- if (RAND_status() != 1)
- {
- RAND_seed(rnd_seed, sizeof rnd_seed);
- rnd_fake = 1;
- }
- for (j=0; j<DSA_NUM; j++)
- {
- unsigned int kk;
- int ret;
-
- if (!dsa_doit[j]) continue;
-/* DSA_generate_key(dsa_key[j]); */
-/* DSA_sign_setup(dsa_key[j],NULL); */
- ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
- &kk,dsa_key[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,"DSA sign failure. No DSA sign will be done.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- pkey_print_message("sign","dsa",
- dsa_c[j][0],dsa_bits[j],
- DSA_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(dsa_c[j][0]); count++)
- {
- ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
- &kk,dsa_key[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,
- "DSA sign failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
- : "%ld %d bit DSA signs in %.2fs\n",
- count,dsa_bits[j],d);
- dsa_results[j][0]=d/(double)count;
- rsa_count=count;
- }
-
- ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
- kk,dsa_key[j]);
- if (ret <= 0)
- {
- BIO_printf(bio_err,"DSA verify failure. No DSA verify will be done.\n");
- ERR_print_errors(bio_err);
- dsa_doit[j] = 0;
- }
- else
- {
- pkey_print_message("verify","dsa",
- dsa_c[j][1],dsa_bits[j],
- DSA_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(dsa_c[j][1]); count++)
- {
- ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
- kk,dsa_key[j]);
- if (ret <= 0)
- {
- BIO_printf(bio_err,
- "DSA verify failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
- : "%ld %d bit DSA verify in %.2fs\n",
- count,dsa_bits[j],d);
- dsa_results[j][1]=d/(double)count;
- }
-
- if (rsa_count <= 1)
- {
- /* if longer than 10s, don't do any more */
- for (j++; j<DSA_NUM; j++)
- dsa_doit[j]=0;
- }
- }
- if (rnd_fake) RAND_cleanup();
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
- if (RAND_status() != 1)
- {
- RAND_seed(rnd_seed, sizeof rnd_seed);
- rnd_fake = 1;
- }
- for (j=0; j<EC_NUM; j++)
- {
- int ret;
-
- if (!ecdsa_doit[j]) continue; /* Ignore Curve */
- ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);
- if (ecdsa[j] == NULL)
- {
- BIO_printf(bio_err,"ECDSA failure.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
-#if 1
- EC_KEY_precompute_mult(ecdsa[j], NULL);
-#endif
- /* Perform ECDSA signature test */
- EC_KEY_generate_key(ecdsa[j]);
- ret = ECDSA_sign(0, buf, 20, ecdsasig,
- &ecdsasiglen, ecdsa[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- pkey_print_message("sign","ecdsa",
- ecdsa_c[j][0],
- test_curves_bits[j],
- ECDSA_SECONDS);
-
- Time_F(START);
- for (count=0,run=1; COND(ecdsa_c[j][0]);
- count++)
- {
- ret=ECDSA_sign(0, buf, 20,
- ecdsasig, &ecdsasiglen,
- ecdsa[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err, "ECDSA sign failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
-
- BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
- "%ld %d bit ECDSA signs in %.2fs \n",
- count, test_curves_bits[j], d);
- ecdsa_results[j][0]=d/(double)count;
- rsa_count=count;
- }
-
- /* Perform ECDSA verification test */
- ret=ECDSA_verify(0, buf, 20, ecdsasig,
- ecdsasiglen, ecdsa[j]);
- if (ret != 1)
- {
- BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n");
- ERR_print_errors(bio_err);
- ecdsa_doit[j] = 0;
- }
- else
- {
- pkey_print_message("verify","ecdsa",
- ecdsa_c[j][1],
- test_curves_bits[j],
- ECDSA_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(ecdsa_c[j][1]); count++)
- {
- ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
- if (ret != 1)
- {
- BIO_printf(bio_err, "ECDSA verify failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
- BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
- : "%ld %d bit ECDSA verify in %.2fs\n",
- count, test_curves_bits[j], d);
- ecdsa_results[j][1]=d/(double)count;
- }
-
- if (rsa_count <= 1)
- {
- /* if longer than 10s, don't do any more */
- for (j++; j<EC_NUM; j++)
- ecdsa_doit[j]=0;
- }
- }
- }
- if (rnd_fake) RAND_cleanup();
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- if (RAND_status() != 1)
- {
- RAND_seed(rnd_seed, sizeof rnd_seed);
- rnd_fake = 1;
- }
- for (j=0; j<EC_NUM; j++)
- {
- if (!ecdh_doit[j]) continue;
- ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);
- ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);
- if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
- {
- BIO_printf(bio_err,"ECDH failure.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- /* generate two ECDH key pairs */
- if (!EC_KEY_generate_key(ecdh_a[j]) ||
- !EC_KEY_generate_key(ecdh_b[j]))
- {
- BIO_printf(bio_err,"ECDH key generation failure.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- /* If field size is not more than 24 octets, then use SHA-1 hash of result;
- * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
- */
- int field_size, outlen;
- void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen);
- field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));
- if (field_size <= 24 * 8)
- {
- outlen = KDF1_SHA1_len;
- kdf = KDF1_SHA1;
- }
- else
- {
- outlen = (field_size+7)/8;
- kdf = NULL;
- }
- secret_size_a = ECDH_compute_key(secret_a, outlen,
- EC_KEY_get0_public_key(ecdh_b[j]),
- ecdh_a[j], kdf);
- secret_size_b = ECDH_compute_key(secret_b, outlen,
- EC_KEY_get0_public_key(ecdh_a[j]),
- ecdh_b[j], kdf);
- if (secret_size_a != secret_size_b)
- ecdh_checks = 0;
- else
- ecdh_checks = 1;
-
- for (secret_idx = 0;
- (secret_idx < secret_size_a)
- && (ecdh_checks == 1);
- secret_idx++)
- {
- if (secret_a[secret_idx] != secret_b[secret_idx])
- ecdh_checks = 0;
- }
-
- if (ecdh_checks == 0)
- {
- BIO_printf(bio_err,"ECDH computations don't match.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
-
- pkey_print_message("","ecdh",
- ecdh_c[j][0],
- test_curves_bits[j],
- ECDH_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(ecdh_c[j][0]); count++)
- {
- ECDH_compute_key(secret_a, outlen,
- EC_KEY_get0_public_key(ecdh_b[j]),
- ecdh_a[j], kdf);
- }
- d=Time_F(STOP);
- BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
- count, test_curves_bits[j], d);
- ecdh_results[j][0]=d/(double)count;
- rsa_count=count;
- }
- }
-
-
- if (rsa_count <= 1)
- {
- /* if longer than 10s, don't do any more */
- for (j++; j<EC_NUM; j++)
- ecdh_doit[j]=0;
- }
- }
- if (rnd_fake) RAND_cleanup();
-#endif
+ if (RAND_status() != 1) {
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+ }
+ for (testnum = 0; testnum < DSA_NUM; testnum++) {
+ int st = 0;
+ if (!dsa_doit[testnum])
+ continue;
+
+ /* DSA_generate_key(dsa_key[testnum]); */
+ /* DSA_sign_setup(dsa_key[testnum],NULL); */
+ for (i = 0; i < loopargs_len; i++) {
+ st = DSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
+ &loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
+ if (st == 0)
+ break;
+ }
+ if (st == 0) {
+ BIO_printf(bio_err,
+ "DSA sign failure. No DSA sign will be done.\n");
+ ERR_print_errors(bio_err);
+ rsa_count = 1;
+ } else {
+ pkey_print_message("sign", "dsa",
+ dsa_c[testnum][0], dsa_bits[testnum], DSA_SECONDS);
+ Time_F(START);
+ count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
+ d = Time_F(STOP);
+ BIO_printf(bio_err,
+ mr ? "+R3:%ld:%d:%.2f\n"
+ : "%ld %d bit DSA signs in %.2fs\n",
+ count, dsa_bits[testnum], d);
+ dsa_results[testnum][0] = d / (double)count;
+ rsa_count = count;
+ }
+
+ for (i = 0; i < loopargs_len; i++) {
+ st = DSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
+ loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
+ if (st <= 0)
+ break;
+ }
+ if (st <= 0) {
+ BIO_printf(bio_err,
+ "DSA verify failure. No DSA verify will be done.\n");
+ ERR_print_errors(bio_err);
+ dsa_doit[testnum] = 0;
+ } else {
+ pkey_print_message("verify", "dsa",
+ dsa_c[testnum][1], dsa_bits[testnum], DSA_SECONDS);
+ Time_F(START);
+ count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
+ d = Time_F(STOP);
+ BIO_printf(bio_err,
+ mr ? "+R4:%ld:%d:%.2f\n"
+ : "%ld %d bit DSA verify in %.2fs\n",
+ count, dsa_bits[testnum], d);
+ dsa_results[testnum][1] = d / (double)count;
+ }
+
+ if (rsa_count <= 1) {
+ /* if longer than 10s, don't do any more */
+ for (testnum++; testnum < DSA_NUM; testnum++)
+ dsa_doit[testnum] = 0;
+ }
+ }
+#endif /* OPENSSL_NO_DSA */
+
+#ifndef OPENSSL_NO_EC
+ if (RAND_status() != 1) {
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+ }
+ for (testnum = 0; testnum < EC_NUM; testnum++) {
+ int st = 1;
+
+ if (!ecdsa_doit[testnum])
+ continue; /* Ignore Curve */
+ for (i = 0; i < loopargs_len; i++) {
+ loopargs[i].ecdsa[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]);
+ if (loopargs[i].ecdsa[testnum] == NULL) {
+ st = 0;
+ break;
+ }
+ }
+ if (st == 0) {
+ BIO_printf(bio_err, "ECDSA failure.\n");
+ ERR_print_errors(bio_err);
+ rsa_count = 1;
+ } else {
+ for (i = 0; i < loopargs_len; i++) {
+ EC_KEY_precompute_mult(loopargs[i].ecdsa[testnum], NULL);
+ /* Perform ECDSA signature test */
+ EC_KEY_generate_key(loopargs[i].ecdsa[testnum]);
+ st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
+ &loopargs[i].siglen, loopargs[i].ecdsa[testnum]);
+ if (st == 0)
+ break;
+ }
+ if (st == 0) {
+ BIO_printf(bio_err,
+ "ECDSA sign failure. No ECDSA sign will be done.\n");
+ ERR_print_errors(bio_err);
+ rsa_count = 1;
+ } else {
+ pkey_print_message("sign", "ecdsa",
+ ecdsa_c[testnum][0],
+ test_curves_bits[testnum], ECDSA_SECONDS);
+ Time_F(START);
+ count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
+ d = Time_F(STOP);
+
+ BIO_printf(bio_err,
+ mr ? "+R5:%ld:%d:%.2f\n" :
+ "%ld %d bit ECDSA signs in %.2fs \n",
+ count, test_curves_bits[testnum], d);
+ ecdsa_results[testnum][0] = d / (double)count;
+ rsa_count = count;
+ }
+
+ /* Perform ECDSA verification test */
+ for (i = 0; i < loopargs_len; i++) {
+ st = ECDSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
+ loopargs[i].siglen, loopargs[i].ecdsa[testnum]);
+ if (st != 1)
+ break;
+ }
+ if (st != 1) {
+ BIO_printf(bio_err,
+ "ECDSA verify failure. No ECDSA verify will be done.\n");
+ ERR_print_errors(bio_err);
+ ecdsa_doit[testnum] = 0;
+ } else {
+ pkey_print_message("verify", "ecdsa",
+ ecdsa_c[testnum][1],
+ test_curves_bits[testnum], ECDSA_SECONDS);
+ Time_F(START);
+ count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
+ d = Time_F(STOP);
+ BIO_printf(bio_err,
+ mr ? "+R6:%ld:%d:%.2f\n"
+ : "%ld %d bit ECDSA verify in %.2fs\n",
+ count, test_curves_bits[testnum], d);
+ ecdsa_results[testnum][1] = d / (double)count;
+ }
+
+ if (rsa_count <= 1) {
+ /* if longer than 10s, don't do any more */
+ for (testnum++; testnum < EC_NUM; testnum++)
+ ecdsa_doit[testnum] = 0;
+ }
+ }
+ }
+
+ if (RAND_status() != 1) {
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+ }
+ for (testnum = 0; testnum < EC_NUM; testnum++) {
+ int ecdh_checks = 1;
+
+ if (!ecdh_doit[testnum])
+ continue;
+ for (i = 0; i < loopargs_len; i++) {
+ loopargs[i].ecdh_a[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]);
+ loopargs[i].ecdh_b[testnum] = EC_KEY_new_by_curve_name(test_curves[testnum]);
+ if (loopargs[i].ecdh_a[testnum] == NULL ||
+ loopargs[i].ecdh_b[testnum] == NULL) {
+ ecdh_checks = 0;
+ break;
+ }
+ }
+ if (ecdh_checks == 0) {
+ BIO_printf(bio_err, "ECDH failure.\n");
+ ERR_print_errors(bio_err);
+ rsa_count = 1;
+ } else {
+ for (i = 0; i < loopargs_len; i++) {
+ /* generate two ECDH key pairs */
+ if (!EC_KEY_generate_key(loopargs[i].ecdh_a[testnum]) ||
+ !EC_KEY_generate_key(loopargs[i].ecdh_b[testnum])) {
+ BIO_printf(bio_err, "ECDH key generation failure.\n");
+ ERR_print_errors(bio_err);
+ ecdh_checks = 0;
+ rsa_count = 1;
+ } else {
+ int secret_size_a, secret_size_b;
+ /*
+ * If field size is not more than 24 octets, then use SHA-1
+ * hash of result; otherwise, use result (see section 4.8 of
+ * draft-ietf-tls-ecc-03.txt).
+ */
+ int field_size = EC_GROUP_get_degree(
+ EC_KEY_get0_group(loopargs[i].ecdh_a[testnum]));
+
+ if (field_size <= 24 * 8) { /* 192 bits */
+ loopargs[i].outlen = KDF1_SHA1_len;
+ loopargs[i].kdf = KDF1_SHA1;
+ } else {
+ loopargs[i].outlen = (field_size + 7) / 8;
+ loopargs[i].kdf = NULL;
+ }
+ secret_size_a =
+ ECDH_compute_key(loopargs[i].secret_a, loopargs[i].outlen,
+ EC_KEY_get0_public_key(loopargs[i].ecdh_b[testnum]),
+ loopargs[i].ecdh_a[testnum], loopargs[i].kdf);
+ secret_size_b =
+ ECDH_compute_key(loopargs[i].secret_b, loopargs[i].outlen,
+ EC_KEY_get0_public_key(loopargs[i].ecdh_a[testnum]),
+ loopargs[i].ecdh_b[testnum], loopargs[i].kdf);
+ if (secret_size_a != secret_size_b)
+ ecdh_checks = 0;
+ else
+ ecdh_checks = 1;
+
+ for (k = 0; k < secret_size_a && ecdh_checks == 1; k++) {
+ if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k])
+ ecdh_checks = 0;
+ }
+
+ if (ecdh_checks == 0) {
+ BIO_printf(bio_err, "ECDH computations don't match.\n");
+ ERR_print_errors(bio_err);
+ rsa_count = 1;
+ break;
+ }
+ }
+ }
+ if (ecdh_checks != 0) {
+ pkey_print_message("", "ecdh",
+ ecdh_c[testnum][0],
+ test_curves_bits[testnum], ECDH_SECONDS);
+ Time_F(START);
+ count = run_benchmark(async_jobs, ECDH_compute_key_loop, loopargs);
+ d = Time_F(STOP);
+ BIO_printf(bio_err,
+ mr ? "+R7:%ld:%d:%.2f\n" :
+ "%ld %d-bit ECDH ops in %.2fs\n", count,
+ test_curves_bits[testnum], d);
+ ecdh_results[testnum][0] = d / (double)count;
+ rsa_count = count;
+ }
+ }
+
+ if (rsa_count <= 1) {
+ /* if longer than 10s, don't do any more */
+ for (testnum++; testnum < EC_NUM; testnum++)
+ ecdh_doit[testnum] = 0;
+ }
+ }
+#endif /* OPENSSL_NO_EC */