X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fspeed.c;h=8f2aac5ccbcbbbd92bd74f079245501502fe0f68;hp=5697d3aef47a9c45c172b8b820d2be5c5b7daf0c;hb=63d740752f1997420d008f7fdf7c0aad2eff5901;hpb=c88f8f76b54d9d27f3c29645616d9ec427ee41c4 diff --git a/apps/speed.c b/apps/speed.c index 5697d3aef4..8f2aac5ccb 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -262,7 +262,8 @@ static int usertime=1; static double Time_F(int s); static void print_message(const char *s,long num,int length); -static void pkey_print_message(char *str,char *str2,long num,int bits,int sec); +static void pkey_print_message(const char *str, const char *str2, + long num, int bits, int sec); static void print_result(int alg,int run_no,int count,double time_used); #ifdef HAVE_FORK static int do_multi(int multi); @@ -448,11 +449,13 @@ static double Time_F(int s) static const int KDF1_SHA1_len = 20; -static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { #ifndef OPENSSL_NO_SHA - if (outlen != SHA_DIGEST_LENGTH) + if (*outlen < SHA_DIGEST_LENGTH) return NULL; + else + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); #else return NULL; @@ -493,9 +496,13 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_SHA unsigned char sha[SHA_DIGEST_LENGTH]; +#ifndef OPENSSL_NO_SHA256 unsigned char sha256[SHA256_DIGEST_LENGTH]; +#endif +#ifndef OPENSSL_NO_SHA512 unsigned char sha512[SHA512_DIGEST_LENGTH]; #endif +#endif #ifndef OPENSSL_NO_RIPEMD unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; #endif @@ -520,6 +527,7 @@ int MAIN(int argc, char **argv) static const unsigned char key16[16]= {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; +#ifndef OPENSSL_NO_AES static const unsigned char key24[24]= {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, @@ -529,6 +537,7 @@ int MAIN(int argc, char **argv) 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12, 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34, 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56}; +#endif #ifndef OPENSSL_NO_AES #define MAX_BLOCK_SIZE 128 #else @@ -638,7 +647,7 @@ int MAIN(int argc, char **argv) NID_sect409r1, NID_sect571r1 }; - static char * test_curves_names[EC_NUM] = + static const char * test_curves_names[EC_NUM] = { /* Prime Curves */ "secp160r1", @@ -669,19 +678,19 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_ECDSA - unsigned char ecdsasig[256]; - unsigned int ecdsasiglen; - EC_KEY *ecdsa[EC_NUM]; - long ecdsa_c[EC_NUM][2]; + unsigned char ecdsasig[256]; + unsigned int ecdsasiglen; + EC_KEY *ecdsa[EC_NUM]; + long ecdsa_c[EC_NUM][2]; #endif #ifndef OPENSSL_NO_ECDH - EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM]; - unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE]; - int secret_size_a, secret_size_b; - int ecdh_checks = 0; - int secret_idx = 0; - long ecdh_c[EC_NUM][2]; + EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM]; + unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE]; + int secret_size_a, secret_size_b; + int ecdh_checks = 0; + int secret_idx = 0; + long ecdh_c[EC_NUM][2]; #endif int rsa_doit[RSA_NUM]; @@ -875,11 +884,15 @@ int MAIN(int argc, char **argv) doit[D_SHA256]=1, doit[D_SHA512]=1; else +#ifndef OPENSSL_NO_SHA256 if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1; else +#endif +#ifndef OPENSSL_NO_SHA512 if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1; else #endif +#endif #ifndef OPENSSL_NO_RIPEMD if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1; else @@ -994,6 +1007,7 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_ECDSA if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2; + else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2; else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2; else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2; else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2; @@ -1017,6 +1031,7 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_ECDH if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2; + else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2; else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2; else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2; else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2; @@ -1059,8 +1074,12 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_SHA1 BIO_printf(bio_err,"sha1 "); - BIO_printf(bio_err,"sha256 "); - BIO_printf(bio_err,"sha512 "); +#endif +#ifndef OPENSSL_NO_SHA256 + BIO_printf(bio_err,"sha256 "); +#endif +#ifndef OPENSSL_NO_SHA512 + BIO_printf(bio_err,"sha512 "); #endif #ifndef OPENSSL_NO_RIPEMD160 BIO_printf(bio_err,"rmd160"); @@ -1106,13 +1125,13 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n"); #endif #ifndef OPENSSL_NO_ECDSA - BIO_printf(bio_err,"ecdsap160 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n"); + BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n"); BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n"); BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); BIO_printf(bio_err,"ecdsa\n"); #endif #ifndef OPENSSL_NO_ECDH - BIO_printf(bio_err,"ecdhp160 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n"); + BIO_printf(bio_err,"ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n"); BIO_printf(bio_err,"ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n"); BIO_printf(bio_err,"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); BIO_printf(bio_err,"ecdh\n"); @@ -1258,10 +1277,10 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"First we calculate the approximate speed ...\n"); count=10; do { - long i; + long it; count*=2; Time_F(START); - for (i=count; i; i--) + for (it=count; it; it--) DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock, &sch,DES_ENCRYPT); d=Time_F(STOP); @@ -1361,7 +1380,7 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ECDSA ecdsa_c[R_EC_P160][0]=count/1000; ecdsa_c[R_EC_P160][1]=count/1000/2; - for (i=R_EC_P224; i<=R_EC_P521; i++) + for (i=R_EC_P192; i<=R_EC_P521; i++) { ecdsa_c[i][0]=ecdsa_c[i-1][0]/2; ecdsa_c[i][1]=ecdsa_c[i-1][1]/2; @@ -1415,7 +1434,7 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ECDH ecdh_c[R_EC_P160][0]=count/1000; ecdh_c[R_EC_P160][1]=count/1000; - for (i=R_EC_P224; i<=R_EC_P521; i++) + for (i=R_EC_P192; i<=R_EC_P521; i++) { ecdh_c[i][0]=ecdh_c[i-1][0]/2; ecdh_c[i][1]=ecdh_c[i-1][1]/2; @@ -2035,7 +2054,7 @@ int MAIN(int argc, char **argv) int ret; if (!ecdsa_doit[j]) continue; /* Ignore Curve */ - ecdsa[j] = EC_KEY_new(); + ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]); if (ecdsa[j] == NULL) { BIO_printf(bio_err,"ECDSA failure.\n"); @@ -2044,100 +2063,89 @@ int MAIN(int argc, char **argv) } else { - ecdsa[j]->group = EC_GROUP_new_by_nid(test_curves[j]); - /* Could not obtain group information */ - if (ecdsa[j]->group == NULL) +#if 1 + EC_KEY_precompute_mult(ecdsa[j], NULL); +#endif + /* Perform ECDSA signature test */ + EC_KEY_generate_key(ecdsa[j]); + ret = ECDSA_sign(0, buf, 20, ecdsasig, + &ecdsasiglen, ecdsa[j]); + if (ret == 0) { - BIO_printf(bio_err,"ECDSA failure.Could not obtain group information\n"); + BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n"); ERR_print_errors(bio_err); rsa_count=1; } else { -#if 1 - EC_GROUP_precompute_mult(ecdsa[j]->group, NULL); -#endif - /* Perform ECDSA signature test */ - EC_KEY_generate_key(ecdsa[j]); - ret = ECDSA_sign(0, buf, 20, ecdsasig, - &ecdsasiglen, ecdsa[j]); - if (ret == 0) - { - BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n"); - ERR_print_errors(bio_err); - rsa_count=1; - } - else + pkey_print_message("sign","ecdsa", + ecdsa_c[j][0], + test_curves_bits[j], + ECDSA_SECONDS); + + Time_F(START); + for (count=0,run=1; COND(ecdsa_c[j][0]); + count++) { - pkey_print_message("sign","ecdsa", - ecdsa_c[j][0], - test_curves_bits[j], - ECDSA_SECONDS); - - Time_F(START); - for (count=0,run=1; COND(ecdsa_c[j][0]); - count++) + ret=ECDSA_sign(0, buf, 20, + ecdsasig, &ecdsasiglen, + ecdsa[j]); + if (ret == 0) { - ret=ECDSA_sign(0, buf, 20, - ecdsasig, &ecdsasiglen, - ecdsa[j]); - if (ret == 0) - { - BIO_printf(bio_err, "ECDSA sign failure\n"); - ERR_print_errors(bio_err); - count=1; - break; - } + BIO_printf(bio_err, "ECDSA sign failure\n"); + ERR_print_errors(bio_err); + count=1; + break; } - d=Time_F(STOP); - - BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" : - "%ld %d bit ECDSA signs in %.2fs \n", - count, test_curves_bits[j], d); - ecdsa_results[j][0]=d/(double)count; - rsa_count=count; } + d=Time_F(STOP); - /* Perform ECDSA verification test */ - ret=ECDSA_verify(0, buf, 20, ecdsasig, - ecdsasiglen, ecdsa[j]); - if (ret != 1) - { - BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n"); - ERR_print_errors(bio_err); - ecdsa_doit[j] = 0; - } - else + BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" : + "%ld %d bit ECDSA signs in %.2fs \n", + count, test_curves_bits[j], d); + ecdsa_results[j][0]=d/(double)count; + rsa_count=count; + } + + /* Perform ECDSA verification test */ + ret=ECDSA_verify(0, buf, 20, ecdsasig, + ecdsasiglen, ecdsa[j]); + if (ret != 1) + { + BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n"); + ERR_print_errors(bio_err); + ecdsa_doit[j] = 0; + } + else + { + pkey_print_message("verify","ecdsa", + ecdsa_c[j][1], + test_curves_bits[j], + ECDSA_SECONDS); + Time_F(START); + for (count=0,run=1; COND(ecdsa_c[j][1]); count++) { - pkey_print_message("verify","ecdsa", - ecdsa_c[j][1], - test_curves_bits[j], - ECDSA_SECONDS); - Time_F(START); - for (count=0,run=1; COND(ecdsa_c[j][1]); count++) + ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]); + if (ret != 1) { - ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]); - if (ret != 1) - { - BIO_printf(bio_err, "ECDSA verify failure\n"); - ERR_print_errors(bio_err); - count=1; - break; - } + BIO_printf(bio_err, "ECDSA verify failure\n"); + ERR_print_errors(bio_err); + count=1; + break; } - d=Time_F(STOP); - BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n" - : "%ld %d bit ECDSA verify in %.2fs\n", - count, test_curves_bits[j], d); - ecdsa_results[j][1]=d/(double)count; } + d=Time_F(STOP); + BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n" + : "%ld %d bit ECDSA verify in %.2fs\n", + count, test_curves_bits[j], d); + ecdsa_results[j][1]=d/(double)count; + } - if (rsa_count <= 1) - { - /* if longer than 10s, don't do any more */ - for (j++; jgroup = EC_GROUP_new_by_nid(test_curves[j]); - if (ecdh_a[j]->group == NULL) + /* generate two ECDH key pairs */ + if (!EC_KEY_generate_key(ecdh_a[j]) || + !EC_KEY_generate_key(ecdh_b[j])) { - BIO_printf(bio_err,"ECDH failure.\n"); + BIO_printf(bio_err,"ECDH key generation failure.\n"); ERR_print_errors(bio_err); - rsa_count=1; + rsa_count=1; } else { - ecdh_b[j]->group = EC_GROUP_dup(ecdh_a[j]->group); - - /* generate two ECDH key pairs */ - if (!EC_KEY_generate_key(ecdh_a[j]) || - !EC_KEY_generate_key(ecdh_b[j])) + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). + */ + int field_size, outlen; + void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen); + field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j])); + if (field_size <= 24 * 8) { - BIO_printf(bio_err,"ECDH key generation failure.\n"); - ERR_print_errors(bio_err); - rsa_count=1; + outlen = KDF1_SHA1_len; + kdf = KDF1_SHA1; } else { - /* If field size is not more than 24 octets, then use SHA-1 hash of result; - * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). - */ - int field_size, outlen; - void *(*kdf)(void *in, size_t inlen, void *out, size_t xoutlen); - field_size = EC_GROUP_get_degree(ecdh_a[j]->group); - if (field_size <= 24 * 8) - { - outlen = KDF1_SHA1_len; - kdf = KDF1_SHA1; - } - else - { - outlen = (field_size+7)/8; - kdf = NULL; - } - secret_size_a = ECDH_compute_key(secret_a, outlen, - ecdh_b[j]->pub_key, - ecdh_a[j], kdf); - secret_size_b = ECDH_compute_key(secret_b, outlen, - ecdh_a[j]->pub_key, - ecdh_b[j], kdf); - if (secret_size_a != secret_size_b) - ecdh_checks = 0; - else - ecdh_checks = 1; - - for (secret_idx = 0; - (secret_idx < secret_size_a) - && (ecdh_checks == 1); - secret_idx++) - { - if (secret_a[secret_idx] != secret_b[secret_idx]) - ecdh_checks = 0; - } + outlen = (field_size+7)/8; + kdf = NULL; + } + secret_size_a = ECDH_compute_key(secret_a, outlen, + EC_KEY_get0_public_key(ecdh_b[j]), + ecdh_a[j], kdf); + secret_size_b = ECDH_compute_key(secret_b, outlen, + EC_KEY_get0_public_key(ecdh_a[j]), + ecdh_b[j], kdf); + if (secret_size_a != secret_size_b) + ecdh_checks = 0; + else + ecdh_checks = 1; - if (ecdh_checks == 0) - { - BIO_printf(bio_err,"ECDH computations don't match.\n"); - ERR_print_errors(bio_err); - rsa_count=1; - } + for (secret_idx = 0; + (secret_idx < secret_size_a) + && (ecdh_checks == 1); + secret_idx++) + { + if (secret_a[secret_idx] != secret_b[secret_idx]) + ecdh_checks = 0; + } - pkey_print_message("","ecdh", - ecdh_c[j][0], - test_curves_bits[j], - ECDH_SECONDS); - Time_F(START); - for (count=0,run=1; COND(ecdh_c[j][0]); count++) - { - ECDH_compute_key(secret_a, outlen, - ecdh_b[j]->pub_key, - ecdh_a[j], kdf); - } - d=Time_F(STOP); - BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n", - count, test_curves_bits[j], d); - ecdh_results[j][0]=d/(double)count; - rsa_count=count; + if (ecdh_checks == 0) + { + BIO_printf(bio_err,"ECDH computations don't match.\n"); + ERR_print_errors(bio_err); + rsa_count=1; } + + pkey_print_message("","ecdh", + ecdh_c[j][0], + test_curves_bits[j], + ECDH_SECONDS); + Time_F(START); + for (count=0,run=1; COND(ecdh_c[j][0]); count++) + { + ECDH_compute_key(secret_a, outlen, + EC_KEY_get0_public_key(ecdh_b[j]), + ecdh_a[j], kdf); + } + d=Time_F(STOP); + BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n", + count, test_curves_bits[j], d); + ecdh_results[j][0]=d/(double)count; + rsa_count=count; } } + if (rsa_count <= 1) { /* if longer than 10s, don't do any more */ @@ -2360,7 +2357,7 @@ show_res: k,rsa_bits[k],rsa_results[k][0], rsa_results[k][1]); else - fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n", + fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n", rsa_bits[k],rsa_results[k][0],rsa_results[k][1], 1.0/rsa_results[k][0],1.0/rsa_results[k][1]); } @@ -2379,7 +2376,7 @@ show_res: fprintf(stdout,"+F3:%u:%u:%f:%f\n", k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]); else - fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n", + fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n", dsa_bits[k],dsa_results[k][0],dsa_results[k][1], 1.0/dsa_results[k][0],1.0/dsa_results[k][1]); } @@ -2486,8 +2483,8 @@ static void print_message(const char *s, long num, int length) #endif } -static void pkey_print_message(char *str, char *str2, long num, int bits, - int tm) +static void pkey_print_message(const char *str, const char *str2, long num, + int bits, int tm) { #ifdef SIGALRM BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"