From: Pauli Date: Tue, 14 Aug 2018 04:04:47 +0000 (+1000) Subject: Speed for HMACs. X-Git-Tag: openssl-3.0.0-alpha1~3134 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f88b9b79152b48541b780dfd30bb34e1c7a91e1b;p=oweals%2Fopenssl.git Speed for HMACs. Add support for HMAC over any evp supported digest. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6945) --- diff --git a/apps/speed.c b/apps/speed.c index a4879179e4..27b4d50a64 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -298,7 +298,7 @@ static int opt_found(const char *name, unsigned int *result, typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI, + OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI, OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD } OPTION_CHOICE; @@ -308,6 +308,7 @@ const OPTIONS speed_options[] = { {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"}, + {"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"}, {"decrypt", OPT_DECRYPT, '-', "Time decryption instead of encryption (only EVP)"}, {"aead", OPT_AEAD, '-', @@ -369,6 +370,8 @@ const OPTIONS speed_options[] = { #define D_IGE_256_AES 28 #define D_GHASH 29 #define D_RAND 30 +#define D_EVP_HMAC 31 + /* name of algorithms to test */ static const char *names[] = { "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", @@ -378,7 +381,7 @@ static const char *names[] = { "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", "evp", "sha256", "sha512", "whirlpool", "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash", - "rand" + "rand", "hmac" }; #define ALGOR_NUM OSSL_NELEM(names) @@ -1032,6 +1035,26 @@ static int EVP_Digest_loop(void *args) return count; } +static const EVP_MD *evp_hmac_md = NULL; +static char *evp_hmac_name = NULL; +static int EVP_HMAC_loop(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **) args; + unsigned char *buf = tempargs->buf; + unsigned char no_key[32]; + int count; +#ifndef SIGALRM + int nb_iter = save_count * 4 * lengths[0] / lengths[testnum]; +#endif + + for (count = 0; COND(nb_iter); count++) { + if (HMAC(evp_hmac_md, no_key, sizeof(no_key), buf, lengths[testnum], + NULL, NULL) == NULL) + return -1; + } + return count; +} + #ifndef OPENSSL_NO_RSA static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ @@ -1567,6 +1590,15 @@ int speed_main(int argc, char **argv) } doit[D_EVP] = 1; break; + case OPT_HMAC: + evp_hmac_md = EVP_get_digestbyname(opt_arg()); + if (evp_hmac_md == NULL) { + BIO_printf(bio_err, "%s: %s is an unknown digest\n", + prog, opt_arg()); + goto end; + } + doit[D_EVP_HMAC] = 1; + break; case OPT_DECRYPT: decrypt = 1; break; @@ -1805,9 +1837,9 @@ int speed_main(int argc, char **argv) e = setup_engine(engine_id, 0); /* No parameters; turn on everything. */ - if ((argc == 0) && !doit[D_EVP]) { + if (argc == 0 && !doit[D_EVP] && !doit[D_EVP_HMAC]) { for (i = 0; i < ALGOR_NUM; i++) - if (i != D_EVP) + if (i != D_EVP && i != D_EVP_HMAC) doit[i] = 1; #ifndef OPENSSL_NO_RSA for (i = 0; i < RSA_NUM; i++) @@ -2649,6 +2681,25 @@ int speed_main(int argc, char **argv) } } + if (doit[D_EVP_HMAC]) { + if (evp_hmac_md != NULL) { + const char *md_name = OBJ_nid2ln(EVP_MD_type(evp_hmac_md)); + evp_hmac_name = app_malloc(sizeof("HMAC()") + strlen(md_name), + "HMAC name"); + sprintf(evp_hmac_name, "HMAC(%s)", md_name); + names[D_EVP_HMAC] = evp_hmac_name; + + for (testnum = 0; testnum < size_num; testnum++) { + print_message(names[D_EVP_HMAC], save_count, lengths[testnum], + seconds.sym); + Time_F(START); + count = run_benchmark(async_jobs, EVP_HMAC_loop, loopargs); + d = Time_F(STOP); + print_result(D_EVP_HMAC, testnum, count, d); + } + } + } + for (i = 0; i < loopargs_len; i++) if (RAND_bytes(loopargs[i].buf, 36) <= 0) goto end; @@ -3347,6 +3398,7 @@ int speed_main(int argc, char **argv) OPENSSL_free(loopargs[i].secret_b); #endif } + OPENSSL_free(evp_hmac_name); if (async_jobs > 0) { for (i = 0; i < loopargs_len; i++) diff --git a/doc/man1/speed.pod b/doc/man1/speed.pod index 523da0d3b1..16dc839e17 100644 --- a/doc/man1/speed.pod +++ b/doc/man1/speed.pod @@ -12,6 +12,7 @@ B [B<-engine id>] [B<-elapsed>] [B<-evp algo>] +[B<-hmac algo>] [B<-decrypt>] [B<-rand file...>] [B<-writerand file>] @@ -55,6 +56,10 @@ If B is an AEAD cipher, then you can pass <-aead> to benchmark a TLS-like sequence. And if B is a multi-buffer capable cipher, e.g. aes-128-cbc-hmac-sha1, then B<-mb> will time multi-buffer operation. +=item B<-hmac digest> + +Time the HMAC algorithm using the specified message digest. + =item B<-decrypt> Time the decryption instead of encryption. Affects only the EVP testing.