2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
5 * Licensed under the OpenSSL license (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
13 #define RSA_SECONDS 10
14 #define DSA_SECONDS 10
15 #define ECDSA_SECONDS 10
16 #define ECDH_SECONDS 10
24 #include <openssl/crypto.h>
25 #include <openssl/rand.h>
26 #include <openssl/err.h>
27 #include <openssl/evp.h>
28 #include <openssl/objects.h>
29 #include <openssl/async.h>
30 #if !defined(OPENSSL_SYS_MSDOS)
31 # include OPENSSL_UNISTD
38 #include <openssl/bn.h>
39 #ifndef OPENSSL_NO_DES
40 # include <openssl/des.h>
42 #include <openssl/aes.h>
43 #ifndef OPENSSL_NO_CAMELLIA
44 # include <openssl/camellia.h>
46 #ifndef OPENSSL_NO_MD2
47 # include <openssl/md2.h>
49 #ifndef OPENSSL_NO_MDC2
50 # include <openssl/mdc2.h>
52 #ifndef OPENSSL_NO_MD4
53 # include <openssl/md4.h>
55 #ifndef OPENSSL_NO_MD5
56 # include <openssl/md5.h>
58 #include <openssl/hmac.h>
59 #include <openssl/sha.h>
60 #ifndef OPENSSL_NO_RMD160
61 # include <openssl/ripemd.h>
63 #ifndef OPENSSL_NO_WHIRLPOOL
64 # include <openssl/whrlpool.h>
66 #ifndef OPENSSL_NO_RC4
67 # include <openssl/rc4.h>
69 #ifndef OPENSSL_NO_RC5
70 # include <openssl/rc5.h>
72 #ifndef OPENSSL_NO_RC2
73 # include <openssl/rc2.h>
75 #ifndef OPENSSL_NO_IDEA
76 # include <openssl/idea.h>
78 #ifndef OPENSSL_NO_SEED
79 # include <openssl/seed.h>
82 # include <openssl/blowfish.h>
84 #ifndef OPENSSL_NO_CAST
85 # include <openssl/cast.h>
87 #ifndef OPENSSL_NO_RSA
88 # include <openssl/rsa.h>
89 # include "./testrsa.h"
91 #include <openssl/x509.h>
92 #ifndef OPENSSL_NO_DSA
93 # include <openssl/dsa.h>
94 # include "./testdsa.h"
97 # include <openssl/ec.h>
99 #include <openssl/modes.h>
102 # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
115 #define MAX_MISALIGNMENT 63
116 #define MAX_ECDH_SIZE 256
119 typedef struct openssl_speed_sec_st {
125 } openssl_speed_sec_t;
127 static volatile int run = 0;
130 static int usertime = 1;
132 #ifndef OPENSSL_NO_MD2
133 static int EVP_Digest_MD2_loop(void *args);
136 #ifndef OPENSSL_NO_MDC2
137 static int EVP_Digest_MDC2_loop(void *args);
139 #ifndef OPENSSL_NO_MD4
140 static int EVP_Digest_MD4_loop(void *args);
142 #ifndef OPENSSL_NO_MD5
143 static int MD5_loop(void *args);
144 static int HMAC_loop(void *args);
146 static int SHA1_loop(void *args);
147 static int SHA256_loop(void *args);
148 static int SHA512_loop(void *args);
149 #ifndef OPENSSL_NO_WHIRLPOOL
150 static int WHIRLPOOL_loop(void *args);
152 #ifndef OPENSSL_NO_RMD160
153 static int EVP_Digest_RMD160_loop(void *args);
155 #ifndef OPENSSL_NO_RC4
156 static int RC4_loop(void *args);
158 #ifndef OPENSSL_NO_DES
159 static int DES_ncbc_encrypt_loop(void *args);
160 static int DES_ede3_cbc_encrypt_loop(void *args);
162 static int AES_cbc_128_encrypt_loop(void *args);
163 static int AES_cbc_192_encrypt_loop(void *args);
164 static int AES_ige_128_encrypt_loop(void *args);
165 static int AES_cbc_256_encrypt_loop(void *args);
166 static int AES_ige_192_encrypt_loop(void *args);
167 static int AES_ige_256_encrypt_loop(void *args);
168 static int CRYPTO_gcm128_aad_loop(void *args);
169 static int RAND_bytes_loop(void *args);
170 static int EVP_Update_loop(void *args);
171 static int EVP_Update_loop_ccm(void *args);
172 static int EVP_Update_loop_aead(void *args);
173 static int EVP_Digest_loop(void *args);
174 #ifndef OPENSSL_NO_RSA
175 static int RSA_sign_loop(void *args);
176 static int RSA_verify_loop(void *args);
178 #ifndef OPENSSL_NO_DSA
179 static int DSA_sign_loop(void *args);
180 static int DSA_verify_loop(void *args);
182 #ifndef OPENSSL_NO_EC
183 static int ECDSA_sign_loop(void *args);
184 static int ECDSA_verify_loop(void *args);
187 static double Time_F(int s);
188 static void print_message(const char *s, long num, int length, int tm);
189 static void pkey_print_message(const char *str, const char *str2,
190 long num, unsigned int bits, int sec);
191 static void print_result(int alg, int run_no, int count, double time_used);
193 static int do_multi(int multi, int size_num);
196 static const int lengths_list[] = {
197 16, 64, 256, 1024, 8 * 1024, 16 * 1024
199 static const int *lengths = lengths_list;
201 static const int aead_lengths_list[] = {
202 2, 31, 136, 1024, 8 * 1024, 16 * 1024
210 static void alarmed(int sig)
212 signal(SIGALRM, alarmed);
216 static double Time_F(int s)
218 double ret = app_tminterval(s, usertime);
224 #elif defined(_WIN32)
228 static unsigned int lapse;
229 static volatile unsigned int schlock;
230 static void alarm_win32(unsigned int secs)
235 # define alarm alarm_win32
237 static DWORD WINAPI sleepy(VOID * arg)
245 static double Time_F(int s)
252 thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
254 DWORD err = GetLastError();
255 BIO_printf(bio_err, "unable to CreateThread (%lu)", err);
259 Sleep(0); /* scheduler spinlock */
260 ret = app_tminterval(s, usertime);
262 ret = app_tminterval(s, usertime);
264 TerminateThread(thr, 0);
271 static double Time_F(int s)
273 return app_tminterval(s, usertime);
277 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
278 const openssl_speed_sec_t *seconds);
280 #define found(value, pairs, result)\
281 opt_found(value, result, pairs, OSSL_NELEM(pairs))
282 static int opt_found(const char *name, unsigned int *result,
283 const OPT_PAIR pairs[], unsigned int nbelem)
287 for (idx = 0; idx < nbelem; ++idx, pairs++)
288 if (strcmp(name, pairs->name) == 0) {
289 *result = pairs->retval;
295 typedef enum OPTION_choice {
296 OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
297 OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
298 OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM,
299 OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD
302 const OPTIONS speed_options[] = {
303 {OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"},
304 {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
305 {"help", OPT_HELP, '-', "Display this summary"},
306 {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
307 {"decrypt", OPT_DECRYPT, '-',
308 "Time decryption instead of encryption (only EVP)"},
309 {"aead", OPT_AEAD, '-',
310 "Benchmark EVP-named AEAD cipher in TLS-like sequence"},
312 "Enable (tls1>=1) multi-block mode on EVP-named cipher"},
313 {"mr", OPT_MR, '-', "Produce machine readable output"},
315 {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
317 #ifndef OPENSSL_NO_ASYNC
318 {"async_jobs", OPT_ASYNCJOBS, 'p',
319 "Enable async mode and start specified number of jobs"},
322 #ifndef OPENSSL_NO_ENGINE
323 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
325 {"elapsed", OPT_ELAPSED, '-',
326 "Use wall-clock time instead of CPU user time as divisor"},
327 {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
328 {"seconds", OPT_SECONDS, 'p',
329 "Run benchmarks for specified amount of seconds"},
330 {"bytes", OPT_BYTES, 'p',
331 "Run [non-PKI] benchmarks on custom-sized buffer"},
332 {"misalign", OPT_MISALIGN, 'p',
333 "Use specified offset to mis-align buffers"},
347 #define D_CBC_IDEA 10
348 #define D_CBC_SEED 11
352 #define D_CBC_CAST 15
353 #define D_CBC_128_AES 16
354 #define D_CBC_192_AES 17
355 #define D_CBC_256_AES 18
356 #define D_CBC_128_CML 19
357 #define D_CBC_192_CML 20
358 #define D_CBC_256_CML 21
362 #define D_WHIRLPOOL 25
363 #define D_IGE_128_AES 26
364 #define D_IGE_192_AES 27
365 #define D_IGE_256_AES 28
368 /* name of algorithms to test */
369 static const char *names[] = {
370 "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
371 "des cbc", "des ede3", "idea cbc", "seed cbc",
372 "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
373 "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
374 "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
375 "evp", "sha256", "sha512", "whirlpool",
376 "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash",
379 #define ALGOR_NUM OSSL_NELEM(names)
381 /* list of configured algorithm (remaining) */
382 static const OPT_PAIR doit_choices[] = {
383 #ifndef OPENSSL_NO_MD2
386 #ifndef OPENSSL_NO_MDC2
389 #ifndef OPENSSL_NO_MD4
392 #ifndef OPENSSL_NO_MD5
397 {"sha256", D_SHA256},
398 {"sha512", D_SHA512},
399 #ifndef OPENSSL_NO_WHIRLPOOL
400 {"whirlpool", D_WHIRLPOOL},
402 #ifndef OPENSSL_NO_RMD160
403 {"ripemd", D_RMD160},
404 {"rmd160", D_RMD160},
405 {"ripemd160", D_RMD160},
407 #ifndef OPENSSL_NO_RC4
410 #ifndef OPENSSL_NO_DES
411 {"des-cbc", D_CBC_DES},
412 {"des-ede3", D_EDE3_DES},
414 {"aes-128-cbc", D_CBC_128_AES},
415 {"aes-192-cbc", D_CBC_192_AES},
416 {"aes-256-cbc", D_CBC_256_AES},
417 {"aes-128-ige", D_IGE_128_AES},
418 {"aes-192-ige", D_IGE_192_AES},
419 {"aes-256-ige", D_IGE_256_AES},
420 #ifndef OPENSSL_NO_RC2
421 {"rc2-cbc", D_CBC_RC2},
424 #ifndef OPENSSL_NO_RC5
425 {"rc5-cbc", D_CBC_RC5},
428 #ifndef OPENSSL_NO_IDEA
429 {"idea-cbc", D_CBC_IDEA},
430 {"idea", D_CBC_IDEA},
432 #ifndef OPENSSL_NO_SEED
433 {"seed-cbc", D_CBC_SEED},
434 {"seed", D_CBC_SEED},
436 #ifndef OPENSSL_NO_BF
437 {"bf-cbc", D_CBC_BF},
438 {"blowfish", D_CBC_BF},
441 #ifndef OPENSSL_NO_CAST
442 {"cast-cbc", D_CBC_CAST},
443 {"cast", D_CBC_CAST},
444 {"cast5", D_CBC_CAST},
450 static double results[ALGOR_NUM][OSSL_NELEM(lengths_list)];
452 #ifndef OPENSSL_NO_DSA
454 # define R_DSA_1024 1
455 # define R_DSA_2048 2
456 static const OPT_PAIR dsa_choices[] = {
457 {"dsa512", R_DSA_512},
458 {"dsa1024", R_DSA_1024},
459 {"dsa2048", R_DSA_2048}
461 # define DSA_NUM OSSL_NELEM(dsa_choices)
463 static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
464 #endif /* OPENSSL_NO_DSA */
472 #define R_RSA_15360 6
473 #ifndef OPENSSL_NO_RSA
474 static const OPT_PAIR rsa_choices[] = {
475 {"rsa512", R_RSA_512},
476 {"rsa1024", R_RSA_1024},
477 {"rsa2048", R_RSA_2048},
478 {"rsa3072", R_RSA_3072},
479 {"rsa4096", R_RSA_4096},
480 {"rsa7680", R_RSA_7680},
481 {"rsa15360", R_RSA_15360}
483 # define RSA_NUM OSSL_NELEM(rsa_choices)
485 static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
486 #endif /* OPENSSL_NO_RSA */
504 #define R_EC_BRP256R1 16
505 #define R_EC_BRP256T1 17
506 #define R_EC_BRP384R1 18
507 #define R_EC_BRP384T1 19
508 #define R_EC_BRP512R1 20
509 #define R_EC_BRP512T1 21
510 #define R_EC_X25519 22
512 #ifndef OPENSSL_NO_EC
513 static OPT_PAIR ecdsa_choices[] = {
514 {"ecdsap160", R_EC_P160},
515 {"ecdsap192", R_EC_P192},
516 {"ecdsap224", R_EC_P224},
517 {"ecdsap256", R_EC_P256},
518 {"ecdsap384", R_EC_P384},
519 {"ecdsap521", R_EC_P521},
520 {"ecdsak163", R_EC_K163},
521 {"ecdsak233", R_EC_K233},
522 {"ecdsak283", R_EC_K283},
523 {"ecdsak409", R_EC_K409},
524 {"ecdsak571", R_EC_K571},
525 {"ecdsab163", R_EC_B163},
526 {"ecdsab233", R_EC_B233},
527 {"ecdsab283", R_EC_B283},
528 {"ecdsab409", R_EC_B409},
529 {"ecdsab571", R_EC_B571},
530 {"ecdsabrp256r1", R_EC_BRP256R1},
531 {"ecdsabrp256t1", R_EC_BRP256T1},
532 {"ecdsabrp384r1", R_EC_BRP384R1},
533 {"ecdsabrp384t1", R_EC_BRP384T1},
534 {"ecdsabrp512r1", R_EC_BRP512R1},
535 {"ecdsabrp512t1", R_EC_BRP512T1}
537 # define ECDSA_NUM OSSL_NELEM(ecdsa_choices)
539 static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
541 static const OPT_PAIR ecdh_choices[] = {
542 {"ecdhp160", R_EC_P160},
543 {"ecdhp192", R_EC_P192},
544 {"ecdhp224", R_EC_P224},
545 {"ecdhp256", R_EC_P256},
546 {"ecdhp384", R_EC_P384},
547 {"ecdhp521", R_EC_P521},
548 {"ecdhk163", R_EC_K163},
549 {"ecdhk233", R_EC_K233},
550 {"ecdhk283", R_EC_K283},
551 {"ecdhk409", R_EC_K409},
552 {"ecdhk571", R_EC_K571},
553 {"ecdhb163", R_EC_B163},
554 {"ecdhb233", R_EC_B233},
555 {"ecdhb283", R_EC_B283},
556 {"ecdhb409", R_EC_B409},
557 {"ecdhb571", R_EC_B571},
558 {"ecdhbrp256r1", R_EC_BRP256R1},
559 {"ecdhbrp256t1", R_EC_BRP256T1},
560 {"ecdhbrp384r1", R_EC_BRP384R1},
561 {"ecdhbrp384t1", R_EC_BRP384T1},
562 {"ecdhbrp512r1", R_EC_BRP512R1},
563 {"ecdhbrp512t1", R_EC_BRP512T1},
564 {"ecdhx25519", R_EC_X25519},
565 {"ecdhx448", R_EC_X448}
567 # define EC_NUM OSSL_NELEM(ecdh_choices)
569 static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */
570 #endif /* OPENSSL_NO_EC */
573 # define COND(d) (count < (d))
574 # define COUNT(d) (d)
576 # define COND(unused_cond) (run && count<0x7fffffff)
577 # define COUNT(d) (count)
580 typedef struct loopargs_st {
581 ASYNC_JOB *inprogress_job;
582 ASYNC_WAIT_CTX *wait_ctx;
585 unsigned char *buf_malloc;
586 unsigned char *buf2_malloc;
589 #ifndef OPENSSL_NO_RSA
590 RSA *rsa_key[RSA_NUM];
592 #ifndef OPENSSL_NO_DSA
593 DSA *dsa_key[DSA_NUM];
595 #ifndef OPENSSL_NO_EC
596 EC_KEY *ecdsa[ECDSA_NUM];
597 EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
598 unsigned char *secret_a;
599 unsigned char *secret_b;
600 size_t outlen[EC_NUM];
604 GCM128_CONTEXT *gcm_ctx;
606 static int run_benchmark(int async_jobs, int (*loop_function) (void *),
607 loopargs_t * loopargs);
609 static unsigned int testnum;
611 /* Nb of iterations to do per algorithm and key-size */
612 static long c[ALGOR_NUM][OSSL_NELEM(lengths_list)];
614 #ifndef OPENSSL_NO_MD2
615 static int EVP_Digest_MD2_loop(void *args)
617 loopargs_t *tempargs = *(loopargs_t **) args;
618 unsigned char *buf = tempargs->buf;
619 unsigned char md2[MD2_DIGEST_LENGTH];
622 for (count = 0; COND(c[D_MD2][testnum]); count++) {
623 if (!EVP_Digest(buf, (size_t)lengths[testnum], md2, NULL, EVP_md2(),
631 #ifndef OPENSSL_NO_MDC2
632 static int EVP_Digest_MDC2_loop(void *args)
634 loopargs_t *tempargs = *(loopargs_t **) args;
635 unsigned char *buf = tempargs->buf;
636 unsigned char mdc2[MDC2_DIGEST_LENGTH];
639 for (count = 0; COND(c[D_MDC2][testnum]); count++) {
640 if (!EVP_Digest(buf, (size_t)lengths[testnum], mdc2, NULL, EVP_mdc2(),
648 #ifndef OPENSSL_NO_MD4
649 static int EVP_Digest_MD4_loop(void *args)
651 loopargs_t *tempargs = *(loopargs_t **) args;
652 unsigned char *buf = tempargs->buf;
653 unsigned char md4[MD4_DIGEST_LENGTH];
656 for (count = 0; COND(c[D_MD4][testnum]); count++) {
657 if (!EVP_Digest(buf, (size_t)lengths[testnum], md4, NULL, EVP_md4(),
665 #ifndef OPENSSL_NO_MD5
666 static int MD5_loop(void *args)
668 loopargs_t *tempargs = *(loopargs_t **) args;
669 unsigned char *buf = tempargs->buf;
670 unsigned char md5[MD5_DIGEST_LENGTH];
672 for (count = 0; COND(c[D_MD5][testnum]); count++)
673 MD5(buf, lengths[testnum], md5);
677 static int HMAC_loop(void *args)
679 loopargs_t *tempargs = *(loopargs_t **) args;
680 unsigned char *buf = tempargs->buf;
681 HMAC_CTX *hctx = tempargs->hctx;
682 unsigned char hmac[MD5_DIGEST_LENGTH];
685 for (count = 0; COND(c[D_HMAC][testnum]); count++) {
686 HMAC_Init_ex(hctx, NULL, 0, NULL, NULL);
687 HMAC_Update(hctx, buf, lengths[testnum]);
688 HMAC_Final(hctx, hmac, NULL);
694 static int SHA1_loop(void *args)
696 loopargs_t *tempargs = *(loopargs_t **) args;
697 unsigned char *buf = tempargs->buf;
698 unsigned char sha[SHA_DIGEST_LENGTH];
700 for (count = 0; COND(c[D_SHA1][testnum]); count++)
701 SHA1(buf, lengths[testnum], sha);
705 static int SHA256_loop(void *args)
707 loopargs_t *tempargs = *(loopargs_t **) args;
708 unsigned char *buf = tempargs->buf;
709 unsigned char sha256[SHA256_DIGEST_LENGTH];
711 for (count = 0; COND(c[D_SHA256][testnum]); count++)
712 SHA256(buf, lengths[testnum], sha256);
716 static int SHA512_loop(void *args)
718 loopargs_t *tempargs = *(loopargs_t **) args;
719 unsigned char *buf = tempargs->buf;
720 unsigned char sha512[SHA512_DIGEST_LENGTH];
722 for (count = 0; COND(c[D_SHA512][testnum]); count++)
723 SHA512(buf, lengths[testnum], sha512);
727 #ifndef OPENSSL_NO_WHIRLPOOL
728 static int WHIRLPOOL_loop(void *args)
730 loopargs_t *tempargs = *(loopargs_t **) args;
731 unsigned char *buf = tempargs->buf;
732 unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
734 for (count = 0; COND(c[D_WHIRLPOOL][testnum]); count++)
735 WHIRLPOOL(buf, lengths[testnum], whirlpool);
740 #ifndef OPENSSL_NO_RMD160
741 static int EVP_Digest_RMD160_loop(void *args)
743 loopargs_t *tempargs = *(loopargs_t **) args;
744 unsigned char *buf = tempargs->buf;
745 unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
747 for (count = 0; COND(c[D_RMD160][testnum]); count++) {
748 if (!EVP_Digest(buf, (size_t)lengths[testnum], &(rmd160[0]),
749 NULL, EVP_ripemd160(), NULL))
756 #ifndef OPENSSL_NO_RC4
757 static RC4_KEY rc4_ks;
758 static int RC4_loop(void *args)
760 loopargs_t *tempargs = *(loopargs_t **) args;
761 unsigned char *buf = tempargs->buf;
763 for (count = 0; COND(c[D_RC4][testnum]); count++)
764 RC4(&rc4_ks, (size_t)lengths[testnum], buf, buf);
769 #ifndef OPENSSL_NO_DES
770 static unsigned char DES_iv[8];
771 static DES_key_schedule sch;
772 static DES_key_schedule sch2;
773 static DES_key_schedule sch3;
774 static int DES_ncbc_encrypt_loop(void *args)
776 loopargs_t *tempargs = *(loopargs_t **) args;
777 unsigned char *buf = tempargs->buf;
779 for (count = 0; COND(c[D_CBC_DES][testnum]); count++)
780 DES_ncbc_encrypt(buf, buf, lengths[testnum], &sch,
781 &DES_iv, DES_ENCRYPT);
785 static int DES_ede3_cbc_encrypt_loop(void *args)
787 loopargs_t *tempargs = *(loopargs_t **) args;
788 unsigned char *buf = tempargs->buf;
790 for (count = 0; COND(c[D_EDE3_DES][testnum]); count++)
791 DES_ede3_cbc_encrypt(buf, buf, lengths[testnum],
792 &sch, &sch2, &sch3, &DES_iv, DES_ENCRYPT);
797 #define MAX_BLOCK_SIZE 128
799 static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
800 static AES_KEY aes_ks1, aes_ks2, aes_ks3;
801 static int AES_cbc_128_encrypt_loop(void *args)
803 loopargs_t *tempargs = *(loopargs_t **) args;
804 unsigned char *buf = tempargs->buf;
806 for (count = 0; COND(c[D_CBC_128_AES][testnum]); count++)
807 AES_cbc_encrypt(buf, buf,
808 (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT);
812 static int AES_cbc_192_encrypt_loop(void *args)
814 loopargs_t *tempargs = *(loopargs_t **) args;
815 unsigned char *buf = tempargs->buf;
817 for (count = 0; COND(c[D_CBC_192_AES][testnum]); count++)
818 AES_cbc_encrypt(buf, buf,
819 (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT);
823 static int AES_cbc_256_encrypt_loop(void *args)
825 loopargs_t *tempargs = *(loopargs_t **) args;
826 unsigned char *buf = tempargs->buf;
828 for (count = 0; COND(c[D_CBC_256_AES][testnum]); count++)
829 AES_cbc_encrypt(buf, buf,
830 (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT);
834 static int AES_ige_128_encrypt_loop(void *args)
836 loopargs_t *tempargs = *(loopargs_t **) args;
837 unsigned char *buf = tempargs->buf;
838 unsigned char *buf2 = tempargs->buf2;
840 for (count = 0; COND(c[D_IGE_128_AES][testnum]); count++)
841 AES_ige_encrypt(buf, buf2,
842 (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT);
846 static int AES_ige_192_encrypt_loop(void *args)
848 loopargs_t *tempargs = *(loopargs_t **) args;
849 unsigned char *buf = tempargs->buf;
850 unsigned char *buf2 = tempargs->buf2;
852 for (count = 0; COND(c[D_IGE_192_AES][testnum]); count++)
853 AES_ige_encrypt(buf, buf2,
854 (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT);
858 static int AES_ige_256_encrypt_loop(void *args)
860 loopargs_t *tempargs = *(loopargs_t **) args;
861 unsigned char *buf = tempargs->buf;
862 unsigned char *buf2 = tempargs->buf2;
864 for (count = 0; COND(c[D_IGE_256_AES][testnum]); count++)
865 AES_ige_encrypt(buf, buf2,
866 (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT);
870 static int CRYPTO_gcm128_aad_loop(void *args)
872 loopargs_t *tempargs = *(loopargs_t **) args;
873 unsigned char *buf = tempargs->buf;
874 GCM128_CONTEXT *gcm_ctx = tempargs->gcm_ctx;
876 for (count = 0; COND(c[D_GHASH][testnum]); count++)
877 CRYPTO_gcm128_aad(gcm_ctx, buf, lengths[testnum]);
881 static int RAND_bytes_loop(void *args)
883 loopargs_t *tempargs = *(loopargs_t **) args;
884 unsigned char *buf = tempargs->buf;
887 for (count = 0; COND(c[D_RAND][testnum]); count++)
888 RAND_bytes(buf, lengths[testnum]);
892 static long save_count = 0;
893 static int decrypt = 0;
894 static int EVP_Update_loop(void *args)
896 loopargs_t *tempargs = *(loopargs_t **) args;
897 unsigned char *buf = tempargs->buf;
898 EVP_CIPHER_CTX *ctx = tempargs->ctx;
901 int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
904 for (count = 0; COND(nb_iter); count++) {
905 rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
907 /* reset iv in case of counter overflow */
908 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
912 for (count = 0; COND(nb_iter); count++) {
913 rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
915 /* reset iv in case of counter overflow */
916 EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
921 EVP_DecryptFinal_ex(ctx, buf, &outl);
923 EVP_EncryptFinal_ex(ctx, buf, &outl);
928 * CCM does not support streaming. For the purpose of performance measurement,
929 * each message is encrypted using the same (key,iv)-pair. Do not use this
930 * code in your application.
932 static int EVP_Update_loop_ccm(void *args)
934 loopargs_t *tempargs = *(loopargs_t **) args;
935 unsigned char *buf = tempargs->buf;
936 EVP_CIPHER_CTX *ctx = tempargs->ctx;
938 unsigned char tag[12];
940 int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
943 for (count = 0; COND(nb_iter); count++) {
944 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), tag);
946 EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
947 /* counter is reset on every update */
948 EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
951 for (count = 0; COND(nb_iter); count++) {
952 /* restore iv length field */
953 EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]);
954 /* counter is reset on every update */
955 EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
959 EVP_DecryptFinal_ex(ctx, buf, &outl);
961 EVP_EncryptFinal_ex(ctx, buf, &outl);
966 * To make AEAD benchmarking more relevant perform TLS-like operations,
967 * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
968 * payload length is not actually limited by 16KB...
970 static int EVP_Update_loop_aead(void *args)
972 loopargs_t *tempargs = *(loopargs_t **) args;
973 unsigned char *buf = tempargs->buf;
974 EVP_CIPHER_CTX *ctx = tempargs->ctx;
976 unsigned char aad[13] = { 0xcc };
977 unsigned char faketag[16] = { 0xcc };
979 int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
982 for (count = 0; COND(nb_iter); count++) {
983 EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
984 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
985 sizeof(faketag), faketag);
986 EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
987 EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
988 EVP_DecryptFinal_ex(ctx, buf + outl, &outl);
991 for (count = 0; COND(nb_iter); count++) {
992 EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv);
993 EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
994 EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
995 EVP_EncryptFinal_ex(ctx, buf + outl, &outl);
1001 static const EVP_MD *evp_md = NULL;
1002 static int EVP_Digest_loop(void *args)
1004 loopargs_t *tempargs = *(loopargs_t **) args;
1005 unsigned char *buf = tempargs->buf;
1006 unsigned char md[EVP_MAX_MD_SIZE];
1009 int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
1012 for (count = 0; COND(nb_iter); count++) {
1013 if (!EVP_Digest(buf, lengths[testnum], md, NULL, evp_md, NULL))
1019 #ifndef OPENSSL_NO_RSA
1020 static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
1022 static int RSA_sign_loop(void *args)
1024 loopargs_t *tempargs = *(loopargs_t **) args;
1025 unsigned char *buf = tempargs->buf;
1026 unsigned char *buf2 = tempargs->buf2;
1027 unsigned int *rsa_num = &tempargs->siglen;
1028 RSA **rsa_key = tempargs->rsa_key;
1030 for (count = 0; COND(rsa_c[testnum][0]); count++) {
1031 ret = RSA_sign(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]);
1033 BIO_printf(bio_err, "RSA sign failure\n");
1034 ERR_print_errors(bio_err);
1042 static int RSA_verify_loop(void *args)
1044 loopargs_t *tempargs = *(loopargs_t **) args;
1045 unsigned char *buf = tempargs->buf;
1046 unsigned char *buf2 = tempargs->buf2;
1047 unsigned int rsa_num = tempargs->siglen;
1048 RSA **rsa_key = tempargs->rsa_key;
1050 for (count = 0; COND(rsa_c[testnum][1]); count++) {
1052 RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]);
1054 BIO_printf(bio_err, "RSA verify failure\n");
1055 ERR_print_errors(bio_err);
1064 #ifndef OPENSSL_NO_DSA
1065 static long dsa_c[DSA_NUM][2];
1066 static int DSA_sign_loop(void *args)
1068 loopargs_t *tempargs = *(loopargs_t **) args;
1069 unsigned char *buf = tempargs->buf;
1070 unsigned char *buf2 = tempargs->buf2;
1071 DSA **dsa_key = tempargs->dsa_key;
1072 unsigned int *siglen = &tempargs->siglen;
1074 for (count = 0; COND(dsa_c[testnum][0]); count++) {
1075 ret = DSA_sign(0, buf, 20, buf2, siglen, dsa_key[testnum]);
1077 BIO_printf(bio_err, "DSA sign failure\n");
1078 ERR_print_errors(bio_err);
1086 static int DSA_verify_loop(void *args)
1088 loopargs_t *tempargs = *(loopargs_t **) args;
1089 unsigned char *buf = tempargs->buf;
1090 unsigned char *buf2 = tempargs->buf2;
1091 DSA **dsa_key = tempargs->dsa_key;
1092 unsigned int siglen = tempargs->siglen;
1094 for (count = 0; COND(dsa_c[testnum][1]); count++) {
1095 ret = DSA_verify(0, buf, 20, buf2, siglen, dsa_key[testnum]);
1097 BIO_printf(bio_err, "DSA verify failure\n");
1098 ERR_print_errors(bio_err);
1107 #ifndef OPENSSL_NO_EC
1108 static long ecdsa_c[ECDSA_NUM][2];
1109 static int ECDSA_sign_loop(void *args)
1111 loopargs_t *tempargs = *(loopargs_t **) args;
1112 unsigned char *buf = tempargs->buf;
1113 EC_KEY **ecdsa = tempargs->ecdsa;
1114 unsigned char *ecdsasig = tempargs->buf2;
1115 unsigned int *ecdsasiglen = &tempargs->siglen;
1117 for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
1118 ret = ECDSA_sign(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]);
1120 BIO_printf(bio_err, "ECDSA sign failure\n");
1121 ERR_print_errors(bio_err);
1129 static int ECDSA_verify_loop(void *args)
1131 loopargs_t *tempargs = *(loopargs_t **) args;
1132 unsigned char *buf = tempargs->buf;
1133 EC_KEY **ecdsa = tempargs->ecdsa;
1134 unsigned char *ecdsasig = tempargs->buf2;
1135 unsigned int ecdsasiglen = tempargs->siglen;
1137 for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
1138 ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]);
1140 BIO_printf(bio_err, "ECDSA verify failure\n");
1141 ERR_print_errors(bio_err);
1149 /* ******************************************************************** */
1150 static long ecdh_c[EC_NUM][1];
1152 static int ECDH_EVP_derive_key_loop(void *args)
1154 loopargs_t *tempargs = *(loopargs_t **) args;
1155 EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum];
1156 unsigned char *derived_secret = tempargs->secret_a;
1158 size_t *outlen = &(tempargs->outlen[testnum]);
1160 for (count = 0; COND(ecdh_c[testnum][0]); count++)
1161 EVP_PKEY_derive(ctx, derived_secret, outlen);
1166 #endif /* OPENSSL_NO_EC */
1168 static int run_benchmark(int async_jobs,
1169 int (*loop_function) (void *), loopargs_t * loopargs)
1171 int job_op_count = 0;
1172 int total_op_count = 0;
1173 int num_inprogress = 0;
1174 int error = 0, i = 0, ret = 0;
1175 OSSL_ASYNC_FD job_fd = 0;
1176 size_t num_job_fds = 0;
1180 if (async_jobs == 0) {
1181 return loop_function((void *)&loopargs);
1184 for (i = 0; i < async_jobs && !error; i++) {
1185 loopargs_t *looparg_item = loopargs + i;
1187 /* Copy pointer content (looparg_t item address) into async context */
1188 ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
1189 &job_op_count, loop_function,
1190 (void *)&looparg_item, sizeof(looparg_item));
1196 if (job_op_count == -1) {
1199 total_op_count += job_op_count;
1204 BIO_printf(bio_err, "Failure in the job\n");
1205 ERR_print_errors(bio_err);
1211 while (num_inprogress > 0) {
1212 #if defined(OPENSSL_SYS_WINDOWS)
1214 #elif defined(OPENSSL_SYS_UNIX)
1215 int select_result = 0;
1216 OSSL_ASYNC_FD max_fd = 0;
1219 FD_ZERO(&waitfdset);
1221 for (i = 0; i < async_jobs && num_inprogress > 0; i++) {
1222 if (loopargs[i].inprogress_job == NULL)
1225 if (!ASYNC_WAIT_CTX_get_all_fds
1226 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1227 || num_job_fds > 1) {
1228 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1229 ERR_print_errors(bio_err);
1233 ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1235 FD_SET(job_fd, &waitfdset);
1236 if (job_fd > max_fd)
1240 if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
1242 "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
1243 "Decrease the value of async_jobs\n",
1244 max_fd, FD_SETSIZE);
1245 ERR_print_errors(bio_err);
1250 select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL);
1251 if (select_result == -1 && errno == EINTR)
1254 if (select_result == -1) {
1255 BIO_printf(bio_err, "Failure in the select\n");
1256 ERR_print_errors(bio_err);
1261 if (select_result == 0)
1265 for (i = 0; i < async_jobs; i++) {
1266 if (loopargs[i].inprogress_job == NULL)
1269 if (!ASYNC_WAIT_CTX_get_all_fds
1270 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1271 || num_job_fds > 1) {
1272 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1273 ERR_print_errors(bio_err);
1277 ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1280 #if defined(OPENSSL_SYS_UNIX)
1281 if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
1283 #elif defined(OPENSSL_SYS_WINDOWS)
1284 if (num_job_fds == 1
1285 && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
1290 ret = ASYNC_start_job(&loopargs[i].inprogress_job,
1291 loopargs[i].wait_ctx, &job_op_count,
1292 loop_function, (void *)(loopargs + i),
1293 sizeof(loopargs_t));
1298 if (job_op_count == -1) {
1301 total_op_count += job_op_count;
1304 loopargs[i].inprogress_job = NULL;
1309 loopargs[i].inprogress_job = NULL;
1310 BIO_printf(bio_err, "Failure in the job\n");
1311 ERR_print_errors(bio_err);
1318 return error ? -1 : total_op_count;
1321 int speed_main(int argc, char **argv)
1324 loopargs_t *loopargs = NULL;
1326 const char *engine_id = NULL;
1327 const EVP_CIPHER *evp_cipher = NULL;
1330 int async_init = 0, multiblock = 0, pr_header = 0;
1331 int doit[ALGOR_NUM] = { 0 };
1332 int ret = 1, misalign = 0, lengths_single = 0, aead = 0;
1334 unsigned int size_num = OSSL_NELEM(lengths_list);
1335 unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0;
1341 #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \
1342 || !defined(OPENSSL_NO_EC)
1345 openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
1346 ECDSA_SECONDS, ECDH_SECONDS };
1348 /* What follows are the buffers and key material. */
1349 #ifndef OPENSSL_NO_RC5
1352 #ifndef OPENSSL_NO_RC2
1355 #ifndef OPENSSL_NO_IDEA
1356 IDEA_KEY_SCHEDULE idea_ks;
1358 #ifndef OPENSSL_NO_SEED
1359 SEED_KEY_SCHEDULE seed_ks;
1361 #ifndef OPENSSL_NO_BF
1364 #ifndef OPENSSL_NO_CAST
1367 static const unsigned char key16[16] = {
1368 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1369 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
1371 static const unsigned char key24[24] = {
1372 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1373 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1374 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
1376 static const unsigned char key32[32] = {
1377 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1378 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1379 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
1380 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
1382 #ifndef OPENSSL_NO_CAMELLIA
1383 static const unsigned char ckey24[24] = {
1384 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1385 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1386 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
1388 static const unsigned char ckey32[32] = {
1389 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1390 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1391 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
1392 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
1394 CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
1396 #ifndef OPENSSL_NO_DES
1397 static DES_cblock key = {
1398 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0
1400 static DES_cblock key2 = {
1401 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
1403 static DES_cblock key3 = {
1404 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
1407 #ifndef OPENSSL_NO_RSA
1408 static const unsigned int rsa_bits[RSA_NUM] = {
1409 512, 1024, 2048, 3072, 4096, 7680, 15360
1411 static const unsigned char *rsa_data[RSA_NUM] = {
1412 test512, test1024, test2048, test3072, test4096, test7680, test15360
1414 static const int rsa_data_length[RSA_NUM] = {
1415 sizeof(test512), sizeof(test1024),
1416 sizeof(test2048), sizeof(test3072),
1417 sizeof(test4096), sizeof(test7680),
1420 int rsa_doit[RSA_NUM] = { 0 };
1421 int primes = RSA_DEFAULT_PRIME_NUM;
1423 #ifndef OPENSSL_NO_DSA
1424 static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
1425 int dsa_doit[DSA_NUM] = { 0 };
1427 #ifndef OPENSSL_NO_EC
1429 * We only test over the following curves as they are representative, To
1430 * add tests over more curves, simply add the curve NID and curve name to
1431 * the following arrays and increase the |ecdh_choices| list accordingly.
1433 static const struct {
1439 {"secp160r1", NID_secp160r1, 160},
1440 {"nistp192", NID_X9_62_prime192v1, 192},
1441 {"nistp224", NID_secp224r1, 224},
1442 {"nistp256", NID_X9_62_prime256v1, 256},
1443 {"nistp384", NID_secp384r1, 384},
1444 {"nistp521", NID_secp521r1, 521},
1446 {"nistk163", NID_sect163k1, 163},
1447 {"nistk233", NID_sect233k1, 233},
1448 {"nistk283", NID_sect283k1, 283},
1449 {"nistk409", NID_sect409k1, 409},
1450 {"nistk571", NID_sect571k1, 571},
1451 {"nistb163", NID_sect163r2, 163},
1452 {"nistb233", NID_sect233r1, 233},
1453 {"nistb283", NID_sect283r1, 283},
1454 {"nistb409", NID_sect409r1, 409},
1455 {"nistb571", NID_sect571r1, 571},
1456 {"brainpoolP256r1", NID_brainpoolP256r1, 256},
1457 {"brainpoolP256t1", NID_brainpoolP256t1, 256},
1458 {"brainpoolP384r1", NID_brainpoolP384r1, 384},
1459 {"brainpoolP384t1", NID_brainpoolP384t1, 384},
1460 {"brainpoolP512r1", NID_brainpoolP512r1, 512},
1461 {"brainpoolP512t1", NID_brainpoolP512t1, 512},
1462 /* Other and ECDH only ones */
1463 {"X25519", NID_X25519, 253},
1464 {"X448", NID_X448, 448}
1466 int ecdsa_doit[ECDSA_NUM] = { 0 };
1467 int ecdh_doit[EC_NUM] = { 0 };
1468 OPENSSL_assert(OSSL_NELEM(test_curves) >= EC_NUM);
1469 #endif /* ndef OPENSSL_NO_EC */
1471 prog = opt_init(argc, argv, speed_options);
1472 while ((o = opt_next()) != OPT_EOF) {
1477 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
1480 opt_help(speed_options);
1488 evp_cipher = EVP_get_cipherbyname(opt_arg());
1489 if (evp_cipher == NULL)
1490 evp_md = EVP_get_digestbyname(opt_arg());
1491 if (evp_cipher == NULL && evp_md == NULL) {
1493 "%s: %s is an unknown cipher or digest\n",
1504 * In a forked execution, an engine might need to be
1505 * initialised by each child process, not by the parent.
1506 * So store the name here and run setup_engine() later on.
1508 engine_id = opt_arg();
1512 multi = atoi(opt_arg());
1516 #ifndef OPENSSL_NO_ASYNC
1517 async_jobs = atoi(opt_arg());
1518 if (!ASYNC_is_capable()) {
1520 "%s: async_jobs specified but async not supported\n",
1524 if (async_jobs > 99999) {
1525 BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
1531 if (!opt_int(opt_arg(), &misalign))
1533 if (misalign > MISALIGN) {
1535 "%s: Maximum offset is %d\n", prog, MISALIGN);
1544 #ifdef OPENSSL_NO_MULTIBLOCK
1546 "%s: -mb specified but multi-block support is disabled\n",
1556 if (!opt_int(opt_arg(), &primes))
1560 seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
1561 = seconds.ecdh = atoi(opt_arg());
1564 lengths_single = atoi(opt_arg());
1565 lengths = &lengths_single;
1573 argc = opt_num_rest();
1576 /* Remaining arguments are algorithms. */
1577 for (; *argv; argv++) {
1578 if (found(*argv, doit_choices, &i)) {
1582 #ifndef OPENSSL_NO_DES
1583 if (strcmp(*argv, "des") == 0) {
1584 doit[D_CBC_DES] = doit[D_EDE3_DES] = 1;
1588 if (strcmp(*argv, "sha") == 0) {
1589 doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
1592 #ifndef OPENSSL_NO_RSA
1593 if (strcmp(*argv, "openssl") == 0)
1595 if (strcmp(*argv, "rsa") == 0) {
1596 for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++)
1600 if (found(*argv, rsa_choices, &i)) {
1605 #ifndef OPENSSL_NO_DSA
1606 if (strcmp(*argv, "dsa") == 0) {
1607 dsa_doit[R_DSA_512] = dsa_doit[R_DSA_1024] =
1608 dsa_doit[R_DSA_2048] = 1;
1611 if (found(*argv, dsa_choices, &i)) {
1616 if (strcmp(*argv, "aes") == 0) {
1617 doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1;
1620 #ifndef OPENSSL_NO_CAMELLIA
1621 if (strcmp(*argv, "camellia") == 0) {
1622 doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
1626 #ifndef OPENSSL_NO_EC
1627 if (strcmp(*argv, "ecdsa") == 0) {
1628 for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
1629 ecdsa_doit[loop] = 1;
1632 if (found(*argv, ecdsa_choices, &i)) {
1636 if (strcmp(*argv, "ecdh") == 0) {
1637 for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
1638 ecdh_doit[loop] = 1;
1641 if (found(*argv, ecdh_choices, &i)) {
1646 BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, *argv);
1652 if (evp_cipher == NULL) {
1653 BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
1655 } else if (!(EVP_CIPHER_flags(evp_cipher) &
1656 EVP_CIPH_FLAG_AEAD_CIPHER)) {
1657 BIO_printf(bio_err, "%s is not an AEAD cipher\n",
1658 OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
1663 if (evp_cipher == NULL) {
1664 BIO_printf(bio_err,"-mb can be used only with a multi-block"
1665 " capable cipher\n");
1667 } else if (!(EVP_CIPHER_flags(evp_cipher) &
1668 EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
1669 BIO_printf(bio_err, "%s is not a multi-block capable\n",
1670 OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
1672 } else if (async_jobs > 0) {
1673 BIO_printf(bio_err, "Async mode is not supported with -mb");
1678 /* Initialize the job pool if async mode is enabled */
1679 if (async_jobs > 0) {
1680 async_init = ASYNC_init_thread(async_jobs, async_jobs);
1682 BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
1687 loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
1689 app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
1690 memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
1692 for (i = 0; i < loopargs_len; i++) {
1693 if (async_jobs > 0) {
1694 loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new();
1695 if (loopargs[i].wait_ctx == NULL) {
1696 BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n");
1701 buflen = lengths[size_num - 1];
1702 if (buflen < 36) /* size of random vector in RSA bencmark */
1704 buflen += MAX_MISALIGNMENT + 1;
1705 loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
1706 loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
1707 memset(loopargs[i].buf_malloc, 0, buflen);
1708 memset(loopargs[i].buf2_malloc, 0, buflen);
1710 /* Align the start of buffers on a 64 byte boundary */
1711 loopargs[i].buf = loopargs[i].buf_malloc + misalign;
1712 loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
1713 #ifndef OPENSSL_NO_EC
1714 loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
1715 loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
1720 if (multi && do_multi(multi, size_num))
1724 /* Initialize the engine after the fork */
1725 e = setup_engine(engine_id, 0);
1727 /* No parameters; turn on everything. */
1728 if ((argc == 0) && !doit[D_EVP]) {
1729 for (i = 0; i < ALGOR_NUM; i++)
1732 #ifndef OPENSSL_NO_RSA
1733 for (i = 0; i < RSA_NUM; i++)
1736 #ifndef OPENSSL_NO_DSA
1737 for (i = 0; i < DSA_NUM; i++)
1740 #ifndef OPENSSL_NO_EC
1741 for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
1742 ecdsa_doit[loop] = 1;
1743 for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
1744 ecdh_doit[loop] = 1;
1747 for (i = 0; i < ALGOR_NUM; i++)
1751 if (usertime == 0 && !mr)
1753 "You have chosen to measure elapsed time "
1754 "instead of user CPU time.\n");
1756 #ifndef OPENSSL_NO_RSA
1757 for (i = 0; i < loopargs_len; i++) {
1758 if (primes > RSA_DEFAULT_PRIME_NUM) {
1759 /* for multi-prime RSA, skip this */
1762 for (k = 0; k < RSA_NUM; k++) {
1763 const unsigned char *p;
1766 loopargs[i].rsa_key[k] =
1767 d2i_RSAPrivateKey(NULL, &p, rsa_data_length[k]);
1768 if (loopargs[i].rsa_key[k] == NULL) {
1770 "internal error loading RSA key number %d\n", k);
1776 #ifndef OPENSSL_NO_DSA
1777 for (i = 0; i < loopargs_len; i++) {
1778 loopargs[i].dsa_key[0] = get_dsa(512);
1779 loopargs[i].dsa_key[1] = get_dsa(1024);
1780 loopargs[i].dsa_key[2] = get_dsa(2048);
1783 #ifndef OPENSSL_NO_DES
1784 DES_set_key_unchecked(&key, &sch);
1785 DES_set_key_unchecked(&key2, &sch2);
1786 DES_set_key_unchecked(&key3, &sch3);
1788 AES_set_encrypt_key(key16, 128, &aes_ks1);
1789 AES_set_encrypt_key(key24, 192, &aes_ks2);
1790 AES_set_encrypt_key(key32, 256, &aes_ks3);
1791 #ifndef OPENSSL_NO_CAMELLIA
1792 Camellia_set_key(key16, 128, &camellia_ks1);
1793 Camellia_set_key(ckey24, 192, &camellia_ks2);
1794 Camellia_set_key(ckey32, 256, &camellia_ks3);
1796 #ifndef OPENSSL_NO_IDEA
1797 IDEA_set_encrypt_key(key16, &idea_ks);
1799 #ifndef OPENSSL_NO_SEED
1800 SEED_set_key(key16, &seed_ks);
1802 #ifndef OPENSSL_NO_RC4
1803 RC4_set_key(&rc4_ks, 16, key16);
1805 #ifndef OPENSSL_NO_RC2
1806 RC2_set_key(&rc2_ks, 16, key16, 128);
1808 #ifndef OPENSSL_NO_RC5
1809 RC5_32_set_key(&rc5_ks, 16, key16, 12);
1811 #ifndef OPENSSL_NO_BF
1812 BF_set_key(&bf_ks, 16, key16);
1814 #ifndef OPENSSL_NO_CAST
1815 CAST_set_key(&cast_ks, 16, key16);
1818 # ifndef OPENSSL_NO_DES
1819 BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
1825 for (it = count; it; it--)
1826 DES_ecb_encrypt((DES_cblock *)loopargs[0].buf,
1827 (DES_cblock *)loopargs[0].buf, &sch, DES_ENCRYPT);
1831 c[D_MD2][0] = count / 10;
1832 c[D_MDC2][0] = count / 10;
1833 c[D_MD4][0] = count;
1834 c[D_MD5][0] = count;
1835 c[D_HMAC][0] = count;
1836 c[D_SHA1][0] = count;
1837 c[D_RMD160][0] = count;
1838 c[D_RC4][0] = count * 5;
1839 c[D_CBC_DES][0] = count;
1840 c[D_EDE3_DES][0] = count / 3;
1841 c[D_CBC_IDEA][0] = count;
1842 c[D_CBC_SEED][0] = count;
1843 c[D_CBC_RC2][0] = count;
1844 c[D_CBC_RC5][0] = count;
1845 c[D_CBC_BF][0] = count;
1846 c[D_CBC_CAST][0] = count;
1847 c[D_CBC_128_AES][0] = count;
1848 c[D_CBC_192_AES][0] = count;
1849 c[D_CBC_256_AES][0] = count;
1850 c[D_CBC_128_CML][0] = count;
1851 c[D_CBC_192_CML][0] = count;
1852 c[D_CBC_256_CML][0] = count;
1853 c[D_SHA256][0] = count;
1854 c[D_SHA512][0] = count;
1855 c[D_WHIRLPOOL][0] = count;
1856 c[D_IGE_128_AES][0] = count;
1857 c[D_IGE_192_AES][0] = count;
1858 c[D_IGE_256_AES][0] = count;
1859 c[D_GHASH][0] = count;
1860 c[D_RAND][0] = count;
1862 for (i = 1; i < size_num; i++) {
1865 l0 = (long)lengths[0];
1866 l1 = (long)lengths[i];
1868 c[D_MD2][i] = c[D_MD2][0] * 4 * l0 / l1;
1869 c[D_MDC2][i] = c[D_MDC2][0] * 4 * l0 / l1;
1870 c[D_MD4][i] = c[D_MD4][0] * 4 * l0 / l1;
1871 c[D_MD5][i] = c[D_MD5][0] * 4 * l0 / l1;
1872 c[D_HMAC][i] = c[D_HMAC][0] * 4 * l0 / l1;
1873 c[D_SHA1][i] = c[D_SHA1][0] * 4 * l0 / l1;
1874 c[D_RMD160][i] = c[D_RMD160][0] * 4 * l0 / l1;
1875 c[D_SHA256][i] = c[D_SHA256][0] * 4 * l0 / l1;
1876 c[D_SHA512][i] = c[D_SHA512][0] * 4 * l0 / l1;
1877 c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * l0 / l1;
1878 c[D_GHASH][i] = c[D_GHASH][0] * 4 * l0 / l1;
1879 c[D_RAND][i] = c[D_RAND][0] * 4 * l0 / l1;
1881 l0 = (long)lengths[i - 1];
1883 c[D_RC4][i] = c[D_RC4][i - 1] * l0 / l1;
1884 c[D_CBC_DES][i] = c[D_CBC_DES][i - 1] * l0 / l1;
1885 c[D_EDE3_DES][i] = c[D_EDE3_DES][i - 1] * l0 / l1;
1886 c[D_CBC_IDEA][i] = c[D_CBC_IDEA][i - 1] * l0 / l1;
1887 c[D_CBC_SEED][i] = c[D_CBC_SEED][i - 1] * l0 / l1;
1888 c[D_CBC_RC2][i] = c[D_CBC_RC2][i - 1] * l0 / l1;
1889 c[D_CBC_RC5][i] = c[D_CBC_RC5][i - 1] * l0 / l1;
1890 c[D_CBC_BF][i] = c[D_CBC_BF][i - 1] * l0 / l1;
1891 c[D_CBC_CAST][i] = c[D_CBC_CAST][i - 1] * l0 / l1;
1892 c[D_CBC_128_AES][i] = c[D_CBC_128_AES][i - 1] * l0 / l1;
1893 c[D_CBC_192_AES][i] = c[D_CBC_192_AES][i - 1] * l0 / l1;
1894 c[D_CBC_256_AES][i] = c[D_CBC_256_AES][i - 1] * l0 / l1;
1895 c[D_CBC_128_CML][i] = c[D_CBC_128_CML][i - 1] * l0 / l1;
1896 c[D_CBC_192_CML][i] = c[D_CBC_192_CML][i - 1] * l0 / l1;
1897 c[D_CBC_256_CML][i] = c[D_CBC_256_CML][i - 1] * l0 / l1;
1898 c[D_IGE_128_AES][i] = c[D_IGE_128_AES][i - 1] * l0 / l1;
1899 c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1;
1900 c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
1903 # ifndef OPENSSL_NO_RSA
1904 rsa_c[R_RSA_512][0] = count / 2000;
1905 rsa_c[R_RSA_512][1] = count / 400;
1906 for (i = 1; i < RSA_NUM; i++) {
1907 rsa_c[i][0] = rsa_c[i - 1][0] / 8;
1908 rsa_c[i][1] = rsa_c[i - 1][1] / 4;
1909 if (rsa_doit[i] <= 1 && rsa_c[i][0] == 0)
1912 if (rsa_c[i][0] == 0) {
1913 rsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
1920 # ifndef OPENSSL_NO_DSA
1921 dsa_c[R_DSA_512][0] = count / 1000;
1922 dsa_c[R_DSA_512][1] = count / 1000 / 2;
1923 for (i = 1; i < DSA_NUM; i++) {
1924 dsa_c[i][0] = dsa_c[i - 1][0] / 4;
1925 dsa_c[i][1] = dsa_c[i - 1][1] / 4;
1926 if (dsa_doit[i] <= 1 && dsa_c[i][0] == 0)
1929 if (dsa_c[i][0] == 0) {
1930 dsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
1937 # ifndef OPENSSL_NO_EC
1938 ecdsa_c[R_EC_P160][0] = count / 1000;
1939 ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
1940 for (i = R_EC_P192; i <= R_EC_P521; i++) {
1941 ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
1942 ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
1943 if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
1946 if (ecdsa_c[i][0] == 0) {
1952 ecdsa_c[R_EC_K163][0] = count / 1000;
1953 ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
1954 for (i = R_EC_K233; i <= R_EC_K571; i++) {
1955 ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
1956 ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
1957 if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
1960 if (ecdsa_c[i][0] == 0) {
1966 ecdsa_c[R_EC_B163][0] = count / 1000;
1967 ecdsa_c[R_EC_B163][1] = count / 1000 / 2;
1968 for (i = R_EC_B233; i <= R_EC_B571; i++) {
1969 ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
1970 ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
1971 if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
1974 if (ecdsa_c[i][0] == 0) {
1981 ecdh_c[R_EC_P160][0] = count / 1000;
1982 for (i = R_EC_P192; i <= R_EC_P521; i++) {
1983 ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
1984 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
1987 if (ecdh_c[i][0] == 0) {
1992 ecdh_c[R_EC_K163][0] = count / 1000;
1993 for (i = R_EC_K233; i <= R_EC_K571; i++) {
1994 ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
1995 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
1998 if (ecdh_c[i][0] == 0) {
2003 ecdh_c[R_EC_B163][0] = count / 1000;
2004 for (i = R_EC_B233; i <= R_EC_B571; i++) {
2005 ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
2006 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
2009 if (ecdh_c[i][0] == 0) {
2014 /* repeated code good to factorize */
2015 ecdh_c[R_EC_BRP256R1][0] = count / 1000;
2016 for (i = R_EC_BRP384R1; i <= R_EC_BRP512R1; i += 2) {
2017 ecdh_c[i][0] = ecdh_c[i - 2][0] / 2;
2018 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
2021 if (ecdh_c[i][0] == 0) {
2026 ecdh_c[R_EC_BRP256T1][0] = count / 1000;
2027 for (i = R_EC_BRP384T1; i <= R_EC_BRP512T1; i += 2) {
2028 ecdh_c[i][0] = ecdh_c[i - 2][0] / 2;
2029 if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
2032 if (ecdh_c[i][0] == 0) {
2037 /* default iteration count for the last two EC Curves */
2038 ecdh_c[R_EC_X25519][0] = count / 1800;
2039 ecdh_c[R_EC_X448][0] = count / 7200;
2043 /* not worth fixing */
2044 # error "You cannot disable DES on systems without SIGALRM."
2045 # endif /* OPENSSL_NO_DES */
2047 signal(SIGALRM, alarmed);
2048 #endif /* SIGALRM */
2050 #ifndef OPENSSL_NO_MD2
2052 for (testnum = 0; testnum < size_num; testnum++) {
2053 print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum],
2056 count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
2058 print_result(D_MD2, testnum, count, d);
2062 #ifndef OPENSSL_NO_MDC2
2064 for (testnum = 0; testnum < size_num; testnum++) {
2065 print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum],
2068 count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
2070 print_result(D_MDC2, testnum, count, d);
2075 #ifndef OPENSSL_NO_MD4
2077 for (testnum = 0; testnum < size_num; testnum++) {
2078 print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum],
2081 count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
2083 print_result(D_MD4, testnum, count, d);
2088 #ifndef OPENSSL_NO_MD5
2090 for (testnum = 0; testnum < size_num; testnum++) {
2091 print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum],
2094 count = run_benchmark(async_jobs, MD5_loop, loopargs);
2096 print_result(D_MD5, testnum, count, d);
2101 static const char hmac_key[] = "This is a key...";
2102 int len = strlen(hmac_key);
2104 for (i = 0; i < loopargs_len; i++) {
2105 loopargs[i].hctx = HMAC_CTX_new();
2106 if (loopargs[i].hctx == NULL) {
2107 BIO_printf(bio_err, "HMAC malloc failure, exiting...");
2111 HMAC_Init_ex(loopargs[i].hctx, hmac_key, len, EVP_md5(), NULL);
2113 for (testnum = 0; testnum < size_num; testnum++) {
2114 print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
2117 count = run_benchmark(async_jobs, HMAC_loop, loopargs);
2119 print_result(D_HMAC, testnum, count, d);
2121 for (i = 0; i < loopargs_len; i++) {
2122 HMAC_CTX_free(loopargs[i].hctx);
2127 for (testnum = 0; testnum < size_num; testnum++) {
2128 print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum],
2131 count = run_benchmark(async_jobs, SHA1_loop, loopargs);
2133 print_result(D_SHA1, testnum, count, d);
2136 if (doit[D_SHA256]) {
2137 for (testnum = 0; testnum < size_num; testnum++) {
2138 print_message(names[D_SHA256], c[D_SHA256][testnum],
2139 lengths[testnum], seconds.sym);
2141 count = run_benchmark(async_jobs, SHA256_loop, loopargs);
2143 print_result(D_SHA256, testnum, count, d);
2146 if (doit[D_SHA512]) {
2147 for (testnum = 0; testnum < size_num; testnum++) {
2148 print_message(names[D_SHA512], c[D_SHA512][testnum],
2149 lengths[testnum], seconds.sym);
2151 count = run_benchmark(async_jobs, SHA512_loop, loopargs);
2153 print_result(D_SHA512, testnum, count, d);
2156 #ifndef OPENSSL_NO_WHIRLPOOL
2157 if (doit[D_WHIRLPOOL]) {
2158 for (testnum = 0; testnum < size_num; testnum++) {
2159 print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum],
2160 lengths[testnum], seconds.sym);
2162 count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
2164 print_result(D_WHIRLPOOL, testnum, count, d);
2169 #ifndef OPENSSL_NO_RMD160
2170 if (doit[D_RMD160]) {
2171 for (testnum = 0; testnum < size_num; testnum++) {
2172 print_message(names[D_RMD160], c[D_RMD160][testnum],
2173 lengths[testnum], seconds.sym);
2175 count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
2177 print_result(D_RMD160, testnum, count, d);
2181 #ifndef OPENSSL_NO_RC4
2183 for (testnum = 0; testnum < size_num; testnum++) {
2184 print_message(names[D_RC4], c[D_RC4][testnum], lengths[testnum],
2187 count = run_benchmark(async_jobs, RC4_loop, loopargs);
2189 print_result(D_RC4, testnum, count, d);
2193 #ifndef OPENSSL_NO_DES
2194 if (doit[D_CBC_DES]) {
2195 for (testnum = 0; testnum < size_num; testnum++) {
2196 print_message(names[D_CBC_DES], c[D_CBC_DES][testnum],
2197 lengths[testnum], seconds.sym);
2199 count = run_benchmark(async_jobs, DES_ncbc_encrypt_loop, loopargs);
2201 print_result(D_CBC_DES, testnum, count, d);
2205 if (doit[D_EDE3_DES]) {
2206 for (testnum = 0; testnum < size_num; testnum++) {
2207 print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum],
2208 lengths[testnum], seconds.sym);
2211 run_benchmark(async_jobs, DES_ede3_cbc_encrypt_loop, loopargs);
2213 print_result(D_EDE3_DES, testnum, count, d);
2218 if (doit[D_CBC_128_AES]) {
2219 for (testnum = 0; testnum < size_num; testnum++) {
2220 print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][testnum],
2221 lengths[testnum], seconds.sym);
2224 run_benchmark(async_jobs, AES_cbc_128_encrypt_loop, loopargs);
2226 print_result(D_CBC_128_AES, testnum, count, d);
2229 if (doit[D_CBC_192_AES]) {
2230 for (testnum = 0; testnum < size_num; testnum++) {
2231 print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][testnum],
2232 lengths[testnum], seconds.sym);
2235 run_benchmark(async_jobs, AES_cbc_192_encrypt_loop, loopargs);
2237 print_result(D_CBC_192_AES, testnum, count, d);
2240 if (doit[D_CBC_256_AES]) {
2241 for (testnum = 0; testnum < size_num; testnum++) {
2242 print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][testnum],
2243 lengths[testnum], seconds.sym);
2246 run_benchmark(async_jobs, AES_cbc_256_encrypt_loop, loopargs);
2248 print_result(D_CBC_256_AES, testnum, count, d);
2252 if (doit[D_IGE_128_AES]) {
2253 for (testnum = 0; testnum < size_num; testnum++) {
2254 print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][testnum],
2255 lengths[testnum], seconds.sym);
2258 run_benchmark(async_jobs, AES_ige_128_encrypt_loop, loopargs);
2260 print_result(D_IGE_128_AES, testnum, count, d);
2263 if (doit[D_IGE_192_AES]) {
2264 for (testnum = 0; testnum < size_num; testnum++) {
2265 print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][testnum],
2266 lengths[testnum], seconds.sym);
2269 run_benchmark(async_jobs, AES_ige_192_encrypt_loop, loopargs);
2271 print_result(D_IGE_192_AES, testnum, count, d);
2274 if (doit[D_IGE_256_AES]) {
2275 for (testnum = 0; testnum < size_num; testnum++) {
2276 print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][testnum],
2277 lengths[testnum], seconds.sym);
2280 run_benchmark(async_jobs, AES_ige_256_encrypt_loop, loopargs);
2282 print_result(D_IGE_256_AES, testnum, count, d);
2285 if (doit[D_GHASH]) {
2286 for (i = 0; i < loopargs_len; i++) {
2287 loopargs[i].gcm_ctx =
2288 CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt);
2289 CRYPTO_gcm128_setiv(loopargs[i].gcm_ctx,
2290 (unsigned char *)"0123456789ab", 12);
2293 for (testnum = 0; testnum < size_num; testnum++) {
2294 print_message(names[D_GHASH], c[D_GHASH][testnum],
2295 lengths[testnum], seconds.sym);
2297 count = run_benchmark(async_jobs, CRYPTO_gcm128_aad_loop, loopargs);
2299 print_result(D_GHASH, testnum, count, d);
2301 for (i = 0; i < loopargs_len; i++)
2302 CRYPTO_gcm128_release(loopargs[i].gcm_ctx);
2304 #ifndef OPENSSL_NO_CAMELLIA
2305 if (doit[D_CBC_128_CML]) {
2306 if (async_jobs > 0) {
2307 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2308 names[D_CBC_128_CML]);
2309 doit[D_CBC_128_CML] = 0;
2311 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2312 print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum],
2313 lengths[testnum], seconds.sym);
2315 for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++)
2316 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2317 (size_t)lengths[testnum], &camellia_ks1,
2318 iv, CAMELLIA_ENCRYPT);
2320 print_result(D_CBC_128_CML, testnum, count, d);
2323 if (doit[D_CBC_192_CML]) {
2324 if (async_jobs > 0) {
2325 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2326 names[D_CBC_192_CML]);
2327 doit[D_CBC_192_CML] = 0;
2329 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2330 print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][testnum],
2331 lengths[testnum], seconds.sym);
2332 if (async_jobs > 0) {
2333 BIO_printf(bio_err, "Async mode is not supported, exiting...");
2337 for (count = 0, run = 1; COND(c[D_CBC_192_CML][testnum]); count++)
2338 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2339 (size_t)lengths[testnum], &camellia_ks2,
2340 iv, CAMELLIA_ENCRYPT);
2342 print_result(D_CBC_192_CML, testnum, count, d);
2345 if (doit[D_CBC_256_CML]) {
2346 if (async_jobs > 0) {
2347 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2348 names[D_CBC_256_CML]);
2349 doit[D_CBC_256_CML] = 0;
2351 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2352 print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum],
2353 lengths[testnum], seconds.sym);
2355 for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++)
2356 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2357 (size_t)lengths[testnum], &camellia_ks3,
2358 iv, CAMELLIA_ENCRYPT);
2360 print_result(D_CBC_256_CML, testnum, count, d);
2364 #ifndef OPENSSL_NO_IDEA
2365 if (doit[D_CBC_IDEA]) {
2366 if (async_jobs > 0) {
2367 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2369 doit[D_CBC_IDEA] = 0;
2371 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2372 print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum],
2373 lengths[testnum], seconds.sym);
2375 for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++)
2376 IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2377 (size_t)lengths[testnum], &idea_ks,
2380 print_result(D_CBC_IDEA, testnum, count, d);
2384 #ifndef OPENSSL_NO_SEED
2385 if (doit[D_CBC_SEED]) {
2386 if (async_jobs > 0) {
2387 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2389 doit[D_CBC_SEED] = 0;
2391 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2392 print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum],
2393 lengths[testnum], seconds.sym);
2395 for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++)
2396 SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2397 (size_t)lengths[testnum], &seed_ks, iv, 1);
2399 print_result(D_CBC_SEED, testnum, count, d);
2403 #ifndef OPENSSL_NO_RC2
2404 if (doit[D_CBC_RC2]) {
2405 if (async_jobs > 0) {
2406 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2408 doit[D_CBC_RC2] = 0;
2410 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2411 print_message(names[D_CBC_RC2], c[D_CBC_RC2][testnum],
2412 lengths[testnum], seconds.sym);
2413 if (async_jobs > 0) {
2414 BIO_printf(bio_err, "Async mode is not supported, exiting...");
2418 for (count = 0, run = 1; COND(c[D_CBC_RC2][testnum]); count++)
2419 RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2420 (size_t)lengths[testnum], &rc2_ks,
2423 print_result(D_CBC_RC2, testnum, count, d);
2427 #ifndef OPENSSL_NO_RC5
2428 if (doit[D_CBC_RC5]) {
2429 if (async_jobs > 0) {
2430 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2432 doit[D_CBC_RC5] = 0;
2434 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2435 print_message(names[D_CBC_RC5], c[D_CBC_RC5][testnum],
2436 lengths[testnum], seconds.sym);
2437 if (async_jobs > 0) {
2438 BIO_printf(bio_err, "Async mode is not supported, exiting...");
2442 for (count = 0, run = 1; COND(c[D_CBC_RC5][testnum]); count++)
2443 RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2444 (size_t)lengths[testnum], &rc5_ks,
2447 print_result(D_CBC_RC5, testnum, count, d);
2451 #ifndef OPENSSL_NO_BF
2452 if (doit[D_CBC_BF]) {
2453 if (async_jobs > 0) {
2454 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2458 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2459 print_message(names[D_CBC_BF], c[D_CBC_BF][testnum],
2460 lengths[testnum], seconds.sym);
2462 for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++)
2463 BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2464 (size_t)lengths[testnum], &bf_ks,
2467 print_result(D_CBC_BF, testnum, count, d);
2471 #ifndef OPENSSL_NO_CAST
2472 if (doit[D_CBC_CAST]) {
2473 if (async_jobs > 0) {
2474 BIO_printf(bio_err, "Async mode is not supported with %s\n",
2476 doit[D_CBC_CAST] = 0;
2478 for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
2479 print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum],
2480 lengths[testnum], seconds.sym);
2482 for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++)
2483 CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
2484 (size_t)lengths[testnum], &cast_ks,
2487 print_result(D_CBC_CAST, testnum, count, d);
2492 for (testnum = 0; testnum < size_num; testnum++) {
2493 print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum],
2496 count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs);
2498 print_result(D_RAND, testnum, count, d);
2503 if (evp_cipher != NULL) {
2504 int (*loopfunc)(void *args) = EVP_Update_loop;
2506 if (multiblock && (EVP_CIPHER_flags(evp_cipher) &
2507 EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
2508 multiblock_speed(evp_cipher, lengths_single, &seconds);
2513 names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
2515 if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
2516 loopfunc = EVP_Update_loop_ccm;
2517 } else if (aead && (EVP_CIPHER_flags(evp_cipher) &
2518 EVP_CIPH_FLAG_AEAD_CIPHER)) {
2519 loopfunc = EVP_Update_loop_aead;
2520 if (lengths == lengths_list) {
2521 lengths = aead_lengths_list;
2522 size_num = OSSL_NELEM(aead_lengths_list);
2526 for (testnum = 0; testnum < size_num; testnum++) {
2527 print_message(names[D_EVP], save_count, lengths[testnum],
2530 for (k = 0; k < loopargs_len; k++) {
2531 loopargs[k].ctx = EVP_CIPHER_CTX_new();
2532 EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, NULL,
2533 iv, decrypt ? 0 : 1);
2535 EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
2537 keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx);
2538 loopargs[k].key = app_malloc(keylen, "evp_cipher key");
2539 EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
2540 EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
2541 loopargs[k].key, NULL, -1);
2542 OPENSSL_clear_free(loopargs[k].key, keylen);
2546 count = run_benchmark(async_jobs, loopfunc, loopargs);
2548 for (k = 0; k < loopargs_len; k++) {
2549 EVP_CIPHER_CTX_free(loopargs[k].ctx);
2551 print_result(D_EVP, testnum, count, d);
2553 } else if (evp_md != NULL) {
2554 names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md));
2556 for (testnum = 0; testnum < size_num; testnum++) {
2557 print_message(names[D_EVP], save_count, lengths[testnum],
2560 count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs);
2562 print_result(D_EVP, testnum, count, d);
2567 for (i = 0; i < loopargs_len; i++)
2568 if (RAND_bytes(loopargs[i].buf, 36) <= 0)
2571 #ifndef OPENSSL_NO_RSA
2572 for (testnum = 0; testnum < RSA_NUM; testnum++) {
2574 if (!rsa_doit[testnum])
2576 for (i = 0; i < loopargs_len; i++) {
2578 /* we haven't set keys yet, generate multi-prime RSA keys */
2579 BIGNUM *bn = BN_new();
2583 if (!BN_set_word(bn, RSA_F4)) {
2588 BIO_printf(bio_err, "Generate multi-prime RSA key for %s\n",
2589 rsa_choices[testnum].name);
2591 loopargs[i].rsa_key[testnum] = RSA_new();
2592 if (loopargs[i].rsa_key[testnum] == NULL) {
2597 if (!RSA_generate_multi_prime_key(loopargs[i].rsa_key[testnum],
2599 primes, bn, NULL)) {
2605 st = RSA_sign(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
2606 &loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
2612 "RSA sign failure. No RSA sign will be done.\n");
2613 ERR_print_errors(bio_err);
2616 pkey_print_message("private", "rsa",
2617 rsa_c[testnum][0], rsa_bits[testnum],
2619 /* RSA_blinding_on(rsa_key[testnum],NULL); */
2621 count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
2624 mr ? "+R1:%ld:%d:%.2f\n"
2625 : "%ld %u bits private RSA's in %.2fs\n",
2626 count, rsa_bits[testnum], d);
2627 rsa_results[testnum][0] = (double)count / d;
2631 for (i = 0; i < loopargs_len; i++) {
2632 st = RSA_verify(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
2633 loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
2639 "RSA verify failure. No RSA verify will be done.\n");
2640 ERR_print_errors(bio_err);
2641 rsa_doit[testnum] = 0;
2643 pkey_print_message("public", "rsa",
2644 rsa_c[testnum][1], rsa_bits[testnum],
2647 count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
2650 mr ? "+R2:%ld:%d:%.2f\n"
2651 : "%ld %u bits public RSA's in %.2fs\n",
2652 count, rsa_bits[testnum], d);
2653 rsa_results[testnum][1] = (double)count / d;
2656 if (rsa_count <= 1) {
2657 /* if longer than 10s, don't do any more */
2658 for (testnum++; testnum < RSA_NUM; testnum++)
2659 rsa_doit[testnum] = 0;
2662 #endif /* OPENSSL_NO_RSA */
2664 for (i = 0; i < loopargs_len; i++)
2665 if (RAND_bytes(loopargs[i].buf, 36) <= 0)
2668 #ifndef OPENSSL_NO_DSA
2669 for (testnum = 0; testnum < DSA_NUM; testnum++) {
2671 if (!dsa_doit[testnum])
2674 /* DSA_generate_key(dsa_key[testnum]); */
2675 /* DSA_sign_setup(dsa_key[testnum],NULL); */
2676 for (i = 0; i < loopargs_len; i++) {
2677 st = DSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
2678 &loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
2684 "DSA sign failure. No DSA sign will be done.\n");
2685 ERR_print_errors(bio_err);
2688 pkey_print_message("sign", "dsa",
2689 dsa_c[testnum][0], dsa_bits[testnum],
2692 count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
2695 mr ? "+R3:%ld:%u:%.2f\n"
2696 : "%ld %u bits DSA signs in %.2fs\n",
2697 count, dsa_bits[testnum], d);
2698 dsa_results[testnum][0] = (double)count / d;
2702 for (i = 0; i < loopargs_len; i++) {
2703 st = DSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
2704 loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
2710 "DSA verify failure. No DSA verify will be done.\n");
2711 ERR_print_errors(bio_err);
2712 dsa_doit[testnum] = 0;
2714 pkey_print_message("verify", "dsa",
2715 dsa_c[testnum][1], dsa_bits[testnum],
2718 count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
2721 mr ? "+R4:%ld:%u:%.2f\n"
2722 : "%ld %u bits DSA verify in %.2fs\n",
2723 count, dsa_bits[testnum], d);
2724 dsa_results[testnum][1] = (double)count / d;
2727 if (rsa_count <= 1) {
2728 /* if longer than 10s, don't do any more */
2729 for (testnum++; testnum < DSA_NUM; testnum++)
2730 dsa_doit[testnum] = 0;
2733 #endif /* OPENSSL_NO_DSA */
2735 #ifndef OPENSSL_NO_EC
2736 for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
2739 if (!ecdsa_doit[testnum])
2740 continue; /* Ignore Curve */
2741 for (i = 0; i < loopargs_len; i++) {
2742 loopargs[i].ecdsa[testnum] =
2743 EC_KEY_new_by_curve_name(test_curves[testnum].nid);
2744 if (loopargs[i].ecdsa[testnum] == NULL) {
2750 BIO_printf(bio_err, "ECDSA failure.\n");
2751 ERR_print_errors(bio_err);
2754 for (i = 0; i < loopargs_len; i++) {
2755 EC_KEY_precompute_mult(loopargs[i].ecdsa[testnum], NULL);
2756 /* Perform ECDSA signature test */
2757 EC_KEY_generate_key(loopargs[i].ecdsa[testnum]);
2758 st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
2759 &loopargs[i].siglen,
2760 loopargs[i].ecdsa[testnum]);
2766 "ECDSA sign failure. No ECDSA sign will be done.\n");
2767 ERR_print_errors(bio_err);
2770 pkey_print_message("sign", "ecdsa",
2771 ecdsa_c[testnum][0],
2772 test_curves[testnum].bits, seconds.ecdsa);
2774 count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
2778 mr ? "+R5:%ld:%u:%.2f\n" :
2779 "%ld %u bits ECDSA signs in %.2fs \n",
2780 count, test_curves[testnum].bits, d);
2781 ecdsa_results[testnum][0] = (double)count / d;
2785 /* Perform ECDSA verification test */
2786 for (i = 0; i < loopargs_len; i++) {
2787 st = ECDSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
2789 loopargs[i].ecdsa[testnum]);
2795 "ECDSA verify failure. No ECDSA verify will be done.\n");
2796 ERR_print_errors(bio_err);
2797 ecdsa_doit[testnum] = 0;
2799 pkey_print_message("verify", "ecdsa",
2800 ecdsa_c[testnum][1],
2801 test_curves[testnum].bits, seconds.ecdsa);
2803 count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
2806 mr ? "+R6:%ld:%u:%.2f\n"
2807 : "%ld %u bits ECDSA verify in %.2fs\n",
2808 count, test_curves[testnum].bits, d);
2809 ecdsa_results[testnum][1] = (double)count / d;
2812 if (rsa_count <= 1) {
2813 /* if longer than 10s, don't do any more */
2814 for (testnum++; testnum < EC_NUM; testnum++)
2815 ecdsa_doit[testnum] = 0;
2820 for (testnum = 0; testnum < EC_NUM; testnum++) {
2821 int ecdh_checks = 1;
2823 if (!ecdh_doit[testnum])
2826 for (i = 0; i < loopargs_len; i++) {
2827 EVP_PKEY_CTX *kctx = NULL;
2828 EVP_PKEY_CTX *test_ctx = NULL;
2829 EVP_PKEY_CTX *ctx = NULL;
2830 EVP_PKEY *key_A = NULL;
2831 EVP_PKEY *key_B = NULL;
2835 /* Ensure that the error queue is empty */
2836 if (ERR_peek_error()) {
2838 "WARNING: the error queue contains previous unhandled errors.\n");
2839 ERR_print_errors(bio_err);
2842 /* Let's try to create a ctx directly from the NID: this works for
2843 * curves like Curve25519 that are not implemented through the low
2844 * level EC interface.
2845 * If this fails we try creating a EVP_PKEY_EC generic param ctx,
2846 * then we set the curve by NID before deriving the actual keygen
2847 * ctx for that specific curve. */
2848 kctx = EVP_PKEY_CTX_new_id(test_curves[testnum].nid, NULL); /* keygen ctx from NID */
2850 EVP_PKEY_CTX *pctx = NULL;
2851 EVP_PKEY *params = NULL;
2853 /* If we reach this code EVP_PKEY_CTX_new_id() failed and a
2854 * "int_ctx_new:unsupported algorithm" error was added to the
2856 * We remove it from the error queue as we are handling it. */
2857 unsigned long error = ERR_peek_error(); /* peek the latest error in the queue */
2858 if (error == ERR_peek_last_error() && /* oldest and latest errors match */
2859 /* check that the error origin matches */
2860 ERR_GET_LIB(error) == ERR_LIB_EVP &&
2861 ERR_GET_FUNC(error) == EVP_F_INT_CTX_NEW &&
2862 ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM)
2863 ERR_get_error(); /* pop error from queue */
2864 if (ERR_peek_error()) {
2866 "Unhandled error in the error queue during ECDH init.\n");
2867 ERR_print_errors(bio_err);
2872 if ( /* Create the context for parameter generation */
2873 !(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) ||
2874 /* Initialise the parameter generation */
2875 !EVP_PKEY_paramgen_init(pctx) ||
2876 /* Set the curve by NID */
2877 !EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
2880 /* Create the parameter object params */
2881 !EVP_PKEY_paramgen(pctx, ¶ms)) {
2883 BIO_printf(bio_err, "ECDH EC params init failure.\n");
2884 ERR_print_errors(bio_err);
2888 /* Create the context for the key generation */
2889 kctx = EVP_PKEY_CTX_new(params, NULL);
2891 EVP_PKEY_free(params);
2893 EVP_PKEY_CTX_free(pctx);
2896 if (kctx == NULL || /* keygen ctx is not null */
2897 !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) {
2899 BIO_printf(bio_err, "ECDH keygen failure.\n");
2900 ERR_print_errors(bio_err);
2905 if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */
2906 !EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */
2907 !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */
2908 !EVP_PKEY_derive_init(ctx) || /* init derivation ctx */
2909 !EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */
2910 !EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */
2911 outlen == 0 || /* ensure outlen is a valid size */
2912 outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) {
2914 BIO_printf(bio_err, "ECDH key generation failure.\n");
2915 ERR_print_errors(bio_err);
2920 /* Here we perform a test run, comparing the output of a*B and b*A;
2921 * we try this here and assume that further EVP_PKEY_derive calls
2922 * never fail, so we can skip checks in the actually benchmarked
2923 * code, for maximum performance. */
2924 if (!(test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) || /* test ctx from skeyB */
2925 !EVP_PKEY_derive_init(test_ctx) || /* init derivation test_ctx */
2926 !EVP_PKEY_derive_set_peer(test_ctx, key_A) || /* set peer pubkey in test_ctx */
2927 !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) || /* determine max length */
2928 !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) || /* compute a*B */
2929 !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) || /* compute b*A */
2930 test_outlen != outlen /* compare output length */ ) {
2932 BIO_printf(bio_err, "ECDH computation failure.\n");
2933 ERR_print_errors(bio_err);
2938 /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
2939 if (CRYPTO_memcmp(loopargs[i].secret_a,
2940 loopargs[i].secret_b, outlen)) {
2942 BIO_printf(bio_err, "ECDH computations don't match.\n");
2943 ERR_print_errors(bio_err);
2948 loopargs[i].ecdh_ctx[testnum] = ctx;
2949 loopargs[i].outlen[testnum] = outlen;
2951 EVP_PKEY_free(key_A);
2952 EVP_PKEY_free(key_B);
2953 EVP_PKEY_CTX_free(kctx);
2955 EVP_PKEY_CTX_free(test_ctx);
2958 if (ecdh_checks != 0) {
2959 pkey_print_message("", "ecdh",
2961 test_curves[testnum].bits, seconds.ecdh);
2964 run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
2967 mr ? "+R7:%ld:%d:%.2f\n" :
2968 "%ld %u-bits ECDH ops in %.2fs\n", count,
2969 test_curves[testnum].bits, d);
2970 ecdh_results[testnum][0] = (double)count / d;
2974 if (rsa_count <= 1) {
2975 /* if longer than 10s, don't do any more */
2976 for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++)
2977 ecdh_doit[testnum] = 0;
2980 #endif /* OPENSSL_NO_EC */
2985 printf("%s\n", OpenSSL_version(OPENSSL_VERSION));
2986 printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
2988 printf("%s ", BN_options());
2989 #ifndef OPENSSL_NO_MD2
2990 printf("%s ", MD2_options());
2992 #ifndef OPENSSL_NO_RC4
2993 printf("%s ", RC4_options());
2995 #ifndef OPENSSL_NO_DES
2996 printf("%s ", DES_options());
2998 printf("%s ", AES_options());
2999 #ifndef OPENSSL_NO_IDEA
3000 printf("%s ", IDEA_options());
3002 #ifndef OPENSSL_NO_BF
3003 printf("%s ", BF_options());
3005 printf("\n%s\n", OpenSSL_version(OPENSSL_CFLAGS));
3013 ("The 'numbers' are in 1000s of bytes per second processed.\n");
3016 for (testnum = 0; testnum < size_num; testnum++)
3017 printf(mr ? ":%d" : "%7d bytes", lengths[testnum]);
3021 for (k = 0; k < ALGOR_NUM; k++) {
3025 printf("+F:%u:%s", k, names[k]);
3027 printf("%-13s", names[k]);
3028 for (testnum = 0; testnum < size_num; testnum++) {
3029 if (results[k][testnum] > 10000 && !mr)
3030 printf(" %11.2fk", results[k][testnum] / 1e3);
3032 printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
3036 #ifndef OPENSSL_NO_RSA
3038 for (k = 0; k < RSA_NUM; k++) {
3041 if (testnum && !mr) {
3042 printf("%18ssign verify sign/s verify/s\n", " ");
3046 printf("+F2:%u:%u:%f:%f\n",
3047 k, rsa_bits[k], rsa_results[k][0], rsa_results[k][1]);
3049 printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3050 rsa_bits[k], 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1],
3051 rsa_results[k][0], rsa_results[k][1]);
3054 #ifndef OPENSSL_NO_DSA
3056 for (k = 0; k < DSA_NUM; k++) {
3059 if (testnum && !mr) {
3060 printf("%18ssign verify sign/s verify/s\n", " ");
3064 printf("+F3:%u:%u:%f:%f\n",
3065 k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
3067 printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
3068 dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
3069 dsa_results[k][0], dsa_results[k][1]);
3072 #ifndef OPENSSL_NO_EC
3074 for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
3077 if (testnum && !mr) {
3078 printf("%30ssign verify sign/s verify/s\n", " ");
3083 printf("+F4:%u:%u:%f:%f\n",
3084 k, test_curves[k].bits,
3085 ecdsa_results[k][0], ecdsa_results[k][1]);
3087 printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
3088 test_curves[k].bits, test_curves[k].name,
3089 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
3090 ecdsa_results[k][0], ecdsa_results[k][1]);
3094 for (k = 0; k < EC_NUM; k++) {
3097 if (testnum && !mr) {
3098 printf("%30sop op/s\n", " ");
3102 printf("+F5:%u:%u:%f:%f\n",
3103 k, test_curves[k].bits,
3104 ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
3107 printf("%4u bits ecdh (%s) %8.4fs %8.1f\n",
3108 test_curves[k].bits, test_curves[k].name,
3109 1.0 / ecdh_results[k][0], ecdh_results[k][0]);
3116 ERR_print_errors(bio_err);
3117 for (i = 0; i < loopargs_len; i++) {
3118 OPENSSL_free(loopargs[i].buf_malloc);
3119 OPENSSL_free(loopargs[i].buf2_malloc);
3121 #ifndef OPENSSL_NO_RSA
3122 for (k = 0; k < RSA_NUM; k++)
3123 RSA_free(loopargs[i].rsa_key[k]);
3125 #ifndef OPENSSL_NO_DSA
3126 for (k = 0; k < DSA_NUM; k++)
3127 DSA_free(loopargs[i].dsa_key[k]);
3129 #ifndef OPENSSL_NO_EC
3130 for (k = 0; k < ECDSA_NUM; k++)
3131 EC_KEY_free(loopargs[i].ecdsa[k]);
3132 for (k = 0; k < EC_NUM; k++)
3133 EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
3134 OPENSSL_free(loopargs[i].secret_a);
3135 OPENSSL_free(loopargs[i].secret_b);
3139 if (async_jobs > 0) {
3140 for (i = 0; i < loopargs_len; i++)
3141 ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
3145 ASYNC_cleanup_thread();
3147 OPENSSL_free(loopargs);
3152 static void print_message(const char *s, long num, int length, int tm)
3156 mr ? "+DT:%s:%d:%d\n"
3157 : "Doing %s for %ds on %d size blocks: ", s, tm, length);
3158 (void)BIO_flush(bio_err);
3162 mr ? "+DN:%s:%ld:%d\n"
3163 : "Doing %s %ld times on %d size blocks: ", s, num, length);
3164 (void)BIO_flush(bio_err);
3168 static void pkey_print_message(const char *str, const char *str2, long num,
3169 unsigned int bits, int tm)
3173 mr ? "+DTP:%d:%s:%s:%d\n"
3174 : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
3175 (void)BIO_flush(bio_err);
3179 mr ? "+DNP:%ld:%d:%s:%s\n"
3180 : "Doing %ld %u bits %s %s's: ", num, bits, str, str2);
3181 (void)BIO_flush(bio_err);
3185 static void print_result(int alg, int run_no, int count, double time_used)
3188 BIO_puts(bio_err, "EVP error!\n");
3192 mr ? "+R:%d:%s:%f\n"
3193 : "%d %s's in %.2fs\n", count, names[alg], time_used);
3194 results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
3198 static char *sstrsep(char **string, const char *delim)
3201 char *token = *string;
3206 memset(isdelim, 0, sizeof(isdelim));
3210 isdelim[(unsigned char)(*delim)] = 1;
3214 while (!isdelim[(unsigned char)(**string)]) {
3226 static int do_multi(int multi, int size_num)
3231 static char sep[] = ":";
3233 fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
3234 for (n = 0; n < multi; ++n) {
3235 if (pipe(fd) == -1) {
3236 BIO_printf(bio_err, "pipe failure\n");
3240 (void)BIO_flush(bio_err);
3247 if (dup(fd[1]) == -1) {
3248 BIO_printf(bio_err, "dup failed\n");
3257 printf("Forked child %d\n", n);
3260 /* for now, assume the pipe is long enough to take all the output */
3261 for (n = 0; n < multi; ++n) {
3266 f = fdopen(fds[n], "r");
3267 while (fgets(buf, sizeof(buf), f)) {
3268 p = strchr(buf, '\n');
3271 if (buf[0] != '+') {
3273 "Don't understand line '%s' from child %d\n", buf,
3277 printf("Got: %s from %d\n", buf, n);
3278 if (strncmp(buf, "+F:", 3) == 0) {
3283 alg = atoi(sstrsep(&p, sep));
3285 for (j = 0; j < size_num; ++j)
3286 results[alg][j] += atof(sstrsep(&p, sep));
3287 } else if (strncmp(buf, "+F2:", 4) == 0) {
3292 k = atoi(sstrsep(&p, sep));
3295 d = atof(sstrsep(&p, sep));
3296 rsa_results[k][0] += d;
3298 d = atof(sstrsep(&p, sep));
3299 rsa_results[k][1] += d;
3301 # ifndef OPENSSL_NO_DSA
3302 else if (strncmp(buf, "+F3:", 4) == 0) {
3307 k = atoi(sstrsep(&p, sep));
3310 d = atof(sstrsep(&p, sep));
3311 dsa_results[k][0] += d;
3313 d = atof(sstrsep(&p, sep));
3314 dsa_results[k][1] += d;
3317 # ifndef OPENSSL_NO_EC
3318 else if (strncmp(buf, "+F4:", 4) == 0) {
3323 k = atoi(sstrsep(&p, sep));
3326 d = atof(sstrsep(&p, sep));
3327 ecdsa_results[k][0] += d;
3329 d = atof(sstrsep(&p, sep));
3330 ecdsa_results[k][1] += d;
3331 } else if (strncmp(buf, "+F5:", 4) == 0) {
3336 k = atoi(sstrsep(&p, sep));
3339 d = atof(sstrsep(&p, sep));
3340 ecdh_results[k][0] += d;
3344 else if (strncmp(buf, "+H:", 3) == 0) {
3347 BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
3358 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
3359 const openssl_speed_sec_t *seconds)
3361 static const int mblengths_list[] =
3362 { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
3363 const int *mblengths = mblengths_list;
3364 int j, count, keylen, num = OSSL_NELEM(mblengths_list);
3365 const char *alg_name;
3366 unsigned char *inp, *out, *key, no_key[32], no_iv[16];
3367 EVP_CIPHER_CTX *ctx;
3370 if (lengths_single) {
3371 mblengths = &lengths_single;
3375 inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
3376 out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
3377 ctx = EVP_CIPHER_CTX_new();
3378 EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv);
3380 keylen = EVP_CIPHER_CTX_key_length(ctx);
3381 key = app_malloc(keylen, "evp_cipher key");
3382 EVP_CIPHER_CTX_rand_key(ctx, key);
3383 EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL);
3384 OPENSSL_clear_free(key, keylen);
3386 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), no_key);
3387 alg_name = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
3389 for (j = 0; j < num; j++) {
3390 print_message(alg_name, 0, mblengths[j], seconds->sym);
3392 for (count = 0, run = 1; run && count < 0x7fffffff; count++) {
3393 unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
3394 EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
3395 size_t len = mblengths[j];
3398 memset(aad, 0, 8); /* avoid uninitialized values */
3399 aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */
3400 aad[9] = 3; /* version */
3402 aad[11] = 0; /* length */
3404 mb_param.out = NULL;
3407 mb_param.interleave = 8;
3409 packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
3410 sizeof(mb_param), &mb_param);
3416 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
3417 sizeof(mb_param), &mb_param);
3421 RAND_bytes(out, 16);
3423 aad[11] = (unsigned char)(len >> 8);
3424 aad[12] = (unsigned char)(len);
3425 pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
3426 EVP_AEAD_TLS1_AAD_LEN, aad);
3427 EVP_Cipher(ctx, out, inp, len + pad);
3431 BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
3432 : "%d %s's in %.2fs\n", count, "evp", d);
3433 results[D_EVP][j] = ((double)count) / d * mblengths[j];
3437 fprintf(stdout, "+H");
3438 for (j = 0; j < num; j++)
3439 fprintf(stdout, ":%d", mblengths[j]);
3440 fprintf(stdout, "\n");
3441 fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
3442 for (j = 0; j < num; j++)
3443 fprintf(stdout, ":%.2f", results[D_EVP][j]);
3444 fprintf(stdout, "\n");
3447 "The 'numbers' are in 1000s of bytes per second processed.\n");
3448 fprintf(stdout, "type ");
3449 for (j = 0; j < num; j++)
3450 fprintf(stdout, "%7d bytes", mblengths[j]);
3451 fprintf(stdout, "\n");
3452 fprintf(stdout, "%-24s", alg_name);
3454 for (j = 0; j < num; j++) {
3455 if (results[D_EVP][j] > 10000)
3456 fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
3458 fprintf(stdout, " %11.2f ", results[D_EVP][j]);
3460 fprintf(stdout, "\n");
3465 EVP_CIPHER_CTX_free(ctx);