2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
5 * Licensed under the OpenSSL license (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
13 #define RSA_SECONDS 10
14 #define DSA_SECONDS 10
15 #define ECDSA_SECONDS 10
16 #define ECDH_SECONDS 10
24 #include <openssl/crypto.h>
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
27 #include <openssl/evp.h>
28 #include <openssl/objects.h>
29 #include <openssl/async.h>
30 #if !defined(OPENSSL_SYS_MSDOS)
31 # include OPENSSL_UNISTD
38 #include <openssl/bn.h>
39 #ifndef OPENSSL_NO_DES
40 # include <openssl/des.h>
42 #include <openssl/aes.h>
43 #ifndef OPENSSL_NO_CAMELLIA
44 # include <openssl/camellia.h>
46 #ifndef OPENSSL_NO_MD2
47 # include <openssl/md2.h>
49 #ifndef OPENSSL_NO_MDC2
50 # include <openssl/mdc2.h>
52 #ifndef OPENSSL_NO_MD4
53 # include <openssl/md4.h>
55 #ifndef OPENSSL_NO_MD5
56 # include <openssl/md5.h>
58 #include <openssl/hmac.h>
59 #include <openssl/sha.h>
60 #ifndef OPENSSL_NO_RMD160
61 # include <openssl/ripemd.h>
63 #ifndef OPENSSL_NO_WHIRLPOOL
64 # include <openssl/whrlpool.h>
66 #ifndef OPENSSL_NO_RC4
67 # include <openssl/rc4.h>
69 #ifndef OPENSSL_NO_RC5
70 # include <openssl/rc5.h>
72 #ifndef OPENSSL_NO_RC2
73 # include <openssl/rc2.h>
75 #ifndef OPENSSL_NO_IDEA
76 # include <openssl/idea.h>
78 #ifndef OPENSSL_NO_SEED
79 # include <openssl/seed.h>
82 # include <openssl/blowfish.h>
84 #ifndef OPENSSL_NO_CAST
85 # include <openssl/cast.h>
87 #ifndef OPENSSL_NO_RSA
88 # include <openssl/rsa.h>
89 # include "./testrsa.h"
91 #include <openssl/x509.h>
92 #ifndef OPENSSL_NO_DSA
93 # include <openssl/dsa.h>
94 # include "./testdsa.h"
97 # include <openssl/ec.h>
99 #include <openssl/modes.h>
102 # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
115 #define MAX_MISALIGNMENT 63
116 #define MAX_ECDH_SIZE 256
119 typedef struct openssl_speed_sec_st {
125 } openssl_speed_sec_t;
127 static volatile int run = 0;
130 static int usertime = 1;
132 #ifndef OPENSSL_NO_MD2
133 static int EVP_Digest_MD2_loop(void *args);
136 #ifndef OPENSSL_NO_MDC2
137 static int EVP_Digest_MDC2_loop(void *args);
139 #ifndef OPENSSL_NO_MD4
140 static int EVP_Digest_MD4_loop(void *args);
142 #ifndef OPENSSL_NO_MD5
143 static int MD5_loop(void *args);
144 static int HMAC_loop(void *args);
146 static int SHA1_loop(void *args);
147 static int SHA256_loop(void *args);
148 static int SHA512_loop(void *args);
149 #ifndef OPENSSL_NO_WHIRLPOOL
150 static int WHIRLPOOL_loop(void *args);
152 #ifndef OPENSSL_NO_RMD160
153 static int EVP_Digest_RMD160_loop(void *args);
155 #ifndef OPENSSL_NO_RC4
156 static int RC4_loop(void *args);
158 #ifndef OPENSSL_NO_DES
159 static int DES_ncbc_encrypt_loop(void *args);
160 static int DES_ede3_cbc_encrypt_loop(void *args);
162 static int AES_cbc_128_encrypt_loop(void *args);
163 static int AES_cbc_192_encrypt_loop(void *args);
164 static int AES_ige_128_encrypt_loop(void *args);
165 static int AES_cbc_256_encrypt_loop(void *args);
166 static int AES_ige_192_encrypt_loop(void *args);
167 static int AES_ige_256_encrypt_loop(void *args);
168 static int CRYPTO_gcm128_aad_loop(void *args);
169 static int RAND_bytes_loop(void *args);
170 static int EVP_Update_loop(void *args);
171 static int EVP_Update_loop_ccm(void *args);
172 static int EVP_Update_loop_aead(void *args);
173 static int EVP_Digest_loop(void *args);
174 #ifndef OPENSSL_NO_RSA
175 static int RSA_sign_loop(void *args);
176 static int RSA_verify_loop(void *args);
178 #ifndef OPENSSL_NO_DSA
179 static int DSA_sign_loop(void *args);
180 static int DSA_verify_loop(void *args);
182 #ifndef OPENSSL_NO_EC
183 static int ECDSA_sign_loop(void *args);
184 static int ECDSA_verify_loop(void *args);
187 static double Time_F(int s);
188 static void print_message(const char *s, long num, int length, int tm);
189 static void pkey_print_message(const char *str, const char *str2,
190 long num, unsigned int bits, int sec);
191 static void print_result(int alg, int run_no, int count, double time_used);
193 static int do_multi(int multi, int size_num);
196 static const int lengths_list[] = {
197 16, 64, 256, 1024, 8 * 1024, 16 * 1024
199 static const int *lengths = lengths_list;
201 static const int aead_lengths_list[] = {
202 2, 31, 136, 1024, 8 * 1024, 16 * 1024
210 static void alarmed(int sig)
212 signal(SIGALRM, alarmed);
216 static double Time_F(int s)
218 double ret = app_tminterval(s, usertime);
224 #elif defined(_WIN32)
228 static unsigned int lapse;
229 static volatile unsigned int schlock;
230 static void alarm_win32(unsigned int secs)
235 # define alarm alarm_win32
237 static DWORD WINAPI sleepy(VOID * arg)
245 static double Time_F(int s)
252 thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
254 DWORD err = GetLastError();
255 BIO_printf(bio_err, "unable to CreateThread (%lu)", err);
259 Sleep(0); /* scheduler spinlock */
260 ret = app_tminterval(s, usertime);
262 ret = app_tminterval(s, usertime);
264 TerminateThread(thr, 0);
271 static double Time_F(int s)
273 return app_tminterval(s, usertime);
277 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
278 const openssl_speed_sec_t *seconds);
280 #define found(value, pairs, result)\
281 opt_found(value, result, pairs, OSSL_NELEM(pairs))
282 static int opt_found(const char *name, unsigned int *result,
283 const OPT_PAIR pairs[], unsigned int nbelem)
287 for (idx = 0; idx < nbelem; ++idx, pairs++)
288 if (strcmp(name, pairs->name) == 0) {
289 *result = pairs->retval;
295 typedef enum OPTION_choice {
296 OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
297 OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
298 OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM,
299 OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD
302 const OPTIONS speed_options[] = {
303 {OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"},
304 {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
305 {"help", OPT_HELP, '-', "Display this summary"},
306 {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
307 {"decrypt", OPT_DECRYPT, '-',
308 "Time decryption instead of encryption (only EVP)"},
309 {"aead", OPT_AEAD, '-',
310 "Benchmark EVP-named AEAD cipher in TLS-like sequence"},
312 "Enable (tls1>=1) multi-block mode on EVP-named cipher"},
313 {"mr", OPT_MR, '-', "Produce machine readable output"},
315 {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
317 #ifndef OPENSSL_NO_ASYNC
318 {"async_jobs", OPT_ASYNCJOBS, 'p',
319 "Enable async mode and start specified number of jobs"},
322 #ifndef OPENSSL_NO_ENGINE
323 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
325 {"elapsed", OPT_ELAPSED, '-',
326 "Use wall-clock time instead of CPU user time as divisor"},
327 {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
328 {"seconds", OPT_SECONDS, 'p',
329 "Run benchmarks for specified amount of seconds"},
330 {"bytes", OPT_BYTES, 'p',
331 "Run [non-PKI] benchmarks on custom-sized buffer"},
332 {"misalign", OPT_MISALIGN, 'p',
333 "Use specified offset to mis-align buffers"},
347 #define D_CBC_IDEA 10
348 #define D_CBC_SEED 11
352 #define D_CBC_CAST 15
353 #define D_CBC_128_AES 16
354 #define D_CBC_192_AES 17
355 #define D_CBC_256_AES 18
356 #define D_CBC_128_CML 19
357 #define D_CBC_192_CML 20
358 #define D_CBC_256_CML 21
362 #define D_WHIRLPOOL 25
363 #define D_IGE_128_AES 26
364 #define D_IGE_192_AES 27
365 #define D_IGE_256_AES 28
368 /* name of algorithms to test */
369 static const char *names[] = {
370 "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
371 "des cbc", "des ede3", "idea cbc", "seed cbc",
372 "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
373 "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
374 "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
375 "evp", "sha256", "sha512", "whirlpool",
376 "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash",
379 #define ALGOR_NUM OSSL_NELEM(names)
381 /* list of configured algorithm (remaining) */
382 static const OPT_PAIR doit_choices[] = {
383 #ifndef OPENSSL_NO_MD2
386 #ifndef OPENSSL_NO_MDC2
389 #ifndef OPENSSL_NO_MD4
392 #ifndef OPENSSL_NO_MD5
397 {"sha256", D_SHA256},
398 {"sha512", D_SHA512},
399 #ifndef OPENSSL_NO_WHIRLPOOL
400 {"whirlpool", D_WHIRLPOOL},
402 #ifndef OPENSSL_NO_RMD160
403 {"ripemd", D_RMD160},
404 {"rmd160", D_RMD160},
405 {"ripemd160", D_RMD160},
407 #ifndef OPENSSL_NO_RC4
410 #ifndef OPENSSL_NO_DES
411 {"des-cbc", D_CBC_DES},
412 {"des-ede3", D_EDE3_DES},
414 {"aes-128-cbc", D_CBC_128_AES},
415 {"aes-192-cbc", D_CBC_192_AES},
416 {"aes-256-cbc", D_CBC_256_AES},
417 {"aes-128-ige", D_IGE_128_AES},
418 {"aes-192-ige", D_IGE_192_AES},
419 {"aes-256-ige", D_IGE_256_AES},
420 #ifndef OPENSSL_NO_RC2
421 {"rc2-cbc", D_CBC_RC2},
424 #ifndef OPENSSL_NO_RC5
425 {"rc5-cbc", D_CBC_RC5},
428 #ifndef OPENSSL_NO_IDEA
429 {"idea-cbc", D_CBC_IDEA},
430 {"idea", D_CBC_IDEA},
432 #ifndef OPENSSL_NO_SEED
433 {"seed-cbc", D_CBC_SEED},
434 {"seed", D_CBC_SEED},
436 #ifndef OPENSSL_NO_BF
437 {"bf-cbc", D_CBC_BF},
438 {"blowfish", D_CBC_BF},
441 #ifndef OPENSSL_NO_CAST
442 {"cast-cbc", D_CBC_CAST},
443 {"cast", D_CBC_CAST},
444 {"cast5", D_CBC_CAST},
450 static double results[ALGOR_NUM][OSSL_NELEM(lengths_list)];
452 #ifndef OPENSSL_NO_DSA
454 # define R_DSA_1024 1
455 # define R_DSA_2048 2
456 static const OPT_PAIR dsa_choices[] = {
457 {"dsa512", R_DSA_512},
458 {"dsa1024", R_DSA_1024},
459 {"dsa2048", R_DSA_2048}
461 # define DSA_NUM OSSL_NELEM(dsa_choices)
463 static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
464 #endif /* OPENSSL_NO_DSA */
472 #define R_RSA_15360 6
473 #ifndef OPENSSL_NO_RSA
474 static const OPT_PAIR rsa_choices[] = {
475 {"rsa512", R_RSA_512},
476 {"rsa1024", R_RSA_1024},
477 {"rsa2048", R_RSA_2048},
478 {"rsa3072", R_RSA_3072},
479 {"rsa4096", R_RSA_4096},
480 {"rsa7680", R_RSA_7680},
481 {"rsa15360", R_RSA_15360}
483 # define RSA_NUM OSSL_NELEM(rsa_choices)
485 static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
486 #endif /* OPENSSL_NO_RSA */
504 #define R_EC_BRP256R1 16
505 #define R_EC_BRP256T1 17
506 #define R_EC_BRP384R1 18
507 #define R_EC_BRP384T1 19
508 #define R_EC_BRP512R1 20
509 #define R_EC_BRP512T1 21
510 #define R_EC_X25519 22
512 #ifndef OPENSSL_NO_EC
513 static OPT_PAIR ecdsa_choices[] = {
514 {"ecdsap160", R_EC_P160},
515 {"ecdsap192", R_EC_P192},
516 {"ecdsap224", R_EC_P224},
517 {"ecdsap256", R_EC_P256},
518 {"ecdsap384", R_EC_P384},
519 {"ecdsap521", R_EC_P521},
520 {"ecdsak163", R_EC_K163},
521 {"ecdsak233", R_EC_K233},
522 {"ecdsak283", R_EC_K283},
523 {"ecdsak409", R_EC_K409},
524 {"ecdsak571", R_EC_K571},
525 {"ecdsab163", R_EC_B163},
526 {"ecdsab233", R_EC_B233},
527 {"ecdsab283", R_EC_B283},
528 {"ecdsab409", R_EC_B409},
529 {"ecdsab571", R_EC_B571},
530 {"ecdsabrp256r1", R_EC_BRP256R1},
531 {"ecdsabrp256t1", R_EC_BRP256T1},
532 {"ecdsabrp384r1", R_EC_BRP384R1},
533 {"ecdsabrp384t1", R_EC_BRP384T1},
534 {"ecdsabrp512r1", R_EC_BRP512R1},
535 {"ecdsabrp512t1", R_EC_BRP512T1}
537 # define ECDSA_NUM OSSL_NELEM(ecdsa_choices)
539 static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
541 static const OPT_PAIR ecdh_choices[] = {
542 {"ecdhp160", R_EC_P160},
543 {"ecdhp192", R_EC_P192},
544 {"ecdhp224", R_EC_P224},
545 {"ecdhp256", R_EC_P256},
546 {"ecdhp384", R_EC_P384},
547 {"ecdhp521", R_EC_P521},
548 {"ecdhk163", R_EC_K163},
549 {"ecdhk233", R_EC_K233},
550 {"ecdhk283", R_EC_K283},
551 {"ecdhk409", R_EC_K409},
552 {"ecdhk571", R_EC_K571},
553 {"ecdhb163", R_EC_B163},
554 {"ecdhb233", R_EC_B233},
555 {"ecdhb283", R_EC_B283},
556 {"ecdhb409", R_EC_B409},
557 {"ecdhb571", R_EC_B571},
558 {"ecdhbrp256r1", R_EC_BRP256R1},
559 {"ecdhbrp256t1", R_EC_BRP256T1},
560 {"ecdhbrp384r1", R_EC_BRP384R1},
561 {"ecdhbrp384t1", R_EC_BRP384T1},
562 {"ecdhbrp512r1", R_EC_BRP512R1},
563 {"ecdhbrp512t1", R_EC_BRP512T1},
564 {"ecdhx25519", R_EC_X25519},
565 {"ecdhx448", R_EC_X448}
567 # define EC_NUM OSSL_NELEM(ecdh_choices)
569 static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */
570 #endif /* OPENSSL_NO_EC */
573 # define COND(d) (count < (d))
574 # define COUNT(d) (d)
576 # define COND(unused_cond) (run && count<0x7fffffff)
577 # define COUNT(d) (count)
580 typedef struct loopargs_st {
581 ASYNC_JOB *inprogress_job;
582 ASYNC_WAIT_CTX *wait_ctx;
585 unsigned char *buf_malloc;
586 unsigned char *buf2_malloc;
589 #ifndef OPENSSL_NO_RSA
590 RSA *rsa_key[RSA_NUM];
592 #ifndef OPENSSL_NO_DSA
593 DSA *dsa_key[DSA_NUM];
595 #ifndef OPENSSL_NO_EC
596 EC_KEY *ecdsa[ECDSA_NUM];
597 EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
598 unsigned char *secret_a;
599 unsigned char *secret_b;
600 size_t outlen[EC_NUM];
604 GCM128_CONTEXT *gcm_ctx;
606 static int run_benchmark(int async_jobs, int (*loop_function) (void *),
607 loopargs_t * loopargs);
609 static unsigned int testnum;
611 /* Nb of iterations to do per algorithm and key-size */
612 static long c[ALGOR_NUM][OSSL_NELEM(lengths_list)];
614 #ifndef OPENSSL_NO_MD2
615 static int EVP_Digest_MD2_loop(void *args)
617 loopargs_t *tempargs = *(loopargs_t **) args;
618 unsigned char *buf = tempargs->buf;
619 unsigned char md2[MD2_DIGEST_LENGTH];
622 for (count = 0; COND(c[D_MD2][testnum]); count++) {
623 if (!EVP_Digest(buf, (size_t)lengths[testnum], md2, NULL, EVP_md2(),
631 #ifndef OPENSSL_NO_MDC2
632 static int EVP_Digest_MDC2_loop(void *args)
634 loopargs_t *tempargs = *(loopargs_t **) args;
635 unsigned char *buf = tempargs->buf;
636 unsigned char mdc2[MDC2_DIGEST_LENGTH];
639 for (count = 0; COND(c[D_MDC2][testnum]); count++) {
640 if (!EVP_Digest(buf, (size_t)lengths[testnum], mdc2, NULL, EVP_mdc2(),
648 #ifndef OPENSSL_NO_MD4
649 static int EVP_Digest_MD4_loop(void *args)
651 loopargs_t *tempargs = *(loopargs_t **) args;
652 unsigned char *buf = tempargs->buf;
653 unsigned char md4[MD4_DIGEST_LENGTH];
656 for (count = 0; COND(c[D_MD4][testnum]); count++) {
657 if (!EVP_Digest(buf, (size_t)lengths[testnum], md4, NULL, EVP_md4(),
665 #ifndef OPENSSL_NO_MD5
666 static int MD5_loop(void *args)
668 loopargs_t *tempargs = *(loopargs_t **) args;
669 unsigned char *buf = tempargs->buf;
670 unsigned char md5[MD5_DIGEST_LENGTH];
672 for (count = 0; COND(c[D_MD5][testnum]); count++)
673 MD5(buf, lengths[testnum], md5);
677 static int HMAC_loop(void *args)
679 loopargs_t *tempargs = *(loopargs_t **) args;
680 unsigned char *buf = tempargs->buf;
681 HMAC_CTX *hctx = tempargs->hctx;
682 unsigned char hmac[MD5_DIGEST_LENGTH];
685 for (count = 0; COND(c[D_HMAC][testnum]); count++) {
686 HMAC_Init_ex(hctx, NULL, 0, NULL, NULL);
687 HMAC_Update(hctx, buf, lengths[testnum]);
688 HMAC_Final(hctx, hmac, NULL);
694 static int SHA1_loop(void *args)
696 loopargs_t *tempargs = *(loopargs_t **) args;
697 unsigned char *buf = tempargs->buf;
698 unsigned char sha[SHA_DIGEST_LENGTH];
700 for (count = 0; COND(c[D_SHA1][testnum]); count++)
701 SHA1(buf, lengths[testnum], sha);
705 static int SHA256_loop(void *args)
707 loopargs_t *tempargs = *(loopargs_t **) args;
708 unsigned char *buf = tempargs->buf;
709 unsigned char sha256[SHA256_DIGEST_LENGTH];
711 for (count = 0; COND(c[D_SHA256][testnum]); count++)
712 SHA256(buf, lengths[testnum], sha256);
716 static int SHA512_loop(void *args)
718 loopargs_t *tempargs = *(loopargs_t **) args;
719 unsigned char *buf = tempargs->buf;
720 unsigned char sha512[SHA512_DIGEST_LENGTH];
722 for (count = 0; COND(c[D_SHA512][testnum]); count++)
723 SHA512(buf, lengths[testnum], sha512);
727 #ifndef OPENSSL_NO_WHIRLPOOL
728 static int WHIRLPOOL_loop(void *args)
730 loopargs_t *tempargs = *(loopargs_t **) args;
731 unsigned char *buf = tempargs->buf;
732 unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
734 for (count = 0; COND(c[D_WHIRLPOOL][testnum]); count++)
735 WHIRLPOOL(buf, lengths[testnum], whirlpool);
740 #ifndef OPENSSL_NO_RMD160
741 static int EVP_Digest_RMD160_loop(void *args)
743 loopargs_t *tempargs = *(loopargs_t **) args;
744 unsigned char *buf = tempargs->buf;
745 unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
747 for (count = 0; COND(c[D_RMD160][testnum]); count++) {
748 if (!EVP_Digest(buf, (size_t)lengths[testnum], &(rmd160[0]),
749 NULL, EVP_ripemd160(), NULL))
756 #ifndef OPENSSL_NO_RC4
757 static RC4_KEY rc4_ks;
758 static int RC4_loop(void *args)
760 loopargs_t *tempargs = *(loopargs_t **) args;
761 unsigned char *buf = tempargs->buf;
763 for (count = 0; COND(c[D_RC4][testnum]); count++)
764 RC4(&rc4_ks, (size_t)lengths[testnum], buf, buf);
769 #ifndef OPENSSL_NO_DES
770 static unsigned char DES_iv[8];
771 static DES_key_schedule sch;
772 static DES_key_schedule sch2;
773 static DES_key_schedule sch3;
774 static int DES_ncbc_encrypt_loop(void *args)
776 loopargs_t *tempargs = *(loopargs_t **) args;
777 unsigned char *buf = tempargs->buf;
779 for (count = 0; COND(c[D_CBC_DES][testnum]); count++)
780 DES_ncbc_encrypt(buf, buf, lengths[testnum], &sch,
781 &DES_iv, DES_ENCRYPT);
785 static int DES_ede3_cbc_encrypt_loop(void *args)
787 loopargs_t *tempargs = *(loopargs_t **) args;
788 unsigned char *buf = tempargs->buf;
790 for (count = 0; COND(c[D_EDE3_DES][testnum]); count++)
791 DES_ede3_cbc_encrypt(buf, buf, lengths[testnum],
792 &sch, &sch2, &sch3, &DES_iv, DES_ENCRYPT);
797 #define MAX_BLOCK_SIZE 128
799 static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
800 static AES_KEY aes_ks1, aes_ks2, aes_ks3;
801 static int AES_cbc_128_encrypt_loop(void *args)
803 loopargs_t *tempargs = *(loopargs_t **) args;
804 unsigned char *buf = tempargs->buf;
806 for (count = 0; COND(c[D_CBC_128_AES][testnum]); count++)
807 AES_cbc_encrypt(buf, buf,
808 (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT);
812 static int AES_cbc_192_encrypt_loop(void *args)
814 loopargs_t *tempargs = *(loopargs_t **) args;
815 unsigned char *buf = tempargs->buf;
817 for (count = 0; COND(c[D_CBC_192_AES][testnum]); count++)
818 AES_cbc_encrypt(buf, buf,
819 (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT);
823 static int AES_cbc_256_encrypt_loop(void *args)
825 loopargs_t *tempargs = *(loopargs_t **) args;
826 unsigned char *buf = tempargs->buf;
828 for (count = 0; COND(c[D_CBC_256_AES][testnum]); count++)
829 AES_cbc_encrypt(buf, buf,
830 (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT);
834 static int AES_ige_128_encrypt_loop(void *args)
836 loopargs_t *tempargs = *(loopargs_t **) args;
837 unsigned char *buf = tempargs->buf;
838 unsigned char *buf2 = tempargs->buf2;
840 for (count = 0; COND(c[D_IGE_128_AES][testnum]); count++)
841 AES_ige_encrypt(buf, buf2,
842 (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT);
846 static int AES_ige_192_encrypt_loop(void *args)
848 loopargs_t *tempargs = *(loopargs_t **) args;
849 unsigned char *buf = tempargs->buf;
850 unsigned char *buf2 = tempargs->buf2;
852 for (count = 0; COND(c[D_IGE_192_AES][testnum]); count++)
853 AES_ige_encrypt(buf, buf2,
854 (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT);
858 static int AES_ige_256_encrypt_loop(void *args)
860 loopargs_t *tempargs = *(loopargs_t **) args;
861 unsigned char *buf = tempargs->buf;
862 unsigned char *buf2 = tempargs->buf2;
864 for (count = 0; COND(c[D_IGE_256_AES][testnum]); count++)
865 AES_ige_encrypt(buf, buf2,
866 (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT);
870 static int CRYPTO_gcm128_aad_loop(void *args)
872 loopargs_t *tempargs = *(loopargs_t **) args;
873 unsigned char *buf = tempargs->buf;
874 GCM128_CONTEXT *gcm_ctx = tempargs->gcm_ctx;
876 for (count = 0; COND(c[D_GHASH][testnum]); count++)
877 CRYPTO_gcm128_aad(gcm_ctx, buf, lengths[testnum]);
881 static int RAND_bytes_loop(void *args)
883 loopargs_t *tempargs = *(loopargs_t **) args;
884 unsigned char *buf = tempargs->buf;
887 for (count = 0; COND(c[D_RAND][testnum]); count++)
888 RAND_bytes(buf, lengths[testnum]);
892 static long save_count = 0;
893 static int decrypt = 0;
894 static int EVP_Update_loop(void *args)
896 loopargs_t *tempargs = *(loopargs_t **) args;
897 unsigned char *buf = tempargs->buf;
898 EVP_CIPHER_CTX *ctx = tempargs->ctx;
901 int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
904 for (count = 0; COND(nb_iter); count++) {
905 rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
907 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
910 for (count = 0; COND(nb_iter); count++) {
911 rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
913 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
917 EVP_DecryptFinal_ex(ctx, buf, &outl);
919 EVP_EncryptFinal_ex(ctx, buf, &outl);
924 * CCM does not support streaming. For the purpose of performance measurement,
925 * each message is encrypted using the same (key,iv)-pair. Do not use this
926 * code in your application.
928 static int EVP_Update_loop_ccm(void *args)
930 loopargs_t *tempargs = *(loopargs_t **) args;
931 unsigned char *buf = tempargs->buf;
932 EVP_CIPHER_CTX *ctx = tempargs->ctx;
934 unsigned char tag[12];
936 int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
939 for (count = 0; COND(nb_iter); count++) {
940 EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
941 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), tag);
942 EVP_DecryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]);
943 EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
944 EVP_DecryptFinal_ex(ctx, buf, &outl);
947 for (count = 0; COND(nb_iter); count++) {
948 EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv);
949 EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]);
950 EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
951 EVP_EncryptFinal_ex(ctx, buf, &outl);
958 * To make AEAD benchmarking more relevant perform TLS-like operations,
959 * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
960 * payload length is not actually limited by 16KB...
962 static int EVP_Update_loop_aead(void *args)
964 loopargs_t *tempargs = *(loopargs_t **) args;
965 unsigned char *buf = tempargs->buf;
966 EVP_CIPHER_CTX *ctx = tempargs->ctx;
968 unsigned char aad[13] = { 0xcc };
969 unsigned char faketag[16] = { 0xcc };
971 int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
974 for (count = 0; COND(nb_iter); count++) {
975 EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
976 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
977 sizeof(faketag), faketag);
978 EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
979 EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
980 EVP_DecryptFinal_ex(ctx, buf + outl, &outl);
983 for (count = 0; COND(nb_iter); count++) {
984 EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv);
985 EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
986 EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
987 EVP_EncryptFinal_ex(ctx, buf + outl, &outl);
993 static const EVP_MD *evp_md = NULL;
994 static int EVP_Digest_loop(void *args)
996 loopargs_t *tempargs = *(loopargs_t **) args;
997 unsigned char *buf = tempargs->buf;
998 unsigned char md[EVP_MAX_MD_SIZE];
1001 int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
1004 for (count = 0; COND(nb_iter); count++) {
1005 if (!EVP_Digest(buf, lengths[testnum], md, NULL, evp_md, NULL))
1011 #ifndef OPENSSL_NO_RSA
1012 static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
1014 static int RSA_sign_loop(void *args)
1016 loopargs_t *tempargs = *(loopargs_t **) args;
1017 unsigned char *buf = tempargs->buf;
1018 unsigned char *buf2 = tempargs->buf2;
1019 unsigned int *rsa_num = &tempargs->siglen;
1020 RSA **rsa_key = tempargs->rsa_key;
1022 for (count = 0; COND(rsa_c[testnum][0]); count++) {
1023 ret = RSA_sign(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]);
1025 BIO_printf(bio_err, "RSA sign failure\n");
1026 ERR_print_errors(bio_err);
1034 static int RSA_verify_loop(void *args)
1036 loopargs_t *tempargs = *(loopargs_t **) args;
1037 unsigned char *buf = tempargs->buf;
1038 unsigned char *buf2 = tempargs->buf2;
1039 unsigned int rsa_num = tempargs->siglen;
1040 RSA **rsa_key = tempargs->rsa_key;
1042 for (count = 0; COND(rsa_c[testnum][1]); count++) {
1044 RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]);
1046 BIO_printf(bio_err, "RSA verify failure\n");
1047 ERR_print_errors(bio_err);
1056 #ifndef OPENSSL_NO_DSA
1057 static long dsa_c[DSA_NUM][2];
1058 static int DSA_sign_loop(void *args)
1060 loopargs_t *tempargs = *(loopargs_t **) args;
1061 unsigned char *buf = tempargs->buf;
1062 unsigned char *buf2 = tempargs->buf2;
1063 DSA **dsa_key = tempargs->dsa_key;
1064 unsigned int *siglen = &tempargs->siglen;
1066 for (count = 0; COND(dsa_c[testnum][0]); count++) {
1067 ret = DSA_sign(0, buf, 20, buf2, siglen, dsa_key[testnum]);
1069 BIO_printf(bio_err, "DSA sign failure\n");
1070 ERR_print_errors(bio_err);
1078 static int DSA_verify_loop(void *args)
1080 loopargs_t *tempargs = *(loopargs_t **) args;
1081 unsigned char *buf = tempargs->buf;
1082 unsigned char *buf2 = tempargs->buf2;
1083 DSA **dsa_key = tempargs->dsa_key;
1084 unsigned int siglen = tempargs->siglen;
1086 for (count = 0; COND(dsa_c[testnum][1]); count++) {
1087 ret = DSA_verify(0, buf, 20, buf2, siglen, dsa_key[testnum]);
1089 BIO_printf(bio_err, "DSA verify failure\n");
1090 ERR_print_errors(bio_err);
1099 #ifndef OPENSSL_NO_EC
1100 static long ecdsa_c[ECDSA_NUM][2];
1101 static int ECDSA_sign_loop(void *args)
1103 loopargs_t *tempargs = *(loopargs_t **) args;
1104 unsigned char *buf = tempargs->buf;
1105 EC_KEY **ecdsa = tempargs->ecdsa;
1106 unsigned char *ecdsasig = tempargs->buf2;
1107 unsigned int *ecdsasiglen = &tempargs->siglen;
1109 for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
1110 ret = ECDSA_sign(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]);
1112 BIO_printf(bio_err, "ECDSA sign failure\n");
1113 ERR_print_errors(bio_err);
1121 static int ECDSA_verify_loop(void *args)
1123 loopargs_t *tempargs = *(loopargs_t **) args;
1124 unsigned char *buf = tempargs->buf;
1125 EC_KEY **ecdsa = tempargs->ecdsa;
1126 unsigned char *ecdsasig = tempargs->buf2;
1127 unsigned int ecdsasiglen = tempargs->siglen;
1129 for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
1130 ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]);
1132 BIO_printf(bio_err, "ECDSA verify failure\n");
1133 ERR_print_errors(bio_err);
1141 /* ******************************************************************** */
1142 static long ecdh_c[EC_NUM][1];
1144 static int ECDH_EVP_derive_key_loop(void *args)
1146 loopargs_t *tempargs = *(loopargs_t **) args;
1147 EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum];
1148 unsigned char *derived_secret = tempargs->secret_a;
1150 size_t *outlen = &(tempargs->outlen[testnum]);
1152 for (count = 0; COND(ecdh_c[testnum][0]); count++)
1153 EVP_PKEY_derive(ctx, derived_secret, outlen);
1158 #endif /* OPENSSL_NO_EC */
1160 static int run_benchmark(int async_jobs,
1161 int (*loop_function) (void *), loopargs_t * loopargs)
1163 int job_op_count = 0;
1164 int total_op_count = 0;
1165 int num_inprogress = 0;
1166 int error = 0, i = 0, ret = 0;
1167 OSSL_ASYNC_FD job_fd = 0;
1168 size_t num_job_fds = 0;
1172 if (async_jobs == 0) {
1173 return loop_function((void *)&loopargs);
1176 for (i = 0; i < async_jobs && !error; i++) {
1177 loopargs_t *looparg_item = loopargs + i;
1179 /* Copy pointer content (looparg_t item address) into async context */
1180 ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
1181 &job_op_count, loop_function,
1182 (void *)&looparg_item, sizeof(looparg_item));
1188 if (job_op_count == -1) {
1191 total_op_count += job_op_count;
1196 BIO_printf(bio_err, "Failure in the job\n");
1197 ERR_print_errors(bio_err);
1203 while (num_inprogress > 0) {
1204 #if defined(OPENSSL_SYS_WINDOWS)
1206 #elif defined(OPENSSL_SYS_UNIX)
1207 int select_result = 0;
1208 OSSL_ASYNC_FD max_fd = 0;
1211 FD_ZERO(&waitfdset);
1213 for (i = 0; i < async_jobs && num_inprogress > 0; i++) {
1214 if (loopargs[i].inprogress_job == NULL)
1217 if (!ASYNC_WAIT_CTX_get_all_fds
1218 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1219 || num_job_fds > 1) {
1220 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1221 ERR_print_errors(bio_err);
1225 ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1227 FD_SET(job_fd, &waitfdset);
1228 if (job_fd > max_fd)
1232 if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
1234 "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
1235 "Decrease the value of async_jobs\n",
1236 max_fd, FD_SETSIZE);
1237 ERR_print_errors(bio_err);
1242 select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL);
1243 if (select_result == -1 && errno == EINTR)
1246 if (select_result == -1) {
1247 BIO_printf(bio_err, "Failure in the select\n");
1248 ERR_print_errors(bio_err);
1253 if (select_result == 0)
1257 for (i = 0; i < async_jobs; i++) {
1258 if (loopargs[i].inprogress_job == NULL)
1261 if (!ASYNC_WAIT_CTX_get_all_fds
1262 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1263 || num_job_fds > 1) {
1264 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1265 ERR_print_errors(bio_err);
1269 ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1272 #if defined(OPENSSL_SYS_UNIX)
1273 if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
1275 #elif defined(OPENSSL_SYS_WINDOWS)
1276 if (num_job_fds == 1
1277 && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
1282 ret = ASYNC_start_job(&loopargs[i].inprogress_job,
1283 loopargs[i].wait_ctx, &job_op_count,
1284 loop_function, (void *)(loopargs + i),
1285 sizeof(loopargs_t));
1290 if (job_op_count == -1) {
1293 total_op_count += job_op_count;
1296 loopargs[i].inprogress_job = NULL;
1301 loopargs[i].inprogress_job = NULL;
1302 BIO_printf(bio_err, "Failure in the job\n");
1303 ERR_print_errors(bio_err);
1310 return error ? -1 : total_op_count;
1313 int speed_main(int argc, char **argv)
1316 loopargs_t *loopargs = NULL;
1318 const char *engine_id = NULL;
1319 const EVP_CIPHER *evp_cipher = NULL;
1322 int async_init = 0, multiblock = 0, pr_header = 0;
1323 int doit[ALGOR_NUM] = { 0 };
1324 int ret = 1, misalign = 0, lengths_single = 0, aead = 0;
1326 unsigned int size_num = OSSL_NELEM(lengths_list);
1327 unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0;
1333 #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \
1334 || !defined(OPENSSL_NO_EC)
1337 openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
1338 ECDSA_SECONDS, ECDH_SECONDS };
1340 /* What follows are the buffers and key material. */
1341 #ifndef OPENSSL_NO_RC5
1344 #ifndef OPENSSL_NO_RC2
1347 #ifndef OPENSSL_NO_IDEA
1348 IDEA_KEY_SCHEDULE idea_ks;
1350 #ifndef OPENSSL_NO_SEED
1351 SEED_KEY_SCHEDULE seed_ks;
1353 #ifndef OPENSSL_NO_BF
1356 #ifndef OPENSSL_NO_CAST
1359 static const unsigned char key16[16] = {
1360 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1361 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
1363 static const unsigned char key24[24] = {
1364 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1365 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1366 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
1368 static const unsigned char key32[32] = {
1369 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1370 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1371 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
1372 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
1374 #ifndef OPENSSL_NO_CAMELLIA
1375 static const unsigned char ckey24[24] = {
1376 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1377 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1378 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
1380 static const unsigned char ckey32[32] = {
1381 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1382 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1383 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
1384 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
1386 CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
1388 #ifndef OPENSSL_NO_DES
1389 static DES_cblock key = {
1390 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0
1392 static DES_cblock key2 = {
1393 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
1395 static DES_cblock key3 = {
1396 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
1399 #ifndef OPENSSL_NO_RSA
1400 static const unsigned int rsa_bits[RSA_NUM] = {
1401 512, 1024, 2048, 3072, 4096, 7680, 15360
1403 static const unsigned char *rsa_data[RSA_NUM] = {
1404 test512, test1024, test2048, test3072, test4096, test7680, test15360
1406 static const int rsa_data_length[RSA_NUM] = {
1407 sizeof(test512), sizeof(test1024),
1408 sizeof(test2048), sizeof(test3072),
1409 sizeof(test4096), sizeof(test7680),
1412 int rsa_doit[RSA_NUM] = { 0 };
1413 int primes = RSA_DEFAULT_PRIME_NUM;
1415 #ifndef OPENSSL_NO_DSA
1416 static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
1417 int dsa_doit[DSA_NUM] = { 0 };
1419 #ifndef OPENSSL_NO_EC
1421 * We only test over the following curves as they are representative, To
1422 * add tests over more curves, simply add the curve NID and curve name to
1423 * the following arrays and increase the |ecdh_choices| list accordingly.
1425 static const struct {
1431 {"secp160r1", NID_secp160r1, 160},
1432 {"nistp192", NID_X9_62_prime192v1, 192},
1433 {"nistp224", NID_secp224r1, 224},
1434 {"nistp256", NID_X9_62_prime256v1, 256},
1435 {"nistp384", NID_secp384r1, 384},
1436 {"nistp521", NID_secp521r1, 521},
1438 {"nistk163", NID_sect163k1, 163},
1439 {"nistk233", NID_sect233k1, 233},
1440 {"nistk283", NID_sect283k1, 283},
1441 {"nistk409", NID_sect409k1, 409},
1442 {"nistk571", NID_sect571k1, 571},
1443 {"nistb163", NID_sect163r2, 163},
1444 {"nistb233", NID_sect233r1, 233},
1445 {"nistb283", NID_sect283r1, 283},
1446 {"nistb409", NID_sect409r1, 409},
1447 {"nistb571", NID_sect571r1, 571},
1448 {"brainpoolP256r1", NID_brainpoolP256r1, 256},
1449 {"brainpoolP256t1", NID_brainpoolP256t1, 256},
1450 {"brainpoolP384r1", NID_brainpoolP384r1, 384},
1451 {"brainpoolP384t1", NID_brainpoolP384t1, 384},
1452 {"brainpoolP512r1", NID_brainpoolP512r1, 512},
1453 {"brainpoolP512t1", NID_brainpoolP512t1, 512},
1454 /* Other and ECDH only ones */
1455 {"X25519", NID_X25519, 253},
1456 {"X448", NID_X448, 448}
1458 int ecdsa_doit[ECDSA_NUM] = { 0 };
1459 int ecdh_doit[EC_NUM] = { 0 };
1460 OPENSSL_assert(OSSL_NELEM(test_curves) >= EC_NUM);
1461 #endif /* ndef OPENSSL_NO_EC */
1463 prog = opt_init(argc, argv, speed_options);
1464 while ((o = opt_next()) != OPT_EOF) {
1469 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
1472 opt_help(speed_options);
1480 evp_cipher = EVP_get_cipherbyname(opt_arg());
1481 if (evp_cipher == NULL)
1482 evp_md = EVP_get_digestbyname(opt_arg());
1483 if (evp_cipher == NULL && evp_md == NULL) {
1485 "%s: %s is an unknown cipher or digest\n",
1496 * In a forked execution, an engine might need to be
1497 * initialised by each child process, not by the parent.
1498 * So store the name here and run setup_engine() later on.
1500 engine_id = opt_arg();
1504 multi = atoi(opt_arg());
1508 #ifndef OPENSSL_NO_ASYNC
1509 async_jobs = atoi(opt_arg());
1510 if (!ASYNC_is_capable()) {
1512 "%s: async_jobs specified but async not supported\n",
1516 if (async_jobs > 99999) {
1517 BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
1523 if (!opt_int(opt_arg(), &misalign))
1525 if (misalign > MISALIGN) {
1527 "%s: Maximum offset is %d\n", prog, MISALIGN);
1536 #ifdef OPENSSL_NO_MULTIBLOCK
1538 "%s: -mb specified but multi-block support is disabled\n",
1548 if (!opt_int(opt_arg(), &primes))
1552 seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
1553 = seconds.ecdh = atoi(opt_arg());
1556 lengths_single = atoi(opt_arg());
1557 lengths = &lengths_single;
1565 argc = opt_num_rest();
1568 /* Remaining arguments are algorithms. */
1569 for (; *argv; argv++) {
1570 if (found(*argv, doit_choices, &i)) {
1574 #ifndef OPENSSL_NO_DES
1575 if (strcmp(*argv, "des") == 0) {
1576 doit[D_CBC_DES] = doit[D_EDE3_DES] = 1;
1580 if (strcmp(*argv, "sha") == 0) {
1581 doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
1584 #ifndef OPENSSL_NO_RSA
1585 if (strcmp(*argv, "openssl") == 0)
1587 if (strcmp(*argv, "rsa") == 0) {
1588 for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++)
1592 if (found(*argv, rsa_choices, &i)) {
1597 #ifndef OPENSSL_NO_DSA
1598 if (strcmp(*argv, "dsa") == 0) {
1599 dsa_doit[R_DSA_512] = dsa_doit[R_DSA_1024] =
1600 dsa_doit[R_DSA_2048] = 1;
1603 if (found(*argv, dsa_choices, &i)) {
1608 if (strcmp(*argv, "aes") == 0) {
1609 doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1;
1612 #ifndef OPENSSL_NO_CAMELLIA
1613 if (strcmp(*argv, "camellia") == 0) {
1614 doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
1618 #ifndef OPENSSL_NO_EC
1619 if (strcmp(*argv, "ecdsa") == 0) {
1620 for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
1621 ecdsa_doit[loop] = 1;
1624 if (found(*argv, ecdsa_choices, &i)) {
1628 if (strcmp(*argv, "ecdh") == 0) {
1629 for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
1630 ecdh_doit[loop] = 1;
1633 if (found(*argv, ecdh_choices, &i)) {
1638 BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, *argv);
1644 if (evp_cipher == NULL) {
1645 BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
1647 } else if (!(EVP_CIPHER_flags(evp_cipher) &
1648 EVP_CIPH_FLAG_AEAD_CIPHER)) {
1649 BIO_printf(bio_err, "%s is not an AEAD cipher\n",
1650 OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
1655 if (evp_cipher == NULL) {
1656 BIO_printf(bio_err,"-mb can be used only with a multi-block"
1657 " capable cipher\n");
1659 } else if (!(EVP_CIPHER_flags(evp_cipher) &
1660 EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
1661 BIO_printf(bio_err, "%s is not a multi-block capable\n",
1662 OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
1664 } else if (async_jobs > 0) {
1665 BIO_printf(bio_err, "Async mode is not supported with -mb");
1670 /* Initialize the job pool if async mode is enabled */
1671 if (async_jobs > 0) {
1672 async_init = ASYNC_init_thread(async_jobs, async_jobs);
1674 BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
1679 loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
1681 app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
1682 memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
1684 for (i = 0; i < loopargs_len; i++) {
1685 if (async_jobs > 0) {
1686 loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new();
1687 if (loopargs[i].wait_ctx == NULL) {
1688 BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n");
1693 buflen = lengths[size_num - 1] + MAX_MISALIGNMENT + 1;
1694 loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
1695 loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
1696 memset(loopargs[i].buf_malloc, 0, buflen);
1697 memset(loopargs[i].buf2_malloc, 0, buflen);
1699 /* Align the start of buffers on a 64 byte boundary */
1700 loopargs[i].buf = loopargs[i].buf_malloc + misalign;
1701 loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
1702 #ifndef OPENSSL_NO_EC
1703 loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
1704 loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
1709 if (multi && do_multi(multi, size_num))
1713 /* Initialize the engine after the fork */
1714 e = setup_engine(engine_id, 0);
1716 /* No parameters; turn on everything. */
1717 if ((argc == 0) && !doit[D_EVP]) {
1718 for (i = 0; i < ALGOR_NUM; i++)
1721 #ifndef OPENSSL_NO_RSA
1722 for (i = 0; i < RSA_NUM; i++)
1725 #ifndef OPENSSL_NO_DSA
1726 for (i = 0; i < DSA_NUM; i++)
1729 #ifndef OPENSSL_NO_EC
1730 for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
1731 ecdsa_doit[loop] = 1;
1732 for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
1733 ecdh_doit[loop] = 1;
1736 for (i = 0; i < ALGOR_NUM; i++)
1740 if (usertime == 0 && !mr)
1742 "You have chosen to measure elapsed time "
1743 "instead of user CPU time.\n");
1745 #ifndef OPENSSL_NO_RSA
1746 for (i = 0; i < loopargs_len; i++) {
1747 if (primes > RSA_DEFAULT_PRIME_NUM) {
1748 /* for multi-prime RSA, skip this */
1751 for (k = 0; k < RSA_NUM; k++) {
1752 const unsigned char *p;
1755 loopargs[i].rsa_key[k] =
1756 d2i_RSAPrivateKey(NULL, &p, rsa_data_length[k]);
1757 if (loopargs[i].rsa_key[k] == NULL) {
1759 "internal error loading RSA key number %d\n", k);
1765 #ifndef OPENSSL_NO_DSA
1766 for (i = 0; i < loopargs_len; i++) {
1767 loopargs[i].dsa_key[0] = get_dsa(512);
1768 loopargs[i].dsa_key[1] = get_dsa(1024);
1769 loopargs[i].dsa_key[2] = get_dsa(2048);
1772 #ifndef OPENSSL_NO_DES
1773 DES_set_key_unchecked(&key, &sch);
1774 DES_set_key_unchecked(&key2, &sch2);
1775 DES_set_key_unchecked(&key3, &sch3);
1777 AES_set_encrypt_key(key16, 128, &aes_ks1);
1778 AES_set_encrypt_key(key24, 192, &aes_ks2);
1779 AES_set_encrypt_key(key32, 256, &aes_ks3);
1780 #ifndef OPENSSL_NO_CAMELLIA
1781 Camellia_set_key(key16, 128, &camellia_ks1);
1782 Camellia_set_key(ckey24, 192, &camellia_ks2);
1783 Camellia_set_key(ckey32, 256, &camellia_ks3);
1785 #ifndef OPENSSL_NO_IDEA
1786 IDEA_set_encrypt_key(key16, &idea_ks);
1788 #ifndef OPENSSL_NO_SEED
1789 SEED_set_key(key16, &seed_ks);
1791 #ifndef OPENSSL_NO_RC4
1792 RC4_set_key(&rc4_ks, 16, key16);
1794 #ifndef OPENSSL_NO_RC2
1795 RC2_set_key(&rc2_ks, 16, key16, 128);
1797 #ifndef OPENSSL_NO_RC5
1798 RC5_32_set_key(&rc5_ks, 16, key16, 12);
1800 #ifndef OPENSSL_NO_BF
1801 BF_set_key(&bf_ks, 16, key16);
1803 #ifndef OPENSSL_NO_CAST
1804 CAST_set_key(&cast_ks, 16, key16);
1807 # ifndef OPENSSL_NO_DES
1808 BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
1814 for (it = count; it; it--)
1815 DES_ecb_encrypt((DES_cblock *)loopargs[0].buf,
1816 (DES_cblock *)loopargs[0].buf, &sch, DES_ENCRYPT);
1820 c[D_MD2][0] = count / 10;
1821 c[D_MDC2][0] = count / 10;
1822 c[D_MD4][0] = count;
1823 c[D_MD5][0] = count;
1824 c[D_HMAC][0] = count;
1825 c[D_SHA1][0] = count;
1826 c[D_RMD160][0] = count;
1827 c[D_RC4][0] = count * 5;
1828 c[D_CBC_DES][0] = count;
1829 c[D_EDE3_DES][0] = count / 3;
1830 c[D_CBC_IDEA][0] = count;
1831 c[D_CBC_SEED][0] = count;
1832 c[D_CBC_RC2][0] = count;
1833 c[D_CBC_RC5][0] = count;
1834 c[D_CBC_BF][0] = count;
1835 c[D_CBC_CAST][0] = count;
1836 c[D_CBC_128_AES][0] = count;
1837 c[D_CBC_192_AES][0] = count;
1838 c[D_CBC_256_AES][0] = count;
1839 c[D_CBC_128_CML][0] = count;
1840 c[D_CBC_192_CML][0] = count;
1841 c[D_CBC_256_CML][0] = count;
1842 c[D_SHA256][0] = count;
1843 c[D_SHA512][0] = count;
1844 c[D_WHIRLPOOL][0] = count;
1845 c[D_IGE_128_AES][0] = count;
1846 c[D_IGE_192_AES][0] = count;
1847 c[D_IGE_256_AES][0] = count;
1848 c[D_GHASH][0] = count;
1849 c[D_RAND][0] = count;
1851 for (i = 1; i < size_num; i++) {
1854 l0 = (long)lengths[0];
1855 l1 = (long)lengths[i];
1857 c[D_MD2][i] = c[D_MD2][0] * 4 * l0 / l1;
1858 c[D_MDC2][i] = c[D_MDC2][0] * 4 * l0 / l1;
1859 c[D_MD4][i] = c[D_MD4][0] * 4 * l0 / l1;
1860 c[D_MD5][i] = c[D_MD5][0] * 4 * l0 / l1;
1861 c[D_HMAC][i] = c[D_HMAC][0] * 4 * l0 / l1;
1862 c[D_SHA1][i] = c[D_SHA1][0] * 4 * l0 / l1;
1863 c[D_RMD160][i] = c[D_RMD160][0] * 4 * l0 / l1;
1864 c[D_SHA256][i] = c[D_SHA256][0] * 4 * l0 / l1;
1865 c[D_SHA512][i] = c[D_SHA512][0] * 4 * l0 / l1;
1866 c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * l0 / l1;
1867 c[D_GHASH][i] = c[D_GHASH][0] * 4 * l0 / l1;
1868 c[D_RAND][i] = c[D_RAND][0] * 4 * l0 / l1;
1870 l0 = (long)lengths[i - 1];
1872 c[D_RC4][i] = c[D_RC4][i - 1] * l0 / l1;
1873 c[D_CBC_DES][i] = c[D_CBC_DES][i - 1] * l0 / l1;
1874 c[D_EDE3_DES][i] = c[D_EDE3_DES][i - 1] * l0 / l1;
1875 c[D_CBC_IDEA][i] = c[D_CBC_IDEA][i - 1] * l0 / l1;
1876 c[D_CBC_SEED][i] = c[D_CBC_SEED][i - 1] * l0 / l1;
1877 c[D_CBC_RC2][i] = c[D_CBC_RC2][i - 1] * l0 / l1;
1878 c[D_CBC_RC5][i] = c[D_CBC_RC5][i - 1] * l0 / l1;
1879 c[D_CBC_BF][i] = c[D_CBC_BF][i - 1] * l0 / l1;
1880 c[D_CBC_CAST][i] = c[D_CBC_CAST][i - 1] * l0 / l1;
1881 c[D_CBC_128_AES][i] = c[D_CBC_128_AES][i - 1] * l0 / l1;
1882 c[D_CBC_192_AES][i] = c[D_CBC_192_AES][i - 1] * l0 / l1;
1883 c[D_CBC_256_AES][i] = c[D_CBC_256_AES][i - 1] * l0 / l1;
1884 c[D_CBC_128_CML][i] = c[D_CBC_128_CML][i - 1] * l0 / l1;
1885 c[D_CBC_192_CML][i] = c[D_CBC_192_CML][i - 1] * l0 / l1;
1886 c[D_CBC_256_CML][i] = c[D_CBC_256_CML][i - 1] * l0 / l1;
1887 c[D_IGE_128_AES][i] = c[D_IGE_128_AES][i - 1] * l0 / l1;
1888 c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1;
1889 c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
1892 # ifndef OPENSSL_NO_RSA
1893 rsa_c[R_RSA_512][0] = count / 2000;
1894 rsa_c[R_RSA_512][1] = count / 400;
1895 for (i = 1; i < RSA_NUM; i++) {
1896 rsa_c[i][0] = rsa_c[i - 1][0] / 8;
1897 rsa_c[i][1] = rsa_c[i - 1][1] / 4;
1898 if (rsa_doit[i] <= 1 && rsa_c[i][0] == 0)
1901 if (rsa_c[i][0] == 0) {
1902 rsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
1909 # ifndef OPENSSL_NO_DSA
1910 dsa_c[R_DSA_512][0] = count / 1000;
1911 dsa_c[R_DSA_512][1] = count / 1000 / 2;
1912 for (i = 1; i < DSA_NUM; i++) {
1913 dsa_c[i][0] = dsa_c[i - 1][0] / 4;
1914 dsa_c[i][1] = dsa_c[i - 1][1] / 4;
1915 if (dsa_doit[i] <= 1 && dsa_c[i][0] == 0)
1918 if (dsa_c[i][0] == 0) {
1919 dsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
1926 # ifndef OPENSSL_NO_EC
1927 ecdsa_c[R_EC_P160][0] = count / 1000;
1928 ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
1929 for (i = R_EC_P192; i <= R_EC_P521; i++) {
1930 ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
1931 ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
1932 if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
1935 if (ecdsa_c[i][0] == 0) {
1941 ecdsa_c[R_EC_K163][0] = count / 1000;
1942 ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
1943 for (i = R_EC_K233; i <= R_EC_K571; i++) {
1944 ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
1945 ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
1946 if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
1949 if (ecdsa_c[i][0] == 0) {
1955 ecdsa_c[R_EC_B163][0] = count / 1000;
1956 ecdsa_c[R_EC_B163][1] = count / 1000 / 2;
1957 for (i = R_EC_B233; i <= R_EC_B571; i++) {
1958 ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
1959 ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
1960 if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
1963 if (ecdsa_c[i][0] == 0) {
1970 ecdh_c[R_EC_P160][0] = count / 1000;
1971 for (i = R_EC_P192; i <= R_EC_P521; i++) {
1972 ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
1973 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
1976 if (ecdh_c[i][0] == 0) {
1981 ecdh_c[R_EC_K163][0] = count / 1000;
1982 for (i = R_EC_K233; i <= R_EC_K571; i++) {
1983 ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
1984 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
1987 if (ecdh_c[i][0] == 0) {
1992 ecdh_c[R_EC_B163][0] = count / 1000;
1993 for (i = R_EC_B233; i <= R_EC_B571; i++) {
1994 ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
1995 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
1998 if (ecdh_c[i][0] == 0) {
2003 /* repeated code good to factorize */
2004 ecdh_c[R_EC_BRP256R1][0] = count / 1000;
2005 for (i = R_EC_BRP384R1; i <= R_EC_BRP512R1; i += 2) {
2006 ecdh_c[i][0] = ecdh_c[i - 2][0] / 2;
2007 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
2010 if (ecdh_c[i][0] == 0) {
2015 ecdh_c[R_EC_BRP256T1][0] = count / 1000;
2016 for (i = R_EC_BRP384T1; i <= R_EC_BRP512T1; i += 2) {
2017 ecdh_c[i][0] = ecdh_c[i - 2][0] / 2;
2018 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
2021 if (ecdh_c[i][0] == 0) {
2026 /* default iteration count for the last two EC Curves */
2027 ecdh_c[R_EC_X25519][0] = count / 1800;
2028 ecdh_c[R_EC_X448][0] = count / 7200;
2032 /* not worth fixing */
2033 # error "You cannot disable DES on systems without SIGALRM."
2034 # endif /* OPENSSL_NO_DES */
2036 signal(SIGALRM, alarmed);
2037 #endif /* SIGALRM */
2039 #ifndef OPENSSL_NO_MD2
2041 for (testnum = 0; testnum < size_num; testnum++) {
2042 print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum],
2045 count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
2047 print_result(D_MD2, testnum, count, d);
2051 #ifndef OPENSSL_NO_MDC2
2053 for (testnum = 0; testnum < size_num; testnum++) {
2054 print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum],
2057 count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
2059 print_result(D_MDC2, testnum, count, d);
2064 #ifndef OPENSSL_NO_MD4
2066 for (testnum = 0; testnum < size_num; testnum++) {
2067 print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum],
2070 count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
2072 print_result(D_MD4, testnum, count, d);
2077 #ifndef OPENSSL_NO_MD5
2079 for (testnum = 0; testnum < size_num; testnum++) {
2080 print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum],
2083 count = run_benchmark(async_jobs, MD5_loop, loopargs);
2085 print_result(D_MD5, testnum, count, d);
2090 static const char hmac_key[] = "This is a key...";
2091 int len = strlen(hmac_key);
2093 for (i = 0; i < loopargs_len; i++) {
2094 loopargs[i].hctx = HMAC_CTX_new();
2095 if (loopargs[i].hctx == NULL) {
2096 BIO_printf(bio_err, "HMAC malloc failure, exiting...");
2100 HMAC_Init_ex(loopargs[i].hctx, hmac_key, len, EVP_md5(), NULL);
2102 for (testnum = 0; testnum < size_num; testnum++) {
2103 print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
2106 count = run_benchmark(async_jobs, HMAC_loop, loopargs);
2108 print_result(D_HMAC, testnum, count, d);
2110 for (i = 0; i < loopargs_len; i++) {
2111 HMAC_CTX_free(loopargs[i].hctx);
2116 for (testnum = 0; testnum < size_num; testnum++) {
2117 print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum],
2120 count = run_benchmark(async_jobs, SHA1_loop, loopargs);
2122 print_result(D_SHA1, testnum, count, d);
2125 if (doit[D_SHA256]) {
2126 for (testnum = 0; testnum < size_num; testnum++) {
2127 print_message(names[D_SHA256], c[D_SHA256][testnum],
2128 lengths[testnum], seconds.sym);
2130 count = run_benchmark(async_jobs, SHA256_loop, loopargs);
2132 print_result(D_SHA256, testnum, count, d);
2135 if (doit[D_SHA512]) {
2136 for (testnum = 0; testnum < size_num; testnum++) {
2137 print_message(names[D_SHA512], c[D_SHA512][testnum],
2138 lengths[testnum], seconds.sym);
2140 count = run_benchmark(async_jobs, SHA512_loop, loopargs);
2142 print_result(D_SHA512, testnum, count, d);
2145 #ifndef OPENSSL_NO_WHIRLPOOL
2146 if (doit[D_WHIRLPOOL]) {
2147 for (testnum = 0; testnum < size_num; testnum++) {
2148 print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum],
2149 lengths[testnum], seconds.sym);
2151 count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
2153 print_result(D_WHIRLPOOL, testnum, count, d);
2158 #ifndef OPENSSL_NO_RMD160
2159 if (doit[D_RMD160]) {
2160 for (testnum = 0; testnum < size_num; testnum++) {
2161 print_message(names[D_RMD160], c[D_RMD160][testnum],
2162 lengths[testnum], seconds.sym);
2164 count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
2166 print_result(D_RMD160, testnum, count, d);
2170 #ifndef OPENSSL_NO_RC4
2172 for (testnum = 0; testnum < size_num; testnum++) {
2173 print_message(names[D_RC4], c[D_RC4][testnum], lengths[testnum],
2176 count = run_benchmark(async_jobs, RC4_loop, loopargs);
2178 print_result(D_RC4, testnum, count, d);
2182 #ifndef OPENSSL_NO_DES
2183 if (doit[D_CBC_DES]) {
2184 for (testnum = 0; testnum < size_num; testnum++) {
2185 print_message(names[D_CBC_DES], c[D_CBC_DES][testnum],
2186 lengths[testnum], seconds.sym);
2188 count = run_benchmark(async_jobs, DES_ncbc_encrypt_loop, loopargs);
2190 print_result(D_CBC_DES, testnum, count, d);
2194 if (doit[D_EDE3_DES]) {
2195 for (testnum = 0; testnum < size_num; testnum++) {
2196 print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum],
2197 lengths[testnum], seconds.sym);
2200 run_benchmark(async_jobs, DES_ede3_cbc_encrypt_loop, loopargs);
2202 print_result(D_EDE3_DES, testnum, count, d);
2207 if (doit[D_CBC_128_AES]) {
2208 for (testnum = 0; testnum < size_num; testnum++) {
2209 print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][testnum],
2210 lengths[testnum], seconds.sym);
2213 run_benchmark(async_jobs, AES_cbc_128_encrypt_loop, loopargs);
2215 print_result(D_CBC_128_AES, testnum, count, d);
2218 if (doit[D_CBC_192_AES]) {
2219 for (testnum = 0; testnum < size_num; testnum++) {
2220 print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][testnum],
2221 lengths[testnum], seconds.sym);
2224 run_benchmark(async_jobs, AES_cbc_192_encrypt_loop, loopargs);
2226 print_result(D_CBC_192_AES, testnum, count, d);
2229 if (doit[D_CBC_256_AES]) {
2230 for (testnum = 0; testnum < size_num; testnum++) {
2231 print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][testnum],
2232 lengths[testnum], seconds.sym);
2235 run_benchmark(async_jobs, AES_cbc_256_encrypt_loop, loopargs);
2237 print_result(D_CBC_256_AES, testnum, count, d);
2241 if (doit[D_IGE_128_AES]) {
2242 for (testnum = 0; testnum < size_num; testnum++) {
2243 print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][testnum],
2244 lengths[testnum], seconds.sym);
2247 run_benchmark(async_jobs, AES_ige_128_encrypt_loop, loopargs);
2249 print_result(D_IGE_128_AES, testnum, count, d);
2252 if (doit[D_IGE_192_AES]) {
2253 for (testnum = 0; testnum < size_num; testnum++) {
2254 print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][testnum],
2255 lengths[testnum], seconds.sym);
2258 run_benchmark(async_jobs, AES_ige_192_encrypt_loop, loopargs);
2260 print_result(D_IGE_192_AES, testnum, count, d);
2263 if (doit[D_IGE_256_AES]) {
2264 for (testnum = 0; testnum < size_num; testnum++) {
2265 print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][testnum],
2266 lengths[testnum], seconds.sym);
2269 run_benchmark(async_jobs, AES_ige_256_encrypt_loop, loopargs);
2271 print_result(D_IGE_256_AES, testnum, count, d);
2274 if (doit[D_GHASH]) {
2275 for (i = 0; i < loopargs_len; i++) {
2276 loopargs[i].gcm_ctx =
2277 CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt);
2278 CRYPTO_gcm128_setiv(loopargs[i].gcm_ctx,
2279 (unsigned char *)"0123456789ab", 12);
2282 for (testnum = 0; testnum < size_num; testnum++) {
2283 print_message(names[D_GHASH], c[D_GHASH][testnum],
2284 lengths[testnum], seconds.sym);
2286 count = run_benchmark(async_jobs, CRYPTO_gcm128_aad_loop, loopargs);
2288 print_result(D_GHASH, testnum, count, d);
2290 for (i = 0; i < loopargs_len; i++)
2291 CRYPTO_gcm128_release(loopargs[i].gcm_ctx);
2293 #ifndef OPENSSL_NO_CAMELLIA
2294 if (doit[D_CBC_128_CML]) {
2295 if (async_jobs > 0) {
2296 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2297 names[D_CBC_128_CML]);
2298 doit[D_CBC_128_CML] = 0;
2300 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2301 print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum],
2302 lengths[testnum], seconds.sym);
2304 for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++)
2305 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2306 (size_t)lengths[testnum], &camellia_ks1,
2307 iv, CAMELLIA_ENCRYPT);
2309 print_result(D_CBC_128_CML, testnum, count, d);
2312 if (doit[D_CBC_192_CML]) {
2313 if (async_jobs > 0) {
2314 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2315 names[D_CBC_192_CML]);
2316 doit[D_CBC_192_CML] = 0;
2318 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2319 print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][testnum],
2320 lengths[testnum], seconds.sym);
2321 if (async_jobs > 0) {
2322 BIO_printf(bio_err, "Async mode is not supported, exiting...");
2326 for (count = 0, run = 1; COND(c[D_CBC_192_CML][testnum]); count++)
2327 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2328 (size_t)lengths[testnum], &camellia_ks2,
2329 iv, CAMELLIA_ENCRYPT);
2331 print_result(D_CBC_192_CML, testnum, count, d);
2334 if (doit[D_CBC_256_CML]) {
2335 if (async_jobs > 0) {
2336 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2337 names[D_CBC_256_CML]);
2338 doit[D_CBC_256_CML] = 0;
2340 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2341 print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum],
2342 lengths[testnum], seconds.sym);
2344 for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++)
2345 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2346 (size_t)lengths[testnum], &camellia_ks3,
2347 iv, CAMELLIA_ENCRYPT);
2349 print_result(D_CBC_256_CML, testnum, count, d);
2353 #ifndef OPENSSL_NO_IDEA
2354 if (doit[D_CBC_IDEA]) {
2355 if (async_jobs > 0) {
2356 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2358 doit[D_CBC_IDEA] = 0;
2360 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2361 print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum],
2362 lengths[testnum], seconds.sym);
2364 for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++)
2365 IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2366 (size_t)lengths[testnum], &idea_ks,
2369 print_result(D_CBC_IDEA, testnum, count, d);
2373 #ifndef OPENSSL_NO_SEED
2374 if (doit[D_CBC_SEED]) {
2375 if (async_jobs > 0) {
2376 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2378 doit[D_CBC_SEED] = 0;
2380 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2381 print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum],
2382 lengths[testnum], seconds.sym);
2384 for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++)
2385 SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2386 (size_t)lengths[testnum], &seed_ks, iv, 1);
2388 print_result(D_CBC_SEED, testnum, count, d);
2392 #ifndef OPENSSL_NO_RC2
2393 if (doit[D_CBC_RC2]) {
2394 if (async_jobs > 0) {
2395 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2397 doit[D_CBC_RC2] = 0;
2399 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2400 print_message(names[D_CBC_RC2], c[D_CBC_RC2][testnum],
2401 lengths[testnum], seconds.sym);
2402 if (async_jobs > 0) {
2403 BIO_printf(bio_err, "Async mode is not supported, exiting...");
2407 for (count = 0, run = 1; COND(c[D_CBC_RC2][testnum]); count++)
2408 RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2409 (size_t)lengths[testnum], &rc2_ks,
2412 print_result(D_CBC_RC2, testnum, count, d);
2416 #ifndef OPENSSL_NO_RC5
2417 if (doit[D_CBC_RC5]) {
2418 if (async_jobs > 0) {
2419 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2421 doit[D_CBC_RC5] = 0;
2423 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2424 print_message(names[D_CBC_RC5], c[D_CBC_RC5][testnum],
2425 lengths[testnum], seconds.sym);
2426 if (async_jobs > 0) {
2427 BIO_printf(bio_err, "Async mode is not supported, exiting...");
2431 for (count = 0, run = 1; COND(c[D_CBC_RC5][testnum]); count++)
2432 RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2433 (size_t)lengths[testnum], &rc5_ks,
2436 print_result(D_CBC_RC5, testnum, count, d);
2440 #ifndef OPENSSL_NO_BF
2441 if (doit[D_CBC_BF]) {
2442 if (async_jobs > 0) {
2443 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2447 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2448 print_message(names[D_CBC_BF], c[D_CBC_BF][testnum],
2449 lengths[testnum], seconds.sym);
2451 for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++)
2452 BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2453 (size_t)lengths[testnum], &bf_ks,
2456 print_result(D_CBC_BF, testnum, count, d);
2460 #ifndef OPENSSL_NO_CAST
2461 if (doit[D_CBC_CAST]) {
2462 if (async_jobs > 0) {
2463 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2465 doit[D_CBC_CAST] = 0;
2467 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2468 print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum],
2469 lengths[testnum], seconds.sym);
2471 for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++)
2472 CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2473 (size_t)lengths[testnum], &cast_ks,
2476 print_result(D_CBC_CAST, testnum, count, d);
2481 for (testnum = 0; testnum < size_num; testnum++) {
2482 print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum],
2485 count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs);
2487 print_result(D_RAND, testnum, count, d);
2492 if (evp_cipher != NULL) {
2493 int (*loopfunc)(void *args) = EVP_Update_loop;
2495 if (multiblock && (EVP_CIPHER_flags(evp_cipher) &
2496 EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
2497 multiblock_speed(evp_cipher, lengths_single, &seconds);
2502 names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
2504 if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
2505 loopfunc = EVP_Update_loop_ccm;
2506 } else if (aead && (EVP_CIPHER_flags(evp_cipher) &
2507 EVP_CIPH_FLAG_AEAD_CIPHER)) {
2508 loopfunc = EVP_Update_loop_aead;
2509 if (lengths == lengths_list) {
2510 lengths = aead_lengths_list;
2511 size_num = OSSL_NELEM(aead_lengths_list);
2515 for (testnum = 0; testnum < size_num; testnum++) {
2516 print_message(names[D_EVP], save_count, lengths[testnum],
2519 for (k = 0; k < loopargs_len; k++) {
2520 loopargs[k].ctx = EVP_CIPHER_CTX_new();
2521 EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, NULL,
2522 iv, decrypt ? 0 : 1);
2524 EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
2526 keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx);
2527 loopargs[k].key = app_malloc(keylen, "evp_cipher key");
2528 EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
2529 EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
2530 loopargs[k].key, NULL, -1);
2531 OPENSSL_clear_free(loopargs[k].key, keylen);
2535 count = run_benchmark(async_jobs, loopfunc, loopargs);
2537 for (k = 0; k < loopargs_len; k++) {
2538 EVP_CIPHER_CTX_free(loopargs[k].ctx);
2540 print_result(D_EVP, testnum, count, d);
2542 } else if (evp_md != NULL) {
2543 names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md));
2545 for (testnum = 0; testnum < size_num; testnum++) {
2546 print_message(names[D_EVP], save_count, lengths[testnum],
2549 count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs);
2551 print_result(D_EVP, testnum, count, d);
2556 for (i = 0; i < loopargs_len; i++)
2557 RAND_bytes(loopargs[i].buf, 36);
2559 #ifndef OPENSSL_NO_RSA
2560 for (testnum = 0; testnum < RSA_NUM; testnum++) {
2562 if (!rsa_doit[testnum])
2564 for (i = 0; i < loopargs_len; i++) {
2566 /* we haven't set keys yet, generate multi-prime RSA keys */
2567 BIGNUM *bn = BN_new();
2571 if (!BN_set_word(bn, RSA_F4)) {
2576 BIO_printf(bio_err, "Generate multi-prime RSA key for %s\n",
2577 rsa_choices[testnum].name);
2579 loopargs[i].rsa_key[testnum] = RSA_new();
2580 if (loopargs[i].rsa_key[testnum] == NULL) {
2585 if (!RSA_generate_multi_prime_key(loopargs[i].rsa_key[testnum],
2587 primes, bn, NULL)) {
2593 st = RSA_sign(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
2594 &loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
2600 "RSA sign failure. No RSA sign will be done.\n");
2601 ERR_print_errors(bio_err);
2604 pkey_print_message("private", "rsa",
2605 rsa_c[testnum][0], rsa_bits[testnum],
2607 /* RSA_blinding_on(rsa_key[testnum],NULL); */
2609 count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
2612 mr ? "+R1:%ld:%d:%.2f\n"
2613 : "%ld %u bits private RSA's in %.2fs\n",
2614 count, rsa_bits[testnum], d);
2615 rsa_results[testnum][0] = (double)count / d;
2619 for (i = 0; i < loopargs_len; i++) {
2620 st = RSA_verify(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
2621 loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
2627 "RSA verify failure. No RSA verify will be done.\n");
2628 ERR_print_errors(bio_err);
2629 rsa_doit[testnum] = 0;
2631 pkey_print_message("public", "rsa",
2632 rsa_c[testnum][1], rsa_bits[testnum],
2635 count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
2638 mr ? "+R2:%ld:%d:%.2f\n"
2639 : "%ld %u bits public RSA's in %.2fs\n",
2640 count, rsa_bits[testnum], d);
2641 rsa_results[testnum][1] = (double)count / d;
2644 if (rsa_count <= 1) {
2645 /* if longer than 10s, don't do any more */
2646 for (testnum++; testnum < RSA_NUM; testnum++)
2647 rsa_doit[testnum] = 0;
2650 #endif /* OPENSSL_NO_RSA */
2652 for (i = 0; i < loopargs_len; i++)
2653 RAND_bytes(loopargs[i].buf, 36);
2655 #ifndef OPENSSL_NO_DSA
2656 for (testnum = 0; testnum < DSA_NUM; testnum++) {
2658 if (!dsa_doit[testnum])
2661 /* DSA_generate_key(dsa_key[testnum]); */
2662 /* DSA_sign_setup(dsa_key[testnum],NULL); */
2663 for (i = 0; i < loopargs_len; i++) {
2664 st = DSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
2665 &loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
2671 "DSA sign failure. No DSA sign will be done.\n");
2672 ERR_print_errors(bio_err);
2675 pkey_print_message("sign", "dsa",
2676 dsa_c[testnum][0], dsa_bits[testnum],
2679 count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
2682 mr ? "+R3:%ld:%u:%.2f\n"
2683 : "%ld %u bits DSA signs in %.2fs\n",
2684 count, dsa_bits[testnum], d);
2685 dsa_results[testnum][0] = (double)count / d;
2689 for (i = 0; i < loopargs_len; i++) {
2690 st = DSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
2691 loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
2697 "DSA verify failure. No DSA verify will be done.\n");
2698 ERR_print_errors(bio_err);
2699 dsa_doit[testnum] = 0;
2701 pkey_print_message("verify", "dsa",
2702 dsa_c[testnum][1], dsa_bits[testnum],
2705 count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
2708 mr ? "+R4:%ld:%u:%.2f\n"
2709 : "%ld %u bits DSA verify in %.2fs\n",
2710 count, dsa_bits[testnum], d);
2711 dsa_results[testnum][1] = (double)count / d;
2714 if (rsa_count <= 1) {
2715 /* if longer than 10s, don't do any more */
2716 for (testnum++; testnum < DSA_NUM; testnum++)
2717 dsa_doit[testnum] = 0;
2720 #endif /* OPENSSL_NO_DSA */
2722 #ifndef OPENSSL_NO_EC
2723 for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
2726 if (!ecdsa_doit[testnum])
2727 continue; /* Ignore Curve */
2728 for (i = 0; i < loopargs_len; i++) {
2729 loopargs[i].ecdsa[testnum] =
2730 EC_KEY_new_by_curve_name(test_curves[testnum].nid);
2731 if (loopargs[i].ecdsa[testnum] == NULL) {
2737 BIO_printf(bio_err, "ECDSA failure.\n");
2738 ERR_print_errors(bio_err);
2741 for (i = 0; i < loopargs_len; i++) {
2742 EC_KEY_precompute_mult(loopargs[i].ecdsa[testnum], NULL);
2743 /* Perform ECDSA signature test */
2744 EC_KEY_generate_key(loopargs[i].ecdsa[testnum]);
2745 st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
2746 &loopargs[i].siglen,
2747 loopargs[i].ecdsa[testnum]);
2753 "ECDSA sign failure. No ECDSA sign will be done.\n");
2754 ERR_print_errors(bio_err);
2757 pkey_print_message("sign", "ecdsa",
2758 ecdsa_c[testnum][0],
2759 test_curves[testnum].bits, seconds.ecdsa);
2761 count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
2765 mr ? "+R5:%ld:%u:%.2f\n" :
2766 "%ld %u bits ECDSA signs in %.2fs \n",
2767 count, test_curves[testnum].bits, d);
2768 ecdsa_results[testnum][0] = (double)count / d;
2772 /* Perform ECDSA verification test */
2773 for (i = 0; i < loopargs_len; i++) {
2774 st = ECDSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
2776 loopargs[i].ecdsa[testnum]);
2782 "ECDSA verify failure. No ECDSA verify will be done.\n");
2783 ERR_print_errors(bio_err);
2784 ecdsa_doit[testnum] = 0;
2786 pkey_print_message("verify", "ecdsa",
2787 ecdsa_c[testnum][1],
2788 test_curves[testnum].bits, seconds.ecdsa);
2790 count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
2793 mr ? "+R6:%ld:%u:%.2f\n"
2794 : "%ld %u bits ECDSA verify in %.2fs\n",
2795 count, test_curves[testnum].bits, d);
2796 ecdsa_results[testnum][1] = (double)count / d;
2799 if (rsa_count <= 1) {
2800 /* if longer than 10s, don't do any more */
2801 for (testnum++; testnum < EC_NUM; testnum++)
2802 ecdsa_doit[testnum] = 0;
2807 for (testnum = 0; testnum < EC_NUM; testnum++) {
2808 int ecdh_checks = 1;
2810 if (!ecdh_doit[testnum])
2813 for (i = 0; i < loopargs_len; i++) {
2814 EVP_PKEY_CTX *kctx = NULL;
2815 EVP_PKEY_CTX *test_ctx = NULL;
2816 EVP_PKEY_CTX *ctx = NULL;
2817 EVP_PKEY *key_A = NULL;
2818 EVP_PKEY *key_B = NULL;
2822 /* Ensure that the error queue is empty */
2823 if (ERR_peek_error()) {
2825 "WARNING: the error queue contains previous unhandled errors.\n");
2826 ERR_print_errors(bio_err);
2829 /* Let's try to create a ctx directly from the NID: this works for
2830 * curves like Curve25519 that are not implemented through the low
2831 * level EC interface.
2832 * If this fails we try creating a EVP_PKEY_EC generic param ctx,
2833 * then we set the curve by NID before deriving the actual keygen
2834 * ctx for that specific curve. */
2835 kctx = EVP_PKEY_CTX_new_id(test_curves[testnum].nid, NULL); /* keygen ctx from NID */
2837 EVP_PKEY_CTX *pctx = NULL;
2838 EVP_PKEY *params = NULL;
2840 /* If we reach this code EVP_PKEY_CTX_new_id() failed and a
2841 * "int_ctx_new:unsupported algorithm" error was added to the
2843 * We remove it from the error queue as we are handling it. */
2844 unsigned long error = ERR_peek_error(); /* peek the latest error in the queue */
2845 if (error == ERR_peek_last_error() && /* oldest and latest errors match */
2846 /* check that the error origin matches */
2847 ERR_GET_LIB(error) == ERR_LIB_EVP &&
2848 ERR_GET_FUNC(error) == EVP_F_INT_CTX_NEW &&
2849 ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM)
2850 ERR_get_error(); /* pop error from queue */
2851 if (ERR_peek_error()) {
2853 "Unhandled error in the error queue during ECDH init.\n");
2854 ERR_print_errors(bio_err);
2859 if ( /* Create the context for parameter generation */
2860 !(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) ||
2861 /* Initialise the parameter generation */
2862 !EVP_PKEY_paramgen_init(pctx) ||
2863 /* Set the curve by NID */
2864 !EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
2867 /* Create the parameter object params */
2868 !EVP_PKEY_paramgen(pctx, ¶ms)) {
2870 BIO_printf(bio_err, "ECDH EC params init failure.\n");
2871 ERR_print_errors(bio_err);
2875 /* Create the context for the key generation */
2876 kctx = EVP_PKEY_CTX_new(params, NULL);
2878 EVP_PKEY_free(params);
2880 EVP_PKEY_CTX_free(pctx);
2883 if (kctx == NULL || /* keygen ctx is not null */
2884 !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) {
2886 BIO_printf(bio_err, "ECDH keygen failure.\n");
2887 ERR_print_errors(bio_err);
2892 if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */
2893 !EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */
2894 !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */
2895 !EVP_PKEY_derive_init(ctx) || /* init derivation ctx */
2896 !EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */
2897 !EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */
2898 outlen == 0 || /* ensure outlen is a valid size */
2899 outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) {
2901 BIO_printf(bio_err, "ECDH key generation failure.\n");
2902 ERR_print_errors(bio_err);
2907 /* Here we perform a test run, comparing the output of a*B and b*A;
2908 * we try this here and assume that further EVP_PKEY_derive calls
2909 * never fail, so we can skip checks in the actually benchmarked
2910 * code, for maximum performance. */
2911 if (!(test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) || /* test ctx from skeyB */
2912 !EVP_PKEY_derive_init(test_ctx) || /* init derivation test_ctx */
2913 !EVP_PKEY_derive_set_peer(test_ctx, key_A) || /* set peer pubkey in test_ctx */
2914 !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) || /* determine max length */
2915 !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) || /* compute a*B */
2916 !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) || /* compute b*A */
2917 test_outlen != outlen /* compare output length */ ) {
2919 BIO_printf(bio_err, "ECDH computation failure.\n");
2920 ERR_print_errors(bio_err);
2925 /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
2926 if (CRYPTO_memcmp(loopargs[i].secret_a,
2927 loopargs[i].secret_b, outlen)) {
2929 BIO_printf(bio_err, "ECDH computations don't match.\n");
2930 ERR_print_errors(bio_err);
2935 loopargs[i].ecdh_ctx[testnum] = ctx;
2936 loopargs[i].outlen[testnum] = outlen;
2938 EVP_PKEY_free(key_A);
2939 EVP_PKEY_free(key_B);
2940 EVP_PKEY_CTX_free(kctx);
2942 EVP_PKEY_CTX_free(test_ctx);
2945 if (ecdh_checks != 0) {
2946 pkey_print_message("", "ecdh",
2948 test_curves[testnum].bits, seconds.ecdh);
2951 run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
2954 mr ? "+R7:%ld:%d:%.2f\n" :
2955 "%ld %u-bits ECDH ops in %.2fs\n", count,
2956 test_curves[testnum].bits, d);
2957 ecdh_results[testnum][0] = (double)count / d;
2961 if (rsa_count <= 1) {
2962 /* if longer than 10s, don't do any more */
2963 for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++)
2964 ecdh_doit[testnum] = 0;
2967 #endif /* OPENSSL_NO_EC */
2972 printf("%s\n", OpenSSL_version(OPENSSL_VERSION));
2973 printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
2975 printf("%s ", BN_options());
2976 #ifndef OPENSSL_NO_MD2
2977 printf("%s ", MD2_options());
2979 #ifndef OPENSSL_NO_RC4
2980 printf("%s ", RC4_options());
2982 #ifndef OPENSSL_NO_DES
2983 printf("%s ", DES_options());
2985 printf("%s ", AES_options());
2986 #ifndef OPENSSL_NO_IDEA
2987 printf("%s ", IDEA_options());
2989 #ifndef OPENSSL_NO_BF
2990 printf("%s ", BF_options());
2992 printf("\n%s\n", OpenSSL_version(OPENSSL_CFLAGS));
3000 ("The 'numbers' are in 1000s of bytes per second processed.\n");
3003 for (testnum = 0; testnum < size_num; testnum++)
3004 printf(mr ? ":%d" : "%7d bytes", lengths[testnum]);
3008 for (k = 0; k < ALGOR_NUM; k++) {
3012 printf("+F:%u:%s", k, names[k]);
3014 printf("%-13s", names[k]);
3015 for (testnum = 0; testnum < size_num; testnum++) {
3016 if (results[k][testnum] > 10000 && !mr)
3017 printf(" %11.2fk", results[k][testnum] / 1e3);
3019 printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
3023 #ifndef OPENSSL_NO_RSA
3025 for (k = 0; k < RSA_NUM; k++) {
3028 if (testnum && !mr) {
3029 printf("%18ssign verify sign/s verify/s\n", " ");
3033 printf("+F2:%u:%u:%f:%f\n",
3034 k, rsa_bits[k], rsa_results[k][0], rsa_results[k][1]);
3036 printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3037 rsa_bits[k], 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1],
3038 rsa_results[k][0], rsa_results[k][1]);
3041 #ifndef OPENSSL_NO_DSA
3043 for (k = 0; k < DSA_NUM; k++) {
3046 if (testnum && !mr) {
3047 printf("%18ssign verify sign/s verify/s\n", " ");
3051 printf("+F3:%u:%u:%f:%f\n",
3052 k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
3054 printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3055 dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
3056 dsa_results[k][0], dsa_results[k][1]);
3059 #ifndef OPENSSL_NO_EC
3061 for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
3064 if (testnum && !mr) {
3065 printf("%30ssign verify sign/s verify/s\n", " ");
3070 printf("+F4:%u:%u:%f:%f\n",
3071 k, test_curves[k].bits,
3072 ecdsa_results[k][0], ecdsa_results[k][1]);
3074 printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3075 test_curves[k].bits, test_curves[k].name,
3076 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
3077 ecdsa_results[k][0], ecdsa_results[k][1]);
3081 for (k = 0; k < EC_NUM; k++) {
3084 if (testnum && !mr) {
3085 printf("%30sop op/s\n", " ");
3089 printf("+F5:%u:%u:%f:%f\n",
3090 k, test_curves[k].bits,
3091 ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
3094 printf("%4u bits ecdh (%s) %8.4fs %8.1f\n",
3095 test_curves[k].bits, test_curves[k].name,
3096 1.0 / ecdh_results[k][0], ecdh_results[k][0]);
3103 ERR_print_errors(bio_err);
3104 for (i = 0; i < loopargs_len; i++) {
3105 OPENSSL_free(loopargs[i].buf_malloc);
3106 OPENSSL_free(loopargs[i].buf2_malloc);
3108 #ifndef OPENSSL_NO_RSA
3109 for (k = 0; k < RSA_NUM; k++)
3110 RSA_free(loopargs[i].rsa_key[k]);
3112 #ifndef OPENSSL_NO_DSA
3113 for (k = 0; k < DSA_NUM; k++)
3114 DSA_free(loopargs[i].dsa_key[k]);
3116 #ifndef OPENSSL_NO_EC
3117 for (k = 0; k < ECDSA_NUM; k++)
3118 EC_KEY_free(loopargs[i].ecdsa[k]);
3119 for (k = 0; k < EC_NUM; k++)
3120 EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
3121 OPENSSL_free(loopargs[i].secret_a);
3122 OPENSSL_free(loopargs[i].secret_b);
3126 if (async_jobs > 0) {
3127 for (i = 0; i < loopargs_len; i++)
3128 ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
3132 ASYNC_cleanup_thread();
3134 OPENSSL_free(loopargs);
3139 static void print_message(const char *s, long num, int length, int tm)
3143 mr ? "+DT:%s:%d:%d\n"
3144 : "Doing %s for %ds on %d size blocks: ", s, tm, length);
3145 (void)BIO_flush(bio_err);
3149 mr ? "+DN:%s:%ld:%d\n"
3150 : "Doing %s %ld times on %d size blocks: ", s, num, length);
3151 (void)BIO_flush(bio_err);
3155 static void pkey_print_message(const char *str, const char *str2, long num,
3156 unsigned int bits, int tm)
3160 mr ? "+DTP:%d:%s:%s:%d\n"
3161 : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
3162 (void)BIO_flush(bio_err);
3166 mr ? "+DNP:%ld:%d:%s:%s\n"
3167 : "Doing %ld %u bits %s %s's: ", num, bits, str, str2);
3168 (void)BIO_flush(bio_err);
3172 static void print_result(int alg, int run_no, int count, double time_used)
3175 BIO_puts(bio_err, "EVP error!\n");
3179 mr ? "+R:%d:%s:%f\n"
3180 : "%d %s's in %.2fs\n", count, names[alg], time_used);
3181 results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
3185 static char *sstrsep(char **string, const char *delim)
3188 char *token = *string;
3193 memset(isdelim, 0, sizeof(isdelim));
3197 isdelim[(unsigned char)(*delim)] = 1;
3201 while (!isdelim[(unsigned char)(**string)]) {
3213 static int do_multi(int multi, int size_num)
3218 static char sep[] = ":";
3220 fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
3221 for (n = 0; n < multi; ++n) {
3222 if (pipe(fd) == -1) {
3223 BIO_printf(bio_err, "pipe failure\n");
3227 (void)BIO_flush(bio_err);
3234 if (dup(fd[1]) == -1) {
3235 BIO_printf(bio_err, "dup failed\n");
3244 printf("Forked child %d\n", n);
3247 /* for now, assume the pipe is long enough to take all the output */
3248 for (n = 0; n < multi; ++n) {
3253 f = fdopen(fds[n], "r");
3254 while (fgets(buf, sizeof(buf), f)) {
3255 p = strchr(buf, '\n');
3258 if (buf[0] != '+') {
3260 "Don't understand line '%s' from child %d\n", buf,
3264 printf("Got: %s from %d\n", buf, n);
3265 if (strncmp(buf, "+F:", 3) == 0) {
3270 alg = atoi(sstrsep(&p, sep));
3272 for (j = 0; j < size_num; ++j)
3273 results[alg][j] += atof(sstrsep(&p, sep));
3274 } else if (strncmp(buf, "+F2:", 4) == 0) {
3279 k = atoi(sstrsep(&p, sep));
3282 d = atof(sstrsep(&p, sep));
3283 rsa_results[k][0] += d;
3285 d = atof(sstrsep(&p, sep));
3286 rsa_results[k][1] += d;
3288 # ifndef OPENSSL_NO_DSA
3289 else if (strncmp(buf, "+F3:", 4) == 0) {
3294 k = atoi(sstrsep(&p, sep));
3297 d = atof(sstrsep(&p, sep));
3298 dsa_results[k][0] += d;
3300 d = atof(sstrsep(&p, sep));
3301 dsa_results[k][1] += d;
3304 # ifndef OPENSSL_NO_EC
3305 else if (strncmp(buf, "+F4:", 4) == 0) {
3310 k = atoi(sstrsep(&p, sep));
3313 d = atof(sstrsep(&p, sep));
3314 ecdsa_results[k][0] += d;
3316 d = atof(sstrsep(&p, sep));
3317 ecdsa_results[k][1] += d;
3318 } else if (strncmp(buf, "+F5:", 4) == 0) {
3323 k = atoi(sstrsep(&p, sep));
3326 d = atof(sstrsep(&p, sep));
3327 ecdh_results[k][0] += d;
3331 else if (strncmp(buf, "+H:", 3) == 0) {
3334 BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
3345 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
3346 const openssl_speed_sec_t *seconds)
3348 static const int mblengths_list[] =
3349 { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
3350 const int *mblengths = mblengths_list;
3351 int j, count, keylen, num = OSSL_NELEM(mblengths_list);
3352 const char *alg_name;
3353 unsigned char *inp, *out, *key, no_key[32], no_iv[16];
3354 EVP_CIPHER_CTX *ctx;
3357 if (lengths_single) {
3358 mblengths = &lengths_single;
3362 inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
3363 out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
3364 ctx = EVP_CIPHER_CTX_new();
3365 EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv);
3367 keylen = EVP_CIPHER_CTX_key_length(ctx);
3368 key = app_malloc(keylen, "evp_cipher key");
3369 EVP_CIPHER_CTX_rand_key(ctx, key);
3370 EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL);
3371 OPENSSL_clear_free(key, keylen);
3373 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), no_key);
3374 alg_name = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
3376 for (j = 0; j < num; j++) {
3377 print_message(alg_name, 0, mblengths[j], seconds->sym);
3379 for (count = 0, run = 1; run && count < 0x7fffffff; count++) {
3380 unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
3381 EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
3382 size_t len = mblengths[j];
3385 memset(aad, 0, 8); /* avoid uninitialized values */
3386 aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */
3387 aad[9] = 3; /* version */
3389 aad[11] = 0; /* length */
3391 mb_param.out = NULL;
3394 mb_param.interleave = 8;
3396 packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
3397 sizeof(mb_param), &mb_param);
3403 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
3404 sizeof(mb_param), &mb_param);
3408 RAND_bytes(out, 16);
3410 aad[11] = (unsigned char)(len >> 8);
3411 aad[12] = (unsigned char)(len);
3412 pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
3413 EVP_AEAD_TLS1_AAD_LEN, aad);
3414 EVP_Cipher(ctx, out, inp, len + pad);
3418 BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
3419 : "%d %s's in %.2fs\n", count, "evp", d);
3420 results[D_EVP][j] = ((double)count) / d * mblengths[j];
3424 fprintf(stdout, "+H");
3425 for (j = 0; j < num; j++)
3426 fprintf(stdout, ":%d", mblengths[j]);
3427 fprintf(stdout, "\n");
3428 fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
3429 for (j = 0; j < num; j++)
3430 fprintf(stdout, ":%.2f", results[D_EVP][j]);
3431 fprintf(stdout, "\n");
3434 "The 'numbers' are in 1000s of bytes per second processed.\n");
3435 fprintf(stdout, "type ");
3436 for (j = 0; j < num; j++)
3437 fprintf(stdout, "%7d bytes", mblengths[j]);
3438 fprintf(stdout, "\n");
3439 fprintf(stdout, "%-24s", alg_name);
3441 for (j = 0; j < num; j++) {
3442 if (results[D_EVP][j] > 10000)
3443 fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
3445 fprintf(stdout, " %11.2f ", results[D_EVP][j]);
3447 fprintf(stdout, "\n");
3452 EVP_CIPHER_CTX_free(ctx);