X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=apps%2Fspeed.c;h=5576f23feed47de431969289cc5ce3e63db0db93;hb=2ce90b9b7481381dff584726d84345a0260ca4d1;hp=4a77e8af581839172912c6d14b0b14a6548270b2;hpb=41fdcfa71e39f8c1b8c6e27f1968e1847628c92c;p=openssl.git diff --git a/apps/speed.c b/apps/speed.c index 4a77e8af58..5576f23fee 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -64,19 +64,6 @@ * The Contribution is licensed pursuant to the OpenSSL open source * license provided above. * - * In addition, Sun covenants to all licensees who provide a reciprocal - * covenant with respect to their own patents if any, not to sue under - * current and future patent claims necessarily infringed by the making, - * using, practicing, selling, offering for sale and/or otherwise - * disposing of the Contribution as delivered hereunder - * (or portions thereof), provided that such covenant shall not apply: - * 1) for code that a licensee deletes from the Contribution; - * 2) separates from the Contribution; or - * 3) for infringements caused by: - * i) the modification of the Contribution or - * ii) the combination of the Contribution with other software or - * devices where such combination causes the infringement. - * * The ECDH and ECDSA speed test software is originally written by * Sumit Gupta of Sun Microsystems Laboratories. * @@ -84,6 +71,8 @@ /* most of this code has been pilfered from my libdes speed.c program */ +#ifndef OPENSSL_NO_SPEED + #undef SECONDS #define SECONDS 3 #define RSA_SECONDS 10 @@ -219,10 +208,21 @@ #include #endif +/* + * The following "HZ" timing stuff should be sync'd up with the code in + * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think + * this code is more up to date than libcrypto's so there may be features to + * migrate over first. This is used in two places further down AFAICS. + * The point is that nothing in openssl actually *uses* that tmdiff stuff, so + * either speed.c should be using it or it should go because it's obviously not + * useful enough. Anyone want to do a janitorial job on this? + */ + /* The following if from times(3) man page. It may need to be changed */ #ifndef HZ -# ifdef _SC_CLK_TCK -# define HZ ((double)sysconf(_SC_CLK_TCK)) +# if defined(_SC_CLK_TCK) \ + && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000) +# define HZ sysconf(_SC_CLK_TCK) # else # ifndef CLK_TCK # ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ @@ -261,7 +261,7 @@ static int do_multi(int multi); #define RSA_NUM 4 #define DSA_NUM 3 -#define EC_NUM 15 +#define EC_NUM 16 #define MAX_ECDH_SIZE 256 static const char *names[ALGOR_NUM]={ @@ -304,7 +304,7 @@ static double Time_F(int s) #ifdef USE_TOD if(usertime) - { + { static struct rusage tstart,tend; getrusage_used = 1; @@ -359,7 +359,8 @@ static double Time_F(int s) else { times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; + ret = HZ; + ret=(double)(tend.tms_utime-tstart.tms_utime) / ret; return((ret < 1e-3)?1e-3:ret); } } @@ -406,11 +407,27 @@ static double Time_F(int s) #endif } + +static const int KDF1_SHA1_len = 20; +static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen) + { +#ifndef OPENSSL_NO_SHA + if (outlen != SHA_DIGEST_LENGTH) + return NULL; + return SHA1(in, inlen, out); +#else + return NULL; +#endif + } + + int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif unsigned char *buf=NULL,*buf2=NULL; int mret=1; long count=0,save_count=0; @@ -520,20 +537,21 @@ int MAIN(int argc, char **argv) #define R_RSA_4096 3 #define R_EC_P160 0 -#define R_EC_P224 1 -#define R_EC_P256 2 -#define R_EC_P384 3 -#define R_EC_P521 4 -#define R_EC_K163 5 -#define R_EC_K233 6 -#define R_EC_K283 7 -#define R_EC_K409 8 -#define R_EC_K571 9 -#define R_EC_B163 10 -#define R_EC_B233 11 -#define R_EC_B283 12 -#define R_EC_B409 13 -#define R_EC_B571 14 +#define R_EC_P192 1 +#define R_EC_P224 2 +#define R_EC_P256 3 +#define R_EC_P384 4 +#define R_EC_P521 5 +#define R_EC_K163 6 +#define R_EC_K233 7 +#define R_EC_K283 8 +#define R_EC_K409 9 +#define R_EC_K571 10 +#define R_EC_B163 11 +#define R_EC_B233 12 +#define R_EC_B283 13 +#define R_EC_B409 14 +#define R_EC_B571 15 #ifndef OPENSSL_NO_RSA RSA *rsa_key[RSA_NUM]; @@ -559,27 +577,29 @@ int MAIN(int argc, char **argv) static unsigned int test_curves[EC_NUM] = { /* Prime Curves */ - EC_GROUP_SECG_PRIME_160R1, - EC_GROUP_NIST_PRIME_224, - EC_GROUP_NIST_PRIME_256, - EC_GROUP_NIST_PRIME_384, - EC_GROUP_NIST_PRIME_521, + NID_secp160r1, + NID_X9_62_prime192v1, + NID_secp224r1, + NID_X9_62_prime256v1, + NID_secp384r1, + NID_secp521r1, /* Binary Curves */ - EC_GROUP_NIST_CHAR2_K163, - EC_GROUP_NIST_CHAR2_K233, - EC_GROUP_NIST_CHAR2_K283, - EC_GROUP_NIST_CHAR2_K409, - EC_GROUP_NIST_CHAR2_K571, - EC_GROUP_NIST_CHAR2_B163, - EC_GROUP_NIST_CHAR2_B233, - EC_GROUP_NIST_CHAR2_B283, - EC_GROUP_NIST_CHAR2_B409, - EC_GROUP_NIST_CHAR2_B571 + NID_sect163k1, + NID_sect233k1, + NID_sect283k1, + NID_sect409k1, + NID_sect571k1, + NID_sect163r2, + NID_sect233r1, + NID_sect283r1, + NID_sect409r1, + NID_sect571r1 }; static char * test_curves_names[EC_NUM] = { /* Prime Curves */ "secp160r1", + "nistp192", "nistp224", "nistp256", "nistp384", @@ -598,7 +618,7 @@ int MAIN(int argc, char **argv) }; static int test_curves_bits[EC_NUM] = { - 160, 224, 256, 384, 521, + 160, 192, 224, 256, 384, 521, 163, 233, 283, 409, 571, 163, 233, 283, 409, 571 }; @@ -740,6 +760,7 @@ int MAIN(int argc, char **argv) j--; /* Otherwise, -elapsed gets confused with an algorithm. */ } +#ifndef OPENSSL_NO_ENGINE else if ((argc > 0) && (strcmp(*argv,"-engine") == 0)) { argc--; @@ -756,6 +777,7 @@ int MAIN(int argc, char **argv) means all of them should be run) */ j--; } +#endif #ifdef HAVE_FORK else if ((argc > 0) && (strcmp(*argv,"-multi") == 0)) { @@ -1070,10 +1092,12 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"\n"); BIO_printf(bio_err,"Available options:\n"); -#ifdef TIMES +#if defined(TIMES) || defined(USE_TOD) BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n"); #endif +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err,"-evp e use EVP e.\n"); BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n"); BIO_printf(bio_err,"-mr produce machine readable output.\n"); @@ -1709,6 +1733,7 @@ int MAIN(int argc, char **argv) else EVP_EncryptFinal_ex(&ctx,buf,&outl); d=Time_F(STOP); + EVP_CIPHER_CTX_cleanup(&ctx); } if (evp_md) { @@ -1935,9 +1960,12 @@ int MAIN(int argc, char **argv) } else { +#if 1 + EC_GROUP_precompute_mult(ecdsa[j]->group, NULL); +#endif /* Perform ECDSA signature test */ EC_KEY_generate_key(ecdsa[j]); - ret = ECDSA_sign(EVP_PKEY_ECDSA, buf, 20, ecdsasig, + ret = ECDSA_sign(0, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]); if (ret == 0) { @@ -1953,9 +1981,12 @@ int MAIN(int argc, char **argv) ECDSA_SECONDS); Time_F(START); - for (count=0,run=1; COND(ecdsa_c[j][0]); count++) + for (count=0,run=1; COND(ecdsa_c[j][0]); + count++) { - ret=ECDSA_sign(EVP_PKEY_ECDSA, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]); + ret=ECDSA_sign(0, buf, 20, + ecdsasig, &ecdsasiglen, + ecdsa[j]); if (ret == 0) { BIO_printf(bio_err, "ECDSA sign failure\n"); @@ -1974,7 +2005,8 @@ int MAIN(int argc, char **argv) } /* Perform ECDSA verification test */ - ret=ECDSA_verify(EVP_PKEY_ECDSA, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]); + ret=ECDSA_verify(0, buf, 20, ecdsasig, + ecdsasiglen, ecdsa[j]); if (ret != 1) { BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n"); @@ -2046,7 +2078,7 @@ int MAIN(int argc, char **argv) } else { - ecdh_b[j]->group = ecdh_a[j]->group; + ecdh_b[j]->group = EC_GROUP_dup(ecdh_a[j]->group); /* generate two ECDH key pairs */ if (!EC_KEY_generate_key(ecdh_a[j]) || @@ -2058,12 +2090,28 @@ int MAIN(int argc, char **argv) } else { - secret_size_a = ECDH_compute_key(secret_a, + /* If field size is not more than 24 octets, then use SHA-1 hash of result; + * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt). + */ + int field_size, outlen; + void *(*kdf)(void *in, size_t inlen, void *out, size_t xoutlen); + field_size = EC_GROUP_get_degree(ecdh_a[j]->group); + if (field_size <= 24 * 8) + { + outlen = KDF1_SHA1_len; + kdf = KDF1_SHA1; + } + else + { + outlen = (field_size+7)/8; + kdf = NULL; + } + secret_size_a = ECDH_compute_key(secret_a, outlen, ecdh_b[j]->pub_key, - ecdh_a[j]); - secret_size_b = ECDH_compute_key(secret_b, + ecdh_a[j], kdf); + secret_size_b = ECDH_compute_key(secret_b, outlen, ecdh_a[j]->pub_key, - ecdh_b[j]); + ecdh_b[j], kdf); if (secret_size_a != secret_size_b) ecdh_checks = 0; else @@ -2092,9 +2140,9 @@ int MAIN(int argc, char **argv) Time_F(START); for (count=0,run=1; COND(ecdh_c[j][0]); count++) { - ECDH_compute_key(secret_a, + ECDH_compute_key(secret_a, outlen, ecdh_b[j]->pub_key, - ecdh_a[j]); + ecdh_a[j], kdf); } d=Time_F(STOP); BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n", @@ -2154,7 +2202,10 @@ show_res: #endif #ifdef HZ #define as_string(s) (#s) - printf("HZ=%g", (double)HZ); + { + double dbl = HZ; + printf("HZ=%g", dbl); + } # ifdef _SC_CLK_TCK printf(" [sysconf value]"); # endif @@ -2321,7 +2372,7 @@ end: #endif apps_shutdown(); - EXIT(mret); + OPENSSL_EXIT(mret); } static void print_message(const char *s, long num, int length) @@ -2361,8 +2412,8 @@ static void pkey_print_message(char *str, char *str2, long num, int bits, static void print_result(int alg,int run_no,int count,double time_used) { - BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n" - : "%ld %s's in %.2fs\n",count,names[alg],time_used); + BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n" + : "%d %s's in %.2fs\n",count,names[alg],time_used); results[alg][run_no]=((double)count)/time_used*lengths[run_no]; } @@ -2374,7 +2425,7 @@ static char *sstrsep(char **string, const char *delim) if (**string == 0) return NULL; - memset(isdelim, 0, 256); + memset(isdelim, 0, sizeof isdelim); isdelim[0] = 1; while (*delim) @@ -2574,3 +2625,4 @@ static int do_multi(int multi) return 1; } #endif +#endif