diff options
Diffstat (limited to 'deps/openssl/openssl/apps/speed.c')
| -rw-r--r-- | deps/openssl/openssl/apps/speed.c | 1545 |
1 files changed, 1046 insertions, 499 deletions
diff --git a/deps/openssl/openssl/apps/speed.c b/deps/openssl/openssl/apps/speed.c index 6672fe606a..40e990408a 100644 --- a/deps/openssl/openssl/apps/speed.c +++ b/deps/openssl/openssl/apps/speed.c @@ -1,5 +1,6 @@ /* * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,33 +8,20 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * - * Portions of the attached software ("Contribution") are developed by - * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. - * - * The Contribution is licensed pursuant to the OpenSSL open source - * license provided above. - * - * The ECDH and ECDSA speed test software is originally written by - * Sumit Gupta of Sun Microsystems Laboratories. - * - */ - #undef SECONDS #define SECONDS 3 -#define PRIME_SECONDS 10 #define RSA_SECONDS 10 #define DSA_SECONDS 10 #define ECDSA_SECONDS 10 #define ECDH_SECONDS 10 +#define EdDSA_SECONDS 10 #include <stdio.h> #include <stdlib.h> #include <string.h> #include <math.h> #include "apps.h" +#include "progs.h" #include <openssl/crypto.h> #include <openssl/rand.h> #include <openssl/err.h> @@ -125,13 +113,19 @@ # define NO_FORK #endif -#undef BUFSIZE -#define BUFSIZE (1024*16+1) #define MAX_MISALIGNMENT 63 - #define MAX_ECDH_SIZE 256 #define MISALIGN 64 +typedef struct openssl_speed_sec_st { + int sym; + int rsa; + int dsa; + int ecdsa; + int ecdh; + int eddsa; +} openssl_speed_sec_t; + static volatile int run = 0; static int mr = 0; @@ -174,7 +168,10 @@ static int AES_cbc_256_encrypt_loop(void *args); static int AES_ige_192_encrypt_loop(void *args); static int AES_ige_256_encrypt_loop(void *args); static int CRYPTO_gcm128_aad_loop(void *args); +static int RAND_bytes_loop(void *args); static int EVP_Update_loop(void *args); +static int EVP_Update_loop_ccm(void *args); +static int EVP_Update_loop_aead(void *args); static int EVP_Digest_loop(void *args); #ifndef OPENSSL_NO_RSA static int RSA_sign_loop(void *args); @@ -187,51 +184,51 @@ static int DSA_verify_loop(void *args); #ifndef OPENSSL_NO_EC static int ECDSA_sign_loop(void *args); static int ECDSA_verify_loop(void *args); -static int ECDH_compute_key_loop(void *args); +static int EdDSA_sign_loop(void *args); +static int EdDSA_verify_loop(void *args); #endif static double Time_F(int s); -static void print_message(const char *s, long num, int length); +static void print_message(const char *s, long num, int length, int tm); static void pkey_print_message(const char *str, const char *str2, - long num, int bits, int sec); + long num, unsigned int bits, int sec); static void print_result(int alg, int run_no, int count, double time_used); #ifndef NO_FORK -static int do_multi(int multi); +static int do_multi(int multi, int size_num); #endif -static const int lengths[] = { +static const int lengths_list[] = { 16, 64, 256, 1024, 8 * 1024, 16 * 1024 }; -#define SIZE_NUM OSSL_NELEM(lengths) +static const int *lengths = lengths_list; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; -#endif +static const int aead_lengths_list[] = { + 2, 31, 136, 1024, 8 * 1024, 16 * 1024 +}; + +#define START 0 +#define STOP 1 #ifdef SIGALRM -# if defined(__STDC__) || defined(sgi) || defined(_AIX) -# define SIGRETTYPE void -# else -# define SIGRETTYPE int -# endif -static SIGRETTYPE sig_done(int sig); -static SIGRETTYPE sig_done(int sig) +static void alarmed(int sig) { - signal(SIGALRM, sig_done); + signal(SIGALRM, alarmed); run = 0; } -#endif -#define START 0 -#define STOP 1 +static double Time_F(int s) +{ + double ret = app_tminterval(s, usertime); + if (s == STOP) + alarm(0); + return ret; +} -#if defined(_WIN32) +#elif defined(_WIN32) + +# define SIGALRM -1 -# if !defined(SIGALRM) -# define SIGALRM -# endif static unsigned int lapse; static volatile unsigned int schlock; static void alarm_win32(unsigned int secs) @@ -275,17 +272,14 @@ static double Time_F(int s) return ret; } #else - static double Time_F(int s) { - double ret = app_tminterval(s, usertime); - if (s == STOP) - alarm(0); - return ret; + return app_tminterval(s, usertime); } #endif -static void multiblock_speed(const EVP_CIPHER *evp_cipher); +static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, + const openssl_speed_sec_t *seconds); #define found(value, pairs, result)\ opt_found(value, result, pairs, OSSL_NELEM(pairs)) @@ -305,32 +299,42 @@ static int opt_found(const char *name, unsigned int *result, typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI, - OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS + OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, + OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD } OPTION_CHOICE; -OPTIONS speed_options[] = { +const OPTIONS speed_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"}, {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, - {"evp", OPT_EVP, 's', "Use specified EVP cipher"}, + {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"}, {"decrypt", OPT_DECRYPT, '-', "Time decryption instead of encryption (only EVP)"}, - {"mr", OPT_MR, '-', "Produce machine readable output"}, + {"aead", OPT_AEAD, '-', + "Benchmark EVP-named AEAD cipher in TLS-like sequence"}, {"mb", OPT_MB, '-', - "Enable (tls1.1) multi-block mode on evp_cipher requested with -evp"}, - {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"}, - {"elapsed", OPT_ELAPSED, '-', - "Measure time in real time instead of CPU user time"}, + "Enable (tls1>=1) multi-block mode on EVP-named cipher"}, + {"mr", OPT_MR, '-', "Produce machine readable output"}, #ifndef NO_FORK {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"}, #endif #ifndef OPENSSL_NO_ASYNC {"async_jobs", OPT_ASYNCJOBS, 'p', - "Enable async mode and start pnum jobs"}, + "Enable async mode and start specified number of jobs"}, #endif + OPT_R_OPTIONS, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + {"elapsed", OPT_ELAPSED, '-', + "Use wall-clock time instead of CPU user time as divisor"}, + {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"}, + {"seconds", OPT_SECONDS, 'p', + "Run benchmarks for specified amount of seconds"}, + {"bytes", OPT_BYTES, 'p', + "Run [non-PKI] benchmarks on custom-sized buffer"}, + {"misalign", OPT_MISALIGN, 'p', + "Use specified offset to mis-align buffers"}, {NULL} }; @@ -364,6 +368,7 @@ OPTIONS speed_options[] = { #define D_IGE_192_AES 27 #define D_IGE_256_AES 28 #define D_GHASH 29 +#define D_RAND 30 /* name of algorithms to test */ static const char *names[] = { "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", @@ -372,9 +377,11 @@ static const char *names[] = { "aes-128 cbc", "aes-192 cbc", "aes-256 cbc", "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", "evp", "sha256", "sha512", "whirlpool", - "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash" + "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash", + "rand" }; #define ALGOR_NUM OSSL_NELEM(names) + /* list of configured algorithm (remaining) */ static const OPT_PAIR doit_choices[] = { #ifndef OPENSSL_NO_MD2 @@ -440,10 +447,11 @@ static const OPT_PAIR doit_choices[] = { {"cast", D_CBC_CAST}, {"cast5", D_CBC_CAST}, #endif - {"ghash", D_GHASH} + {"ghash", D_GHASH}, + {"rand", D_RAND} }; -static double results[ALGOR_NUM][SIZE_NUM]; +static double results[ALGOR_NUM][OSSL_NELEM(lengths_list)]; #ifndef OPENSSL_NO_DSA # define R_DSA_512 0 @@ -466,6 +474,7 @@ static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ #define R_RSA_4096 4 #define R_RSA_7680 5 #define R_RSA_15360 6 +#ifndef OPENSSL_NO_RSA static const OPT_PAIR rsa_choices[] = { {"rsa512", R_RSA_512}, {"rsa1024", R_RSA_1024}, @@ -478,6 +487,7 @@ static const OPT_PAIR rsa_choices[] = { # define RSA_NUM OSSL_NELEM(rsa_choices) static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ +#endif /* OPENSSL_NO_RSA */ #define R_EC_P160 0 #define R_EC_P192 1 @@ -495,9 +505,16 @@ static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ #define R_EC_B283 13 #define R_EC_B409 14 #define R_EC_B571 15 -#define R_EC_X25519 16 +#define R_EC_BRP256R1 16 +#define R_EC_BRP256T1 17 +#define R_EC_BRP384R1 18 +#define R_EC_BRP384T1 19 +#define R_EC_BRP512R1 20 +#define R_EC_BRP512T1 21 +#define R_EC_X25519 22 +#define R_EC_X448 23 #ifndef OPENSSL_NO_EC -static const OPT_PAIR ecdsa_choices[] = { +static OPT_PAIR ecdsa_choices[] = { {"ecdsap160", R_EC_P160}, {"ecdsap192", R_EC_P192}, {"ecdsap224", R_EC_P224}, @@ -513,7 +530,13 @@ static const OPT_PAIR ecdsa_choices[] = { {"ecdsab233", R_EC_B233}, {"ecdsab283", R_EC_B283}, {"ecdsab409", R_EC_B409}, - {"ecdsab571", R_EC_B571} + {"ecdsab571", R_EC_B571}, + {"ecdsabrp256r1", R_EC_BRP256R1}, + {"ecdsabrp256t1", R_EC_BRP256T1}, + {"ecdsabrp384r1", R_EC_BRP384R1}, + {"ecdsabrp384t1", R_EC_BRP384T1}, + {"ecdsabrp512r1", R_EC_BRP512R1}, + {"ecdsabrp512t1", R_EC_BRP512T1} }; # define ECDSA_NUM OSSL_NELEM(ecdsa_choices) @@ -536,12 +559,28 @@ static const OPT_PAIR ecdh_choices[] = { {"ecdhb283", R_EC_B283}, {"ecdhb409", R_EC_B409}, {"ecdhb571", R_EC_B571}, + {"ecdhbrp256r1", R_EC_BRP256R1}, + {"ecdhbrp256t1", R_EC_BRP256T1}, + {"ecdhbrp384r1", R_EC_BRP384R1}, + {"ecdhbrp384t1", R_EC_BRP384T1}, + {"ecdhbrp512r1", R_EC_BRP512R1}, + {"ecdhbrp512t1", R_EC_BRP512T1}, {"ecdhx25519", R_EC_X25519}, - {NULL} + {"ecdhx448", R_EC_X448} }; # define EC_NUM OSSL_NELEM(ecdh_choices) static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */ + +#define R_EC_Ed25519 0 +#define R_EC_Ed448 1 +static OPT_PAIR eddsa_choices[] = { + {"ed25519", R_EC_Ed25519}, + {"ed448", R_EC_Ed448} +}; +# define EdDSA_NUM OSSL_NELEM(eddsa_choices) + +static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */ #endif /* OPENSSL_NO_EC */ #ifndef SIGALRM @@ -550,11 +589,7 @@ static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */ #else # define COND(unused_cond) (run && count<0x7fffffff) # define COUNT(d) (count) -#endif /* SIGALRM */ - -static unsigned int testnum; -typedef void *(*kdf_fn) (const void *in, size_t inlen, void *out, - size_t *xoutlen); +#endif /* SIGALRM */ typedef struct loopargs_st { ASYNC_JOB *inprogress_job; @@ -563,7 +598,9 @@ typedef struct loopargs_st { unsigned char *buf2; unsigned char *buf_malloc; unsigned char *buf2_malloc; + unsigned char *key; unsigned int siglen; + size_t sigsize; #ifndef OPENSSL_NO_RSA RSA *rsa_key[RSA_NUM]; #endif @@ -572,35 +609,35 @@ typedef struct loopargs_st { #endif #ifndef OPENSSL_NO_EC EC_KEY *ecdsa[ECDSA_NUM]; - EC_KEY *ecdh_a[EC_NUM]; - EC_KEY *ecdh_b[EC_NUM]; + EVP_PKEY_CTX *ecdh_ctx[EC_NUM]; + EVP_MD_CTX *eddsa_ctx[EdDSA_NUM]; unsigned char *secret_a; unsigned char *secret_b; - size_t outlen; - kdf_fn kdf; + size_t outlen[EC_NUM]; #endif EVP_CIPHER_CTX *ctx; HMAC_CTX *hctx; GCM128_CONTEXT *gcm_ctx; } loopargs_t; - static int run_benchmark(int async_jobs, int (*loop_function) (void *), loopargs_t * loopargs); +static unsigned int testnum; + /* Nb of iterations to do per algorithm and key-size */ -static long c[ALGOR_NUM][SIZE_NUM]; +static long c[ALGOR_NUM][OSSL_NELEM(lengths_list)]; #ifndef OPENSSL_NO_MD2 static int EVP_Digest_MD2_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char md2[MD2_DIGEST_LENGTH]; int count; for (count = 0; COND(c[D_MD2][testnum]); count++) { if (!EVP_Digest(buf, (size_t)lengths[testnum], md2, NULL, EVP_md2(), - NULL)) + NULL)) return -1; } return count; @@ -610,14 +647,14 @@ static int EVP_Digest_MD2_loop(void *args) #ifndef OPENSSL_NO_MDC2 static int EVP_Digest_MDC2_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char mdc2[MDC2_DIGEST_LENGTH]; int count; for (count = 0; COND(c[D_MDC2][testnum]); count++) { if (!EVP_Digest(buf, (size_t)lengths[testnum], mdc2, NULL, EVP_mdc2(), - NULL)) + NULL)) return -1; } return count; @@ -627,14 +664,14 @@ static int EVP_Digest_MDC2_loop(void *args) #ifndef OPENSSL_NO_MD4 static int EVP_Digest_MD4_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char md4[MD4_DIGEST_LENGTH]; int count; for (count = 0; COND(c[D_MD4][testnum]); count++) { if (!EVP_Digest(buf, (size_t)lengths[testnum], md4, NULL, EVP_md4(), - NULL)) + NULL)) return -1; } return count; @@ -644,7 +681,7 @@ static int EVP_Digest_MD4_loop(void *args) #ifndef OPENSSL_NO_MD5 static int MD5_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char md5[MD5_DIGEST_LENGTH]; int count; @@ -655,7 +692,7 @@ static int MD5_loop(void *args) static int HMAC_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; HMAC_CTX *hctx = tempargs->hctx; unsigned char hmac[MD5_DIGEST_LENGTH]; @@ -672,7 +709,7 @@ static int HMAC_loop(void *args) static int SHA1_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char sha[SHA_DIGEST_LENGTH]; int count; @@ -683,7 +720,7 @@ static int SHA1_loop(void *args) static int SHA256_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char sha256[SHA256_DIGEST_LENGTH]; int count; @@ -694,7 +731,7 @@ static int SHA256_loop(void *args) static int SHA512_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char sha512[SHA512_DIGEST_LENGTH]; int count; @@ -706,7 +743,7 @@ static int SHA512_loop(void *args) #ifndef OPENSSL_NO_WHIRLPOOL static int WHIRLPOOL_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH]; int count; @@ -719,13 +756,13 @@ static int WHIRLPOOL_loop(void *args) #ifndef OPENSSL_NO_RMD160 static int EVP_Digest_RMD160_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; int count; for (count = 0; COND(c[D_RMD160][testnum]); count++) { if (!EVP_Digest(buf, (size_t)lengths[testnum], &(rmd160[0]), - NULL, EVP_ripemd160(), NULL)) + NULL, EVP_ripemd160(), NULL)) return -1; } return count; @@ -736,7 +773,7 @@ static int EVP_Digest_RMD160_loop(void *args) static RC4_KEY rc4_ks; static int RC4_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; int count; for (count = 0; COND(c[D_RC4][testnum]); count++) @@ -752,24 +789,23 @@ static DES_key_schedule sch2; static DES_key_schedule sch3; static int DES_ncbc_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; int count; for (count = 0; COND(c[D_CBC_DES][testnum]); count++) DES_ncbc_encrypt(buf, buf, lengths[testnum], &sch, - &DES_iv, DES_ENCRYPT); + &DES_iv, DES_ENCRYPT); return count; } static int DES_ede3_cbc_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; int count; for (count = 0; COND(c[D_EDE3_DES][testnum]); count++) DES_ede3_cbc_encrypt(buf, buf, lengths[testnum], - &sch, &sch2, &sch3, - &DES_iv, DES_ENCRYPT); + &sch, &sch2, &sch3, &DES_iv, DES_ENCRYPT); return count; } #endif @@ -780,82 +816,76 @@ static unsigned char iv[2 * MAX_BLOCK_SIZE / 8]; static AES_KEY aes_ks1, aes_ks2, aes_ks3; static int AES_cbc_128_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; int count; for (count = 0; COND(c[D_CBC_128_AES][testnum]); count++) AES_cbc_encrypt(buf, buf, - (size_t)lengths[testnum], &aes_ks1, - iv, AES_ENCRYPT); + (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT); return count; } static int AES_cbc_192_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; int count; for (count = 0; COND(c[D_CBC_192_AES][testnum]); count++) AES_cbc_encrypt(buf, buf, - (size_t)lengths[testnum], &aes_ks2, - iv, AES_ENCRYPT); + (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT); return count; } static int AES_cbc_256_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; int count; for (count = 0; COND(c[D_CBC_256_AES][testnum]); count++) AES_cbc_encrypt(buf, buf, - (size_t)lengths[testnum], &aes_ks3, - iv, AES_ENCRYPT); + (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT); return count; } static int AES_ige_128_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; int count; for (count = 0; COND(c[D_IGE_128_AES][testnum]); count++) AES_ige_encrypt(buf, buf2, - (size_t)lengths[testnum], &aes_ks1, - iv, AES_ENCRYPT); + (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT); return count; } static int AES_ige_192_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; int count; for (count = 0; COND(c[D_IGE_192_AES][testnum]); count++) AES_ige_encrypt(buf, buf2, - (size_t)lengths[testnum], &aes_ks2, - iv, AES_ENCRYPT); + (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT); return count; } static int AES_ige_256_encrypt_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; int count; for (count = 0; COND(c[D_IGE_256_AES][testnum]); count++) AES_ige_encrypt(buf, buf2, - (size_t)lengths[testnum], &aes_ks3, - iv, AES_ENCRYPT); + (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT); return count; } static int CRYPTO_gcm128_aad_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; GCM128_CONTEXT *gcm_ctx = tempargs->gcm_ctx; int count; @@ -864,23 +894,83 @@ static int CRYPTO_gcm128_aad_loop(void *args) return count; } +static int RAND_bytes_loop(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **) args; + unsigned char *buf = tempargs->buf; + int count; + + for (count = 0; COND(c[D_RAND][testnum]); count++) + RAND_bytes(buf, lengths[testnum]); + return count; +} + static long save_count = 0; static int decrypt = 0; static int EVP_Update_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; EVP_CIPHER_CTX *ctx = tempargs->ctx; - int outl, count; + int outl, count, rc; #ifndef SIGALRM int nb_iter = save_count * 4 * lengths[0] / lengths[testnum]; #endif + if (decrypt) { + for (count = 0; COND(nb_iter); count++) { + rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + if (rc != 1) { + /* reset iv in case of counter overflow */ + EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1); + } + } + } else { + for (count = 0; COND(nb_iter); count++) { + rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + if (rc != 1) { + /* reset iv in case of counter overflow */ + EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1); + } + } + } if (decrypt) - for (count = 0; COND(nb_iter); count++) - EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + EVP_DecryptFinal_ex(ctx, buf, &outl); else - for (count = 0; COND(nb_iter); count++) + EVP_EncryptFinal_ex(ctx, buf, &outl); + return count; +} + +/* + * CCM does not support streaming. For the purpose of performance measurement, + * each message is encrypted using the same (key,iv)-pair. Do not use this + * code in your application. + */ +static int EVP_Update_loop_ccm(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **) args; + unsigned char *buf = tempargs->buf; + EVP_CIPHER_CTX *ctx = tempargs->ctx; + int outl, count; + unsigned char tag[12]; +#ifndef SIGALRM + int nb_iter = save_count * 4 * lengths[0] / lengths[testnum]; +#endif + if (decrypt) { + for (count = 0; COND(nb_iter); count++) { + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), tag); + /* reset iv */ + EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); + /* counter is reset on every update */ + EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + } + } else { + for (count = 0; COND(nb_iter); count++) { + /* restore iv length field */ + EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]); + /* counter is reset on every update */ EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + } + } if (decrypt) EVP_DecryptFinal_ex(ctx, buf, &outl); else @@ -888,10 +978,46 @@ static int EVP_Update_loop(void *args) return count; } +/* + * To make AEAD benchmarking more relevant perform TLS-like operations, + * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as + * payload length is not actually limited by 16KB... + */ +static int EVP_Update_loop_aead(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **) args; + unsigned char *buf = tempargs->buf; + EVP_CIPHER_CTX *ctx = tempargs->ctx; + int outl, count; + unsigned char aad[13] = { 0xcc }; + unsigned char faketag[16] = { 0xcc }; +#ifndef SIGALRM + int nb_iter = save_count * 4 * lengths[0] / lengths[testnum]; +#endif + if (decrypt) { + for (count = 0; COND(nb_iter); count++) { + EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + sizeof(faketag), faketag); + EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)); + EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + EVP_DecryptFinal_ex(ctx, buf + outl, &outl); + } + } else { + for (count = 0; COND(nb_iter); count++) { + EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv); + EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)); + EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); + EVP_EncryptFinal_ex(ctx, buf + outl, &outl); + } + } + return count; +} + static const EVP_MD *evp_md = NULL; static int EVP_Digest_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char md[EVP_MAX_MD_SIZE]; int count; @@ -911,7 +1037,7 @@ static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ static int RSA_sign_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; unsigned int *rsa_num = &tempargs->siglen; @@ -931,14 +1057,15 @@ static int RSA_sign_loop(void *args) static int RSA_verify_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; unsigned int rsa_num = tempargs->siglen; RSA **rsa_key = tempargs->rsa_key; int ret, count; for (count = 0; COND(rsa_c[testnum][1]); count++) { - ret = RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]); + ret = + RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]); if (ret <= 0) { BIO_printf(bio_err, "RSA verify failure\n"); ERR_print_errors(bio_err); @@ -954,7 +1081,7 @@ static int RSA_verify_loop(void *args) static long dsa_c[DSA_NUM][2]; static int DSA_sign_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; DSA **dsa_key = tempargs->dsa_key; @@ -974,7 +1101,7 @@ static int DSA_sign_loop(void *args) static int DSA_verify_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; unsigned char *buf2 = tempargs->buf2; DSA **dsa_key = tempargs->dsa_key; @@ -997,15 +1124,14 @@ static int DSA_verify_loop(void *args) static long ecdsa_c[ECDSA_NUM][2]; static int ECDSA_sign_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; EC_KEY **ecdsa = tempargs->ecdsa; unsigned char *ecdsasig = tempargs->buf2; unsigned int *ecdsasiglen = &tempargs->siglen; int ret, count; for (count = 0; COND(ecdsa_c[testnum][0]); count++) { - ret = ECDSA_sign(0, buf, 20, - ecdsasig, ecdsasiglen, ecdsa[testnum]); + ret = ECDSA_sign(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]); if (ret == 0) { BIO_printf(bio_err, "ECDSA sign failure\n"); ERR_print_errors(bio_err); @@ -1018,15 +1144,14 @@ static int ECDSA_sign_loop(void *args) static int ECDSA_verify_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; + loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; EC_KEY **ecdsa = tempargs->ecdsa; unsigned char *ecdsasig = tempargs->buf2; unsigned int ecdsasiglen = tempargs->siglen; int ret, count; for (count = 0; COND(ecdsa_c[testnum][1]); count++) { - ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, - ecdsa[testnum]); + ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]); if (ret != 1) { BIO_printf(bio_err, "ECDSA verify failure\n"); ERR_print_errors(bio_err); @@ -1040,37 +1165,66 @@ static int ECDSA_verify_loop(void *args) /* ******************************************************************** */ static long ecdh_c[EC_NUM][1]; -static int ECDH_compute_key_loop(void *args) +static int ECDH_EVP_derive_key_loop(void *args) { - loopargs_t *tempargs = *(loopargs_t **)args; - EC_KEY **ecdh_a = tempargs->ecdh_a; - EC_KEY **ecdh_b = tempargs->ecdh_b; - unsigned char *secret_a = tempargs->secret_a; + loopargs_t *tempargs = *(loopargs_t **) args; + EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum]; + unsigned char *derived_secret = tempargs->secret_a; int count; - size_t outlen = tempargs->outlen; - kdf_fn kdf = tempargs->kdf; + size_t *outlen = &(tempargs->outlen[testnum]); + + for (count = 0; COND(ecdh_c[testnum][0]); count++) + EVP_PKEY_derive(ctx, derived_secret, outlen); + + return count; +} + +static long eddsa_c[EdDSA_NUM][2]; +static int EdDSA_sign_loop(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **) args; + unsigned char *buf = tempargs->buf; + EVP_MD_CTX **edctx = tempargs->eddsa_ctx; + unsigned char *eddsasig = tempargs->buf2; + size_t *eddsasigsize = &tempargs->sigsize; + int ret, count; - for (count = 0; COND(ecdh_c[testnum][0]); count++) { - ECDH_compute_key(secret_a, outlen, - EC_KEY_get0_public_key(ecdh_b[testnum]), - ecdh_a[testnum], kdf); + for (count = 0; COND(eddsa_c[testnum][0]); count++) { + ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20); + if (ret == 0) { + BIO_printf(bio_err, "EdDSA sign failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } } return count; } -static const size_t KDF1_SHA1_len = 20; -static void *KDF1_SHA1(const void *in, size_t inlen, void *out, - size_t *outlen) +static int EdDSA_verify_loop(void *args) { - if (*outlen < SHA_DIGEST_LENGTH) - return NULL; - *outlen = SHA_DIGEST_LENGTH; - return SHA1(in, inlen, out); + loopargs_t *tempargs = *(loopargs_t **) args; + unsigned char *buf = tempargs->buf; + EVP_MD_CTX **edctx = tempargs->eddsa_ctx; + unsigned char *eddsasig = tempargs->buf2; + size_t eddsasigsize = tempargs->sigsize; + int ret, count; + + for (count = 0; COND(eddsa_c[testnum][1]); count++) { + ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20); + if (ret != 1) { + BIO_printf(bio_err, "EdDSA verify failure\n"); + ERR_print_errors(bio_err); + count = -1; + break; + } + } + return count; } #endif /* OPENSSL_NO_EC */ static int run_benchmark(int async_jobs, - int (*loop_function)(void *), loopargs_t *loopargs) + int (*loop_function) (void *), loopargs_t * loopargs) { int job_op_count = 0; int total_op_count = 0; @@ -1126,14 +1280,16 @@ static int run_benchmark(int async_jobs, if (loopargs[i].inprogress_job == NULL) continue; - if (!ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, NULL, &num_job_fds) - || num_job_fds > 1) { + if (!ASYNC_WAIT_CTX_get_all_fds + (loopargs[i].wait_ctx, NULL, &num_job_fds) + || num_job_fds > 1) { BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n"); ERR_print_errors(bio_err); error = 1; break; } - ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, &num_job_fds); + ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, + &num_job_fds); FD_SET(job_fd, &waitfdset); if (job_fd > max_fd) max_fd = job_fd; @@ -1141,9 +1297,9 @@ static int run_benchmark(int async_jobs, if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) { BIO_printf(bio_err, - "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). " - "Decrease the value of async_jobs\n", - max_fd, FD_SETSIZE); + "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). " + "Decrease the value of async_jobs\n", + max_fd, FD_SETSIZE); ERR_print_errors(bio_err); error = 1; break; @@ -1168,14 +1324,16 @@ static int run_benchmark(int async_jobs, if (loopargs[i].inprogress_job == NULL) continue; - if (!ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, NULL, &num_job_fds) - || num_job_fds > 1) { + if (!ASYNC_WAIT_CTX_get_all_fds + (loopargs[i].wait_ctx, NULL, &num_job_fds) + || num_job_fds > 1) { BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n"); ERR_print_errors(bio_err); error = 1; break; } - ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, &num_job_fds); + ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, + &num_job_fds); #if defined(OPENSSL_SYS_UNIX) if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset)) @@ -1187,9 +1345,10 @@ static int run_benchmark(int async_jobs, continue; #endif - ret = ASYNC_start_job(&loopargs[i].inprogress_job, - loopargs[i].wait_ctx, &job_op_count, loop_function, - (void *)(loopargs + i), sizeof(loopargs_t)); + ret = ASYNC_start_job(&loopargs[i].inprogress_job, + loopargs[i].wait_ctx, &job_op_count, + loop_function, (void *)(loopargs + i), + sizeof(loopargs_t)); switch (ret) { case ASYNC_PAUSE: break; @@ -1228,9 +1387,12 @@ int speed_main(int argc, char **argv) OPTION_CHOICE o; int async_init = 0, multiblock = 0, pr_header = 0; int doit[ALGOR_NUM] = { 0 }; - int ret = 1, misalign = 0; + int ret = 1, misalign = 0, lengths_single = 0, aead = 0; long count = 0; + unsigned int size_num = OSSL_NELEM(lengths_list); unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0; + int keylen; + int buflen; #ifndef NO_FORK int multi = 0; #endif @@ -1238,6 +1400,9 @@ int speed_main(int argc, char **argv) || !defined(OPENSSL_NO_EC) long rsa_count = 1; #endif + openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS, + ECDSA_SECONDS, ECDH_SECONDS, + EdDSA_SECONDS }; /* What follows are the buffers and key material. */ #ifndef OPENSSL_NO_RC5 @@ -1312,6 +1477,7 @@ int speed_main(int argc, char **argv) sizeof(test15360) }; int rsa_doit[RSA_NUM] = { 0 }; + int primes = RSA_DEFAULT_PRIME_NUM; #endif #ifndef OPENSSL_NO_DSA static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 }; @@ -1323,41 +1489,54 @@ int speed_main(int argc, char **argv) * add tests over more curves, simply add the curve NID and curve name to * the following arrays and increase the |ecdh_choices| list accordingly. */ - static const unsigned int test_curves[EC_NUM] = { - /* Prime Curves */ - NID_secp160r1, NID_X9_62_prime192v1, NID_secp224r1, - NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1, - /* Binary Curves */ - NID_sect163k1, NID_sect233k1, NID_sect283k1, - NID_sect409k1, NID_sect571k1, NID_sect163r2, - NID_sect233r1, NID_sect283r1, NID_sect409r1, - NID_sect571r1, - /* Other */ - NID_X25519 - }; - static const char *test_curves_names[EC_NUM] = { + static const struct { + const char *name; + unsigned int nid; + unsigned int bits; + } test_curves[] = { /* Prime Curves */ - "secp160r1", "nistp192", "nistp224", - "nistp256", "nistp384", "nistp521", + {"secp160r1", NID_secp160r1, 160}, + {"nistp192", NID_X9_62_prime192v1, 192}, + {"nistp224", NID_secp224r1, 224}, + {"nistp256", NID_X9_62_prime256v1, 256}, + {"nistp384", NID_secp384r1, 384}, + {"nistp521", NID_secp521r1, 521}, /* Binary Curves */ - "nistk163", "nistk233", "nistk283", - "nistk409", "nistk571", "nistb163", - "nistb233", "nistb283", "nistb409", - "nistb571", - /* Other */ - "X25519" + {"nistk163", NID_sect163k1, 163}, + {"nistk233", NID_sect233k1, 233}, + {"nistk283", NID_sect283k1, 283}, + {"nistk409", NID_sect409k1, 409}, + {"nistk571", NID_sect571k1, 571}, + {"nistb163", NID_sect163r2, 163}, + {"nistb233", NID_sect233r1, 233}, + {"nistb283", NID_sect283r1, 283}, + {"nistb409", NID_sect409r1, 409}, + {"nistb571", NID_sect571r1, 571}, + {"brainpoolP256r1", NID_brainpoolP256r1, 256}, + {"brainpoolP256t1", NID_brainpoolP256t1, 256}, + {"brainpoolP384r1", NID_brainpoolP384r1, 384}, + {"brainpoolP384t1", NID_brainpoolP384t1, 384}, + {"brainpoolP512r1", NID_brainpoolP512r1, 512}, + {"brainpoolP512t1", NID_brainpoolP512t1, 512}, + /* Other and ECDH only ones */ + {"X25519", NID_X25519, 253}, + {"X448", NID_X448, 448} }; - static const int test_curves_bits[EC_NUM] = { - 160, 192, 224, - 256, 384, 521, - 163, 233, 283, - 409, 571, 163, - 233, 283, 409, - 571, 253 /* X25519 */ + static const struct { + const char *name; + unsigned int nid; + unsigned int bits; + size_t sigsize; + } test_ed_curves[] = { + /* EdDSA */ + {"Ed25519", NID_ED25519, 253, 64}, + {"Ed448", NID_ED448, 456, 114} }; - int ecdsa_doit[ECDSA_NUM] = { 0 }; int ecdh_doit[EC_NUM] = { 0 }; + int eddsa_doit[EdDSA_NUM] = { 0 }; + OPENSSL_assert(OSSL_NELEM(test_curves) >= EC_NUM); + OPENSSL_assert(OSSL_NELEM(test_ed_curves) >= EdDSA_NUM); #endif /* ndef OPENSSL_NO_EC */ prog = opt_init(argc, argv, speed_options); @@ -1440,13 +1619,33 @@ int speed_main(int argc, char **argv) goto end; #endif break; + case OPT_R_CASES: + if (!opt_rand(o)) + goto end; + break; + case OPT_PRIMES: + if (!opt_int(opt_arg(), &primes)) + goto end; + break; + case OPT_SECONDS: + seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa + = seconds.ecdh = seconds.eddsa = atoi(opt_arg()); + break; + case OPT_BYTES: + lengths_single = atoi(opt_arg()); + lengths = &lengths_single; + size_num = 1; + break; + case OPT_AEAD: + aead = 1; + break; } } argc = opt_num_rest(); argv = opt_rest(); /* Remaining arguments are algorithms. */ - for ( ; *argv; argv++) { + for (; *argv; argv++) { if (found(*argv, doit_choices, &i)) { doit[i] = 1; continue; @@ -1486,14 +1685,12 @@ int speed_main(int argc, char **argv) } #endif if (strcmp(*argv, "aes") == 0) { - doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = - doit[D_CBC_256_AES] = 1; + doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1; continue; } #ifndef OPENSSL_NO_CAMELLIA if (strcmp(*argv, "camellia") == 0) { - doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = - doit[D_CBC_256_CML] = 1; + doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1; continue; } #endif @@ -1516,11 +1713,48 @@ int speed_main(int argc, char **argv) ecdh_doit[i] = 2; continue; } + if (strcmp(*argv, "eddsa") == 0) { + for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) + eddsa_doit[loop] = 1; + continue; + } + if (found(*argv, eddsa_choices, &i)) { + eddsa_doit[i] = 2; + continue; + } #endif BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, *argv); goto end; } + /* Sanity checks */ + if (aead) { + if (evp_cipher == NULL) { + BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n"); + goto end; + } else if (!(EVP_CIPHER_flags(evp_cipher) & + EVP_CIPH_FLAG_AEAD_CIPHER)) { + BIO_printf(bio_err, "%s is not an AEAD cipher\n", + OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher))); + goto end; + } + } + if (multiblock) { + if (evp_cipher == NULL) { + BIO_printf(bio_err,"-mb can be used only with a multi-block" + " capable cipher\n"); + goto end; + } else if (!(EVP_CIPHER_flags(evp_cipher) & + EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { + BIO_printf(bio_err, "%s is not a multi-block capable\n", + OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher))); + goto end; + } else if (async_jobs > 0) { + BIO_printf(bio_err, "Async mode is not supported with -mb"); + goto end; + } + } + /* Initialize the job pool if async mode is enabled */ if (async_jobs > 0) { async_init = ASYNC_init_thread(async_jobs, async_jobs); @@ -1531,7 +1765,8 @@ int speed_main(int argc, char **argv) } loopargs_len = (async_jobs == 0 ? 1 : async_jobs); - loopargs = app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs"); + loopargs = + app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs"); memset(loopargs, 0, loopargs_len * sizeof(loopargs_t)); for (i = 0; i < loopargs_len; i++) { @@ -1543,8 +1778,15 @@ int speed_main(int argc, char **argv) } } - loopargs[i].buf_malloc = app_malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1, "input buffer"); - loopargs[i].buf2_malloc = app_malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1, "input buffer"); + buflen = lengths[size_num - 1]; + if (buflen < 36) /* size of random vector in RSA bencmark */ + buflen = 36; + buflen += MAX_MISALIGNMENT + 1; + loopargs[i].buf_malloc = app_malloc(buflen, "input buffer"); + loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer"); + memset(loopargs[i].buf_malloc, 0, buflen); + memset(loopargs[i].buf2_malloc, 0, buflen); + /* Align the start of buffers on a 64 byte boundary */ loopargs[i].buf = loopargs[i].buf_malloc + misalign; loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign; @@ -1555,7 +1797,7 @@ int speed_main(int argc, char **argv) } #ifndef NO_FORK - if (multi && do_multi(multi)) + if (multi && do_multi(multi, size_num)) goto show_res; #endif @@ -1580,6 +1822,8 @@ int speed_main(int argc, char **argv) ecdsa_doit[loop] = 1; for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) ecdh_doit[loop] = 1; + for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++) + eddsa_doit[loop] = 1; #endif } for (i = 0; i < ALGOR_NUM; i++) @@ -1593,14 +1837,19 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_RSA for (i = 0; i < loopargs_len; i++) { + if (primes > RSA_DEFAULT_PRIME_NUM) { + /* for multi-prime RSA, skip this */ + break; + } for (k = 0; k < RSA_NUM; k++) { const unsigned char *p; p = rsa_data[k]; - loopargs[i].rsa_key[k] = d2i_RSAPrivateKey(NULL, &p, rsa_data_length[k]); + loopargs[i].rsa_key[k] = + d2i_RSAPrivateKey(NULL, &p, rsa_data_length[k]); if (loopargs[i].rsa_key[k] == NULL) { - BIO_printf(bio_err, "internal error loading RSA key number %d\n", - k); + BIO_printf(bio_err, + "internal error loading RSA key number %d\n", k); goto end; } } @@ -1608,9 +1857,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_DSA for (i = 0; i < loopargs_len; i++) { - loopargs[i].dsa_key[0] = get_dsa512(); - loopargs[i].dsa_key[1] = get_dsa1024(); - loopargs[i].dsa_key[2] = get_dsa2048(); + loopargs[i].dsa_key[0] = get_dsa(512); + loopargs[i].dsa_key[1] = get_dsa(1024); + loopargs[i].dsa_key[2] = get_dsa(2048); } #endif #ifndef OPENSSL_NO_DES @@ -1690,8 +1939,9 @@ int speed_main(int argc, char **argv) c[D_IGE_192_AES][0] = count; c[D_IGE_256_AES][0] = count; c[D_GHASH][0] = count; + c[D_RAND][0] = count; - for (i = 1; i < SIZE_NUM; i++) { + for (i = 1; i < size_num; i++) { long l0, l1; l0 = (long)lengths[0]; @@ -1708,6 +1958,7 @@ int speed_main(int argc, char **argv) c[D_SHA512][i] = c[D_SHA512][0] * 4 * l0 / l1; c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * l0 / l1; c[D_GHASH][i] = c[D_GHASH][0] * 4 * l0 / l1; + c[D_RAND][i] = c[D_RAND][0] * 4 * l0 / l1; l0 = (long)lengths[i - 1]; @@ -1741,7 +1992,7 @@ int speed_main(int argc, char **argv) rsa_doit[i] = 0; else { if (rsa_c[i][0] == 0) { - rsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */ + rsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */ rsa_c[i][1] = 20; } } @@ -1758,7 +2009,7 @@ int speed_main(int argc, char **argv) dsa_doit[i] = 0; else { if (dsa_c[i][0] == 0) { - dsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */ + dsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */ dsa_c[i][1] = 1; } } @@ -1842,24 +2093,50 @@ int speed_main(int argc, char **argv) } } } - /* default iteration count for the last EC Curve */ + /* repeated code good to factorize */ + ecdh_c[R_EC_BRP256R1][0] = count / 1000; + for (i = R_EC_BRP384R1; i <= R_EC_BRP512R1; i += 2) { + ecdh_c[i][0] = ecdh_c[i - 2][0] / 2; + if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) + ecdh_doit[i] = 0; + else { + if (ecdh_c[i][0] == 0) { + ecdh_c[i][0] = 1; + } + } + } + ecdh_c[R_EC_BRP256T1][0] = count / 1000; + for (i = R_EC_BRP384T1; i <= R_EC_BRP512T1; i += 2) { + ecdh_c[i][0] = ecdh_c[i - 2][0] / 2; + if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0) + ecdh_doit[i] = 0; + else { + if (ecdh_c[i][0] == 0) { + ecdh_c[i][0] = 1; + } + } + } + /* default iteration count for the last two EC Curves */ ecdh_c[R_EC_X25519][0] = count / 1800; + ecdh_c[R_EC_X448][0] = count / 7200; + + eddsa_c[R_EC_Ed25519][0] = count / 1800; + eddsa_c[R_EC_Ed448][0] = count / 7200; # endif # else /* not worth fixing */ # error "You cannot disable DES on systems without SIGALRM." -# endif /* OPENSSL_NO_DES */ -#else -# ifndef _WIN32 - signal(SIGALRM, sig_done); -# endif -#endif /* SIGALRM */ +# endif /* OPENSSL_NO_DES */ +#elif SIGALRM > 0 + signal(SIGALRM, alarmed); +#endif /* SIGALRM */ #ifndef OPENSSL_NO_MD2 if (doit[D_MD2]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs); d = Time_F(STOP); @@ -1869,8 +2146,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_MDC2 if (doit[D_MDC2]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs); d = Time_F(STOP); @@ -1881,8 +2159,9 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_MD4 if (doit[D_MD4]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs); d = Time_F(STOP); @@ -1893,8 +2172,9 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_MD5 if (doit[D_MD5]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, MD5_loop, loopargs); d = Time_F(STOP); @@ -1915,8 +2195,9 @@ int speed_main(int argc, char **argv) HMAC_Init_ex(loopargs[i].hctx, hmac_key, len, EVP_md5(), NULL); } - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, HMAC_loop, loopargs); d = Time_F(STOP); @@ -1928,8 +2209,9 @@ int speed_main(int argc, char **argv) } #endif if (doit[D_SHA1]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, SHA1_loop, loopargs); d = Time_F(STOP); @@ -1937,8 +2219,9 @@ int speed_main(int argc, char **argv) } } if (doit[D_SHA256]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_SHA256], c[D_SHA256][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_SHA256], c[D_SHA256][testnum], + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, SHA256_loop, loopargs); d = Time_F(STOP); @@ -1946,19 +2229,20 @@ int speed_main(int argc, char **argv) } } if (doit[D_SHA512]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_SHA512], c[D_SHA512][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_SHA512], c[D_SHA512][testnum], + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, SHA512_loop, loopargs); d = Time_F(STOP); print_result(D_SHA512, testnum, count, d); } } - #ifndef OPENSSL_NO_WHIRLPOOL if (doit[D_WHIRLPOOL]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum], + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs); d = Time_F(STOP); @@ -1969,8 +2253,9 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_RMD160 if (doit[D_RMD160]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_RMD160], c[D_RMD160][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_RMD160], c[D_RMD160][testnum], + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs); d = Time_F(STOP); @@ -1980,8 +2265,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_RC4 if (doit[D_RC4]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_RC4], c[D_RC4][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_RC4], c[D_RC4][testnum], lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, RC4_loop, loopargs); d = Time_F(STOP); @@ -1991,8 +2277,9 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_DES if (doit[D_CBC_DES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_CBC_DES], c[D_CBC_DES][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_CBC_DES], c[D_CBC_DES][testnum], + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, DES_ncbc_encrypt_loop, loopargs); d = Time_F(STOP); @@ -2001,10 +2288,12 @@ int speed_main(int argc, char **argv) } if (doit[D_EDE3_DES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum], + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, DES_ede3_cbc_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, DES_ede3_cbc_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_EDE3_DES, testnum, count, d); } @@ -2012,74 +2301,83 @@ int speed_main(int argc, char **argv) #endif if (doit[D_CBC_128_AES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, AES_cbc_128_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, AES_cbc_128_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_CBC_128_AES, testnum, count, d); } } if (doit[D_CBC_192_AES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, AES_cbc_192_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, AES_cbc_192_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_CBC_192_AES, testnum, count, d); } } if (doit[D_CBC_256_AES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, AES_cbc_256_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, AES_cbc_256_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_CBC_256_AES, testnum, count, d); } } if (doit[D_IGE_128_AES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, AES_ige_128_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, AES_ige_128_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_IGE_128_AES, testnum, count, d); } } if (doit[D_IGE_192_AES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, AES_ige_192_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, AES_ige_192_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_IGE_192_AES, testnum, count, d); } } if (doit[D_IGE_256_AES]) { - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); - count = run_benchmark(async_jobs, AES_ige_256_encrypt_loop, loopargs); + count = + run_benchmark(async_jobs, AES_ige_256_encrypt_loop, loopargs); d = Time_F(STOP); print_result(D_IGE_256_AES, testnum, count, d); } } if (doit[D_GHASH]) { for (i = 0; i < loopargs_len; i++) { - loopargs[i].gcm_ctx = CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt); - CRYPTO_gcm128_setiv(loopargs[i].gcm_ctx, (unsigned char *)"0123456789ab", 12); + loopargs[i].gcm_ctx = + CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt); + CRYPTO_gcm128_setiv(loopargs[i].gcm_ctx, + (unsigned char *)"0123456789ab", 12); } - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - print_message(names[D_GHASH], c[D_GHASH][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_GHASH], c[D_GHASH][testnum], + lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, CRYPTO_gcm128_aad_loop, loopargs); d = Time_F(STOP); @@ -2088,7 +2386,6 @@ int speed_main(int argc, char **argv) for (i = 0; i < loopargs_len; i++) CRYPTO_gcm128_release(loopargs[i].gcm_ctx); } - #ifndef OPENSSL_NO_CAMELLIA if (doit[D_CBC_128_CML]) { if (async_jobs > 0) { @@ -2096,9 +2393,9 @@ int speed_main(int argc, char **argv) names[D_CBC_128_CML]); doit[D_CBC_128_CML] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++) Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, @@ -2114,9 +2411,9 @@ int speed_main(int argc, char **argv) names[D_CBC_192_CML]); doit[D_CBC_192_CML] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); if (async_jobs > 0) { BIO_printf(bio_err, "Async mode is not supported, exiting..."); exit(1); @@ -2136,9 +2433,9 @@ int speed_main(int argc, char **argv) names[D_CBC_256_CML]); doit[D_CBC_256_CML] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum], - lengths[testnum]); + lengths[testnum], seconds.sym); Time_F(START); for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++) Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, @@ -2156,8 +2453,9 @@ int speed_main(int argc, char **argv) names[D_CBC_IDEA]); doit[D_CBC_IDEA] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { - print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { + print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum], + lengths[testnum], seconds.sym); Time_F(START); for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++) IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, @@ -2175,8 +2473,9 @@ int speed_main(int argc, char **argv) names[D_CBC_SEED]); doit[D_CBC_SEED] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { - print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { + print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum], + lengths[testnum], seconds.sym); Time_F(START); for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++) SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, @@ -2193,8 +2492,9 @@ int speed_main(int argc, char **argv) names[D_CBC_RC2]); doit[D_CBC_RC2] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { - print_message(names[D_CBC_RC2], c[D_CBC_RC2][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { + print_message(names[D_CBC_RC2], c[D_CBC_RC2][testnum], + lengths[testnum], seconds.sym); if (async_jobs > 0) { BIO_printf(bio_err, "Async mode is not supported, exiting..."); exit(1); @@ -2216,8 +2516,9 @@ int speed_main(int argc, char **argv) names[D_CBC_RC5]); doit[D_CBC_RC5] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { - print_message(names[D_CBC_RC5], c[D_CBC_RC5][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { + print_message(names[D_CBC_RC5], c[D_CBC_RC5][testnum], + lengths[testnum], seconds.sym); if (async_jobs > 0) { BIO_printf(bio_err, "Async mode is not supported, exiting..."); exit(1); @@ -2239,8 +2540,9 @@ int speed_main(int argc, char **argv) names[D_CBC_BF]); doit[D_CBC_BF] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { - print_message(names[D_CBC_BF], c[D_CBC_BF][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { + print_message(names[D_CBC_BF], c[D_CBC_BF][testnum], + lengths[testnum], seconds.sym); Time_F(START); for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++) BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, @@ -2258,8 +2560,9 @@ int speed_main(int argc, char **argv) names[D_CBC_CAST]); doit[D_CBC_CAST] = 0; } - for (testnum = 0; testnum < SIZE_NUM && async_init == 0; testnum++) { - print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum], lengths[testnum]); + for (testnum = 0; testnum < size_num && async_init == 0; testnum++) { + print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum], + lengths[testnum], seconds.sym); Time_F(START); for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++) CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf, @@ -2270,63 +2573,85 @@ int speed_main(int argc, char **argv) } } #endif + if (doit[D_RAND]) { + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum], + seconds.sym); + Time_F(START); + count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs); + d = Time_F(STOP); + print_result(D_RAND, testnum, count, d); + } + } if (doit[D_EVP]) { - if (multiblock && evp_cipher) { - if (! - (EVP_CIPHER_flags(evp_cipher) & - EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { - BIO_printf(bio_err, "%s is not multi-block capable\n", - OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher))); + if (evp_cipher != NULL) { + int (*loopfunc)(void *args) = EVP_Update_loop; + + if (multiblock && (EVP_CIPHER_flags(evp_cipher) & + EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { + multiblock_speed(evp_cipher, lengths_single, &seconds); + ret = 0; goto end; } - if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported, exiting..."); - exit(1); + + names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)); + + if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) { + loopfunc = EVP_Update_loop_ccm; + } else if (aead && (EVP_CIPHER_flags(evp_cipher) & + EVP_CIPH_FLAG_AEAD_CIPHER)) { + loopfunc = EVP_Update_loop_aead; + if (lengths == lengths_list) { + lengths = aead_lengths_list; + size_num = OSSL_NELEM(aead_lengths_list); + } } - multiblock_speed(evp_cipher); - ret = 0; - goto end; - } - for (testnum = 0; testnum < SIZE_NUM; testnum++) { - if (evp_cipher) { - names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)); - /* - * -O3 -fschedule-insns messes up an optimization here! - * names[D_EVP] somehow becomes NULL - */ - print_message(names[D_EVP], save_count, lengths[testnum]); + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_EVP], save_count, lengths[testnum], + seconds.sym); for (k = 0; k < loopargs_len; k++) { loopargs[k].ctx = EVP_CIPHER_CTX_new(); - if (decrypt) - EVP_DecryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv); - else - EVP_EncryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv); + EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, NULL, + iv, decrypt ? 0 : 1); + EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0); + + keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx); + loopargs[k].key = app_malloc(keylen, "evp_cipher key"); + EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key); + EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, + loopargs[k].key, NULL, -1); + OPENSSL_clear_free(loopargs[k].key, keylen); } Time_F(START); - count = run_benchmark(async_jobs, EVP_Update_loop, loopargs); + count = run_benchmark(async_jobs, loopfunc, loopargs); d = Time_F(STOP); for (k = 0; k < loopargs_len; k++) { EVP_CIPHER_CTX_free(loopargs[k].ctx); } + print_result(D_EVP, testnum, count, d); } - if (evp_md) { - names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md)); - print_message(names[D_EVP], save_count, lengths[testnum]); + } else if (evp_md != NULL) { + names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md)); + + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_EVP], save_count, lengths[testnum], + seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs); d = Time_F(STOP); + print_result(D_EVP, testnum, count, d); } - print_result(D_EVP, testnum, count, d); } } for (i = 0; i < loopargs_len; i++) - RAND_bytes(loopargs[i].buf, 36); + if (RAND_bytes(loopargs[i].buf, 36) <= 0) + goto end; #ifndef OPENSSL_NO_RSA for (testnum = 0; testnum < RSA_NUM; testnum++) { @@ -2334,6 +2659,34 @@ int speed_main(int argc, char **argv) if (!rsa_doit[testnum]) continue; for (i = 0; i < loopargs_len; i++) { + if (primes > 2) { + /* we haven't set keys yet, generate multi-prime RSA keys */ + BIGNUM *bn = BN_new(); + + if (bn == NULL) + goto end; + if (!BN_set_word(bn, RSA_F4)) { + BN_free(bn); + goto end; + } + + BIO_printf(bio_err, "Generate multi-prime RSA key for %s\n", + rsa_choices[testnum].name); + + loopargs[i].rsa_key[testnum] = RSA_new(); + if (loopargs[i].rsa_key[testnum] == NULL) { + BN_free(bn); + goto end; + } + + if (!RSA_generate_multi_prime_key(loopargs[i].rsa_key[testnum], + rsa_bits[testnum], + primes, bn, NULL)) { + BN_free(bn); + goto end; + } + BN_free(bn); + } st = RSA_sign(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2, &loopargs[i].siglen, loopargs[i].rsa_key[testnum]); if (st == 0) @@ -2346,16 +2699,17 @@ int speed_main(int argc, char **argv) rsa_count = 1; } else { pkey_print_message("private", "rsa", - rsa_c[testnum][0], rsa_bits[testnum], RSA_SECONDS); + rsa_c[testnum][0], rsa_bits[testnum], + seconds.rsa); /* RSA_blinding_on(rsa_key[testnum],NULL); */ Time_F(START); count = run_benchmark(async_jobs, RSA_sign_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, mr ? "+R1:%ld:%d:%.2f\n" - : "%ld %d bit private RSA's in %.2fs\n", + : "%ld %u bits private RSA's in %.2fs\n", count, rsa_bits[testnum], d); - rsa_results[testnum][0] = d / (double)count; + rsa_results[testnum][0] = (double)count / d; rsa_count = count; } @@ -2372,15 +2726,16 @@ int speed_main(int argc, char **argv) rsa_doit[testnum] = 0; } else { pkey_print_message("public", "rsa", - rsa_c[testnum][1], rsa_bits[testnum], RSA_SECONDS); + rsa_c[testnum][1], rsa_bits[testnum], + seconds.rsa); Time_F(START); count = run_benchmark(async_jobs, RSA_verify_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, mr ? "+R2:%ld:%d:%.2f\n" - : "%ld %d bit public RSA's in %.2fs\n", + : "%ld %u bits public RSA's in %.2fs\n", count, rsa_bits[testnum], d); - rsa_results[testnum][1] = d / (double)count; + rsa_results[testnum][1] = (double)count / d; } if (rsa_count <= 1) { @@ -2392,12 +2747,10 @@ int speed_main(int argc, char **argv) #endif /* OPENSSL_NO_RSA */ for (i = 0; i < loopargs_len; i++) - RAND_bytes(loopargs[i].buf, 36); + if (RAND_bytes(loopargs[i].buf, 36) <= 0) + goto end; #ifndef OPENSSL_NO_DSA - if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof(rnd_seed)); - } for (testnum = 0; testnum < DSA_NUM; testnum++) { int st = 0; if (!dsa_doit[testnum]) @@ -2418,15 +2771,16 @@ int speed_main(int argc, char **argv) rsa_count = 1; } else { pkey_print_message("sign", "dsa", - dsa_c[testnum][0], dsa_bits[testnum], DSA_SECONDS); + dsa_c[testnum][0], dsa_bits[testnum], + seconds.dsa); Time_F(START); count = run_benchmark(async_jobs, DSA_sign_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R3:%ld:%d:%.2f\n" - : "%ld %d bit DSA signs in %.2fs\n", + mr ? "+R3:%ld:%u:%.2f\n" + : "%ld %u bits DSA signs in %.2fs\n", count, dsa_bits[testnum], d); - dsa_results[testnum][0] = d / (double)count; + dsa_results[testnum][0] = (double)count / d; rsa_count = count; } @@ -2443,15 +2797,16 @@ int speed_main(int argc, char **argv) dsa_doit[testnum] = 0; } else { pkey_print_message("verify", "dsa", - dsa_c[testnum][1], dsa_bits[testnum], DSA_SECONDS); + dsa_c[testnum][1], dsa_bits[testnum], + seconds.dsa); Time_F(START); count = run_benchmark(async_jobs, DSA_verify_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R4:%ld:%d:%.2f\n" - : "%ld %d bit DSA verify in %.2fs\n", + mr ? "+R4:%ld:%u:%.2f\n" + : "%ld %u bits DSA verify in %.2fs\n", count, dsa_bits[testnum], d); - dsa_results[testnum][1] = d / (double)count; + dsa_results[testnum][1] = (double)count / d; } if (rsa_count <= 1) { @@ -2463,16 +2818,14 @@ int speed_main(int argc, char **argv) #endif /* OPENSSL_NO_DSA */ #ifndef OPENSSL_NO_EC - if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof(rnd_seed)); - } for (testnum = 0; testnum < ECDSA_NUM; testnum++) { int st = 1; if (!ecdsa_doit[testnum]) continue; /* Ignore Curve */ for (i = 0; i < loopargs_len; i++) { - loopargs[i].ecdsa[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]); + loopargs[i].ecdsa[testnum] = + EC_KEY_new_by_curve_name(test_curves[testnum].nid); if (loopargs[i].ecdsa[testnum] == NULL) { st = 0; break; @@ -2488,7 +2841,8 @@ int speed_main(int argc, char **argv) /* Perform ECDSA signature test */ EC_KEY_generate_key(loopargs[i].ecdsa[testnum]); st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2, - &loopargs[i].siglen, loopargs[i].ecdsa[testnum]); + &loopargs[i].siglen, + loopargs[i].ecdsa[testnum]); if (st == 0) break; } @@ -2500,23 +2854,24 @@ int speed_main(int argc, char **argv) } else { pkey_print_message("sign", "ecdsa", ecdsa_c[testnum][0], - test_curves_bits[testnum], ECDSA_SECONDS); + test_curves[testnum].bits, seconds.ecdsa); Time_F(START); count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R5:%ld:%d:%.2f\n" : - "%ld %d bit ECDSA signs in %.2fs \n", - count, test_curves_bits[testnum], d); - ecdsa_results[testnum][0] = d / (double)count; + mr ? "+R5:%ld:%u:%.2f\n" : + "%ld %u bits ECDSA signs in %.2fs \n", + count, test_curves[testnum].bits, d); + ecdsa_results[testnum][0] = (double)count / d; rsa_count = count; } /* Perform ECDSA verification test */ for (i = 0; i < loopargs_len; i++) { st = ECDSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2, - loopargs[i].siglen, loopargs[i].ecdsa[testnum]); + loopargs[i].siglen, + loopargs[i].ecdsa[testnum]); if (st != 1) break; } @@ -2528,15 +2883,15 @@ int speed_main(int argc, char **argv) } else { pkey_print_message("verify", "ecdsa", ecdsa_c[testnum][1], - test_curves_bits[testnum], ECDSA_SECONDS); + test_curves[testnum].bits, seconds.ecdsa); Time_F(START); count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs); d = Time_F(STOP); BIO_printf(bio_err, - mr ? "+R6:%ld:%d:%.2f\n" - : "%ld %d bit ECDSA verify in %.2fs\n", - count, test_curves_bits[testnum], d); - ecdsa_results[testnum][1] = d / (double)count; + mr ? "+R6:%ld:%u:%.2f\n" + : "%ld %u bits ECDSA verify in %.2fs\n", + count, test_curves[testnum].bits, d); + ecdsa_results[testnum][1] = (double)count / d; } if (rsa_count <= 1) { @@ -2547,101 +2902,271 @@ int speed_main(int argc, char **argv) } } - if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof(rnd_seed)); - } for (testnum = 0; testnum < EC_NUM; testnum++) { int ecdh_checks = 1; if (!ecdh_doit[testnum]) continue; + for (i = 0; i < loopargs_len; i++) { - loopargs[i].ecdh_a[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]); - loopargs[i].ecdh_b[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]); - if (loopargs[i].ecdh_a[testnum] == NULL || - loopargs[i].ecdh_b[testnum] == NULL) { + EVP_PKEY_CTX *kctx = NULL; + EVP_PKEY_CTX *test_ctx = NULL; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *key_A = NULL; + EVP_PKEY *key_B = NULL; + size_t outlen; + size_t test_outlen; + + /* Ensure that the error queue is empty */ + if (ERR_peek_error()) { + BIO_printf(bio_err, + "WARNING: the error queue contains previous unhandled errors.\n"); + ERR_print_errors(bio_err); + } + + /* Let's try to create a ctx directly from the NID: this works for + * curves like Curve25519 that are not implemented through the low + * level EC interface. + * If this fails we try creating a EVP_PKEY_EC generic param ctx, + * then we set the curve by NID before deriving the actual keygen + * ctx for that specific curve. */ + kctx = EVP_PKEY_CTX_new_id(test_curves[testnum].nid, NULL); /* keygen ctx from NID */ + if (!kctx) { + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *params = NULL; + + /* If we reach this code EVP_PKEY_CTX_new_id() failed and a + * "int_ctx_new:unsupported algorithm" error was added to the + * error queue. + * We remove it from the error queue as we are handling it. */ + unsigned long error = ERR_peek_error(); /* peek the latest error in the queue */ + if (error == ERR_peek_last_error() && /* oldest and latest errors match */ + /* check that the error origin matches */ + ERR_GET_LIB(error) == ERR_LIB_EVP && + ERR_GET_FUNC(error) == EVP_F_INT_CTX_NEW && + ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM) + ERR_get_error(); /* pop error from queue */ + if (ERR_peek_error()) { + BIO_printf(bio_err, + "Unhandled error in the error queue during ECDH init.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; + } + + if ( /* Create the context for parameter generation */ + !(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) || + /* Initialise the parameter generation */ + !EVP_PKEY_paramgen_init(pctx) || + /* Set the curve by NID */ + !EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, + test_curves + [testnum].nid) || + /* Create the parameter object params */ + !EVP_PKEY_paramgen(pctx, ¶ms)) { + ecdh_checks = 0; + BIO_printf(bio_err, "ECDH EC params init failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; + } + /* Create the context for the key generation */ + kctx = EVP_PKEY_CTX_new(params, NULL); + + EVP_PKEY_free(params); + params = NULL; + EVP_PKEY_CTX_free(pctx); + pctx = NULL; + } + if (kctx == NULL || /* keygen ctx is not null */ + !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) { + ecdh_checks = 0; + BIO_printf(bio_err, "ECDH keygen failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; + } + + if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */ + !EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */ + !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */ + !EVP_PKEY_derive_init(ctx) || /* init derivation ctx */ + !EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */ + !EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */ + outlen == 0 || /* ensure outlen is a valid size */ + outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) { + ecdh_checks = 0; + BIO_printf(bio_err, "ECDH key generation failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; + } + + /* Here we perform a test run, comparing the output of a*B and b*A; + * we try this here and assume that further EVP_PKEY_derive calls + * never fail, so we can skip checks in the actually benchmarked + * code, for maximum performance. */ + if (!(test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) || /* test ctx from skeyB */ + !EVP_PKEY_derive_init(test_ctx) || /* init derivation test_ctx */ + !EVP_PKEY_derive_set_peer(test_ctx, key_A) || /* set peer pubkey in test_ctx */ + !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) || /* determine max length */ + !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) || /* compute a*B */ + !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) || /* compute b*A */ + test_outlen != outlen /* compare output length */ ) { ecdh_checks = 0; + BIO_printf(bio_err, "ECDH computation failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; + } + + /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */ + if (CRYPTO_memcmp(loopargs[i].secret_a, + loopargs[i].secret_b, outlen)) { + ecdh_checks = 0; + BIO_printf(bio_err, "ECDH computations don't match.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + break; + } + + loopargs[i].ecdh_ctx[testnum] = ctx; + loopargs[i].outlen[testnum] = outlen; + + EVP_PKEY_free(key_A); + EVP_PKEY_free(key_B); + EVP_PKEY_CTX_free(kctx); + kctx = NULL; + EVP_PKEY_CTX_free(test_ctx); + test_ctx = NULL; + } + if (ecdh_checks != 0) { + pkey_print_message("", "ecdh", + ecdh_c[testnum][0], + test_curves[testnum].bits, seconds.ecdh); + Time_F(START); + count = + run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs); + d = Time_F(STOP); + BIO_printf(bio_err, + mr ? "+R7:%ld:%d:%.2f\n" : + "%ld %u-bits ECDH ops in %.2fs\n", count, + test_curves[testnum].bits, d); + ecdh_results[testnum][0] = (double)count / d; + rsa_count = count; + } + + if (rsa_count <= 1) { + /* if longer than 10s, don't do any more */ + for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++) + ecdh_doit[testnum] = 0; + } + } + + for (testnum = 0; testnum < EdDSA_NUM; testnum++) { + int st = 1; + EVP_PKEY *ed_pkey = NULL; + EVP_PKEY_CTX *ed_pctx = NULL; + + if (!eddsa_doit[testnum]) + continue; /* Ignore Curve */ + for (i = 0; i < loopargs_len; i++) { + loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new(); + if (loopargs[i].eddsa_ctx[testnum] == NULL) { + st = 0; break; } + + if ((ed_pctx = EVP_PKEY_CTX_new_id(test_ed_curves[testnum].nid, NULL)) + == NULL + || !EVP_PKEY_keygen_init(ed_pctx) + || !EVP_PKEY_keygen(ed_pctx, &ed_pkey)) { + st = 0; + EVP_PKEY_CTX_free(ed_pctx); + break; + } + EVP_PKEY_CTX_free(ed_pctx); + + if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL, + NULL, ed_pkey)) { + st = 0; + EVP_PKEY_free(ed_pkey); + break; + } + EVP_PKEY_free(ed_pkey); } - if (ecdh_checks == 0) { - BIO_printf(bio_err, "ECDH failure.\n"); + if (st == 0) { + BIO_printf(bio_err, "EdDSA failure.\n"); ERR_print_errors(bio_err); rsa_count = 1; } else { for (i = 0; i < loopargs_len; i++) { - /* generate two ECDH key pairs */ - if (!EC_KEY_generate_key(loopargs[i].ecdh_a[testnum]) || - !EC_KEY_generate_key(loopargs[i].ecdh_b[testnum])) { - BIO_printf(bio_err, "ECDH key generation failure.\n"); - ERR_print_errors(bio_err); - ecdh_checks = 0; - rsa_count = 1; - } else { - int secret_size_a, secret_size_b, j; - /* - * If field size is not more than 24 octets, then use SHA-1 - * hash of result; otherwise, use result (see section 4.8 of - * draft-ietf-tls-ecc-03.txt). - */ - int field_size = EC_GROUP_get_degree( - EC_KEY_get0_group(loopargs[i].ecdh_a[testnum])); - - if (field_size <= 24 * 8) { /* 192 bits */ - loopargs[i].outlen = KDF1_SHA1_len; - loopargs[i].kdf = KDF1_SHA1; - } else { - loopargs[i].outlen = (field_size + 7) / 8; - loopargs[i].kdf = NULL; - } - secret_size_a = - ECDH_compute_key(loopargs[i].secret_a, loopargs[i].outlen, - EC_KEY_get0_public_key(loopargs[i].ecdh_b[testnum]), - loopargs[i].ecdh_a[testnum], loopargs[i].kdf); - secret_size_b = - ECDH_compute_key(loopargs[i].secret_b, loopargs[i].outlen, - EC_KEY_get0_public_key(loopargs[i].ecdh_a[testnum]), - loopargs[i].ecdh_b[testnum], loopargs[i].kdf); - if (secret_size_a != secret_size_b) - ecdh_checks = 0; - else - ecdh_checks = 1; - - for (j = 0; j < secret_size_a && ecdh_checks == 1; j++) { - if (loopargs[i].secret_a[j] != loopargs[i].secret_b[j]) - ecdh_checks = 0; - } - - if (ecdh_checks == 0) { - BIO_printf(bio_err, "ECDH computations don't match.\n"); - ERR_print_errors(bio_err); - rsa_count = 1; - break; - } - } + /* Perform EdDSA signature test */ + loopargs[i].sigsize = test_ed_curves[testnum].sigsize; + st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum], + loopargs[i].buf2, &loopargs[i].sigsize, + loopargs[i].buf, 20); + if (st == 0) + break; } - if (ecdh_checks != 0) { - pkey_print_message("", "ecdh", - ecdh_c[testnum][0], - test_curves_bits[testnum], ECDH_SECONDS); + if (st == 0) { + BIO_printf(bio_err, + "EdDSA sign failure. No EdDSA sign will be done.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + } else { + pkey_print_message("sign", test_ed_curves[testnum].name, + eddsa_c[testnum][0], + test_ed_curves[testnum].bits, seconds.eddsa); Time_F(START); - count = run_benchmark(async_jobs, ECDH_compute_key_loop, loopargs); + count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs); d = Time_F(STOP); + BIO_printf(bio_err, - mr ? "+R7:%ld:%d:%.2f\n" : - "%ld %d-bit ECDH ops in %.2fs\n", count, - test_curves_bits[testnum], d); - ecdh_results[testnum][0] = d / (double)count; + mr ? "+R8:%ld:%u:%s:%.2f\n" : + "%ld %u bits %s signs in %.2fs \n", + count, test_ed_curves[testnum].bits, + test_ed_curves[testnum].name, d); + eddsa_results[testnum][0] = (double)count / d; rsa_count = count; } - } - if (rsa_count <= 1) { - /* if longer than 10s, don't do any more */ - for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++) - ecdh_doit[testnum] = 0; + /* Perform EdDSA verification test */ + for (i = 0; i < loopargs_len; i++) { + st = EVP_DigestVerify(loopargs[i].eddsa_ctx[testnum], + loopargs[i].buf2, loopargs[i].sigsize, + loopargs[i].buf, 20); + if (st != 1) + break; + } + if (st != 1) { + BIO_printf(bio_err, + "EdDSA verify failure. No EdDSA verify will be done.\n"); + ERR_print_errors(bio_err); + eddsa_doit[testnum] = 0; + } else { + pkey_print_message("verify", test_ed_curves[testnum].name, + eddsa_c[testnum][1], + test_ed_curves[testnum].bits, seconds.eddsa); + Time_F(START); + count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs); + d = Time_F(STOP); + BIO_printf(bio_err, + mr ? "+R9:%ld:%u:%s:%.2f\n" + : "%ld %u bits %s verify in %.2fs\n", + count, test_ed_curves[testnum].bits, + test_ed_curves[testnum].name, d); + eddsa_results[testnum][1] = (double)count / d; + } + + if (rsa_count <= 1) { + /* if longer than 10s, don't do any more */ + for (testnum++; testnum < EdDSA_NUM; testnum++) + eddsa_doit[testnum] = 0; + } } } + #endif /* OPENSSL_NO_EC */ #ifndef NO_FORK show_res: @@ -2678,7 +3203,7 @@ int speed_main(int argc, char **argv) ("The 'numbers' are in 1000s of bytes per second processed.\n"); printf("type "); } - for (testnum = 0; testnum < SIZE_NUM; testnum++) + for (testnum = 0; testnum < size_num; testnum++) printf(mr ? ":%d" : "%7d bytes", lengths[testnum]); printf("\n"); } @@ -2690,7 +3215,7 @@ int speed_main(int argc, char **argv) printf("+F:%u:%s", k, names[k]); else printf("%-13s", names[k]); - for (testnum = 0; testnum < SIZE_NUM; testnum++) { + for (testnum = 0; testnum < size_num; testnum++) { if (results[k][testnum] > 10000 && !mr) printf(" %11.2fk", results[k][testnum] / 1e3); else @@ -2712,8 +3237,8 @@ int speed_main(int argc, char **argv) k, rsa_bits[k], rsa_results[k][0], rsa_results[k][1]); else printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n", - rsa_bits[k], rsa_results[k][0], rsa_results[k][1], - 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1]); + rsa_bits[k], 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1], + rsa_results[k][0], rsa_results[k][1]); } #endif #ifndef OPENSSL_NO_DSA @@ -2730,8 +3255,8 @@ int speed_main(int argc, char **argv) k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]); else printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n", - dsa_bits[k], dsa_results[k][0], dsa_results[k][1], - 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]); + dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1], + dsa_results[k][0], dsa_results[k][1]); } #endif #ifndef OPENSSL_NO_EC @@ -2746,14 +3271,13 @@ int speed_main(int argc, char **argv) if (mr) printf("+F4:%u:%u:%f:%f\n", - k, test_curves_bits[k], + k, test_curves[k].bits, ecdsa_results[k][0], ecdsa_results[k][1]); else - printf("%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", - test_curves_bits[k], - test_curves_names[k], - ecdsa_results[k][0], ecdsa_results[k][1], - 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]); + printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", + test_curves[k].bits, test_curves[k].name, + 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1], + ecdsa_results[k][0], ecdsa_results[k][1]); } testnum = 1; @@ -2766,14 +3290,33 @@ int speed_main(int argc, char **argv) } if (mr) printf("+F5:%u:%u:%f:%f\n", - k, test_curves_bits[k], + k, test_curves[k].bits, ecdh_results[k][0], 1.0 / ecdh_results[k][0]); else - printf("%4u bit ecdh (%s) %8.4fs %8.1f\n", - test_curves_bits[k], - test_curves_names[k], - ecdh_results[k][0], 1.0 / ecdh_results[k][0]); + printf("%4u bits ecdh (%s) %8.4fs %8.1f\n", + test_curves[k].bits, test_curves[k].name, + 1.0 / ecdh_results[k][0], ecdh_results[k][0]); + } + + testnum = 1; + for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) { + if (!eddsa_doit[k]) + continue; + if (testnum && !mr) { + printf("%30ssign verify sign/s verify/s\n", " "); + testnum = 0; + } + + if (mr) + printf("+F6:%u:%u:%s:%f:%f\n", + k, test_ed_curves[k].bits, test_ed_curves[k].name, + eddsa_results[k][0], eddsa_results[k][1]); + else + printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n", + test_ed_curves[k].bits, test_ed_curves[k].name, + 1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1], + eddsa_results[k][0], eddsa_results[k][1]); } #endif @@ -2796,10 +3339,10 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_EC for (k = 0; k < ECDSA_NUM; k++) EC_KEY_free(loopargs[i].ecdsa[k]); - for (k = 0; k < EC_NUM; k++) { - EC_KEY_free(loopargs[i].ecdh_a[k]); - EC_KEY_free(loopargs[i].ecdh_b[k]); - } + for (k = 0; k < EC_NUM; k++) + EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]); + for (k = 0; k < EdDSA_NUM; k++) + EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]); OPENSSL_free(loopargs[i].secret_a); OPENSSL_free(loopargs[i].secret_b); #endif @@ -2815,17 +3358,17 @@ int speed_main(int argc, char **argv) } OPENSSL_free(loopargs); release_engine(e); - return (ret); + return ret; } -static void print_message(const char *s, long num, int length) +static void print_message(const char *s, long num, int length, int tm) { #ifdef SIGALRM BIO_printf(bio_err, mr ? "+DT:%s:%d:%d\n" - : "Doing %s for %ds on %d size blocks: ", s, SECONDS, length); + : "Doing %s for %ds on %d size blocks: ", s, tm, length); (void)BIO_flush(bio_err); - alarm(SECONDS); + alarm(tm); #else BIO_printf(bio_err, mr ? "+DN:%s:%ld:%d\n" @@ -2835,18 +3378,18 @@ static void print_message(const char *s, long num, int length) } static void pkey_print_message(const char *str, const char *str2, long num, - int bits, int tm) + unsigned int bits, int tm) { #ifdef SIGALRM BIO_printf(bio_err, mr ? "+DTP:%d:%s:%s:%d\n" - : "Doing %d bit %s %s's for %ds: ", bits, str, str2, tm); + : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm); (void)BIO_flush(bio_err); alarm(tm); #else BIO_printf(bio_err, mr ? "+DNP:%ld:%d:%s:%s\n" - : "Doing %ld %d bit %s %s's: ", num, bits, str, str2); + : "Doing %ld %u bits %s %s's: ", num, bits, str, str2); (void)BIO_flush(bio_err); #endif } @@ -2892,14 +3435,14 @@ static char *sstrsep(char **string, const char *delim) return token; } -static int do_multi(int multi) +static int do_multi(int multi, int size_num) { int n; int fd[2]; int *fds; static char sep[] = ":"; - fds = malloc(sizeof(*fds) * multi); + fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi"); for (n = 0; n < multi; ++n) { if (pipe(fd) == -1) { BIO_printf(bio_err, "pipe failure\n"); @@ -2938,19 +3481,20 @@ static int do_multi(int multi) if (p) *p = '\0'; if (buf[0] != '+') { - BIO_printf(bio_err, "Don't understand line '%s' from child %d\n", - buf, n); + BIO_printf(bio_err, + "Don't understand line '%s' from child %d\n", buf, + n); continue; } printf("Got: %s from %d\n", buf, n); if (strncmp(buf, "+F:", 3) == 0) { int alg; - unsigned int j; + int j; p = buf + 3; alg = atoi(sstrsep(&p, sep)); sstrsep(&p, sep); - for (j = 0; j < SIZE_NUM; ++j) + for (j = 0; j < size_num; ++j) results[alg][j] += atof(sstrsep(&p, sep)); } else if (strncmp(buf, "+F2:", 4) == 0) { int k; @@ -2961,16 +3505,10 @@ static int do_multi(int multi) sstrsep(&p, sep); d = atof(sstrsep(&p, sep)); - if (n) - rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d); - else - rsa_results[k][0] = d; + rsa_results[k][0] += d; d = atof(sstrsep(&p, sep)); - if (n) - rsa_results[k][1] = 1 / (1 / rsa_results[k][1] + 1 / d); - else - rsa_results[k][1] = d; + rsa_results[k][1] += d; } # ifndef OPENSSL_NO_DSA else if (strncmp(buf, "+F3:", 4) == 0) { @@ -2982,16 +3520,10 @@ static int do_multi(int multi) sstrsep(&p, sep); d = atof(sstrsep(&p, sep)); - if (n) - dsa_results[k][0] = 1 / (1 / dsa_results[k][0] + 1 / d); - else - dsa_results[k][0] = d; + dsa_results[k][0] += d; d = atof(sstrsep(&p, sep)); - if (n) - dsa_results[k][1] = 1 / (1 / dsa_results[k][1] + 1 / d); - else - dsa_results[k][1] = d; + dsa_results[k][1] += d; } # endif # ifndef OPENSSL_NO_EC @@ -3004,18 +3536,10 @@ static int do_multi(int multi) sstrsep(&p, sep); d = atof(sstrsep(&p, sep)); - if (n) - ecdsa_results[k][0] = - 1 / (1 / ecdsa_results[k][0] + 1 / d); - else - ecdsa_results[k][0] = d; + ecdsa_results[k][0] += d; d = atof(sstrsep(&p, sep)); - if (n) - ecdsa_results[k][1] = - 1 / (1 / ecdsa_results[k][1] + 1 / d); - else - ecdsa_results[k][1] = d; + ecdsa_results[k][1] += d; } else if (strncmp(buf, "+F5:", 4) == 0) { int k; double d; @@ -3025,18 +3549,28 @@ static int do_multi(int multi) sstrsep(&p, sep); d = atof(sstrsep(&p, sep)); - if (n) - ecdh_results[k][0] = 1 / (1 / ecdh_results[k][0] + 1 / d); - else - ecdh_results[k][0] = d; + ecdh_results[k][0] += d; + } else if (strncmp(buf, "+F6:", 4) == 0) { + int k; + double d; + p = buf + 4; + k = atoi(sstrsep(&p, sep)); + sstrsep(&p, sep); + + d = atof(sstrsep(&p, sep)); + eddsa_results[k][0] += d; + + d = atof(sstrsep(&p, sep)); + eddsa_results[k][1] += d; } # endif else if (strncmp(buf, "+H:", 3) == 0) { ; } else - BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf, n); + BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf, + n); } fclose(f); @@ -3046,26 +3580,39 @@ static int do_multi(int multi) } #endif -static void multiblock_speed(const EVP_CIPHER *evp_cipher) +static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, + const openssl_speed_sec_t *seconds) { - static int mblengths[] = + static const int mblengths_list[] = { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 }; - int j, count, num = OSSL_NELEM(mblengths); + const int *mblengths = mblengths_list; + int j, count, keylen, num = OSSL_NELEM(mblengths_list); const char *alg_name; - unsigned char *inp, *out, no_key[32], no_iv[16]; + unsigned char *inp, *out, *key, no_key[32], no_iv[16]; EVP_CIPHER_CTX *ctx; double d = 0.0; + if (lengths_single) { + mblengths = &lengths_single; + num = 1; + } + inp = app_malloc(mblengths[num - 1], "multiblock input buffer"); out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer"); ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex(ctx, evp_cipher, NULL, no_key, no_iv); - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), - no_key); + EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv); + + keylen = EVP_CIPHER_CTX_key_length(ctx); + key = app_malloc(keylen, "evp_cipher key"); + EVP_CIPHER_CTX_rand_key(ctx, key); + EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL); + OPENSSL_clear_free(key, keylen); + + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), no_key); alg_name = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)); for (j = 0; j < num; j++) { - print_message(alg_name, 0, mblengths[j]); + print_message(alg_name, 0, mblengths[j], seconds->sym); Time_F(START); for (count = 0, run = 1; run && count < 0x7fffffff; count++) { unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; @@ -3098,8 +3645,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) RAND_bytes(out, 16); len += 16; - aad[11] = len >> 8; - aad[12] = len; + aad[11] = (unsigned char)(len >> 8); + aad[12] = (unsigned char)(len); pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, EVP_AEAD_TLS1_AAD_LEN, aad); EVP_Cipher(ctx, out, inp, len + pad); |