2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
5 * Licensed under the OpenSSL license (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
13 #define RSA_SECONDS 10
14 #define DSA_SECONDS 10
15 #define ECDSA_SECONDS 10
16 #define ECDH_SECONDS 10
24 #include <openssl/crypto.h>
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
27 #include <openssl/evp.h>
28 #include <openssl/objects.h>
29 #include <openssl/async.h>
30 #if !defined(OPENSSL_SYS_MSDOS)
31 # include OPENSSL_UNISTD
38 #include <openssl/bn.h>
39 #ifndef OPENSSL_NO_DES
40 # include <openssl/des.h>
42 #include <openssl/aes.h>
43 #ifndef OPENSSL_NO_CAMELLIA
44 # include <openssl/camellia.h>
46 #ifndef OPENSSL_NO_MD2
47 # include <openssl/md2.h>
49 #ifndef OPENSSL_NO_MDC2
50 # include <openssl/mdc2.h>
52 #ifndef OPENSSL_NO_MD4
53 # include <openssl/md4.h>
55 #ifndef OPENSSL_NO_MD5
56 # include <openssl/md5.h>
58 #include <openssl/hmac.h>
59 #include <openssl/sha.h>
60 #ifndef OPENSSL_NO_RMD160
61 # include <openssl/ripemd.h>
63 #ifndef OPENSSL_NO_WHIRLPOOL
64 # include <openssl/whrlpool.h>
66 #ifndef OPENSSL_NO_RC4
67 # include <openssl/rc4.h>
69 #ifndef OPENSSL_NO_RC5
70 # include <openssl/rc5.h>
72 #ifndef OPENSSL_NO_RC2
73 # include <openssl/rc2.h>
75 #ifndef OPENSSL_NO_IDEA
76 # include <openssl/idea.h>
78 #ifndef OPENSSL_NO_SEED
79 # include <openssl/seed.h>
82 # include <openssl/blowfish.h>
84 #ifndef OPENSSL_NO_CAST
85 # include <openssl/cast.h>
87 #ifndef OPENSSL_NO_RSA
88 # include <openssl/rsa.h>
89 # include "./testrsa.h"
91 #include <openssl/x509.h>
92 #ifndef OPENSSL_NO_DSA
93 # include <openssl/dsa.h>
94 # include "./testdsa.h"
97 # include <openssl/ec.h>
99 #include <openssl/modes.h>
102 # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
115 #define MAX_MISALIGNMENT 63
116 #define MAX_ECDH_SIZE 256
119 typedef struct openssl_speed_sec_st {
125 } openssl_speed_sec_t;
127 static volatile int run = 0;
130 static int usertime = 1;
132 #ifndef OPENSSL_NO_MD2
133 static int EVP_Digest_MD2_loop(void *args);
136 #ifndef OPENSSL_NO_MDC2
137 static int EVP_Digest_MDC2_loop(void *args);
139 #ifndef OPENSSL_NO_MD4
140 static int EVP_Digest_MD4_loop(void *args);
142 #ifndef OPENSSL_NO_MD5
143 static int MD5_loop(void *args);
144 static int HMAC_loop(void *args);
146 static int SHA1_loop(void *args);
147 static int SHA256_loop(void *args);
148 static int SHA512_loop(void *args);
149 #ifndef OPENSSL_NO_WHIRLPOOL
150 static int WHIRLPOOL_loop(void *args);
152 #ifndef OPENSSL_NO_RMD160
153 static int EVP_Digest_RMD160_loop(void *args);
155 #ifndef OPENSSL_NO_RC4
156 static int RC4_loop(void *args);
158 #ifndef OPENSSL_NO_DES
159 static int DES_ncbc_encrypt_loop(void *args);
160 static int DES_ede3_cbc_encrypt_loop(void *args);
162 static int AES_cbc_128_encrypt_loop(void *args);
163 static int AES_cbc_192_encrypt_loop(void *args);
164 static int AES_ige_128_encrypt_loop(void *args);
165 static int AES_cbc_256_encrypt_loop(void *args);
166 static int AES_ige_192_encrypt_loop(void *args);
167 static int AES_ige_256_encrypt_loop(void *args);
168 static int CRYPTO_gcm128_aad_loop(void *args);
169 static int RAND_bytes_loop(void *args);
170 static int EVP_Update_loop(void *args);
171 static int EVP_Update_loop_ccm(void *args);
172 static int EVP_Update_loop_aead(void *args);
173 static int EVP_Digest_loop(void *args);
174 #ifndef OPENSSL_NO_RSA
175 static int RSA_sign_loop(void *args);
176 static int RSA_verify_loop(void *args);
178 #ifndef OPENSSL_NO_DSA
179 static int DSA_sign_loop(void *args);
180 static int DSA_verify_loop(void *args);
182 #ifndef OPENSSL_NO_EC
183 static int ECDSA_sign_loop(void *args);
184 static int ECDSA_verify_loop(void *args);
187 static double Time_F(int s);
188 static void print_message(const char *s, long num, int length, int tm);
189 static void pkey_print_message(const char *str, const char *str2,
190 long num, unsigned int bits, int sec);
191 static void print_result(int alg, int run_no, int count, double time_used);
193 static int do_multi(int multi, int size_num);
196 static const int lengths_list[] = {
197 16, 64, 256, 1024, 8 * 1024, 16 * 1024
199 static const int *lengths = lengths_list;
201 static const int aead_lengths_list[] = {
202 2, 31, 136, 1024, 8 * 1024, 16 * 1024
210 static void alarmed(int sig)
212 signal(SIGALRM, alarmed);
216 static double Time_F(int s)
218 double ret = app_tminterval(s, usertime);
224 #elif defined(_WIN32)
228 static unsigned int lapse;
229 static volatile unsigned int schlock;
230 static void alarm_win32(unsigned int secs)
235 # define alarm alarm_win32
237 static DWORD WINAPI sleepy(VOID * arg)
245 static double Time_F(int s)
252 thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
254 DWORD err = GetLastError();
255 BIO_printf(bio_err, "unable to CreateThread (%lu)", err);
259 Sleep(0); /* scheduler spinlock */
260 ret = app_tminterval(s, usertime);
262 ret = app_tminterval(s, usertime);
264 TerminateThread(thr, 0);
271 static double Time_F(int s)
273 return app_tminterval(s, usertime);
277 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
278 const openssl_speed_sec_t *seconds);
280 #define found(value, pairs, result)\
281 opt_found(value, result, pairs, OSSL_NELEM(pairs))
282 static int opt_found(const char *name, unsigned int *result,
283 const OPT_PAIR pairs[], unsigned int nbelem)
287 for (idx = 0; idx < nbelem; ++idx, pairs++)
288 if (strcmp(name, pairs->name) == 0) {
289 *result = pairs->retval;
295 typedef enum OPTION_choice {
296 OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
297 OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
298 OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM,
299 OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD
302 const OPTIONS speed_options[] = {
303 {OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"},
304 {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
305 {"help", OPT_HELP, '-', "Display this summary"},
306 {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
307 {"decrypt", OPT_DECRYPT, '-',
308 "Time decryption instead of encryption (only EVP)"},
309 {"aead", OPT_AEAD, '-',
310 "Benchmark EVP-named AEAD cipher in TLS-like sequence"},
312 "Enable (tls1>=1) multi-block mode on EVP-named cipher"},
313 {"mr", OPT_MR, '-', "Produce machine readable output"},
315 {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
317 #ifndef OPENSSL_NO_ASYNC
318 {"async_jobs", OPT_ASYNCJOBS, 'p',
319 "Enable async mode and start specified number of jobs"},
322 #ifndef OPENSSL_NO_ENGINE
323 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
325 {"elapsed", OPT_ELAPSED, '-',
326 "Use wall-clock time instead of CPU user time as divisor"},
327 {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
328 {"seconds", OPT_SECONDS, 'p',
329 "Run benchmarks for specified amount of seconds"},
330 {"bytes", OPT_BYTES, 'p',
331 "Run [non-PKI] benchmarks on custom-sized buffer"},
332 {"misalign", OPT_MISALIGN, 'p',
333 "Use specified offset to mis-align buffers"},
347 #define D_CBC_IDEA 10
348 #define D_CBC_SEED 11
352 #define D_CBC_CAST 15
353 #define D_CBC_128_AES 16
354 #define D_CBC_192_AES 17
355 #define D_CBC_256_AES 18
356 #define D_CBC_128_CML 19
357 #define D_CBC_192_CML 20
358 #define D_CBC_256_CML 21
362 #define D_WHIRLPOOL 25
363 #define D_IGE_128_AES 26
364 #define D_IGE_192_AES 27
365 #define D_IGE_256_AES 28
368 /* name of algorithms to test */
369 static const char *names[] = {
370 "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
371 "des cbc", "des ede3", "idea cbc", "seed cbc",
372 "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
373 "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
374 "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
375 "evp", "sha256", "sha512", "whirlpool",
376 "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash",
379 #define ALGOR_NUM OSSL_NELEM(names)
381 /* list of configured algorithm (remaining) */
382 static const OPT_PAIR doit_choices[] = {
383 #ifndef OPENSSL_NO_MD2
386 #ifndef OPENSSL_NO_MDC2
389 #ifndef OPENSSL_NO_MD4
392 #ifndef OPENSSL_NO_MD5
397 {"sha256", D_SHA256},
398 {"sha512", D_SHA512},
399 #ifndef OPENSSL_NO_WHIRLPOOL
400 {"whirlpool", D_WHIRLPOOL},
402 #ifndef OPENSSL_NO_RMD160
403 {"ripemd", D_RMD160},
404 {"rmd160", D_RMD160},
405 {"ripemd160", D_RMD160},
407 #ifndef OPENSSL_NO_RC4
410 #ifndef OPENSSL_NO_DES
411 {"des-cbc", D_CBC_DES},
412 {"des-ede3", D_EDE3_DES},
414 {"aes-128-cbc", D_CBC_128_AES},
415 {"aes-192-cbc", D_CBC_192_AES},
416 {"aes-256-cbc", D_CBC_256_AES},
417 {"aes-128-ige", D_IGE_128_AES},
418 {"aes-192-ige", D_IGE_192_AES},
419 {"aes-256-ige", D_IGE_256_AES},
420 #ifndef OPENSSL_NO_RC2
421 {"rc2-cbc", D_CBC_RC2},
424 #ifndef OPENSSL_NO_RC5
425 {"rc5-cbc", D_CBC_RC5},
428 #ifndef OPENSSL_NO_IDEA
429 {"idea-cbc", D_CBC_IDEA},
430 {"idea", D_CBC_IDEA},
432 #ifndef OPENSSL_NO_SEED
433 {"seed-cbc", D_CBC_SEED},
434 {"seed", D_CBC_SEED},
436 #ifndef OPENSSL_NO_BF
437 {"bf-cbc", D_CBC_BF},
438 {"blowfish", D_CBC_BF},
441 #ifndef OPENSSL_NO_CAST
442 {"cast-cbc", D_CBC_CAST},
443 {"cast", D_CBC_CAST},
444 {"cast5", D_CBC_CAST},
450 static double results[ALGOR_NUM][OSSL_NELEM(lengths_list)];
452 #ifndef OPENSSL_NO_DSA
454 # define R_DSA_1024 1
455 # define R_DSA_2048 2
456 static const OPT_PAIR dsa_choices[] = {
457 {"dsa512", R_DSA_512},
458 {"dsa1024", R_DSA_1024},
459 {"dsa2048", R_DSA_2048}
461 # define DSA_NUM OSSL_NELEM(dsa_choices)
463 static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
464 #endif /* OPENSSL_NO_DSA */
472 #define R_RSA_15360 6
473 #ifndef OPENSSL_NO_RSA
474 static const OPT_PAIR rsa_choices[] = {
475 {"rsa512", R_RSA_512},
476 {"rsa1024", R_RSA_1024},
477 {"rsa2048", R_RSA_2048},
478 {"rsa3072", R_RSA_3072},
479 {"rsa4096", R_RSA_4096},
480 {"rsa7680", R_RSA_7680},
481 {"rsa15360", R_RSA_15360}
483 # define RSA_NUM OSSL_NELEM(rsa_choices)
485 static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
486 #endif /* OPENSSL_NO_RSA */
504 #define R_EC_BRP256R1 16
505 #define R_EC_BRP256T1 17
506 #define R_EC_BRP384R1 18
507 #define R_EC_BRP384T1 19
508 #define R_EC_BRP512R1 20
509 #define R_EC_BRP512T1 21
510 #define R_EC_X25519 22
512 #ifndef OPENSSL_NO_EC
513 static OPT_PAIR ecdsa_choices[] = {
514 {"ecdsap160", R_EC_P160},
515 {"ecdsap192", R_EC_P192},
516 {"ecdsap224", R_EC_P224},
517 {"ecdsap256", R_EC_P256},
518 {"ecdsap384", R_EC_P384},
519 {"ecdsap521", R_EC_P521},
520 {"ecdsak163", R_EC_K163},
521 {"ecdsak233", R_EC_K233},
522 {"ecdsak283", R_EC_K283},
523 {"ecdsak409", R_EC_K409},
524 {"ecdsak571", R_EC_K571},
525 {"ecdsab163", R_EC_B163},
526 {"ecdsab233", R_EC_B233},
527 {"ecdsab283", R_EC_B283},
528 {"ecdsab409", R_EC_B409},
529 {"ecdsab571", R_EC_B571},
530 {"ecdsabrp256r1", R_EC_BRP256R1},
531 {"ecdsabrp256t1", R_EC_BRP256T1},
532 {"ecdsabrp384r1", R_EC_BRP384R1},
533 {"ecdsabrp384t1", R_EC_BRP384T1},
534 {"ecdsabrp512r1", R_EC_BRP512R1},
535 {"ecdsabrp512t1", R_EC_BRP512T1}
537 # define ECDSA_NUM OSSL_NELEM(ecdsa_choices)
539 static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
541 static const OPT_PAIR ecdh_choices[] = {
542 {"ecdhp160", R_EC_P160},
543 {"ecdhp192", R_EC_P192},
544 {"ecdhp224", R_EC_P224},
545 {"ecdhp256", R_EC_P256},
546 {"ecdhp384", R_EC_P384},
547 {"ecdhp521", R_EC_P521},
548 {"ecdhk163", R_EC_K163},
549 {"ecdhk233", R_EC_K233},
550 {"ecdhk283", R_EC_K283},
551 {"ecdhk409", R_EC_K409},
552 {"ecdhk571", R_EC_K571},
553 {"ecdhb163", R_EC_B163},
554 {"ecdhb233", R_EC_B233},
555 {"ecdhb283", R_EC_B283},
556 {"ecdhb409", R_EC_B409},
557 {"ecdhb571", R_EC_B571},
558 {"ecdhbrp256r1", R_EC_BRP256R1},
559 {"ecdhbrp256t1", R_EC_BRP256T1},
560 {"ecdhbrp384r1", R_EC_BRP384R1},
561 {"ecdhbrp384t1", R_EC_BRP384T1},
562 {"ecdhbrp512r1", R_EC_BRP512R1},
563 {"ecdhbrp512t1", R_EC_BRP512T1},
564 {"ecdhx25519", R_EC_X25519},
565 {"ecdhx448", R_EC_X448}
567 # define EC_NUM OSSL_NELEM(ecdh_choices)
569 static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */
570 #endif /* OPENSSL_NO_EC */
573 # define COND(d) (count < (d))
574 # define COUNT(d) (d)
576 # define COND(unused_cond) (run && count<0x7fffffff)
577 # define COUNT(d) (count)
580 typedef struct loopargs_st {
581 ASYNC_JOB *inprogress_job;
582 ASYNC_WAIT_CTX *wait_ctx;
585 unsigned char *buf_malloc;
586 unsigned char *buf2_malloc;
589 #ifndef OPENSSL_NO_RSA
590 RSA *rsa_key[RSA_NUM];
592 #ifndef OPENSSL_NO_DSA
593 DSA *dsa_key[DSA_NUM];
595 #ifndef OPENSSL_NO_EC
596 EC_KEY *ecdsa[ECDSA_NUM];
597 EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
598 unsigned char *secret_a;
599 unsigned char *secret_b;
600 size_t outlen[EC_NUM];
604 GCM128_CONTEXT *gcm_ctx;
606 static int run_benchmark(int async_jobs, int (*loop_function) (void *),
607 loopargs_t * loopargs);
609 static unsigned int testnum;
611 /* Nb of iterations to do per algorithm and key-size */
612 static long c[ALGOR_NUM][OSSL_NELEM(lengths_list)];
614 #ifndef OPENSSL_NO_MD2
615 static int EVP_Digest_MD2_loop(void *args)
617 loopargs_t *tempargs = *(loopargs_t **) args;
618 unsigned char *buf = tempargs->buf;
619 unsigned char md2[MD2_DIGEST_LENGTH];
622 for (count = 0; COND(c[D_MD2][testnum]); count++) {
623 if (!EVP_Digest(buf, (size_t)lengths[testnum], md2, NULL, EVP_md2(),
631 #ifndef OPENSSL_NO_MDC2
632 static int EVP_Digest_MDC2_loop(void *args)
634 loopargs_t *tempargs = *(loopargs_t **) args;
635 unsigned char *buf = tempargs->buf;
636 unsigned char mdc2[MDC2_DIGEST_LENGTH];
639 for (count = 0; COND(c[D_MDC2][testnum]); count++) {
640 if (!EVP_Digest(buf, (size_t)lengths[testnum], mdc2, NULL, EVP_mdc2(),
648 #ifndef OPENSSL_NO_MD4
649 static int EVP_Digest_MD4_loop(void *args)
651 loopargs_t *tempargs = *(loopargs_t **) args;
652 unsigned char *buf = tempargs->buf;
653 unsigned char md4[MD4_DIGEST_LENGTH];
656 for (count = 0; COND(c[D_MD4][testnum]); count++) {
657 if (!EVP_Digest(buf, (size_t)lengths[testnum], md4, NULL, EVP_md4(),
665 #ifndef OPENSSL_NO_MD5
666 static int MD5_loop(void *args)
668 loopargs_t *tempargs = *(loopargs_t **) args;
669 unsigned char *buf = tempargs->buf;
670 unsigned char md5[MD5_DIGEST_LENGTH];
672 for (count = 0; COND(c[D_MD5][testnum]); count++)
673 MD5(buf, lengths[testnum], md5);
677 static int HMAC_loop(void *args)
679 loopargs_t *tempargs = *(loopargs_t **) args;
680 unsigned char *buf = tempargs->buf;
681 HMAC_CTX *hctx = tempargs->hctx;
682 unsigned char hmac[MD5_DIGEST_LENGTH];
685 for (count = 0; COND(c[D_HMAC][testnum]); count++) {
686 HMAC_Init_ex(hctx, NULL, 0, NULL, NULL);
687 HMAC_Update(hctx, buf, lengths[testnum]);
688 HMAC_Final(hctx, hmac, NULL);
694 static int SHA1_loop(void *args)
696 loopargs_t *tempargs = *(loopargs_t **) args;
697 unsigned char *buf = tempargs->buf;
698 unsigned char sha[SHA_DIGEST_LENGTH];
700 for (count = 0; COND(c[D_SHA1][testnum]); count++)
701 SHA1(buf, lengths[testnum], sha);
705 static int SHA256_loop(void *args)
707 loopargs_t *tempargs = *(loopargs_t **) args;
708 unsigned char *buf = tempargs->buf;
709 unsigned char sha256[SHA256_DIGEST_LENGTH];
711 for (count = 0; COND(c[D_SHA256][testnum]); count++)
712 SHA256(buf, lengths[testnum], sha256);
716 static int SHA512_loop(void *args)
718 loopargs_t *tempargs = *(loopargs_t **) args;
719 unsigned char *buf = tempargs->buf;
720 unsigned char sha512[SHA512_DIGEST_LENGTH];
722 for (count = 0; COND(c[D_SHA512][testnum]); count++)
723 SHA512(buf, lengths[testnum], sha512);
727 #ifndef OPENSSL_NO_WHIRLPOOL
728 static int WHIRLPOOL_loop(void *args)
730 loopargs_t *tempargs = *(loopargs_t **) args;
731 unsigned char *buf = tempargs->buf;
732 unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
734 for (count = 0; COND(c[D_WHIRLPOOL][testnum]); count++)
735 WHIRLPOOL(buf, lengths[testnum], whirlpool);
740 #ifndef OPENSSL_NO_RMD160
741 static int EVP_Digest_RMD160_loop(void *args)
743 loopargs_t *tempargs = *(loopargs_t **) args;
744 unsigned char *buf = tempargs->buf;
745 unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
747 for (count = 0; COND(c[D_RMD160][testnum]); count++) {
748 if (!EVP_Digest(buf, (size_t)lengths[testnum], &(rmd160[0]),
749 NULL, EVP_ripemd160(), NULL))
756 #ifndef OPENSSL_NO_RC4
757 static RC4_KEY rc4_ks;
758 static int RC4_loop(void *args)
760 loopargs_t *tempargs = *(loopargs_t **) args;
761 unsigned char *buf = tempargs->buf;
763 for (count = 0; COND(c[D_RC4][testnum]); count++)
764 RC4(&rc4_ks, (size_t)lengths[testnum], buf, buf);
769 #ifndef OPENSSL_NO_DES
770 static unsigned char DES_iv[8];
771 static DES_key_schedule sch;
772 static DES_key_schedule sch2;
773 static DES_key_schedule sch3;
774 static int DES_ncbc_encrypt_loop(void *args)
776 loopargs_t *tempargs = *(loopargs_t **) args;
777 unsigned char *buf = tempargs->buf;
779 for (count = 0; COND(c[D_CBC_DES][testnum]); count++)
780 DES_ncbc_encrypt(buf, buf, lengths[testnum], &sch,
781 &DES_iv, DES_ENCRYPT);
785 static int DES_ede3_cbc_encrypt_loop(void *args)
787 loopargs_t *tempargs = *(loopargs_t **) args;
788 unsigned char *buf = tempargs->buf;
790 for (count = 0; COND(c[D_EDE3_DES][testnum]); count++)
791 DES_ede3_cbc_encrypt(buf, buf, lengths[testnum],
792 &sch, &sch2, &sch3, &DES_iv, DES_ENCRYPT);
797 #define MAX_BLOCK_SIZE 128
799 static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
800 static AES_KEY aes_ks1, aes_ks2, aes_ks3;
801 static int AES_cbc_128_encrypt_loop(void *args)
803 loopargs_t *tempargs = *(loopargs_t **) args;
804 unsigned char *buf = tempargs->buf;
806 for (count = 0; COND(c[D_CBC_128_AES][testnum]); count++)
807 AES_cbc_encrypt(buf, buf,
808 (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT);
812 static int AES_cbc_192_encrypt_loop(void *args)
814 loopargs_t *tempargs = *(loopargs_t **) args;
815 unsigned char *buf = tempargs->buf;
817 for (count = 0; COND(c[D_CBC_192_AES][testnum]); count++)
818 AES_cbc_encrypt(buf, buf,
819 (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT);
823 static int AES_cbc_256_encrypt_loop(void *args)
825 loopargs_t *tempargs = *(loopargs_t **) args;
826 unsigned char *buf = tempargs->buf;
828 for (count = 0; COND(c[D_CBC_256_AES][testnum]); count++)
829 AES_cbc_encrypt(buf, buf,
830 (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT);
834 static int AES_ige_128_encrypt_loop(void *args)
836 loopargs_t *tempargs = *(loopargs_t **) args;
837 unsigned char *buf = tempargs->buf;
838 unsigned char *buf2 = tempargs->buf2;
840 for (count = 0; COND(c[D_IGE_128_AES][testnum]); count++)
841 AES_ige_encrypt(buf, buf2,
842 (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT);
846 static int AES_ige_192_encrypt_loop(void *args)
848 loopargs_t *tempargs = *(loopargs_t **) args;
849 unsigned char *buf = tempargs->buf;
850 unsigned char *buf2 = tempargs->buf2;
852 for (count = 0; COND(c[D_IGE_192_AES][testnum]); count++)
853 AES_ige_encrypt(buf, buf2,
854 (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT);
858 static int AES_ige_256_encrypt_loop(void *args)
860 loopargs_t *tempargs = *(loopargs_t **) args;
861 unsigned char *buf = tempargs->buf;
862 unsigned char *buf2 = tempargs->buf2;
864 for (count = 0; COND(c[D_IGE_256_AES][testnum]); count++)
865 AES_ige_encrypt(buf, buf2,
866 (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT);
870 static int CRYPTO_gcm128_aad_loop(void *args)
872 loopargs_t *tempargs = *(loopargs_t **) args;
873 unsigned char *buf = tempargs->buf;
874 GCM128_CONTEXT *gcm_ctx = tempargs->gcm_ctx;
876 for (count = 0; COND(c[D_GHASH][testnum]); count++)
877 CRYPTO_gcm128_aad(gcm_ctx, buf, lengths[testnum]);
881 static int RAND_bytes_loop(void *args)
883 loopargs_t *tempargs = *(loopargs_t **) args;
884 unsigned char *buf = tempargs->buf;
887 for (count = 0; COND(c[D_RAND][testnum]); count++)
888 RAND_bytes(buf, lengths[testnum]);
892 static long save_count = 0;
893 static int decrypt = 0;
894 static int EVP_Update_loop(void *args)
896 loopargs_t *tempargs = *(loopargs_t **) args;
897 unsigned char *buf = tempargs->buf;
898 EVP_CIPHER_CTX *ctx = tempargs->ctx;
901 int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
904 for (count = 0; COND(nb_iter); count++) {
905 rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
907 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
910 for (count = 0; COND(nb_iter); count++) {
911 rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
913 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
917 EVP_DecryptFinal_ex(ctx, buf, &outl);
919 EVP_EncryptFinal_ex(ctx, buf, &outl);
924 * CCM does not support streaming. For the purpose of performance measurement,
925 * each message is encrypted using the same (key,iv)-pair. Do not use this
926 * code in your application.
928 static int EVP_Update_loop_ccm(void *args)
930 loopargs_t *tempargs = *(loopargs_t **) args;
931 unsigned char *buf = tempargs->buf;
932 EVP_CIPHER_CTX *ctx = tempargs->ctx;
934 unsigned char tag[12];
936 int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
939 for (count = 0; COND(nb_iter); count++) {
940 EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
941 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), tag);
942 EVP_DecryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]);
943 EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
944 EVP_DecryptFinal_ex(ctx, buf, &outl);
947 for (count = 0; COND(nb_iter); count++) {
948 EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv);
949 EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]);
950 EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
951 EVP_EncryptFinal_ex(ctx, buf, &outl);
958 * To make AEAD benchmarking more relevant perform TLS-like operations,
959 * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
960 * payload length is not actually limited by 16KB...
962 static int EVP_Update_loop_aead(void *args)
964 loopargs_t *tempargs = *(loopargs_t **) args;
965 unsigned char *buf = tempargs->buf;
966 EVP_CIPHER_CTX *ctx = tempargs->ctx;
968 unsigned char aad[13] = { 0xcc };
969 unsigned char faketag[16] = { 0xcc };
971 int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
974 for (count = 0; COND(nb_iter); count++) {
975 EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
976 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
977 sizeof(faketag), faketag);
978 EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
979 EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
980 EVP_DecryptFinal_ex(ctx, buf + outl, &outl);
983 for (count = 0; COND(nb_iter); count++) {
984 EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv);
985 EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
986 EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
987 EVP_EncryptFinal_ex(ctx, buf + outl, &outl);
993 static const EVP_MD *evp_md = NULL;
994 static int EVP_Digest_loop(void *args)
996 loopargs_t *tempargs = *(loopargs_t **) args;
997 unsigned char *buf = tempargs->buf;
998 unsigned char md[EVP_MAX_MD_SIZE];
1001 int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
1004 for (count = 0; COND(nb_iter); count++) {
1005 if (!EVP_Digest(buf, lengths[testnum], md, NULL, evp_md, NULL))
1011 #ifndef OPENSSL_NO_RSA
1012 static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
1014 static int RSA_sign_loop(void *args)
1016 loopargs_t *tempargs = *(loopargs_t **) args;
1017 unsigned char *buf = tempargs->buf;
1018 unsigned char *buf2 = tempargs->buf2;
1019 unsigned int *rsa_num = &tempargs->siglen;
1020 RSA **rsa_key = tempargs->rsa_key;
1022 for (count = 0; COND(rsa_c[testnum][0]); count++) {
1023 ret = RSA_sign(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]);
1025 BIO_printf(bio_err, "RSA sign failure\n");
1026 ERR_print_errors(bio_err);
1034 static int RSA_verify_loop(void *args)
1036 loopargs_t *tempargs = *(loopargs_t **) args;
1037 unsigned char *buf = tempargs->buf;
1038 unsigned char *buf2 = tempargs->buf2;
1039 unsigned int rsa_num = tempargs->siglen;
1040 RSA **rsa_key = tempargs->rsa_key;
1042 for (count = 0; COND(rsa_c[testnum][1]); count++) {
1044 RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]);
1046 BIO_printf(bio_err, "RSA verify failure\n");
1047 ERR_print_errors(bio_err);
1056 #ifndef OPENSSL_NO_DSA
1057 static long dsa_c[DSA_NUM][2];
1058 static int DSA_sign_loop(void *args)
1060 loopargs_t *tempargs = *(loopargs_t **) args;
1061 unsigned char *buf = tempargs->buf;
1062 unsigned char *buf2 = tempargs->buf2;
1063 DSA **dsa_key = tempargs->dsa_key;
1064 unsigned int *siglen = &tempargs->siglen;
1066 for (count = 0; COND(dsa_c[testnum][0]); count++) {
1067 ret = DSA_sign(0, buf, 20, buf2, siglen, dsa_key[testnum]);
1069 BIO_printf(bio_err, "DSA sign failure\n");
1070 ERR_print_errors(bio_err);
1078 static int DSA_verify_loop(void *args)
1080 loopargs_t *tempargs = *(loopargs_t **) args;
1081 unsigned char *buf = tempargs->buf;
1082 unsigned char *buf2 = tempargs->buf2;
1083 DSA **dsa_key = tempargs->dsa_key;
1084 unsigned int siglen = tempargs->siglen;
1086 for (count = 0; COND(dsa_c[testnum][1]); count++) {
1087 ret = DSA_verify(0, buf, 20, buf2, siglen, dsa_key[testnum]);
1089 BIO_printf(bio_err, "DSA verify failure\n");
1090 ERR_print_errors(bio_err);
1099 #ifndef OPENSSL_NO_EC
1100 static long ecdsa_c[ECDSA_NUM][2];
1101 static int ECDSA_sign_loop(void *args)
1103 loopargs_t *tempargs = *(loopargs_t **) args;
1104 unsigned char *buf = tempargs->buf;
1105 EC_KEY **ecdsa = tempargs->ecdsa;
1106 unsigned char *ecdsasig = tempargs->buf2;
1107 unsigned int *ecdsasiglen = &tempargs->siglen;
1109 for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
1110 ret = ECDSA_sign(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]);
1112 BIO_printf(bio_err, "ECDSA sign failure\n");
1113 ERR_print_errors(bio_err);
1121 static int ECDSA_verify_loop(void *args)
1123 loopargs_t *tempargs = *(loopargs_t **) args;
1124 unsigned char *buf = tempargs->buf;
1125 EC_KEY **ecdsa = tempargs->ecdsa;
1126 unsigned char *ecdsasig = tempargs->buf2;
1127 unsigned int ecdsasiglen = tempargs->siglen;
1129 for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
1130 ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]);
1132 BIO_printf(bio_err, "ECDSA verify failure\n");
1133 ERR_print_errors(bio_err);
1141 /* ******************************************************************** */
1142 static long ecdh_c[EC_NUM][1];
1144 static int ECDH_EVP_derive_key_loop(void *args)
1146 loopargs_t *tempargs = *(loopargs_t **) args;
1147 EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum];
1148 unsigned char *derived_secret = tempargs->secret_a;
1150 size_t *outlen = &(tempargs->outlen[testnum]);
1152 for (count = 0; COND(ecdh_c[testnum][0]); count++)
1153 EVP_PKEY_derive(ctx, derived_secret, outlen);
1158 #endif /* OPENSSL_NO_EC */
1160 static int run_benchmark(int async_jobs,
1161 int (*loop_function) (void *), loopargs_t * loopargs)
1163 int job_op_count = 0;
1164 int total_op_count = 0;
1165 int num_inprogress = 0;
1166 int error = 0, i = 0, ret = 0;
1167 OSSL_ASYNC_FD job_fd = 0;
1168 size_t num_job_fds = 0;
1172 if (async_jobs == 0) {
1173 return loop_function((void *)&loopargs);
1176 for (i = 0; i < async_jobs && !error; i++) {
1177 loopargs_t *looparg_item = loopargs + i;
1179 /* Copy pointer content (looparg_t item address) into async context */
1180 ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
1181 &job_op_count, loop_function,
1182 (void *)&looparg_item, sizeof(looparg_item));
1188 if (job_op_count == -1) {
1191 total_op_count += job_op_count;
1196 BIO_printf(bio_err, "Failure in the job\n");
1197 ERR_print_errors(bio_err);
1203 while (num_inprogress > 0) {
1204 #if defined(OPENSSL_SYS_WINDOWS)
1206 #elif defined(OPENSSL_SYS_UNIX)
1207 int select_result = 0;
1208 OSSL_ASYNC_FD max_fd = 0;
1211 FD_ZERO(&waitfdset);
1213 for (i = 0; i < async_jobs && num_inprogress > 0; i++) {
1214 if (loopargs[i].inprogress_job == NULL)
1217 if (!ASYNC_WAIT_CTX_get_all_fds
1218 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1219 || num_job_fds > 1) {
1220 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1221 ERR_print_errors(bio_err);
1225 ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1227 FD_SET(job_fd, &waitfdset);
1228 if (job_fd > max_fd)
1232 if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
1234 "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
1235 "Decrease the value of async_jobs\n",
1236 max_fd, FD_SETSIZE);
1237 ERR_print_errors(bio_err);
1242 select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL);
1243 if (select_result == -1 && errno == EINTR)
1246 if (select_result == -1) {
1247 BIO_printf(bio_err, "Failure in the select\n");
1248 ERR_print_errors(bio_err);
1253 if (select_result == 0)
1257 for (i = 0; i < async_jobs; i++) {
1258 if (loopargs[i].inprogress_job == NULL)
1261 if (!ASYNC_WAIT_CTX_get_all_fds
1262 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1263 || num_job_fds > 1) {
1264 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1265 ERR_print_errors(bio_err);
1269 ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1272 #if defined(OPENSSL_SYS_UNIX)
1273 if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
1275 #elif defined(OPENSSL_SYS_WINDOWS)
1276 if (num_job_fds == 1
1277 && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
1282 ret = ASYNC_start_job(&loopargs[i].inprogress_job,
1283 loopargs[i].wait_ctx, &job_op_count,
1284 loop_function, (void *)(loopargs + i),
1285 sizeof(loopargs_t));
1290 if (job_op_count == -1) {
1293 total_op_count += job_op_count;
1296 loopargs[i].inprogress_job = NULL;
1301 loopargs[i].inprogress_job = NULL;
1302 BIO_printf(bio_err, "Failure in the job\n");
1303 ERR_print_errors(bio_err);
1310 return error ? -1 : total_op_count;
1313 int speed_main(int argc, char **argv)
1316 loopargs_t *loopargs = NULL;
1318 const char *engine_id = NULL;
1319 const EVP_CIPHER *evp_cipher = NULL;
1322 int async_init = 0, multiblock = 0, pr_header = 0;
1323 int doit[ALGOR_NUM] = { 0 };
1324 int ret = 1, misalign = 0, lengths_single = 0, aead = 0;
1326 unsigned int size_num = OSSL_NELEM(lengths_list);
1327 unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0;
1333 #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \
1334 || !defined(OPENSSL_NO_EC)
1337 openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
1338 ECDSA_SECONDS, ECDH_SECONDS };
1340 /* What follows are the buffers and key material. */
1341 #ifndef OPENSSL_NO_RC5
1344 #ifndef OPENSSL_NO_RC2
1347 #ifndef OPENSSL_NO_IDEA
1348 IDEA_KEY_SCHEDULE idea_ks;
1350 #ifndef OPENSSL_NO_SEED
1351 SEED_KEY_SCHEDULE seed_ks;
1353 #ifndef OPENSSL_NO_BF
1356 #ifndef OPENSSL_NO_CAST
1359 static const unsigned char key16[16] = {
1360 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1361 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
1363 static const unsigned char key24[24] = {
1364 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1365 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1366 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
1368 static const unsigned char key32[32] = {
1369 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1370 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1371 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
1372 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
1374 #ifndef OPENSSL_NO_CAMELLIA
1375 static const unsigned char ckey24[24] = {
1376 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1377 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1378 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
1380 static const unsigned char ckey32[32] = {
1381 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1382 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1383 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
1384 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
1386 CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
1388 #ifndef OPENSSL_NO_DES
1389 static DES_cblock key = {
1390 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0
1392 static DES_cblock key2 = {
1393 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
1395 static DES_cblock key3 = {
1396 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
1399 #ifndef OPENSSL_NO_RSA
1400 static const unsigned int rsa_bits[RSA_NUM] = {
1401 512, 1024, 2048, 3072, 4096, 7680, 15360
1403 static const unsigned char *rsa_data[RSA_NUM] = {
1404 test512, test1024, test2048, test3072, test4096, test7680, test15360
1406 static const int rsa_data_length[RSA_NUM] = {
1407 sizeof(test512), sizeof(test1024),
1408 sizeof(test2048), sizeof(test3072),
1409 sizeof(test4096), sizeof(test7680),
1412 int rsa_doit[RSA_NUM] = { 0 };
1413 int primes = RSA_DEFAULT_PRIME_NUM;
1415 #ifndef OPENSSL_NO_DSA
1416 static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
1417 int dsa_doit[DSA_NUM] = { 0 };
1419 #ifndef OPENSSL_NO_EC
1421 * We only test over the following curves as they are representative, To
1422 * add tests over more curves, simply add the curve NID and curve name to
1423 * the following arrays and increase the |ecdh_choices| list accordingly.
1425 static const struct {
1431 {"secp160r1", NID_secp160r1, 160},
1432 {"nistp192", NID_X9_62_prime192v1, 192},
1433 {"nistp224", NID_secp224r1, 224},
1434 {"nistp256", NID_X9_62_prime256v1, 256},
1435 {"nistp384", NID_secp384r1, 384},
1436 {"nistp521", NID_secp521r1, 521},
1438 {"nistk163", NID_sect163k1, 163},
1439 {"nistk233", NID_sect233k1, 233},
1440 {"nistk283", NID_sect283k1, 283},
1441 {"nistk409", NID_sect409k1, 409},
1442 {"nistk571", NID_sect571k1, 571},
1443 {"nistb163", NID_sect163r2, 163},
1444 {"nistb233", NID_sect233r1, 233},
1445 {"nistb283", NID_sect283r1, 283},
1446 {"nistb409", NID_sect409r1, 409},
1447 {"nistb571", NID_sect571r1, 571},
1448 {"brainpoolP256r1", NID_brainpoolP256r1, 256},
1449 {"brainpoolP256t1", NID_brainpoolP256t1, 256},
1450 {"brainpoolP384r1", NID_brainpoolP384r1, 384},
1451 {"brainpoolP384t1", NID_brainpoolP384t1, 384},
1452 {"brainpoolP512r1", NID_brainpoolP512r1, 512},
1453 {"brainpoolP512t1", NID_brainpoolP512t1, 512},
1454 /* Other and ECDH only ones */
1455 {"X25519", NID_X25519, 253},
1456 {"X448", NID_X448, 448}
1458 int ecdsa_doit[ECDSA_NUM] = { 0 };
1459 int ecdh_doit[EC_NUM] = { 0 };
1460 OPENSSL_assert(OSSL_NELEM(test_curves) >= EC_NUM);
1461 #endif /* ndef OPENSSL_NO_EC */
1463 prog = opt_init(argc, argv, speed_options);
1464 while ((o = opt_next()) != OPT_EOF) {
1469 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
1472 opt_help(speed_options);
1480 evp_cipher = EVP_get_cipherbyname(opt_arg());
1481 if (evp_cipher == NULL)
1482 evp_md = EVP_get_digestbyname(opt_arg());
1483 if (evp_cipher == NULL && evp_md == NULL) {
1485 "%s: %s is an unknown cipher or digest\n",
1496 * In a forked execution, an engine might need to be
1497 * initialised by each child process, not by the parent.
1498 * So store the name here and run setup_engine() later on.
1500 engine_id = opt_arg();
1504 multi = atoi(opt_arg());
1508 #ifndef OPENSSL_NO_ASYNC
1509 async_jobs = atoi(opt_arg());
1510 if (!ASYNC_is_capable()) {
1512 "%s: async_jobs specified but async not supported\n",
1516 if (async_jobs > 99999) {
1517 BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
1523 if (!opt_int(opt_arg(), &misalign))
1525 if (misalign > MISALIGN) {
1527 "%s: Maximum offset is %d\n", prog, MISALIGN);
1536 #ifdef OPENSSL_NO_MULTIBLOCK
1538 "%s: -mb specified but multi-block support is disabled\n",
1548 if (!opt_int(opt_arg(), &primes))
1552 seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
1553 = seconds.ecdh = atoi(opt_arg());
1556 lengths_single = atoi(opt_arg());
1557 lengths = &lengths_single;
1565 argc = opt_num_rest();
1568 /* Remaining arguments are algorithms. */
1569 for (; *argv; argv++) {
1570 if (found(*argv, doit_choices, &i)) {
1574 #ifndef OPENSSL_NO_DES
1575 if (strcmp(*argv, "des") == 0) {
1576 doit[D_CBC_DES] = doit[D_EDE3_DES] = 1;
1580 if (strcmp(*argv, "sha") == 0) {
1581 doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
1584 #ifndef OPENSSL_NO_RSA
1585 if (strcmp(*argv, "openssl") == 0)
1587 if (strcmp(*argv, "rsa") == 0) {
1588 for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++)
1592 if (found(*argv, rsa_choices, &i)) {
1597 #ifndef OPENSSL_NO_DSA
1598 if (strcmp(*argv, "dsa") == 0) {
1599 dsa_doit[R_DSA_512] = dsa_doit[R_DSA_1024] =
1600 dsa_doit[R_DSA_2048] = 1;
1603 if (found(*argv, dsa_choices, &i)) {
1608 if (strcmp(*argv, "aes") == 0) {
1609 doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1;
1612 #ifndef OPENSSL_NO_CAMELLIA
1613 if (strcmp(*argv, "camellia") == 0) {
1614 doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
1618 #ifndef OPENSSL_NO_EC
1619 if (strcmp(*argv, "ecdsa") == 0) {
1620 for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
1621 ecdsa_doit[loop] = 1;
1624 if (found(*argv, ecdsa_choices, &i)) {
1628 if (strcmp(*argv, "ecdh") == 0) {
1629 for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
1630 ecdh_doit[loop] = 1;
1633 if (found(*argv, ecdh_choices, &i)) {
1638 BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, *argv);
1644 if (evp_cipher == NULL) {
1645 BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
1647 } else if (!(EVP_CIPHER_flags(evp_cipher) &
1648 EVP_CIPH_FLAG_AEAD_CIPHER)) {
1649 BIO_printf(bio_err, "%s is not an AEAD cipher\n",
1650 OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
1655 if (evp_cipher == NULL) {
1656 BIO_printf(bio_err,"-mb can be used only with a multi-block"
1657 " capable cipher\n");
1659 } else if (!(EVP_CIPHER_flags(evp_cipher) &
1660 EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
1661 BIO_printf(bio_err, "%s is not a multi-block capable\n",
1662 OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
1664 } else if (async_jobs > 0) {
1665 BIO_printf(bio_err, "Async mode is not supported with -mb");
1670 /* Initialize the job pool if async mode is enabled */
1671 if (async_jobs > 0) {
1672 async_init = ASYNC_init_thread(async_jobs, async_jobs);
1674 BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
1679 loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
1681 app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
1682 memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
1684 for (i = 0; i < loopargs_len; i++) {
1685 if (async_jobs > 0) {
1686 loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new();
1687 if (loopargs[i].wait_ctx == NULL) {
1688 BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n");
1693 buflen = lengths[size_num - 1];
1694 if (buflen < 36) /* size of random vector in RSA bencmark */
1696 buflen += MAX_MISALIGNMENT + 1;
1697 loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
1698 loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
1699 memset(loopargs[i].buf_malloc, 0, buflen);
1700 memset(loopargs[i].buf2_malloc, 0, buflen);
1702 /* Align the start of buffers on a 64 byte boundary */
1703 loopargs[i].buf = loopargs[i].buf_malloc + misalign;
1704 loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
1705 #ifndef OPENSSL_NO_EC
1706 loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
1707 loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
1712 if (multi && do_multi(multi, size_num))
1716 /* Initialize the engine after the fork */
1717 e = setup_engine(engine_id, 0);
1719 /* No parameters; turn on everything. */
1720 if ((argc == 0) && !doit[D_EVP]) {
1721 for (i = 0; i < ALGOR_NUM; i++)
1724 #ifndef OPENSSL_NO_RSA
1725 for (i = 0; i < RSA_NUM; i++)
1728 #ifndef OPENSSL_NO_DSA
1729 for (i = 0; i < DSA_NUM; i++)
1732 #ifndef OPENSSL_NO_EC
1733 for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
1734 ecdsa_doit[loop] = 1;
1735 for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
1736 ecdh_doit[loop] = 1;
1739 for (i = 0; i < ALGOR_NUM; i++)
1743 if (usertime == 0 && !mr)
1745 "You have chosen to measure elapsed time "
1746 "instead of user CPU time.\n");
1748 #ifndef OPENSSL_NO_RSA
1749 for (i = 0; i < loopargs_len; i++) {
1750 if (primes > RSA_DEFAULT_PRIME_NUM) {
1751 /* for multi-prime RSA, skip this */
1754 for (k = 0; k < RSA_NUM; k++) {
1755 const unsigned char *p;
1758 loopargs[i].rsa_key[k] =
1759 d2i_RSAPrivateKey(NULL, &p, rsa_data_length[k]);
1760 if (loopargs[i].rsa_key[k] == NULL) {
1762 "internal error loading RSA key number %d\n", k);
1768 #ifndef OPENSSL_NO_DSA
1769 for (i = 0; i < loopargs_len; i++) {
1770 loopargs[i].dsa_key[0] = get_dsa(512);
1771 loopargs[i].dsa_key[1] = get_dsa(1024);
1772 loopargs[i].dsa_key[2] = get_dsa(2048);
1775 #ifndef OPENSSL_NO_DES
1776 DES_set_key_unchecked(&key, &sch);
1777 DES_set_key_unchecked(&key2, &sch2);
1778 DES_set_key_unchecked(&key3, &sch3);
1780 AES_set_encrypt_key(key16, 128, &aes_ks1);
1781 AES_set_encrypt_key(key24, 192, &aes_ks2);
1782 AES_set_encrypt_key(key32, 256, &aes_ks3);
1783 #ifndef OPENSSL_NO_CAMELLIA
1784 Camellia_set_key(key16, 128, &camellia_ks1);
1785 Camellia_set_key(ckey24, 192, &camellia_ks2);
1786 Camellia_set_key(ckey32, 256, &camellia_ks3);
1788 #ifndef OPENSSL_NO_IDEA
1789 IDEA_set_encrypt_key(key16, &idea_ks);
1791 #ifndef OPENSSL_NO_SEED
1792 SEED_set_key(key16, &seed_ks);
1794 #ifndef OPENSSL_NO_RC4
1795 RC4_set_key(&rc4_ks, 16, key16);
1797 #ifndef OPENSSL_NO_RC2
1798 RC2_set_key(&rc2_ks, 16, key16, 128);
1800 #ifndef OPENSSL_NO_RC5
1801 RC5_32_set_key(&rc5_ks, 16, key16, 12);
1803 #ifndef OPENSSL_NO_BF
1804 BF_set_key(&bf_ks, 16, key16);
1806 #ifndef OPENSSL_NO_CAST
1807 CAST_set_key(&cast_ks, 16, key16);
1810 # ifndef OPENSSL_NO_DES
1811 BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
1817 for (it = count; it; it--)
1818 DES_ecb_encrypt((DES_cblock *)loopargs[0].buf,
1819 (DES_cblock *)loopargs[0].buf, &sch, DES_ENCRYPT);
1823 c[D_MD2][0] = count / 10;
1824 c[D_MDC2][0] = count / 10;
1825 c[D_MD4][0] = count;
1826 c[D_MD5][0] = count;
1827 c[D_HMAC][0] = count;
1828 c[D_SHA1][0] = count;
1829 c[D_RMD160][0] = count;
1830 c[D_RC4][0] = count * 5;
1831 c[D_CBC_DES][0] = count;
1832 c[D_EDE3_DES][0] = count / 3;
1833 c[D_CBC_IDEA][0] = count;
1834 c[D_CBC_SEED][0] = count;
1835 c[D_CBC_RC2][0] = count;
1836 c[D_CBC_RC5][0] = count;
1837 c[D_CBC_BF][0] = count;
1838 c[D_CBC_CAST][0] = count;
1839 c[D_CBC_128_AES][0] = count;
1840 c[D_CBC_192_AES][0] = count;
1841 c[D_CBC_256_AES][0] = count;
1842 c[D_CBC_128_CML][0] = count;
1843 c[D_CBC_192_CML][0] = count;
1844 c[D_CBC_256_CML][0] = count;
1845 c[D_SHA256][0] = count;
1846 c[D_SHA512][0] = count;
1847 c[D_WHIRLPOOL][0] = count;
1848 c[D_IGE_128_AES][0] = count;
1849 c[D_IGE_192_AES][0] = count;
1850 c[D_IGE_256_AES][0] = count;
1851 c[D_GHASH][0] = count;
1852 c[D_RAND][0] = count;
1854 for (i = 1; i < size_num; i++) {
1857 l0 = (long)lengths[0];
1858 l1 = (long)lengths[i];
1860 c[D_MD2][i] = c[D_MD2][0] * 4 * l0 / l1;
1861 c[D_MDC2][i] = c[D_MDC2][0] * 4 * l0 / l1;
1862 c[D_MD4][i] = c[D_MD4][0] * 4 * l0 / l1;
1863 c[D_MD5][i] = c[D_MD5][0] * 4 * l0 / l1;
1864 c[D_HMAC][i] = c[D_HMAC][0] * 4 * l0 / l1;
1865 c[D_SHA1][i] = c[D_SHA1][0] * 4 * l0 / l1;
1866 c[D_RMD160][i] = c[D_RMD160][0] * 4 * l0 / l1;
1867 c[D_SHA256][i] = c[D_SHA256][0] * 4 * l0 / l1;
1868 c[D_SHA512][i] = c[D_SHA512][0] * 4 * l0 / l1;
1869 c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * l0 / l1;
1870 c[D_GHASH][i] = c[D_GHASH][0] * 4 * l0 / l1;
1871 c[D_RAND][i] = c[D_RAND][0] * 4 * l0 / l1;
1873 l0 = (long)lengths[i - 1];
1875 c[D_RC4][i] = c[D_RC4][i - 1] * l0 / l1;
1876 c[D_CBC_DES][i] = c[D_CBC_DES][i - 1] * l0 / l1;
1877 c[D_EDE3_DES][i] = c[D_EDE3_DES][i - 1] * l0 / l1;
1878 c[D_CBC_IDEA][i] = c[D_CBC_IDEA][i - 1] * l0 / l1;
1879 c[D_CBC_SEED][i] = c[D_CBC_SEED][i - 1] * l0 / l1;
1880 c[D_CBC_RC2][i] = c[D_CBC_RC2][i - 1] * l0 / l1;
1881 c[D_CBC_RC5][i] = c[D_CBC_RC5][i - 1] * l0 / l1;
1882 c[D_CBC_BF][i] = c[D_CBC_BF][i - 1] * l0 / l1;
1883 c[D_CBC_CAST][i] = c[D_CBC_CAST][i - 1] * l0 / l1;
1884 c[D_CBC_128_AES][i] = c[D_CBC_128_AES][i - 1] * l0 / l1;
1885 c[D_CBC_192_AES][i] = c[D_CBC_192_AES][i - 1] * l0 / l1;
1886 c[D_CBC_256_AES][i] = c[D_CBC_256_AES][i - 1] * l0 / l1;
1887 c[D_CBC_128_CML][i] = c[D_CBC_128_CML][i - 1] * l0 / l1;
1888 c[D_CBC_192_CML][i] = c[D_CBC_192_CML][i - 1] * l0 / l1;
1889 c[D_CBC_256_CML][i] = c[D_CBC_256_CML][i - 1] * l0 / l1;
1890 c[D_IGE_128_AES][i] = c[D_IGE_128_AES][i - 1] * l0 / l1;
1891 c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1;
1892 c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
1895 # ifndef OPENSSL_NO_RSA
1896 rsa_c[R_RSA_512][0] = count / 2000;
1897 rsa_c[R_RSA_512][1] = count / 400;
1898 for (i = 1; i < RSA_NUM; i++) {
1899 rsa_c[i][0] = rsa_c[i - 1][0] / 8;
1900 rsa_c[i][1] = rsa_c[i - 1][1] / 4;
1901 if (rsa_doit[i] <= 1 && rsa_c[i][0] == 0)
1904 if (rsa_c[i][0] == 0) {
1905 rsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
1912 # ifndef OPENSSL_NO_DSA
1913 dsa_c[R_DSA_512][0] = count / 1000;
1914 dsa_c[R_DSA_512][1] = count / 1000 / 2;
1915 for (i = 1; i < DSA_NUM; i++) {
1916 dsa_c[i][0] = dsa_c[i - 1][0] / 4;
1917 dsa_c[i][1] = dsa_c[i - 1][1] / 4;
1918 if (dsa_doit[i] <= 1 && dsa_c[i][0] == 0)
1921 if (dsa_c[i][0] == 0) {
1922 dsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
1929 # ifndef OPENSSL_NO_EC
1930 ecdsa_c[R_EC_P160][0] = count / 1000;
1931 ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
1932 for (i = R_EC_P192; i <= R_EC_P521; i++) {
1933 ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
1934 ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
1935 if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
1938 if (ecdsa_c[i][0] == 0) {
1944 ecdsa_c[R_EC_K163][0] = count / 1000;
1945 ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
1946 for (i = R_EC_K233; i <= R_EC_K571; i++) {
1947 ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
1948 ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
1949 if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
1952 if (ecdsa_c[i][0] == 0) {
1958 ecdsa_c[R_EC_B163][0] = count / 1000;
1959 ecdsa_c[R_EC_B163][1] = count / 1000 / 2;
1960 for (i = R_EC_B233; i <= R_EC_B571; i++) {
1961 ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
1962 ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
1963 if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
1966 if (ecdsa_c[i][0] == 0) {
1973 ecdh_c[R_EC_P160][0] = count / 1000;
1974 for (i = R_EC_P192; i <= R_EC_P521; i++) {
1975 ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
1976 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
1979 if (ecdh_c[i][0] == 0) {
1984 ecdh_c[R_EC_K163][0] = count / 1000;
1985 for (i = R_EC_K233; i <= R_EC_K571; i++) {
1986 ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
1987 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
1990 if (ecdh_c[i][0] == 0) {
1995 ecdh_c[R_EC_B163][0] = count / 1000;
1996 for (i = R_EC_B233; i <= R_EC_B571; i++) {
1997 ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
1998 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
2001 if (ecdh_c[i][0] == 0) {
2006 /* repeated code good to factorize */
2007 ecdh_c[R_EC_BRP256R1][0] = count / 1000;
2008 for (i = R_EC_BRP384R1; i <= R_EC_BRP512R1; i += 2) {
2009 ecdh_c[i][0] = ecdh_c[i - 2][0] / 2;
2010 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
2013 if (ecdh_c[i][0] == 0) {
2018 ecdh_c[R_EC_BRP256T1][0] = count / 1000;
2019 for (i = R_EC_BRP384T1; i <= R_EC_BRP512T1; i += 2) {
2020 ecdh_c[i][0] = ecdh_c[i - 2][0] / 2;
2021 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
2024 if (ecdh_c[i][0] == 0) {
2029 /* default iteration count for the last two EC Curves */
2030 ecdh_c[R_EC_X25519][0] = count / 1800;
2031 ecdh_c[R_EC_X448][0] = count / 7200;
2035 /* not worth fixing */
2036 # error "You cannot disable DES on systems without SIGALRM."
2037 # endif /* OPENSSL_NO_DES */
2039 signal(SIGALRM, alarmed);
2040 #endif /* SIGALRM */
2042 #ifndef OPENSSL_NO_MD2
2044 for (testnum = 0; testnum < size_num; testnum++) {
2045 print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum],
2048 count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
2050 print_result(D_MD2, testnum, count, d);
2054 #ifndef OPENSSL_NO_MDC2
2056 for (testnum = 0; testnum < size_num; testnum++) {
2057 print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum],
2060 count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
2062 print_result(D_MDC2, testnum, count, d);
2067 #ifndef OPENSSL_NO_MD4
2069 for (testnum = 0; testnum < size_num; testnum++) {
2070 print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum],
2073 count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
2075 print_result(D_MD4, testnum, count, d);
2080 #ifndef OPENSSL_NO_MD5
2082 for (testnum = 0; testnum < size_num; testnum++) {
2083 print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum],
2086 count = run_benchmark(async_jobs, MD5_loop, loopargs);
2088 print_result(D_MD5, testnum, count, d);
2093 static const char hmac_key[] = "This is a key...";
2094 int len = strlen(hmac_key);
2096 for (i = 0; i < loopargs_len; i++) {
2097 loopargs[i].hctx = HMAC_CTX_new();
2098 if (loopargs[i].hctx == NULL) {
2099 BIO_printf(bio_err, "HMAC malloc failure, exiting...");
2103 HMAC_Init_ex(loopargs[i].hctx, hmac_key, len, EVP_md5(), NULL);
2105 for (testnum = 0; testnum < size_num; testnum++) {
2106 print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
2109 count = run_benchmark(async_jobs, HMAC_loop, loopargs);
2111 print_result(D_HMAC, testnum, count, d);
2113 for (i = 0; i < loopargs_len; i++) {
2114 HMAC_CTX_free(loopargs[i].hctx);
2119 for (testnum = 0; testnum < size_num; testnum++) {
2120 print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum],
2123 count = run_benchmark(async_jobs, SHA1_loop, loopargs);
2125 print_result(D_SHA1, testnum, count, d);
2128 if (doit[D_SHA256]) {
2129 for (testnum = 0; testnum < size_num; testnum++) {
2130 print_message(names[D_SHA256], c[D_SHA256][testnum],
2131 lengths[testnum], seconds.sym);
2133 count = run_benchmark(async_jobs, SHA256_loop, loopargs);
2135 print_result(D_SHA256, testnum, count, d);
2138 if (doit[D_SHA512]) {
2139 for (testnum = 0; testnum < size_num; testnum++) {
2140 print_message(names[D_SHA512], c[D_SHA512][testnum],
2141 lengths[testnum], seconds.sym);
2143 count = run_benchmark(async_jobs, SHA512_loop, loopargs);
2145 print_result(D_SHA512, testnum, count, d);
2148 #ifndef OPENSSL_NO_WHIRLPOOL
2149 if (doit[D_WHIRLPOOL]) {
2150 for (testnum = 0; testnum < size_num; testnum++) {
2151 print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum],
2152 lengths[testnum], seconds.sym);
2154 count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
2156 print_result(D_WHIRLPOOL, testnum, count, d);
2161 #ifndef OPENSSL_NO_RMD160
2162 if (doit[D_RMD160]) {
2163 for (testnum = 0; testnum < size_num; testnum++) {
2164 print_message(names[D_RMD160], c[D_RMD160][testnum],
2165 lengths[testnum], seconds.sym);
2167 count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
2169 print_result(D_RMD160, testnum, count, d);
2173 #ifndef OPENSSL_NO_RC4
2175 for (testnum = 0; testnum < size_num; testnum++) {
2176 print_message(names[D_RC4], c[D_RC4][testnum], lengths[testnum],
2179 count = run_benchmark(async_jobs, RC4_loop, loopargs);
2181 print_result(D_RC4, testnum, count, d);
2185 #ifndef OPENSSL_NO_DES
2186 if (doit[D_CBC_DES]) {
2187 for (testnum = 0; testnum < size_num; testnum++) {
2188 print_message(names[D_CBC_DES], c[D_CBC_DES][testnum],
2189 lengths[testnum], seconds.sym);
2191 count = run_benchmark(async_jobs, DES_ncbc_encrypt_loop, loopargs);
2193 print_result(D_CBC_DES, testnum, count, d);
2197 if (doit[D_EDE3_DES]) {
2198 for (testnum = 0; testnum < size_num; testnum++) {
2199 print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum],
2200 lengths[testnum], seconds.sym);
2203 run_benchmark(async_jobs, DES_ede3_cbc_encrypt_loop, loopargs);
2205 print_result(D_EDE3_DES, testnum, count, d);
2210 if (doit[D_CBC_128_AES]) {
2211 for (testnum = 0; testnum < size_num; testnum++) {
2212 print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][testnum],
2213 lengths[testnum], seconds.sym);
2216 run_benchmark(async_jobs, AES_cbc_128_encrypt_loop, loopargs);
2218 print_result(D_CBC_128_AES, testnum, count, d);
2221 if (doit[D_CBC_192_AES]) {
2222 for (testnum = 0; testnum < size_num; testnum++) {
2223 print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][testnum],
2224 lengths[testnum], seconds.sym);
2227 run_benchmark(async_jobs, AES_cbc_192_encrypt_loop, loopargs);
2229 print_result(D_CBC_192_AES, testnum, count, d);
2232 if (doit[D_CBC_256_AES]) {
2233 for (testnum = 0; testnum < size_num; testnum++) {
2234 print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][testnum],
2235 lengths[testnum], seconds.sym);
2238 run_benchmark(async_jobs, AES_cbc_256_encrypt_loop, loopargs);
2240 print_result(D_CBC_256_AES, testnum, count, d);
2244 if (doit[D_IGE_128_AES]) {
2245 for (testnum = 0; testnum < size_num; testnum++) {
2246 print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][testnum],
2247 lengths[testnum], seconds.sym);
2250 run_benchmark(async_jobs, AES_ige_128_encrypt_loop, loopargs);
2252 print_result(D_IGE_128_AES, testnum, count, d);
2255 if (doit[D_IGE_192_AES]) {
2256 for (testnum = 0; testnum < size_num; testnum++) {
2257 print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][testnum],
2258 lengths[testnum], seconds.sym);
2261 run_benchmark(async_jobs, AES_ige_192_encrypt_loop, loopargs);
2263 print_result(D_IGE_192_AES, testnum, count, d);
2266 if (doit[D_IGE_256_AES]) {
2267 for (testnum = 0; testnum < size_num; testnum++) {
2268 print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][testnum],
2269 lengths[testnum], seconds.sym);
2272 run_benchmark(async_jobs, AES_ige_256_encrypt_loop, loopargs);
2274 print_result(D_IGE_256_AES, testnum, count, d);
2277 if (doit[D_GHASH]) {
2278 for (i = 0; i < loopargs_len; i++) {
2279 loopargs[i].gcm_ctx =
2280 CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt);
2281 CRYPTO_gcm128_setiv(loopargs[i].gcm_ctx,
2282 (unsigned char *)"0123456789ab", 12);
2285 for (testnum = 0; testnum < size_num; testnum++) {
2286 print_message(names[D_GHASH], c[D_GHASH][testnum],
2287 lengths[testnum], seconds.sym);
2289 count = run_benchmark(async_jobs, CRYPTO_gcm128_aad_loop, loopargs);
2291 print_result(D_GHASH, testnum, count, d);
2293 for (i = 0; i < loopargs_len; i++)
2294 CRYPTO_gcm128_release(loopargs[i].gcm_ctx);
2296 #ifndef OPENSSL_NO_CAMELLIA
2297 if (doit[D_CBC_128_CML]) {
2298 if (async_jobs > 0) {
2299 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2300 names[D_CBC_128_CML]);
2301 doit[D_CBC_128_CML] = 0;
2303 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2304 print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum],
2305 lengths[testnum], seconds.sym);
2307 for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++)
2308 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2309 (size_t)lengths[testnum], &camellia_ks1,
2310 iv, CAMELLIA_ENCRYPT);
2312 print_result(D_CBC_128_CML, testnum, count, d);
2315 if (doit[D_CBC_192_CML]) {
2316 if (async_jobs > 0) {
2317 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2318 names[D_CBC_192_CML]);
2319 doit[D_CBC_192_CML] = 0;
2321 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2322 print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][testnum],
2323 lengths[testnum], seconds.sym);
2324 if (async_jobs > 0) {
2325 BIO_printf(bio_err, "Async mode is not supported, exiting...");
2329 for (count = 0, run = 1; COND(c[D_CBC_192_CML][testnum]); count++)
2330 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2331 (size_t)lengths[testnum], &camellia_ks2,
2332 iv, CAMELLIA_ENCRYPT);
2334 print_result(D_CBC_192_CML, testnum, count, d);
2337 if (doit[D_CBC_256_CML]) {
2338 if (async_jobs > 0) {
2339 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2340 names[D_CBC_256_CML]);
2341 doit[D_CBC_256_CML] = 0;
2343 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2344 print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum],
2345 lengths[testnum], seconds.sym);
2347 for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++)
2348 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2349 (size_t)lengths[testnum], &camellia_ks3,
2350 iv, CAMELLIA_ENCRYPT);
2352 print_result(D_CBC_256_CML, testnum, count, d);
2356 #ifndef OPENSSL_NO_IDEA
2357 if (doit[D_CBC_IDEA]) {
2358 if (async_jobs > 0) {
2359 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2361 doit[D_CBC_IDEA] = 0;
2363 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2364 print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum],
2365 lengths[testnum], seconds.sym);
2367 for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++)
2368 IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2369 (size_t)lengths[testnum], &idea_ks,
2372 print_result(D_CBC_IDEA, testnum, count, d);
2376 #ifndef OPENSSL_NO_SEED
2377 if (doit[D_CBC_SEED]) {
2378 if (async_jobs > 0) {
2379 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2381 doit[D_CBC_SEED] = 0;
2383 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2384 print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum],
2385 lengths[testnum], seconds.sym);
2387 for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++)
2388 SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2389 (size_t)lengths[testnum], &seed_ks, iv, 1);
2391 print_result(D_CBC_SEED, testnum, count, d);
2395 #ifndef OPENSSL_NO_RC2
2396 if (doit[D_CBC_RC2]) {
2397 if (async_jobs > 0) {
2398 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2400 doit[D_CBC_RC2] = 0;
2402 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2403 print_message(names[D_CBC_RC2], c[D_CBC_RC2][testnum],
2404 lengths[testnum], seconds.sym);
2405 if (async_jobs > 0) {
2406 BIO_printf(bio_err, "Async mode is not supported, exiting...");
2410 for (count = 0, run = 1; COND(c[D_CBC_RC2][testnum]); count++)
2411 RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2412 (size_t)lengths[testnum], &rc2_ks,
2415 print_result(D_CBC_RC2, testnum, count, d);
2419 #ifndef OPENSSL_NO_RC5
2420 if (doit[D_CBC_RC5]) {
2421 if (async_jobs > 0) {
2422 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2424 doit[D_CBC_RC5] = 0;
2426 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2427 print_message(names[D_CBC_RC5], c[D_CBC_RC5][testnum],
2428 lengths[testnum], seconds.sym);
2429 if (async_jobs > 0) {
2430 BIO_printf(bio_err, "Async mode is not supported, exiting...");
2434 for (count = 0, run = 1; COND(c[D_CBC_RC5][testnum]); count++)
2435 RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2436 (size_t)lengths[testnum], &rc5_ks,
2439 print_result(D_CBC_RC5, testnum, count, d);
2443 #ifndef OPENSSL_NO_BF
2444 if (doit[D_CBC_BF]) {
2445 if (async_jobs > 0) {
2446 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2450 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2451 print_message(names[D_CBC_BF], c[D_CBC_BF][testnum],
2452 lengths[testnum], seconds.sym);
2454 for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++)
2455 BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2456 (size_t)lengths[testnum], &bf_ks,
2459 print_result(D_CBC_BF, testnum, count, d);
2463 #ifndef OPENSSL_NO_CAST
2464 if (doit[D_CBC_CAST]) {
2465 if (async_jobs > 0) {
2466 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2468 doit[D_CBC_CAST] = 0;
2470 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2471 print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum],
2472 lengths[testnum], seconds.sym);
2474 for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++)
2475 CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2476 (size_t)lengths[testnum], &cast_ks,
2479 print_result(D_CBC_CAST, testnum, count, d);
2484 for (testnum = 0; testnum < size_num; testnum++) {
2485 print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum],
2488 count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs);
2490 print_result(D_RAND, testnum, count, d);
2495 if (evp_cipher != NULL) {
2496 int (*loopfunc)(void *args) = EVP_Update_loop;
2498 if (multiblock && (EVP_CIPHER_flags(evp_cipher) &
2499 EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
2500 multiblock_speed(evp_cipher, lengths_single, &seconds);
2505 names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
2507 if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
2508 loopfunc = EVP_Update_loop_ccm;
2509 } else if (aead && (EVP_CIPHER_flags(evp_cipher) &
2510 EVP_CIPH_FLAG_AEAD_CIPHER)) {
2511 loopfunc = EVP_Update_loop_aead;
2512 if (lengths == lengths_list) {
2513 lengths = aead_lengths_list;
2514 size_num = OSSL_NELEM(aead_lengths_list);
2518 for (testnum = 0; testnum < size_num; testnum++) {
2519 print_message(names[D_EVP], save_count, lengths[testnum],
2522 for (k = 0; k < loopargs_len; k++) {
2523 loopargs[k].ctx = EVP_CIPHER_CTX_new();
2524 EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, NULL,
2525 iv, decrypt ? 0 : 1);
2527 EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
2529 keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx);
2530 loopargs[k].key = app_malloc(keylen, "evp_cipher key");
2531 EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
2532 EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
2533 loopargs[k].key, NULL, -1);
2534 OPENSSL_clear_free(loopargs[k].key, keylen);
2538 count = run_benchmark(async_jobs, loopfunc, loopargs);
2540 for (k = 0; k < loopargs_len; k++) {
2541 EVP_CIPHER_CTX_free(loopargs[k].ctx);
2543 print_result(D_EVP, testnum, count, d);
2545 } else if (evp_md != NULL) {
2546 names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md));
2548 for (testnum = 0; testnum < size_num; testnum++) {
2549 print_message(names[D_EVP], save_count, lengths[testnum],
2552 count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs);
2554 print_result(D_EVP, testnum, count, d);
2559 for (i = 0; i < loopargs_len; i++)
2560 RAND_bytes(loopargs[i].buf, 36);
2562 #ifndef OPENSSL_NO_RSA
2563 for (testnum = 0; testnum < RSA_NUM; testnum++) {
2565 if (!rsa_doit[testnum])
2567 for (i = 0; i < loopargs_len; i++) {
2569 /* we haven't set keys yet, generate multi-prime RSA keys */
2570 BIGNUM *bn = BN_new();
2574 if (!BN_set_word(bn, RSA_F4)) {
2579 BIO_printf(bio_err, "Generate multi-prime RSA key for %s\n",
2580 rsa_choices[testnum].name);
2582 loopargs[i].rsa_key[testnum] = RSA_new();
2583 if (loopargs[i].rsa_key[testnum] == NULL) {
2588 if (!RSA_generate_multi_prime_key(loopargs[i].rsa_key[testnum],
2590 primes, bn, NULL)) {
2596 st = RSA_sign(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
2597 &loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
2603 "RSA sign failure. No RSA sign will be done.\n");
2604 ERR_print_errors(bio_err);
2607 pkey_print_message("private", "rsa",
2608 rsa_c[testnum][0], rsa_bits[testnum],
2610 /* RSA_blinding_on(rsa_key[testnum],NULL); */
2612 count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
2615 mr ? "+R1:%ld:%d:%.2f\n"
2616 : "%ld %u bits private RSA's in %.2fs\n",
2617 count, rsa_bits[testnum], d);
2618 rsa_results[testnum][0] = (double)count / d;
2622 for (i = 0; i < loopargs_len; i++) {
2623 st = RSA_verify(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
2624 loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
2630 "RSA verify failure. No RSA verify will be done.\n");
2631 ERR_print_errors(bio_err);
2632 rsa_doit[testnum] = 0;
2634 pkey_print_message("public", "rsa",
2635 rsa_c[testnum][1], rsa_bits[testnum],
2638 count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
2641 mr ? "+R2:%ld:%d:%.2f\n"
2642 : "%ld %u bits public RSA's in %.2fs\n",
2643 count, rsa_bits[testnum], d);
2644 rsa_results[testnum][1] = (double)count / d;
2647 if (rsa_count <= 1) {
2648 /* if longer than 10s, don't do any more */
2649 for (testnum++; testnum < RSA_NUM; testnum++)
2650 rsa_doit[testnum] = 0;
2653 #endif /* OPENSSL_NO_RSA */
2655 for (i = 0; i < loopargs_len; i++)
2656 RAND_bytes(loopargs[i].buf, 36);
2658 #ifndef OPENSSL_NO_DSA
2659 for (testnum = 0; testnum < DSA_NUM; testnum++) {
2661 if (!dsa_doit[testnum])
2664 /* DSA_generate_key(dsa_key[testnum]); */
2665 /* DSA_sign_setup(dsa_key[testnum],NULL); */
2666 for (i = 0; i < loopargs_len; i++) {
2667 st = DSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
2668 &loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
2674 "DSA sign failure. No DSA sign will be done.\n");
2675 ERR_print_errors(bio_err);
2678 pkey_print_message("sign", "dsa",
2679 dsa_c[testnum][0], dsa_bits[testnum],
2682 count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
2685 mr ? "+R3:%ld:%u:%.2f\n"
2686 : "%ld %u bits DSA signs in %.2fs\n",
2687 count, dsa_bits[testnum], d);
2688 dsa_results[testnum][0] = (double)count / d;
2692 for (i = 0; i < loopargs_len; i++) {
2693 st = DSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
2694 loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
2700 "DSA verify failure. No DSA verify will be done.\n");
2701 ERR_print_errors(bio_err);
2702 dsa_doit[testnum] = 0;
2704 pkey_print_message("verify", "dsa",
2705 dsa_c[testnum][1], dsa_bits[testnum],
2708 count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
2711 mr ? "+R4:%ld:%u:%.2f\n"
2712 : "%ld %u bits DSA verify in %.2fs\n",
2713 count, dsa_bits[testnum], d);
2714 dsa_results[testnum][1] = (double)count / d;
2717 if (rsa_count <= 1) {
2718 /* if longer than 10s, don't do any more */
2719 for (testnum++; testnum < DSA_NUM; testnum++)
2720 dsa_doit[testnum] = 0;
2723 #endif /* OPENSSL_NO_DSA */
2725 #ifndef OPENSSL_NO_EC
2726 for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
2729 if (!ecdsa_doit[testnum])
2730 continue; /* Ignore Curve */
2731 for (i = 0; i < loopargs_len; i++) {
2732 loopargs[i].ecdsa[testnum] =
2733 EC_KEY_new_by_curve_name(test_curves[testnum].nid);
2734 if (loopargs[i].ecdsa[testnum] == NULL) {
2740 BIO_printf(bio_err, "ECDSA failure.\n");
2741 ERR_print_errors(bio_err);
2744 for (i = 0; i < loopargs_len; i++) {
2745 EC_KEY_precompute_mult(loopargs[i].ecdsa[testnum], NULL);
2746 /* Perform ECDSA signature test */
2747 EC_KEY_generate_key(loopargs[i].ecdsa[testnum]);
2748 st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
2749 &loopargs[i].siglen,
2750 loopargs[i].ecdsa[testnum]);
2756 "ECDSA sign failure. No ECDSA sign will be done.\n");
2757 ERR_print_errors(bio_err);
2760 pkey_print_message("sign", "ecdsa",
2761 ecdsa_c[testnum][0],
2762 test_curves[testnum].bits, seconds.ecdsa);
2764 count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
2768 mr ? "+R5:%ld:%u:%.2f\n" :
2769 "%ld %u bits ECDSA signs in %.2fs \n",
2770 count, test_curves[testnum].bits, d);
2771 ecdsa_results[testnum][0] = (double)count / d;
2775 /* Perform ECDSA verification test */
2776 for (i = 0; i < loopargs_len; i++) {
2777 st = ECDSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
2779 loopargs[i].ecdsa[testnum]);
2785 "ECDSA verify failure. No ECDSA verify will be done.\n");
2786 ERR_print_errors(bio_err);
2787 ecdsa_doit[testnum] = 0;
2789 pkey_print_message("verify", "ecdsa",
2790 ecdsa_c[testnum][1],
2791 test_curves[testnum].bits, seconds.ecdsa);
2793 count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
2796 mr ? "+R6:%ld:%u:%.2f\n"
2797 : "%ld %u bits ECDSA verify in %.2fs\n",
2798 count, test_curves[testnum].bits, d);
2799 ecdsa_results[testnum][1] = (double)count / d;
2802 if (rsa_count <= 1) {
2803 /* if longer than 10s, don't do any more */
2804 for (testnum++; testnum < EC_NUM; testnum++)
2805 ecdsa_doit[testnum] = 0;
2810 for (testnum = 0; testnum < EC_NUM; testnum++) {
2811 int ecdh_checks = 1;
2813 if (!ecdh_doit[testnum])
2816 for (i = 0; i < loopargs_len; i++) {
2817 EVP_PKEY_CTX *kctx = NULL;
2818 EVP_PKEY_CTX *test_ctx = NULL;
2819 EVP_PKEY_CTX *ctx = NULL;
2820 EVP_PKEY *key_A = NULL;
2821 EVP_PKEY *key_B = NULL;
2825 /* Ensure that the error queue is empty */
2826 if (ERR_peek_error()) {
2828 "WARNING: the error queue contains previous unhandled errors.\n");
2829 ERR_print_errors(bio_err);
2832 /* Let's try to create a ctx directly from the NID: this works for
2833 * curves like Curve25519 that are not implemented through the low
2834 * level EC interface.
2835 * If this fails we try creating a EVP_PKEY_EC generic param ctx,
2836 * then we set the curve by NID before deriving the actual keygen
2837 * ctx for that specific curve. */
2838 kctx = EVP_PKEY_CTX_new_id(test_curves[testnum].nid, NULL); /* keygen ctx from NID */
2840 EVP_PKEY_CTX *pctx = NULL;
2841 EVP_PKEY *params = NULL;
2843 /* If we reach this code EVP_PKEY_CTX_new_id() failed and a
2844 * "int_ctx_new:unsupported algorithm" error was added to the
2846 * We remove it from the error queue as we are handling it. */
2847 unsigned long error = ERR_peek_error(); /* peek the latest error in the queue */
2848 if (error == ERR_peek_last_error() && /* oldest and latest errors match */
2849 /* check that the error origin matches */
2850 ERR_GET_LIB(error) == ERR_LIB_EVP &&
2851 ERR_GET_FUNC(error) == EVP_F_INT_CTX_NEW &&
2852 ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM)
2853 ERR_get_error(); /* pop error from queue */
2854 if (ERR_peek_error()) {
2856 "Unhandled error in the error queue during ECDH init.\n");
2857 ERR_print_errors(bio_err);
2862 if ( /* Create the context for parameter generation */
2863 !(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) ||
2864 /* Initialise the parameter generation */
2865 !EVP_PKEY_paramgen_init(pctx) ||
2866 /* Set the curve by NID */
2867 !EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
2870 /* Create the parameter object params */
2871 !EVP_PKEY_paramgen(pctx, ¶ms)) {
2873 BIO_printf(bio_err, "ECDH EC params init failure.\n");
2874 ERR_print_errors(bio_err);
2878 /* Create the context for the key generation */
2879 kctx = EVP_PKEY_CTX_new(params, NULL);
2881 EVP_PKEY_free(params);
2883 EVP_PKEY_CTX_free(pctx);
2886 if (kctx == NULL || /* keygen ctx is not null */
2887 !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) {
2889 BIO_printf(bio_err, "ECDH keygen failure.\n");
2890 ERR_print_errors(bio_err);
2895 if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */
2896 !EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */
2897 !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */
2898 !EVP_PKEY_derive_init(ctx) || /* init derivation ctx */
2899 !EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */
2900 !EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */
2901 outlen == 0 || /* ensure outlen is a valid size */
2902 outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) {
2904 BIO_printf(bio_err, "ECDH key generation failure.\n");
2905 ERR_print_errors(bio_err);
2910 /* Here we perform a test run, comparing the output of a*B and b*A;
2911 * we try this here and assume that further EVP_PKEY_derive calls
2912 * never fail, so we can skip checks in the actually benchmarked
2913 * code, for maximum performance. */
2914 if (!(test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) || /* test ctx from skeyB */
2915 !EVP_PKEY_derive_init(test_ctx) || /* init derivation test_ctx */
2916 !EVP_PKEY_derive_set_peer(test_ctx, key_A) || /* set peer pubkey in test_ctx */
2917 !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) || /* determine max length */
2918 !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) || /* compute a*B */
2919 !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) || /* compute b*A */
2920 test_outlen != outlen /* compare output length */ ) {
2922 BIO_printf(bio_err, "ECDH computation failure.\n");
2923 ERR_print_errors(bio_err);
2928 /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
2929 if (CRYPTO_memcmp(loopargs[i].secret_a,
2930 loopargs[i].secret_b, outlen)) {
2932 BIO_printf(bio_err, "ECDH computations don't match.\n");
2933 ERR_print_errors(bio_err);
2938 loopargs[i].ecdh_ctx[testnum] = ctx;
2939 loopargs[i].outlen[testnum] = outlen;
2941 EVP_PKEY_free(key_A);
2942 EVP_PKEY_free(key_B);
2943 EVP_PKEY_CTX_free(kctx);
2945 EVP_PKEY_CTX_free(test_ctx);
2948 if (ecdh_checks != 0) {
2949 pkey_print_message("", "ecdh",
2951 test_curves[testnum].bits, seconds.ecdh);
2954 run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
2957 mr ? "+R7:%ld:%d:%.2f\n" :
2958 "%ld %u-bits ECDH ops in %.2fs\n", count,
2959 test_curves[testnum].bits, d);
2960 ecdh_results[testnum][0] = (double)count / d;
2964 if (rsa_count <= 1) {
2965 /* if longer than 10s, don't do any more */
2966 for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++)
2967 ecdh_doit[testnum] = 0;
2970 #endif /* OPENSSL_NO_EC */
2975 printf("%s\n", OpenSSL_version(OPENSSL_VERSION));
2976 printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
2978 printf("%s ", BN_options());
2979 #ifndef OPENSSL_NO_MD2
2980 printf("%s ", MD2_options());
2982 #ifndef OPENSSL_NO_RC4
2983 printf("%s ", RC4_options());
2985 #ifndef OPENSSL_NO_DES
2986 printf("%s ", DES_options());
2988 printf("%s ", AES_options());
2989 #ifndef OPENSSL_NO_IDEA
2990 printf("%s ", IDEA_options());
2992 #ifndef OPENSSL_NO_BF
2993 printf("%s ", BF_options());
2995 printf("\n%s\n", OpenSSL_version(OPENSSL_CFLAGS));
3003 ("The 'numbers' are in 1000s of bytes per second processed.\n");
3006 for (testnum = 0; testnum < size_num; testnum++)
3007 printf(mr ? ":%d" : "%7d bytes", lengths[testnum]);
3011 for (k = 0; k < ALGOR_NUM; k++) {
3015 printf("+F:%u:%s", k, names[k]);
3017 printf("%-13s", names[k]);
3018 for (testnum = 0; testnum < size_num; testnum++) {
3019 if (results[k][testnum] > 10000 && !mr)
3020 printf(" %11.2fk", results[k][testnum] / 1e3);
3022 printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
3026 #ifndef OPENSSL_NO_RSA
3028 for (k = 0; k < RSA_NUM; k++) {
3031 if (testnum && !mr) {
3032 printf("%18ssign verify sign/s verify/s\n", " ");
3036 printf("+F2:%u:%u:%f:%f\n",
3037 k, rsa_bits[k], rsa_results[k][0], rsa_results[k][1]);
3039 printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3040 rsa_bits[k], 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1],
3041 rsa_results[k][0], rsa_results[k][1]);
3044 #ifndef OPENSSL_NO_DSA
3046 for (k = 0; k < DSA_NUM; k++) {
3049 if (testnum && !mr) {
3050 printf("%18ssign verify sign/s verify/s\n", " ");
3054 printf("+F3:%u:%u:%f:%f\n",
3055 k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
3057 printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3058 dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
3059 dsa_results[k][0], dsa_results[k][1]);
3062 #ifndef OPENSSL_NO_EC
3064 for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
3067 if (testnum && !mr) {
3068 printf("%30ssign verify sign/s verify/s\n", " ");
3073 printf("+F4:%u:%u:%f:%f\n",
3074 k, test_curves[k].bits,
3075 ecdsa_results[k][0], ecdsa_results[k][1]);
3077 printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3078 test_curves[k].bits, test_curves[k].name,
3079 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
3080 ecdsa_results[k][0], ecdsa_results[k][1]);
3084 for (k = 0; k < EC_NUM; k++) {
3087 if (testnum && !mr) {
3088 printf("%30sop op/s\n", " ");
3092 printf("+F5:%u:%u:%f:%f\n",
3093 k, test_curves[k].bits,
3094 ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
3097 printf("%4u bits ecdh (%s) %8.4fs %8.1f\n",
3098 test_curves[k].bits, test_curves[k].name,
3099 1.0 / ecdh_results[k][0], ecdh_results[k][0]);
3106 ERR_print_errors(bio_err);
3107 for (i = 0; i < loopargs_len; i++) {
3108 OPENSSL_free(loopargs[i].buf_malloc);
3109 OPENSSL_free(loopargs[i].buf2_malloc);
3111 #ifndef OPENSSL_NO_RSA
3112 for (k = 0; k < RSA_NUM; k++)
3113 RSA_free(loopargs[i].rsa_key[k]);
3115 #ifndef OPENSSL_NO_DSA
3116 for (k = 0; k < DSA_NUM; k++)
3117 DSA_free(loopargs[i].dsa_key[k]);
3119 #ifndef OPENSSL_NO_EC
3120 for (k = 0; k < ECDSA_NUM; k++)
3121 EC_KEY_free(loopargs[i].ecdsa[k]);
3122 for (k = 0; k < EC_NUM; k++)
3123 EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
3124 OPENSSL_free(loopargs[i].secret_a);
3125 OPENSSL_free(loopargs[i].secret_b);
3129 if (async_jobs > 0) {
3130 for (i = 0; i < loopargs_len; i++)
3131 ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
3135 ASYNC_cleanup_thread();
3137 OPENSSL_free(loopargs);
3142 static void print_message(const char *s, long num, int length, int tm)
3146 mr ? "+DT:%s:%d:%d\n"
3147 : "Doing %s for %ds on %d size blocks: ", s, tm, length);
3148 (void)BIO_flush(bio_err);
3152 mr ? "+DN:%s:%ld:%d\n"
3153 : "Doing %s %ld times on %d size blocks: ", s, num, length);
3154 (void)BIO_flush(bio_err);
3158 static void pkey_print_message(const char *str, const char *str2, long num,
3159 unsigned int bits, int tm)
3163 mr ? "+DTP:%d:%s:%s:%d\n"
3164 : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
3165 (void)BIO_flush(bio_err);
3169 mr ? "+DNP:%ld:%d:%s:%s\n"
3170 : "Doing %ld %u bits %s %s's: ", num, bits, str, str2);
3171 (void)BIO_flush(bio_err);
3175 static void print_result(int alg, int run_no, int count, double time_used)
3178 BIO_puts(bio_err, "EVP error!\n");
3182 mr ? "+R:%d:%s:%f\n"
3183 : "%d %s's in %.2fs\n", count, names[alg], time_used);
3184 results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
3188 static char *sstrsep(char **string, const char *delim)
3191 char *token = *string;
3196 memset(isdelim, 0, sizeof(isdelim));
3200 isdelim[(unsigned char)(*delim)] = 1;
3204 while (!isdelim[(unsigned char)(**string)]) {
3216 static int do_multi(int multi, int size_num)
3221 static char sep[] = ":";
3223 fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
3224 for (n = 0; n < multi; ++n) {
3225 if (pipe(fd) == -1) {
3226 BIO_printf(bio_err, "pipe failure\n");
3230 (void)BIO_flush(bio_err);
3237 if (dup(fd[1]) == -1) {
3238 BIO_printf(bio_err, "dup failed\n");
3247 printf("Forked child %d\n", n);
3250 /* for now, assume the pipe is long enough to take all the output */
3251 for (n = 0; n < multi; ++n) {
3256 f = fdopen(fds[n], "r");
3257 while (fgets(buf, sizeof(buf), f)) {
3258 p = strchr(buf, '\n');
3261 if (buf[0] != '+') {
3263 "Don't understand line '%s' from child %d\n", buf,
3267 printf("Got: %s from %d\n", buf, n);
3268 if (strncmp(buf, "+F:", 3) == 0) {
3273 alg = atoi(sstrsep(&p, sep));
3275 for (j = 0; j < size_num; ++j)
3276 results[alg][j] += atof(sstrsep(&p, sep));
3277 } else if (strncmp(buf, "+F2:", 4) == 0) {
3282 k = atoi(sstrsep(&p, sep));
3285 d = atof(sstrsep(&p, sep));
3286 rsa_results[k][0] += d;
3288 d = atof(sstrsep(&p, sep));
3289 rsa_results[k][1] += d;
3291 # ifndef OPENSSL_NO_DSA
3292 else if (strncmp(buf, "+F3:", 4) == 0) {
3297 k = atoi(sstrsep(&p, sep));
3300 d = atof(sstrsep(&p, sep));
3301 dsa_results[k][0] += d;
3303 d = atof(sstrsep(&p, sep));
3304 dsa_results[k][1] += d;
3307 # ifndef OPENSSL_NO_EC
3308 else if (strncmp(buf, "+F4:", 4) == 0) {
3313 k = atoi(sstrsep(&p, sep));
3316 d = atof(sstrsep(&p, sep));
3317 ecdsa_results[k][0] += d;
3319 d = atof(sstrsep(&p, sep));
3320 ecdsa_results[k][1] += d;
3321 } else if (strncmp(buf, "+F5:", 4) == 0) {
3326 k = atoi(sstrsep(&p, sep));
3329 d = atof(sstrsep(&p, sep));
3330 ecdh_results[k][0] += d;
3334 else if (strncmp(buf, "+H:", 3) == 0) {
3337 BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
3348 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
3349 const openssl_speed_sec_t *seconds)
3351 static const int mblengths_list[] =
3352 { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
3353 const int *mblengths = mblengths_list;
3354 int j, count, keylen, num = OSSL_NELEM(mblengths_list);
3355 const char *alg_name;
3356 unsigned char *inp, *out, *key, no_key[32], no_iv[16];
3357 EVP_CIPHER_CTX *ctx;
3360 if (lengths_single) {
3361 mblengths = &lengths_single;
3365 inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
3366 out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
3367 ctx = EVP_CIPHER_CTX_new();
3368 EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv);
3370 keylen = EVP_CIPHER_CTX_key_length(ctx);
3371 key = app_malloc(keylen, "evp_cipher key");
3372 EVP_CIPHER_CTX_rand_key(ctx, key);
3373 EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL);
3374 OPENSSL_clear_free(key, keylen);
3376 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), no_key);
3377 alg_name = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
3379 for (j = 0; j < num; j++) {
3380 print_message(alg_name, 0, mblengths[j], seconds->sym);
3382 for (count = 0, run = 1; run && count < 0x7fffffff; count++) {
3383 unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
3384 EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
3385 size_t len = mblengths[j];
3388 memset(aad, 0, 8); /* avoid uninitialized values */
3389 aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */
3390 aad[9] = 3; /* version */
3392 aad[11] = 0; /* length */
3394 mb_param.out = NULL;
3397 mb_param.interleave = 8;
3399 packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
3400 sizeof(mb_param), &mb_param);
3406 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
3407 sizeof(mb_param), &mb_param);
3411 RAND_bytes(out, 16);
3413 aad[11] = (unsigned char)(len >> 8);
3414 aad[12] = (unsigned char)(len);
3415 pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
3416 EVP_AEAD_TLS1_AAD_LEN, aad);
3417 EVP_Cipher(ctx, out, inp, len + pad);
3421 BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
3422 : "%d %s's in %.2fs\n", count, "evp", d);
3423 results[D_EVP][j] = ((double)count) / d * mblengths[j];
3427 fprintf(stdout, "+H");
3428 for (j = 0; j < num; j++)
3429 fprintf(stdout, ":%d", mblengths[j]);
3430 fprintf(stdout, "\n");
3431 fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
3432 for (j = 0; j < num; j++)
3433 fprintf(stdout, ":%.2f", results[D_EVP][j]);
3434 fprintf(stdout, "\n");
3437 "The 'numbers' are in 1000s of bytes per second processed.\n");
3438 fprintf(stdout, "type ");
3439 for (j = 0; j < num; j++)
3440 fprintf(stdout, "%7d bytes", mblengths[j]);
3441 fprintf(stdout, "\n");
3442 fprintf(stdout, "%-24s", alg_name);
3444 for (j = 0; j < num; j++) {
3445 if (results[D_EVP][j] > 10000)
3446 fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
3448 fprintf(stdout, " %11.2f ", results[D_EVP][j]);
3450 fprintf(stdout, "\n");
3455 EVP_CIPHER_CTX_free(ctx);