2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
13 #define PKEY_SECONDS 10
15 #define RSA_SECONDS PKEY_SECONDS
16 #define DSA_SECONDS PKEY_SECONDS
17 #define ECDSA_SECONDS PKEY_SECONDS
18 #define ECDH_SECONDS PKEY_SECONDS
19 #define EdDSA_SECONDS PKEY_SECONDS
20 #define SM2_SECONDS PKEY_SECONDS
21 #define FFDH_SECONDS PKEY_SECONDS
23 /* We need to use some deprecated APIs */
24 #define OPENSSL_SUPPRESS_DEPRECATED
32 #include <openssl/crypto.h>
33 #include <openssl/rand.h>
34 #include <openssl/err.h>
35 #include <openssl/evp.h>
36 #include <openssl/objects.h>
37 #include <openssl/core_names.h>
38 #include <openssl/async.h>
39 #if !defined(OPENSSL_SYS_MSDOS)
44 # if defined(OPENSSL_TANDEM_FLOSS)
45 # include <floss.h(floss_fork)>
53 #include <openssl/bn.h>
54 #include <openssl/rsa.h>
55 #include "./testrsa.h"
57 # include <openssl/dh.h>
59 #include <openssl/x509.h>
60 #include <openssl/dsa.h>
61 #include "./testdsa.h"
62 #include <openssl/modes.h>
65 # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
78 #define MAX_MISALIGNMENT 63
79 #define MAX_ECDH_SIZE 256
81 #define MAX_FFDH_SIZE 1024
83 #ifndef RSA_DEFAULT_PRIME_NUM
84 # define RSA_DEFAULT_PRIME_NUM 2
87 typedef struct openssl_speed_sec_st {
96 } openssl_speed_sec_t;
98 static volatile int run = 0;
100 static int mr = 0; /* machine-readeable output format to merge fork results */
101 static int usertime = 1;
103 static double Time_F(int s);
104 static void print_message(const char *s, long num, int length, int tm);
105 static void pkey_print_message(const char *str, const char *str2,
106 long num, unsigned int bits, int sec);
107 static void print_result(int alg, int run_no, int count, double time_used);
109 static int do_multi(int multi, int size_num);
112 static const int lengths_list[] = {
113 16, 64, 256, 1024, 8 * 1024, 16 * 1024
115 #define SIZE_NUM OSSL_NELEM(lengths_list)
116 static const int *lengths = lengths_list;
118 static const int aead_lengths_list[] = {
119 2, 31, 136, 1024, 8 * 1024, 16 * 1024
127 static void alarmed(int sig)
129 signal(SIGALRM, alarmed);
133 static double Time_F(int s)
135 double ret = app_tminterval(s, usertime);
141 #elif defined(_WIN32)
145 static unsigned int lapse;
146 static volatile unsigned int schlock;
147 static void alarm_win32(unsigned int secs)
152 # define alarm alarm_win32
154 static DWORD WINAPI sleepy(VOID * arg)
162 static double Time_F(int s)
169 thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
171 DWORD err = GetLastError();
172 BIO_printf(bio_err, "unable to CreateThread (%lu)", err);
176 Sleep(0); /* scheduler spinlock */
177 ret = app_tminterval(s, usertime);
179 ret = app_tminterval(s, usertime);
181 TerminateThread(thr, 0);
188 # error "SIGALRM not defined and the platform is not Windows"
191 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
192 const openssl_speed_sec_t *seconds);
194 static int opt_found(const char *name, unsigned int *result,
195 const OPT_PAIR pairs[], unsigned int nbelem)
199 for (idx = 0; idx < nbelem; ++idx, pairs++)
200 if (strcmp(name, pairs->name) == 0) {
201 *result = pairs->retval;
206 #define opt_found(value, pairs, result)\
207 opt_found(value, result, pairs, OSSL_NELEM(pairs))
209 typedef enum OPTION_choice {
211 OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
212 OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM,
213 OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC
216 const OPTIONS speed_options[] = {
217 {OPT_HELP_STR, 1, '-', "Usage: %s [options] [algorithm...]\n"},
219 OPT_SECTION("General"),
220 {"help", OPT_HELP, '-', "Display this summary"},
222 "Enable (tls1>=1) multi-block mode on EVP-named cipher"},
223 {"mr", OPT_MR, '-', "Produce machine readable output"},
225 {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
227 #ifndef OPENSSL_NO_ASYNC
228 {"async_jobs", OPT_ASYNCJOBS, 'p',
229 "Enable async mode and start specified number of jobs"},
231 #ifndef OPENSSL_NO_ENGINE
232 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
234 {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
236 OPT_SECTION("Selection"),
237 {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
238 {"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"},
239 {"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"},
240 {"decrypt", OPT_DECRYPT, '-',
241 "Time decryption instead of encryption (only EVP)"},
242 {"aead", OPT_AEAD, '-',
243 "Benchmark EVP-named AEAD cipher in TLS-like sequence"},
245 OPT_SECTION("Timing"),
246 {"elapsed", OPT_ELAPSED, '-',
247 "Use wall-clock time instead of CPU user time as divisor"},
248 {"seconds", OPT_SECONDS, 'p',
249 "Run benchmarks for specified amount of seconds"},
250 {"bytes", OPT_BYTES, 'p',
251 "Run [non-PKI] benchmarks on custom-sized buffer"},
252 {"misalign", OPT_MISALIGN, 'p',
253 "Use specified offset to mis-align buffers"},
259 {"algorithm", 0, 0, "Algorithm(s) to test (optional; otherwise tests all)"},
264 D_MD2, D_MDC2, D_MD4, D_MD5, D_SHA1, D_RMD160,
265 D_SHA256, D_SHA512, D_WHIRLPOOL, D_HMAC,
266 D_CBC_DES, D_EDE3_DES, D_RC4, D_CBC_IDEA, D_CBC_SEED,
267 D_CBC_RC2, D_CBC_RC5, D_CBC_BF, D_CBC_CAST,
268 D_CBC_128_AES, D_CBC_192_AES, D_CBC_256_AES,
269 D_CBC_128_CML, D_CBC_192_CML, D_CBC_256_CML,
270 D_EVP, D_GHASH, D_RAND, D_EVP_CMAC, ALGOR_NUM
272 /* name of algorithms to test. MUST BE KEEP IN SYNC with above enum ! */
273 static const char *names[ALGOR_NUM] = {
274 "md2", "mdc2", "md4", "md5", "sha1", "rmd160",
275 "sha256", "sha512", "whirlpool", "hmac(md5)",
276 "des-cbc", "des-ede3", "rc4", "idea-cbc", "seed-cbc",
277 "rc2-cbc", "rc5-cbc", "blowfish", "cast-cbc",
278 "aes-128-cbc", "aes-192-cbc", "aes-256-cbc",
279 "camellia-128-cbc", "camellia-192-cbc", "camellia-256-cbc",
280 "evp", "ghash", "rand", "cmac"
283 /* list of configured algorithm (remaining), with some few alias */
284 static const OPT_PAIR doit_choices[] = {
291 {"sha256", D_SHA256},
292 {"sha512", D_SHA512},
293 {"whirlpool", D_WHIRLPOOL},
294 {"ripemd", D_RMD160},
295 {"rmd160", D_RMD160},
296 {"ripemd160", D_RMD160},
298 {"des-cbc", D_CBC_DES},
299 {"des-ede3", D_EDE3_DES},
300 {"aes-128-cbc", D_CBC_128_AES},
301 {"aes-192-cbc", D_CBC_192_AES},
302 {"aes-256-cbc", D_CBC_256_AES},
303 {"camellia-128-cbc", D_CBC_128_CML},
304 {"camellia-192-cbc", D_CBC_192_CML},
305 {"camellia-256-cbc", D_CBC_256_CML},
306 {"rc2-cbc", D_CBC_RC2},
308 {"rc5-cbc", D_CBC_RC5},
310 {"idea-cbc", D_CBC_IDEA},
311 {"idea", D_CBC_IDEA},
312 {"seed-cbc", D_CBC_SEED},
313 {"seed", D_CBC_SEED},
314 {"bf-cbc", D_CBC_BF},
315 {"blowfish", D_CBC_BF},
317 {"cast-cbc", D_CBC_CAST},
318 {"cast", D_CBC_CAST},
319 {"cast5", D_CBC_CAST},
324 static double results[ALGOR_NUM][SIZE_NUM];
326 enum { R_DSA_512, R_DSA_1024, R_DSA_2048, DSA_NUM };
327 static const OPT_PAIR dsa_choices[DSA_NUM] = {
328 {"dsa512", R_DSA_512},
329 {"dsa1024", R_DSA_1024},
330 {"dsa2048", R_DSA_2048}
332 static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
335 R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680,
338 static const OPT_PAIR rsa_choices[RSA_NUM] = {
339 {"rsa512", R_RSA_512},
340 {"rsa1024", R_RSA_1024},
341 {"rsa2048", R_RSA_2048},
342 {"rsa3072", R_RSA_3072},
343 {"rsa4096", R_RSA_4096},
344 {"rsa7680", R_RSA_7680},
345 {"rsa15360", R_RSA_15360}
348 static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
350 #ifndef OPENSSL_NO_DH
352 R_FFDH_2048, R_FFDH_3072, R_FFDH_4096, R_FFDH_6144, R_FFDH_8192, FFDH_NUM
355 static const OPT_PAIR ffdh_choices[FFDH_NUM] = {
356 {"ffdh2048", R_FFDH_2048},
357 {"ffdh3072", R_FFDH_3072},
358 {"ffdh4096", R_FFDH_4096},
359 {"ffdh6144", R_FFDH_6144},
360 {"ffdh8192", R_FFDH_8192},
363 static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
364 #endif /* OPENSSL_NO_DH */
367 R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
368 #ifndef OPENSSL_NO_EC2M
369 R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
370 R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
372 R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1,
373 R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM
375 /* list of ecdsa curves */
376 static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
377 {"ecdsap160", R_EC_P160},
378 {"ecdsap192", R_EC_P192},
379 {"ecdsap224", R_EC_P224},
380 {"ecdsap256", R_EC_P256},
381 {"ecdsap384", R_EC_P384},
382 {"ecdsap521", R_EC_P521},
383 #ifndef OPENSSL_NO_EC2M
384 {"ecdsak163", R_EC_K163},
385 {"ecdsak233", R_EC_K233},
386 {"ecdsak283", R_EC_K283},
387 {"ecdsak409", R_EC_K409},
388 {"ecdsak571", R_EC_K571},
389 {"ecdsab163", R_EC_B163},
390 {"ecdsab233", R_EC_B233},
391 {"ecdsab283", R_EC_B283},
392 {"ecdsab409", R_EC_B409},
393 {"ecdsab571", R_EC_B571},
395 {"ecdsabrp256r1", R_EC_BRP256R1},
396 {"ecdsabrp256t1", R_EC_BRP256T1},
397 {"ecdsabrp384r1", R_EC_BRP384R1},
398 {"ecdsabrp384t1", R_EC_BRP384T1},
399 {"ecdsabrp512r1", R_EC_BRP512R1},
400 {"ecdsabrp512t1", R_EC_BRP512T1}
402 enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
403 /* list of ecdh curves, extension of |ecdsa_choices| list above */
404 static const OPT_PAIR ecdh_choices[EC_NUM] = {
405 {"ecdhp160", R_EC_P160},
406 {"ecdhp192", R_EC_P192},
407 {"ecdhp224", R_EC_P224},
408 {"ecdhp256", R_EC_P256},
409 {"ecdhp384", R_EC_P384},
410 {"ecdhp521", R_EC_P521},
411 #ifndef OPENSSL_NO_EC2M
412 {"ecdhk163", R_EC_K163},
413 {"ecdhk233", R_EC_K233},
414 {"ecdhk283", R_EC_K283},
415 {"ecdhk409", R_EC_K409},
416 {"ecdhk571", R_EC_K571},
417 {"ecdhb163", R_EC_B163},
418 {"ecdhb233", R_EC_B233},
419 {"ecdhb283", R_EC_B283},
420 {"ecdhb409", R_EC_B409},
421 {"ecdhb571", R_EC_B571},
423 {"ecdhbrp256r1", R_EC_BRP256R1},
424 {"ecdhbrp256t1", R_EC_BRP256T1},
425 {"ecdhbrp384r1", R_EC_BRP384R1},
426 {"ecdhbrp384t1", R_EC_BRP384T1},
427 {"ecdhbrp512r1", R_EC_BRP512R1},
428 {"ecdhbrp512t1", R_EC_BRP512T1},
429 {"ecdhx25519", R_EC_X25519},
430 {"ecdhx448", R_EC_X448}
433 static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */
434 static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
436 enum { R_EC_Ed25519, R_EC_Ed448, EdDSA_NUM };
437 static const OPT_PAIR eddsa_choices[EdDSA_NUM] = {
438 {"ed25519", R_EC_Ed25519},
439 {"ed448", R_EC_Ed448}
442 static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */
444 #ifndef OPENSSL_NO_SM2
445 enum { R_EC_CURVESM2, SM2_NUM };
446 static const OPT_PAIR sm2_choices[SM2_NUM] = {
447 {"curveSM2", R_EC_CURVESM2}
449 # define SM2_ID "TLSv1.3+GM+Cipher+Suite"
450 # define SM2_ID_LEN sizeof("TLSv1.3+GM+Cipher+Suite") - 1
451 static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */
452 #endif /* OPENSSL_NO_SM2 */
454 #define COND(unused_cond) (run && count < 0x7fffffff)
455 #define COUNT(d) (count)
457 typedef struct loopargs_st {
458 ASYNC_JOB *inprogress_job;
459 ASYNC_WAIT_CTX *wait_ctx;
462 unsigned char *buf_malloc;
463 unsigned char *buf2_malloc;
466 EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM];
467 EVP_PKEY_CTX *rsa_verify_ctx[RSA_NUM];
468 EVP_PKEY_CTX *dsa_sign_ctx[DSA_NUM];
469 EVP_PKEY_CTX *dsa_verify_ctx[DSA_NUM];
470 EVP_PKEY_CTX *ecdsa_sign_ctx[ECDSA_NUM];
471 EVP_PKEY_CTX *ecdsa_verify_ctx[ECDSA_NUM];
472 EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
473 EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
474 EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM];
475 #ifndef OPENSSL_NO_SM2
476 EVP_MD_CTX *sm2_ctx[SM2_NUM];
477 EVP_MD_CTX *sm2_vfy_ctx[SM2_NUM];
478 EVP_PKEY *sm2_pkey[SM2_NUM];
480 unsigned char *secret_a;
481 unsigned char *secret_b;
482 size_t outlen[EC_NUM];
483 #ifndef OPENSSL_NO_DH
484 EVP_PKEY_CTX *ffdh_ctx[FFDH_NUM];
485 unsigned char *secret_ff_a;
486 unsigned char *secret_ff_b;
491 static int run_benchmark(int async_jobs, int (*loop_function) (void *),
492 loopargs_t * loopargs);
494 static unsigned int testnum;
496 /* Nb of iterations to do per algorithm and key-size */
497 static long c[ALGOR_NUM][SIZE_NUM];
499 static char *evp_mac_mdname = "md5";
500 static char *evp_hmac_name = NULL;
501 static const char *evp_md_name = NULL;
502 static char *evp_mac_ciphername = "aes-128-cbc";
503 static char *evp_cmac_name = NULL;
505 static int have_md(const char *name)
510 if (opt_md_silent(name, &md)) {
511 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
513 if (ctx != NULL && EVP_DigestInit(ctx, md) > 0)
515 EVP_MD_CTX_free(ctx);
521 static int have_cipher(const char *name)
524 EVP_CIPHER *cipher = NULL;
526 if (opt_cipher_silent(name, &cipher)) {
527 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
530 && EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) > 0)
532 EVP_CIPHER_CTX_free(ctx);
533 EVP_CIPHER_free(cipher);
538 static int EVP_Digest_loop(const char *mdname, int algindex, void *args)
540 loopargs_t *tempargs = *(loopargs_t **) args;
541 unsigned char *buf = tempargs->buf;
542 unsigned char digest[EVP_MAX_MD_SIZE];
546 if (!opt_md_silent(mdname, &md))
548 for (count = 0; COND(c[algindex][testnum]); count++) {
549 if (!EVP_Digest(buf, (size_t)lengths[testnum], digest, NULL, md,
559 static int EVP_Digest_md_loop(void *args)
561 return EVP_Digest_loop(evp_md_name, D_EVP, args);
564 static int EVP_Digest_MD2_loop(void *args)
566 return EVP_Digest_loop("md2", D_MD2, args);
569 static int EVP_Digest_MDC2_loop(void *args)
571 return EVP_Digest_loop("mdc2", D_MDC2, args);
574 static int EVP_Digest_MD4_loop(void *args)
576 return EVP_Digest_loop("md4", D_MD4, args);
579 static int MD5_loop(void *args)
581 return EVP_Digest_loop("md5", D_MD5, args);
584 static int EVP_MAC_loop(int algindex, void *args)
586 loopargs_t *tempargs = *(loopargs_t **) args;
587 unsigned char *buf = tempargs->buf;
588 EVP_MAC_CTX *mctx = tempargs->mctx;
589 unsigned char mac[EVP_MAX_MD_SIZE];
592 for (count = 0; COND(c[algindex][testnum]); count++) {
595 if (!EVP_MAC_init(mctx, NULL, 0, NULL)
596 || !EVP_MAC_update(mctx, buf, lengths[testnum])
597 || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
603 static int HMAC_loop(void *args)
605 return EVP_MAC_loop(D_HMAC, args);
608 static int CMAC_loop(void *args)
610 return EVP_MAC_loop(D_EVP_CMAC, args);
613 static int SHA1_loop(void *args)
615 return EVP_Digest_loop("sha1", D_SHA1, args);
618 static int SHA256_loop(void *args)
620 return EVP_Digest_loop("sha256", D_SHA256, args);
623 static int SHA512_loop(void *args)
625 return EVP_Digest_loop("sha512", D_SHA512, args);
628 static int WHIRLPOOL_loop(void *args)
630 return EVP_Digest_loop("whirlpool", D_WHIRLPOOL, args);
633 static int EVP_Digest_RMD160_loop(void *args)
635 return EVP_Digest_loop("ripemd160", D_RMD160, args);
640 static int EVP_Cipher_loop(void *args)
642 loopargs_t *tempargs = *(loopargs_t **) args;
643 unsigned char *buf = tempargs->buf;
646 if (tempargs->ctx == NULL)
648 for (count = 0; COND(c[algindex][testnum]); count++)
649 if (EVP_Cipher(tempargs->ctx, buf, buf, (size_t)lengths[testnum]) <= 0)
654 static int GHASH_loop(void *args)
656 loopargs_t *tempargs = *(loopargs_t **) args;
657 unsigned char *buf = tempargs->buf;
658 EVP_MAC_CTX *mctx = tempargs->mctx;
661 /* just do the update in the loop to be comparable with 1.1.1 */
662 for (count = 0; COND(c[D_GHASH][testnum]); count++) {
663 if (!EVP_MAC_update(mctx, buf, lengths[testnum]))
669 #define MAX_BLOCK_SIZE 128
671 static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
673 static EVP_CIPHER_CTX *init_evp_cipher_ctx(const char *ciphername,
674 const unsigned char *key,
677 EVP_CIPHER_CTX *ctx = NULL;
678 EVP_CIPHER *cipher = NULL;
680 if (!opt_cipher_silent(ciphername, &cipher))
683 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
686 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)) {
687 EVP_CIPHER_CTX_free(ctx);
692 if (!EVP_CIPHER_CTX_set_key_length(ctx, keylen)) {
693 EVP_CIPHER_CTX_free(ctx);
698 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1)) {
699 EVP_CIPHER_CTX_free(ctx);
705 EVP_CIPHER_free(cipher);
709 static int RAND_bytes_loop(void *args)
711 loopargs_t *tempargs = *(loopargs_t **) args;
712 unsigned char *buf = tempargs->buf;
715 for (count = 0; COND(c[D_RAND][testnum]); count++)
716 RAND_bytes(buf, lengths[testnum]);
720 static int decrypt = 0;
721 static int EVP_Update_loop(void *args)
723 loopargs_t *tempargs = *(loopargs_t **) args;
724 unsigned char *buf = tempargs->buf;
725 EVP_CIPHER_CTX *ctx = tempargs->ctx;
729 for (count = 0; COND(c[D_EVP][testnum]); count++) {
730 rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
732 /* reset iv in case of counter overflow */
733 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
737 for (count = 0; COND(c[D_EVP][testnum]); count++) {
738 rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
740 /* reset iv in case of counter overflow */
741 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
746 EVP_DecryptFinal_ex(ctx, buf, &outl);
748 EVP_EncryptFinal_ex(ctx, buf, &outl);
753 * CCM does not support streaming. For the purpose of performance measurement,
754 * each message is encrypted using the same (key,iv)-pair. Do not use this
755 * code in your application.
757 static int EVP_Update_loop_ccm(void *args)
759 loopargs_t *tempargs = *(loopargs_t **) args;
760 unsigned char *buf = tempargs->buf;
761 EVP_CIPHER_CTX *ctx = tempargs->ctx;
763 unsigned char tag[12];
766 for (count = 0; COND(c[D_EVP][testnum]); count++) {
767 (void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag),
770 (void)EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
771 /* counter is reset on every update */
772 (void)EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
775 for (count = 0; COND(c[D_EVP][testnum]); count++) {
776 /* restore iv length field */
777 (void)EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]);
778 /* counter is reset on every update */
779 (void)EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
783 (void)EVP_DecryptFinal_ex(ctx, buf, &outl);
785 (void)EVP_EncryptFinal_ex(ctx, buf, &outl);
790 * To make AEAD benchmarking more relevant perform TLS-like operations,
791 * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
792 * payload length is not actually limited by 16KB...
794 static int EVP_Update_loop_aead(void *args)
796 loopargs_t *tempargs = *(loopargs_t **) args;
797 unsigned char *buf = tempargs->buf;
798 EVP_CIPHER_CTX *ctx = tempargs->ctx;
800 unsigned char aad[13] = { 0xcc };
801 unsigned char faketag[16] = { 0xcc };
804 for (count = 0; COND(c[D_EVP][testnum]); count++) {
805 (void)EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
806 (void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
807 sizeof(faketag), faketag);
808 (void)EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
809 (void)EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
810 (void)EVP_DecryptFinal_ex(ctx, buf + outl, &outl);
813 for (count = 0; COND(c[D_EVP][testnum]); count++) {
814 (void)EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv);
815 (void)EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
816 (void)EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
817 (void)EVP_EncryptFinal_ex(ctx, buf + outl, &outl);
823 static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
825 static int RSA_sign_loop(void *args)
827 loopargs_t *tempargs = *(loopargs_t **) args;
828 unsigned char *buf = tempargs->buf;
829 unsigned char *buf2 = tempargs->buf2;
830 size_t *rsa_num = &tempargs->sigsize;
831 EVP_PKEY_CTX **rsa_sign_ctx = tempargs->rsa_sign_ctx;
834 for (count = 0; COND(rsa_c[testnum][0]); count++) {
835 ret = EVP_PKEY_sign(rsa_sign_ctx[testnum], buf2, rsa_num, buf, 36);
837 BIO_printf(bio_err, "RSA sign failure\n");
838 ERR_print_errors(bio_err);
846 static int RSA_verify_loop(void *args)
848 loopargs_t *tempargs = *(loopargs_t **) args;
849 unsigned char *buf = tempargs->buf;
850 unsigned char *buf2 = tempargs->buf2;
851 size_t rsa_num = tempargs->sigsize;
852 EVP_PKEY_CTX **rsa_verify_ctx = tempargs->rsa_verify_ctx;
855 for (count = 0; COND(rsa_c[testnum][1]); count++) {
856 ret = EVP_PKEY_verify(rsa_verify_ctx[testnum], buf2, rsa_num, buf, 36);
858 BIO_printf(bio_err, "RSA verify failure\n");
859 ERR_print_errors(bio_err);
867 #ifndef OPENSSL_NO_DH
868 static long ffdh_c[FFDH_NUM][1];
870 static int FFDH_derive_key_loop(void *args)
872 loopargs_t *tempargs = *(loopargs_t **) args;
873 EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum];
874 unsigned char *derived_secret = tempargs->secret_ff_a;
875 size_t outlen = MAX_FFDH_SIZE;
878 for (count = 0; COND(ffdh_c[testnum][0]); count++)
879 EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen);
882 #endif /* OPENSSL_NO_DH */
884 static long dsa_c[DSA_NUM][2];
885 static int DSA_sign_loop(void *args)
887 loopargs_t *tempargs = *(loopargs_t **) args;
888 unsigned char *buf = tempargs->buf;
889 unsigned char *buf2 = tempargs->buf2;
890 size_t *dsa_num = &tempargs->sigsize;
891 EVP_PKEY_CTX **dsa_sign_ctx = tempargs->dsa_sign_ctx;
894 for (count = 0; COND(dsa_c[testnum][0]); count++) {
895 ret = EVP_PKEY_sign(dsa_sign_ctx[testnum], buf2, dsa_num, buf, 20);
897 BIO_printf(bio_err, "DSA sign failure\n");
898 ERR_print_errors(bio_err);
906 static int DSA_verify_loop(void *args)
908 loopargs_t *tempargs = *(loopargs_t **) args;
909 unsigned char *buf = tempargs->buf;
910 unsigned char *buf2 = tempargs->buf2;
911 size_t dsa_num = tempargs->sigsize;
912 EVP_PKEY_CTX **dsa_verify_ctx = tempargs->dsa_verify_ctx;
915 for (count = 0; COND(dsa_c[testnum][1]); count++) {
916 ret = EVP_PKEY_verify(dsa_verify_ctx[testnum], buf2, dsa_num, buf, 20);
918 BIO_printf(bio_err, "DSA verify failure\n");
919 ERR_print_errors(bio_err);
927 static long ecdsa_c[ECDSA_NUM][2];
928 static int ECDSA_sign_loop(void *args)
930 loopargs_t *tempargs = *(loopargs_t **) args;
931 unsigned char *buf = tempargs->buf;
932 unsigned char *buf2 = tempargs->buf2;
933 size_t *ecdsa_num = &tempargs->sigsize;
934 EVP_PKEY_CTX **ecdsa_sign_ctx = tempargs->ecdsa_sign_ctx;
937 for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
938 ret = EVP_PKEY_sign(ecdsa_sign_ctx[testnum], buf2, ecdsa_num, buf, 20);
940 BIO_printf(bio_err, "ECDSA sign failure\n");
941 ERR_print_errors(bio_err);
949 static int ECDSA_verify_loop(void *args)
951 loopargs_t *tempargs = *(loopargs_t **) args;
952 unsigned char *buf = tempargs->buf;
953 unsigned char *buf2 = tempargs->buf2;
954 size_t ecdsa_num = tempargs->sigsize;
955 EVP_PKEY_CTX **ecdsa_verify_ctx = tempargs->ecdsa_verify_ctx;
958 for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
959 ret = EVP_PKEY_verify(ecdsa_verify_ctx[testnum], buf2, ecdsa_num,
962 BIO_printf(bio_err, "ECDSA verify failure\n");
963 ERR_print_errors(bio_err);
971 /* ******************************************************************** */
972 static long ecdh_c[EC_NUM][1];
974 static int ECDH_EVP_derive_key_loop(void *args)
976 loopargs_t *tempargs = *(loopargs_t **) args;
977 EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum];
978 unsigned char *derived_secret = tempargs->secret_a;
980 size_t *outlen = &(tempargs->outlen[testnum]);
982 for (count = 0; COND(ecdh_c[testnum][0]); count++)
983 EVP_PKEY_derive(ctx, derived_secret, outlen);
988 static long eddsa_c[EdDSA_NUM][2];
989 static int EdDSA_sign_loop(void *args)
991 loopargs_t *tempargs = *(loopargs_t **) args;
992 unsigned char *buf = tempargs->buf;
993 EVP_MD_CTX **edctx = tempargs->eddsa_ctx;
994 unsigned char *eddsasig = tempargs->buf2;
995 size_t *eddsasigsize = &tempargs->sigsize;
998 for (count = 0; COND(eddsa_c[testnum][0]); count++) {
999 ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
1001 BIO_printf(bio_err, "EdDSA sign failure\n");
1002 ERR_print_errors(bio_err);
1010 static int EdDSA_verify_loop(void *args)
1012 loopargs_t *tempargs = *(loopargs_t **) args;
1013 unsigned char *buf = tempargs->buf;
1014 EVP_MD_CTX **edctx = tempargs->eddsa_ctx2;
1015 unsigned char *eddsasig = tempargs->buf2;
1016 size_t eddsasigsize = tempargs->sigsize;
1019 for (count = 0; COND(eddsa_c[testnum][1]); count++) {
1020 ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
1022 BIO_printf(bio_err, "EdDSA verify failure\n");
1023 ERR_print_errors(bio_err);
1031 #ifndef OPENSSL_NO_SM2
1032 static long sm2_c[SM2_NUM][2];
1033 static int SM2_sign_loop(void *args)
1035 loopargs_t *tempargs = *(loopargs_t **) args;
1036 unsigned char *buf = tempargs->buf;
1037 EVP_MD_CTX **sm2ctx = tempargs->sm2_ctx;
1038 unsigned char *sm2sig = tempargs->buf2;
1041 EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
1042 const size_t max_size = EVP_PKEY_get_size(sm2_pkey[testnum]);
1044 for (count = 0; COND(sm2_c[testnum][0]); count++) {
1045 sm2sigsize = max_size;
1047 if (!EVP_DigestSignInit(sm2ctx[testnum], NULL, EVP_sm3(),
1048 NULL, sm2_pkey[testnum])) {
1049 BIO_printf(bio_err, "SM2 init sign failure\n");
1050 ERR_print_errors(bio_err);
1054 ret = EVP_DigestSign(sm2ctx[testnum], sm2sig, &sm2sigsize,
1057 BIO_printf(bio_err, "SM2 sign failure\n");
1058 ERR_print_errors(bio_err);
1062 /* update the latest returned size and always use the fixed buffer size */
1063 tempargs->sigsize = sm2sigsize;
1069 static int SM2_verify_loop(void *args)
1071 loopargs_t *tempargs = *(loopargs_t **) args;
1072 unsigned char *buf = tempargs->buf;
1073 EVP_MD_CTX **sm2ctx = tempargs->sm2_vfy_ctx;
1074 unsigned char *sm2sig = tempargs->buf2;
1075 size_t sm2sigsize = tempargs->sigsize;
1077 EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
1079 for (count = 0; COND(sm2_c[testnum][1]); count++) {
1080 if (!EVP_DigestVerifyInit(sm2ctx[testnum], NULL, EVP_sm3(),
1081 NULL, sm2_pkey[testnum])) {
1082 BIO_printf(bio_err, "SM2 verify init failure\n");
1083 ERR_print_errors(bio_err);
1087 ret = EVP_DigestVerify(sm2ctx[testnum], sm2sig, sm2sigsize,
1090 BIO_printf(bio_err, "SM2 verify failure\n");
1091 ERR_print_errors(bio_err);
1098 #endif /* OPENSSL_NO_SM2 */
1100 static int run_benchmark(int async_jobs,
1101 int (*loop_function) (void *), loopargs_t * loopargs)
1103 int job_op_count = 0;
1104 int total_op_count = 0;
1105 int num_inprogress = 0;
1106 int error = 0, i = 0, ret = 0;
1107 OSSL_ASYNC_FD job_fd = 0;
1108 size_t num_job_fds = 0;
1110 if (async_jobs == 0) {
1111 return loop_function((void *)&loopargs);
1114 for (i = 0; i < async_jobs && !error; i++) {
1115 loopargs_t *looparg_item = loopargs + i;
1117 /* Copy pointer content (looparg_t item address) into async context */
1118 ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
1119 &job_op_count, loop_function,
1120 (void *)&looparg_item, sizeof(looparg_item));
1126 if (job_op_count == -1) {
1129 total_op_count += job_op_count;
1134 BIO_printf(bio_err, "Failure in the job\n");
1135 ERR_print_errors(bio_err);
1141 while (num_inprogress > 0) {
1142 #if defined(OPENSSL_SYS_WINDOWS)
1144 #elif defined(OPENSSL_SYS_UNIX)
1145 int select_result = 0;
1146 OSSL_ASYNC_FD max_fd = 0;
1149 FD_ZERO(&waitfdset);
1151 for (i = 0; i < async_jobs && num_inprogress > 0; i++) {
1152 if (loopargs[i].inprogress_job == NULL)
1155 if (!ASYNC_WAIT_CTX_get_all_fds
1156 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1157 || num_job_fds > 1) {
1158 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1159 ERR_print_errors(bio_err);
1163 ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1165 FD_SET(job_fd, &waitfdset);
1166 if (job_fd > max_fd)
1170 if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
1172 "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
1173 "Decrease the value of async_jobs\n",
1174 max_fd, FD_SETSIZE);
1175 ERR_print_errors(bio_err);
1180 select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL);
1181 if (select_result == -1 && errno == EINTR)
1184 if (select_result == -1) {
1185 BIO_printf(bio_err, "Failure in the select\n");
1186 ERR_print_errors(bio_err);
1191 if (select_result == 0)
1195 for (i = 0; i < async_jobs; i++) {
1196 if (loopargs[i].inprogress_job == NULL)
1199 if (!ASYNC_WAIT_CTX_get_all_fds
1200 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1201 || num_job_fds > 1) {
1202 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1203 ERR_print_errors(bio_err);
1207 ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1210 #if defined(OPENSSL_SYS_UNIX)
1211 if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
1213 #elif defined(OPENSSL_SYS_WINDOWS)
1214 if (num_job_fds == 1
1215 && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
1220 ret = ASYNC_start_job(&loopargs[i].inprogress_job,
1221 loopargs[i].wait_ctx, &job_op_count,
1222 loop_function, (void *)(loopargs + i),
1223 sizeof(loopargs_t));
1228 if (job_op_count == -1) {
1231 total_op_count += job_op_count;
1234 loopargs[i].inprogress_job = NULL;
1239 loopargs[i].inprogress_job = NULL;
1240 BIO_printf(bio_err, "Failure in the job\n");
1241 ERR_print_errors(bio_err);
1248 return error ? -1 : total_op_count;
1251 typedef struct ec_curve_st {
1255 size_t sigsize; /* only used for EdDSA curves */
1258 static EVP_PKEY *get_ecdsa(const EC_CURVE *curve)
1260 EVP_PKEY_CTX *kctx = NULL;
1261 EVP_PKEY *key = NULL;
1263 /* Ensure that the error queue is empty */
1264 if (ERR_peek_error()) {
1266 "WARNING: the error queue contains previous unhandled errors.\n");
1267 ERR_print_errors(bio_err);
1271 * Let's try to create a ctx directly from the NID: this works for
1272 * curves like Curve25519 that are not implemented through the low
1273 * level EC interface.
1274 * If this fails we try creating a EVP_PKEY_EC generic param ctx,
1275 * then we set the curve by NID before deriving the actual keygen
1276 * ctx for that specific curve.
1278 kctx = EVP_PKEY_CTX_new_id(curve->nid, NULL);
1280 EVP_PKEY_CTX *pctx = NULL;
1281 EVP_PKEY *params = NULL;
1283 * If we reach this code EVP_PKEY_CTX_new_id() failed and a
1284 * "int_ctx_new:unsupported algorithm" error was added to the
1286 * We remove it from the error queue as we are handling it.
1288 unsigned long error = ERR_peek_error();
1290 if (error == ERR_peek_last_error() /* oldest and latest errors match */
1291 /* check that the error origin matches */
1292 && ERR_GET_LIB(error) == ERR_LIB_EVP
1293 && (ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM
1294 || ERR_GET_REASON(error) == ERR_R_UNSUPPORTED))
1295 ERR_get_error(); /* pop error from queue */
1296 if (ERR_peek_error()) {
1298 "Unhandled error in the error queue during EC key setup.\n");
1299 ERR_print_errors(bio_err);
1303 /* Create the context for parameter generation */
1304 if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL
1305 || EVP_PKEY_paramgen_init(pctx) <= 0
1306 || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1308 || EVP_PKEY_paramgen(pctx, ¶ms) <= 0) {
1309 BIO_printf(bio_err, "EC params init failure.\n");
1310 ERR_print_errors(bio_err);
1311 EVP_PKEY_CTX_free(pctx);
1314 EVP_PKEY_CTX_free(pctx);
1316 /* Create the context for the key generation */
1317 kctx = EVP_PKEY_CTX_new(params, NULL);
1318 EVP_PKEY_free(params);
1321 || EVP_PKEY_keygen_init(kctx) <= 0
1322 || EVP_PKEY_keygen(kctx, &key) <= 0) {
1323 BIO_printf(bio_err, "EC key generation failure.\n");
1324 ERR_print_errors(bio_err);
1327 EVP_PKEY_CTX_free(kctx);
1331 #define stop_it(do_it, test_num)\
1332 memset(do_it + test_num, 0, OSSL_NELEM(do_it) - test_num);
1334 int speed_main(int argc, char **argv)
1337 loopargs_t *loopargs = NULL;
1339 const char *engine_id = NULL;
1340 EVP_CIPHER *evp_cipher = NULL;
1341 EVP_MAC *mac = NULL;
1344 int async_init = 0, multiblock = 0, pr_header = 0;
1345 uint8_t doit[ALGOR_NUM] = { 0 };
1346 int ret = 1, misalign = 0, lengths_single = 0, aead = 0;
1348 unsigned int size_num = SIZE_NUM;
1349 unsigned int i, k, loopargs_len = 0, async_jobs = 0;
1353 EVP_PKEY_CTX *genctx = NULL;
1358 openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
1359 ECDSA_SECONDS, ECDH_SECONDS,
1360 EdDSA_SECONDS, SM2_SECONDS,
1363 static const unsigned char key32[32] = {
1364 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1365 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1366 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
1367 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
1369 static const unsigned char deskey[] = {
1370 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, /* key1 */
1371 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, /* key2 */
1372 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 /* key3 */
1374 static const struct {
1375 const unsigned char *data;
1376 unsigned int length;
1379 { test512, sizeof(test512), 512 },
1380 { test1024, sizeof(test1024), 1024 },
1381 { test2048, sizeof(test2048), 2048 },
1382 { test3072, sizeof(test3072), 3072 },
1383 { test4096, sizeof(test4096), 4096 },
1384 { test7680, sizeof(test7680), 7680 },
1385 { test15360, sizeof(test15360), 15360 }
1387 uint8_t rsa_doit[RSA_NUM] = { 0 };
1388 int primes = RSA_DEFAULT_PRIME_NUM;
1389 #ifndef OPENSSL_NO_DH
1390 typedef struct ffdh_params_st {
1396 static const FFDH_PARAMS ffdh_params[FFDH_NUM] = {
1397 {"ffdh2048", NID_ffdhe2048, 2048},
1398 {"ffdh3072", NID_ffdhe3072, 3072},
1399 {"ffdh4096", NID_ffdhe4096, 4096},
1400 {"ffdh6144", NID_ffdhe6144, 6144},
1401 {"ffdh8192", NID_ffdhe8192, 8192}
1403 uint8_t ffdh_doit[FFDH_NUM] = { 0 };
1405 #endif /* OPENSSL_NO_DH */
1406 static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
1407 uint8_t dsa_doit[DSA_NUM] = { 0 };
1409 * We only test over the following curves as they are representative, To
1410 * add tests over more curves, simply add the curve NID and curve name to
1411 * the following arrays and increase the |ecdh_choices| and |ecdsa_choices|
1412 * lists accordingly.
1414 static const EC_CURVE ec_curves[EC_NUM] = {
1416 {"secp160r1", NID_secp160r1, 160},
1417 {"nistp192", NID_X9_62_prime192v1, 192},
1418 {"nistp224", NID_secp224r1, 224},
1419 {"nistp256", NID_X9_62_prime256v1, 256},
1420 {"nistp384", NID_secp384r1, 384},
1421 {"nistp521", NID_secp521r1, 521},
1422 #ifndef OPENSSL_NO_EC2M
1424 {"nistk163", NID_sect163k1, 163},
1425 {"nistk233", NID_sect233k1, 233},
1426 {"nistk283", NID_sect283k1, 283},
1427 {"nistk409", NID_sect409k1, 409},
1428 {"nistk571", NID_sect571k1, 571},
1429 {"nistb163", NID_sect163r2, 163},
1430 {"nistb233", NID_sect233r1, 233},
1431 {"nistb283", NID_sect283r1, 283},
1432 {"nistb409", NID_sect409r1, 409},
1433 {"nistb571", NID_sect571r1, 571},
1435 {"brainpoolP256r1", NID_brainpoolP256r1, 256},
1436 {"brainpoolP256t1", NID_brainpoolP256t1, 256},
1437 {"brainpoolP384r1", NID_brainpoolP384r1, 384},
1438 {"brainpoolP384t1", NID_brainpoolP384t1, 384},
1439 {"brainpoolP512r1", NID_brainpoolP512r1, 512},
1440 {"brainpoolP512t1", NID_brainpoolP512t1, 512},
1441 /* Other and ECDH only ones */
1442 {"X25519", NID_X25519, 253},
1443 {"X448", NID_X448, 448}
1445 static const EC_CURVE ed_curves[EdDSA_NUM] = {
1447 {"Ed25519", NID_ED25519, 253, 64},
1448 {"Ed448", NID_ED448, 456, 114}
1450 #ifndef OPENSSL_NO_SM2
1451 static const EC_CURVE sm2_curves[SM2_NUM] = {
1453 {"CurveSM2", NID_sm2, 256}
1455 uint8_t sm2_doit[SM2_NUM] = { 0 };
1457 uint8_t ecdsa_doit[ECDSA_NUM] = { 0 };
1458 uint8_t ecdh_doit[EC_NUM] = { 0 };
1459 uint8_t eddsa_doit[EdDSA_NUM] = { 0 };
1461 /* checks declarated curves against choices list. */
1462 OPENSSL_assert(ed_curves[EdDSA_NUM - 1].nid == NID_ED448);
1463 OPENSSL_assert(strcmp(eddsa_choices[EdDSA_NUM - 1].name, "ed448") == 0);
1465 OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448);
1466 OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0);
1468 OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1);
1469 OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0);
1471 #ifndef OPENSSL_NO_SM2
1472 OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);
1473 OPENSSL_assert(strcmp(sm2_choices[SM2_NUM - 1].name, "curveSM2") == 0);
1476 prog = opt_init(argc, argv, speed_options);
1477 while ((o = opt_next()) != OPT_EOF) {
1482 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
1485 opt_help(speed_options);
1493 BIO_printf(bio_err, "%s: -evp option cannot be used more than once\n", prog);
1497 if (!opt_cipher_silent(opt_arg(), &evp_cipher)) {
1498 if (have_md(opt_arg()))
1499 evp_md_name = opt_arg();
1501 if (evp_cipher == NULL && evp_md_name == NULL) {
1502 ERR_clear_last_mark();
1504 "%s: %s is an unknown cipher or digest\n",
1512 if (!have_md(opt_arg())) {
1513 BIO_printf(bio_err, "%s: %s is an unknown digest\n",
1517 evp_mac_mdname = opt_arg();
1521 if (!have_cipher(opt_arg())) {
1522 BIO_printf(bio_err, "%s: %s is an unknown cipher\n",
1526 evp_mac_ciphername = opt_arg();
1527 doit[D_EVP_CMAC] = 1;
1534 * In a forked execution, an engine might need to be
1535 * initialised by each child process, not by the parent.
1536 * So store the name here and run setup_engine() later on.
1538 engine_id = opt_arg();
1542 multi = atoi(opt_arg());
1546 #ifndef OPENSSL_NO_ASYNC
1547 async_jobs = atoi(opt_arg());
1548 if (!ASYNC_is_capable()) {
1550 "%s: async_jobs specified but async not supported\n",
1554 if (async_jobs > 99999) {
1555 BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
1561 misalign = opt_int_arg();
1562 if (misalign > MISALIGN) {
1564 "%s: Maximum offset is %d\n", prog, MISALIGN);
1573 #ifdef OPENSSL_NO_MULTIBLOCK
1575 "%s: -mb specified but multi-block support is disabled\n",
1584 case OPT_PROV_CASES:
1585 if (!opt_provider(o))
1589 primes = opt_int_arg();
1592 seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
1593 = seconds.ecdh = seconds.eddsa
1594 = seconds.sm2 = seconds.ffdh = atoi(opt_arg());
1597 lengths_single = atoi(opt_arg());
1598 lengths = &lengths_single;
1607 /* Remaining arguments are algorithms. */
1608 argc = opt_num_rest();
1611 if (!app_RAND_load())
1614 for (; *argv; argv++) {
1615 const char *algo = *argv;
1617 if (opt_found(algo, doit_choices, &i)) {
1621 if (strcmp(algo, "des") == 0) {
1622 doit[D_CBC_DES] = doit[D_EDE3_DES] = 1;
1625 if (strcmp(algo, "sha") == 0) {
1626 doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
1629 #ifndef OPENSSL_NO_DEPRECATED_3_0
1630 if (strcmp(algo, "openssl") == 0) /* just for compatibility */
1633 if (strncmp(algo, "rsa", 3) == 0) {
1634 if (algo[3] == '\0') {
1635 memset(rsa_doit, 1, sizeof(rsa_doit));
1638 if (opt_found(algo, rsa_choices, &i)) {
1643 #ifndef OPENSSL_NO_DH
1644 if (strncmp(algo, "ffdh", 4) == 0) {
1645 if (algo[4] == '\0') {
1646 memset(ffdh_doit, 1, sizeof(ffdh_doit));
1649 if (opt_found(algo, ffdh_choices, &i)) {
1655 if (strncmp(algo, "dsa", 3) == 0) {
1656 if (algo[3] == '\0') {
1657 memset(dsa_doit, 1, sizeof(dsa_doit));
1660 if (opt_found(algo, dsa_choices, &i)) {
1665 if (strcmp(algo, "aes") == 0) {
1666 doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1;
1669 if (strcmp(algo, "camellia") == 0) {
1670 doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
1673 if (strncmp(algo, "ecdsa", 5) == 0) {
1674 if (algo[5] == '\0') {
1675 memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
1678 if (opt_found(algo, ecdsa_choices, &i)) {
1683 if (strncmp(algo, "ecdh", 4) == 0) {
1684 if (algo[4] == '\0') {
1685 memset(ecdh_doit, 1, sizeof(ecdh_doit));
1688 if (opt_found(algo, ecdh_choices, &i)) {
1693 if (strcmp(algo, "eddsa") == 0) {
1694 memset(eddsa_doit, 1, sizeof(eddsa_doit));
1697 if (opt_found(algo, eddsa_choices, &i)) {
1701 #ifndef OPENSSL_NO_SM2
1702 if (strcmp(algo, "sm2") == 0) {
1703 memset(sm2_doit, 1, sizeof(sm2_doit));
1706 if (opt_found(algo, sm2_choices, &i)) {
1711 BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, algo);
1717 if (evp_cipher == NULL) {
1718 BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
1720 } else if (!(EVP_CIPHER_get_flags(evp_cipher) &
1721 EVP_CIPH_FLAG_AEAD_CIPHER)) {
1722 BIO_printf(bio_err, "%s is not an AEAD cipher\n",
1723 EVP_CIPHER_get0_name(evp_cipher));
1728 if (evp_cipher == NULL) {
1729 BIO_printf(bio_err, "-mb can be used only with a multi-block"
1730 " capable cipher\n");
1732 } else if (!(EVP_CIPHER_get_flags(evp_cipher) &
1733 EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
1734 BIO_printf(bio_err, "%s is not a multi-block capable\n",
1735 EVP_CIPHER_get0_name(evp_cipher));
1737 } else if (async_jobs > 0) {
1738 BIO_printf(bio_err, "Async mode is not supported with -mb");
1743 /* Initialize the job pool if async mode is enabled */
1744 if (async_jobs > 0) {
1745 async_init = ASYNC_init_thread(async_jobs, async_jobs);
1747 BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
1752 loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
1754 app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
1755 memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
1757 for (i = 0; i < loopargs_len; i++) {
1758 if (async_jobs > 0) {
1759 loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new();
1760 if (loopargs[i].wait_ctx == NULL) {
1761 BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n");
1766 buflen = lengths[size_num - 1];
1767 if (buflen < 36) /* size of random vector in RSA benchmark */
1769 buflen += MAX_MISALIGNMENT + 1;
1770 loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
1771 loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
1772 memset(loopargs[i].buf_malloc, 0, buflen);
1773 memset(loopargs[i].buf2_malloc, 0, buflen);
1775 /* Align the start of buffers on a 64 byte boundary */
1776 loopargs[i].buf = loopargs[i].buf_malloc + misalign;
1777 loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
1778 loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
1779 loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
1780 #ifndef OPENSSL_NO_DH
1781 loopargs[i].secret_ff_a = app_malloc(MAX_FFDH_SIZE, "FFDH secret a");
1782 loopargs[i].secret_ff_b = app_malloc(MAX_FFDH_SIZE, "FFDH secret b");
1787 if (multi && do_multi(multi, size_num))
1791 /* Initialize the engine after the fork */
1792 e = setup_engine(engine_id, 0);
1794 /* No parameters; turn on everything. */
1795 if (argc == 0 && !doit[D_EVP] && !doit[D_HMAC] && !doit[D_EVP_CMAC]) {
1796 memset(doit, 1, sizeof(doit));
1797 doit[D_EVP] = doit[D_EVP_CMAC] = 0;
1799 for (i = D_MD2; i <= D_WHIRLPOOL; i++) {
1800 if (!have_md(names[i]))
1803 for (i = D_CBC_DES; i <= D_CBC_256_CML; i++) {
1804 if (!have_cipher(names[i]))
1807 if ((mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC",
1808 app_get0_propq())) != NULL) {
1814 if ((mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC",
1815 app_get0_propq())) != NULL) {
1822 memset(rsa_doit, 1, sizeof(rsa_doit));
1823 #ifndef OPENSSL_NO_DH
1824 memset(ffdh_doit, 1, sizeof(ffdh_doit));
1826 memset(dsa_doit, 1, sizeof(dsa_doit));
1827 memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
1828 memset(ecdh_doit, 1, sizeof(ecdh_doit));
1829 memset(eddsa_doit, 1, sizeof(eddsa_doit));
1830 #ifndef OPENSSL_NO_SM2
1831 memset(sm2_doit, 1, sizeof(sm2_doit));
1834 for (i = 0; i < ALGOR_NUM; i++)
1838 if (usertime == 0 && !mr)
1840 "You have chosen to measure elapsed time "
1841 "instead of user CPU time.\n");
1844 signal(SIGALRM, alarmed);
1848 for (testnum = 0; testnum < size_num; testnum++) {
1849 print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum],
1852 count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
1854 print_result(D_MD2, testnum, count, d);
1861 for (testnum = 0; testnum < size_num; testnum++) {
1862 print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum],
1865 count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
1867 print_result(D_MDC2, testnum, count, d);
1874 for (testnum = 0; testnum < size_num; testnum++) {
1875 print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum],
1878 count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
1880 print_result(D_MD4, testnum, count, d);
1887 for (testnum = 0; testnum < size_num; testnum++) {
1888 print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum],
1891 count = run_benchmark(async_jobs, MD5_loop, loopargs);
1893 print_result(D_MD5, testnum, count, d);
1900 for (testnum = 0; testnum < size_num; testnum++) {
1901 print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum],
1904 count = run_benchmark(async_jobs, SHA1_loop, loopargs);
1906 print_result(D_SHA1, testnum, count, d);
1912 if (doit[D_SHA256]) {
1913 for (testnum = 0; testnum < size_num; testnum++) {
1914 print_message(names[D_SHA256], c[D_SHA256][testnum],
1915 lengths[testnum], seconds.sym);
1917 count = run_benchmark(async_jobs, SHA256_loop, loopargs);
1919 print_result(D_SHA256, testnum, count, d);
1925 if (doit[D_SHA512]) {
1926 for (testnum = 0; testnum < size_num; testnum++) {
1927 print_message(names[D_SHA512], c[D_SHA512][testnum],
1928 lengths[testnum], seconds.sym);
1930 count = run_benchmark(async_jobs, SHA512_loop, loopargs);
1932 print_result(D_SHA512, testnum, count, d);
1938 if (doit[D_WHIRLPOOL]) {
1939 for (testnum = 0; testnum < size_num; testnum++) {
1940 print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum],
1941 lengths[testnum], seconds.sym);
1943 count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
1945 print_result(D_WHIRLPOOL, testnum, count, d);
1951 if (doit[D_RMD160]) {
1952 for (testnum = 0; testnum < size_num; testnum++) {
1953 print_message(names[D_RMD160], c[D_RMD160][testnum],
1954 lengths[testnum], seconds.sym);
1956 count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
1958 print_result(D_RMD160, testnum, count, d);
1965 static const char hmac_key[] = "This is a key...";
1966 int len = strlen(hmac_key);
1967 OSSL_PARAM params[3];
1969 mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC", app_get0_propq());
1970 if (mac == NULL || evp_mac_mdname == NULL)
1973 evp_hmac_name = app_malloc(sizeof("hmac()") + strlen(evp_mac_mdname),
1975 sprintf(evp_hmac_name, "hmac(%s)", evp_mac_mdname);
1976 names[D_HMAC] = evp_hmac_name;
1979 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
1982 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
1983 (char *)hmac_key, len);
1984 params[2] = OSSL_PARAM_construct_end();
1986 for (i = 0; i < loopargs_len; i++) {
1987 loopargs[i].mctx = EVP_MAC_CTX_new(mac);
1988 if (loopargs[i].mctx == NULL)
1991 if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
1994 for (testnum = 0; testnum < size_num; testnum++) {
1995 print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
1998 count = run_benchmark(async_jobs, HMAC_loop, loopargs);
2000 print_result(D_HMAC, testnum, count, d);
2004 for (i = 0; i < loopargs_len; i++)
2005 EVP_MAC_CTX_free(loopargs[i].mctx);
2010 if (doit[D_CBC_DES]) {
2013 for (i = 0; st && i < loopargs_len; i++) {
2014 loopargs[i].ctx = init_evp_cipher_ctx("des-cbc", deskey,
2015 sizeof(deskey) / 3);
2016 st = loopargs[i].ctx != NULL;
2018 algindex = D_CBC_DES;
2019 for (testnum = 0; st && testnum < size_num; testnum++) {
2020 print_message(names[D_CBC_DES], c[D_CBC_DES][testnum],
2021 lengths[testnum], seconds.sym);
2023 count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2025 print_result(D_CBC_DES, testnum, count, d);
2027 for (i = 0; i < loopargs_len; i++)
2028 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2031 if (doit[D_EDE3_DES]) {
2034 for (i = 0; st && i < loopargs_len; i++) {
2035 loopargs[i].ctx = init_evp_cipher_ctx("des-ede3-cbc", deskey,
2037 st = loopargs[i].ctx != NULL;
2039 algindex = D_EDE3_DES;
2040 for (testnum = 0; st && testnum < size_num; testnum++) {
2041 print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum],
2042 lengths[testnum], seconds.sym);
2045 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2047 print_result(D_EDE3_DES, testnum, count, d);
2049 for (i = 0; i < loopargs_len; i++)
2050 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2053 for (k = 0; k < 3; k++) {
2054 algindex = D_CBC_128_AES + k;
2055 if (doit[algindex]) {
2058 keylen = 16 + k * 8;
2059 for (i = 0; st && i < loopargs_len; i++) {
2060 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2062 st = loopargs[i].ctx != NULL;
2065 for (testnum = 0; st && testnum < size_num; testnum++) {
2066 print_message(names[algindex], c[algindex][testnum],
2067 lengths[testnum], seconds.sym);
2070 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2072 print_result(algindex, testnum, count, d);
2074 for (i = 0; i < loopargs_len; i++)
2075 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2079 for (k = 0; k < 3; k++) {
2080 algindex = D_CBC_128_CML + k;
2081 if (doit[algindex]) {
2084 keylen = 16 + k * 8;
2085 for (i = 0; st && i < loopargs_len; i++) {
2086 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2088 st = loopargs[i].ctx != NULL;
2091 for (testnum = 0; st && testnum < size_num; testnum++) {
2092 print_message(names[algindex], c[algindex][testnum],
2093 lengths[testnum], seconds.sym);
2096 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2098 print_result(algindex, testnum, count, d);
2100 for (i = 0; i < loopargs_len; i++)
2101 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2105 for (algindex = D_RC4; algindex <= D_CBC_CAST; algindex++) {
2106 if (doit[algindex]) {
2110 for (i = 0; st && i < loopargs_len; i++) {
2111 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2113 st = loopargs[i].ctx != NULL;
2116 for (testnum = 0; st && testnum < size_num; testnum++) {
2117 print_message(names[algindex], c[algindex][testnum],
2118 lengths[testnum], seconds.sym);
2121 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2123 print_result(algindex, testnum, count, d);
2125 for (i = 0; i < loopargs_len; i++)
2126 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2129 if (doit[D_GHASH]) {
2130 static const char gmac_iv[] = "0123456789ab";
2131 OSSL_PARAM params[3];
2133 mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC", app_get0_propq());
2137 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
2139 params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
2141 sizeof(gmac_iv) - 1);
2142 params[2] = OSSL_PARAM_construct_end();
2144 for (i = 0; i < loopargs_len; i++) {
2145 loopargs[i].mctx = EVP_MAC_CTX_new(mac);
2146 if (loopargs[i].mctx == NULL)
2149 if (!EVP_MAC_init(loopargs[i].mctx, key32, 16, params))
2152 for (testnum = 0; testnum < size_num; testnum++) {
2153 print_message(names[D_GHASH], c[D_GHASH][testnum], lengths[testnum],
2156 count = run_benchmark(async_jobs, GHASH_loop, loopargs);
2158 print_result(D_GHASH, testnum, count, d);
2162 for (i = 0; i < loopargs_len; i++)
2163 EVP_MAC_CTX_free(loopargs[i].mctx);
2169 for (testnum = 0; testnum < size_num; testnum++) {
2170 print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum],
2173 count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs);
2175 print_result(D_RAND, testnum, count, d);
2180 if (evp_cipher != NULL) {
2181 int (*loopfunc) (void *) = EVP_Update_loop;
2183 if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) &
2184 EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
2185 multiblock_speed(evp_cipher, lengths_single, &seconds);
2190 names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher);
2192 if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
2193 loopfunc = EVP_Update_loop_ccm;
2194 } else if (aead && (EVP_CIPHER_get_flags(evp_cipher) &
2195 EVP_CIPH_FLAG_AEAD_CIPHER)) {
2196 loopfunc = EVP_Update_loop_aead;
2197 if (lengths == lengths_list) {
2198 lengths = aead_lengths_list;
2199 size_num = OSSL_NELEM(aead_lengths_list);
2203 for (testnum = 0; testnum < size_num; testnum++) {
2204 print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
2207 for (k = 0; k < loopargs_len; k++) {
2208 loopargs[k].ctx = EVP_CIPHER_CTX_new();
2209 if (loopargs[k].ctx == NULL) {
2210 BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
2213 if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL,
2214 NULL, iv, decrypt ? 0 : 1)) {
2215 BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
2216 ERR_print_errors(bio_err);
2220 EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
2222 keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx);
2223 loopargs[k].key = app_malloc(keylen, "evp_cipher key");
2224 EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
2225 if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
2226 loopargs[k].key, NULL, -1)) {
2227 BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
2228 ERR_print_errors(bio_err);
2231 OPENSSL_clear_free(loopargs[k].key, keylen);
2233 /* SIV mode only allows for a single Update operation */
2234 if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_SIV_MODE)
2235 (void)EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
2236 EVP_CTRL_SET_SPEED, 1, NULL);
2240 count = run_benchmark(async_jobs, loopfunc, loopargs);
2242 for (k = 0; k < loopargs_len; k++)
2243 EVP_CIPHER_CTX_free(loopargs[k].ctx);
2244 print_result(D_EVP, testnum, count, d);
2246 } else if (evp_md_name != NULL) {
2247 names[D_EVP] = evp_md_name;
2249 for (testnum = 0; testnum < size_num; testnum++) {
2250 print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
2253 count = run_benchmark(async_jobs, EVP_Digest_md_loop, loopargs);
2255 print_result(D_EVP, testnum, count, d);
2262 if (doit[D_EVP_CMAC]) {
2263 OSSL_PARAM params[3];
2264 EVP_CIPHER *cipher = NULL;
2266 mac = EVP_MAC_fetch(app_get0_libctx(), "CMAC", app_get0_propq());
2267 if (mac == NULL || evp_mac_ciphername == NULL)
2269 if (!opt_cipher(evp_mac_ciphername, &cipher))
2272 keylen = EVP_CIPHER_get_key_length(cipher);
2273 EVP_CIPHER_free(cipher);
2274 if (keylen <= 0 || keylen > (int)sizeof(key32)) {
2275 BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n");
2278 evp_cmac_name = app_malloc(sizeof("cmac()")
2279 + strlen(evp_mac_ciphername), "CMAC name");
2280 sprintf(evp_cmac_name, "cmac(%s)", evp_mac_ciphername);
2281 names[D_EVP_CMAC] = evp_cmac_name;
2283 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
2284 evp_mac_ciphername, 0);
2285 params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
2286 (char *)key32, keylen);
2287 params[2] = OSSL_PARAM_construct_end();
2289 for (i = 0; i < loopargs_len; i++) {
2290 loopargs[i].mctx = EVP_MAC_CTX_new(mac);
2291 if (loopargs[i].mctx == NULL)
2294 if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
2298 for (testnum = 0; testnum < size_num; testnum++) {
2299 print_message(names[D_EVP_CMAC], c[D_EVP_CMAC][testnum],
2300 lengths[testnum], seconds.sym);
2302 count = run_benchmark(async_jobs, CMAC_loop, loopargs);
2304 print_result(D_EVP_CMAC, testnum, count, d);
2308 for (i = 0; i < loopargs_len; i++)
2309 EVP_MAC_CTX_free(loopargs[i].mctx);
2314 for (i = 0; i < loopargs_len; i++)
2315 if (RAND_bytes(loopargs[i].buf, 36) <= 0)
2318 for (testnum = 0; testnum < RSA_NUM; testnum++) {
2319 EVP_PKEY *rsa_key = NULL;
2322 if (!rsa_doit[testnum])
2325 if (primes > RSA_DEFAULT_PRIME_NUM) {
2326 /* we haven't set keys yet, generate multi-prime RSA keys */
2329 && BN_set_word(bn, RSA_F4)
2330 && init_gen_str(&genctx, "RSA", NULL, 0, NULL, NULL)
2331 && EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, rsa_keys[testnum].bits) > 0
2332 && EVP_PKEY_CTX_set1_rsa_keygen_pubexp(genctx, bn) > 0
2333 && EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) > 0
2334 && EVP_PKEY_keygen(genctx, &rsa_key);
2337 EVP_PKEY_CTX_free(genctx);
2340 const unsigned char *p = rsa_keys[testnum].data;
2342 st = (rsa_key = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p,
2343 rsa_keys[testnum].length)) != NULL;
2346 for (i = 0; st && i < loopargs_len; i++) {
2347 loopargs[i].rsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL);
2348 if (loopargs[i].rsa_sign_ctx[testnum] == NULL
2349 || EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0
2350 || EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum],
2352 &loopargs[i].sigsize,
2353 loopargs[i].buf, 36) <= 0)
2358 "RSA sign setup failure. No RSA sign will be done.\n");
2359 ERR_print_errors(bio_err);
2362 pkey_print_message("private", "rsa",
2363 rsa_c[testnum][0], rsa_keys[testnum].bits,
2365 /* RSA_blinding_on(rsa_key[testnum],NULL); */
2367 count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
2370 mr ? "+R1:%ld:%d:%.2f\n"
2371 : "%ld %u bits private RSA's in %.2fs\n",
2372 count, rsa_keys[testnum].bits, d);
2373 rsa_results[testnum][0] = (double)count / d;
2377 for (i = 0; st && i < loopargs_len; i++) {
2378 loopargs[i].rsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key,
2380 if (loopargs[i].rsa_verify_ctx[testnum] == NULL
2381 || EVP_PKEY_verify_init(loopargs[i].rsa_verify_ctx[testnum]) <= 0
2382 || EVP_PKEY_verify(loopargs[i].rsa_verify_ctx[testnum],
2384 loopargs[i].sigsize,
2385 loopargs[i].buf, 36) <= 0)
2390 "RSA verify setup failure. No RSA verify will be done.\n");
2391 ERR_print_errors(bio_err);
2392 rsa_doit[testnum] = 0;
2394 pkey_print_message("public", "rsa",
2395 rsa_c[testnum][1], rsa_keys[testnum].bits,
2398 count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
2401 mr ? "+R2:%ld:%d:%.2f\n"
2402 : "%ld %u bits public RSA's in %.2fs\n",
2403 count, rsa_keys[testnum].bits, d);
2404 rsa_results[testnum][1] = (double)count / d;
2407 if (op_count <= 1) {
2408 /* if longer than 10s, don't do any more */
2409 stop_it(rsa_doit, testnum);
2411 EVP_PKEY_free(rsa_key);
2414 for (testnum = 0; testnum < DSA_NUM; testnum++) {
2415 EVP_PKEY *dsa_key = NULL;
2418 if (!dsa_doit[testnum])
2421 st = (dsa_key = get_dsa(dsa_bits[testnum])) != NULL;
2423 for (i = 0; st && i < loopargs_len; i++) {
2424 loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
2426 if (loopargs[i].dsa_sign_ctx[testnum] == NULL
2427 || EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0
2429 || EVP_PKEY_sign(loopargs[i].dsa_sign_ctx[testnum],
2431 &loopargs[i].sigsize,
2432 loopargs[i].buf, 20) <= 0)
2437 "DSA sign setup failure. No DSA sign will be done.\n");
2438 ERR_print_errors(bio_err);
2441 pkey_print_message("sign", "dsa",
2442 dsa_c[testnum][0], dsa_bits[testnum],
2445 count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
2448 mr ? "+R3:%ld:%u:%.2f\n"
2449 : "%ld %u bits DSA signs in %.2fs\n",
2450 count, dsa_bits[testnum], d);
2451 dsa_results[testnum][0] = (double)count / d;
2455 for (i = 0; st && i < loopargs_len; i++) {
2456 loopargs[i].dsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
2458 if (loopargs[i].dsa_verify_ctx[testnum] == NULL
2459 || EVP_PKEY_verify_init(loopargs[i].dsa_verify_ctx[testnum]) <= 0
2460 || EVP_PKEY_verify(loopargs[i].dsa_verify_ctx[testnum],
2462 loopargs[i].sigsize,
2463 loopargs[i].buf, 36) <= 0)
2468 "DSA verify setup failure. No DSA verify will be done.\n");
2469 ERR_print_errors(bio_err);
2470 dsa_doit[testnum] = 0;
2472 pkey_print_message("verify", "dsa",
2473 dsa_c[testnum][1], dsa_bits[testnum],
2476 count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
2479 mr ? "+R4:%ld:%u:%.2f\n"
2480 : "%ld %u bits DSA verify in %.2fs\n",
2481 count, dsa_bits[testnum], d);
2482 dsa_results[testnum][1] = (double)count / d;
2485 if (op_count <= 1) {
2486 /* if longer than 10s, don't do any more */
2487 stop_it(dsa_doit, testnum);
2489 EVP_PKEY_free(dsa_key);
2492 for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
2493 EVP_PKEY *ecdsa_key = NULL;
2496 if (!ecdsa_doit[testnum])
2499 st = (ecdsa_key = get_ecdsa(&ec_curves[testnum])) != NULL;
2501 for (i = 0; st && i < loopargs_len; i++) {
2502 loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
2504 if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL
2505 || EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0
2507 || EVP_PKEY_sign(loopargs[i].ecdsa_sign_ctx[testnum],
2509 &loopargs[i].sigsize,
2510 loopargs[i].buf, 20) <= 0)
2515 "ECDSA sign setup failure. No ECDSA sign will be done.\n");
2516 ERR_print_errors(bio_err);
2519 pkey_print_message("sign", "ecdsa",
2520 ecdsa_c[testnum][0], ec_curves[testnum].bits,
2523 count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
2526 mr ? "+R5:%ld:%u:%.2f\n"
2527 : "%ld %u bits ECDSA signs in %.2fs\n",
2528 count, ec_curves[testnum].bits, d);
2529 ecdsa_results[testnum][0] = (double)count / d;
2533 for (i = 0; st && i < loopargs_len; i++) {
2534 loopargs[i].ecdsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
2536 if (loopargs[i].ecdsa_verify_ctx[testnum] == NULL
2537 || EVP_PKEY_verify_init(loopargs[i].ecdsa_verify_ctx[testnum]) <= 0
2538 || EVP_PKEY_verify(loopargs[i].ecdsa_verify_ctx[testnum],
2540 loopargs[i].sigsize,
2541 loopargs[i].buf, 20) <= 0)
2546 "ECDSA verify setup failure. No ECDSA verify will be done.\n");
2547 ERR_print_errors(bio_err);
2548 ecdsa_doit[testnum] = 0;
2550 pkey_print_message("verify", "ecdsa",
2551 ecdsa_c[testnum][1], ec_curves[testnum].bits,
2554 count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
2557 mr ? "+R6:%ld:%u:%.2f\n"
2558 : "%ld %u bits ECDSA verify in %.2fs\n",
2559 count, ec_curves[testnum].bits, d);
2560 ecdsa_results[testnum][1] = (double)count / d;
2563 if (op_count <= 1) {
2564 /* if longer than 10s, don't do any more */
2565 stop_it(ecdsa_doit, testnum);
2569 for (testnum = 0; testnum < EC_NUM; testnum++) {
2570 int ecdh_checks = 1;
2572 if (!ecdh_doit[testnum])
2575 for (i = 0; i < loopargs_len; i++) {
2576 EVP_PKEY_CTX *test_ctx = NULL;
2577 EVP_PKEY_CTX *ctx = NULL;
2578 EVP_PKEY *key_A = NULL;
2579 EVP_PKEY *key_B = NULL;
2583 if ((key_A = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key A */
2584 || (key_B = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key B */
2585 || (ctx = EVP_PKEY_CTX_new(key_A, NULL)) == NULL /* derivation ctx from skeyA */
2586 || EVP_PKEY_derive_init(ctx) <= 0 /* init derivation ctx */
2587 || EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 /* set peer pubkey in ctx */
2588 || EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 /* determine max length */
2589 || outlen == 0 /* ensure outlen is a valid size */
2590 || outlen > MAX_ECDH_SIZE /* avoid buffer overflow */) {
2592 BIO_printf(bio_err, "ECDH key generation failure.\n");
2593 ERR_print_errors(bio_err);
2599 * Here we perform a test run, comparing the output of a*B and b*A;
2600 * we try this here and assume that further EVP_PKEY_derive calls
2601 * never fail, so we can skip checks in the actually benchmarked
2602 * code, for maximum performance.
2604 if ((test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) == NULL /* test ctx from skeyB */
2605 || !EVP_PKEY_derive_init(test_ctx) /* init derivation test_ctx */
2606 || !EVP_PKEY_derive_set_peer(test_ctx, key_A) /* set peer pubkey in test_ctx */
2607 || !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) /* determine max length */
2608 || !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) /* compute a*B */
2609 || !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) /* compute b*A */
2610 || test_outlen != outlen /* compare output length */) {
2612 BIO_printf(bio_err, "ECDH computation failure.\n");
2613 ERR_print_errors(bio_err);
2618 /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
2619 if (CRYPTO_memcmp(loopargs[i].secret_a,
2620 loopargs[i].secret_b, outlen)) {
2622 BIO_printf(bio_err, "ECDH computations don't match.\n");
2623 ERR_print_errors(bio_err);
2628 loopargs[i].ecdh_ctx[testnum] = ctx;
2629 loopargs[i].outlen[testnum] = outlen;
2631 EVP_PKEY_free(key_A);
2632 EVP_PKEY_free(key_B);
2633 EVP_PKEY_CTX_free(test_ctx);
2636 if (ecdh_checks != 0) {
2637 pkey_print_message("", "ecdh",
2639 ec_curves[testnum].bits, seconds.ecdh);
2642 run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
2645 mr ? "+R7:%ld:%d:%.2f\n" :
2646 "%ld %u-bits ECDH ops in %.2fs\n", count,
2647 ec_curves[testnum].bits, d);
2648 ecdh_results[testnum][0] = (double)count / d;
2652 if (op_count <= 1) {
2653 /* if longer than 10s, don't do any more */
2654 stop_it(ecdh_doit, testnum);
2658 for (testnum = 0; testnum < EdDSA_NUM; testnum++) {
2660 EVP_PKEY *ed_pkey = NULL;
2661 EVP_PKEY_CTX *ed_pctx = NULL;
2663 if (!eddsa_doit[testnum])
2664 continue; /* Ignore Curve */
2665 for (i = 0; i < loopargs_len; i++) {
2666 loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new();
2667 if (loopargs[i].eddsa_ctx[testnum] == NULL) {
2671 loopargs[i].eddsa_ctx2[testnum] = EVP_MD_CTX_new();
2672 if (loopargs[i].eddsa_ctx2[testnum] == NULL) {
2677 if ((ed_pctx = EVP_PKEY_CTX_new_id(ed_curves[testnum].nid,
2679 || EVP_PKEY_keygen_init(ed_pctx) <= 0
2680 || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) {
2682 EVP_PKEY_CTX_free(ed_pctx);
2685 EVP_PKEY_CTX_free(ed_pctx);
2687 if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL,
2690 EVP_PKEY_free(ed_pkey);
2693 if (!EVP_DigestVerifyInit(loopargs[i].eddsa_ctx2[testnum], NULL,
2694 NULL, NULL, ed_pkey)) {
2696 EVP_PKEY_free(ed_pkey);
2700 EVP_PKEY_free(ed_pkey);
2704 BIO_printf(bio_err, "EdDSA failure.\n");
2705 ERR_print_errors(bio_err);
2708 for (i = 0; i < loopargs_len; i++) {
2709 /* Perform EdDSA signature test */
2710 loopargs[i].sigsize = ed_curves[testnum].sigsize;
2711 st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum],
2712 loopargs[i].buf2, &loopargs[i].sigsize,
2713 loopargs[i].buf, 20);
2719 "EdDSA sign failure. No EdDSA sign will be done.\n");
2720 ERR_print_errors(bio_err);
2723 pkey_print_message("sign", ed_curves[testnum].name,
2724 eddsa_c[testnum][0],
2725 ed_curves[testnum].bits, seconds.eddsa);
2727 count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs);
2731 mr ? "+R8:%ld:%u:%s:%.2f\n" :
2732 "%ld %u bits %s signs in %.2fs \n",
2733 count, ed_curves[testnum].bits,
2734 ed_curves[testnum].name, d);
2735 eddsa_results[testnum][0] = (double)count / d;
2738 /* Perform EdDSA verification test */
2739 for (i = 0; i < loopargs_len; i++) {
2740 st = EVP_DigestVerify(loopargs[i].eddsa_ctx2[testnum],
2741 loopargs[i].buf2, loopargs[i].sigsize,
2742 loopargs[i].buf, 20);
2748 "EdDSA verify failure. No EdDSA verify will be done.\n");
2749 ERR_print_errors(bio_err);
2750 eddsa_doit[testnum] = 0;
2752 pkey_print_message("verify", ed_curves[testnum].name,
2753 eddsa_c[testnum][1],
2754 ed_curves[testnum].bits, seconds.eddsa);
2756 count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs);
2759 mr ? "+R9:%ld:%u:%s:%.2f\n"
2760 : "%ld %u bits %s verify in %.2fs\n",
2761 count, ed_curves[testnum].bits,
2762 ed_curves[testnum].name, d);
2763 eddsa_results[testnum][1] = (double)count / d;
2766 if (op_count <= 1) {
2767 /* if longer than 10s, don't do any more */
2768 stop_it(eddsa_doit, testnum);
2773 #ifndef OPENSSL_NO_SM2
2774 for (testnum = 0; testnum < SM2_NUM; testnum++) {
2776 EVP_PKEY *sm2_pkey = NULL;
2778 if (!sm2_doit[testnum])
2779 continue; /* Ignore Curve */
2780 /* Init signing and verification */
2781 for (i = 0; i < loopargs_len; i++) {
2782 EVP_PKEY_CTX *sm2_pctx = NULL;
2783 EVP_PKEY_CTX *sm2_vfy_pctx = NULL;
2784 EVP_PKEY_CTX *pctx = NULL;
2787 loopargs[i].sm2_ctx[testnum] = EVP_MD_CTX_new();
2788 loopargs[i].sm2_vfy_ctx[testnum] = EVP_MD_CTX_new();
2789 if (loopargs[i].sm2_ctx[testnum] == NULL
2790 || loopargs[i].sm2_vfy_ctx[testnum] == NULL)
2795 st = !((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL)) == NULL
2796 || EVP_PKEY_keygen_init(pctx) <= 0
2797 || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
2798 sm2_curves[testnum].nid) <= 0
2799 || EVP_PKEY_keygen(pctx, &sm2_pkey) <= 0);
2800 EVP_PKEY_CTX_free(pctx);
2804 st = 0; /* set back to zero */
2805 /* attach it sooner to rely on main final cleanup */
2806 loopargs[i].sm2_pkey[testnum] = sm2_pkey;
2807 loopargs[i].sigsize = EVP_PKEY_get_size(sm2_pkey);
2809 sm2_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
2810 sm2_vfy_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
2811 if (sm2_pctx == NULL || sm2_vfy_pctx == NULL) {
2812 EVP_PKEY_CTX_free(sm2_vfy_pctx);
2816 /* attach them directly to respective ctx */
2817 EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_ctx[testnum], sm2_pctx);
2818 EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_vfy_ctx[testnum], sm2_vfy_pctx);
2821 * No need to allow user to set an explicit ID here, just use
2822 * the one defined in the 'draft-yang-tls-tl13-sm-suites' I-D.
2824 if (EVP_PKEY_CTX_set1_id(sm2_pctx, SM2_ID, SM2_ID_LEN) != 1
2825 || EVP_PKEY_CTX_set1_id(sm2_vfy_pctx, SM2_ID, SM2_ID_LEN) != 1)
2828 if (!EVP_DigestSignInit(loopargs[i].sm2_ctx[testnum], NULL,
2829 EVP_sm3(), NULL, sm2_pkey))
2831 if (!EVP_DigestVerifyInit(loopargs[i].sm2_vfy_ctx[testnum], NULL,
2832 EVP_sm3(), NULL, sm2_pkey))
2834 st = 1; /* mark loop as succeeded */
2837 BIO_printf(bio_err, "SM2 init failure.\n");
2838 ERR_print_errors(bio_err);
2841 for (i = 0; i < loopargs_len; i++) {
2842 /* Perform SM2 signature test */
2843 st = EVP_DigestSign(loopargs[i].sm2_ctx[testnum],
2844 loopargs[i].buf2, &loopargs[i].sigsize,
2845 loopargs[i].buf, 20);
2851 "SM2 sign failure. No SM2 sign will be done.\n");
2852 ERR_print_errors(bio_err);
2855 pkey_print_message("sign", sm2_curves[testnum].name,
2857 sm2_curves[testnum].bits, seconds.sm2);
2859 count = run_benchmark(async_jobs, SM2_sign_loop, loopargs);
2863 mr ? "+R10:%ld:%u:%s:%.2f\n" :
2864 "%ld %u bits %s signs in %.2fs \n",
2865 count, sm2_curves[testnum].bits,
2866 sm2_curves[testnum].name, d);
2867 sm2_results[testnum][0] = (double)count / d;
2871 /* Perform SM2 verification test */
2872 for (i = 0; i < loopargs_len; i++) {
2873 st = EVP_DigestVerify(loopargs[i].sm2_vfy_ctx[testnum],
2874 loopargs[i].buf2, loopargs[i].sigsize,
2875 loopargs[i].buf, 20);
2881 "SM2 verify failure. No SM2 verify will be done.\n");
2882 ERR_print_errors(bio_err);
2883 sm2_doit[testnum] = 0;
2885 pkey_print_message("verify", sm2_curves[testnum].name,
2887 sm2_curves[testnum].bits, seconds.sm2);
2889 count = run_benchmark(async_jobs, SM2_verify_loop, loopargs);
2892 mr ? "+R11:%ld:%u:%s:%.2f\n"
2893 : "%ld %u bits %s verify in %.2fs\n",
2894 count, sm2_curves[testnum].bits,
2895 sm2_curves[testnum].name, d);
2896 sm2_results[testnum][1] = (double)count / d;
2899 if (op_count <= 1) {
2900 /* if longer than 10s, don't do any more */
2901 for (testnum++; testnum < SM2_NUM; testnum++)
2902 sm2_doit[testnum] = 0;
2906 #endif /* OPENSSL_NO_SM2 */
2908 #ifndef OPENSSL_NO_DH
2909 for (testnum = 0; testnum < FFDH_NUM; testnum++) {
2910 int ffdh_checks = 1;
2912 if (!ffdh_doit[testnum])
2915 for (i = 0; i < loopargs_len; i++) {
2916 EVP_PKEY *pkey_A = NULL;
2917 EVP_PKEY *pkey_B = NULL;
2918 EVP_PKEY_CTX *ffdh_ctx = NULL;
2919 EVP_PKEY_CTX *test_ctx = NULL;
2923 /* Ensure that the error queue is empty */
2924 if (ERR_peek_error()) {
2926 "WARNING: the error queue contains previous unhandled errors.\n");
2927 ERR_print_errors(bio_err);
2930 pkey_A = EVP_PKEY_new();
2932 BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
2933 ERR_print_errors(bio_err);
2938 pkey_B = EVP_PKEY_new();
2940 BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
2941 ERR_print_errors(bio_err);
2947 ffdh_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
2949 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
2950 ERR_print_errors(bio_err);
2956 if (EVP_PKEY_keygen_init(ffdh_ctx) <= 0) {
2957 BIO_printf(bio_err, "Error while initialising EVP_PKEY_CTX.\n");
2958 ERR_print_errors(bio_err);
2963 if (EVP_PKEY_CTX_set_dh_nid(ffdh_ctx, ffdh_params[testnum].nid) <= 0) {
2964 BIO_printf(bio_err, "Error setting DH key size for keygen.\n");
2965 ERR_print_errors(bio_err);
2971 if (EVP_PKEY_keygen(ffdh_ctx, &pkey_A) <= 0 ||
2972 EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) {
2973 BIO_printf(bio_err, "FFDH key generation failure.\n");
2974 ERR_print_errors(bio_err);
2980 EVP_PKEY_CTX_free(ffdh_ctx);
2983 * check if the derivation works correctly both ways so that
2984 * we know if future derive calls will fail, and we can skip
2985 * error checking in benchmarked code
2987 ffdh_ctx = EVP_PKEY_CTX_new(pkey_A, NULL);
2988 if (ffdh_ctx == NULL) {
2989 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
2990 ERR_print_errors(bio_err);
2995 if (EVP_PKEY_derive_init(ffdh_ctx) <= 0) {
2996 BIO_printf(bio_err, "FFDH derivation context init failure.\n");
2997 ERR_print_errors(bio_err);
3002 if (EVP_PKEY_derive_set_peer(ffdh_ctx, pkey_B) <= 0) {
3003 BIO_printf(bio_err, "Assigning peer key for derivation failed.\n");
3004 ERR_print_errors(bio_err);
3009 if (EVP_PKEY_derive(ffdh_ctx, NULL, &secret_size) <= 0) {
3010 BIO_printf(bio_err, "Checking size of shared secret failed.\n");
3011 ERR_print_errors(bio_err);
3016 if (secret_size > MAX_FFDH_SIZE) {
3017 BIO_printf(bio_err, "Assertion failure: shared secret too large.\n");
3022 if (EVP_PKEY_derive(ffdh_ctx,
3023 loopargs[i].secret_ff_a,
3024 &secret_size) <= 0) {
3025 BIO_printf(bio_err, "Shared secret derive failure.\n");
3026 ERR_print_errors(bio_err);
3031 /* Now check from side B */
3032 test_ctx = EVP_PKEY_CTX_new(pkey_B, NULL);
3034 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
3035 ERR_print_errors(bio_err);
3040 if (!EVP_PKEY_derive_init(test_ctx) ||
3041 !EVP_PKEY_derive_set_peer(test_ctx, pkey_A) ||
3042 !EVP_PKEY_derive(test_ctx, NULL, &test_out) ||
3043 !EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) ||
3044 test_out != secret_size) {
3045 BIO_printf(bio_err, "FFDH computation failure.\n");
3051 /* compare the computed secrets */
3052 if (CRYPTO_memcmp(loopargs[i].secret_ff_a,
3053 loopargs[i].secret_ff_b, secret_size)) {
3054 BIO_printf(bio_err, "FFDH computations don't match.\n");
3055 ERR_print_errors(bio_err);
3061 loopargs[i].ffdh_ctx[testnum] = ffdh_ctx;
3063 EVP_PKEY_free(pkey_A);
3065 EVP_PKEY_free(pkey_B);
3067 EVP_PKEY_CTX_free(test_ctx);
3070 if (ffdh_checks != 0) {
3071 pkey_print_message("", "ffdh", ffdh_c[testnum][0],
3072 ffdh_params[testnum].bits, seconds.ffdh);
3075 run_benchmark(async_jobs, FFDH_derive_key_loop, loopargs);
3078 mr ? "+R12:%ld:%d:%.2f\n" :
3079 "%ld %u-bits FFDH ops in %.2fs\n", count,
3080 ffdh_params[testnum].bits, d);
3081 ffdh_results[testnum][0] = (double)count / d;
3084 if (op_count <= 1) {
3085 /* if longer than 10s, don't do any more */
3086 stop_it(ffdh_doit, testnum);
3089 #endif /* OPENSSL_NO_DH */
3094 printf("version: %s\n", OpenSSL_version(OPENSSL_FULL_VERSION_STRING));
3095 printf("built on: %s\n", OpenSSL_version(OPENSSL_BUILT_ON));
3097 printf("%s ", BN_options());
3098 printf("\n%s\n", OpenSSL_version(OPENSSL_CFLAGS));
3099 printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO));
3106 printf("The 'numbers' are in 1000s of bytes per second processed.\n");
3109 for (testnum = 0; testnum < size_num; testnum++)
3110 printf(mr ? ":%d" : "%7d bytes", lengths[testnum]);
3114 for (k = 0; k < ALGOR_NUM; k++) {
3118 printf("+F:%u:%s", k, names[k]);
3120 printf("%-13s", names[k]);
3121 for (testnum = 0; testnum < size_num; testnum++) {
3122 if (results[k][testnum] > 10000 && !mr)
3123 printf(" %11.2fk", results[k][testnum] / 1e3);
3125 printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
3130 for (k = 0; k < RSA_NUM; k++) {
3133 if (testnum && !mr) {
3134 printf("%18ssign verify sign/s verify/s\n", " ");
3138 printf("+F2:%u:%u:%f:%f\n",
3139 k, rsa_keys[k].bits, rsa_results[k][0], rsa_results[k][1]);
3141 printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3142 rsa_keys[k].bits, 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1],
3143 rsa_results[k][0], rsa_results[k][1]);
3146 for (k = 0; k < DSA_NUM; k++) {
3149 if (testnum && !mr) {
3150 printf("%18ssign verify sign/s verify/s\n", " ");
3154 printf("+F3:%u:%u:%f:%f\n",
3155 k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
3157 printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3158 dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
3159 dsa_results[k][0], dsa_results[k][1]);
3162 for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
3165 if (testnum && !mr) {
3166 printf("%30ssign verify sign/s verify/s\n", " ");
3171 printf("+F4:%u:%u:%f:%f\n",
3172 k, ec_curves[k].bits,
3173 ecdsa_results[k][0], ecdsa_results[k][1]);
3175 printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3176 ec_curves[k].bits, ec_curves[k].name,
3177 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
3178 ecdsa_results[k][0], ecdsa_results[k][1]);
3182 for (k = 0; k < EC_NUM; k++) {
3185 if (testnum && !mr) {
3186 printf("%30sop op/s\n", " ");
3190 printf("+F5:%u:%u:%f:%f\n",
3191 k, ec_curves[k].bits,
3192 ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
3195 printf("%4u bits ecdh (%s) %8.4fs %8.1f\n",
3196 ec_curves[k].bits, ec_curves[k].name,
3197 1.0 / ecdh_results[k][0], ecdh_results[k][0]);
3201 for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) {
3204 if (testnum && !mr) {
3205 printf("%30ssign verify sign/s verify/s\n", " ");
3210 printf("+F6:%u:%u:%s:%f:%f\n",
3211 k, ed_curves[k].bits, ed_curves[k].name,
3212 eddsa_results[k][0], eddsa_results[k][1]);
3214 printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3215 ed_curves[k].bits, ed_curves[k].name,
3216 1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1],
3217 eddsa_results[k][0], eddsa_results[k][1]);
3220 #ifndef OPENSSL_NO_SM2
3222 for (k = 0; k < OSSL_NELEM(sm2_doit); k++) {
3225 if (testnum && !mr) {
3226 printf("%30ssign verify sign/s verify/s\n", " ");
3231 printf("+F7:%u:%u:%s:%f:%f\n",
3232 k, sm2_curves[k].bits, sm2_curves[k].name,
3233 sm2_results[k][0], sm2_results[k][1]);
3235 printf("%4u bits SM2 (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3236 sm2_curves[k].bits, sm2_curves[k].name,
3237 1.0 / sm2_results[k][0], 1.0 / sm2_results[k][1],
3238 sm2_results[k][0], sm2_results[k][1]);
3241 #ifndef OPENSSL_NO_DH
3243 for (k = 0; k < FFDH_NUM; k++) {
3246 if (testnum && !mr) {
3247 printf("%23sop op/s\n", " ");
3251 printf("+F8:%u:%u:%f:%f\n",
3252 k, ffdh_params[k].bits,
3253 ffdh_results[k][0], 1.0 / ffdh_results[k][0]);
3256 printf("%4u bits ffdh %8.4fs %8.1f\n",
3257 ffdh_params[k].bits,
3258 1.0 / ffdh_results[k][0], ffdh_results[k][0]);
3260 #endif /* OPENSSL_NO_DH */
3265 ERR_print_errors(bio_err);
3266 for (i = 0; i < loopargs_len; i++) {
3267 OPENSSL_free(loopargs[i].buf_malloc);
3268 OPENSSL_free(loopargs[i].buf2_malloc);
3271 EVP_PKEY_CTX_free(genctx);
3272 for (k = 0; k < RSA_NUM; k++) {
3273 EVP_PKEY_CTX_free(loopargs[i].rsa_sign_ctx[k]);
3274 EVP_PKEY_CTX_free(loopargs[i].rsa_verify_ctx[k]);
3276 #ifndef OPENSSL_NO_DH
3277 OPENSSL_free(loopargs[i].secret_ff_a);
3278 OPENSSL_free(loopargs[i].secret_ff_b);
3279 for (k = 0; k < FFDH_NUM; k++)
3280 EVP_PKEY_CTX_free(loopargs[i].ffdh_ctx[k]);
3282 for (k = 0; k < DSA_NUM; k++) {
3283 EVP_PKEY_CTX_free(loopargs[i].dsa_sign_ctx[k]);
3284 EVP_PKEY_CTX_free(loopargs[i].dsa_verify_ctx[k]);
3286 for (k = 0; k < ECDSA_NUM; k++) {
3287 EVP_PKEY_CTX_free(loopargs[i].ecdsa_sign_ctx[k]);
3288 EVP_PKEY_CTX_free(loopargs[i].ecdsa_verify_ctx[k]);
3290 for (k = 0; k < EC_NUM; k++)
3291 EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
3292 for (k = 0; k < EdDSA_NUM; k++) {
3293 EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]);
3294 EVP_MD_CTX_free(loopargs[i].eddsa_ctx2[k]);
3296 #ifndef OPENSSL_NO_SM2
3297 for (k = 0; k < SM2_NUM; k++) {
3298 EVP_PKEY_CTX *pctx = NULL;
3300 /* free signing ctx */
3301 if (loopargs[i].sm2_ctx[k] != NULL
3302 && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL)
3303 EVP_PKEY_CTX_free(pctx);
3304 EVP_MD_CTX_free(loopargs[i].sm2_ctx[k]);
3305 /* free verification ctx */
3306 if (loopargs[i].sm2_vfy_ctx[k] != NULL
3307 && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL)
3308 EVP_PKEY_CTX_free(pctx);
3309 EVP_MD_CTX_free(loopargs[i].sm2_vfy_ctx[k]);
3311 EVP_PKEY_free(loopargs[i].sm2_pkey[k]);
3314 OPENSSL_free(loopargs[i].secret_a);
3315 OPENSSL_free(loopargs[i].secret_b);
3317 OPENSSL_free(evp_hmac_name);
3318 OPENSSL_free(evp_cmac_name);
3320 if (async_jobs > 0) {
3321 for (i = 0; i < loopargs_len; i++)
3322 ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
3326 ASYNC_cleanup_thread();
3328 OPENSSL_free(loopargs);
3330 EVP_CIPHER_free(evp_cipher);
3335 static void print_message(const char *s, long num, int length, int tm)
3338 mr ? "+DT:%s:%d:%d\n"
3339 : "Doing %s for %ds on %d size blocks: ", s, tm, length);
3340 (void)BIO_flush(bio_err);
3345 static void pkey_print_message(const char *str, const char *str2, long num,
3346 unsigned int bits, int tm)
3349 mr ? "+DTP:%d:%s:%s:%d\n"
3350 : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
3351 (void)BIO_flush(bio_err);
3356 static void print_result(int alg, int run_no, int count, double time_used)
3359 BIO_printf(bio_err, "%s error!\n", names[alg]);
3360 ERR_print_errors(bio_err);
3364 mr ? "+R:%d:%s:%f\n"
3365 : "%d %s's in %.2fs\n", count, names[alg], time_used);
3366 results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
3370 static char *sstrsep(char **string, const char *delim)
3373 char *token = *string;
3378 memset(isdelim, 0, sizeof(isdelim));
3382 isdelim[(unsigned char)(*delim)] = 1;
3386 while (!isdelim[(unsigned char)(**string)])
3397 static int do_multi(int multi, int size_num)
3402 static char sep[] = ":";
3404 fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
3405 for (n = 0; n < multi; ++n) {
3406 if (pipe(fd) == -1) {
3407 BIO_printf(bio_err, "pipe failure\n");
3411 (void)BIO_flush(bio_err);
3418 if (dup(fd[1]) == -1) {
3419 BIO_printf(bio_err, "dup failed\n");
3428 printf("Forked child %d\n", n);
3431 /* for now, assume the pipe is long enough to take all the output */
3432 for (n = 0; n < multi; ++n) {
3437 f = fdopen(fds[n], "r");
3438 while (fgets(buf, sizeof(buf), f)) {
3439 p = strchr(buf, '\n');
3442 if (buf[0] != '+') {
3444 "Don't understand line '%s' from child %d\n", buf,
3448 printf("Got: %s from %d\n", buf, n);
3449 if (strncmp(buf, "+F:", 3) == 0) {
3454 alg = atoi(sstrsep(&p, sep));
3456 for (j = 0; j < size_num; ++j)
3457 results[alg][j] += atof(sstrsep(&p, sep));
3458 } else if (strncmp(buf, "+F2:", 4) == 0) {
3463 k = atoi(sstrsep(&p, sep));
3466 d = atof(sstrsep(&p, sep));
3467 rsa_results[k][0] += d;
3469 d = atof(sstrsep(&p, sep));
3470 rsa_results[k][1] += d;
3471 } else if (strncmp(buf, "+F3:", 4) == 0) {
3476 k = atoi(sstrsep(&p, sep));
3479 d = atof(sstrsep(&p, sep));
3480 dsa_results[k][0] += d;
3482 d = atof(sstrsep(&p, sep));
3483 dsa_results[k][1] += d;
3484 } else if (strncmp(buf, "+F4:", 4) == 0) {
3489 k = atoi(sstrsep(&p, sep));
3492 d = atof(sstrsep(&p, sep));
3493 ecdsa_results[k][0] += d;
3495 d = atof(sstrsep(&p, sep));
3496 ecdsa_results[k][1] += d;
3497 } else if (strncmp(buf, "+F5:", 4) == 0) {
3502 k = atoi(sstrsep(&p, sep));
3505 d = atof(sstrsep(&p, sep));
3506 ecdh_results[k][0] += d;
3507 } else if (strncmp(buf, "+F6:", 4) == 0) {
3512 k = atoi(sstrsep(&p, sep));
3516 d = atof(sstrsep(&p, sep));
3517 eddsa_results[k][0] += d;
3519 d = atof(sstrsep(&p, sep));
3520 eddsa_results[k][1] += d;
3521 # ifndef OPENSSL_NO_SM2
3522 } else if (strncmp(buf, "+F7:", 4) == 0) {
3527 k = atoi(sstrsep(&p, sep));
3531 d = atof(sstrsep(&p, sep));
3532 sm2_results[k][0] += d;
3534 d = atof(sstrsep(&p, sep));
3535 sm2_results[k][1] += d;
3536 # endif /* OPENSSL_NO_SM2 */
3537 # ifndef OPENSSL_NO_DH
3538 } else if (strncmp(buf, "+F8:", 4) == 0) {
3543 k = atoi(sstrsep(&p, sep));
3546 d = atof(sstrsep(&p, sep));
3547 ffdh_results[k][0] += d;
3548 # endif /* OPENSSL_NO_DH */
3549 } else if (strncmp(buf, "+H:", 3) == 0) {
3552 BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
3564 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
3565 const openssl_speed_sec_t *seconds)
3567 static const int mblengths_list[] =
3568 { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
3569 const int *mblengths = mblengths_list;
3570 int j, count, keylen, num = OSSL_NELEM(mblengths_list);
3571 const char *alg_name;
3572 unsigned char *inp = NULL, *out = NULL, *key, no_key[32], no_iv[16];
3573 EVP_CIPHER_CTX *ctx = NULL;
3576 if (lengths_single) {
3577 mblengths = &lengths_single;
3581 inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
3582 out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
3583 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
3584 app_bail_out("failed to allocate cipher context\n");
3585 if (!EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv))
3586 app_bail_out("failed to initialise cipher context\n");
3588 if ((keylen = EVP_CIPHER_CTX_get_key_length(ctx)) < 0) {
3589 BIO_printf(bio_err, "Impossible negative key length: %d\n", keylen);
3592 key = app_malloc(keylen, "evp_cipher key");
3593 if (!EVP_CIPHER_CTX_rand_key(ctx, key))
3594 app_bail_out("failed to generate random cipher key\n");
3595 if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL))
3596 app_bail_out("failed to set cipher key\n");
3597 OPENSSL_clear_free(key, keylen);
3599 if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
3600 sizeof(no_key), no_key))
3601 app_bail_out("failed to set AEAD key\n");
3602 if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
3603 app_bail_out("failed to get cipher name\n");
3605 for (j = 0; j < num; j++) {
3606 print_message(alg_name, 0, mblengths[j], seconds->sym);
3608 for (count = 0; run && count < 0x7fffffff; count++) {
3609 unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
3610 EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
3611 size_t len = mblengths[j];
3614 memset(aad, 0, 8); /* avoid uninitialized values */
3615 aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */
3616 aad[9] = 3; /* version */
3618 aad[11] = 0; /* length */
3620 mb_param.out = NULL;
3623 mb_param.interleave = 8;
3625 packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
3626 sizeof(mb_param), &mb_param);
3632 (void)EVP_CIPHER_CTX_ctrl(ctx,
3633 EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
3634 sizeof(mb_param), &mb_param);
3638 RAND_bytes(out, 16);
3640 aad[11] = (unsigned char)(len >> 8);
3641 aad[12] = (unsigned char)(len);
3642 pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
3643 EVP_AEAD_TLS1_AAD_LEN, aad);
3644 EVP_Cipher(ctx, out, inp, len + pad);
3648 BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
3649 : "%d %s's in %.2fs\n", count, "evp", d);
3650 results[D_EVP][j] = ((double)count) / d * mblengths[j];
3654 fprintf(stdout, "+H");
3655 for (j = 0; j < num; j++)
3656 fprintf(stdout, ":%d", mblengths[j]);
3657 fprintf(stdout, "\n");
3658 fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
3659 for (j = 0; j < num; j++)
3660 fprintf(stdout, ":%.2f", results[D_EVP][j]);
3661 fprintf(stdout, "\n");
3664 "The 'numbers' are in 1000s of bytes per second processed.\n");
3665 fprintf(stdout, "type ");
3666 for (j = 0; j < num; j++)
3667 fprintf(stdout, "%7d bytes", mblengths[j]);
3668 fprintf(stdout, "\n");
3669 fprintf(stdout, "%-24s", alg_name);
3671 for (j = 0; j < num; j++) {
3672 if (results[D_EVP][j] > 10000)
3673 fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
3675 fprintf(stdout, " %11.2f ", results[D_EVP][j]);
3677 fprintf(stdout, "\n");
3683 EVP_CIPHER_CTX_free(ctx);