else
-                    dsa_results[k][1] = d;
+                dsa_results[k][1] += d;
              }
  # endif
  # ifndef OPENSSL_NO_EC
@@ -3051,16 +3074,10 @@ static int do_multi(int multi)
                  sstrsep(&p, sep);
  
                  d = atof(sstrsep(&p, sep));
-                if (n)
-                    ecdsa_results[k][0] = 1 / (1 / ecdsa_results[k][0] + 1 / d);
-                else
-                    ecdsa_results[k][0] = d;
+                ecdsa_results[k][0] += d;
  
                  d = atof(sstrsep(&p, sep));
-                if (n)
-                    ecdsa_results[k][1] = 1 / (1 / ecdsa_results[k][1] + 1 / d);
-                else
-                    ecdsa_results[k][1] = d;
+                ecdsa_results[k][1] += d;
              } else if (strncmp(buf, "+F5:", 4) == 0) {
                  int k;
                  double d;
@@ -3070,11 +3087,7 @@ static int do_multi(int multi)
                  sstrsep(&p, sep);
  
                  d = atof(sstrsep(&p, sep));
-                if (n)
-                    ecdh_results[k][0] = 1 / (1 / ecdh_results[k][0] + 1 / d);
-                else
-                    ecdh_results[k][0] = d;
-
+                ecdh_results[k][0] += d;
              }
  # endif