2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
13 #define PKEY_SECONDS 10
15 #define RSA_SECONDS PKEY_SECONDS
16 #define DSA_SECONDS PKEY_SECONDS
17 #define ECDSA_SECONDS PKEY_SECONDS
18 #define ECDH_SECONDS PKEY_SECONDS
19 #define EdDSA_SECONDS PKEY_SECONDS
20 #define SM2_SECONDS PKEY_SECONDS
21 #define FFDH_SECONDS PKEY_SECONDS
23 /* We need to use some deprecated APIs */
24 #define OPENSSL_SUPPRESS_DEPRECATED
32 #include <openssl/crypto.h>
33 #include <openssl/rand.h>
34 #include <openssl/err.h>
35 #include <openssl/evp.h>
36 #include <openssl/objects.h>
37 #include <openssl/core_names.h>
38 #include <openssl/async.h>
39 #if !defined(OPENSSL_SYS_MSDOS)
44 # if defined(OPENSSL_TANDEM_FLOSS)
45 # include <floss.h(floss_fork)>
53 #include <openssl/bn.h>
54 #include <openssl/rsa.h>
55 #include "./testrsa.h"
57 # include <openssl/dh.h>
59 #include <openssl/x509.h>
60 #include <openssl/dsa.h>
61 #include "./testdsa.h"
62 #include <openssl/modes.h>
65 # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
78 #define MAX_MISALIGNMENT 63
79 #define MAX_ECDH_SIZE 256
81 #define MAX_FFDH_SIZE 1024
83 #ifndef RSA_DEFAULT_PRIME_NUM
84 # define RSA_DEFAULT_PRIME_NUM 2
87 typedef struct openssl_speed_sec_st {
96 } openssl_speed_sec_t;
98 static volatile int run = 0;
100 static int mr = 0; /* machine-readeable output format to merge fork results */
101 static int usertime = 1;
103 static double Time_F(int s);
104 static void print_message(const char *s, long num, int length, int tm);
105 static void pkey_print_message(const char *str, const char *str2,
106 long num, unsigned int bits, int sec);
107 static void print_result(int alg, int run_no, int count, double time_used);
109 static int do_multi(int multi, int size_num);
112 static const int lengths_list[] = {
113 16, 64, 256, 1024, 8 * 1024, 16 * 1024
115 #define SIZE_NUM OSSL_NELEM(lengths_list)
116 static const int *lengths = lengths_list;
118 static const int aead_lengths_list[] = {
119 2, 31, 136, 1024, 8 * 1024, 16 * 1024
127 static void alarmed(int sig)
129 signal(SIGALRM, alarmed);
133 static double Time_F(int s)
135 double ret = app_tminterval(s, usertime);
141 #elif defined(_WIN32)
145 static unsigned int lapse;
146 static volatile unsigned int schlock;
147 static void alarm_win32(unsigned int secs)
152 # define alarm alarm_win32
154 static DWORD WINAPI sleepy(VOID * arg)
162 static double Time_F(int s)
169 thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
171 DWORD err = GetLastError();
172 BIO_printf(bio_err, "unable to CreateThread (%lu)", err);
176 Sleep(0); /* scheduler spinlock */
177 ret = app_tminterval(s, usertime);
179 ret = app_tminterval(s, usertime);
181 TerminateThread(thr, 0);
188 # error "SIGALRM not defined and the platform is not Windows"
191 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
192 const openssl_speed_sec_t *seconds);
194 static int opt_found(const char *name, unsigned int *result,
195 const OPT_PAIR pairs[], unsigned int nbelem)
199 for (idx = 0; idx < nbelem; ++idx, pairs++)
200 if (strcmp(name, pairs->name) == 0) {
201 *result = pairs->retval;
206 #define opt_found(value, pairs, result)\
207 opt_found(value, result, pairs, OSSL_NELEM(pairs))
209 typedef enum OPTION_choice {
210 OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
211 OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
212 OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM,
213 OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC
216 const OPTIONS speed_options[] = {
217 {OPT_HELP_STR, 1, '-', "Usage: %s [options] [algorithm...]\n"},
219 OPT_SECTION("General"),
220 {"help", OPT_HELP, '-', "Display this summary"},
222 "Enable (tls1>=1) multi-block mode on EVP-named cipher"},
223 {"mr", OPT_MR, '-', "Produce machine readable output"},
225 {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
227 #ifndef OPENSSL_NO_ASYNC
228 {"async_jobs", OPT_ASYNCJOBS, 'p',
229 "Enable async mode and start specified number of jobs"},
231 #ifndef OPENSSL_NO_ENGINE
232 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
234 {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
236 OPT_SECTION("Selection"),
237 {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
238 {"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"},
239 {"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"},
240 {"decrypt", OPT_DECRYPT, '-',
241 "Time decryption instead of encryption (only EVP)"},
242 {"aead", OPT_AEAD, '-',
243 "Benchmark EVP-named AEAD cipher in TLS-like sequence"},
245 OPT_SECTION("Timing"),
246 {"elapsed", OPT_ELAPSED, '-',
247 "Use wall-clock time instead of CPU user time as divisor"},
248 {"seconds", OPT_SECONDS, 'p',
249 "Run benchmarks for specified amount of seconds"},
250 {"bytes", OPT_BYTES, 'p',
251 "Run [non-PKI] benchmarks on custom-sized buffer"},
252 {"misalign", OPT_MISALIGN, 'p',
253 "Use specified offset to mis-align buffers"},
259 {"algorithm", 0, 0, "Algorithm(s) to test (optional; otherwise tests all)"},
264 D_MD2, D_MDC2, D_MD4, D_MD5, D_SHA1, D_RMD160,
265 D_SHA256, D_SHA512, D_WHIRLPOOL, D_HMAC,
266 D_CBC_DES, D_EDE3_DES, D_RC4, D_CBC_IDEA, D_CBC_SEED,
267 D_CBC_RC2, D_CBC_RC5, D_CBC_BF, D_CBC_CAST,
268 D_CBC_128_AES, D_CBC_192_AES, D_CBC_256_AES,
269 D_CBC_128_CML, D_CBC_192_CML, D_CBC_256_CML,
270 D_EVP, D_GHASH, D_RAND, D_EVP_CMAC, ALGOR_NUM
272 /* name of algorithms to test. MUST BE KEEP IN SYNC with above enum ! */
273 static const char *names[ALGOR_NUM] = {
274 "md2", "mdc2", "md4", "md5", "sha1", "rmd160",
275 "sha256", "sha512", "whirlpool", "hmac(md5)",
276 "des-cbc", "des-ede3", "rc4", "idea-cbc", "seed-cbc",
277 "rc2-cbc", "rc5-cbc", "blowfish", "cast-cbc",
278 "aes-128-cbc", "aes-192-cbc", "aes-256-cbc",
279 "camellia-128-cbc", "camellia-192-cbc", "camellia-256-cbc",
280 "evp", "ghash", "rand", "cmac"
283 /* list of configured algorithm (remaining), with some few alias */
284 static const OPT_PAIR doit_choices[] = {
291 {"sha256", D_SHA256},
292 {"sha512", D_SHA512},
293 {"whirlpool", D_WHIRLPOOL},
294 {"ripemd", D_RMD160},
295 {"rmd160", D_RMD160},
296 {"ripemd160", D_RMD160},
298 {"des-cbc", D_CBC_DES},
299 {"des-ede3", D_EDE3_DES},
300 {"aes-128-cbc", D_CBC_128_AES},
301 {"aes-192-cbc", D_CBC_192_AES},
302 {"aes-256-cbc", D_CBC_256_AES},
303 {"camellia-128-cbc", D_CBC_128_CML},
304 {"camellia-192-cbc", D_CBC_192_CML},
305 {"camellia-256-cbc", D_CBC_256_CML},
306 {"rc2-cbc", D_CBC_RC2},
308 {"rc5-cbc", D_CBC_RC5},
310 {"idea-cbc", D_CBC_IDEA},
311 {"idea", D_CBC_IDEA},
312 {"seed-cbc", D_CBC_SEED},
313 {"seed", D_CBC_SEED},
314 {"bf-cbc", D_CBC_BF},
315 {"blowfish", D_CBC_BF},
317 {"cast-cbc", D_CBC_CAST},
318 {"cast", D_CBC_CAST},
319 {"cast5", D_CBC_CAST},
324 static double results[ALGOR_NUM][SIZE_NUM];
326 enum { R_DSA_512, R_DSA_1024, R_DSA_2048, DSA_NUM };
327 static const OPT_PAIR dsa_choices[DSA_NUM] = {
328 {"dsa512", R_DSA_512},
329 {"dsa1024", R_DSA_1024},
330 {"dsa2048", R_DSA_2048}
332 static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
335 R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680,
338 static const OPT_PAIR rsa_choices[RSA_NUM] = {
339 {"rsa512", R_RSA_512},
340 {"rsa1024", R_RSA_1024},
341 {"rsa2048", R_RSA_2048},
342 {"rsa3072", R_RSA_3072},
343 {"rsa4096", R_RSA_4096},
344 {"rsa7680", R_RSA_7680},
345 {"rsa15360", R_RSA_15360}
348 static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
350 #ifndef OPENSSL_NO_DH
352 R_FFDH_2048, R_FFDH_3072, R_FFDH_4096, R_FFDH_6144, R_FFDH_8192, FFDH_NUM
355 static const OPT_PAIR ffdh_choices[FFDH_NUM] = {
356 {"ffdh2048", R_FFDH_2048},
357 {"ffdh3072", R_FFDH_3072},
358 {"ffdh4096", R_FFDH_4096},
359 {"ffdh6144", R_FFDH_6144},
360 {"ffdh8192", R_FFDH_8192},
363 static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
364 #endif /* OPENSSL_NO_DH */
367 R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
368 #ifndef OPENSSL_NO_EC2M
369 R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
370 R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
372 R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1,
373 R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM
375 /* list of ecdsa curves */
376 static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
377 {"ecdsap160", R_EC_P160},
378 {"ecdsap192", R_EC_P192},
379 {"ecdsap224", R_EC_P224},
380 {"ecdsap256", R_EC_P256},
381 {"ecdsap384", R_EC_P384},
382 {"ecdsap521", R_EC_P521},
383 #ifndef OPENSSL_NO_EC2M
384 {"ecdsak163", R_EC_K163},
385 {"ecdsak233", R_EC_K233},
386 {"ecdsak283", R_EC_K283},
387 {"ecdsak409", R_EC_K409},
388 {"ecdsak571", R_EC_K571},
389 {"ecdsab163", R_EC_B163},
390 {"ecdsab233", R_EC_B233},
391 {"ecdsab283", R_EC_B283},
392 {"ecdsab409", R_EC_B409},
393 {"ecdsab571", R_EC_B571},
395 {"ecdsabrp256r1", R_EC_BRP256R1},
396 {"ecdsabrp256t1", R_EC_BRP256T1},
397 {"ecdsabrp384r1", R_EC_BRP384R1},
398 {"ecdsabrp384t1", R_EC_BRP384T1},
399 {"ecdsabrp512r1", R_EC_BRP512R1},
400 {"ecdsabrp512t1", R_EC_BRP512T1}
402 enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
403 /* list of ecdh curves, extension of |ecdsa_choices| list above */
404 static const OPT_PAIR ecdh_choices[EC_NUM] = {
405 {"ecdhp160", R_EC_P160},
406 {"ecdhp192", R_EC_P192},
407 {"ecdhp224", R_EC_P224},
408 {"ecdhp256", R_EC_P256},
409 {"ecdhp384", R_EC_P384},
410 {"ecdhp521", R_EC_P521},
411 #ifndef OPENSSL_NO_EC2M
412 {"ecdhk163", R_EC_K163},
413 {"ecdhk233", R_EC_K233},
414 {"ecdhk283", R_EC_K283},
415 {"ecdhk409", R_EC_K409},
416 {"ecdhk571", R_EC_K571},
417 {"ecdhb163", R_EC_B163},
418 {"ecdhb233", R_EC_B233},
419 {"ecdhb283", R_EC_B283},
420 {"ecdhb409", R_EC_B409},
421 {"ecdhb571", R_EC_B571},
423 {"ecdhbrp256r1", R_EC_BRP256R1},
424 {"ecdhbrp256t1", R_EC_BRP256T1},
425 {"ecdhbrp384r1", R_EC_BRP384R1},
426 {"ecdhbrp384t1", R_EC_BRP384T1},
427 {"ecdhbrp512r1", R_EC_BRP512R1},
428 {"ecdhbrp512t1", R_EC_BRP512T1},
429 {"ecdhx25519", R_EC_X25519},
430 {"ecdhx448", R_EC_X448}
433 static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */
434 static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
436 enum { R_EC_Ed25519, R_EC_Ed448, EdDSA_NUM };
437 static const OPT_PAIR eddsa_choices[EdDSA_NUM] = {
438 {"ed25519", R_EC_Ed25519},
439 {"ed448", R_EC_Ed448}
442 static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */
444 #ifndef OPENSSL_NO_SM2
445 enum { R_EC_CURVESM2, SM2_NUM };
446 static const OPT_PAIR sm2_choices[SM2_NUM] = {
447 {"curveSM2", R_EC_CURVESM2}
449 # define SM2_ID "TLSv1.3+GM+Cipher+Suite"
450 # define SM2_ID_LEN sizeof("TLSv1.3+GM+Cipher+Suite") - 1
451 static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */
452 #endif /* OPENSSL_NO_SM2 */
454 #define COND(unused_cond) (run && count < 0x7fffffff)
455 #define COUNT(d) (count)
457 typedef struct loopargs_st {
458 ASYNC_JOB *inprogress_job;
459 ASYNC_WAIT_CTX *wait_ctx;
462 unsigned char *buf_malloc;
463 unsigned char *buf2_malloc;
466 EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM];
467 EVP_PKEY_CTX *rsa_verify_ctx[RSA_NUM];
468 EVP_PKEY_CTX *dsa_sign_ctx[DSA_NUM];
469 EVP_PKEY_CTX *dsa_verify_ctx[DSA_NUM];
470 EVP_PKEY_CTX *ecdsa_sign_ctx[ECDSA_NUM];
471 EVP_PKEY_CTX *ecdsa_verify_ctx[ECDSA_NUM];
472 EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
473 EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
474 EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM];
475 #ifndef OPENSSL_NO_SM2
476 EVP_MD_CTX *sm2_ctx[SM2_NUM];
477 EVP_MD_CTX *sm2_vfy_ctx[SM2_NUM];
478 EVP_PKEY *sm2_pkey[SM2_NUM];
480 unsigned char *secret_a;
481 unsigned char *secret_b;
482 size_t outlen[EC_NUM];
483 #ifndef OPENSSL_NO_DH
484 EVP_PKEY_CTX *ffdh_ctx[FFDH_NUM];
485 unsigned char *secret_ff_a;
486 unsigned char *secret_ff_b;
491 static int run_benchmark(int async_jobs, int (*loop_function) (void *),
492 loopargs_t * loopargs);
494 static unsigned int testnum;
496 /* Nb of iterations to do per algorithm and key-size */
497 static long c[ALGOR_NUM][SIZE_NUM];
499 static char *evp_mac_mdname = "md5";
500 static char *evp_hmac_name = NULL;
501 static const char *evp_md_name = NULL;
502 static char *evp_mac_ciphername = "aes-128-cbc";
503 static char *evp_cmac_name = NULL;
505 static EVP_MD *obtain_md(const char *name, int *fetched)
510 /* Look through providers' digests */
512 md = EVP_MD_fetch(NULL, name, NULL);
519 return (EVP_MD *)EVP_get_digestbyname(name);
522 static int have_md(const char *name)
526 EVP_MD *md = obtain_md(name, &fetched);
529 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
531 if (ctx != NULL && EVP_DigestInit(ctx, md) > 0)
533 EVP_MD_CTX_free(ctx);
540 static EVP_CIPHER *obtain_cipher(const char *name, int *fetched)
542 EVP_CIPHER *cipher = NULL;
545 /* Look through providers' digests */
547 cipher = EVP_CIPHER_fetch(NULL, name, NULL);
549 if (cipher != NULL) {
554 return (EVP_CIPHER *)EVP_get_cipherbyname(name);
557 static int have_cipher(const char *name)
561 EVP_CIPHER *cipher = obtain_cipher(name, &fetched);
563 if (cipher != NULL) {
564 EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
567 && EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) > 0)
569 EVP_CIPHER_CTX_free(ctx);
571 EVP_CIPHER_free(cipher);
576 static int EVP_Digest_loop(const char *mdname, int algindex, void *args)
578 loopargs_t *tempargs = *(loopargs_t **) args;
579 unsigned char *buf = tempargs->buf;
580 unsigned char digest[EVP_MAX_MD_SIZE];
581 int count, fetched = 0;
582 EVP_MD *md = obtain_md(mdname, &fetched);
586 for (count = 0; COND(c[algindex][testnum]); count++) {
587 if (!EVP_Digest(buf, (size_t)lengths[testnum], digest, NULL, md,
598 static int EVP_Digest_md_loop(void *args)
600 return EVP_Digest_loop(evp_md_name, D_EVP, args);
603 static int EVP_Digest_MD2_loop(void *args)
605 return EVP_Digest_loop("md2", D_MD2, args);
608 static int EVP_Digest_MDC2_loop(void *args)
610 return EVP_Digest_loop("mdc2", D_MDC2, args);
613 static int EVP_Digest_MD4_loop(void *args)
615 return EVP_Digest_loop("md4", D_MD4, args);
618 static int MD5_loop(void *args)
620 return EVP_Digest_loop("md5", D_MD5, args);
623 static int EVP_MAC_loop(int algindex, void *args)
625 loopargs_t *tempargs = *(loopargs_t **) args;
626 unsigned char *buf = tempargs->buf;
627 EVP_MAC_CTX *mctx = tempargs->mctx;
628 unsigned char mac[EVP_MAX_MD_SIZE];
631 for (count = 0; COND(c[algindex][testnum]); count++) {
634 if (!EVP_MAC_init(mctx)
635 || !EVP_MAC_update(mctx, buf, lengths[testnum])
636 || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
642 static int HMAC_loop(void *args)
644 return EVP_MAC_loop(D_HMAC, args);
647 static int CMAC_loop(void *args)
649 return EVP_MAC_loop(D_EVP_CMAC, args);
652 static int SHA1_loop(void *args)
654 return EVP_Digest_loop("sha1", D_SHA1, args);
657 static int SHA256_loop(void *args)
659 return EVP_Digest_loop("sha256", D_SHA256, args);
662 static int SHA512_loop(void *args)
664 return EVP_Digest_loop("sha512", D_SHA512, args);
667 static int WHIRLPOOL_loop(void *args)
669 return EVP_Digest_loop("whirlpool", D_WHIRLPOOL, args);
672 static int EVP_Digest_RMD160_loop(void *args)
674 return EVP_Digest_loop("ripemd160", D_RMD160, args);
679 static int EVP_Cipher_loop(void *args)
681 loopargs_t *tempargs = *(loopargs_t **) args;
682 unsigned char *buf = tempargs->buf;
685 if (tempargs->ctx == NULL)
687 for (count = 0; COND(c[algindex][testnum]); count++)
688 if (EVP_Cipher(tempargs->ctx, buf, buf, (size_t)lengths[testnum]) <= 0)
693 static int GHASH_loop(void *args)
695 loopargs_t *tempargs = *(loopargs_t **) args;
696 unsigned char *buf = tempargs->buf;
697 EVP_MAC_CTX *mctx = tempargs->mctx;
700 /* just do the update in the loop to be comparable with 1.1.1 */
701 for (count = 0; COND(c[D_GHASH][testnum]); count++) {
702 if (!EVP_MAC_update(mctx, buf, lengths[testnum]))
708 #define MAX_BLOCK_SIZE 128
710 static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
712 static EVP_CIPHER_CTX *init_evp_cipher_ctx(const char *ciphername,
713 const unsigned char *key,
716 EVP_CIPHER_CTX *ctx = NULL;
718 EVP_CIPHER *cipher = obtain_cipher(ciphername, &fetched);
723 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
726 if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)) {
727 EVP_CIPHER_CTX_free(ctx);
732 EVP_CIPHER_CTX_set_key_length(ctx, keylen);
734 if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1)) {
735 EVP_CIPHER_CTX_free(ctx);
742 EVP_CIPHER_free(cipher);
746 static int RAND_bytes_loop(void *args)
748 loopargs_t *tempargs = *(loopargs_t **) args;
749 unsigned char *buf = tempargs->buf;
752 for (count = 0; COND(c[D_RAND][testnum]); count++)
753 RAND_bytes(buf, lengths[testnum]);
757 static int decrypt = 0;
758 static int EVP_Update_loop(void *args)
760 loopargs_t *tempargs = *(loopargs_t **) args;
761 unsigned char *buf = tempargs->buf;
762 EVP_CIPHER_CTX *ctx = tempargs->ctx;
766 for (count = 0; COND(c[D_EVP][testnum]); count++) {
767 rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
769 /* reset iv in case of counter overflow */
770 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
774 for (count = 0; COND(c[D_EVP][testnum]); count++) {
775 rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
777 /* reset iv in case of counter overflow */
778 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
783 EVP_DecryptFinal_ex(ctx, buf, &outl);
785 EVP_EncryptFinal_ex(ctx, buf, &outl);
790 * CCM does not support streaming. For the purpose of performance measurement,
791 * each message is encrypted using the same (key,iv)-pair. Do not use this
792 * code in your application.
794 static int EVP_Update_loop_ccm(void *args)
796 loopargs_t *tempargs = *(loopargs_t **) args;
797 unsigned char *buf = tempargs->buf;
798 EVP_CIPHER_CTX *ctx = tempargs->ctx;
800 unsigned char tag[12];
803 for (count = 0; COND(c[D_EVP][testnum]); count++) {
804 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), tag);
806 EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
807 /* counter is reset on every update */
808 EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
811 for (count = 0; COND(c[D_EVP][testnum]); count++) {
812 /* restore iv length field */
813 EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]);
814 /* counter is reset on every update */
815 EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
819 EVP_DecryptFinal_ex(ctx, buf, &outl);
821 EVP_EncryptFinal_ex(ctx, buf, &outl);
826 * To make AEAD benchmarking more relevant perform TLS-like operations,
827 * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
828 * payload length is not actually limited by 16KB...
830 static int EVP_Update_loop_aead(void *args)
832 loopargs_t *tempargs = *(loopargs_t **) args;
833 unsigned char *buf = tempargs->buf;
834 EVP_CIPHER_CTX *ctx = tempargs->ctx;
836 unsigned char aad[13] = { 0xcc };
837 unsigned char faketag[16] = { 0xcc };
840 for (count = 0; COND(c[D_EVP][testnum]); count++) {
841 EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
842 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
843 sizeof(faketag), faketag);
844 EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
845 EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
846 EVP_DecryptFinal_ex(ctx, buf + outl, &outl);
849 for (count = 0; COND(c[D_EVP][testnum]); count++) {
850 EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv);
851 EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
852 EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
853 EVP_EncryptFinal_ex(ctx, buf + outl, &outl);
859 static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
861 static int RSA_sign_loop(void *args)
863 loopargs_t *tempargs = *(loopargs_t **) args;
864 unsigned char *buf = tempargs->buf;
865 unsigned char *buf2 = tempargs->buf2;
866 size_t *rsa_num = &tempargs->sigsize;
867 EVP_PKEY_CTX **rsa_sign_ctx = tempargs->rsa_sign_ctx;
870 for (count = 0; COND(rsa_c[testnum][0]); count++) {
871 ret = EVP_PKEY_sign(rsa_sign_ctx[testnum], buf2, rsa_num, buf, 36);
873 BIO_printf(bio_err, "RSA sign failure\n");
874 ERR_print_errors(bio_err);
882 static int RSA_verify_loop(void *args)
884 loopargs_t *tempargs = *(loopargs_t **) args;
885 unsigned char *buf = tempargs->buf;
886 unsigned char *buf2 = tempargs->buf2;
887 size_t rsa_num = tempargs->sigsize;
888 EVP_PKEY_CTX **rsa_verify_ctx = tempargs->rsa_verify_ctx;
891 for (count = 0; COND(rsa_c[testnum][1]); count++) {
892 ret = EVP_PKEY_verify(rsa_verify_ctx[testnum], buf2, rsa_num, buf, 36);
894 BIO_printf(bio_err, "RSA verify failure\n");
895 ERR_print_errors(bio_err);
903 #ifndef OPENSSL_NO_DH
904 static long ffdh_c[FFDH_NUM][1];
906 static int FFDH_derive_key_loop(void *args)
908 loopargs_t *tempargs = *(loopargs_t **) args;
909 EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum];
910 unsigned char *derived_secret = tempargs->secret_ff_a;
911 size_t outlen = MAX_FFDH_SIZE;
914 for (count = 0; COND(ffdh_c[testnum][0]); count++)
915 EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen);
918 #endif /* OPENSSL_NO_DH */
920 static long dsa_c[DSA_NUM][2];
921 static int DSA_sign_loop(void *args)
923 loopargs_t *tempargs = *(loopargs_t **) args;
924 unsigned char *buf = tempargs->buf;
925 unsigned char *buf2 = tempargs->buf2;
926 size_t *dsa_num = &tempargs->sigsize;
927 EVP_PKEY_CTX **dsa_sign_ctx = tempargs->dsa_sign_ctx;
930 for (count = 0; COND(dsa_c[testnum][0]); count++) {
931 ret = EVP_PKEY_sign(dsa_sign_ctx[testnum], buf2, dsa_num, buf, 20);
933 BIO_printf(bio_err, "DSA sign failure\n");
934 ERR_print_errors(bio_err);
942 static int DSA_verify_loop(void *args)
944 loopargs_t *tempargs = *(loopargs_t **) args;
945 unsigned char *buf = tempargs->buf;
946 unsigned char *buf2 = tempargs->buf2;
947 size_t dsa_num = tempargs->sigsize;
948 EVP_PKEY_CTX **dsa_verify_ctx = tempargs->dsa_verify_ctx;
951 for (count = 0; COND(dsa_c[testnum][1]); count++) {
952 ret = EVP_PKEY_verify(dsa_verify_ctx[testnum], buf2, dsa_num, buf, 20);
954 BIO_printf(bio_err, "DSA verify failure\n");
955 ERR_print_errors(bio_err);
963 static long ecdsa_c[ECDSA_NUM][2];
964 static int ECDSA_sign_loop(void *args)
966 loopargs_t *tempargs = *(loopargs_t **) args;
967 unsigned char *buf = tempargs->buf;
968 unsigned char *buf2 = tempargs->buf2;
969 size_t *ecdsa_num = &tempargs->sigsize;
970 EVP_PKEY_CTX **ecdsa_sign_ctx = tempargs->ecdsa_sign_ctx;
973 for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
974 ret = EVP_PKEY_sign(ecdsa_sign_ctx[testnum], buf2, ecdsa_num, buf, 20);
976 BIO_printf(bio_err, "ECDSA sign failure\n");
977 ERR_print_errors(bio_err);
985 static int ECDSA_verify_loop(void *args)
987 loopargs_t *tempargs = *(loopargs_t **) args;
988 unsigned char *buf = tempargs->buf;
989 unsigned char *buf2 = tempargs->buf2;
990 size_t ecdsa_num = tempargs->sigsize;
991 EVP_PKEY_CTX **ecdsa_verify_ctx = tempargs->ecdsa_verify_ctx;
994 for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
995 ret = EVP_PKEY_verify(ecdsa_verify_ctx[testnum], buf2, ecdsa_num,
998 BIO_printf(bio_err, "ECDSA verify failure\n");
999 ERR_print_errors(bio_err);
1007 /* ******************************************************************** */
1008 static long ecdh_c[EC_NUM][1];
1010 static int ECDH_EVP_derive_key_loop(void *args)
1012 loopargs_t *tempargs = *(loopargs_t **) args;
1013 EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum];
1014 unsigned char *derived_secret = tempargs->secret_a;
1016 size_t *outlen = &(tempargs->outlen[testnum]);
1018 for (count = 0; COND(ecdh_c[testnum][0]); count++)
1019 EVP_PKEY_derive(ctx, derived_secret, outlen);
1024 static long eddsa_c[EdDSA_NUM][2];
1025 static int EdDSA_sign_loop(void *args)
1027 loopargs_t *tempargs = *(loopargs_t **) args;
1028 unsigned char *buf = tempargs->buf;
1029 EVP_MD_CTX **edctx = tempargs->eddsa_ctx;
1030 unsigned char *eddsasig = tempargs->buf2;
1031 size_t *eddsasigsize = &tempargs->sigsize;
1034 for (count = 0; COND(eddsa_c[testnum][0]); count++) {
1035 ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
1037 BIO_printf(bio_err, "EdDSA sign failure\n");
1038 ERR_print_errors(bio_err);
1046 static int EdDSA_verify_loop(void *args)
1048 loopargs_t *tempargs = *(loopargs_t **) args;
1049 unsigned char *buf = tempargs->buf;
1050 EVP_MD_CTX **edctx = tempargs->eddsa_ctx2;
1051 unsigned char *eddsasig = tempargs->buf2;
1052 size_t eddsasigsize = tempargs->sigsize;
1055 for (count = 0; COND(eddsa_c[testnum][1]); count++) {
1056 ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
1058 BIO_printf(bio_err, "EdDSA verify failure\n");
1059 ERR_print_errors(bio_err);
1067 #ifndef OPENSSL_NO_SM2
1068 static long sm2_c[SM2_NUM][2];
1069 static int SM2_sign_loop(void *args)
1071 loopargs_t *tempargs = *(loopargs_t **) args;
1072 unsigned char *buf = tempargs->buf;
1073 EVP_MD_CTX **sm2ctx = tempargs->sm2_ctx;
1074 unsigned char *sm2sig = tempargs->buf2;
1077 EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
1078 const size_t max_size = EVP_PKEY_size(sm2_pkey[testnum]);
1080 for (count = 0; COND(sm2_c[testnum][0]); count++) {
1081 sm2sigsize = max_size;
1083 if (!EVP_DigestSignInit(sm2ctx[testnum], NULL, EVP_sm3(),
1084 NULL, sm2_pkey[testnum])) {
1085 BIO_printf(bio_err, "SM2 init sign failure\n");
1086 ERR_print_errors(bio_err);
1090 ret = EVP_DigestSign(sm2ctx[testnum], sm2sig, &sm2sigsize,
1093 BIO_printf(bio_err, "SM2 sign failure\n");
1094 ERR_print_errors(bio_err);
1098 /* update the latest returned size and always use the fixed buffer size */
1099 tempargs->sigsize = sm2sigsize;
1105 static int SM2_verify_loop(void *args)
1107 loopargs_t *tempargs = *(loopargs_t **) args;
1108 unsigned char *buf = tempargs->buf;
1109 EVP_MD_CTX **sm2ctx = tempargs->sm2_vfy_ctx;
1110 unsigned char *sm2sig = tempargs->buf2;
1111 size_t sm2sigsize = tempargs->sigsize;
1113 EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
1115 for (count = 0; COND(sm2_c[testnum][1]); count++) {
1116 if (!EVP_DigestVerifyInit(sm2ctx[testnum], NULL, EVP_sm3(),
1117 NULL, sm2_pkey[testnum])) {
1118 BIO_printf(bio_err, "SM2 verify init failure\n");
1119 ERR_print_errors(bio_err);
1123 ret = EVP_DigestVerify(sm2ctx[testnum], sm2sig, sm2sigsize,
1126 BIO_printf(bio_err, "SM2 verify failure\n");
1127 ERR_print_errors(bio_err);
1134 #endif /* OPENSSL_NO_SM2 */
1136 static int run_benchmark(int async_jobs,
1137 int (*loop_function) (void *), loopargs_t * loopargs)
1139 int job_op_count = 0;
1140 int total_op_count = 0;
1141 int num_inprogress = 0;
1142 int error = 0, i = 0, ret = 0;
1143 OSSL_ASYNC_FD job_fd = 0;
1144 size_t num_job_fds = 0;
1146 if (async_jobs == 0) {
1147 return loop_function((void *)&loopargs);
1150 for (i = 0; i < async_jobs && !error; i++) {
1151 loopargs_t *looparg_item = loopargs + i;
1153 /* Copy pointer content (looparg_t item address) into async context */
1154 ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
1155 &job_op_count, loop_function,
1156 (void *)&looparg_item, sizeof(looparg_item));
1162 if (job_op_count == -1) {
1165 total_op_count += job_op_count;
1170 BIO_printf(bio_err, "Failure in the job\n");
1171 ERR_print_errors(bio_err);
1177 while (num_inprogress > 0) {
1178 #if defined(OPENSSL_SYS_WINDOWS)
1180 #elif defined(OPENSSL_SYS_UNIX)
1181 int select_result = 0;
1182 OSSL_ASYNC_FD max_fd = 0;
1185 FD_ZERO(&waitfdset);
1187 for (i = 0; i < async_jobs && num_inprogress > 0; i++) {
1188 if (loopargs[i].inprogress_job == NULL)
1191 if (!ASYNC_WAIT_CTX_get_all_fds
1192 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1193 || num_job_fds > 1) {
1194 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1195 ERR_print_errors(bio_err);
1199 ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1201 FD_SET(job_fd, &waitfdset);
1202 if (job_fd > max_fd)
1206 if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
1208 "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
1209 "Decrease the value of async_jobs\n",
1210 max_fd, FD_SETSIZE);
1211 ERR_print_errors(bio_err);
1216 select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL);
1217 if (select_result == -1 && errno == EINTR)
1220 if (select_result == -1) {
1221 BIO_printf(bio_err, "Failure in the select\n");
1222 ERR_print_errors(bio_err);
1227 if (select_result == 0)
1231 for (i = 0; i < async_jobs; i++) {
1232 if (loopargs[i].inprogress_job == NULL)
1235 if (!ASYNC_WAIT_CTX_get_all_fds
1236 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1237 || num_job_fds > 1) {
1238 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1239 ERR_print_errors(bio_err);
1243 ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1246 #if defined(OPENSSL_SYS_UNIX)
1247 if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
1249 #elif defined(OPENSSL_SYS_WINDOWS)
1250 if (num_job_fds == 1
1251 && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
1256 ret = ASYNC_start_job(&loopargs[i].inprogress_job,
1257 loopargs[i].wait_ctx, &job_op_count,
1258 loop_function, (void *)(loopargs + i),
1259 sizeof(loopargs_t));
1264 if (job_op_count == -1) {
1267 total_op_count += job_op_count;
1270 loopargs[i].inprogress_job = NULL;
1275 loopargs[i].inprogress_job = NULL;
1276 BIO_printf(bio_err, "Failure in the job\n");
1277 ERR_print_errors(bio_err);
1284 return error ? -1 : total_op_count;
1287 typedef struct ec_curve_st {
1291 size_t sigsize; /* only used for EdDSA curves */
1294 static EVP_PKEY *get_ecdsa(const EC_CURVE *curve)
1296 EVP_PKEY_CTX *kctx = NULL;
1297 EVP_PKEY *key = NULL;
1299 /* Ensure that the error queue is empty */
1300 if (ERR_peek_error()) {
1302 "WARNING: the error queue contains previous unhandled errors.\n");
1303 ERR_print_errors(bio_err);
1307 * Let's try to create a ctx directly from the NID: this works for
1308 * curves like Curve25519 that are not implemented through the low
1309 * level EC interface.
1310 * If this fails we try creating a EVP_PKEY_EC generic param ctx,
1311 * then we set the curve by NID before deriving the actual keygen
1312 * ctx for that specific curve.
1314 kctx = EVP_PKEY_CTX_new_id(curve->nid, NULL);
1316 EVP_PKEY_CTX *pctx = NULL;
1317 EVP_PKEY *params = NULL;
1319 * If we reach this code EVP_PKEY_CTX_new_id() failed and a
1320 * "int_ctx_new:unsupported algorithm" error was added to the
1322 * We remove it from the error queue as we are handling it.
1324 unsigned long error = ERR_peek_error();
1326 if (error == ERR_peek_last_error() /* oldest and latest errors match */
1327 /* check that the error origin matches */
1328 && ERR_GET_LIB(error) == ERR_LIB_EVP
1329 && (ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM
1330 || ERR_GET_REASON(error) == ERR_R_UNSUPPORTED))
1331 ERR_get_error(); /* pop error from queue */
1332 if (ERR_peek_error()) {
1334 "Unhandled error in the error queue during EC key setup.\n");
1335 ERR_print_errors(bio_err);
1339 /* Create the context for parameter generation */
1340 if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL
1341 || EVP_PKEY_paramgen_init(pctx) <= 0
1342 || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1344 || EVP_PKEY_paramgen(pctx, ¶ms) <= 0) {
1345 BIO_printf(bio_err, "EC params init failure.\n");
1346 ERR_print_errors(bio_err);
1347 EVP_PKEY_CTX_free(pctx);
1350 EVP_PKEY_CTX_free(pctx);
1352 /* Create the context for the key generation */
1353 kctx = EVP_PKEY_CTX_new(params, NULL);
1354 EVP_PKEY_free(params);
1357 || EVP_PKEY_keygen_init(kctx) <= 0
1358 || EVP_PKEY_keygen(kctx, &key) <= 0) {
1359 BIO_printf(bio_err, "EC key generation failure.\n");
1360 ERR_print_errors(bio_err);
1363 EVP_PKEY_CTX_free(kctx);
1367 #define stop_it(do_it, test_num)\
1368 memset(do_it + test_num, 0, OSSL_NELEM(do_it) - test_num);
1370 int speed_main(int argc, char **argv)
1373 loopargs_t *loopargs = NULL;
1375 const char *engine_id = NULL;
1376 EVP_CIPHER *evp_cipher = NULL;
1379 int async_init = 0, multiblock = 0, pr_header = 0;
1380 uint8_t doit[ALGOR_NUM] = { 0 };
1381 int ret = 1, misalign = 0, lengths_single = 0, aead = 0;
1383 unsigned int size_num = SIZE_NUM;
1384 unsigned int i, k, loopargs_len = 0, async_jobs = 0;
1387 int fetched_cipher = 0;
1389 EVP_PKEY_CTX *genctx = NULL;
1394 openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
1395 ECDSA_SECONDS, ECDH_SECONDS,
1396 EdDSA_SECONDS, SM2_SECONDS,
1399 static const unsigned char key32[32] = {
1400 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1401 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1402 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
1403 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
1405 static const unsigned char deskey[] = {
1406 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, /* key1 */
1407 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, /* key2 */
1408 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 /* key3 */
1410 static const struct {
1411 const unsigned char *data;
1412 unsigned int length;
1415 { test512, sizeof(test512), 512 },
1416 { test1024, sizeof(test1024), 1024 },
1417 { test2048, sizeof(test2048), 2048 },
1418 { test3072, sizeof(test3072), 3072 },
1419 { test4096, sizeof(test4096), 4096 },
1420 { test7680, sizeof(test7680), 7680 },
1421 { test15360, sizeof(test15360), 15360 }
1423 uint8_t rsa_doit[RSA_NUM] = { 0 };
1424 int primes = RSA_DEFAULT_PRIME_NUM;
1425 #ifndef OPENSSL_NO_DH
1426 typedef struct ffdh_params_st {
1432 static const FFDH_PARAMS ffdh_params[FFDH_NUM] = {
1433 {"ffdh2048", NID_ffdhe2048, 2048},
1434 {"ffdh3072", NID_ffdhe3072, 3072},
1435 {"ffdh4096", NID_ffdhe4096, 4096},
1436 {"ffdh6144", NID_ffdhe6144, 6144},
1437 {"ffdh8192", NID_ffdhe8192, 8192}
1439 uint8_t ffdh_doit[FFDH_NUM] = { 0 };
1441 #endif /* OPENSSL_NO_DH */
1442 static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
1443 uint8_t dsa_doit[DSA_NUM] = { 0 };
1445 * We only test over the following curves as they are representative, To
1446 * add tests over more curves, simply add the curve NID and curve name to
1447 * the following arrays and increase the |ecdh_choices| and |ecdsa_choices|
1448 * lists accordingly.
1450 static const EC_CURVE ec_curves[EC_NUM] = {
1452 {"secp160r1", NID_secp160r1, 160},
1453 {"nistp192", NID_X9_62_prime192v1, 192},
1454 {"nistp224", NID_secp224r1, 224},
1455 {"nistp256", NID_X9_62_prime256v1, 256},
1456 {"nistp384", NID_secp384r1, 384},
1457 {"nistp521", NID_secp521r1, 521},
1458 #ifndef OPENSSL_NO_EC2M
1460 {"nistk163", NID_sect163k1, 163},
1461 {"nistk233", NID_sect233k1, 233},
1462 {"nistk283", NID_sect283k1, 283},
1463 {"nistk409", NID_sect409k1, 409},
1464 {"nistk571", NID_sect571k1, 571},
1465 {"nistb163", NID_sect163r2, 163},
1466 {"nistb233", NID_sect233r1, 233},
1467 {"nistb283", NID_sect283r1, 283},
1468 {"nistb409", NID_sect409r1, 409},
1469 {"nistb571", NID_sect571r1, 571},
1471 {"brainpoolP256r1", NID_brainpoolP256r1, 256},
1472 {"brainpoolP256t1", NID_brainpoolP256t1, 256},
1473 {"brainpoolP384r1", NID_brainpoolP384r1, 384},
1474 {"brainpoolP384t1", NID_brainpoolP384t1, 384},
1475 {"brainpoolP512r1", NID_brainpoolP512r1, 512},
1476 {"brainpoolP512t1", NID_brainpoolP512t1, 512},
1477 /* Other and ECDH only ones */
1478 {"X25519", NID_X25519, 253},
1479 {"X448", NID_X448, 448}
1481 static const EC_CURVE ed_curves[EdDSA_NUM] = {
1483 {"Ed25519", NID_ED25519, 253, 64},
1484 {"Ed448", NID_ED448, 456, 114}
1486 #ifndef OPENSSL_NO_SM2
1487 static const EC_CURVE sm2_curves[SM2_NUM] = {
1489 {"CurveSM2", NID_sm2, 256}
1491 uint8_t sm2_doit[SM2_NUM] = { 0 };
1493 uint8_t ecdsa_doit[ECDSA_NUM] = { 0 };
1494 uint8_t ecdh_doit[EC_NUM] = { 0 };
1495 uint8_t eddsa_doit[EdDSA_NUM] = { 0 };
1497 /* checks declarated curves against choices list. */
1498 OPENSSL_assert(ed_curves[EdDSA_NUM - 1].nid == NID_ED448);
1499 OPENSSL_assert(strcmp(eddsa_choices[EdDSA_NUM - 1].name, "ed448") == 0);
1501 OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448);
1502 OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0);
1504 OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1);
1505 OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0);
1507 #ifndef OPENSSL_NO_SM2
1508 OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);
1509 OPENSSL_assert(strcmp(sm2_choices[SM2_NUM - 1].name, "curveSM2") == 0);
1512 prog = opt_init(argc, argv, speed_options);
1513 while ((o = opt_next()) != OPT_EOF) {
1518 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
1521 opt_help(speed_options);
1529 BIO_printf(bio_err, "%s: -evp option cannot be used more than once\n", prog);
1532 evp_cipher = obtain_cipher(opt_arg(), &fetched_cipher);
1533 if (evp_cipher == NULL) {
1534 if (have_md(opt_arg()))
1535 evp_md_name = opt_arg();
1537 if (evp_cipher == NULL && evp_md_name == NULL) {
1539 "%s: %s is an unknown cipher or digest\n",
1546 if (!have_md(opt_arg())) {
1547 BIO_printf(bio_err, "%s: %s is an unknown digest\n",
1551 evp_mac_mdname = opt_arg();
1555 if (!have_cipher(opt_arg())) {
1556 BIO_printf(bio_err, "%s: %s is an unknown cipher\n",
1560 evp_mac_ciphername = opt_arg();
1561 doit[D_EVP_CMAC] = 1;
1568 * In a forked execution, an engine might need to be
1569 * initialised by each child process, not by the parent.
1570 * So store the name here and run setup_engine() later on.
1572 engine_id = opt_arg();
1576 multi = atoi(opt_arg());
1580 #ifndef OPENSSL_NO_ASYNC
1581 async_jobs = atoi(opt_arg());
1582 if (!ASYNC_is_capable()) {
1584 "%s: async_jobs specified but async not supported\n",
1588 if (async_jobs > 99999) {
1589 BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
1595 if (!opt_int(opt_arg(), &misalign))
1597 if (misalign > MISALIGN) {
1599 "%s: Maximum offset is %d\n", prog, MISALIGN);
1608 #ifdef OPENSSL_NO_MULTIBLOCK
1610 "%s: -mb specified but multi-block support is disabled\n",
1619 case OPT_PROV_CASES:
1620 if (!opt_provider(o))
1624 if (!opt_int(opt_arg(), &primes))
1628 seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
1629 = seconds.ecdh = seconds.eddsa
1630 = seconds.sm2 = seconds.ffdh = atoi(opt_arg());
1633 lengths_single = atoi(opt_arg());
1634 lengths = &lengths_single;
1643 /* Remaining arguments are algorithms. */
1644 argc = opt_num_rest();
1648 for (; *argv; argv++) {
1649 const char *algo = *argv;
1651 if (opt_found(algo, doit_choices, &i)) {
1655 if (strcmp(algo, "des") == 0) {
1656 doit[D_CBC_DES] = doit[D_EDE3_DES] = 1;
1659 if (strcmp(algo, "sha") == 0) {
1660 doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
1663 #ifndef OPENSSL_NO_DEPRECATED_3_0
1664 if (strcmp(algo, "openssl") == 0) /* just for compatibility */
1667 if (strncmp(algo, "rsa", 3) == 0) {
1668 if (algo[3] == '\0') {
1669 memset(rsa_doit, 1, sizeof(rsa_doit));
1672 if (opt_found(algo, rsa_choices, &i)) {
1677 #ifndef OPENSSL_NO_DH
1678 if (strncmp(algo, "ffdh", 4) == 0) {
1679 if (algo[4] == '\0') {
1680 memset(ffdh_doit, 1, sizeof(ffdh_doit));
1683 if (opt_found(algo, ffdh_choices, &i)) {
1689 if (strncmp(algo, "dsa", 3) == 0) {
1690 if (algo[3] == '\0') {
1691 memset(dsa_doit, 1, sizeof(dsa_doit));
1694 if (opt_found(algo, dsa_choices, &i)) {
1699 if (strcmp(algo, "aes") == 0) {
1700 doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1;
1703 if (strcmp(algo, "camellia") == 0) {
1704 doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
1707 if (strncmp(algo, "ecdsa", 5) == 0) {
1708 if (algo[5] == '\0') {
1709 memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
1712 if (opt_found(algo, ecdsa_choices, &i)) {
1717 if (strncmp(algo, "ecdh", 4) == 0) {
1718 if (algo[4] == '\0') {
1719 memset(ecdh_doit, 1, sizeof(ecdh_doit));
1722 if (opt_found(algo, ecdh_choices, &i)) {
1727 if (strcmp(algo, "eddsa") == 0) {
1728 memset(eddsa_doit, 1, sizeof(eddsa_doit));
1731 if (opt_found(algo, eddsa_choices, &i)) {
1735 #ifndef OPENSSL_NO_SM2
1736 if (strcmp(algo, "sm2") == 0) {
1737 memset(sm2_doit, 1, sizeof(sm2_doit));
1740 if (opt_found(algo, sm2_choices, &i)) {
1745 BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, algo);
1751 if (evp_cipher == NULL) {
1752 BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
1754 } else if (!(EVP_CIPHER_flags(evp_cipher) &
1755 EVP_CIPH_FLAG_AEAD_CIPHER)) {
1756 BIO_printf(bio_err, "%s is not an AEAD cipher\n",
1757 OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
1762 if (evp_cipher == NULL) {
1763 BIO_printf(bio_err, "-mb can be used only with a multi-block"
1764 " capable cipher\n");
1766 } else if (!(EVP_CIPHER_flags(evp_cipher) &
1767 EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
1768 BIO_printf(bio_err, "%s is not a multi-block capable\n",
1769 OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
1771 } else if (async_jobs > 0) {
1772 BIO_printf(bio_err, "Async mode is not supported with -mb");
1777 /* Initialize the job pool if async mode is enabled */
1778 if (async_jobs > 0) {
1779 async_init = ASYNC_init_thread(async_jobs, async_jobs);
1781 BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
1786 loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
1788 app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
1789 memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
1791 for (i = 0; i < loopargs_len; i++) {
1792 if (async_jobs > 0) {
1793 loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new();
1794 if (loopargs[i].wait_ctx == NULL) {
1795 BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n");
1800 buflen = lengths[size_num - 1];
1801 if (buflen < 36) /* size of random vector in RSA benchmark */
1803 buflen += MAX_MISALIGNMENT + 1;
1804 loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
1805 loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
1806 memset(loopargs[i].buf_malloc, 0, buflen);
1807 memset(loopargs[i].buf2_malloc, 0, buflen);
1809 /* Align the start of buffers on a 64 byte boundary */
1810 loopargs[i].buf = loopargs[i].buf_malloc + misalign;
1811 loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
1812 loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
1813 loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
1814 #ifndef OPENSSL_NO_DH
1815 loopargs[i].secret_ff_a = app_malloc(MAX_FFDH_SIZE, "FFDH secret a");
1816 loopargs[i].secret_ff_b = app_malloc(MAX_FFDH_SIZE, "FFDH secret b");
1821 if (multi && do_multi(multi, size_num))
1825 /* Initialize the engine after the fork */
1826 e = setup_engine(engine_id, 0);
1828 /* No parameters; turn on everything. */
1829 if (argc == 0 && !doit[D_EVP] && !doit[D_HMAC] && !doit[D_EVP_CMAC]) {
1832 memset(doit, 1, sizeof(doit));
1833 doit[D_EVP] = doit[D_EVP_CMAC] = 0;
1835 for (i = D_MD2; i <= D_WHIRLPOOL; i++) {
1836 if (!have_md(names[i]))
1839 for (i = D_CBC_DES; i <= D_CBC_256_CML; i++) {
1840 if (!have_cipher(names[i]))
1843 if ((mac = EVP_MAC_fetch(NULL, "GMAC", NULL)) != NULL)
1847 if ((mac = EVP_MAC_fetch(NULL, "HMAC", NULL)) != NULL)
1852 memset(rsa_doit, 1, sizeof(rsa_doit));
1853 #ifndef OPENSSL_NO_DH
1854 memset(ffdh_doit, 1, sizeof(ffdh_doit));
1856 memset(dsa_doit, 1, sizeof(dsa_doit));
1857 memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
1858 memset(ecdh_doit, 1, sizeof(ecdh_doit));
1859 memset(eddsa_doit, 1, sizeof(eddsa_doit));
1860 #ifndef OPENSSL_NO_SM2
1861 memset(sm2_doit, 1, sizeof(sm2_doit));
1864 for (i = 0; i < ALGOR_NUM; i++)
1868 if (usertime == 0 && !mr)
1870 "You have chosen to measure elapsed time "
1871 "instead of user CPU time.\n");
1874 signal(SIGALRM, alarmed);
1878 for (testnum = 0; testnum < size_num; testnum++) {
1879 print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum],
1882 count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
1884 print_result(D_MD2, testnum, count, d);
1891 for (testnum = 0; testnum < size_num; testnum++) {
1892 print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum],
1895 count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
1897 print_result(D_MDC2, testnum, count, d);
1904 for (testnum = 0; testnum < size_num; testnum++) {
1905 print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum],
1908 count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
1910 print_result(D_MD4, testnum, count, d);
1917 for (testnum = 0; testnum < size_num; testnum++) {
1918 print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum],
1921 count = run_benchmark(async_jobs, MD5_loop, loopargs);
1923 print_result(D_MD5, testnum, count, d);
1930 for (testnum = 0; testnum < size_num; testnum++) {
1931 print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum],
1934 count = run_benchmark(async_jobs, SHA1_loop, loopargs);
1936 print_result(D_SHA1, testnum, count, d);
1942 if (doit[D_SHA256]) {
1943 for (testnum = 0; testnum < size_num; testnum++) {
1944 print_message(names[D_SHA256], c[D_SHA256][testnum],
1945 lengths[testnum], seconds.sym);
1947 count = run_benchmark(async_jobs, SHA256_loop, loopargs);
1949 print_result(D_SHA256, testnum, count, d);
1955 if (doit[D_SHA512]) {
1956 for (testnum = 0; testnum < size_num; testnum++) {
1957 print_message(names[D_SHA512], c[D_SHA512][testnum],
1958 lengths[testnum], seconds.sym);
1960 count = run_benchmark(async_jobs, SHA512_loop, loopargs);
1962 print_result(D_SHA512, testnum, count, d);
1968 if (doit[D_WHIRLPOOL]) {
1969 for (testnum = 0; testnum < size_num; testnum++) {
1970 print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum],
1971 lengths[testnum], seconds.sym);
1973 count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
1975 print_result(D_WHIRLPOOL, testnum, count, d);
1981 if (doit[D_RMD160]) {
1982 for (testnum = 0; testnum < size_num; testnum++) {
1983 print_message(names[D_RMD160], c[D_RMD160][testnum],
1984 lengths[testnum], seconds.sym);
1986 count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
1988 print_result(D_RMD160, testnum, count, d);
1995 static const char hmac_key[] = "This is a key...";
1996 int len = strlen(hmac_key);
1997 EVP_MAC *mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
1998 OSSL_PARAM params[3];
2000 if (mac == NULL || evp_mac_mdname == NULL)
2003 evp_hmac_name = app_malloc(sizeof("hmac()") + strlen(evp_mac_mdname),
2005 sprintf(evp_hmac_name, "hmac(%s)", evp_mac_mdname);
2006 names[D_HMAC] = evp_hmac_name;
2009 OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
2012 OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
2013 (char *)hmac_key, len);
2014 params[2] = OSSL_PARAM_construct_end();
2016 for (i = 0; i < loopargs_len; i++) {
2017 loopargs[i].mctx = EVP_MAC_CTX_new(mac);
2018 if (loopargs[i].mctx == NULL)
2021 if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
2024 for (testnum = 0; testnum < size_num; testnum++) {
2025 print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
2028 count = run_benchmark(async_jobs, HMAC_loop, loopargs);
2030 print_result(D_HMAC, testnum, count, d);
2034 for (i = 0; i < loopargs_len; i++)
2035 EVP_MAC_CTX_free(loopargs[i].mctx);
2039 if (doit[D_CBC_DES]) {
2042 for (i = 0; st && i < loopargs_len; i++) {
2043 loopargs[i].ctx = init_evp_cipher_ctx("des-cbc", deskey,
2044 sizeof(deskey) / 3);
2045 st = loopargs[i].ctx != NULL;
2047 algindex = D_CBC_DES;
2048 for (testnum = 0; st && testnum < size_num; testnum++) {
2049 print_message(names[D_CBC_DES], c[D_CBC_DES][testnum],
2050 lengths[testnum], seconds.sym);
2052 count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2054 print_result(D_CBC_DES, testnum, count, d);
2056 for (i = 0; i < loopargs_len; i++)
2057 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2060 if (doit[D_EDE3_DES]) {
2063 for (i = 0; st && i < loopargs_len; i++) {
2064 loopargs[i].ctx = init_evp_cipher_ctx("des-ede3-cbc", deskey,
2066 st = loopargs[i].ctx != NULL;
2068 algindex = D_EDE3_DES;
2069 for (testnum = 0; st && testnum < size_num; testnum++) {
2070 print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum],
2071 lengths[testnum], seconds.sym);
2074 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2076 print_result(D_EDE3_DES, testnum, count, d);
2078 for (i = 0; i < loopargs_len; i++)
2079 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2082 for (k = 0; k < 3; k++) {
2083 algindex = D_CBC_128_AES + k;
2084 if (doit[algindex]) {
2087 keylen = 16 + i * 8;
2088 for (i = 0; st && i < loopargs_len; i++) {
2089 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2091 st = loopargs[i].ctx != NULL;
2094 for (testnum = 0; st && testnum < size_num; testnum++) {
2095 print_message(names[algindex], c[algindex][testnum],
2096 lengths[testnum], seconds.sym);
2099 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2101 print_result(algindex, testnum, count, d);
2103 for (i = 0; i < loopargs_len; i++)
2104 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2108 for (k = 0; k < 3; k++) {
2109 algindex = D_CBC_128_CML + k;
2110 if (doit[algindex]) {
2113 keylen = 16 + i * 8;
2114 for (i = 0; st && i < loopargs_len; i++) {
2115 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2117 st = loopargs[i].ctx != NULL;
2120 for (testnum = 0; st && testnum < size_num; testnum++) {
2121 print_message(names[algindex], c[algindex][testnum],
2122 lengths[testnum], seconds.sym);
2125 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2127 print_result(algindex, testnum, count, d);
2129 for (i = 0; i < loopargs_len; i++)
2130 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2134 for (algindex = D_RC4; algindex <= D_CBC_CAST; algindex++) {
2135 if (doit[algindex]) {
2139 for (i = 0; st && i < loopargs_len; i++) {
2140 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2142 st = loopargs[i].ctx != NULL;
2145 for (testnum = 0; st && testnum < size_num; testnum++) {
2146 print_message(names[algindex], c[algindex][testnum],
2147 lengths[testnum], seconds.sym);
2150 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2152 print_result(algindex, testnum, count, d);
2154 for (i = 0; i < loopargs_len; i++)
2155 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2158 if (doit[D_GHASH]) {
2159 static const char gmac_iv[] = "0123456789ab";
2160 EVP_MAC *mac = EVP_MAC_fetch(NULL, "GMAC", NULL);
2161 OSSL_PARAM params[4];
2166 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
2168 params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
2170 params[2] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
2172 sizeof(gmac_iv) - 1);
2173 params[3] = OSSL_PARAM_construct_end();
2175 for (i = 0; i < loopargs_len; i++) {
2176 loopargs[i].mctx = EVP_MAC_CTX_new(mac);
2177 if (loopargs[i].mctx == NULL)
2180 if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
2182 if (!EVP_MAC_init(loopargs[i].mctx))
2185 for (testnum = 0; testnum < size_num; testnum++) {
2186 print_message(names[D_GHASH], c[D_GHASH][testnum], lengths[testnum],
2189 count = run_benchmark(async_jobs, GHASH_loop, loopargs);
2191 print_result(D_GHASH, testnum, count, d);
2195 for (i = 0; i < loopargs_len; i++)
2196 EVP_MAC_CTX_free(loopargs[i].mctx);
2201 for (testnum = 0; testnum < size_num; testnum++) {
2202 print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum],
2205 count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs);
2207 print_result(D_RAND, testnum, count, d);
2212 if (evp_cipher != NULL) {
2213 int (*loopfunc) (void *) = EVP_Update_loop;
2215 if (multiblock && (EVP_CIPHER_flags(evp_cipher) &
2216 EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
2217 multiblock_speed(evp_cipher, lengths_single, &seconds);
2222 names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
2224 if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
2225 loopfunc = EVP_Update_loop_ccm;
2226 } else if (aead && (EVP_CIPHER_flags(evp_cipher) &
2227 EVP_CIPH_FLAG_AEAD_CIPHER)) {
2228 loopfunc = EVP_Update_loop_aead;
2229 if (lengths == lengths_list) {
2230 lengths = aead_lengths_list;
2231 size_num = OSSL_NELEM(aead_lengths_list);
2235 for (testnum = 0; testnum < size_num; testnum++) {
2236 print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
2239 for (k = 0; k < loopargs_len; k++) {
2240 loopargs[k].ctx = EVP_CIPHER_CTX_new();
2241 if (loopargs[k].ctx == NULL) {
2242 BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
2245 if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL,
2246 NULL, iv, decrypt ? 0 : 1)) {
2247 BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
2248 ERR_print_errors(bio_err);
2252 EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
2254 keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx);
2255 loopargs[k].key = app_malloc(keylen, "evp_cipher key");
2256 EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
2257 if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
2258 loopargs[k].key, NULL, -1)) {
2259 BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
2260 ERR_print_errors(bio_err);
2263 OPENSSL_clear_free(loopargs[k].key, keylen);
2265 /* SIV mode only allows for a single Update operation */
2266 if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_SIV_MODE)
2267 EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, EVP_CTRL_SET_SPEED,
2272 count = run_benchmark(async_jobs, loopfunc, loopargs);
2274 for (k = 0; k < loopargs_len; k++)
2275 EVP_CIPHER_CTX_free(loopargs[k].ctx);
2276 print_result(D_EVP, testnum, count, d);
2278 } else if (evp_md_name != NULL) {
2279 names[D_EVP] = evp_md_name;
2281 for (testnum = 0; testnum < size_num; testnum++) {
2282 print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
2285 count = run_benchmark(async_jobs, EVP_Digest_md_loop, loopargs);
2287 print_result(D_EVP, testnum, count, d);
2294 if (doit[D_EVP_CMAC]) {
2295 EVP_MAC *mac = EVP_MAC_fetch(NULL, "CMAC", NULL);
2296 OSSL_PARAM params[3];
2300 if (mac == NULL || evp_mac_ciphername == NULL)
2302 if ((cipher = obtain_cipher(evp_mac_ciphername, &fetched)) == NULL)
2305 keylen = EVP_CIPHER_key_length(cipher);
2307 EVP_CIPHER_free(cipher);
2308 if (keylen <= 0 || keylen > (int)sizeof(key32)) {
2309 BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n");
2312 evp_cmac_name = app_malloc(sizeof("cmac()")
2313 + strlen(evp_mac_ciphername), "CMAC name");
2314 sprintf(evp_cmac_name, "cmac(%s)", evp_mac_ciphername);
2315 names[D_EVP_CMAC] = evp_cmac_name;
2317 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
2318 evp_mac_ciphername, 0);
2319 params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
2320 (char *)key32, keylen);
2321 params[2] = OSSL_PARAM_construct_end();
2323 for (i = 0; i < loopargs_len; i++) {
2324 loopargs[i].mctx = EVP_MAC_CTX_new(mac);
2325 if (loopargs[i].mctx == NULL)
2328 if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
2332 for (testnum = 0; testnum < size_num; testnum++) {
2333 print_message(names[D_EVP_CMAC], c[D_EVP_CMAC][testnum],
2334 lengths[testnum], seconds.sym);
2336 count = run_benchmark(async_jobs, CMAC_loop, loopargs);
2338 print_result(D_EVP_CMAC, testnum, count, d);
2342 for (i = 0; i < loopargs_len; i++)
2343 EVP_MAC_CTX_free(loopargs[i].mctx);
2347 for (i = 0; i < loopargs_len; i++)
2348 if (RAND_bytes(loopargs[i].buf, 36) <= 0)
2351 for (testnum = 0; testnum < RSA_NUM; testnum++) {
2352 EVP_PKEY *rsa_key = NULL;
2355 if (!rsa_doit[testnum])
2358 if (primes > RSA_DEFAULT_PRIME_NUM) {
2359 /* we haven't set keys yet, generate multi-prime RSA keys */
2362 && BN_set_word(bn, RSA_F4)
2363 && init_gen_str(&genctx, "RSA", NULL, 0, NULL, NULL)
2364 && EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, rsa_keys[testnum].bits) > 0
2365 && EVP_PKEY_CTX_set1_rsa_keygen_pubexp(genctx, bn) > 0
2366 && EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) > 0
2367 && EVP_PKEY_keygen(genctx, &rsa_key);
2370 EVP_PKEY_CTX_free(genctx);
2373 const unsigned char *p = rsa_keys[testnum].data;
2375 st = (rsa_key = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p,
2376 rsa_keys[testnum].length)) != NULL;
2379 for (i = 0; st && i < loopargs_len; i++) {
2380 loopargs[i].rsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL);
2381 if (loopargs[i].rsa_sign_ctx[testnum] == NULL
2382 || EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0
2383 || EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum],
2385 &loopargs[i].sigsize,
2386 loopargs[i].buf, 36) <= 0)
2391 "RSA sign setup failure. No RSA sign will be done.\n");
2392 ERR_print_errors(bio_err);
2395 pkey_print_message("private", "rsa",
2396 rsa_c[testnum][0], rsa_keys[testnum].bits,
2398 /* RSA_blinding_on(rsa_key[testnum],NULL); */
2400 count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
2403 mr ? "+R1:%ld:%d:%.2f\n"
2404 : "%ld %u bits private RSA's in %.2fs\n",
2405 count, rsa_keys[testnum].bits, d);
2406 rsa_results[testnum][0] = (double)count / d;
2410 for (i = 0; st && i < loopargs_len; i++) {
2411 loopargs[i].rsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key,
2413 if (loopargs[i].rsa_verify_ctx[testnum] == NULL
2414 || EVP_PKEY_verify_init(loopargs[i].rsa_verify_ctx[testnum]) <= 0
2415 || EVP_PKEY_verify(loopargs[i].rsa_verify_ctx[testnum],
2417 loopargs[i].sigsize,
2418 loopargs[i].buf, 36) <= 0)
2423 "RSA verify setup failure. No RSA verify will be done.\n");
2424 ERR_print_errors(bio_err);
2425 rsa_doit[testnum] = 0;
2427 pkey_print_message("public", "rsa",
2428 rsa_c[testnum][1], rsa_keys[testnum].bits,
2431 count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
2434 mr ? "+R2:%ld:%d:%.2f\n"
2435 : "%ld %u bits public RSA's in %.2fs\n",
2436 count, rsa_keys[testnum].bits, d);
2437 rsa_results[testnum][1] = (double)count / d;
2440 if (op_count <= 1) {
2441 /* if longer than 10s, don't do any more */
2442 stop_it(rsa_doit, testnum);
2444 EVP_PKEY_free(rsa_key);
2447 for (testnum = 0; testnum < DSA_NUM; testnum++) {
2448 EVP_PKEY *dsa_key = NULL;
2451 if (!dsa_doit[testnum])
2454 st = (dsa_key = get_dsa(dsa_bits[testnum])) != NULL;
2456 for (i = 0; st && i < loopargs_len; i++) {
2457 loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
2459 if (loopargs[i].dsa_sign_ctx[testnum] == NULL
2460 || EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0
2462 || EVP_PKEY_sign(loopargs[i].dsa_sign_ctx[testnum],
2464 &loopargs[i].sigsize,
2465 loopargs[i].buf, 20) <= 0)
2470 "DSA sign setup failure. No DSA sign will be done.\n");
2471 ERR_print_errors(bio_err);
2474 pkey_print_message("sign", "dsa",
2475 dsa_c[testnum][0], dsa_bits[testnum],
2478 count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
2481 mr ? "+R3:%ld:%u:%.2f\n"
2482 : "%ld %u bits DSA signs in %.2fs\n",
2483 count, dsa_bits[testnum], d);
2484 dsa_results[testnum][0] = (double)count / d;
2488 for (i = 0; st && i < loopargs_len; i++) {
2489 loopargs[i].dsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
2491 if (loopargs[i].dsa_verify_ctx[testnum] == NULL
2492 || EVP_PKEY_verify_init(loopargs[i].dsa_verify_ctx[testnum]) <= 0
2493 || EVP_PKEY_verify(loopargs[i].dsa_verify_ctx[testnum],
2495 loopargs[i].sigsize,
2496 loopargs[i].buf, 36) <= 0)
2501 "DSA verify setup failure. No DSA verify will be done.\n");
2502 ERR_print_errors(bio_err);
2503 dsa_doit[testnum] = 0;
2505 pkey_print_message("verify", "dsa",
2506 dsa_c[testnum][1], dsa_bits[testnum],
2509 count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
2512 mr ? "+R4:%ld:%u:%.2f\n"
2513 : "%ld %u bits DSA verify in %.2fs\n",
2514 count, dsa_bits[testnum], d);
2515 dsa_results[testnum][1] = (double)count / d;
2518 if (op_count <= 1) {
2519 /* if longer than 10s, don't do any more */
2520 stop_it(dsa_doit, testnum);
2522 EVP_PKEY_free(dsa_key);
2525 for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
2526 EVP_PKEY *ecdsa_key = NULL;
2529 if (!ecdsa_doit[testnum])
2532 st = (ecdsa_key = get_ecdsa(&ec_curves[testnum])) != NULL;
2534 for (i = 0; st && i < loopargs_len; i++) {
2535 loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
2537 if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL
2538 || EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0
2540 || EVP_PKEY_sign(loopargs[i].ecdsa_sign_ctx[testnum],
2542 &loopargs[i].sigsize,
2543 loopargs[i].buf, 20) <= 0)
2548 "ECDSA sign setup failure. No ECDSA sign will be done.\n");
2549 ERR_print_errors(bio_err);
2552 pkey_print_message("sign", "ecdsa",
2553 ecdsa_c[testnum][0], ec_curves[testnum].bits,
2556 count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
2559 mr ? "+R5:%ld:%u:%.2f\n"
2560 : "%ld %u bits ECDSA signs in %.2fs\n",
2561 count, ec_curves[testnum].bits, d);
2562 ecdsa_results[testnum][0] = (double)count / d;
2566 for (i = 0; st && i < loopargs_len; i++) {
2567 loopargs[i].ecdsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
2569 if (loopargs[i].ecdsa_verify_ctx[testnum] == NULL
2570 || EVP_PKEY_verify_init(loopargs[i].ecdsa_verify_ctx[testnum]) <= 0
2571 || EVP_PKEY_verify(loopargs[i].ecdsa_verify_ctx[testnum],
2573 loopargs[i].sigsize,
2574 loopargs[i].buf, 20) <= 0)
2579 "ECDSA verify setup failure. No ECDSA verify will be done.\n");
2580 ERR_print_errors(bio_err);
2581 ecdsa_doit[testnum] = 0;
2583 pkey_print_message("verify", "ecdsa",
2584 ecdsa_c[testnum][1], ec_curves[testnum].bits,
2587 count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
2590 mr ? "+R6:%ld:%u:%.2f\n"
2591 : "%ld %u bits ECDSA verify in %.2fs\n",
2592 count, ec_curves[testnum].bits, d);
2593 ecdsa_results[testnum][1] = (double)count / d;
2596 if (op_count <= 1) {
2597 /* if longer than 10s, don't do any more */
2598 stop_it(ecdsa_doit, testnum);
2602 for (testnum = 0; testnum < EC_NUM; testnum++) {
2603 int ecdh_checks = 1;
2605 if (!ecdh_doit[testnum])
2608 for (i = 0; i < loopargs_len; i++) {
2609 EVP_PKEY_CTX *test_ctx = NULL;
2610 EVP_PKEY_CTX *ctx = NULL;
2611 EVP_PKEY *key_A = NULL;
2612 EVP_PKEY *key_B = NULL;
2616 if ((key_A = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key A */
2617 || (key_B = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key B */
2618 || (ctx = EVP_PKEY_CTX_new(key_A, NULL)) == NULL /* derivation ctx from skeyA */
2619 || EVP_PKEY_derive_init(ctx) <= 0 /* init derivation ctx */
2620 || EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 /* set peer pubkey in ctx */
2621 || EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 /* determine max length */
2622 || outlen == 0 /* ensure outlen is a valid size */
2623 || outlen > MAX_ECDH_SIZE /* avoid buffer overflow */) {
2625 BIO_printf(bio_err, "ECDH key generation failure.\n");
2626 ERR_print_errors(bio_err);
2632 * Here we perform a test run, comparing the output of a*B and b*A;
2633 * we try this here and assume that further EVP_PKEY_derive calls
2634 * never fail, so we can skip checks in the actually benchmarked
2635 * code, for maximum performance.
2637 if ((test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) == NULL /* test ctx from skeyB */
2638 || !EVP_PKEY_derive_init(test_ctx) /* init derivation test_ctx */
2639 || !EVP_PKEY_derive_set_peer(test_ctx, key_A) /* set peer pubkey in test_ctx */
2640 || !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) /* determine max length */
2641 || !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) /* compute a*B */
2642 || !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) /* compute b*A */
2643 || test_outlen != outlen /* compare output length */) {
2645 BIO_printf(bio_err, "ECDH computation failure.\n");
2646 ERR_print_errors(bio_err);
2651 /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
2652 if (CRYPTO_memcmp(loopargs[i].secret_a,
2653 loopargs[i].secret_b, outlen)) {
2655 BIO_printf(bio_err, "ECDH computations don't match.\n");
2656 ERR_print_errors(bio_err);
2661 loopargs[i].ecdh_ctx[testnum] = ctx;
2662 loopargs[i].outlen[testnum] = outlen;
2664 EVP_PKEY_free(key_A);
2665 EVP_PKEY_free(key_B);
2666 EVP_PKEY_CTX_free(test_ctx);
2669 if (ecdh_checks != 0) {
2670 pkey_print_message("", "ecdh",
2672 ec_curves[testnum].bits, seconds.ecdh);
2675 run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
2678 mr ? "+R7:%ld:%d:%.2f\n" :
2679 "%ld %u-bits ECDH ops in %.2fs\n", count,
2680 ec_curves[testnum].bits, d);
2681 ecdh_results[testnum][0] = (double)count / d;
2685 if (op_count <= 1) {
2686 /* if longer than 10s, don't do any more */
2687 stop_it(ecdh_doit, testnum);
2691 for (testnum = 0; testnum < EdDSA_NUM; testnum++) {
2693 EVP_PKEY *ed_pkey = NULL;
2694 EVP_PKEY_CTX *ed_pctx = NULL;
2696 if (!eddsa_doit[testnum])
2697 continue; /* Ignore Curve */
2698 for (i = 0; i < loopargs_len; i++) {
2699 loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new();
2700 if (loopargs[i].eddsa_ctx[testnum] == NULL) {
2704 loopargs[i].eddsa_ctx2[testnum] = EVP_MD_CTX_new();
2705 if (loopargs[i].eddsa_ctx2[testnum] == NULL) {
2710 if ((ed_pctx = EVP_PKEY_CTX_new_id(ed_curves[testnum].nid,
2712 || EVP_PKEY_keygen_init(ed_pctx) <= 0
2713 || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) {
2715 EVP_PKEY_CTX_free(ed_pctx);
2718 EVP_PKEY_CTX_free(ed_pctx);
2720 if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL,
2723 EVP_PKEY_free(ed_pkey);
2726 if (!EVP_DigestVerifyInit(loopargs[i].eddsa_ctx2[testnum], NULL,
2727 NULL, NULL, ed_pkey)) {
2729 EVP_PKEY_free(ed_pkey);
2733 EVP_PKEY_free(ed_pkey);
2737 BIO_printf(bio_err, "EdDSA failure.\n");
2738 ERR_print_errors(bio_err);
2741 for (i = 0; i < loopargs_len; i++) {
2742 /* Perform EdDSA signature test */
2743 loopargs[i].sigsize = ed_curves[testnum].sigsize;
2744 st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum],
2745 loopargs[i].buf2, &loopargs[i].sigsize,
2746 loopargs[i].buf, 20);
2752 "EdDSA sign failure. No EdDSA sign will be done.\n");
2753 ERR_print_errors(bio_err);
2756 pkey_print_message("sign", ed_curves[testnum].name,
2757 eddsa_c[testnum][0],
2758 ed_curves[testnum].bits, seconds.eddsa);
2760 count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs);
2764 mr ? "+R8:%ld:%u:%s:%.2f\n" :
2765 "%ld %u bits %s signs in %.2fs \n",
2766 count, ed_curves[testnum].bits,
2767 ed_curves[testnum].name, d);
2768 eddsa_results[testnum][0] = (double)count / d;
2771 /* Perform EdDSA verification test */
2772 for (i = 0; i < loopargs_len; i++) {
2773 st = EVP_DigestVerify(loopargs[i].eddsa_ctx2[testnum],
2774 loopargs[i].buf2, loopargs[i].sigsize,
2775 loopargs[i].buf, 20);
2781 "EdDSA verify failure. No EdDSA verify will be done.\n");
2782 ERR_print_errors(bio_err);
2783 eddsa_doit[testnum] = 0;
2785 pkey_print_message("verify", ed_curves[testnum].name,
2786 eddsa_c[testnum][1],
2787 ed_curves[testnum].bits, seconds.eddsa);
2789 count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs);
2792 mr ? "+R9:%ld:%u:%s:%.2f\n"
2793 : "%ld %u bits %s verify in %.2fs\n",
2794 count, ed_curves[testnum].bits,
2795 ed_curves[testnum].name, d);
2796 eddsa_results[testnum][1] = (double)count / d;
2799 if (op_count <= 1) {
2800 /* if longer than 10s, don't do any more */
2801 stop_it(eddsa_doit, testnum);
2806 #ifndef OPENSSL_NO_SM2
2807 for (testnum = 0; testnum < SM2_NUM; testnum++) {
2809 EVP_PKEY *sm2_pkey = NULL;
2811 if (!sm2_doit[testnum])
2812 continue; /* Ignore Curve */
2813 /* Init signing and verification */
2814 for (i = 0; i < loopargs_len; i++) {
2815 EVP_PKEY_CTX *sm2_pctx = NULL;
2816 EVP_PKEY_CTX *sm2_vfy_pctx = NULL;
2817 EVP_PKEY_CTX *pctx = NULL;
2820 loopargs[i].sm2_ctx[testnum] = EVP_MD_CTX_new();
2821 loopargs[i].sm2_vfy_ctx[testnum] = EVP_MD_CTX_new();
2822 if (loopargs[i].sm2_ctx[testnum] == NULL
2823 || loopargs[i].sm2_vfy_ctx[testnum] == NULL)
2828 st = !((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL)) == NULL
2829 || EVP_PKEY_keygen_init(pctx) <= 0
2830 || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
2831 sm2_curves[testnum].nid) <= 0
2832 || EVP_PKEY_keygen(pctx, &sm2_pkey) <= 0);
2833 EVP_PKEY_CTX_free(pctx);
2837 st = 0; /* set back to zero */
2838 /* attach it sooner to rely on main final cleanup */
2839 loopargs[i].sm2_pkey[testnum] = sm2_pkey;
2840 loopargs[i].sigsize = EVP_PKEY_size(sm2_pkey);
2842 sm2_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
2843 sm2_vfy_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
2844 if (sm2_pctx == NULL || sm2_vfy_pctx == NULL) {
2845 EVP_PKEY_CTX_free(sm2_vfy_pctx);
2849 /* attach them directly to respective ctx */
2850 EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_ctx[testnum], sm2_pctx);
2851 EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_vfy_ctx[testnum], sm2_vfy_pctx);
2854 * No need to allow user to set an explicit ID here, just use
2855 * the one defined in the 'draft-yang-tls-tl13-sm-suites' I-D.
2857 if (EVP_PKEY_CTX_set1_id(sm2_pctx, SM2_ID, SM2_ID_LEN) != 1
2858 || EVP_PKEY_CTX_set1_id(sm2_vfy_pctx, SM2_ID, SM2_ID_LEN) != 1)
2861 if (!EVP_DigestSignInit(loopargs[i].sm2_ctx[testnum], NULL,
2862 EVP_sm3(), NULL, sm2_pkey))
2864 if (!EVP_DigestVerifyInit(loopargs[i].sm2_vfy_ctx[testnum], NULL,
2865 EVP_sm3(), NULL, sm2_pkey))
2867 st = 1; /* mark loop as succeeded */
2870 BIO_printf(bio_err, "SM2 init failure.\n");
2871 ERR_print_errors(bio_err);
2874 for (i = 0; i < loopargs_len; i++) {
2875 /* Perform SM2 signature test */
2876 st = EVP_DigestSign(loopargs[i].sm2_ctx[testnum],
2877 loopargs[i].buf2, &loopargs[i].sigsize,
2878 loopargs[i].buf, 20);
2884 "SM2 sign failure. No SM2 sign will be done.\n");
2885 ERR_print_errors(bio_err);
2888 pkey_print_message("sign", sm2_curves[testnum].name,
2890 sm2_curves[testnum].bits, seconds.sm2);
2892 count = run_benchmark(async_jobs, SM2_sign_loop, loopargs);
2896 mr ? "+R10:%ld:%u:%s:%.2f\n" :
2897 "%ld %u bits %s signs in %.2fs \n",
2898 count, sm2_curves[testnum].bits,
2899 sm2_curves[testnum].name, d);
2900 sm2_results[testnum][0] = (double)count / d;
2904 /* Perform SM2 verification test */
2905 for (i = 0; i < loopargs_len; i++) {
2906 st = EVP_DigestVerify(loopargs[i].sm2_vfy_ctx[testnum],
2907 loopargs[i].buf2, loopargs[i].sigsize,
2908 loopargs[i].buf, 20);
2914 "SM2 verify failure. No SM2 verify will be done.\n");
2915 ERR_print_errors(bio_err);
2916 sm2_doit[testnum] = 0;
2918 pkey_print_message("verify", sm2_curves[testnum].name,
2920 sm2_curves[testnum].bits, seconds.sm2);
2922 count = run_benchmark(async_jobs, SM2_verify_loop, loopargs);
2925 mr ? "+R11:%ld:%u:%s:%.2f\n"
2926 : "%ld %u bits %s verify in %.2fs\n",
2927 count, sm2_curves[testnum].bits,
2928 sm2_curves[testnum].name, d);
2929 sm2_results[testnum][1] = (double)count / d;
2932 if (op_count <= 1) {
2933 /* if longer than 10s, don't do any more */
2934 for (testnum++; testnum < SM2_NUM; testnum++)
2935 sm2_doit[testnum] = 0;
2939 #endif /* OPENSSL_NO_SM2 */
2941 #ifndef OPENSSL_NO_DH
2942 for (testnum = 0; testnum < FFDH_NUM; testnum++) {
2943 int ffdh_checks = 1;
2945 if (!ffdh_doit[testnum])
2948 for (i = 0; i < loopargs_len; i++) {
2949 EVP_PKEY *pkey_A = NULL;
2950 EVP_PKEY *pkey_B = NULL;
2951 EVP_PKEY_CTX *ffdh_ctx = NULL;
2952 EVP_PKEY_CTX *test_ctx = NULL;
2956 /* Ensure that the error queue is empty */
2957 if (ERR_peek_error()) {
2959 "WARNING: the error queue contains previous unhandled errors.\n");
2960 ERR_print_errors(bio_err);
2963 pkey_A = EVP_PKEY_new();
2965 BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
2966 ERR_print_errors(bio_err);
2971 pkey_B = EVP_PKEY_new();
2973 BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
2974 ERR_print_errors(bio_err);
2980 ffdh_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
2982 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
2983 ERR_print_errors(bio_err);
2989 if (EVP_PKEY_keygen_init(ffdh_ctx) <= 0) {
2990 BIO_printf(bio_err, "Error while initialising EVP_PKEY_CTX.\n");
2991 ERR_print_errors(bio_err);
2996 if (EVP_PKEY_CTX_set_dh_nid(ffdh_ctx, ffdh_params[testnum].nid) <= 0) {
2997 BIO_printf(bio_err, "Error setting DH key size for keygen.\n");
2998 ERR_print_errors(bio_err);
3004 if (EVP_PKEY_keygen(ffdh_ctx, &pkey_A) <= 0 ||
3005 EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) {
3006 BIO_printf(bio_err, "FFDH key generation failure.\n");
3007 ERR_print_errors(bio_err);
3013 EVP_PKEY_CTX_free(ffdh_ctx);
3016 * check if the derivation works correctly both ways so that
3017 * we know if future derive calls will fail, and we can skip
3018 * error checking in benchmarked code
3020 ffdh_ctx = EVP_PKEY_CTX_new(pkey_A, NULL);
3021 if (ffdh_ctx == NULL) {
3022 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
3023 ERR_print_errors(bio_err);
3028 if (EVP_PKEY_derive_init(ffdh_ctx) <= 0) {
3029 BIO_printf(bio_err, "FFDH derivation context init failure.\n");
3030 ERR_print_errors(bio_err);
3035 if (EVP_PKEY_derive_set_peer(ffdh_ctx, pkey_B) <= 0) {
3036 BIO_printf(bio_err, "Assigning peer key for derivation failed.\n");
3037 ERR_print_errors(bio_err);
3042 if (EVP_PKEY_derive(ffdh_ctx, NULL, &secret_size) <= 0) {
3043 BIO_printf(bio_err, "Checking size of shared secret failed.\n");
3044 ERR_print_errors(bio_err);
3049 if (secret_size > MAX_FFDH_SIZE) {
3050 BIO_printf(bio_err, "Assertion failure: shared secret too large.\n");
3055 if (EVP_PKEY_derive(ffdh_ctx,
3056 loopargs[i].secret_ff_a,
3057 &secret_size) <= 0) {
3058 BIO_printf(bio_err, "Shared secret derive failure.\n");
3059 ERR_print_errors(bio_err);
3064 /* Now check from side B */
3065 test_ctx = EVP_PKEY_CTX_new(pkey_B, NULL);
3067 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
3068 ERR_print_errors(bio_err);
3073 if (!EVP_PKEY_derive_init(test_ctx) ||
3074 !EVP_PKEY_derive_set_peer(test_ctx, pkey_A) ||
3075 !EVP_PKEY_derive(test_ctx, NULL, &test_out) ||
3076 !EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) ||
3077 test_out != secret_size) {
3078 BIO_printf(bio_err, "FFDH computation failure.\n");
3084 /* compare the computed secrets */
3085 if (CRYPTO_memcmp(loopargs[i].secret_ff_a,
3086 loopargs[i].secret_ff_b, secret_size)) {
3087 BIO_printf(bio_err, "FFDH computations don't match.\n");
3088 ERR_print_errors(bio_err);
3094 loopargs[i].ffdh_ctx[testnum] = ffdh_ctx;
3096 EVP_PKEY_free(pkey_A);
3098 EVP_PKEY_free(pkey_B);
3100 EVP_PKEY_CTX_free(test_ctx);
3103 if (ffdh_checks != 0) {
3104 pkey_print_message("", "ffdh", ffdh_c[testnum][0],
3105 ffdh_params[testnum].bits, seconds.ffdh);
3108 run_benchmark(async_jobs, FFDH_derive_key_loop, loopargs);
3111 mr ? "+R12:%ld:%d:%.2f\n" :
3112 "%ld %u-bits FFDH ops in %.2fs\n", count,
3113 ffdh_params[testnum].bits, d);
3114 ffdh_results[testnum][0] = (double)count / d;
3117 if (op_count <= 1) {
3118 /* if longer than 10s, don't do any more */
3119 stop_it(ffdh_doit, testnum);
3122 #endif /* OPENSSL_NO_DH */
3127 printf("version: %s\n", OpenSSL_version(OPENSSL_FULL_VERSION_STRING));
3128 printf("built on: %s\n", OpenSSL_version(OPENSSL_BUILT_ON));
3130 printf("%s ", BN_options());
3131 printf("\n%s\n", OpenSSL_version(OPENSSL_CFLAGS));
3132 printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO));
3139 printf("The 'numbers' are in 1000s of bytes per second processed.\n");
3142 for (testnum = 0; testnum < size_num; testnum++)
3143 printf(mr ? ":%d" : "%7d bytes", lengths[testnum]);
3147 for (k = 0; k < ALGOR_NUM; k++) {
3151 printf("+F:%u:%s", k, names[k]);
3153 printf("%-13s", names[k]);
3154 for (testnum = 0; testnum < size_num; testnum++) {
3155 if (results[k][testnum] > 10000 && !mr)
3156 printf(" %11.2fk", results[k][testnum] / 1e3);
3158 printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
3163 for (k = 0; k < RSA_NUM; k++) {
3166 if (testnum && !mr) {
3167 printf("%18ssign verify sign/s verify/s\n", " ");
3171 printf("+F2:%u:%u:%f:%f\n",
3172 k, rsa_keys[k].bits, rsa_results[k][0], rsa_results[k][1]);
3174 printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3175 rsa_keys[k].bits, 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1],
3176 rsa_results[k][0], rsa_results[k][1]);
3179 for (k = 0; k < DSA_NUM; k++) {
3182 if (testnum && !mr) {
3183 printf("%18ssign verify sign/s verify/s\n", " ");
3187 printf("+F3:%u:%u:%f:%f\n",
3188 k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
3190 printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3191 dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
3192 dsa_results[k][0], dsa_results[k][1]);
3195 for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
3198 if (testnum && !mr) {
3199 printf("%30ssign verify sign/s verify/s\n", " ");
3204 printf("+F4:%u:%u:%f:%f\n",
3205 k, ec_curves[k].bits,
3206 ecdsa_results[k][0], ecdsa_results[k][1]);
3208 printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3209 ec_curves[k].bits, ec_curves[k].name,
3210 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
3211 ecdsa_results[k][0], ecdsa_results[k][1]);
3215 for (k = 0; k < EC_NUM; k++) {
3218 if (testnum && !mr) {
3219 printf("%30sop op/s\n", " ");
3223 printf("+F5:%u:%u:%f:%f\n",
3224 k, ec_curves[k].bits,
3225 ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
3228 printf("%4u bits ecdh (%s) %8.4fs %8.1f\n",
3229 ec_curves[k].bits, ec_curves[k].name,
3230 1.0 / ecdh_results[k][0], ecdh_results[k][0]);
3234 for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) {
3237 if (testnum && !mr) {
3238 printf("%30ssign verify sign/s verify/s\n", " ");
3243 printf("+F6:%u:%u:%s:%f:%f\n",
3244 k, ed_curves[k].bits, ed_curves[k].name,
3245 eddsa_results[k][0], eddsa_results[k][1]);
3247 printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3248 ed_curves[k].bits, ed_curves[k].name,
3249 1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1],
3250 eddsa_results[k][0], eddsa_results[k][1]);
3253 #ifndef OPENSSL_NO_SM2
3255 for (k = 0; k < OSSL_NELEM(sm2_doit); k++) {
3258 if (testnum && !mr) {
3259 printf("%30ssign verify sign/s verify/s\n", " ");
3264 printf("+F7:%u:%u:%s:%f:%f\n",
3265 k, sm2_curves[k].bits, sm2_curves[k].name,
3266 sm2_results[k][0], sm2_results[k][1]);
3268 printf("%4u bits SM2 (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3269 sm2_curves[k].bits, sm2_curves[k].name,
3270 1.0 / sm2_results[k][0], 1.0 / sm2_results[k][1],
3271 sm2_results[k][0], sm2_results[k][1]);
3274 #ifndef OPENSSL_NO_DH
3276 for (k = 0; k < FFDH_NUM; k++) {
3279 if (testnum && !mr) {
3280 printf("%23sop op/s\n", " ");
3284 printf("+F8:%u:%u:%f:%f\n",
3285 k, ffdh_params[k].bits,
3286 ffdh_results[k][0], 1.0 / ffdh_results[k][0]);
3289 printf("%4u bits ffdh %8.4fs %8.1f\n",
3290 ffdh_params[k].bits,
3291 1.0 / ffdh_results[k][0], ffdh_results[k][0]);
3293 #endif /* OPENSSL_NO_DH */
3298 ERR_print_errors(bio_err);
3299 for (i = 0; i < loopargs_len; i++) {
3300 OPENSSL_free(loopargs[i].buf_malloc);
3301 OPENSSL_free(loopargs[i].buf2_malloc);
3304 EVP_PKEY_CTX_free(genctx);
3305 for (k = 0; k < RSA_NUM; k++) {
3306 EVP_PKEY_CTX_free(loopargs[i].rsa_sign_ctx[k]);
3307 EVP_PKEY_CTX_free(loopargs[i].rsa_verify_ctx[k]);
3309 #ifndef OPENSSL_NO_DH
3310 OPENSSL_free(loopargs[i].secret_ff_a);
3311 OPENSSL_free(loopargs[i].secret_ff_b);
3312 for (k = 0; k < FFDH_NUM; k++)
3313 EVP_PKEY_CTX_free(loopargs[i].ffdh_ctx[k]);
3315 for (k = 0; k < DSA_NUM; k++) {
3316 EVP_PKEY_CTX_free(loopargs[i].dsa_sign_ctx[k]);
3317 EVP_PKEY_CTX_free(loopargs[i].dsa_verify_ctx[k]);
3319 for (k = 0; k < ECDSA_NUM; k++) {
3320 EVP_PKEY_CTX_free(loopargs[i].ecdsa_sign_ctx[k]);
3321 EVP_PKEY_CTX_free(loopargs[i].ecdsa_verify_ctx[k]);
3323 for (k = 0; k < EC_NUM; k++)
3324 EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
3325 for (k = 0; k < EdDSA_NUM; k++) {
3326 EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]);
3327 EVP_MD_CTX_free(loopargs[i].eddsa_ctx2[k]);
3329 #ifndef OPENSSL_NO_SM2
3330 for (k = 0; k < SM2_NUM; k++) {
3331 EVP_PKEY_CTX *pctx = NULL;
3333 /* free signing ctx */
3334 if (loopargs[i].sm2_ctx[k] != NULL
3335 && (pctx = EVP_MD_CTX_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL)
3336 EVP_PKEY_CTX_free(pctx);
3337 EVP_MD_CTX_free(loopargs[i].sm2_ctx[k]);
3338 /* free verification ctx */
3339 if (loopargs[i].sm2_vfy_ctx[k] != NULL
3340 && (pctx = EVP_MD_CTX_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL)
3341 EVP_PKEY_CTX_free(pctx);
3342 EVP_MD_CTX_free(loopargs[i].sm2_vfy_ctx[k]);
3344 EVP_PKEY_free(loopargs[i].sm2_pkey[k]);
3347 OPENSSL_free(loopargs[i].secret_a);
3348 OPENSSL_free(loopargs[i].secret_b);
3350 OPENSSL_free(evp_hmac_name);
3351 OPENSSL_free(evp_cmac_name);
3353 if (async_jobs > 0) {
3354 for (i = 0; i < loopargs_len; i++)
3355 ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
3359 ASYNC_cleanup_thread();
3361 OPENSSL_free(loopargs);
3363 if (fetched_cipher) {
3364 EVP_CIPHER_free(evp_cipher);
3369 static void print_message(const char *s, long num, int length, int tm)
3372 mr ? "+DT:%s:%d:%d\n"
3373 : "Doing %s for %ds on %d size blocks: ", s, tm, length);
3374 (void)BIO_flush(bio_err);
3379 static void pkey_print_message(const char *str, const char *str2, long num,
3380 unsigned int bits, int tm)
3383 mr ? "+DTP:%d:%s:%s:%d\n"
3384 : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
3385 (void)BIO_flush(bio_err);
3390 static void print_result(int alg, int run_no, int count, double time_used)
3393 BIO_printf(bio_err, "%s error!\n", names[alg]);
3394 ERR_print_errors(bio_err);
3398 mr ? "+R:%d:%s:%f\n"
3399 : "%d %s's in %.2fs\n", count, names[alg], time_used);
3400 results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
3404 static char *sstrsep(char **string, const char *delim)
3407 char *token = *string;
3412 memset(isdelim, 0, sizeof(isdelim));
3416 isdelim[(unsigned char)(*delim)] = 1;
3420 while (!isdelim[(unsigned char)(**string)])
3431 static int do_multi(int multi, int size_num)
3436 static char sep[] = ":";
3438 fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
3439 for (n = 0; n < multi; ++n) {
3440 if (pipe(fd) == -1) {
3441 BIO_printf(bio_err, "pipe failure\n");
3445 (void)BIO_flush(bio_err);
3452 if (dup(fd[1]) == -1) {
3453 BIO_printf(bio_err, "dup failed\n");
3462 printf("Forked child %d\n", n);
3465 /* for now, assume the pipe is long enough to take all the output */
3466 for (n = 0; n < multi; ++n) {
3471 f = fdopen(fds[n], "r");
3472 while (fgets(buf, sizeof(buf), f)) {
3473 p = strchr(buf, '\n');
3476 if (buf[0] != '+') {
3478 "Don't understand line '%s' from child %d\n", buf,
3482 printf("Got: %s from %d\n", buf, n);
3483 if (strncmp(buf, "+F:", 3) == 0) {
3488 alg = atoi(sstrsep(&p, sep));
3490 for (j = 0; j < size_num; ++j)
3491 results[alg][j] += atof(sstrsep(&p, sep));
3492 } else if (strncmp(buf, "+F2:", 4) == 0) {
3497 k = atoi(sstrsep(&p, sep));
3500 d = atof(sstrsep(&p, sep));
3501 rsa_results[k][0] += d;
3503 d = atof(sstrsep(&p, sep));
3504 rsa_results[k][1] += d;
3505 } else if (strncmp(buf, "+F3:", 4) == 0) {
3510 k = atoi(sstrsep(&p, sep));
3513 d = atof(sstrsep(&p, sep));
3514 dsa_results[k][0] += d;
3516 d = atof(sstrsep(&p, sep));
3517 dsa_results[k][1] += d;
3518 } else if (strncmp(buf, "+F4:", 4) == 0) {
3523 k = atoi(sstrsep(&p, sep));
3526 d = atof(sstrsep(&p, sep));
3527 ecdsa_results[k][0] += d;
3529 d = atof(sstrsep(&p, sep));
3530 ecdsa_results[k][1] += d;
3531 } else if (strncmp(buf, "+F5:", 4) == 0) {
3536 k = atoi(sstrsep(&p, sep));
3539 d = atof(sstrsep(&p, sep));
3540 ecdh_results[k][0] += d;
3541 } else if (strncmp(buf, "+F6:", 4) == 0) {
3546 k = atoi(sstrsep(&p, sep));
3550 d = atof(sstrsep(&p, sep));
3551 eddsa_results[k][0] += d;
3553 d = atof(sstrsep(&p, sep));
3554 eddsa_results[k][1] += d;
3555 # ifndef OPENSSL_NO_SM2
3556 } else if (strncmp(buf, "+F7:", 4) == 0) {
3561 k = atoi(sstrsep(&p, sep));
3565 d = atof(sstrsep(&p, sep));
3566 sm2_results[k][0] += d;
3568 d = atof(sstrsep(&p, sep));
3569 sm2_results[k][1] += d;
3570 # endif /* OPENSSL_NO_SM2 */
3571 # ifndef OPENSSL_NO_DH
3572 } else if (strncmp(buf, "+F8:", 4) == 0) {
3577 k = atoi(sstrsep(&p, sep));
3580 d = atof(sstrsep(&p, sep));
3581 ffdh_results[k][0] += d;
3582 # endif /* OPENSSL_NO_DH */
3583 } else if (strncmp(buf, "+H:", 3) == 0) {
3586 BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
3598 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
3599 const openssl_speed_sec_t *seconds)
3601 static const int mblengths_list[] =
3602 { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
3603 const int *mblengths = mblengths_list;
3604 int j, count, keylen, num = OSSL_NELEM(mblengths_list);
3605 const char *alg_name;
3606 unsigned char *inp, *out, *key, no_key[32], no_iv[16];
3607 EVP_CIPHER_CTX *ctx;
3610 if (lengths_single) {
3611 mblengths = &lengths_single;
3615 inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
3616 out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
3617 ctx = EVP_CIPHER_CTX_new();
3618 EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv);
3620 keylen = EVP_CIPHER_CTX_key_length(ctx);
3621 key = app_malloc(keylen, "evp_cipher key");
3622 EVP_CIPHER_CTX_rand_key(ctx, key);
3623 EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL);
3624 OPENSSL_clear_free(key, keylen);
3626 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), no_key);
3627 alg_name = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
3629 for (j = 0; j < num; j++) {
3630 print_message(alg_name, 0, mblengths[j], seconds->sym);
3632 for (count = 0; run && count < 0x7fffffff; count++) {
3633 unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
3634 EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
3635 size_t len = mblengths[j];
3638 memset(aad, 0, 8); /* avoid uninitialized values */
3639 aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */
3640 aad[9] = 3; /* version */
3642 aad[11] = 0; /* length */
3644 mb_param.out = NULL;
3647 mb_param.interleave = 8;
3649 packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
3650 sizeof(mb_param), &mb_param);
3656 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
3657 sizeof(mb_param), &mb_param);
3661 RAND_bytes(out, 16);
3663 aad[11] = (unsigned char)(len >> 8);
3664 aad[12] = (unsigned char)(len);
3665 pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
3666 EVP_AEAD_TLS1_AAD_LEN, aad);
3667 EVP_Cipher(ctx, out, inp, len + pad);
3671 BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
3672 : "%d %s's in %.2fs\n", count, "evp", d);
3673 results[D_EVP][j] = ((double)count) / d * mblengths[j];
3677 fprintf(stdout, "+H");
3678 for (j = 0; j < num; j++)
3679 fprintf(stdout, ":%d", mblengths[j]);
3680 fprintf(stdout, "\n");
3681 fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
3682 for (j = 0; j < num; j++)
3683 fprintf(stdout, ":%.2f", results[D_EVP][j]);
3684 fprintf(stdout, "\n");
3687 "The 'numbers' are in 1000s of bytes per second processed.\n");
3688 fprintf(stdout, "type ");
3689 for (j = 0; j < num; j++)
3690 fprintf(stdout, "%7d bytes", mblengths[j]);
3691 fprintf(stdout, "\n");
3692 fprintf(stdout, "%-24s", alg_name);
3694 for (j = 0; j < num; j++) {
3695 if (results[D_EVP][j] > 10000)
3696 fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
3698 fprintf(stdout, " %11.2f ", results[D_EVP][j]);
3700 fprintf(stdout, "\n");
3705 EVP_CIPHER_CTX_free(ctx);