2016-05-17 18:18:30 +00:00
|
|
|
/*
|
2021-01-28 12:54:57 +00:00
|
|
|
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
2017-06-15 14:16:46 +00:00
|
|
|
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
1998-12-21 10:52:47 +00:00
|
|
|
*
|
2018-12-06 12:00:26 +00:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-17 18:18:30 +00:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
|
* https://www.openssl.org/source/license.html
|
1998-12-21 10:52:47 +00:00
|
|
|
*/
|
2016-05-17 18:18:30 +00:00
|
|
|
|
2015-01-27 15:06:22 +00:00
|
|
|
#undef SECONDS
|
2021-02-18 09:48:18 +00:00
|
|
|
#define SECONDS 3
|
|
|
|
|
#define PKEY_SECONDS 10
|
|
|
|
|
|
|
|
|
|
#define RSA_SECONDS PKEY_SECONDS
|
|
|
|
|
#define DSA_SECONDS PKEY_SECONDS
|
|
|
|
|
#define ECDSA_SECONDS PKEY_SECONDS
|
|
|
|
|
#define ECDH_SECONDS PKEY_SECONDS
|
|
|
|
|
#define EdDSA_SECONDS PKEY_SECONDS
|
|
|
|
|
#define SM2_SECONDS PKEY_SECONDS
|
|
|
|
|
#define FFDH_SECONDS PKEY_SECONDS
|
2015-01-27 15:06:22 +00:00
|
|
|
|
2019-11-29 12:02:54 +00:00
|
|
|
/* We need to use some deprecated APIs */
|
|
|
|
|
#define OPENSSL_SUPPRESS_DEPRECATED
|
|
|
|
|
|
2015-01-27 15:06:22 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <math.h>
|
|
|
|
|
#include "apps.h"
|
2018-01-31 10:13:10 +00:00
|
|
|
#include "progs.h"
|
2015-01-27 15:06:22 +00:00
|
|
|
#include <openssl/crypto.h>
|
|
|
|
|
#include <openssl/rand.h>
|
|
|
|
|
#include <openssl/err.h>
|
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
|
#include <openssl/objects.h>
|
2021-02-18 09:48:18 +00:00
|
|
|
#include <openssl/core_names.h>
|
2015-12-09 07:26:38 +00:00
|
|
|
#include <openssl/async.h>
|
2015-01-27 15:06:22 +00:00
|
|
|
#if !defined(OPENSSL_SYS_MSDOS)
|
2019-06-20 21:07:25 +00:00
|
|
|
# include <unistd.h>
|
2015-01-27 15:06:22 +00:00
|
|
|
#endif
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2020-09-06 21:37:47 +00:00
|
|
|
#if defined(__TANDEM)
|
|
|
|
|
# if defined(OPENSSL_TANDEM_FLOSS)
|
|
|
|
|
# include <floss.h(floss_fork)>
|
|
|
|
|
# endif
|
|
|
|
|
#endif
|
|
|
|
|
|
2016-01-16 18:30:48 +00:00
|
|
|
#if defined(_WIN32)
|
2015-01-27 15:06:22 +00:00
|
|
|
# include <windows.h>
|
|
|
|
|
#endif
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2015-01-27 15:06:22 +00:00
|
|
|
#include <openssl/bn.h>
|
2021-02-18 09:48:18 +00:00
|
|
|
#include <openssl/rsa.h>
|
|
|
|
|
#include "./testrsa.h"
|
2020-01-18 18:13:02 +00:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
|
# include <openssl/dh.h>
|
|
|
|
|
#endif
|
2015-01-27 15:06:22 +00:00
|
|
|
#include <openssl/x509.h>
|
2021-02-18 09:48:18 +00:00
|
|
|
#include <openssl/dsa.h>
|
|
|
|
|
#include "./testdsa.h"
|
2015-01-27 15:06:22 +00:00
|
|
|
#include <openssl/modes.h>
|
2014-05-26 20:57:25 +00:00
|
|
|
|
2015-01-27 15:06:22 +00:00
|
|
|
#ifndef HAVE_FORK
|
2018-12-20 11:59:31 +00:00
|
|
|
# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
|
2015-01-27 15:06:22 +00:00
|
|
|
# define HAVE_FORK 0
|
2015-01-22 03:40:55 +00:00
|
|
|
# else
|
2015-01-27 15:06:22 +00:00
|
|
|
# define HAVE_FORK 1
|
2015-01-22 03:40:55 +00:00
|
|
|
# endif
|
2015-01-27 15:06:22 +00:00
|
|
|
#endif
|
2001-10-25 16:08:17 +00:00
|
|
|
|
2015-01-27 15:06:22 +00:00
|
|
|
#if HAVE_FORK
|
|
|
|
|
# undef NO_FORK
|
|
|
|
|
#else
|
|
|
|
|
# define NO_FORK
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#define MAX_MISALIGNMENT 63
|
2016-02-18 10:56:53 +00:00
|
|
|
#define MAX_ECDH_SIZE 256
|
|
|
|
|
#define MISALIGN 64
|
2020-01-18 18:13:02 +00:00
|
|
|
#define MAX_FFDH_SIZE 1024
|
2016-02-18 10:56:53 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef RSA_DEFAULT_PRIME_NUM
|
|
|
|
|
# define RSA_DEFAULT_PRIME_NUM 2
|
|
|
|
|
#endif
|
|
|
|
|
|
2018-01-12 03:37:39 +00:00
|
|
|
typedef struct openssl_speed_sec_st {
|
2017-12-02 09:05:35 +00:00
|
|
|
int sym;
|
|
|
|
|
int rsa;
|
|
|
|
|
int dsa;
|
|
|
|
|
int ecdsa;
|
|
|
|
|
int ecdh;
|
2018-09-07 06:39:19 +00:00
|
|
|
int eddsa;
|
2019-09-29 14:25:10 +00:00
|
|
|
int sm2;
|
2020-01-18 18:13:02 +00:00
|
|
|
int ffdh;
|
2018-01-12 03:37:39 +00:00
|
|
|
} openssl_speed_sec_t;
|
2017-12-02 09:05:35 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
static volatile int run = 0;
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2018-05-09 20:27:27 +00:00
|
|
|
static int mr = 0; /* machine-readeable output format to merge fork results */
|
2015-01-22 03:40:55 +00:00
|
|
|
static int usertime = 1;
|
2001-09-27 15:43:55 +00:00
|
|
|
|
2001-10-25 14:27:17 +00:00
|
|
|
static double Time_F(int s);
|
2017-12-02 09:05:35 +00:00
|
|
|
static void print_message(const char *s, long num, int length, int tm);
|
2005-03-20 23:12:13 +00:00
|
|
|
static void pkey_print_message(const char *str, const char *str2,
|
2016-11-28 22:36:50 +00:00
|
|
|
long num, unsigned int bits, int sec);
|
2015-01-22 03:40:55 +00:00
|
|
|
static void print_result(int alg, int run_no, int count, double time_used);
|
2015-01-27 15:06:22 +00:00
|
|
|
#ifndef NO_FORK
|
2017-12-02 09:05:35 +00:00
|
|
|
static int do_multi(int multi, int size_num);
|
2015-01-27 15:06:22 +00:00
|
|
|
#endif
|
2015-01-22 03:40:55 +00:00
|
|
|
|
2017-12-02 09:05:35 +00:00
|
|
|
static const int lengths_list[] = {
|
|
|
|
|
16, 64, 256, 1024, 8 * 1024, 16 * 1024
|
|
|
|
|
};
|
2018-05-09 20:27:27 +00:00
|
|
|
#define SIZE_NUM OSSL_NELEM(lengths_list)
|
2017-12-02 09:05:35 +00:00
|
|
|
static const int *lengths = lengths_list;
|
|
|
|
|
|
2018-05-19 13:43:11 +00:00
|
|
|
static const int aead_lengths_list[] = {
|
|
|
|
|
2, 31, 136, 1024, 8 * 1024, 16 * 1024
|
|
|
|
|
};
|
|
|
|
|
|
2018-05-19 13:53:29 +00:00
|
|
|
#define START 0
|
|
|
|
|
#define STOP 1
|
|
|
|
|
|
2015-01-27 15:06:22 +00:00
|
|
|
#ifdef SIGALRM
|
2001-11-06 13:40:27 +00:00
|
|
|
|
2018-05-19 13:53:29 +00:00
|
|
|
static void alarmed(int sig)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
2018-05-19 13:53:29 +00:00
|
|
|
signal(SIGALRM, alarmed);
|
2015-01-22 03:40:55 +00:00
|
|
|
run = 0;
|
|
|
|
|
}
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2018-05-19 13:53:29 +00:00
|
|
|
static double Time_F(int s)
|
|
|
|
|
{
|
|
|
|
|
double ret = app_tminterval(s, usertime);
|
|
|
|
|
if (s == STOP)
|
|
|
|
|
alarm(0);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2018-05-19 13:53:29 +00:00
|
|
|
#elif defined(_WIN32)
|
|
|
|
|
|
|
|
|
|
# define SIGALRM -1
|
2003-11-28 13:10:58 +00:00
|
|
|
|
2017-07-24 15:28:50 +00:00
|
|
|
static unsigned int lapse;
|
|
|
|
|
static volatile unsigned int schlock;
|
2015-01-22 03:40:55 +00:00
|
|
|
static void alarm_win32(unsigned int secs)
|
|
|
|
|
{
|
|
|
|
|
lapse = secs * 1000;
|
|
|
|
|
}
|
2003-11-28 13:10:58 +00:00
|
|
|
|
2015-01-27 15:06:22 +00:00
|
|
|
# define alarm alarm_win32
|
2015-01-22 03:40:55 +00:00
|
|
|
|
|
|
|
|
static DWORD WINAPI sleepy(VOID * arg)
|
|
|
|
|
{
|
|
|
|
|
schlock = 1;
|
|
|
|
|
Sleep(lapse);
|
|
|
|
|
run = 0;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2000-06-30 17:16:46 +00:00
|
|
|
|
2005-11-06 11:40:59 +00:00
|
|
|
static double Time_F(int s)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
|
|
|
|
double ret;
|
|
|
|
|
static HANDLE thr;
|
|
|
|
|
|
|
|
|
|
if (s == START) {
|
|
|
|
|
schlock = 0;
|
|
|
|
|
thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
|
|
|
|
|
if (thr == NULL) {
|
2015-09-28 14:05:32 +00:00
|
|
|
DWORD err = GetLastError();
|
|
|
|
|
BIO_printf(bio_err, "unable to CreateThread (%lu)", err);
|
2016-06-16 14:59:42 +00:00
|
|
|
ExitProcess(err);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
while (!schlock)
|
|
|
|
|
Sleep(0); /* scheduler spinlock */
|
|
|
|
|
ret = app_tminterval(s, usertime);
|
|
|
|
|
} else {
|
|
|
|
|
ret = app_tminterval(s, usertime);
|
|
|
|
|
if (run)
|
|
|
|
|
TerminateThread(thr, 0);
|
|
|
|
|
CloseHandle(thr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
2015-01-27 15:06:22 +00:00
|
|
|
#else
|
2021-02-15 16:24:44 +00:00
|
|
|
# error "SIGALRM not defined and the platform is not Windows"
|
2015-01-27 15:06:22 +00:00
|
|
|
#endif
|
2003-02-28 15:37:10 +00:00
|
|
|
|
2018-04-29 23:13:58 +00:00
|
|
|
static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
|
2018-01-12 03:37:39 +00:00
|
|
|
const openssl_speed_sec_t *seconds);
|
2003-02-28 15:37:10 +00:00
|
|
|
|
2018-04-29 23:13:58 +00:00
|
|
|
static int opt_found(const char *name, unsigned int *result,
|
|
|
|
|
const OPT_PAIR pairs[], unsigned int nbelem)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
{
|
2018-04-29 23:13:58 +00:00
|
|
|
unsigned int idx;
|
|
|
|
|
|
|
|
|
|
for (idx = 0; idx < nbelem; ++idx, pairs++)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
if (strcmp(name, pairs->name) == 0) {
|
|
|
|
|
*result = pairs->retval;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2018-05-09 20:27:27 +00:00
|
|
|
#define opt_found(value, pairs, result)\
|
|
|
|
|
opt_found(value, result, pairs, OSSL_NELEM(pairs))
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
|
|
|
|
|
typedef enum OPTION_choice {
|
|
|
|
|
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
2018-08-14 04:04:47 +00:00
|
|
|
OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
|
2020-02-25 04:29:30 +00:00
|
|
|
OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM,
|
2019-04-10 20:44:41 +00:00
|
|
|
OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
} OPTION_CHOICE;
|
|
|
|
|
|
2016-03-13 13:07:50 +00:00
|
|
|
const OPTIONS speed_options[] = {
|
2019-09-20 01:33:17 +00:00
|
|
|
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [algorithm...]\n"},
|
2019-11-07 20:08:30 +00:00
|
|
|
|
|
|
|
|
OPT_SECTION("General"),
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
{"help", OPT_HELP, '-', "Display this summary"},
|
2016-07-28 19:15:52 +00:00
|
|
|
{"mb", OPT_MB, '-',
|
2018-05-19 13:43:11 +00:00
|
|
|
"Enable (tls1>=1) multi-block mode on EVP-named cipher"},
|
|
|
|
|
{"mr", OPT_MR, '-', "Produce machine readable output"},
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
#ifndef NO_FORK
|
|
|
|
|
{"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
|
|
|
|
|
#endif
|
2016-03-07 16:55:39 +00:00
|
|
|
#ifndef OPENSSL_NO_ASYNC
|
2016-08-07 10:04:26 +00:00
|
|
|
{"async_jobs", OPT_ASYNCJOBS, 'p',
|
2018-05-19 13:43:11 +00:00
|
|
|
"Enable async mode and start specified number of jobs"},
|
2015-12-09 07:26:38 +00:00
|
|
|
#endif
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
#ifndef OPENSSL_NO_ENGINE
|
|
|
|
|
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
|
|
|
|
#endif
|
2019-11-07 20:08:30 +00:00
|
|
|
{"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
|
|
|
|
|
|
|
|
|
|
OPT_SECTION("Selection"),
|
|
|
|
|
{"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
|
|
|
|
|
{"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"},
|
|
|
|
|
{"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"},
|
|
|
|
|
{"decrypt", OPT_DECRYPT, '-',
|
|
|
|
|
"Time decryption instead of encryption (only EVP)"},
|
|
|
|
|
{"aead", OPT_AEAD, '-',
|
|
|
|
|
"Benchmark EVP-named AEAD cipher in TLS-like sequence"},
|
|
|
|
|
|
|
|
|
|
OPT_SECTION("Timing"),
|
2018-05-19 13:43:11 +00:00
|
|
|
{"elapsed", OPT_ELAPSED, '-',
|
|
|
|
|
"Use wall-clock time instead of CPU user time as divisor"},
|
2017-12-02 09:05:35 +00:00
|
|
|
{"seconds", OPT_SECONDS, 'p',
|
2018-05-19 13:43:11 +00:00
|
|
|
"Run benchmarks for specified amount of seconds"},
|
2017-12-02 09:05:35 +00:00
|
|
|
{"bytes", OPT_BYTES, 'p',
|
2018-05-19 13:43:11 +00:00
|
|
|
"Run [non-PKI] benchmarks on custom-sized buffer"},
|
|
|
|
|
{"misalign", OPT_MISALIGN, 'p',
|
|
|
|
|
"Use specified offset to mis-align buffers"},
|
2019-11-07 20:08:30 +00:00
|
|
|
|
|
|
|
|
OPT_R_OPTIONS,
|
2020-02-25 04:29:30 +00:00
|
|
|
OPT_PROV_OPTIONS,
|
2019-09-20 01:33:17 +00:00
|
|
|
|
|
|
|
|
OPT_PARAMETERS(),
|
|
|
|
|
{"algorithm", 0, 0, "Algorithm(s) to test (optional; otherwise tests all)"},
|
2018-04-29 23:13:58 +00:00
|
|
|
{NULL}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
};
|
|
|
|
|
|
2018-05-09 20:27:27 +00:00
|
|
|
enum {
|
2021-02-15 18:45:01 +00:00
|
|
|
D_MD2, D_MDC2, D_MD4, D_MD5, D_SHA1, D_RMD160,
|
|
|
|
|
D_SHA256, D_SHA512, D_WHIRLPOOL, D_HMAC,
|
2021-02-18 09:48:18 +00:00
|
|
|
D_CBC_DES, D_EDE3_DES, D_RC4, D_CBC_IDEA, D_CBC_SEED,
|
2018-05-09 20:27:27 +00:00
|
|
|
D_CBC_RC2, D_CBC_RC5, D_CBC_BF, D_CBC_CAST,
|
|
|
|
|
D_CBC_128_AES, D_CBC_192_AES, D_CBC_256_AES,
|
|
|
|
|
D_CBC_128_CML, D_CBC_192_CML, D_CBC_256_CML,
|
2021-02-22 12:20:28 +00:00
|
|
|
D_EVP, D_GHASH, D_RAND, D_EVP_CMAC, ALGOR_NUM
|
2018-05-09 20:27:27 +00:00
|
|
|
};
|
|
|
|
|
/* name of algorithms to test. MUST BE KEEP IN SYNC with above enum ! */
|
|
|
|
|
static const char *names[ALGOR_NUM] = {
|
2021-02-15 18:45:01 +00:00
|
|
|
"md2", "mdc2", "md4", "md5", "sha1", "rmd160",
|
|
|
|
|
"sha256", "sha512", "whirlpool", "hmac(md5)",
|
2021-02-18 09:48:18 +00:00
|
|
|
"des-cbc", "des-ede3", "rc4", "idea-cbc", "seed-cbc",
|
|
|
|
|
"rc2-cbc", "rc5-cbc", "blowfish", "cast-cbc",
|
|
|
|
|
"aes-128-cbc", "aes-192-cbc", "aes-256-cbc",
|
|
|
|
|
"camellia-128-cbc", "camellia-192-cbc", "camellia-256-cbc",
|
|
|
|
|
"evp", "ghash", "rand", "cmac"
|
2018-04-29 23:13:58 +00:00
|
|
|
};
|
|
|
|
|
|
2018-05-09 20:27:27 +00:00
|
|
|
/* list of configured algorithm (remaining), with some few alias */
|
2018-04-29 23:13:58 +00:00
|
|
|
static const OPT_PAIR doit_choices[] = {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
{"md2", D_MD2},
|
|
|
|
|
{"mdc2", D_MDC2},
|
|
|
|
|
{"md4", D_MD4},
|
|
|
|
|
{"md5", D_MD5},
|
|
|
|
|
{"hmac", D_HMAC},
|
|
|
|
|
{"sha1", D_SHA1},
|
|
|
|
|
{"sha256", D_SHA256},
|
|
|
|
|
{"sha512", D_SHA512},
|
|
|
|
|
{"whirlpool", D_WHIRLPOOL},
|
|
|
|
|
{"ripemd", D_RMD160},
|
|
|
|
|
{"rmd160", D_RMD160},
|
|
|
|
|
{"ripemd160", D_RMD160},
|
|
|
|
|
{"rc4", D_RC4},
|
|
|
|
|
{"des-cbc", D_CBC_DES},
|
|
|
|
|
{"des-ede3", D_EDE3_DES},
|
|
|
|
|
{"aes-128-cbc", D_CBC_128_AES},
|
|
|
|
|
{"aes-192-cbc", D_CBC_192_AES},
|
|
|
|
|
{"aes-256-cbc", D_CBC_256_AES},
|
2021-02-18 09:48:18 +00:00
|
|
|
{"camellia-128-cbc", D_CBC_128_CML},
|
|
|
|
|
{"camellia-192-cbc", D_CBC_192_CML},
|
|
|
|
|
{"camellia-256-cbc", D_CBC_256_CML},
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
{"rc2-cbc", D_CBC_RC2},
|
|
|
|
|
{"rc2", D_CBC_RC2},
|
|
|
|
|
{"rc5-cbc", D_CBC_RC5},
|
|
|
|
|
{"rc5", D_CBC_RC5},
|
|
|
|
|
{"idea-cbc", D_CBC_IDEA},
|
|
|
|
|
{"idea", D_CBC_IDEA},
|
|
|
|
|
{"seed-cbc", D_CBC_SEED},
|
|
|
|
|
{"seed", D_CBC_SEED},
|
|
|
|
|
{"bf-cbc", D_CBC_BF},
|
|
|
|
|
{"blowfish", D_CBC_BF},
|
|
|
|
|
{"bf", D_CBC_BF},
|
|
|
|
|
{"cast-cbc", D_CBC_CAST},
|
|
|
|
|
{"cast", D_CBC_CAST},
|
|
|
|
|
{"cast5", D_CBC_CAST},
|
|
|
|
|
{"ghash", D_GHASH},
|
2018-04-29 23:13:58 +00:00
|
|
|
{"rand", D_RAND}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
};
|
|
|
|
|
|
2018-05-09 20:27:27 +00:00
|
|
|
static double results[ALGOR_NUM][SIZE_NUM];
|
2018-04-29 23:13:58 +00:00
|
|
|
|
2018-05-09 20:27:27 +00:00
|
|
|
enum { R_DSA_512, R_DSA_1024, R_DSA_2048, DSA_NUM };
|
|
|
|
|
static const OPT_PAIR dsa_choices[DSA_NUM] = {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
{"dsa512", R_DSA_512},
|
|
|
|
|
{"dsa1024", R_DSA_1024},
|
2018-04-29 23:13:58 +00:00
|
|
|
{"dsa2048", R_DSA_2048}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
};
|
2018-04-29 23:13:58 +00:00
|
|
|
static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
|
2000-02-11 09:47:18 +00:00
|
|
|
|
2018-05-09 20:27:27 +00:00
|
|
|
enum {
|
|
|
|
|
R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680,
|
|
|
|
|
R_RSA_15360, RSA_NUM
|
|
|
|
|
};
|
|
|
|
|
static const OPT_PAIR rsa_choices[RSA_NUM] = {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
{"rsa512", R_RSA_512},
|
|
|
|
|
{"rsa1024", R_RSA_1024},
|
|
|
|
|
{"rsa2048", R_RSA_2048},
|
|
|
|
|
{"rsa3072", R_RSA_3072},
|
|
|
|
|
{"rsa4096", R_RSA_4096},
|
|
|
|
|
{"rsa7680", R_RSA_7680},
|
2018-04-29 23:13:58 +00:00
|
|
|
{"rsa15360", R_RSA_15360}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
};
|
2018-04-29 23:13:58 +00:00
|
|
|
|
|
|
|
|
static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
|
2020-01-18 18:13:02 +00:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
|
enum ff_params_t {
|
|
|
|
|
R_FFDH_2048, R_FFDH_3072, R_FFDH_4096, R_FFDH_6144, R_FFDH_8192, FFDH_NUM
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const OPT_PAIR ffdh_choices[FFDH_NUM] = {
|
|
|
|
|
{"ffdh2048", R_FFDH_2048},
|
|
|
|
|
{"ffdh3072", R_FFDH_3072},
|
|
|
|
|
{"ffdh4096", R_FFDH_4096},
|
|
|
|
|
{"ffdh6144", R_FFDH_6144},
|
|
|
|
|
{"ffdh8192", R_FFDH_8192},
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
|
|
|
|
|
#endif /* OPENSSL_NO_DH */
|
|
|
|
|
|
2018-05-09 20:27:27 +00:00
|
|
|
enum ec_curves_t {
|
|
|
|
|
R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_EC2M
|
2018-05-09 20:27:27 +00:00
|
|
|
R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
|
|
|
|
|
R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif
|
2018-05-09 20:27:27 +00:00
|
|
|
R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1,
|
|
|
|
|
R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM
|
|
|
|
|
};
|
|
|
|
|
/* list of ecdsa curves */
|
|
|
|
|
static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
{"ecdsap160", R_EC_P160},
|
|
|
|
|
{"ecdsap192", R_EC_P192},
|
|
|
|
|
{"ecdsap224", R_EC_P224},
|
|
|
|
|
{"ecdsap256", R_EC_P256},
|
|
|
|
|
{"ecdsap384", R_EC_P384},
|
|
|
|
|
{"ecdsap521", R_EC_P521},
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_EC2M
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
{"ecdsak163", R_EC_K163},
|
|
|
|
|
{"ecdsak233", R_EC_K233},
|
|
|
|
|
{"ecdsak283", R_EC_K283},
|
|
|
|
|
{"ecdsak409", R_EC_K409},
|
|
|
|
|
{"ecdsak571", R_EC_K571},
|
|
|
|
|
{"ecdsab163", R_EC_B163},
|
|
|
|
|
{"ecdsab233", R_EC_B233},
|
|
|
|
|
{"ecdsab283", R_EC_B283},
|
|
|
|
|
{"ecdsab409", R_EC_B409},
|
2018-05-08 08:34:59 +00:00
|
|
|
{"ecdsab571", R_EC_B571},
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif
|
2018-05-08 08:34:59 +00:00
|
|
|
{"ecdsabrp256r1", R_EC_BRP256R1},
|
|
|
|
|
{"ecdsabrp256t1", R_EC_BRP256T1},
|
|
|
|
|
{"ecdsabrp384r1", R_EC_BRP384R1},
|
|
|
|
|
{"ecdsabrp384t1", R_EC_BRP384T1},
|
|
|
|
|
{"ecdsabrp512r1", R_EC_BRP512R1},
|
|
|
|
|
{"ecdsabrp512t1", R_EC_BRP512T1}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
};
|
2018-05-09 20:27:27 +00:00
|
|
|
enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM };
|
|
|
|
|
/* list of ecdh curves, extension of |ecdsa_choices| list above */
|
|
|
|
|
static const OPT_PAIR ecdh_choices[EC_NUM] = {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
{"ecdhp160", R_EC_P160},
|
|
|
|
|
{"ecdhp192", R_EC_P192},
|
|
|
|
|
{"ecdhp224", R_EC_P224},
|
|
|
|
|
{"ecdhp256", R_EC_P256},
|
|
|
|
|
{"ecdhp384", R_EC_P384},
|
|
|
|
|
{"ecdhp521", R_EC_P521},
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_EC2M
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
{"ecdhk163", R_EC_K163},
|
|
|
|
|
{"ecdhk233", R_EC_K233},
|
|
|
|
|
{"ecdhk283", R_EC_K283},
|
|
|
|
|
{"ecdhk409", R_EC_K409},
|
|
|
|
|
{"ecdhk571", R_EC_K571},
|
|
|
|
|
{"ecdhb163", R_EC_B163},
|
|
|
|
|
{"ecdhb233", R_EC_B233},
|
|
|
|
|
{"ecdhb283", R_EC_B283},
|
|
|
|
|
{"ecdhb409", R_EC_B409},
|
|
|
|
|
{"ecdhb571", R_EC_B571},
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif
|
2018-05-08 08:34:59 +00:00
|
|
|
{"ecdhbrp256r1", R_EC_BRP256R1},
|
|
|
|
|
{"ecdhbrp256t1", R_EC_BRP256T1},
|
|
|
|
|
{"ecdhbrp384r1", R_EC_BRP384R1},
|
|
|
|
|
{"ecdhbrp384t1", R_EC_BRP384T1},
|
|
|
|
|
{"ecdhbrp512r1", R_EC_BRP512R1},
|
|
|
|
|
{"ecdhbrp512t1", R_EC_BRP512T1},
|
2016-02-12 14:11:47 +00:00
|
|
|
{"ecdhx25519", R_EC_X25519},
|
2018-04-29 23:13:58 +00:00
|
|
|
{"ecdhx448", R_EC_X448}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
};
|
2018-04-29 23:13:58 +00:00
|
|
|
|
2018-05-09 20:27:27 +00:00
|
|
|
static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */
|
|
|
|
|
static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
|
2018-09-07 06:39:19 +00:00
|
|
|
|
2018-05-09 20:27:27 +00:00
|
|
|
enum { R_EC_Ed25519, R_EC_Ed448, EdDSA_NUM };
|
|
|
|
|
static const OPT_PAIR eddsa_choices[EdDSA_NUM] = {
|
2018-09-07 06:39:19 +00:00
|
|
|
{"ed25519", R_EC_Ed25519},
|
|
|
|
|
{"ed448", R_EC_Ed448}
|
|
|
|
|
|
2018-05-09 20:27:27 +00:00
|
|
|
};
|
2018-09-07 06:39:19 +00:00
|
|
|
static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */
|
2019-09-29 14:25:10 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2018-05-09 20:27:27 +00:00
|
|
|
enum { R_EC_CURVESM2, SM2_NUM };
|
|
|
|
|
static const OPT_PAIR sm2_choices[SM2_NUM] = {
|
2019-09-29 14:25:10 +00:00
|
|
|
{"curveSM2", R_EC_CURVESM2}
|
|
|
|
|
};
|
2021-02-18 09:48:18 +00:00
|
|
|
# define SM2_ID "TLSv1.3+GM+Cipher+Suite"
|
|
|
|
|
# define SM2_ID_LEN sizeof("TLSv1.3+GM+Cipher+Suite") - 1
|
2019-09-29 14:25:10 +00:00
|
|
|
static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif /* OPENSSL_NO_SM2 */
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
|
2021-02-22 12:20:28 +00:00
|
|
|
#define COND(unused_cond) (run && count < 0x7fffffff)
|
2021-02-15 16:24:44 +00:00
|
|
|
#define COUNT(d) (count)
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2018-04-29 23:13:58 +00:00
|
|
|
typedef struct loopargs_st {
|
|
|
|
|
ASYNC_JOB *inprogress_job;
|
|
|
|
|
ASYNC_WAIT_CTX *wait_ctx;
|
|
|
|
|
unsigned char *buf;
|
|
|
|
|
unsigned char *buf2;
|
|
|
|
|
unsigned char *buf_malloc;
|
|
|
|
|
unsigned char *buf2_malloc;
|
|
|
|
|
unsigned char *key;
|
2018-09-10 15:03:14 +00:00
|
|
|
size_t sigsize;
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM];
|
|
|
|
|
EVP_PKEY_CTX *rsa_verify_ctx[RSA_NUM];
|
|
|
|
|
EVP_PKEY_CTX *dsa_sign_ctx[DSA_NUM];
|
|
|
|
|
EVP_PKEY_CTX *dsa_verify_ctx[DSA_NUM];
|
|
|
|
|
EVP_PKEY_CTX *ecdsa_sign_ctx[ECDSA_NUM];
|
|
|
|
|
EVP_PKEY_CTX *ecdsa_verify_ctx[ECDSA_NUM];
|
2018-04-29 23:13:58 +00:00
|
|
|
EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
|
2018-09-07 06:39:19 +00:00
|
|
|
EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
|
2020-06-06 15:21:15 +00:00
|
|
|
EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM];
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2019-09-29 14:25:10 +00:00
|
|
|
EVP_MD_CTX *sm2_ctx[SM2_NUM];
|
|
|
|
|
EVP_MD_CTX *sm2_vfy_ctx[SM2_NUM];
|
|
|
|
|
EVP_PKEY *sm2_pkey[SM2_NUM];
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif
|
2018-04-29 23:13:58 +00:00
|
|
|
unsigned char *secret_a;
|
|
|
|
|
unsigned char *secret_b;
|
|
|
|
|
size_t outlen[EC_NUM];
|
2020-01-18 18:13:02 +00:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
|
EVP_PKEY_CTX *ffdh_ctx[FFDH_NUM];
|
|
|
|
|
unsigned char *secret_ff_a;
|
|
|
|
|
unsigned char *secret_ff_b;
|
2018-04-29 23:13:58 +00:00
|
|
|
#endif
|
|
|
|
|
EVP_CIPHER_CTX *ctx;
|
2021-02-15 18:45:01 +00:00
|
|
|
EVP_MAC_CTX *mctx;
|
2018-04-29 23:13:58 +00:00
|
|
|
} loopargs_t;
|
|
|
|
|
static int run_benchmark(int async_jobs, int (*loop_function) (void *),
|
|
|
|
|
loopargs_t * loopargs);
|
|
|
|
|
|
|
|
|
|
static unsigned int testnum;
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2016-07-23 12:45:08 +00:00
|
|
|
/* Nb of iterations to do per algorithm and key-size */
|
2018-05-09 20:27:27 +00:00
|
|
|
static long c[ALGOR_NUM][SIZE_NUM];
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2021-02-15 18:45:01 +00:00
|
|
|
static char *evp_mac_mdname = "md5";
|
|
|
|
|
static char *evp_hmac_name = NULL;
|
|
|
|
|
static const char *evp_md_name = NULL;
|
2021-02-18 09:48:18 +00:00
|
|
|
static char *evp_mac_ciphername = "aes-128-cbc";
|
|
|
|
|
static char *evp_cmac_name = NULL;
|
2021-02-15 18:45:01 +00:00
|
|
|
|
|
|
|
|
static EVP_MD *obtain_md(const char *name, int *fetched)
|
2015-12-09 07:26:38 +00:00
|
|
|
{
|
2021-02-15 18:45:01 +00:00
|
|
|
EVP_MD *md = NULL;
|
2016-07-19 21:57:18 +00:00
|
|
|
|
2021-02-15 18:45:01 +00:00
|
|
|
*fetched = 0;
|
|
|
|
|
/* Look through providers' digests */
|
|
|
|
|
ERR_set_mark();
|
|
|
|
|
md = EVP_MD_fetch(NULL, name, NULL);
|
|
|
|
|
ERR_pop_to_mark();
|
|
|
|
|
if (md != NULL) {
|
|
|
|
|
*fetched = 1;
|
|
|
|
|
return md;
|
2016-06-18 14:46:13 +00:00
|
|
|
}
|
2021-02-15 18:45:01 +00:00
|
|
|
|
|
|
|
|
return (EVP_MD *)EVP_get_digestbyname(name);
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
|
2021-02-15 18:45:01 +00:00
|
|
|
static int have_md(const char *name)
|
2015-12-09 07:26:38 +00:00
|
|
|
{
|
2021-02-15 18:45:01 +00:00
|
|
|
int fetched = 0;
|
2021-02-18 09:48:18 +00:00
|
|
|
int ret = 0;
|
2021-02-15 18:45:01 +00:00
|
|
|
EVP_MD *md = obtain_md(name, &fetched);
|
2016-07-19 21:57:18 +00:00
|
|
|
|
2021-02-15 18:45:01 +00:00
|
|
|
if (md != NULL) {
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
|
|
|
|
|
|
|
|
|
|
if (ctx != NULL && EVP_DigestInit(ctx, md) > 0)
|
|
|
|
|
ret = 1;
|
|
|
|
|
EVP_MD_CTX_free(ctx);
|
2021-02-15 18:45:01 +00:00
|
|
|
if (fetched)
|
|
|
|
|
EVP_MD_free(md);
|
2016-06-18 14:46:13 +00:00
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static EVP_CIPHER *obtain_cipher(const char *name, int *fetched)
|
|
|
|
|
{
|
|
|
|
|
EVP_CIPHER *cipher = NULL;
|
|
|
|
|
|
|
|
|
|
*fetched = 0;
|
|
|
|
|
/* Look through providers' digests */
|
|
|
|
|
ERR_set_mark();
|
|
|
|
|
cipher = EVP_CIPHER_fetch(NULL, name, NULL);
|
|
|
|
|
ERR_pop_to_mark();
|
|
|
|
|
if (cipher != NULL) {
|
|
|
|
|
*fetched = 1;
|
|
|
|
|
return cipher;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (EVP_CIPHER *)EVP_get_cipherbyname(name);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int have_cipher(const char *name)
|
|
|
|
|
{
|
|
|
|
|
int fetched = 0;
|
|
|
|
|
int ret = 0;
|
|
|
|
|
EVP_CIPHER *cipher = obtain_cipher(name, &fetched);
|
|
|
|
|
|
|
|
|
|
if (cipher != NULL) {
|
|
|
|
|
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
|
|
|
|
|
|
|
|
|
if (ctx != NULL
|
|
|
|
|
&& EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) > 0)
|
|
|
|
|
ret = 1;
|
|
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
|
|
|
if (fetched)
|
|
|
|
|
EVP_CIPHER_free(cipher);
|
|
|
|
|
}
|
|
|
|
|
return ret;
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
|
2021-02-15 18:45:01 +00:00
|
|
|
static int EVP_Digest_loop(const char *mdname, int algindex, void *args)
|
2015-12-09 07:26:38 +00:00
|
|
|
{
|
2016-10-04 06:20:49 +00:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 07:26:38 +00:00
|
|
|
unsigned char *buf = tempargs->buf;
|
2021-02-15 18:45:01 +00:00
|
|
|
unsigned char digest[EVP_MAX_MD_SIZE];
|
|
|
|
|
int count, fetched = 0;
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_MD *md = obtain_md(mdname, &fetched);
|
2021-02-15 18:45:01 +00:00
|
|
|
|
|
|
|
|
if (md == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
for (count = 0; COND(c[algindex][testnum]); count++) {
|
|
|
|
|
if (!EVP_Digest(buf, (size_t)lengths[testnum], digest, NULL, md,
|
|
|
|
|
NULL)) {
|
|
|
|
|
count = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2016-06-18 14:46:13 +00:00
|
|
|
}
|
2021-02-15 18:45:01 +00:00
|
|
|
if (fetched)
|
|
|
|
|
EVP_MD_free(md);
|
2015-12-09 07:26:38 +00:00
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-15 18:45:01 +00:00
|
|
|
static int EVP_Digest_md_loop(void *args)
|
|
|
|
|
{
|
|
|
|
|
return EVP_Digest_loop(evp_md_name, D_EVP, args);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int EVP_Digest_MD2_loop(void *args)
|
|
|
|
|
{
|
|
|
|
|
return EVP_Digest_loop("md2", D_MD2, args);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int EVP_Digest_MDC2_loop(void *args)
|
|
|
|
|
{
|
|
|
|
|
return EVP_Digest_loop("mdc2", D_MDC2, args);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int EVP_Digest_MD4_loop(void *args)
|
|
|
|
|
{
|
|
|
|
|
return EVP_Digest_loop("md4", D_MD4, args);
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
static int MD5_loop(void *args)
|
|
|
|
|
{
|
2021-02-15 18:45:01 +00:00
|
|
|
return EVP_Digest_loop("md5", D_MD5, args);
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
static int EVP_MAC_loop(int algindex, void *args)
|
2015-12-09 07:26:38 +00:00
|
|
|
{
|
2016-10-04 06:20:49 +00:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 07:26:38 +00:00
|
|
|
unsigned char *buf = tempargs->buf;
|
2021-02-15 18:45:01 +00:00
|
|
|
EVP_MAC_CTX *mctx = tempargs->mctx;
|
|
|
|
|
unsigned char mac[EVP_MAX_MD_SIZE];
|
2015-12-09 07:26:38 +00:00
|
|
|
int count;
|
2016-07-19 21:57:18 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
for (count = 0; COND(c[algindex][testnum]); count++) {
|
2021-02-15 18:45:01 +00:00
|
|
|
size_t outl;
|
2021-02-22 12:20:28 +00:00
|
|
|
|
2021-02-25 04:12:56 +00:00
|
|
|
if (!EVP_MAC_init(mctx, NULL, 0, NULL)
|
2021-02-15 18:45:01 +00:00
|
|
|
|| !EVP_MAC_update(mctx, buf, lengths[testnum])
|
|
|
|
|
|| !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
|
|
|
|
|
return -1;
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
static int HMAC_loop(void *args)
|
|
|
|
|
{
|
|
|
|
|
return EVP_MAC_loop(D_HMAC, args);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int CMAC_loop(void *args)
|
|
|
|
|
{
|
|
|
|
|
return EVP_MAC_loop(D_EVP_CMAC, args);
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
static int SHA1_loop(void *args)
|
|
|
|
|
{
|
2021-02-15 18:45:01 +00:00
|
|
|
return EVP_Digest_loop("sha1", D_SHA1, args);
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int SHA256_loop(void *args)
|
|
|
|
|
{
|
2021-02-15 18:45:01 +00:00
|
|
|
return EVP_Digest_loop("sha256", D_SHA256, args);
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int SHA512_loop(void *args)
|
|
|
|
|
{
|
2021-02-15 18:45:01 +00:00
|
|
|
return EVP_Digest_loop("sha512", D_SHA512, args);
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int WHIRLPOOL_loop(void *args)
|
|
|
|
|
{
|
2021-02-15 18:45:01 +00:00
|
|
|
return EVP_Digest_loop("whirlpool", D_WHIRLPOOL, args);
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int EVP_Digest_RMD160_loop(void *args)
|
|
|
|
|
{
|
2021-02-15 18:45:01 +00:00
|
|
|
return EVP_Digest_loop("ripemd160", D_RMD160, args);
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
static int algindex;
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
static int EVP_Cipher_loop(void *args)
|
2015-12-09 07:26:38 +00:00
|
|
|
{
|
2016-10-04 06:20:49 +00:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 07:26:38 +00:00
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
|
int count;
|
2021-02-18 09:48:18 +00:00
|
|
|
|
|
|
|
|
if (tempargs->ctx == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
for (count = 0; COND(c[algindex][testnum]); count++)
|
|
|
|
|
if (EVP_Cipher(tempargs->ctx, buf, buf, (size_t)lengths[testnum]) <= 0)
|
|
|
|
|
return -1;
|
2015-12-09 07:26:38 +00:00
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
static int GHASH_loop(void *args)
|
2015-12-09 07:26:38 +00:00
|
|
|
{
|
2016-10-04 06:20:49 +00:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 07:26:38 +00:00
|
|
|
unsigned char *buf = tempargs->buf;
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_MAC_CTX *mctx = tempargs->mctx;
|
2015-12-09 07:26:38 +00:00
|
|
|
int count;
|
2021-02-18 09:48:18 +00:00
|
|
|
|
|
|
|
|
/* just do the update in the loop to be comparable with 1.1.1 */
|
|
|
|
|
for (count = 0; COND(c[D_GHASH][testnum]); count++) {
|
|
|
|
|
if (!EVP_MAC_update(mctx, buf, lengths[testnum]))
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2015-12-09 07:26:38 +00:00
|
|
|
return count;
|
|
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
|
2016-04-13 10:28:45 +00:00
|
|
|
#define MAX_BLOCK_SIZE 128
|
2015-12-09 07:26:38 +00:00
|
|
|
|
|
|
|
|
static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
|
2019-12-05 17:09:49 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
static EVP_CIPHER_CTX *init_evp_cipher_ctx(const char *ciphername,
|
|
|
|
|
const unsigned char *key,
|
|
|
|
|
int keylen)
|
2015-12-09 07:26:38 +00:00
|
|
|
{
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_CIPHER_CTX *ctx = NULL;
|
|
|
|
|
int fetched = 0;
|
|
|
|
|
EVP_CIPHER *cipher = obtain_cipher(ciphername, &fetched);
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
if (cipher == NULL)
|
|
|
|
|
return NULL;
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
|
|
|
|
|
goto end;
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)) {
|
|
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
|
|
|
ctx = NULL;
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2021-03-18 23:11:02 +00:00
|
|
|
if (!EVP_CIPHER_CTX_set_key_length(ctx, keylen)) {
|
|
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
|
|
|
ctx = NULL;
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1)) {
|
|
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
|
|
|
ctx = NULL;
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
end:
|
|
|
|
|
if (fetched)
|
|
|
|
|
EVP_CIPHER_free(cipher);
|
|
|
|
|
return ctx;
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
|
2017-10-07 09:38:19 +00:00
|
|
|
static int RAND_bytes_loop(void *args)
|
|
|
|
|
{
|
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
|
int count;
|
|
|
|
|
|
|
|
|
|
for (count = 0; COND(c[D_RAND][testnum]); count++)
|
|
|
|
|
RAND_bytes(buf, lengths[testnum]);
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
static int decrypt = 0;
|
|
|
|
|
static int EVP_Update_loop(void *args)
|
|
|
|
|
{
|
2016-10-04 06:20:49 +00:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 07:26:38 +00:00
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
|
EVP_CIPHER_CTX *ctx = tempargs->ctx;
|
2017-12-05 12:10:11 +00:00
|
|
|
int outl, count, rc;
|
2019-10-19 17:37:01 +00:00
|
|
|
|
2017-12-05 12:10:11 +00:00
|
|
|
if (decrypt) {
|
2019-10-19 17:37:01 +00:00
|
|
|
for (count = 0; COND(c[D_EVP][testnum]); count++) {
|
2017-12-05 12:10:11 +00:00
|
|
|
rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
|
2018-02-02 10:09:25 +00:00
|
|
|
if (rc != 1) {
|
|
|
|
|
/* reset iv in case of counter overflow */
|
2017-12-05 12:10:11 +00:00
|
|
|
EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
|
2018-02-02 10:09:25 +00:00
|
|
|
}
|
2017-12-05 12:10:11 +00:00
|
|
|
}
|
|
|
|
|
} else {
|
2019-10-19 17:37:01 +00:00
|
|
|
for (count = 0; COND(c[D_EVP][testnum]); count++) {
|
2017-12-05 12:10:11 +00:00
|
|
|
rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
|
2018-02-02 10:09:25 +00:00
|
|
|
if (rc != 1) {
|
|
|
|
|
/* reset iv in case of counter overflow */
|
2017-12-05 12:10:11 +00:00
|
|
|
EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
|
2018-02-02 10:09:25 +00:00
|
|
|
}
|
2017-12-05 12:10:11 +00:00
|
|
|
}
|
|
|
|
|
}
|
2015-12-09 07:26:38 +00:00
|
|
|
if (decrypt)
|
|
|
|
|
EVP_DecryptFinal_ex(ctx, buf, &outl);
|
|
|
|
|
else
|
|
|
|
|
EVP_EncryptFinal_ex(ctx, buf, &outl);
|
|
|
|
|
return count;
|
|
|
|
|
}
|
2018-05-19 13:43:11 +00:00
|
|
|
|
2017-02-20 16:49:36 +00:00
|
|
|
/*
|
|
|
|
|
* CCM does not support streaming. For the purpose of performance measurement,
|
|
|
|
|
* each message is encrypted using the same (key,iv)-pair. Do not use this
|
|
|
|
|
* code in your application.
|
|
|
|
|
*/
|
|
|
|
|
static int EVP_Update_loop_ccm(void *args)
|
|
|
|
|
{
|
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
|
EVP_CIPHER_CTX *ctx = tempargs->ctx;
|
|
|
|
|
int outl, count;
|
|
|
|
|
unsigned char tag[12];
|
2019-10-19 17:37:01 +00:00
|
|
|
|
2017-02-20 16:49:36 +00:00
|
|
|
if (decrypt) {
|
2019-10-19 17:37:01 +00:00
|
|
|
for (count = 0; COND(c[D_EVP][testnum]); count++) {
|
2017-02-20 16:49:36 +00:00
|
|
|
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), tag);
|
2018-02-02 10:09:25 +00:00
|
|
|
/* reset iv */
|
|
|
|
|
EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
|
|
|
|
|
/* counter is reset on every update */
|
2017-02-20 16:49:36 +00:00
|
|
|
EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2019-10-19 17:37:01 +00:00
|
|
|
for (count = 0; COND(c[D_EVP][testnum]); count++) {
|
2018-02-02 10:09:25 +00:00
|
|
|
/* restore iv length field */
|
2017-02-20 16:49:36 +00:00
|
|
|
EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]);
|
2018-02-02 10:09:25 +00:00
|
|
|
/* counter is reset on every update */
|
2017-02-20 16:49:36 +00:00
|
|
|
EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-02-02 10:09:25 +00:00
|
|
|
if (decrypt)
|
|
|
|
|
EVP_DecryptFinal_ex(ctx, buf, &outl);
|
|
|
|
|
else
|
|
|
|
|
EVP_EncryptFinal_ex(ctx, buf, &outl);
|
2017-02-20 16:49:36 +00:00
|
|
|
return count;
|
|
|
|
|
}
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2018-05-19 13:43:11 +00:00
|
|
|
/*
|
|
|
|
|
* To make AEAD benchmarking more relevant perform TLS-like operations,
|
|
|
|
|
* 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
|
|
|
|
|
* payload length is not actually limited by 16KB...
|
|
|
|
|
*/
|
|
|
|
|
static int EVP_Update_loop_aead(void *args)
|
|
|
|
|
{
|
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
|
EVP_CIPHER_CTX *ctx = tempargs->ctx;
|
|
|
|
|
int outl, count;
|
|
|
|
|
unsigned char aad[13] = { 0xcc };
|
|
|
|
|
unsigned char faketag[16] = { 0xcc };
|
2019-10-19 17:37:01 +00:00
|
|
|
|
2018-05-19 13:43:11 +00:00
|
|
|
if (decrypt) {
|
2019-10-19 17:37:01 +00:00
|
|
|
for (count = 0; COND(c[D_EVP][testnum]); count++) {
|
2021-03-18 23:11:02 +00:00
|
|
|
(void)EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
|
|
|
|
|
(void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
|
|
|
|
|
sizeof(faketag), faketag);
|
|
|
|
|
(void)EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
|
|
|
|
|
(void)EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
|
|
|
|
|
(void)EVP_DecryptFinal_ex(ctx, buf + outl, &outl);
|
2018-05-19 13:43:11 +00:00
|
|
|
}
|
|
|
|
|
} else {
|
2019-10-19 17:37:01 +00:00
|
|
|
for (count = 0; COND(c[D_EVP][testnum]); count++) {
|
2021-03-18 23:11:02 +00:00
|
|
|
(void)EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv);
|
|
|
|
|
(void)EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
|
|
|
|
|
(void)EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
|
|
|
|
|
(void)EVP_EncryptFinal_ex(ctx, buf + outl, &outl);
|
2018-05-19 13:43:11 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-23 12:45:08 +00:00
|
|
|
static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
|
2015-12-09 07:26:38 +00:00
|
|
|
|
|
|
|
|
static int RSA_sign_loop(void *args)
|
|
|
|
|
{
|
2016-10-04 06:20:49 +00:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 07:26:38 +00:00
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
2021-02-18 09:48:18 +00:00
|
|
|
size_t *rsa_num = &tempargs->sigsize;
|
|
|
|
|
EVP_PKEY_CTX **rsa_sign_ctx = tempargs->rsa_sign_ctx;
|
2015-12-09 07:26:38 +00:00
|
|
|
int ret, count;
|
2021-02-22 12:20:28 +00:00
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
for (count = 0; COND(rsa_c[testnum][0]); count++) {
|
2021-02-18 09:48:18 +00:00
|
|
|
ret = EVP_PKEY_sign(rsa_sign_ctx[testnum], buf2, rsa_num, buf, 36);
|
|
|
|
|
if (ret <= 0) {
|
2015-12-09 07:26:38 +00:00
|
|
|
BIO_printf(bio_err, "RSA sign failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
count = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int RSA_verify_loop(void *args)
|
|
|
|
|
{
|
2016-10-04 06:20:49 +00:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 07:26:38 +00:00
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
2021-02-18 09:48:18 +00:00
|
|
|
size_t rsa_num = tempargs->sigsize;
|
|
|
|
|
EVP_PKEY_CTX **rsa_verify_ctx = tempargs->rsa_verify_ctx;
|
2015-12-09 07:26:38 +00:00
|
|
|
int ret, count;
|
2021-02-22 12:20:28 +00:00
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
for (count = 0; COND(rsa_c[testnum][1]); count++) {
|
2021-02-18 09:48:18 +00:00
|
|
|
ret = EVP_PKEY_verify(rsa_verify_ctx[testnum], buf2, rsa_num, buf, 36);
|
2015-12-09 07:26:38 +00:00
|
|
|
if (ret <= 0) {
|
|
|
|
|
BIO_printf(bio_err, "RSA verify failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
count = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-18 18:13:02 +00:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
|
static long ffdh_c[FFDH_NUM][1];
|
|
|
|
|
|
|
|
|
|
static int FFDH_derive_key_loop(void *args)
|
|
|
|
|
{
|
2021-02-22 12:20:28 +00:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
|
EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum];
|
|
|
|
|
unsigned char *derived_secret = tempargs->secret_ff_a;
|
|
|
|
|
size_t outlen = MAX_FFDH_SIZE;
|
|
|
|
|
int count;
|
2020-01-18 18:13:02 +00:00
|
|
|
|
2021-02-22 12:20:28 +00:00
|
|
|
for (count = 0; COND(ffdh_c[testnum][0]); count++)
|
|
|
|
|
EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen);
|
|
|
|
|
return count;
|
2020-01-18 18:13:02 +00:00
|
|
|
}
|
|
|
|
|
#endif /* OPENSSL_NO_DH */
|
|
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
static long dsa_c[DSA_NUM][2];
|
|
|
|
|
static int DSA_sign_loop(void *args)
|
|
|
|
|
{
|
2016-10-04 06:20:49 +00:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 07:26:38 +00:00
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
2021-02-18 09:48:18 +00:00
|
|
|
size_t *dsa_num = &tempargs->sigsize;
|
|
|
|
|
EVP_PKEY_CTX **dsa_sign_ctx = tempargs->dsa_sign_ctx;
|
2015-12-09 07:26:38 +00:00
|
|
|
int ret, count;
|
2021-02-22 12:20:28 +00:00
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
for (count = 0; COND(dsa_c[testnum][0]); count++) {
|
2021-02-18 09:48:18 +00:00
|
|
|
ret = EVP_PKEY_sign(dsa_sign_ctx[testnum], buf2, dsa_num, buf, 20);
|
|
|
|
|
if (ret <= 0) {
|
2015-12-09 07:26:38 +00:00
|
|
|
BIO_printf(bio_err, "DSA sign failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2016-02-18 10:56:53 +00:00
|
|
|
count = -1;
|
2015-12-09 07:26:38 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int DSA_verify_loop(void *args)
|
|
|
|
|
{
|
2016-10-04 06:20:49 +00:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 07:26:38 +00:00
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
2021-02-18 09:48:18 +00:00
|
|
|
size_t dsa_num = tempargs->sigsize;
|
|
|
|
|
EVP_PKEY_CTX **dsa_verify_ctx = tempargs->dsa_verify_ctx;
|
2015-12-09 07:26:38 +00:00
|
|
|
int ret, count;
|
2021-02-22 12:20:28 +00:00
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
for (count = 0; COND(dsa_c[testnum][1]); count++) {
|
2021-02-18 09:48:18 +00:00
|
|
|
ret = EVP_PKEY_verify(dsa_verify_ctx[testnum], buf2, dsa_num, buf, 20);
|
2015-12-09 07:26:38 +00:00
|
|
|
if (ret <= 0) {
|
|
|
|
|
BIO_printf(bio_err, "DSA verify failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2016-02-18 10:56:53 +00:00
|
|
|
count = -1;
|
2015-12-09 07:26:38 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-29 23:13:58 +00:00
|
|
|
static long ecdsa_c[ECDSA_NUM][2];
|
2015-12-09 07:26:38 +00:00
|
|
|
static int ECDSA_sign_loop(void *args)
|
|
|
|
|
{
|
2016-10-04 06:20:49 +00:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 07:26:38 +00:00
|
|
|
unsigned char *buf = tempargs->buf;
|
2021-02-18 09:48:18 +00:00
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
|
|
|
|
size_t *ecdsa_num = &tempargs->sigsize;
|
|
|
|
|
EVP_PKEY_CTX **ecdsa_sign_ctx = tempargs->ecdsa_sign_ctx;
|
2015-12-09 07:26:38 +00:00
|
|
|
int ret, count;
|
2021-02-22 12:20:28 +00:00
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
|
2021-02-18 09:48:18 +00:00
|
|
|
ret = EVP_PKEY_sign(ecdsa_sign_ctx[testnum], buf2, ecdsa_num, buf, 20);
|
|
|
|
|
if (ret <= 0) {
|
2015-12-09 07:26:38 +00:00
|
|
|
BIO_printf(bio_err, "ECDSA sign failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2016-02-18 10:56:53 +00:00
|
|
|
count = -1;
|
2015-12-09 07:26:38 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int ECDSA_verify_loop(void *args)
|
|
|
|
|
{
|
2016-10-04 06:20:49 +00:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 07:26:38 +00:00
|
|
|
unsigned char *buf = tempargs->buf;
|
2021-02-18 09:48:18 +00:00
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
|
|
|
|
size_t ecdsa_num = tempargs->sigsize;
|
|
|
|
|
EVP_PKEY_CTX **ecdsa_verify_ctx = tempargs->ecdsa_verify_ctx;
|
2015-12-09 07:26:38 +00:00
|
|
|
int ret, count;
|
2021-02-22 12:20:28 +00:00
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
|
2021-02-22 12:20:28 +00:00
|
|
|
ret = EVP_PKEY_verify(ecdsa_verify_ctx[testnum], buf2, ecdsa_num,
|
|
|
|
|
buf, 20);
|
2021-02-18 09:48:18 +00:00
|
|
|
if (ret <= 0) {
|
2015-12-09 07:26:38 +00:00
|
|
|
BIO_printf(bio_err, "ECDSA verify failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2016-02-18 10:56:53 +00:00
|
|
|
count = -1;
|
2015-12-09 07:26:38 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-23 12:26:07 +00:00
|
|
|
/* ******************************************************************** */
|
2016-07-19 22:16:45 +00:00
|
|
|
static long ecdh_c[EC_NUM][1];
|
|
|
|
|
|
2016-10-03 17:28:32 +00:00
|
|
|
static int ECDH_EVP_derive_key_loop(void *args)
|
|
|
|
|
{
|
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
|
EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum];
|
|
|
|
|
unsigned char *derived_secret = tempargs->secret_a;
|
2016-08-02 09:20:45 +00:00
|
|
|
int count;
|
2016-10-04 06:17:11 +00:00
|
|
|
size_t *outlen = &(tempargs->outlen[testnum]);
|
2016-07-12 21:13:20 +00:00
|
|
|
|
2016-10-04 12:56:49 +00:00
|
|
|
for (count = 0; COND(ecdh_c[testnum][0]); count++)
|
2016-10-04 13:40:47 +00:00
|
|
|
EVP_PKEY_derive(ctx, derived_secret, outlen);
|
|
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
return count;
|
|
|
|
|
}
|
2016-07-29 11:22:42 +00:00
|
|
|
|
2018-09-07 06:39:19 +00:00
|
|
|
static long eddsa_c[EdDSA_NUM][2];
|
|
|
|
|
static int EdDSA_sign_loop(void *args)
|
|
|
|
|
{
|
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
|
EVP_MD_CTX **edctx = tempargs->eddsa_ctx;
|
|
|
|
|
unsigned char *eddsasig = tempargs->buf2;
|
2018-09-10 15:03:14 +00:00
|
|
|
size_t *eddsasigsize = &tempargs->sigsize;
|
2018-09-07 06:39:19 +00:00
|
|
|
int ret, count;
|
|
|
|
|
|
|
|
|
|
for (count = 0; COND(eddsa_c[testnum][0]); count++) {
|
2018-09-10 15:03:14 +00:00
|
|
|
ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
|
2018-09-07 06:39:19 +00:00
|
|
|
if (ret == 0) {
|
|
|
|
|
BIO_printf(bio_err, "EdDSA sign failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
count = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int EdDSA_verify_loop(void *args)
|
|
|
|
|
{
|
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
|
unsigned char *buf = tempargs->buf;
|
2020-06-06 15:21:15 +00:00
|
|
|
EVP_MD_CTX **edctx = tempargs->eddsa_ctx2;
|
2018-09-07 06:39:19 +00:00
|
|
|
unsigned char *eddsasig = tempargs->buf2;
|
2018-09-10 15:03:14 +00:00
|
|
|
size_t eddsasigsize = tempargs->sigsize;
|
2018-09-07 06:39:19 +00:00
|
|
|
int ret, count;
|
|
|
|
|
|
|
|
|
|
for (count = 0; COND(eddsa_c[testnum][1]); count++) {
|
2018-09-10 15:03:14 +00:00
|
|
|
ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
|
2018-09-07 06:39:19 +00:00
|
|
|
if (ret != 1) {
|
|
|
|
|
BIO_printf(bio_err, "EdDSA verify failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
count = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return count;
|
|
|
|
|
}
|
2019-09-29 14:25:10 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2019-09-29 14:25:10 +00:00
|
|
|
static long sm2_c[SM2_NUM][2];
|
|
|
|
|
static int SM2_sign_loop(void *args)
|
|
|
|
|
{
|
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
|
EVP_MD_CTX **sm2ctx = tempargs->sm2_ctx;
|
|
|
|
|
unsigned char *sm2sig = tempargs->buf2;
|
2021-02-10 09:52:29 +00:00
|
|
|
size_t sm2sigsize;
|
2019-09-29 14:25:10 +00:00
|
|
|
int ret, count;
|
|
|
|
|
EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
|
2021-02-10 09:52:29 +00:00
|
|
|
const size_t max_size = EVP_PKEY_size(sm2_pkey[testnum]);
|
2019-09-29 14:25:10 +00:00
|
|
|
|
|
|
|
|
for (count = 0; COND(sm2_c[testnum][0]); count++) {
|
2021-02-10 09:52:29 +00:00
|
|
|
sm2sigsize = max_size;
|
|
|
|
|
|
2019-09-29 14:25:10 +00:00
|
|
|
if (!EVP_DigestSignInit(sm2ctx[testnum], NULL, EVP_sm3(),
|
|
|
|
|
NULL, sm2_pkey[testnum])) {
|
|
|
|
|
BIO_printf(bio_err, "SM2 init sign failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
count = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
ret = EVP_DigestSign(sm2ctx[testnum], sm2sig, &sm2sigsize,
|
|
|
|
|
buf, 20);
|
|
|
|
|
if (ret == 0) {
|
|
|
|
|
BIO_printf(bio_err, "SM2 sign failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
count = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
/* update the latest returned size and always use the fixed buffer size */
|
|
|
|
|
tempargs->sigsize = sm2sigsize;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return count;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int SM2_verify_loop(void *args)
|
|
|
|
|
{
|
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
|
EVP_MD_CTX **sm2ctx = tempargs->sm2_vfy_ctx;
|
|
|
|
|
unsigned char *sm2sig = tempargs->buf2;
|
|
|
|
|
size_t sm2sigsize = tempargs->sigsize;
|
|
|
|
|
int ret, count;
|
|
|
|
|
EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
|
|
|
|
|
|
|
|
|
|
for (count = 0; COND(sm2_c[testnum][1]); count++) {
|
|
|
|
|
if (!EVP_DigestVerifyInit(sm2ctx[testnum], NULL, EVP_sm3(),
|
|
|
|
|
NULL, sm2_pkey[testnum])) {
|
|
|
|
|
BIO_printf(bio_err, "SM2 verify init failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
count = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
ret = EVP_DigestVerify(sm2ctx[testnum], sm2sig, sm2sigsize,
|
|
|
|
|
buf, 20);
|
|
|
|
|
if (ret != 1) {
|
|
|
|
|
BIO_printf(bio_err, "SM2 verify failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
count = -1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return count;
|
|
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif /* OPENSSL_NO_SM2 */
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2016-07-28 19:15:52 +00:00
|
|
|
static int run_benchmark(int async_jobs,
|
2016-10-04 06:20:49 +00:00
|
|
|
int (*loop_function) (void *), loopargs_t * loopargs)
|
2015-12-09 07:26:38 +00:00
|
|
|
{
|
|
|
|
|
int job_op_count = 0;
|
|
|
|
|
int total_op_count = 0;
|
|
|
|
|
int num_inprogress = 0;
|
2016-07-28 19:15:52 +00:00
|
|
|
int error = 0, i = 0, ret = 0;
|
2016-02-29 11:28:55 +00:00
|
|
|
OSSL_ASYNC_FD job_fd = 0;
|
|
|
|
|
size_t num_job_fds = 0;
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2016-02-18 10:56:53 +00:00
|
|
|
if (async_jobs == 0) {
|
2016-08-17 22:51:20 +00:00
|
|
|
return loop_function((void *)&loopargs);
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < async_jobs && !error; i++) {
|
2016-08-17 22:51:20 +00:00
|
|
|
loopargs_t *looparg_item = loopargs + i;
|
|
|
|
|
|
|
|
|
|
/* Copy pointer content (looparg_t item address) into async context */
|
2016-07-28 19:15:52 +00:00
|
|
|
ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
|
|
|
|
|
&job_op_count, loop_function,
|
2016-08-17 22:51:20 +00:00
|
|
|
(void *)&looparg_item, sizeof(looparg_item));
|
2016-07-28 19:15:52 +00:00
|
|
|
switch (ret) {
|
2016-07-28 20:51:18 +00:00
|
|
|
case ASYNC_PAUSE:
|
|
|
|
|
++num_inprogress;
|
|
|
|
|
break;
|
|
|
|
|
case ASYNC_FINISH:
|
|
|
|
|
if (job_op_count == -1) {
|
2015-12-09 07:26:38 +00:00
|
|
|
error = 1;
|
2016-07-28 20:51:18 +00:00
|
|
|
} else {
|
|
|
|
|
total_op_count += job_op_count;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ASYNC_NO_JOBS:
|
|
|
|
|
case ASYNC_ERR:
|
|
|
|
|
BIO_printf(bio_err, "Failure in the job\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
error = 1;
|
|
|
|
|
break;
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while (num_inprogress > 0) {
|
2016-03-08 04:51:04 +00:00
|
|
|
#if defined(OPENSSL_SYS_WINDOWS)
|
2016-03-03 07:09:00 +00:00
|
|
|
DWORD avail = 0;
|
2016-03-08 04:51:04 +00:00
|
|
|
#elif defined(OPENSSL_SYS_UNIX)
|
2015-12-09 07:26:38 +00:00
|
|
|
int select_result = 0;
|
2016-03-03 07:09:00 +00:00
|
|
|
OSSL_ASYNC_FD max_fd = 0;
|
|
|
|
|
fd_set waitfdset;
|
2016-03-07 11:20:01 +00:00
|
|
|
|
2016-03-03 07:09:00 +00:00
|
|
|
FD_ZERO(&waitfdset);
|
2016-02-29 11:28:55 +00:00
|
|
|
|
2016-03-03 07:09:00 +00:00
|
|
|
for (i = 0; i < async_jobs && num_inprogress > 0; i++) {
|
|
|
|
|
if (loopargs[i].inprogress_job == NULL)
|
|
|
|
|
continue;
|
2016-02-29 11:28:55 +00:00
|
|
|
|
2016-10-04 06:20:49 +00:00
|
|
|
if (!ASYNC_WAIT_CTX_get_all_fds
|
|
|
|
|
(loopargs[i].wait_ctx, NULL, &num_job_fds)
|
|
|
|
|
|| num_job_fds > 1) {
|
2016-03-03 07:09:00 +00:00
|
|
|
BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
error = 1;
|
|
|
|
|
break;
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
2016-10-04 06:20:49 +00:00
|
|
|
ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
|
|
|
|
|
&num_job_fds);
|
2016-03-03 07:09:00 +00:00
|
|
|
FD_SET(job_fd, &waitfdset);
|
|
|
|
|
if (job_fd > max_fd)
|
|
|
|
|
max_fd = job_fd;
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
|
2016-04-15 08:45:25 +00:00
|
|
|
if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
|
2016-03-25 04:19:30 +00:00
|
|
|
BIO_printf(bio_err,
|
2016-10-04 06:20:49 +00:00
|
|
|
"Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
|
|
|
|
|
"Decrease the value of async_jobs\n",
|
|
|
|
|
max_fd, FD_SETSIZE);
|
2016-03-25 04:19:30 +00:00
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
error = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-03 07:09:00 +00:00
|
|
|
select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL);
|
2015-12-09 07:26:38 +00:00
|
|
|
if (select_result == -1 && errno == EINTR)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (select_result == -1) {
|
2016-03-03 07:09:00 +00:00
|
|
|
BIO_printf(bio_err, "Failure in the select\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
error = 1;
|
|
|
|
|
break;
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (select_result == 0)
|
|
|
|
|
continue;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < async_jobs; i++) {
|
|
|
|
|
if (loopargs[i].inprogress_job == NULL)
|
|
|
|
|
continue;
|
|
|
|
|
|
2016-10-04 06:20:49 +00:00
|
|
|
if (!ASYNC_WAIT_CTX_get_all_fds
|
|
|
|
|
(loopargs[i].wait_ctx, NULL, &num_job_fds)
|
|
|
|
|
|| num_job_fds > 1) {
|
2016-02-29 11:28:55 +00:00
|
|
|
BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
error = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2016-10-04 06:20:49 +00:00
|
|
|
ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
|
|
|
|
|
&num_job_fds);
|
2015-12-09 07:26:38 +00:00
|
|
|
|
2016-03-07 16:55:39 +00:00
|
|
|
#if defined(OPENSSL_SYS_UNIX)
|
2016-02-29 11:28:55 +00:00
|
|
|
if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
|
2015-12-09 07:26:38 +00:00
|
|
|
continue;
|
2016-03-07 16:55:39 +00:00
|
|
|
#elif defined(OPENSSL_SYS_WINDOWS)
|
2016-07-28 20:51:18 +00:00
|
|
|
if (num_job_fds == 1
|
2016-07-28 19:15:52 +00:00
|
|
|
&& !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
|
2016-07-28 20:51:18 +00:00
|
|
|
&& avail > 0)
|
2015-12-09 07:26:38 +00:00
|
|
|
continue;
|
|
|
|
|
#endif
|
|
|
|
|
|
2016-10-10 16:01:24 +00:00
|
|
|
ret = ASYNC_start_job(&loopargs[i].inprogress_job,
|
2016-10-04 06:20:49 +00:00
|
|
|
loopargs[i].wait_ctx, &job_op_count,
|
|
|
|
|
loop_function, (void *)(loopargs + i),
|
|
|
|
|
sizeof(loopargs_t));
|
2016-07-28 19:15:52 +00:00
|
|
|
switch (ret) {
|
2016-07-28 20:51:18 +00:00
|
|
|
case ASYNC_PAUSE:
|
|
|
|
|
break;
|
|
|
|
|
case ASYNC_FINISH:
|
|
|
|
|
if (job_op_count == -1) {
|
2015-12-09 07:26:38 +00:00
|
|
|
error = 1;
|
2016-07-28 20:51:18 +00:00
|
|
|
} else {
|
|
|
|
|
total_op_count += job_op_count;
|
|
|
|
|
}
|
|
|
|
|
--num_inprogress;
|
|
|
|
|
loopargs[i].inprogress_job = NULL;
|
|
|
|
|
break;
|
|
|
|
|
case ASYNC_NO_JOBS:
|
|
|
|
|
case ASYNC_ERR:
|
|
|
|
|
--num_inprogress;
|
|
|
|
|
loopargs[i].inprogress_job = NULL;
|
|
|
|
|
BIO_printf(bio_err, "Failure in the job\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
error = 1;
|
|
|
|
|
break;
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return error ? -1 : total_op_count;
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
typedef struct ec_curve_st {
|
|
|
|
|
const char *name;
|
|
|
|
|
unsigned int nid;
|
|
|
|
|
unsigned int bits;
|
|
|
|
|
size_t sigsize; /* only used for EdDSA curves */
|
|
|
|
|
} EC_CURVE;
|
2020-12-21 13:23:17 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
static EVP_PKEY *get_ecdsa(const EC_CURVE *curve)
|
2020-12-21 13:23:17 +00:00
|
|
|
{
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_PKEY_CTX *kctx = NULL;
|
|
|
|
|
EVP_PKEY *key = NULL;
|
2020-12-21 13:23:17 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
/* Ensure that the error queue is empty */
|
|
|
|
|
if (ERR_peek_error()) {
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
"WARNING: the error queue contains previous unhandled errors.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-21 13:23:17 +00:00
|
|
|
}
|
|
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
/*
|
|
|
|
|
* Let's try to create a ctx directly from the NID: this works for
|
|
|
|
|
* curves like Curve25519 that are not implemented through the low
|
|
|
|
|
* level EC interface.
|
|
|
|
|
* If this fails we try creating a EVP_PKEY_EC generic param ctx,
|
|
|
|
|
* then we set the curve by NID before deriving the actual keygen
|
|
|
|
|
* ctx for that specific curve.
|
|
|
|
|
*/
|
|
|
|
|
kctx = EVP_PKEY_CTX_new_id(curve->nid, NULL);
|
|
|
|
|
if (kctx == NULL) {
|
|
|
|
|
EVP_PKEY_CTX *pctx = NULL;
|
|
|
|
|
EVP_PKEY *params = NULL;
|
|
|
|
|
/*
|
|
|
|
|
* If we reach this code EVP_PKEY_CTX_new_id() failed and a
|
|
|
|
|
* "int_ctx_new:unsupported algorithm" error was added to the
|
|
|
|
|
* error queue.
|
|
|
|
|
* We remove it from the error queue as we are handling it.
|
|
|
|
|
*/
|
|
|
|
|
unsigned long error = ERR_peek_error();
|
|
|
|
|
|
|
|
|
|
if (error == ERR_peek_last_error() /* oldest and latest errors match */
|
|
|
|
|
/* check that the error origin matches */
|
|
|
|
|
&& ERR_GET_LIB(error) == ERR_LIB_EVP
|
|
|
|
|
&& (ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM
|
|
|
|
|
|| ERR_GET_REASON(error) == ERR_R_UNSUPPORTED))
|
|
|
|
|
ERR_get_error(); /* pop error from queue */
|
|
|
|
|
if (ERR_peek_error()) {
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
"Unhandled error in the error queue during EC key setup.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Create the context for parameter generation */
|
|
|
|
|
if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL
|
|
|
|
|
|| EVP_PKEY_paramgen_init(pctx) <= 0
|
|
|
|
|
|| EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
|
|
|
|
|
curve->nid) <= 0
|
|
|
|
|
|| EVP_PKEY_paramgen(pctx, ¶ms) <= 0) {
|
|
|
|
|
BIO_printf(bio_err, "EC params init failure.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
EVP_PKEY_CTX_free(pctx);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
EVP_PKEY_CTX_free(pctx);
|
|
|
|
|
|
|
|
|
|
/* Create the context for the key generation */
|
|
|
|
|
kctx = EVP_PKEY_CTX_new(params, NULL);
|
|
|
|
|
EVP_PKEY_free(params);
|
|
|
|
|
}
|
|
|
|
|
if (kctx == NULL
|
|
|
|
|
|| EVP_PKEY_keygen_init(kctx) <= 0
|
|
|
|
|
|| EVP_PKEY_keygen(kctx, &key) <= 0) {
|
|
|
|
|
BIO_printf(bio_err, "EC key generation failure.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
key = NULL;
|
|
|
|
|
}
|
|
|
|
|
EVP_PKEY_CTX_free(kctx);
|
|
|
|
|
return key;
|
2020-12-21 13:23:17 +00:00
|
|
|
}
|
|
|
|
|
|
2018-06-05 17:56:06 +00:00
|
|
|
#define stop_it(do_it, test_num)\
|
|
|
|
|
memset(do_it + test_num, 0, OSSL_NELEM(do_it) - test_num);
|
|
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
int speed_main(int argc, char **argv)
|
|
|
|
|
{
|
2016-09-28 21:39:18 +00:00
|
|
|
ENGINE *e = NULL;
|
2015-12-09 07:26:38 +00:00
|
|
|
loopargs_t *loopargs = NULL;
|
2018-04-29 23:13:58 +00:00
|
|
|
const char *prog;
|
2016-07-23 12:26:07 +00:00
|
|
|
const char *engine_id = NULL;
|
2020-12-21 13:23:17 +00:00
|
|
|
EVP_CIPHER *evp_cipher = NULL;
|
2015-12-09 07:26:38 +00:00
|
|
|
double d = 0.0;
|
|
|
|
|
OPTION_CHOICE o;
|
2018-04-29 23:13:58 +00:00
|
|
|
int async_init = 0, multiblock = 0, pr_header = 0;
|
2018-06-05 17:56:06 +00:00
|
|
|
uint8_t doit[ALGOR_NUM] = { 0 };
|
2018-05-19 13:43:11 +00:00
|
|
|
int ret = 1, misalign = 0, lengths_single = 0, aead = 0;
|
2016-07-23 12:26:07 +00:00
|
|
|
long count = 0;
|
2018-05-09 20:27:27 +00:00
|
|
|
unsigned int size_num = SIZE_NUM;
|
2018-06-05 17:56:06 +00:00
|
|
|
unsigned int i, k, loopargs_len = 0, async_jobs = 0;
|
2017-12-04 16:40:23 +00:00
|
|
|
int keylen;
|
2017-12-04 17:32:12 +00:00
|
|
|
int buflen;
|
2021-02-18 09:48:18 +00:00
|
|
|
int fetched_cipher = 0;
|
|
|
|
|
BIGNUM *bn = NULL;
|
|
|
|
|
EVP_PKEY_CTX *genctx = NULL;
|
2015-12-09 07:26:38 +00:00
|
|
|
#ifndef NO_FORK
|
|
|
|
|
int multi = 0;
|
|
|
|
|
#endif
|
2021-02-18 09:48:18 +00:00
|
|
|
long op_count = 1;
|
2018-04-29 23:13:58 +00:00
|
|
|
openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
|
2018-09-07 06:39:19 +00:00
|
|
|
ECDSA_SECONDS, ECDH_SECONDS,
|
2020-01-18 18:13:02 +00:00
|
|
|
EdDSA_SECONDS, SM2_SECONDS,
|
|
|
|
|
FFDH_SECONDS };
|
2016-07-29 11:22:42 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
static const unsigned char key32[32] = {
|
|
|
|
|
0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
|
|
|
|
|
0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
|
|
|
|
|
0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
|
|
|
|
|
0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
|
|
|
|
|
};
|
2021-02-18 09:48:18 +00:00
|
|
|
static const unsigned char deskey[] = {
|
|
|
|
|
0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, /* key1 */
|
|
|
|
|
0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, /* key2 */
|
|
|
|
|
0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 /* key3 */
|
|
|
|
|
};
|
2019-10-15 21:33:02 +00:00
|
|
|
static const struct {
|
|
|
|
|
const unsigned char *data;
|
|
|
|
|
unsigned int length;
|
|
|
|
|
unsigned int bits;
|
|
|
|
|
} rsa_keys[] = {
|
|
|
|
|
{ test512, sizeof(test512), 512 },
|
|
|
|
|
{ test1024, sizeof(test1024), 1024 },
|
|
|
|
|
{ test2048, sizeof(test2048), 2048 },
|
|
|
|
|
{ test3072, sizeof(test3072), 3072 },
|
2021-02-18 09:48:18 +00:00
|
|
|
{ test4096, sizeof(test4096), 4096 },
|
2019-10-15 21:33:02 +00:00
|
|
|
{ test7680, sizeof(test7680), 7680 },
|
|
|
|
|
{ test15360, sizeof(test15360), 15360 }
|
2015-01-22 03:40:55 +00:00
|
|
|
};
|
2018-06-05 17:56:06 +00:00
|
|
|
uint8_t rsa_doit[RSA_NUM] = { 0 };
|
2017-08-01 18:19:43 +00:00
|
|
|
int primes = RSA_DEFAULT_PRIME_NUM;
|
2020-01-18 18:13:02 +00:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
|
typedef struct ffdh_params_st {
|
|
|
|
|
const char *name;
|
|
|
|
|
unsigned int nid;
|
|
|
|
|
unsigned int bits;
|
|
|
|
|
} FFDH_PARAMS;
|
|
|
|
|
|
|
|
|
|
static const FFDH_PARAMS ffdh_params[FFDH_NUM] = {
|
|
|
|
|
{"ffdh2048", NID_ffdhe2048, 2048},
|
|
|
|
|
{"ffdh3072", NID_ffdhe3072, 3072},
|
|
|
|
|
{"ffdh4096", NID_ffdhe4096, 4096},
|
|
|
|
|
{"ffdh6144", NID_ffdhe6144, 6144},
|
|
|
|
|
{"ffdh8192", NID_ffdhe8192, 8192}
|
|
|
|
|
};
|
|
|
|
|
uint8_t ffdh_doit[FFDH_NUM] = { 0 };
|
|
|
|
|
|
|
|
|
|
#endif /* OPENSSL_NO_DH */
|
2016-07-19 21:54:21 +00:00
|
|
|
static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
|
2018-06-05 17:56:06 +00:00
|
|
|
uint8_t dsa_doit[DSA_NUM] = { 0 };
|
2015-01-22 03:40:55 +00:00
|
|
|
/*
|
|
|
|
|
* We only test over the following curves as they are representative, To
|
|
|
|
|
* add tests over more curves, simply add the curve NID and curve name to
|
2018-05-09 20:27:27 +00:00
|
|
|
* the following arrays and increase the |ecdh_choices| and |ecdsa_choices|
|
|
|
|
|
* lists accordingly.
|
2015-01-22 03:40:55 +00:00
|
|
|
*/
|
2019-10-15 21:33:02 +00:00
|
|
|
static const EC_CURVE ec_curves[EC_NUM] = {
|
2015-01-22 03:40:55 +00:00
|
|
|
/* Prime Curves */
|
2016-11-28 22:36:50 +00:00
|
|
|
{"secp160r1", NID_secp160r1, 160},
|
|
|
|
|
{"nistp192", NID_X9_62_prime192v1, 192},
|
|
|
|
|
{"nistp224", NID_secp224r1, 224},
|
|
|
|
|
{"nistp256", NID_X9_62_prime256v1, 256},
|
2018-12-20 11:59:31 +00:00
|
|
|
{"nistp384", NID_secp384r1, 384},
|
2016-11-28 22:36:50 +00:00
|
|
|
{"nistp521", NID_secp521r1, 521},
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_EC2M
|
2015-01-22 03:40:55 +00:00
|
|
|
/* Binary Curves */
|
2016-11-28 22:36:50 +00:00
|
|
|
{"nistk163", NID_sect163k1, 163},
|
2018-12-20 11:59:31 +00:00
|
|
|
{"nistk233", NID_sect233k1, 233},
|
2016-11-28 22:36:50 +00:00
|
|
|
{"nistk283", NID_sect283k1, 283},
|
|
|
|
|
{"nistk409", NID_sect409k1, 409},
|
|
|
|
|
{"nistk571", NID_sect571k1, 571},
|
|
|
|
|
{"nistb163", NID_sect163r2, 163},
|
|
|
|
|
{"nistb233", NID_sect233r1, 233},
|
|
|
|
|
{"nistb283", NID_sect283r1, 283},
|
|
|
|
|
{"nistb409", NID_sect409r1, 409},
|
|
|
|
|
{"nistb571", NID_sect571r1, 571},
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif
|
2018-05-08 08:34:59 +00:00
|
|
|
{"brainpoolP256r1", NID_brainpoolP256r1, 256},
|
|
|
|
|
{"brainpoolP256t1", NID_brainpoolP256t1, 256},
|
|
|
|
|
{"brainpoolP384r1", NID_brainpoolP384r1, 384},
|
|
|
|
|
{"brainpoolP384t1", NID_brainpoolP384t1, 384},
|
|
|
|
|
{"brainpoolP512r1", NID_brainpoolP512r1, 512},
|
|
|
|
|
{"brainpoolP512t1", NID_brainpoolP512t1, 512},
|
2018-04-29 23:13:58 +00:00
|
|
|
/* Other and ECDH only ones */
|
2016-11-28 22:36:50 +00:00
|
|
|
{"X25519", NID_X25519, 253},
|
|
|
|
|
{"X448", NID_X448, 448}
|
2015-01-22 03:40:55 +00:00
|
|
|
};
|
2019-10-15 21:33:02 +00:00
|
|
|
static const EC_CURVE ed_curves[EdDSA_NUM] = {
|
2018-09-07 06:39:19 +00:00
|
|
|
/* EdDSA */
|
|
|
|
|
{"Ed25519", NID_ED25519, 253, 64},
|
|
|
|
|
{"Ed448", NID_ED448, 456, 114}
|
|
|
|
|
};
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2019-10-15 21:33:02 +00:00
|
|
|
static const EC_CURVE sm2_curves[SM2_NUM] = {
|
2019-09-29 14:25:10 +00:00
|
|
|
/* SM2 */
|
|
|
|
|
{"CurveSM2", NID_sm2, 256}
|
|
|
|
|
};
|
2018-06-05 17:56:06 +00:00
|
|
|
uint8_t sm2_doit[SM2_NUM] = { 0 };
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif
|
2018-06-05 17:56:06 +00:00
|
|
|
uint8_t ecdsa_doit[ECDSA_NUM] = { 0 };
|
|
|
|
|
uint8_t ecdh_doit[EC_NUM] = { 0 };
|
|
|
|
|
uint8_t eddsa_doit[EdDSA_NUM] = { 0 };
|
2018-05-09 20:27:27 +00:00
|
|
|
|
|
|
|
|
/* checks declarated curves against choices list. */
|
|
|
|
|
OPENSSL_assert(ed_curves[EdDSA_NUM - 1].nid == NID_ED448);
|
|
|
|
|
OPENSSL_assert(strcmp(eddsa_choices[EdDSA_NUM - 1].name, "ed448") == 0);
|
|
|
|
|
|
|
|
|
|
OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448);
|
|
|
|
|
OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0);
|
|
|
|
|
|
|
|
|
|
OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1);
|
|
|
|
|
OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0);
|
|
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2018-05-09 20:27:27 +00:00
|
|
|
OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);
|
|
|
|
|
OPENSSL_assert(strcmp(sm2_choices[SM2_NUM - 1].name, "curveSM2") == 0);
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
|
|
|
|
|
prog = opt_init(argc, argv, speed_options);
|
|
|
|
|
while ((o = opt_next()) != OPT_EOF) {
|
|
|
|
|
switch (o) {
|
|
|
|
|
case OPT_EOF:
|
|
|
|
|
case OPT_ERR:
|
|
|
|
|
opterr:
|
|
|
|
|
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
|
|
|
|
goto end;
|
|
|
|
|
case OPT_HELP:
|
|
|
|
|
opt_help(speed_options);
|
|
|
|
|
ret = 0;
|
|
|
|
|
goto end;
|
|
|
|
|
case OPT_ELAPSED:
|
2015-01-22 03:40:55 +00:00
|
|
|
usertime = 0;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
break;
|
|
|
|
|
case OPT_EVP:
|
2020-12-21 13:23:17 +00:00
|
|
|
if (doit[D_EVP]) {
|
|
|
|
|
BIO_printf(bio_err, "%s: -evp option cannot be used more than once\n", prog);
|
|
|
|
|
goto opterr;
|
|
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
evp_cipher = obtain_cipher(opt_arg(), &fetched_cipher);
|
2021-02-15 18:45:01 +00:00
|
|
|
if (evp_cipher == NULL) {
|
|
|
|
|
if (have_md(opt_arg()))
|
|
|
|
|
evp_md_name = opt_arg();
|
|
|
|
|
}
|
|
|
|
|
if (evp_cipher == NULL && evp_md_name == NULL) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
BIO_printf(bio_err,
|
2016-07-23 13:39:49 +00:00
|
|
|
"%s: %s is an unknown cipher or digest\n",
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
prog, opt_arg());
|
2015-01-22 03:40:55 +00:00
|
|
|
goto end;
|
|
|
|
|
}
|
|
|
|
|
doit[D_EVP] = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
break;
|
2018-08-14 04:04:47 +00:00
|
|
|
case OPT_HMAC:
|
2021-02-15 18:45:01 +00:00
|
|
|
if (!have_md(opt_arg())) {
|
2018-08-14 04:04:47 +00:00
|
|
|
BIO_printf(bio_err, "%s: %s is an unknown digest\n",
|
|
|
|
|
prog, opt_arg());
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
2021-02-15 18:45:01 +00:00
|
|
|
evp_mac_mdname = opt_arg();
|
|
|
|
|
doit[D_HMAC] = 1;
|
2018-08-14 04:04:47 +00:00
|
|
|
break;
|
2019-04-10 20:44:41 +00:00
|
|
|
case OPT_CMAC:
|
2021-02-18 09:48:18 +00:00
|
|
|
if (!have_cipher(opt_arg())) {
|
2019-04-10 20:44:41 +00:00
|
|
|
BIO_printf(bio_err, "%s: %s is an unknown cipher\n",
|
|
|
|
|
prog, opt_arg());
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
evp_mac_ciphername = opt_arg();
|
2019-04-10 20:44:41 +00:00
|
|
|
doit[D_EVP_CMAC] = 1;
|
|
|
|
|
break;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
case OPT_DECRYPT:
|
2015-01-22 03:40:55 +00:00
|
|
|
decrypt = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
break;
|
|
|
|
|
case OPT_ENGINE:
|
2015-12-09 07:26:38 +00:00
|
|
|
/*
|
|
|
|
|
* In a forked execution, an engine might need to be
|
|
|
|
|
* initialised by each child process, not by the parent.
|
|
|
|
|
* So store the name here and run setup_engine() later on.
|
|
|
|
|
*/
|
|
|
|
|
engine_id = opt_arg();
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
break;
|
|
|
|
|
case OPT_MULTI:
|
2015-05-15 17:50:38 +00:00
|
|
|
#ifndef NO_FORK
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
multi = atoi(opt_arg());
|
2015-12-09 07:26:38 +00:00
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
case OPT_ASYNCJOBS:
|
2016-03-07 16:55:39 +00:00
|
|
|
#ifndef OPENSSL_NO_ASYNC
|
2015-12-09 07:26:38 +00:00
|
|
|
async_jobs = atoi(opt_arg());
|
2016-03-07 16:55:39 +00:00
|
|
|
if (!ASYNC_is_capable()) {
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
"%s: async_jobs specified but async not supported\n",
|
|
|
|
|
prog);
|
|
|
|
|
goto opterr;
|
|
|
|
|
}
|
2017-02-21 05:58:04 +00:00
|
|
|
if (async_jobs > 99999) {
|
2018-04-29 23:13:58 +00:00
|
|
|
BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
|
2017-02-21 05:58:04 +00:00
|
|
|
goto opterr;
|
|
|
|
|
}
|
2015-01-27 15:06:22 +00:00
|
|
|
#endif
|
2015-05-15 17:50:38 +00:00
|
|
|
break;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
case OPT_MISALIGN:
|
|
|
|
|
if (!opt_int(opt_arg(), &misalign))
|
2015-01-22 03:40:55 +00:00
|
|
|
goto end;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
if (misalign > MISALIGN) {
|
2015-01-22 03:40:55 +00:00
|
|
|
BIO_printf(bio_err,
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
"%s: Maximum offset is %d\n", prog, MISALIGN);
|
|
|
|
|
goto opterr;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
break;
|
|
|
|
|
case OPT_MR:
|
|
|
|
|
mr = 1;
|
|
|
|
|
break;
|
|
|
|
|
case OPT_MB:
|
|
|
|
|
multiblock = 1;
|
2016-08-03 22:23:39 +00:00
|
|
|
#ifdef OPENSSL_NO_MULTIBLOCK
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
"%s: -mb specified but multi-block support is disabled\n",
|
|
|
|
|
prog);
|
|
|
|
|
goto end;
|
|
|
|
|
#endif
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
break;
|
2017-07-05 14:58:48 +00:00
|
|
|
case OPT_R_CASES:
|
|
|
|
|
if (!opt_rand(o))
|
|
|
|
|
goto end;
|
|
|
|
|
break;
|
2020-02-25 04:29:30 +00:00
|
|
|
case OPT_PROV_CASES:
|
|
|
|
|
if (!opt_provider(o))
|
|
|
|
|
goto end;
|
|
|
|
|
break;
|
2017-08-01 18:19:43 +00:00
|
|
|
case OPT_PRIMES:
|
|
|
|
|
if (!opt_int(opt_arg(), &primes))
|
|
|
|
|
goto end;
|
|
|
|
|
break;
|
2017-12-02 09:05:35 +00:00
|
|
|
case OPT_SECONDS:
|
|
|
|
|
seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
|
2019-09-29 14:25:10 +00:00
|
|
|
= seconds.ecdh = seconds.eddsa
|
2020-01-18 18:13:02 +00:00
|
|
|
= seconds.sm2 = seconds.ffdh = atoi(opt_arg());
|
2017-12-02 09:05:35 +00:00
|
|
|
break;
|
|
|
|
|
case OPT_BYTES:
|
|
|
|
|
lengths_single = atoi(opt_arg());
|
|
|
|
|
lengths = &lengths_single;
|
|
|
|
|
size_num = 1;
|
|
|
|
|
break;
|
2018-05-19 13:43:11 +00:00
|
|
|
case OPT_AEAD:
|
|
|
|
|
aead = 1;
|
|
|
|
|
break;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
}
|
|
|
|
|
}
|
2020-11-28 21:12:58 +00:00
|
|
|
|
|
|
|
|
/* Remaining arguments are algorithms. */
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
argc = opt_num_rest();
|
|
|
|
|
argv = opt_rest();
|
|
|
|
|
|
2021-02-08 18:45:23 +00:00
|
|
|
app_RAND_load();
|
2016-10-04 06:20:49 +00:00
|
|
|
for (; *argv; argv++) {
|
2018-06-05 17:56:06 +00:00
|
|
|
const char *algo = *argv;
|
|
|
|
|
|
2018-05-09 20:27:27 +00:00
|
|
|
if (opt_found(algo, doit_choices, &i)) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
doit[i] = 1;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2018-06-05 17:56:06 +00:00
|
|
|
if (strcmp(algo, "des") == 0) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
doit[D_CBC_DES] = doit[D_EDE3_DES] = 1;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2018-06-05 17:56:06 +00:00
|
|
|
if (strcmp(algo, "sha") == 0) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2020-12-17 20:37:15 +00:00
|
|
|
#ifndef OPENSSL_NO_DEPRECATED_3_0
|
2018-06-05 17:56:06 +00:00
|
|
|
if (strcmp(algo, "openssl") == 0) /* just for compatibility */
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
continue;
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif
|
2018-06-05 17:56:06 +00:00
|
|
|
if (strncmp(algo, "rsa", 3) == 0) {
|
|
|
|
|
if (algo[3] == '\0') {
|
|
|
|
|
memset(rsa_doit, 1, sizeof(rsa_doit));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2018-05-09 20:27:27 +00:00
|
|
|
if (opt_found(algo, rsa_choices, &i)) {
|
2018-06-05 17:56:06 +00:00
|
|
|
rsa_doit[i] = 1;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
}
|
2020-01-18 18:13:02 +00:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
|
if (strncmp(algo, "ffdh", 4) == 0) {
|
|
|
|
|
if (algo[4] == '\0') {
|
|
|
|
|
memset(ffdh_doit, 1, sizeof(ffdh_doit));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if (opt_found(algo, ffdh_choices, &i)) {
|
|
|
|
|
ffdh_doit[i] = 2;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2018-06-05 17:56:06 +00:00
|
|
|
if (strncmp(algo, "dsa", 3) == 0) {
|
|
|
|
|
if (algo[3] == '\0') {
|
|
|
|
|
memset(dsa_doit, 1, sizeof(dsa_doit));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2018-05-09 20:27:27 +00:00
|
|
|
if (opt_found(algo, dsa_choices, &i)) {
|
2018-06-05 17:56:06 +00:00
|
|
|
dsa_doit[i] = 2;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
}
|
2018-06-05 17:56:06 +00:00
|
|
|
if (strcmp(algo, "aes") == 0) {
|
2016-10-04 06:20:49 +00:00
|
|
|
doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
2018-06-05 17:56:06 +00:00
|
|
|
if (strcmp(algo, "camellia") == 0) {
|
2016-10-04 06:20:49 +00:00
|
|
|
doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
2018-06-05 17:56:06 +00:00
|
|
|
if (strncmp(algo, "ecdsa", 5) == 0) {
|
|
|
|
|
if (algo[5] == '\0') {
|
|
|
|
|
memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2018-05-09 20:27:27 +00:00
|
|
|
if (opt_found(algo, ecdsa_choices, &i)) {
|
2018-06-05 17:56:06 +00:00
|
|
|
ecdsa_doit[i] = 2;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2018-06-05 17:56:06 +00:00
|
|
|
if (strncmp(algo, "ecdh", 4) == 0) {
|
|
|
|
|
if (algo[4] == '\0') {
|
|
|
|
|
memset(ecdh_doit, 1, sizeof(ecdh_doit));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2018-05-09 20:27:27 +00:00
|
|
|
if (opt_found(algo, ecdh_choices, &i)) {
|
2018-06-05 17:56:06 +00:00
|
|
|
ecdh_doit[i] = 2;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2018-09-07 06:39:19 +00:00
|
|
|
}
|
2018-05-09 20:27:27 +00:00
|
|
|
if (strcmp(algo, "eddsa") == 0) {
|
|
|
|
|
memset(eddsa_doit, 1, sizeof(eddsa_doit));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if (opt_found(algo, eddsa_choices, &i)) {
|
|
|
|
|
eddsa_doit[i] = 2;
|
|
|
|
|
continue;
|
2018-09-07 06:39:19 +00:00
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2018-06-05 17:56:06 +00:00
|
|
|
if (strcmp(algo, "sm2") == 0) {
|
|
|
|
|
memset(sm2_doit, 1, sizeof(sm2_doit));
|
2019-09-29 14:25:10 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
2018-05-09 20:27:27 +00:00
|
|
|
if (opt_found(algo, sm2_choices, &i)) {
|
2019-09-29 14:25:10 +00:00
|
|
|
sm2_doit[i] = 2;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif
|
2018-06-05 17:56:06 +00:00
|
|
|
BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, algo);
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
goto end;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2018-05-19 13:43:11 +00:00
|
|
|
/* Sanity checks */
|
|
|
|
|
if (aead) {
|
|
|
|
|
if (evp_cipher == NULL) {
|
|
|
|
|
BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
|
|
|
|
|
goto end;
|
|
|
|
|
} else if (!(EVP_CIPHER_flags(evp_cipher) &
|
|
|
|
|
EVP_CIPH_FLAG_AEAD_CIPHER)) {
|
|
|
|
|
BIO_printf(bio_err, "%s is not an AEAD cipher\n",
|
2021-03-26 16:57:16 +00:00
|
|
|
EVP_CIPHER_name(evp_cipher));
|
2018-05-19 13:43:11 +00:00
|
|
|
goto end;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (multiblock) {
|
|
|
|
|
if (evp_cipher == NULL) {
|
2021-02-22 12:20:28 +00:00
|
|
|
BIO_printf(bio_err, "-mb can be used only with a multi-block"
|
|
|
|
|
" capable cipher\n");
|
2018-05-19 13:43:11 +00:00
|
|
|
goto end;
|
|
|
|
|
} else if (!(EVP_CIPHER_flags(evp_cipher) &
|
|
|
|
|
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
|
|
|
|
|
BIO_printf(bio_err, "%s is not a multi-block capable\n",
|
2021-03-26 16:57:16 +00:00
|
|
|
EVP_CIPHER_name(evp_cipher));
|
2018-05-19 13:43:11 +00:00
|
|
|
goto end;
|
|
|
|
|
} else if (async_jobs > 0) {
|
|
|
|
|
BIO_printf(bio_err, "Async mode is not supported with -mb");
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
/* Initialize the job pool if async mode is enabled */
|
|
|
|
|
if (async_jobs > 0) {
|
2016-05-17 15:40:14 +00:00
|
|
|
async_init = ASYNC_init_thread(async_jobs, async_jobs);
|
|
|
|
|
if (!async_init) {
|
2015-12-09 07:26:38 +00:00
|
|
|
BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
|
2016-10-04 06:20:49 +00:00
|
|
|
loopargs =
|
|
|
|
|
app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
|
2015-12-09 07:26:38 +00:00
|
|
|
memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
|
|
|
|
|
|
2016-02-18 10:56:53 +00:00
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2016-02-29 11:28:55 +00:00
|
|
|
if (async_jobs > 0) {
|
|
|
|
|
loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new();
|
|
|
|
|
if (loopargs[i].wait_ctx == NULL) {
|
|
|
|
|
BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n");
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-21 12:26:54 +00:00
|
|
|
buflen = lengths[size_num - 1];
|
2019-07-02 08:04:04 +00:00
|
|
|
if (buflen < 36) /* size of random vector in RSA benchmark */
|
2018-05-21 12:26:54 +00:00
|
|
|
buflen = 36;
|
|
|
|
|
buflen += MAX_MISALIGNMENT + 1;
|
2017-12-04 17:32:12 +00:00
|
|
|
loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
|
|
|
|
|
loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
|
|
|
|
|
memset(loopargs[i].buf_malloc, 0, buflen);
|
|
|
|
|
memset(loopargs[i].buf2_malloc, 0, buflen);
|
|
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
/* Align the start of buffers on a 64 byte boundary */
|
|
|
|
|
loopargs[i].buf = loopargs[i].buf_malloc + misalign;
|
|
|
|
|
loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
|
2016-02-18 10:56:53 +00:00
|
|
|
loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
|
|
|
|
|
loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
|
2020-01-18 18:13:02 +00:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
|
loopargs[i].secret_ff_a = app_malloc(MAX_FFDH_SIZE, "FFDH secret a");
|
|
|
|
|
loopargs[i].secret_ff_b = app_malloc(MAX_FFDH_SIZE, "FFDH secret b");
|
2016-02-18 10:56:53 +00:00
|
|
|
#endif
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
|
|
|
|
|
2015-01-27 15:06:22 +00:00
|
|
|
#ifndef NO_FORK
|
2017-12-02 09:05:35 +00:00
|
|
|
if (multi && do_multi(multi, size_num))
|
2015-01-22 03:40:55 +00:00
|
|
|
goto show_res;
|
2015-01-27 15:06:22 +00:00
|
|
|
#endif
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
/* Initialize the engine after the fork */
|
2016-09-28 21:39:18 +00:00
|
|
|
e = setup_engine(engine_id, 0);
|
2015-12-09 07:26:38 +00:00
|
|
|
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
/* No parameters; turn on everything. */
|
2021-02-15 18:45:01 +00:00
|
|
|
if (argc == 0 && !doit[D_EVP] && !doit[D_HMAC] && !doit[D_EVP_CMAC]) {
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_MAC *mac;
|
|
|
|
|
|
2018-06-05 17:56:06 +00:00
|
|
|
memset(doit, 1, sizeof(doit));
|
2021-02-15 18:45:01 +00:00
|
|
|
doit[D_EVP] = doit[D_EVP_CMAC] = 0;
|
2021-02-18 09:48:18 +00:00
|
|
|
ERR_set_mark();
|
2021-02-15 18:45:01 +00:00
|
|
|
for (i = D_MD2; i <= D_WHIRLPOOL; i++) {
|
|
|
|
|
if (!have_md(names[i]))
|
|
|
|
|
doit[i] = 0;
|
|
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
for (i = D_CBC_DES; i <= D_CBC_256_CML; i++) {
|
|
|
|
|
if (!have_cipher(names[i]))
|
|
|
|
|
doit[i] = 0;
|
|
|
|
|
}
|
|
|
|
|
if ((mac = EVP_MAC_fetch(NULL, "GMAC", NULL)) != NULL)
|
|
|
|
|
EVP_MAC_free(mac);
|
|
|
|
|
else
|
|
|
|
|
doit[D_GHASH] = 0;
|
|
|
|
|
if ((mac = EVP_MAC_fetch(NULL, "HMAC", NULL)) != NULL)
|
|
|
|
|
EVP_MAC_free(mac);
|
|
|
|
|
else
|
|
|
|
|
doit[D_HMAC] = 0;
|
|
|
|
|
ERR_pop_to_mark();
|
2018-06-05 17:56:06 +00:00
|
|
|
memset(rsa_doit, 1, sizeof(rsa_doit));
|
2020-01-18 18:13:02 +00:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
|
memset(ffdh_doit, 1, sizeof(ffdh_doit));
|
|
|
|
|
#endif
|
2018-06-05 17:56:06 +00:00
|
|
|
memset(dsa_doit, 1, sizeof(dsa_doit));
|
|
|
|
|
memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
|
|
|
|
|
memset(ecdh_doit, 1, sizeof(ecdh_doit));
|
|
|
|
|
memset(eddsa_doit, 1, sizeof(eddsa_doit));
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2018-06-05 17:56:06 +00:00
|
|
|
memset(sm2_doit, 1, sizeof(sm2_doit));
|
2015-01-27 15:06:22 +00:00
|
|
|
#endif
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
for (i = 0; i < ALGOR_NUM; i++)
|
|
|
|
|
if (doit[i])
|
|
|
|
|
pr_header++;
|
|
|
|
|
|
|
|
|
|
if (usertime == 0 && !mr)
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
"You have chosen to measure elapsed time "
|
|
|
|
|
"instead of user CPU time.\n");
|
|
|
|
|
|
2021-02-15 16:24:44 +00:00
|
|
|
#if SIGALRM > 0
|
2018-05-19 13:53:29 +00:00
|
|
|
signal(SIGALRM, alarmed);
|
2021-02-15 16:24:44 +00:00
|
|
|
#endif
|
2015-01-22 03:40:55 +00:00
|
|
|
|
|
|
|
|
if (doit[D_MD2]) {
|
2017-12-02 09:05:35 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
|
|
|
|
print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum],
|
|
|
|
|
seconds.sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2015-12-09 07:26:38 +00:00
|
|
|
count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 07:26:38 +00:00
|
|
|
print_result(D_MD2, testnum, count, d);
|
2021-02-15 18:45:01 +00:00
|
|
|
if (count < 0)
|
|
|
|
|
break;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
2021-02-15 18:45:01 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (doit[D_MDC2]) {
|
2017-12-02 09:05:35 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
|
|
|
|
print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum],
|
|
|
|
|
seconds.sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2015-12-09 07:26:38 +00:00
|
|
|
count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 07:26:38 +00:00
|
|
|
print_result(D_MDC2, testnum, count, d);
|
2019-10-19 14:38:21 +00:00
|
|
|
if (count < 0)
|
|
|
|
|
break;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (doit[D_MD4]) {
|
2017-12-02 09:05:35 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
|
|
|
|
print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum],
|
|
|
|
|
seconds.sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2015-12-09 07:26:38 +00:00
|
|
|
count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 07:26:38 +00:00
|
|
|
print_result(D_MD4, testnum, count, d);
|
2019-10-19 14:38:21 +00:00
|
|
|
if (count < 0)
|
|
|
|
|
break;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
2000-08-14 14:05:53 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (doit[D_MD5]) {
|
2017-12-02 09:05:35 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
|
|
|
|
print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum],
|
|
|
|
|
seconds.sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2015-12-09 07:26:38 +00:00
|
|
|
count = run_benchmark(async_jobs, MD5_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 07:26:38 +00:00
|
|
|
print_result(D_MD5, testnum, count, d);
|
2021-02-15 18:45:01 +00:00
|
|
|
if (count < 0)
|
|
|
|
|
break;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (doit[D_SHA1]) {
|
2017-12-02 09:05:35 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
|
|
|
|
print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum],
|
|
|
|
|
seconds.sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2015-12-09 07:26:38 +00:00
|
|
|
count = run_benchmark(async_jobs, SHA1_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 07:26:38 +00:00
|
|
|
print_result(D_SHA1, testnum, count, d);
|
2021-02-15 18:45:01 +00:00
|
|
|
if (count < 0)
|
|
|
|
|
break;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
2021-02-15 18:45:01 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (doit[D_SHA256]) {
|
2017-12-02 09:05:35 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2016-10-04 06:20:49 +00:00
|
|
|
print_message(names[D_SHA256], c[D_SHA256][testnum],
|
2017-12-02 09:05:35 +00:00
|
|
|
lengths[testnum], seconds.sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2015-12-09 07:26:38 +00:00
|
|
|
count = run_benchmark(async_jobs, SHA256_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 07:26:38 +00:00
|
|
|
print_result(D_SHA256, testnum, count, d);
|
2021-02-15 18:45:01 +00:00
|
|
|
if (count < 0)
|
|
|
|
|
break;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
2021-02-15 18:45:01 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (doit[D_SHA512]) {
|
2017-12-02 09:05:35 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2016-10-04 06:20:49 +00:00
|
|
|
print_message(names[D_SHA512], c[D_SHA512][testnum],
|
2017-12-02 09:05:35 +00:00
|
|
|
lengths[testnum], seconds.sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2015-12-09 07:26:38 +00:00
|
|
|
count = run_benchmark(async_jobs, SHA512_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 07:26:38 +00:00
|
|
|
print_result(D_SHA512, testnum, count, d);
|
2021-02-15 18:45:01 +00:00
|
|
|
if (count < 0)
|
|
|
|
|
break;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
2021-02-15 18:45:01 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (doit[D_WHIRLPOOL]) {
|
2017-12-02 09:05:35 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2016-10-04 06:20:49 +00:00
|
|
|
print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum],
|
2017-12-02 09:05:35 +00:00
|
|
|
lengths[testnum], seconds.sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2015-12-09 07:26:38 +00:00
|
|
|
count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 07:26:38 +00:00
|
|
|
print_result(D_WHIRLPOOL, testnum, count, d);
|
2021-02-15 18:45:01 +00:00
|
|
|
if (count < 0)
|
|
|
|
|
break;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
2004-07-25 18:57:35 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (doit[D_RMD160]) {
|
2017-12-02 09:05:35 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2016-10-04 06:20:49 +00:00
|
|
|
print_message(names[D_RMD160], c[D_RMD160][testnum],
|
2017-12-02 09:05:35 +00:00
|
|
|
lengths[testnum], seconds.sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2015-12-09 07:26:38 +00:00
|
|
|
count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 07:26:38 +00:00
|
|
|
print_result(D_RMD160, testnum, count, d);
|
2019-10-19 14:38:21 +00:00
|
|
|
if (count < 0)
|
|
|
|
|
break;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
2021-02-15 18:45:01 +00:00
|
|
|
|
|
|
|
|
if (doit[D_HMAC]) {
|
|
|
|
|
static const char hmac_key[] = "This is a key...";
|
|
|
|
|
int len = strlen(hmac_key);
|
|
|
|
|
EVP_MAC *mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
|
|
|
|
|
OSSL_PARAM params[3];
|
|
|
|
|
|
|
|
|
|
if (mac == NULL || evp_mac_mdname == NULL)
|
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
|
|
evp_hmac_name = app_malloc(sizeof("hmac()") + strlen(evp_mac_mdname),
|
|
|
|
|
"HMAC name");
|
|
|
|
|
sprintf(evp_hmac_name, "hmac(%s)", evp_mac_mdname);
|
|
|
|
|
names[D_HMAC] = evp_hmac_name;
|
|
|
|
|
|
|
|
|
|
params[0] =
|
2021-02-22 12:20:28 +00:00
|
|
|
OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
|
|
|
|
|
evp_mac_mdname, 0);
|
2021-02-15 18:45:01 +00:00
|
|
|
params[1] =
|
2021-02-22 12:20:28 +00:00
|
|
|
OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
|
|
|
|
|
(char *)hmac_key, len);
|
2021-02-15 18:45:01 +00:00
|
|
|
params[2] = OSSL_PARAM_construct_end();
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
|
loopargs[i].mctx = EVP_MAC_CTX_new(mac);
|
|
|
|
|
if (loopargs[i].mctx == NULL)
|
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
|
|
if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
|
2021-02-18 09:48:18 +00:00
|
|
|
goto end;
|
2021-02-15 18:45:01 +00:00
|
|
|
}
|
|
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
|
|
|
|
print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
|
|
|
|
|
seconds.sym);
|
|
|
|
|
Time_F(START);
|
|
|
|
|
count = run_benchmark(async_jobs, HMAC_loop, loopargs);
|
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
print_result(D_HMAC, testnum, count, d);
|
|
|
|
|
if (count < 0)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
for (i = 0; i < loopargs_len; i++)
|
|
|
|
|
EVP_MAC_CTX_free(loopargs[i].mctx);
|
|
|
|
|
EVP_MAC_free(mac);
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (doit[D_CBC_DES]) {
|
2021-02-18 09:48:18 +00:00
|
|
|
int st = 1;
|
|
|
|
|
|
|
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
|
loopargs[i].ctx = init_evp_cipher_ctx("des-cbc", deskey,
|
2021-02-22 12:20:28 +00:00
|
|
|
sizeof(deskey) / 3);
|
2021-02-18 09:48:18 +00:00
|
|
|
st = loopargs[i].ctx != NULL;
|
|
|
|
|
}
|
|
|
|
|
algindex = D_CBC_DES;
|
|
|
|
|
for (testnum = 0; st && testnum < size_num; testnum++) {
|
2016-10-04 06:20:49 +00:00
|
|
|
print_message(names[D_CBC_DES], c[D_CBC_DES][testnum],
|
2017-12-02 09:05:35 +00:00
|
|
|
lengths[testnum], seconds.sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2021-02-18 09:48:18 +00:00
|
|
|
count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 07:26:38 +00:00
|
|
|
print_result(D_CBC_DES, testnum, count, d);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2021-02-22 12:20:28 +00:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_CIPHER_CTX_free(loopargs[i].ctx);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2006-12-01 21:42:55 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (doit[D_EDE3_DES]) {
|
2021-02-18 09:48:18 +00:00
|
|
|
int st = 1;
|
2016-04-13 10:28:45 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
|
loopargs[i].ctx = init_evp_cipher_ctx("des-ede3-cbc", deskey,
|
|
|
|
|
sizeof(deskey));
|
|
|
|
|
st = loopargs[i].ctx != NULL;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
algindex = D_EDE3_DES;
|
|
|
|
|
for (testnum = 0; st && testnum < size_num; testnum++) {
|
|
|
|
|
print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum],
|
2017-12-02 09:05:35 +00:00
|
|
|
lengths[testnum], seconds.sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2016-10-04 06:20:49 +00:00
|
|
|
count =
|
2021-02-18 09:48:18 +00:00
|
|
|
run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2021-02-18 09:48:18 +00:00
|
|
|
print_result(D_EDE3_DES, testnum, count, d);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2021-02-22 12:20:28 +00:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_CIPHER_CTX_free(loopargs[i].ctx);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2007-05-13 12:57:59 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
for (k = 0; k < 3; k++) {
|
|
|
|
|
algindex = D_CBC_128_AES + k;
|
|
|
|
|
if (doit[algindex]) {
|
|
|
|
|
int st = 1;
|
2019-12-05 17:09:49 +00:00
|
|
|
|
2021-04-06 12:26:25 +00:00
|
|
|
keylen = 16 + k * 8;
|
2021-02-18 09:48:18 +00:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
|
loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
|
|
|
|
|
key32, keylen);
|
|
|
|
|
st = loopargs[i].ctx != NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (testnum = 0; st && testnum < size_num; testnum++) {
|
|
|
|
|
print_message(names[algindex], c[algindex][testnum],
|
|
|
|
|
lengths[testnum], seconds.sym);
|
|
|
|
|
Time_F(START);
|
|
|
|
|
count =
|
|
|
|
|
run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
|
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
print_result(algindex, testnum, count, d);
|
|
|
|
|
}
|
2021-02-22 12:20:28 +00:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_CIPHER_CTX_free(loopargs[i].ctx);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
|
|
|
|
|
for (k = 0; k < 3; k++) {
|
|
|
|
|
algindex = D_CBC_128_CML + k;
|
|
|
|
|
if (doit[algindex]) {
|
|
|
|
|
int st = 1;
|
|
|
|
|
|
2021-04-07 02:48:14 +00:00
|
|
|
keylen = 16 + k * 8;
|
2021-02-18 09:48:18 +00:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
|
loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
|
|
|
|
|
key32, keylen);
|
|
|
|
|
st = loopargs[i].ctx != NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (testnum = 0; st && testnum < size_num; testnum++) {
|
|
|
|
|
print_message(names[algindex], c[algindex][testnum],
|
|
|
|
|
lengths[testnum], seconds.sym);
|
|
|
|
|
Time_F(START);
|
|
|
|
|
count =
|
|
|
|
|
run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
|
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
print_result(algindex, testnum, count, d);
|
|
|
|
|
}
|
2021-02-22 12:20:28 +00:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_CIPHER_CTX_free(loopargs[i].ctx);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
|
|
|
|
|
for (algindex = D_RC4; algindex <= D_CBC_CAST; algindex++) {
|
|
|
|
|
if (doit[algindex]) {
|
|
|
|
|
int st = 1;
|
2021-02-22 12:20:28 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
keylen = 16;
|
|
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
|
loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
|
|
|
|
|
key32, keylen);
|
|
|
|
|
st = loopargs[i].ctx != NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (testnum = 0; st && testnum < size_num; testnum++) {
|
|
|
|
|
print_message(names[algindex], c[algindex][testnum],
|
|
|
|
|
lengths[testnum], seconds.sym);
|
|
|
|
|
Time_F(START);
|
|
|
|
|
count =
|
|
|
|
|
run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
|
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
print_result(algindex, testnum, count, d);
|
|
|
|
|
}
|
2021-02-22 12:20:28 +00:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_CIPHER_CTX_free(loopargs[i].ctx);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (doit[D_GHASH]) {
|
2021-02-18 09:48:18 +00:00
|
|
|
static const char gmac_iv[] = "0123456789ab";
|
|
|
|
|
EVP_MAC *mac = EVP_MAC_fetch(NULL, "GMAC", NULL);
|
2021-02-25 04:12:56 +00:00
|
|
|
OSSL_PARAM params[3];
|
2021-02-18 09:48:18 +00:00
|
|
|
|
|
|
|
|
if (mac == NULL)
|
|
|
|
|
goto end;
|
|
|
|
|
|
2021-02-22 12:20:28 +00:00
|
|
|
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
|
|
|
|
|
"aes-128-gcm", 0);
|
2021-02-25 04:12:56 +00:00
|
|
|
params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
|
2021-02-22 12:20:28 +00:00
|
|
|
(char *)gmac_iv,
|
|
|
|
|
sizeof(gmac_iv) - 1);
|
2021-02-25 04:12:56 +00:00
|
|
|
params[2] = OSSL_PARAM_construct_end();
|
2021-02-18 09:48:18 +00:00
|
|
|
|
2016-02-18 10:56:53 +00:00
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2021-02-18 09:48:18 +00:00
|
|
|
loopargs[i].mctx = EVP_MAC_CTX_new(mac);
|
|
|
|
|
if (loopargs[i].mctx == NULL)
|
|
|
|
|
goto end;
|
2015-01-22 03:40:55 +00:00
|
|
|
|
2021-02-25 04:12:56 +00:00
|
|
|
if (!EVP_MAC_init(loopargs[i].mctx, key32, 16, params))
|
2021-02-18 09:48:18 +00:00
|
|
|
goto end;
|
|
|
|
|
}
|
2017-12-02 09:05:35 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2021-02-18 09:48:18 +00:00
|
|
|
print_message(names[D_GHASH], c[D_GHASH][testnum], lengths[testnum],
|
|
|
|
|
seconds.sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2021-02-18 09:48:18 +00:00
|
|
|
count = run_benchmark(async_jobs, GHASH_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 07:26:38 +00:00
|
|
|
print_result(D_GHASH, testnum, count, d);
|
2021-02-18 09:48:18 +00:00
|
|
|
if (count < 0)
|
|
|
|
|
break;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2016-02-18 10:56:53 +00:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_MAC_CTX_free(loopargs[i].mctx);
|
|
|
|
|
EVP_MAC_free(mac);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
|
2017-10-07 09:38:19 +00:00
|
|
|
if (doit[D_RAND]) {
|
2017-12-02 09:05:35 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
|
|
|
|
print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum],
|
|
|
|
|
seconds.sym);
|
2017-10-07 09:38:19 +00:00
|
|
|
Time_F(START);
|
|
|
|
|
count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs);
|
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
print_result(D_RAND, testnum, count, d);
|
|
|
|
|
}
|
|
|
|
|
}
|
2006-06-09 15:44:59 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (doit[D_EVP]) {
|
2018-05-19 13:43:11 +00:00
|
|
|
if (evp_cipher != NULL) {
|
2019-10-19 17:37:01 +00:00
|
|
|
int (*loopfunc) (void *) = EVP_Update_loop;
|
2018-05-19 13:43:11 +00:00
|
|
|
|
|
|
|
|
if (multiblock && (EVP_CIPHER_flags(evp_cipher) &
|
|
|
|
|
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
|
|
|
|
|
multiblock_speed(evp_cipher, lengths_single, &seconds);
|
|
|
|
|
ret = 0;
|
2015-01-22 03:40:55 +00:00
|
|
|
goto end;
|
|
|
|
|
}
|
2018-05-19 13:43:11 +00:00
|
|
|
|
2021-03-26 16:57:16 +00:00
|
|
|
names[D_EVP] = EVP_CIPHER_name(evp_cipher);
|
2018-05-19 13:43:11 +00:00
|
|
|
|
|
|
|
|
if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
|
|
|
|
|
loopfunc = EVP_Update_loop_ccm;
|
|
|
|
|
} else if (aead && (EVP_CIPHER_flags(evp_cipher) &
|
|
|
|
|
EVP_CIPH_FLAG_AEAD_CIPHER)) {
|
|
|
|
|
loopfunc = EVP_Update_loop_aead;
|
|
|
|
|
if (lengths == lengths_list) {
|
|
|
|
|
lengths = aead_lengths_list;
|
|
|
|
|
size_num = OSSL_NELEM(aead_lengths_list);
|
|
|
|
|
}
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
2015-01-22 03:40:55 +00:00
|
|
|
|
2018-05-19 13:43:11 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2019-10-19 17:37:01 +00:00
|
|
|
print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
|
2017-12-02 09:05:35 +00:00
|
|
|
seconds.sym);
|
2015-12-09 07:26:38 +00:00
|
|
|
|
|
|
|
|
for (k = 0; k < loopargs_len; k++) {
|
|
|
|
|
loopargs[k].ctx = EVP_CIPHER_CTX_new();
|
2019-04-13 08:01:09 +00:00
|
|
|
if (loopargs[k].ctx == NULL) {
|
|
|
|
|
BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL,
|
|
|
|
|
NULL, iv, decrypt ? 0 : 1)) {
|
|
|
|
|
BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
2017-12-04 16:40:23 +00:00
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
|
2017-12-04 16:40:23 +00:00
|
|
|
|
|
|
|
|
keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx);
|
|
|
|
|
loopargs[k].key = app_malloc(keylen, "evp_cipher key");
|
|
|
|
|
EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
|
2019-04-13 08:01:09 +00:00
|
|
|
if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
|
|
|
|
|
loopargs[k].key, NULL, -1)) {
|
|
|
|
|
BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
2017-12-04 16:40:23 +00:00
|
|
|
OPENSSL_clear_free(loopargs[k].key, keylen);
|
2017-05-19 14:27:28 +00:00
|
|
|
|
|
|
|
|
/* SIV mode only allows for a single Update operation */
|
|
|
|
|
if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_SIV_MODE)
|
2021-02-22 12:20:28 +00:00
|
|
|
EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, EVP_CTRL_SET_SPEED,
|
|
|
|
|
1, NULL);
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
2015-01-22 03:40:55 +00:00
|
|
|
|
|
|
|
|
Time_F(START);
|
2017-02-20 16:49:36 +00:00
|
|
|
count = run_benchmark(async_jobs, loopfunc, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2021-02-22 12:20:28 +00:00
|
|
|
for (k = 0; k < loopargs_len; k++)
|
2015-12-09 07:26:38 +00:00
|
|
|
EVP_CIPHER_CTX_free(loopargs[k].ctx);
|
2018-05-19 13:43:11 +00:00
|
|
|
print_result(D_EVP, testnum, count, d);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2021-02-15 18:45:01 +00:00
|
|
|
} else if (evp_md_name != NULL) {
|
|
|
|
|
names[D_EVP] = evp_md_name;
|
2018-05-19 13:43:11 +00:00
|
|
|
|
|
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2019-10-19 17:37:01 +00:00
|
|
|
print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
|
2017-12-02 09:05:35 +00:00
|
|
|
seconds.sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2021-02-15 18:45:01 +00:00
|
|
|
count = run_benchmark(async_jobs, EVP_Digest_md_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
2018-05-19 13:43:11 +00:00
|
|
|
print_result(D_EVP, testnum, count, d);
|
2021-02-15 18:45:01 +00:00
|
|
|
if (count < 0)
|
|
|
|
|
break;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
if (doit[D_EVP_CMAC]) {
|
|
|
|
|
EVP_MAC *mac = EVP_MAC_fetch(NULL, "CMAC", NULL);
|
|
|
|
|
OSSL_PARAM params[3];
|
|
|
|
|
EVP_CIPHER *cipher;
|
|
|
|
|
int fetched = 0;
|
2019-10-19 17:37:01 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
if (mac == NULL || evp_mac_ciphername == NULL)
|
|
|
|
|
goto end;
|
|
|
|
|
if ((cipher = obtain_cipher(evp_mac_ciphername, &fetched)) == NULL)
|
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
|
|
keylen = EVP_CIPHER_key_length(cipher);
|
|
|
|
|
if (fetched)
|
|
|
|
|
EVP_CIPHER_free(cipher);
|
|
|
|
|
if (keylen <= 0 || keylen > (int)sizeof(key32)) {
|
|
|
|
|
BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n");
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
2021-02-22 12:20:28 +00:00
|
|
|
evp_cmac_name = app_malloc(sizeof("cmac()")
|
|
|
|
|
+ strlen(evp_mac_ciphername), "CMAC name");
|
2021-02-18 09:48:18 +00:00
|
|
|
sprintf(evp_cmac_name, "cmac(%s)", evp_mac_ciphername);
|
2019-10-19 17:37:01 +00:00
|
|
|
names[D_EVP_CMAC] = evp_cmac_name;
|
|
|
|
|
|
2021-02-22 12:20:28 +00:00
|
|
|
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
|
|
|
|
|
evp_mac_ciphername, 0);
|
|
|
|
|
params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
|
|
|
|
|
(char *)key32, keylen);
|
2021-02-18 09:48:18 +00:00
|
|
|
params[2] = OSSL_PARAM_construct_end();
|
|
|
|
|
|
2019-10-19 17:37:01 +00:00
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2021-02-18 09:48:18 +00:00
|
|
|
loopargs[i].mctx = EVP_MAC_CTX_new(mac);
|
|
|
|
|
if (loopargs[i].mctx == NULL)
|
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
|
|
if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
|
|
|
|
|
goto end;
|
2019-04-10 20:44:41 +00:00
|
|
|
}
|
2021-02-22 12:20:28 +00:00
|
|
|
|
2019-10-19 17:37:01 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2021-02-22 12:20:28 +00:00
|
|
|
print_message(names[D_EVP_CMAC], c[D_EVP_CMAC][testnum],
|
|
|
|
|
lengths[testnum], seconds.sym);
|
2019-10-19 17:37:01 +00:00
|
|
|
Time_F(START);
|
2021-02-18 09:48:18 +00:00
|
|
|
count = run_benchmark(async_jobs, CMAC_loop, loopargs);
|
2019-10-19 17:37:01 +00:00
|
|
|
d = Time_F(STOP);
|
|
|
|
|
print_result(D_EVP_CMAC, testnum, count, d);
|
2021-02-18 09:48:18 +00:00
|
|
|
if (count < 0)
|
|
|
|
|
break;
|
2019-10-19 17:37:01 +00:00
|
|
|
}
|
|
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_MAC_CTX_free(loopargs[i].mctx);
|
|
|
|
|
EVP_MAC_free(mac);
|
2019-04-10 20:44:41 +00:00
|
|
|
}
|
|
|
|
|
|
2016-02-18 10:56:53 +00:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2018-06-24 07:28:33 +00:00
|
|
|
if (RAND_bytes(loopargs[i].buf, 36) <= 0)
|
|
|
|
|
goto end;
|
2015-12-09 07:26:38 +00:00
|
|
|
|
|
|
|
|
for (testnum = 0; testnum < RSA_NUM; testnum++) {
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_PKEY *rsa_key = NULL;
|
2015-12-09 07:26:38 +00:00
|
|
|
int st = 0;
|
2021-02-18 09:48:18 +00:00
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
if (!rsa_doit[testnum])
|
2015-01-22 03:40:55 +00:00
|
|
|
continue;
|
2017-08-01 18:19:43 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
if (primes > RSA_DEFAULT_PRIME_NUM) {
|
|
|
|
|
/* we haven't set keys yet, generate multi-prime RSA keys */
|
|
|
|
|
bn = BN_new();
|
|
|
|
|
st = bn != NULL
|
|
|
|
|
&& BN_set_word(bn, RSA_F4)
|
|
|
|
|
&& init_gen_str(&genctx, "RSA", NULL, 0, NULL, NULL)
|
|
|
|
|
&& EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, rsa_keys[testnum].bits) > 0
|
|
|
|
|
&& EVP_PKEY_CTX_set1_rsa_keygen_pubexp(genctx, bn) > 0
|
|
|
|
|
&& EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) > 0
|
|
|
|
|
&& EVP_PKEY_keygen(genctx, &rsa_key);
|
|
|
|
|
BN_free(bn);
|
|
|
|
|
bn = NULL;
|
|
|
|
|
EVP_PKEY_CTX_free(genctx);
|
|
|
|
|
genctx = NULL;
|
|
|
|
|
} else {
|
|
|
|
|
const unsigned char *p = rsa_keys[testnum].data;
|
2017-08-01 18:19:43 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
st = (rsa_key = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p,
|
|
|
|
|
rsa_keys[testnum].length)) != NULL;
|
|
|
|
|
}
|
2017-08-01 18:19:43 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
2021-02-22 12:20:28 +00:00
|
|
|
loopargs[i].rsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL);
|
2021-02-18 09:48:18 +00:00
|
|
|
if (loopargs[i].rsa_sign_ctx[testnum] == NULL
|
|
|
|
|
|| EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0
|
|
|
|
|
|| EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum],
|
|
|
|
|
loopargs[i].buf2,
|
|
|
|
|
&loopargs[i].sigsize,
|
|
|
|
|
loopargs[i].buf, 36) <= 0)
|
|
|
|
|
st = 0;
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
if (!st) {
|
2015-01-22 03:40:55 +00:00
|
|
|
BIO_printf(bio_err,
|
2021-02-18 09:48:18 +00:00
|
|
|
"RSA sign setup failure. No RSA sign will be done.\n");
|
2015-01-22 03:40:55 +00:00
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2015-01-22 03:40:55 +00:00
|
|
|
} else {
|
|
|
|
|
pkey_print_message("private", "rsa",
|
2019-10-15 21:33:02 +00:00
|
|
|
rsa_c[testnum][0], rsa_keys[testnum].bits,
|
2017-12-02 09:05:35 +00:00
|
|
|
seconds.rsa);
|
2015-12-09 07:26:38 +00:00
|
|
|
/* RSA_blinding_on(rsa_key[testnum],NULL); */
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2015-12-09 07:26:38 +00:00
|
|
|
count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
mr ? "+R1:%ld:%d:%.2f\n"
|
2016-11-28 22:36:50 +00:00
|
|
|
: "%ld %u bits private RSA's in %.2fs\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
count, rsa_keys[testnum].bits, d);
|
2016-08-02 08:13:00 +00:00
|
|
|
rsa_results[testnum][0] = (double)count / d;
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = count;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
|
loopargs[i].rsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key,
|
|
|
|
|
NULL);
|
|
|
|
|
if (loopargs[i].rsa_verify_ctx[testnum] == NULL
|
|
|
|
|
|| EVP_PKEY_verify_init(loopargs[i].rsa_verify_ctx[testnum]) <= 0
|
|
|
|
|
|| EVP_PKEY_verify(loopargs[i].rsa_verify_ctx[testnum],
|
|
|
|
|
loopargs[i].buf2,
|
|
|
|
|
loopargs[i].sigsize,
|
|
|
|
|
loopargs[i].buf, 36) <= 0)
|
|
|
|
|
st = 0;
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
if (!st) {
|
2015-01-22 03:40:55 +00:00
|
|
|
BIO_printf(bio_err,
|
2021-02-18 09:48:18 +00:00
|
|
|
"RSA verify setup failure. No RSA verify will be done.\n");
|
2015-01-22 03:40:55 +00:00
|
|
|
ERR_print_errors(bio_err);
|
2015-12-09 07:26:38 +00:00
|
|
|
rsa_doit[testnum] = 0;
|
2015-01-22 03:40:55 +00:00
|
|
|
} else {
|
|
|
|
|
pkey_print_message("public", "rsa",
|
2019-10-15 21:33:02 +00:00
|
|
|
rsa_c[testnum][1], rsa_keys[testnum].bits,
|
2017-12-02 09:05:35 +00:00
|
|
|
seconds.rsa);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2015-12-09 07:26:38 +00:00
|
|
|
count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
mr ? "+R2:%ld:%d:%.2f\n"
|
2016-11-28 22:36:50 +00:00
|
|
|
: "%ld %u bits public RSA's in %.2fs\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
count, rsa_keys[testnum].bits, d);
|
2016-08-02 08:13:00 +00:00
|
|
|
rsa_results[testnum][1] = (double)count / d;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2020-12-02 09:49:49 +00:00
|
|
|
if (op_count <= 1) {
|
2015-01-22 03:40:55 +00:00
|
|
|
/* if longer than 10s, don't do any more */
|
2018-06-05 17:56:06 +00:00
|
|
|
stop_it(rsa_doit, testnum);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_PKEY_free(rsa_key);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2015-12-09 07:26:38 +00:00
|
|
|
|
|
|
|
|
for (testnum = 0; testnum < DSA_NUM; testnum++) {
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_PKEY *dsa_key = NULL;
|
|
|
|
|
int st;
|
|
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
if (!dsa_doit[testnum])
|
2015-01-22 03:40:55 +00:00
|
|
|
continue;
|
|
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
st = (dsa_key = get_dsa(dsa_bits[testnum])) != NULL;
|
|
|
|
|
|
|
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
|
loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
|
|
|
|
|
NULL);
|
|
|
|
|
if (loopargs[i].dsa_sign_ctx[testnum] == NULL
|
|
|
|
|
|| EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0
|
|
|
|
|
|
|
|
|
|
|| EVP_PKEY_sign(loopargs[i].dsa_sign_ctx[testnum],
|
|
|
|
|
loopargs[i].buf2,
|
|
|
|
|
&loopargs[i].sigsize,
|
|
|
|
|
loopargs[i].buf, 20) <= 0)
|
|
|
|
|
st = 0;
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
if (!st) {
|
2015-01-22 03:40:55 +00:00
|
|
|
BIO_printf(bio_err,
|
2021-02-18 09:48:18 +00:00
|
|
|
"DSA sign setup failure. No DSA sign will be done.\n");
|
2015-01-22 03:40:55 +00:00
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2015-01-22 03:40:55 +00:00
|
|
|
} else {
|
|
|
|
|
pkey_print_message("sign", "dsa",
|
2016-10-04 06:20:49 +00:00
|
|
|
dsa_c[testnum][0], dsa_bits[testnum],
|
2017-12-02 09:05:35 +00:00
|
|
|
seconds.dsa);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2015-12-09 07:26:38 +00:00
|
|
|
count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
|
|
|
|
BIO_printf(bio_err,
|
2016-11-28 22:36:50 +00:00
|
|
|
mr ? "+R3:%ld:%u:%.2f\n"
|
|
|
|
|
: "%ld %u bits DSA signs in %.2fs\n",
|
2015-12-09 07:26:38 +00:00
|
|
|
count, dsa_bits[testnum], d);
|
2016-08-02 08:22:27 +00:00
|
|
|
dsa_results[testnum][0] = (double)count / d;
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = count;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2002-08-09 08:43:04 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
|
loopargs[i].dsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
|
|
|
|
|
NULL);
|
|
|
|
|
if (loopargs[i].dsa_verify_ctx[testnum] == NULL
|
|
|
|
|
|| EVP_PKEY_verify_init(loopargs[i].dsa_verify_ctx[testnum]) <= 0
|
|
|
|
|
|| EVP_PKEY_verify(loopargs[i].dsa_verify_ctx[testnum],
|
|
|
|
|
loopargs[i].buf2,
|
|
|
|
|
loopargs[i].sigsize,
|
|
|
|
|
loopargs[i].buf, 36) <= 0)
|
|
|
|
|
st = 0;
|
2015-12-09 07:26:38 +00:00
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
if (!st) {
|
2015-01-22 03:40:55 +00:00
|
|
|
BIO_printf(bio_err,
|
2021-02-18 09:48:18 +00:00
|
|
|
"DSA verify setup failure. No DSA verify will be done.\n");
|
2015-01-22 03:40:55 +00:00
|
|
|
ERR_print_errors(bio_err);
|
2015-12-09 07:26:38 +00:00
|
|
|
dsa_doit[testnum] = 0;
|
2015-01-22 03:40:55 +00:00
|
|
|
} else {
|
|
|
|
|
pkey_print_message("verify", "dsa",
|
2016-10-04 06:20:49 +00:00
|
|
|
dsa_c[testnum][1], dsa_bits[testnum],
|
2017-12-02 09:05:35 +00:00
|
|
|
seconds.dsa);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2015-12-09 07:26:38 +00:00
|
|
|
count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
|
2015-01-22 03:40:55 +00:00
|
|
|
d = Time_F(STOP);
|
|
|
|
|
BIO_printf(bio_err,
|
2016-11-28 22:36:50 +00:00
|
|
|
mr ? "+R4:%ld:%u:%.2f\n"
|
|
|
|
|
: "%ld %u bits DSA verify in %.2fs\n",
|
2015-12-09 07:26:38 +00:00
|
|
|
count, dsa_bits[testnum], d);
|
2016-08-02 08:22:27 +00:00
|
|
|
dsa_results[testnum][1] = (double)count / d;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2002-08-09 08:43:04 +00:00
|
|
|
|
2020-12-02 09:49:49 +00:00
|
|
|
if (op_count <= 1) {
|
2015-01-22 03:40:55 +00:00
|
|
|
/* if longer than 10s, don't do any more */
|
2018-06-05 17:56:06 +00:00
|
|
|
stop_it(dsa_doit, testnum);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_PKEY_free(dsa_key);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2002-08-09 08:43:04 +00:00
|
|
|
|
2018-04-29 23:13:58 +00:00
|
|
|
for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
|
2021-02-18 09:48:18 +00:00
|
|
|
EVP_PKEY *ecdsa_key = NULL;
|
|
|
|
|
int st;
|
2015-01-22 03:40:55 +00:00
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
if (!ecdsa_doit[testnum])
|
2021-02-18 09:48:18 +00:00
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
st = (ecdsa_key = get_ecdsa(&ec_curves[testnum])) != NULL;
|
|
|
|
|
|
|
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
|
loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
|
|
|
|
|
NULL);
|
|
|
|
|
if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL
|
|
|
|
|
|| EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0
|
|
|
|
|
|
|
|
|
|
|| EVP_PKEY_sign(loopargs[i].ecdsa_sign_ctx[testnum],
|
|
|
|
|
loopargs[i].buf2,
|
|
|
|
|
&loopargs[i].sigsize,
|
|
|
|
|
loopargs[i].buf, 20) <= 0)
|
2016-02-18 10:56:53 +00:00
|
|
|
st = 0;
|
|
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
if (!st) {
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
"ECDSA sign setup failure. No ECDSA sign will be done.\n");
|
2015-01-22 03:40:55 +00:00
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2015-01-22 03:40:55 +00:00
|
|
|
} else {
|
2021-02-18 09:48:18 +00:00
|
|
|
pkey_print_message("sign", "ecdsa",
|
|
|
|
|
ecdsa_c[testnum][0], ec_curves[testnum].bits,
|
|
|
|
|
seconds.ecdsa);
|
|
|
|
|
Time_F(START);
|
|
|
|
|
count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
|
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
mr ? "+R5:%ld:%u:%.2f\n"
|
|
|
|
|
: "%ld %u bits ECDSA signs in %.2fs\n",
|
|
|
|
|
count, ec_curves[testnum].bits, d);
|
|
|
|
|
ecdsa_results[testnum][0] = (double)count / d;
|
|
|
|
|
op_count = count;
|
|
|
|
|
}
|
2015-01-22 03:40:55 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
|
loopargs[i].ecdsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
|
2021-02-22 12:20:28 +00:00
|
|
|
NULL);
|
2021-02-18 09:48:18 +00:00
|
|
|
if (loopargs[i].ecdsa_verify_ctx[testnum] == NULL
|
|
|
|
|
|| EVP_PKEY_verify_init(loopargs[i].ecdsa_verify_ctx[testnum]) <= 0
|
|
|
|
|
|| EVP_PKEY_verify(loopargs[i].ecdsa_verify_ctx[testnum],
|
|
|
|
|
loopargs[i].buf2,
|
|
|
|
|
loopargs[i].sigsize,
|
|
|
|
|
loopargs[i].buf, 20) <= 0)
|
|
|
|
|
st = 0;
|
|
|
|
|
}
|
|
|
|
|
if (!st) {
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
"ECDSA verify setup failure. No ECDSA verify will be done.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
ecdsa_doit[testnum] = 0;
|
|
|
|
|
} else {
|
|
|
|
|
pkey_print_message("verify", "ecdsa",
|
|
|
|
|
ecdsa_c[testnum][1], ec_curves[testnum].bits,
|
|
|
|
|
seconds.ecdsa);
|
|
|
|
|
Time_F(START);
|
|
|
|
|
count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
|
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
mr ? "+R6:%ld:%u:%.2f\n"
|
|
|
|
|
: "%ld %u bits ECDSA verify in %.2fs\n",
|
|
|
|
|
count, ec_curves[testnum].bits, d);
|
|
|
|
|
ecdsa_results[testnum][1] = (double)count / d;
|
|
|
|
|
}
|
2015-01-22 03:40:55 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
if (op_count <= 1) {
|
|
|
|
|
/* if longer than 10s, don't do any more */
|
|
|
|
|
stop_it(ecdsa_doit, testnum);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
for (testnum = 0; testnum < EC_NUM; testnum++) {
|
2016-07-19 21:54:21 +00:00
|
|
|
int ecdh_checks = 1;
|
|
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
if (!ecdh_doit[testnum])
|
2015-01-22 03:40:55 +00:00
|
|
|
continue;
|
2016-10-03 17:28:32 +00:00
|
|
|
|
2016-02-18 10:56:53 +00:00
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2016-10-04 13:40:47 +00:00
|
|
|
EVP_PKEY_CTX *test_ctx = NULL;
|
2016-10-04 12:50:11 +00:00
|
|
|
EVP_PKEY_CTX *ctx = NULL;
|
|
|
|
|
EVP_PKEY *key_A = NULL;
|
|
|
|
|
EVP_PKEY *key_B = NULL;
|
2016-10-04 06:17:11 +00:00
|
|
|
size_t outlen;
|
2016-10-04 13:40:47 +00:00
|
|
|
size_t test_outlen;
|
2016-10-03 17:28:32 +00:00
|
|
|
|
2021-02-22 12:20:28 +00:00
|
|
|
if ((key_A = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key A */
|
|
|
|
|
|| (key_B = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key B */
|
|
|
|
|
|| (ctx = EVP_PKEY_CTX_new(key_A, NULL)) == NULL /* derivation ctx from skeyA */
|
|
|
|
|
|| EVP_PKEY_derive_init(ctx) <= 0 /* init derivation ctx */
|
|
|
|
|
|| EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 /* set peer pubkey in ctx */
|
|
|
|
|
|| EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 /* determine max length */
|
|
|
|
|
|| outlen == 0 /* ensure outlen is a valid size */
|
|
|
|
|
|| outlen > MAX_ECDH_SIZE /* avoid buffer overflow */) {
|
2016-10-03 17:28:32 +00:00
|
|
|
ecdh_checks = 0;
|
|
|
|
|
BIO_printf(bio_err, "ECDH key generation failure.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2016-10-03 17:28:32 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-22 12:20:28 +00:00
|
|
|
/*
|
|
|
|
|
* Here we perform a test run, comparing the output of a*B and b*A;
|
2016-10-04 13:40:47 +00:00
|
|
|
* we try this here and assume that further EVP_PKEY_derive calls
|
|
|
|
|
* never fail, so we can skip checks in the actually benchmarked
|
2021-02-22 12:20:28 +00:00
|
|
|
* code, for maximum performance.
|
|
|
|
|
*/
|
|
|
|
|
if ((test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) == NULL /* test ctx from skeyB */
|
|
|
|
|
|| !EVP_PKEY_derive_init(test_ctx) /* init derivation test_ctx */
|
|
|
|
|
|| !EVP_PKEY_derive_set_peer(test_ctx, key_A) /* set peer pubkey in test_ctx */
|
|
|
|
|
|| !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) /* determine max length */
|
|
|
|
|
|| !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) /* compute a*B */
|
|
|
|
|
|| !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) /* compute b*A */
|
|
|
|
|
|| test_outlen != outlen /* compare output length */) {
|
2016-10-04 13:40:47 +00:00
|
|
|
ecdh_checks = 0;
|
|
|
|
|
BIO_printf(bio_err, "ECDH computation failure.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2016-10-04 13:40:47 +00:00
|
|
|
break;
|
|
|
|
|
}
|
2016-10-06 10:17:00 +00:00
|
|
|
|
|
|
|
|
/* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
|
|
|
|
|
if (CRYPTO_memcmp(loopargs[i].secret_a,
|
|
|
|
|
loopargs[i].secret_b, outlen)) {
|
|
|
|
|
ecdh_checks = 0;
|
2016-10-04 13:40:47 +00:00
|
|
|
BIO_printf(bio_err, "ECDH computations don't match.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2016-10-04 13:40:47 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-03 17:28:32 +00:00
|
|
|
loopargs[i].ecdh_ctx[testnum] = ctx;
|
2016-10-04 06:17:11 +00:00
|
|
|
loopargs[i].outlen[testnum] = outlen;
|
2016-10-03 17:28:32 +00:00
|
|
|
|
2017-12-04 15:23:24 +00:00
|
|
|
EVP_PKEY_free(key_A);
|
|
|
|
|
EVP_PKEY_free(key_B);
|
2016-10-04 13:40:47 +00:00
|
|
|
EVP_PKEY_CTX_free(test_ctx);
|
|
|
|
|
test_ctx = NULL;
|
2016-10-03 17:28:32 +00:00
|
|
|
}
|
|
|
|
|
if (ecdh_checks != 0) {
|
|
|
|
|
pkey_print_message("", "ecdh",
|
2016-10-04 06:20:49 +00:00
|
|
|
ecdh_c[testnum][0],
|
2019-10-15 21:33:02 +00:00
|
|
|
ec_curves[testnum].bits, seconds.ecdh);
|
2016-10-03 17:28:32 +00:00
|
|
|
Time_F(START);
|
2016-10-04 06:20:49 +00:00
|
|
|
count =
|
|
|
|
|
run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
|
2016-10-03 17:28:32 +00:00
|
|
|
d = Time_F(STOP);
|
|
|
|
|
BIO_printf(bio_err,
|
2016-10-04 06:20:49 +00:00
|
|
|
mr ? "+R7:%ld:%d:%.2f\n" :
|
2016-11-28 22:36:50 +00:00
|
|
|
"%ld %u-bits ECDH ops in %.2fs\n", count,
|
2019-10-15 21:33:02 +00:00
|
|
|
ec_curves[testnum].bits, d);
|
2016-08-02 08:41:30 +00:00
|
|
|
ecdh_results[testnum][0] = (double)count / d;
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = count;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2002-08-09 08:43:04 +00:00
|
|
|
|
2020-12-02 09:49:49 +00:00
|
|
|
if (op_count <= 1) {
|
2015-01-22 03:40:55 +00:00
|
|
|
/* if longer than 10s, don't do any more */
|
2018-06-05 17:56:06 +00:00
|
|
|
stop_it(ecdh_doit, testnum);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
2018-09-07 06:39:19 +00:00
|
|
|
|
|
|
|
|
for (testnum = 0; testnum < EdDSA_NUM; testnum++) {
|
|
|
|
|
int st = 1;
|
|
|
|
|
EVP_PKEY *ed_pkey = NULL;
|
|
|
|
|
EVP_PKEY_CTX *ed_pctx = NULL;
|
|
|
|
|
|
|
|
|
|
if (!eddsa_doit[testnum])
|
|
|
|
|
continue; /* Ignore Curve */
|
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
|
loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new();
|
|
|
|
|
if (loopargs[i].eddsa_ctx[testnum] == NULL) {
|
|
|
|
|
st = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2020-06-06 15:21:15 +00:00
|
|
|
loopargs[i].eddsa_ctx2[testnum] = EVP_MD_CTX_new();
|
|
|
|
|
if (loopargs[i].eddsa_ctx2[testnum] == NULL) {
|
|
|
|
|
st = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2018-09-07 06:39:19 +00:00
|
|
|
|
2021-02-22 12:20:28 +00:00
|
|
|
if ((ed_pctx = EVP_PKEY_CTX_new_id(ed_curves[testnum].nid,
|
|
|
|
|
NULL)) == NULL
|
2019-09-30 03:33:24 +00:00
|
|
|
|| EVP_PKEY_keygen_init(ed_pctx) <= 0
|
|
|
|
|
|| EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) {
|
2018-09-07 06:39:19 +00:00
|
|
|
st = 0;
|
|
|
|
|
EVP_PKEY_CTX_free(ed_pctx);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
EVP_PKEY_CTX_free(ed_pctx);
|
|
|
|
|
|
|
|
|
|
if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL,
|
|
|
|
|
NULL, ed_pkey)) {
|
|
|
|
|
st = 0;
|
|
|
|
|
EVP_PKEY_free(ed_pkey);
|
|
|
|
|
break;
|
|
|
|
|
}
|
2021-02-22 12:20:28 +00:00
|
|
|
if (!EVP_DigestVerifyInit(loopargs[i].eddsa_ctx2[testnum], NULL,
|
|
|
|
|
NULL, NULL, ed_pkey)) {
|
2020-06-06 15:21:15 +00:00
|
|
|
st = 0;
|
|
|
|
|
EVP_PKEY_free(ed_pkey);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-07 06:39:19 +00:00
|
|
|
EVP_PKEY_free(ed_pkey);
|
2020-09-25 03:50:25 +00:00
|
|
|
ed_pkey = NULL;
|
2018-09-07 06:39:19 +00:00
|
|
|
}
|
|
|
|
|
if (st == 0) {
|
|
|
|
|
BIO_printf(bio_err, "EdDSA failure.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2018-09-07 06:39:19 +00:00
|
|
|
} else {
|
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
|
/* Perform EdDSA signature test */
|
2019-10-15 21:33:02 +00:00
|
|
|
loopargs[i].sigsize = ed_curves[testnum].sigsize;
|
2018-09-07 06:39:19 +00:00
|
|
|
st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum],
|
2018-09-10 15:03:14 +00:00
|
|
|
loopargs[i].buf2, &loopargs[i].sigsize,
|
2018-09-07 06:39:19 +00:00
|
|
|
loopargs[i].buf, 20);
|
|
|
|
|
if (st == 0)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (st == 0) {
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
"EdDSA sign failure. No EdDSA sign will be done.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2018-09-07 06:39:19 +00:00
|
|
|
} else {
|
2019-10-15 21:33:02 +00:00
|
|
|
pkey_print_message("sign", ed_curves[testnum].name,
|
2018-09-07 06:39:19 +00:00
|
|
|
eddsa_c[testnum][0],
|
2019-10-15 21:33:02 +00:00
|
|
|
ed_curves[testnum].bits, seconds.eddsa);
|
2018-09-07 06:39:19 +00:00
|
|
|
Time_F(START);
|
|
|
|
|
count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs);
|
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
mr ? "+R8:%ld:%u:%s:%.2f\n" :
|
|
|
|
|
"%ld %u bits %s signs in %.2fs \n",
|
2019-10-15 21:33:02 +00:00
|
|
|
count, ed_curves[testnum].bits,
|
|
|
|
|
ed_curves[testnum].name, d);
|
2018-09-07 06:39:19 +00:00
|
|
|
eddsa_results[testnum][0] = (double)count / d;
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = count;
|
2018-09-07 06:39:19 +00:00
|
|
|
}
|
|
|
|
|
/* Perform EdDSA verification test */
|
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2020-06-06 15:21:15 +00:00
|
|
|
st = EVP_DigestVerify(loopargs[i].eddsa_ctx2[testnum],
|
2018-09-10 15:03:14 +00:00
|
|
|
loopargs[i].buf2, loopargs[i].sigsize,
|
2018-09-07 06:39:19 +00:00
|
|
|
loopargs[i].buf, 20);
|
|
|
|
|
if (st != 1)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (st != 1) {
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
"EdDSA verify failure. No EdDSA verify will be done.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
eddsa_doit[testnum] = 0;
|
|
|
|
|
} else {
|
2019-10-15 21:33:02 +00:00
|
|
|
pkey_print_message("verify", ed_curves[testnum].name,
|
2018-09-07 06:39:19 +00:00
|
|
|
eddsa_c[testnum][1],
|
2019-10-15 21:33:02 +00:00
|
|
|
ed_curves[testnum].bits, seconds.eddsa);
|
2018-09-07 06:39:19 +00:00
|
|
|
Time_F(START);
|
|
|
|
|
count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs);
|
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
mr ? "+R9:%ld:%u:%s:%.2f\n"
|
|
|
|
|
: "%ld %u bits %s verify in %.2fs\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
count, ed_curves[testnum].bits,
|
|
|
|
|
ed_curves[testnum].name, d);
|
2018-09-07 06:39:19 +00:00
|
|
|
eddsa_results[testnum][1] = (double)count / d;
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-02 09:49:49 +00:00
|
|
|
if (op_count <= 1) {
|
2018-09-07 06:39:19 +00:00
|
|
|
/* if longer than 10s, don't do any more */
|
2018-06-05 17:56:06 +00:00
|
|
|
stop_it(eddsa_doit, testnum);
|
2018-09-07 06:39:19 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2019-09-29 14:25:10 +00:00
|
|
|
for (testnum = 0; testnum < SM2_NUM; testnum++) {
|
|
|
|
|
int st = 1;
|
|
|
|
|
EVP_PKEY *sm2_pkey = NULL;
|
|
|
|
|
|
|
|
|
|
if (!sm2_doit[testnum])
|
|
|
|
|
continue; /* Ignore Curve */
|
|
|
|
|
/* Init signing and verification */
|
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2019-10-19 15:55:36 +00:00
|
|
|
EVP_PKEY_CTX *sm2_pctx = NULL;
|
|
|
|
|
EVP_PKEY_CTX *sm2_vfy_pctx = NULL;
|
|
|
|
|
EVP_PKEY_CTX *pctx = NULL;
|
|
|
|
|
st = 0;
|
|
|
|
|
|
2019-09-29 14:25:10 +00:00
|
|
|
loopargs[i].sm2_ctx[testnum] = EVP_MD_CTX_new();
|
|
|
|
|
loopargs[i].sm2_vfy_ctx[testnum] = EVP_MD_CTX_new();
|
2019-10-19 15:55:36 +00:00
|
|
|
if (loopargs[i].sm2_ctx[testnum] == NULL
|
|
|
|
|
|| loopargs[i].sm2_vfy_ctx[testnum] == NULL)
|
2019-09-29 14:25:10 +00:00
|
|
|
break;
|
|
|
|
|
|
2021-02-10 09:52:29 +00:00
|
|
|
sm2_pkey = NULL;
|
|
|
|
|
|
|
|
|
|
st = !((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL)) == NULL
|
2019-09-29 14:25:10 +00:00
|
|
|
|| EVP_PKEY_keygen_init(pctx) <= 0
|
|
|
|
|
|| EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
|
2019-10-15 21:33:02 +00:00
|
|
|
sm2_curves[testnum].nid) <= 0
|
2019-10-19 15:55:36 +00:00
|
|
|
|| EVP_PKEY_keygen(pctx, &sm2_pkey) <= 0);
|
2019-09-29 14:25:10 +00:00
|
|
|
EVP_PKEY_CTX_free(pctx);
|
2019-10-19 15:55:36 +00:00
|
|
|
if (st == 0)
|
|
|
|
|
break;
|
2019-09-29 14:25:10 +00:00
|
|
|
|
2019-10-19 15:55:36 +00:00
|
|
|
st = 0; /* set back to zero */
|
|
|
|
|
/* attach it sooner to rely on main final cleanup */
|
|
|
|
|
loopargs[i].sm2_pkey[testnum] = sm2_pkey;
|
2020-01-28 05:14:18 +00:00
|
|
|
loopargs[i].sigsize = EVP_PKEY_size(sm2_pkey);
|
2019-09-29 14:25:10 +00:00
|
|
|
|
|
|
|
|
sm2_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
|
|
|
|
|
sm2_vfy_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
|
2019-10-19 15:55:36 +00:00
|
|
|
if (sm2_pctx == NULL || sm2_vfy_pctx == NULL) {
|
|
|
|
|
EVP_PKEY_CTX_free(sm2_vfy_pctx);
|
2019-09-29 14:25:10 +00:00
|
|
|
break;
|
|
|
|
|
}
|
2020-01-28 05:14:18 +00:00
|
|
|
|
2019-10-19 15:55:36 +00:00
|
|
|
/* attach them directly to respective ctx */
|
|
|
|
|
EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_ctx[testnum], sm2_pctx);
|
|
|
|
|
EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_vfy_ctx[testnum], sm2_vfy_pctx);
|
|
|
|
|
|
2019-09-29 14:25:10 +00:00
|
|
|
/*
|
|
|
|
|
* No need to allow user to set an explicit ID here, just use
|
|
|
|
|
* the one defined in the 'draft-yang-tls-tl13-sm-suites' I-D.
|
|
|
|
|
*/
|
2019-10-19 15:55:36 +00:00
|
|
|
if (EVP_PKEY_CTX_set1_id(sm2_pctx, SM2_ID, SM2_ID_LEN) != 1
|
|
|
|
|
|| EVP_PKEY_CTX_set1_id(sm2_vfy_pctx, SM2_ID, SM2_ID_LEN) != 1)
|
2019-09-29 14:25:10 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
if (!EVP_DigestSignInit(loopargs[i].sm2_ctx[testnum], NULL,
|
2019-10-19 15:55:36 +00:00
|
|
|
EVP_sm3(), NULL, sm2_pkey))
|
2019-09-29 14:25:10 +00:00
|
|
|
break;
|
|
|
|
|
if (!EVP_DigestVerifyInit(loopargs[i].sm2_vfy_ctx[testnum], NULL,
|
2019-10-19 15:55:36 +00:00
|
|
|
EVP_sm3(), NULL, sm2_pkey))
|
2019-09-29 14:25:10 +00:00
|
|
|
break;
|
2019-10-19 15:55:36 +00:00
|
|
|
st = 1; /* mark loop as succeeded */
|
2019-09-29 14:25:10 +00:00
|
|
|
}
|
|
|
|
|
if (st == 0) {
|
2019-10-19 15:55:36 +00:00
|
|
|
BIO_printf(bio_err, "SM2 init failure.\n");
|
2019-09-29 14:25:10 +00:00
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2019-09-29 14:25:10 +00:00
|
|
|
} else {
|
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
|
/* Perform SM2 signature test */
|
|
|
|
|
st = EVP_DigestSign(loopargs[i].sm2_ctx[testnum],
|
2021-02-10 09:52:29 +00:00
|
|
|
loopargs[i].buf2, &loopargs[i].sigsize,
|
2019-09-29 14:25:10 +00:00
|
|
|
loopargs[i].buf, 20);
|
|
|
|
|
if (st == 0)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (st == 0) {
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
"SM2 sign failure. No SM2 sign will be done.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2019-09-29 14:25:10 +00:00
|
|
|
} else {
|
2019-10-15 21:33:02 +00:00
|
|
|
pkey_print_message("sign", sm2_curves[testnum].name,
|
2019-09-29 14:25:10 +00:00
|
|
|
sm2_c[testnum][0],
|
2019-10-15 21:33:02 +00:00
|
|
|
sm2_curves[testnum].bits, seconds.sm2);
|
2019-09-29 14:25:10 +00:00
|
|
|
Time_F(START);
|
|
|
|
|
count = run_benchmark(async_jobs, SM2_sign_loop, loopargs);
|
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
|
|
|
|
|
BIO_printf(bio_err,
|
2020-04-16 14:34:24 +00:00
|
|
|
mr ? "+R10:%ld:%u:%s:%.2f\n" :
|
2019-09-29 14:25:10 +00:00
|
|
|
"%ld %u bits %s signs in %.2fs \n",
|
2019-10-15 21:33:02 +00:00
|
|
|
count, sm2_curves[testnum].bits,
|
|
|
|
|
sm2_curves[testnum].name, d);
|
2019-09-29 14:25:10 +00:00
|
|
|
sm2_results[testnum][0] = (double)count / d;
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = count;
|
2019-09-29 14:25:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Perform SM2 verification test */
|
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
|
st = EVP_DigestVerify(loopargs[i].sm2_vfy_ctx[testnum],
|
|
|
|
|
loopargs[i].buf2, loopargs[i].sigsize,
|
|
|
|
|
loopargs[i].buf, 20);
|
|
|
|
|
if (st != 1)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (st != 1) {
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
"SM2 verify failure. No SM2 verify will be done.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
sm2_doit[testnum] = 0;
|
|
|
|
|
} else {
|
2019-10-15 21:33:02 +00:00
|
|
|
pkey_print_message("verify", sm2_curves[testnum].name,
|
2019-09-29 14:25:10 +00:00
|
|
|
sm2_c[testnum][1],
|
2019-10-15 21:33:02 +00:00
|
|
|
sm2_curves[testnum].bits, seconds.sm2);
|
2019-09-29 14:25:10 +00:00
|
|
|
Time_F(START);
|
|
|
|
|
count = run_benchmark(async_jobs, SM2_verify_loop, loopargs);
|
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
BIO_printf(bio_err,
|
2020-04-16 14:34:24 +00:00
|
|
|
mr ? "+R11:%ld:%u:%s:%.2f\n"
|
2019-09-29 14:25:10 +00:00
|
|
|
: "%ld %u bits %s verify in %.2fs\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
count, sm2_curves[testnum].bits,
|
|
|
|
|
sm2_curves[testnum].name, d);
|
2019-09-29 14:25:10 +00:00
|
|
|
sm2_results[testnum][1] = (double)count / d;
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-02 09:49:49 +00:00
|
|
|
if (op_count <= 1) {
|
2019-09-29 14:25:10 +00:00
|
|
|
/* if longer than 10s, don't do any more */
|
|
|
|
|
for (testnum++; testnum < SM2_NUM; testnum++)
|
|
|
|
|
sm2_doit[testnum] = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif /* OPENSSL_NO_SM2 */
|
2020-01-18 18:13:02 +00:00
|
|
|
|
|
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
|
for (testnum = 0; testnum < FFDH_NUM; testnum++) {
|
|
|
|
|
int ffdh_checks = 1;
|
|
|
|
|
|
|
|
|
|
if (!ffdh_doit[testnum])
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
|
EVP_PKEY *pkey_A = NULL;
|
|
|
|
|
EVP_PKEY *pkey_B = NULL;
|
|
|
|
|
EVP_PKEY_CTX *ffdh_ctx = NULL;
|
|
|
|
|
EVP_PKEY_CTX *test_ctx = NULL;
|
|
|
|
|
size_t secret_size;
|
|
|
|
|
size_t test_out;
|
|
|
|
|
|
|
|
|
|
/* Ensure that the error queue is empty */
|
|
|
|
|
if (ERR_peek_error()) {
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
"WARNING: the error queue contains previous unhandled errors.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pkey_A = EVP_PKEY_new();
|
|
|
|
|
if (!pkey_A) {
|
|
|
|
|
BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
pkey_B = EVP_PKEY_new();
|
|
|
|
|
if (!pkey_B) {
|
|
|
|
|
BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ffdh_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
|
|
|
|
|
if (!ffdh_ctx) {
|
|
|
|
|
BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (EVP_PKEY_keygen_init(ffdh_ctx) <= 0) {
|
|
|
|
|
BIO_printf(bio_err, "Error while initialising EVP_PKEY_CTX.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (EVP_PKEY_CTX_set_dh_nid(ffdh_ctx, ffdh_params[testnum].nid) <= 0) {
|
|
|
|
|
BIO_printf(bio_err, "Error setting DH key size for keygen.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (EVP_PKEY_keygen(ffdh_ctx, &pkey_A) <= 0 ||
|
|
|
|
|
EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) {
|
|
|
|
|
BIO_printf(bio_err, "FFDH key generation failure.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
EVP_PKEY_CTX_free(ffdh_ctx);
|
|
|
|
|
|
2021-02-22 12:20:28 +00:00
|
|
|
/*
|
|
|
|
|
* check if the derivation works correctly both ways so that
|
2020-01-18 18:13:02 +00:00
|
|
|
* we know if future derive calls will fail, and we can skip
|
2021-02-22 12:20:28 +00:00
|
|
|
* error checking in benchmarked code
|
|
|
|
|
*/
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_ctx = EVP_PKEY_CTX_new(pkey_A, NULL);
|
2021-02-18 09:48:18 +00:00
|
|
|
if (ffdh_ctx == NULL) {
|
2020-01-18 18:13:02 +00:00
|
|
|
BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (EVP_PKEY_derive_init(ffdh_ctx) <= 0) {
|
|
|
|
|
BIO_printf(bio_err, "FFDH derivation context init failure.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (EVP_PKEY_derive_set_peer(ffdh_ctx, pkey_B) <= 0) {
|
|
|
|
|
BIO_printf(bio_err, "Assigning peer key for derivation failed.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (EVP_PKEY_derive(ffdh_ctx, NULL, &secret_size) <= 0) {
|
|
|
|
|
BIO_printf(bio_err, "Checking size of shared secret failed.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (secret_size > MAX_FFDH_SIZE) {
|
|
|
|
|
BIO_printf(bio_err, "Assertion failure: shared secret too large.\n");
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (EVP_PKEY_derive(ffdh_ctx,
|
|
|
|
|
loopargs[i].secret_ff_a,
|
|
|
|
|
&secret_size) <= 0) {
|
|
|
|
|
BIO_printf(bio_err, "Shared secret derive failure.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
/* Now check from side B */
|
|
|
|
|
test_ctx = EVP_PKEY_CTX_new(pkey_B, NULL);
|
|
|
|
|
if (!test_ctx) {
|
|
|
|
|
BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (!EVP_PKEY_derive_init(test_ctx) ||
|
|
|
|
|
!EVP_PKEY_derive_set_peer(test_ctx, pkey_A) ||
|
|
|
|
|
!EVP_PKEY_derive(test_ctx, NULL, &test_out) ||
|
|
|
|
|
!EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) ||
|
|
|
|
|
test_out != secret_size) {
|
|
|
|
|
BIO_printf(bio_err, "FFDH computation failure.\n");
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* compare the computed secrets */
|
|
|
|
|
if (CRYPTO_memcmp(loopargs[i].secret_ff_a,
|
|
|
|
|
loopargs[i].secret_ff_b, secret_size)) {
|
|
|
|
|
BIO_printf(bio_err, "FFDH computations don't match.\n");
|
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = 1;
|
2020-01-18 18:13:02 +00:00
|
|
|
ffdh_checks = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
loopargs[i].ffdh_ctx[testnum] = ffdh_ctx;
|
|
|
|
|
|
|
|
|
|
EVP_PKEY_free(pkey_A);
|
|
|
|
|
pkey_A = NULL;
|
|
|
|
|
EVP_PKEY_free(pkey_B);
|
|
|
|
|
pkey_B = NULL;
|
|
|
|
|
EVP_PKEY_CTX_free(test_ctx);
|
|
|
|
|
test_ctx = NULL;
|
|
|
|
|
}
|
|
|
|
|
if (ffdh_checks != 0) {
|
|
|
|
|
pkey_print_message("", "ffdh", ffdh_c[testnum][0],
|
|
|
|
|
ffdh_params[testnum].bits, seconds.ffdh);
|
|
|
|
|
Time_F(START);
|
|
|
|
|
count =
|
|
|
|
|
run_benchmark(async_jobs, FFDH_derive_key_loop, loopargs);
|
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
mr ? "+R12:%ld:%d:%.2f\n" :
|
|
|
|
|
"%ld %u-bits FFDH ops in %.2fs\n", count,
|
|
|
|
|
ffdh_params[testnum].bits, d);
|
|
|
|
|
ffdh_results[testnum][0] = (double)count / d;
|
2020-12-02 09:49:49 +00:00
|
|
|
op_count = count;
|
2021-02-22 12:20:28 +00:00
|
|
|
}
|
2020-12-02 09:49:49 +00:00
|
|
|
if (op_count <= 1) {
|
2020-01-18 18:13:02 +00:00
|
|
|
/* if longer than 10s, don't do any more */
|
|
|
|
|
stop_it(ffdh_doit, testnum);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif /* OPENSSL_NO_DH */
|
2015-01-27 15:06:22 +00:00
|
|
|
#ifndef NO_FORK
|
2015-01-22 03:40:55 +00:00
|
|
|
show_res:
|
2015-01-27 15:06:22 +00:00
|
|
|
#endif
|
2015-01-22 03:40:55 +00:00
|
|
|
if (!mr) {
|
Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev
We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.
The most central change is that we now express the version number with
three macros, one for each part of the version number:
OPENSSL_VERSION_MAJOR
OPENSSL_VERSION_MINOR
OPENSSL_VERSION_PATCH
We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):
OPENSSL_VERSION_PRE_RELEASE
OPENSSL_VERSION_BUILD_METADATA
To get the library's idea of all those values, we introduce the
following functions:
unsigned int OPENSSL_version_major(void);
unsigned int OPENSSL_version_minor(void);
unsigned int OPENSSL_version_patch(void);
const char *OPENSSL_version_pre_release(void);
const char *OPENSSL_version_build_metadata(void);
Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):
OPENSSL_SHLIB_VERSION
We also provide a macro that contains the release date. This is not
part of the version number, but is extra information that we want to
be able to display:
OPENSSL_RELEASE_DATE
Finally, also provide the following convenience functions:
const char *OPENSSL_version_text(void);
const char *OPENSSL_version_text_full(void);
The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:
OPENSSL_VERSION_NUMBER
OPENSSL_VERSION_TEXT
OPENSSL_VERSION
OpenSSL_version_num()
OpenSSL_version()
Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:
OPENSSL_info()
For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-09-27 13:56:35 +00:00
|
|
|
printf("version: %s\n", OpenSSL_version(OPENSSL_FULL_VERSION_STRING));
|
|
|
|
|
printf("built on: %s\n", OpenSSL_version(OPENSSL_BUILT_ON));
|
2015-01-22 03:40:55 +00:00
|
|
|
printf("options:");
|
|
|
|
|
printf("%s ", BN_options());
|
2015-10-27 19:11:48 +00:00
|
|
|
printf("\n%s\n", OpenSSL_version(OPENSSL_CFLAGS));
|
2019-08-22 12:28:23 +00:00
|
|
|
printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO));
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2002-08-09 08:43:04 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (pr_header) {
|
2021-02-22 12:20:28 +00:00
|
|
|
if (mr) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
printf("+H");
|
2021-02-22 12:20:28 +00:00
|
|
|
} else {
|
|
|
|
|
printf("The 'numbers' are in 1000s of bytes per second processed.\n");
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
printf("type ");
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2017-12-02 09:05:35 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++)
|
2015-12-09 07:26:38 +00:00
|
|
|
printf(mr ? ":%d" : "%7d bytes", lengths[testnum]);
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
printf("\n");
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2002-08-09 08:43:04 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
for (k = 0; k < ALGOR_NUM; k++) {
|
|
|
|
|
if (!doit[k])
|
|
|
|
|
continue;
|
|
|
|
|
if (mr)
|
2018-04-29 23:13:58 +00:00
|
|
|
printf("+F:%u:%s", k, names[k]);
|
2015-01-22 03:40:55 +00:00
|
|
|
else
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
printf("%-13s", names[k]);
|
2017-12-02 09:05:35 +00:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2015-12-09 07:26:38 +00:00
|
|
|
if (results[k][testnum] > 10000 && !mr)
|
|
|
|
|
printf(" %11.2fk", results[k][testnum] / 1e3);
|
2015-01-22 03:40:55 +00:00
|
|
|
else
|
2015-12-09 07:26:38 +00:00
|
|
|
printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
printf("\n");
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2015-12-09 07:26:38 +00:00
|
|
|
testnum = 1;
|
2015-01-22 03:40:55 +00:00
|
|
|
for (k = 0; k < RSA_NUM; k++) {
|
|
|
|
|
if (!rsa_doit[k])
|
|
|
|
|
continue;
|
2015-12-09 07:26:38 +00:00
|
|
|
if (testnum && !mr) {
|
2015-01-22 03:40:55 +00:00
|
|
|
printf("%18ssign verify sign/s verify/s\n", " ");
|
2015-12-09 07:26:38 +00:00
|
|
|
testnum = 0;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
if (mr)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
printf("+F2:%u:%u:%f:%f\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
k, rsa_keys[k].bits, rsa_results[k][0], rsa_results[k][1]);
|
2015-01-22 03:40:55 +00:00
|
|
|
else
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
rsa_keys[k].bits, 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1],
|
2016-08-02 08:13:00 +00:00
|
|
|
rsa_results[k][0], rsa_results[k][1]);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2015-12-09 07:26:38 +00:00
|
|
|
testnum = 1;
|
2015-01-22 03:40:55 +00:00
|
|
|
for (k = 0; k < DSA_NUM; k++) {
|
|
|
|
|
if (!dsa_doit[k])
|
|
|
|
|
continue;
|
2015-12-09 07:26:38 +00:00
|
|
|
if (testnum && !mr) {
|
2015-01-22 03:40:55 +00:00
|
|
|
printf("%18ssign verify sign/s verify/s\n", " ");
|
2015-12-09 07:26:38 +00:00
|
|
|
testnum = 0;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
if (mr)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
printf("+F3:%u:%u:%f:%f\n",
|
|
|
|
|
k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
|
2015-01-22 03:40:55 +00:00
|
|
|
else
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
|
2016-08-02 08:22:27 +00:00
|
|
|
dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
|
|
|
|
|
dsa_results[k][0], dsa_results[k][1]);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2015-12-09 07:26:38 +00:00
|
|
|
testnum = 1;
|
2018-04-29 23:13:58 +00:00
|
|
|
for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
|
2015-01-22 03:40:55 +00:00
|
|
|
if (!ecdsa_doit[k])
|
|
|
|
|
continue;
|
2015-12-09 07:26:38 +00:00
|
|
|
if (testnum && !mr) {
|
2015-01-22 03:40:55 +00:00
|
|
|
printf("%30ssign verify sign/s verify/s\n", " ");
|
2015-12-09 07:26:38 +00:00
|
|
|
testnum = 0;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (mr)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
printf("+F4:%u:%u:%f:%f\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
k, ec_curves[k].bits,
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
ecdsa_results[k][0], ecdsa_results[k][1]);
|
2015-01-22 03:40:55 +00:00
|
|
|
else
|
2016-11-28 22:36:50 +00:00
|
|
|
printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
ec_curves[k].bits, ec_curves[k].name,
|
2016-08-02 08:38:45 +00:00
|
|
|
1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
|
|
|
|
|
ecdsa_results[k][0], ecdsa_results[k][1]);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
|
2015-12-09 07:26:38 +00:00
|
|
|
testnum = 1;
|
2015-01-22 03:40:55 +00:00
|
|
|
for (k = 0; k < EC_NUM; k++) {
|
|
|
|
|
if (!ecdh_doit[k])
|
|
|
|
|
continue;
|
2015-12-09 07:26:38 +00:00
|
|
|
if (testnum && !mr) {
|
2015-01-22 03:40:55 +00:00
|
|
|
printf("%30sop op/s\n", " ");
|
2015-12-09 07:26:38 +00:00
|
|
|
testnum = 0;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
if (mr)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
printf("+F5:%u:%u:%f:%f\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
k, ec_curves[k].bits,
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
|
2015-01-22 03:40:55 +00:00
|
|
|
|
|
|
|
|
else
|
2016-11-28 22:36:50 +00:00
|
|
|
printf("%4u bits ecdh (%s) %8.4fs %8.1f\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
ec_curves[k].bits, ec_curves[k].name,
|
2016-08-02 08:41:30 +00:00
|
|
|
1.0 / ecdh_results[k][0], ecdh_results[k][0]);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2018-09-07 06:39:19 +00:00
|
|
|
|
|
|
|
|
testnum = 1;
|
|
|
|
|
for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) {
|
|
|
|
|
if (!eddsa_doit[k])
|
|
|
|
|
continue;
|
|
|
|
|
if (testnum && !mr) {
|
|
|
|
|
printf("%30ssign verify sign/s verify/s\n", " ");
|
|
|
|
|
testnum = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (mr)
|
|
|
|
|
printf("+F6:%u:%u:%s:%f:%f\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
k, ed_curves[k].bits, ed_curves[k].name,
|
2018-09-07 06:39:19 +00:00
|
|
|
eddsa_results[k][0], eddsa_results[k][1]);
|
|
|
|
|
else
|
|
|
|
|
printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
ed_curves[k].bits, ed_curves[k].name,
|
2018-09-07 06:39:19 +00:00
|
|
|
1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1],
|
|
|
|
|
eddsa_results[k][0], eddsa_results[k][1]);
|
|
|
|
|
}
|
2019-09-29 14:25:10 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2019-09-29 14:25:10 +00:00
|
|
|
testnum = 1;
|
|
|
|
|
for (k = 0; k < OSSL_NELEM(sm2_doit); k++) {
|
|
|
|
|
if (!sm2_doit[k])
|
|
|
|
|
continue;
|
|
|
|
|
if (testnum && !mr) {
|
|
|
|
|
printf("%30ssign verify sign/s verify/s\n", " ");
|
|
|
|
|
testnum = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (mr)
|
2020-04-16 14:34:24 +00:00
|
|
|
printf("+F7:%u:%u:%s:%f:%f\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
k, sm2_curves[k].bits, sm2_curves[k].name,
|
2019-09-29 14:25:10 +00:00
|
|
|
sm2_results[k][0], sm2_results[k][1]);
|
|
|
|
|
else
|
|
|
|
|
printf("%4u bits SM2 (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
|
2019-10-15 21:33:02 +00:00
|
|
|
sm2_curves[k].bits, sm2_curves[k].name,
|
2019-09-29 14:25:10 +00:00
|
|
|
1.0 / sm2_results[k][0], 1.0 / sm2_results[k][1],
|
|
|
|
|
sm2_results[k][0], sm2_results[k][1]);
|
|
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif
|
2020-01-18 18:13:02 +00:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
|
testnum = 1;
|
|
|
|
|
for (k = 0; k < FFDH_NUM; k++) {
|
|
|
|
|
if (!ffdh_doit[k])
|
|
|
|
|
continue;
|
|
|
|
|
if (testnum && !mr) {
|
|
|
|
|
printf("%23sop op/s\n", " ");
|
|
|
|
|
testnum = 0;
|
|
|
|
|
}
|
|
|
|
|
if (mr)
|
|
|
|
|
printf("+F8:%u:%u:%f:%f\n",
|
|
|
|
|
k, ffdh_params[k].bits,
|
|
|
|
|
ffdh_results[k][0], 1.0 / ffdh_results[k][0]);
|
|
|
|
|
|
|
|
|
|
else
|
|
|
|
|
printf("%4u bits ffdh %8.4fs %8.1f\n",
|
|
|
|
|
ffdh_params[k].bits,
|
|
|
|
|
1.0 / ffdh_results[k][0], ffdh_results[k][0]);
|
|
|
|
|
}
|
|
|
|
|
#endif /* OPENSSL_NO_DH */
|
2015-01-22 03:40:55 +00:00
|
|
|
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
ret = 0;
|
2015-01-22 03:40:55 +00:00
|
|
|
|
|
|
|
|
end:
|
|
|
|
|
ERR_print_errors(bio_err);
|
2016-02-18 10:56:53 +00:00
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2016-02-27 06:14:49 +00:00
|
|
|
OPENSSL_free(loopargs[i].buf_malloc);
|
|
|
|
|
OPENSSL_free(loopargs[i].buf2_malloc);
|
2016-07-29 11:22:42 +00:00
|
|
|
|
2021-02-18 09:48:18 +00:00
|
|
|
BN_free(bn);
|
|
|
|
|
EVP_PKEY_CTX_free(genctx);
|
|
|
|
|
for (k = 0; k < RSA_NUM; k++) {
|
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].rsa_sign_ctx[k]);
|
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].rsa_verify_ctx[k]);
|
|
|
|
|
}
|
2020-01-18 18:13:02 +00:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
|
OPENSSL_free(loopargs[i].secret_ff_a);
|
|
|
|
|
OPENSSL_free(loopargs[i].secret_ff_b);
|
2021-02-22 12:20:28 +00:00
|
|
|
for (k = 0; k < FFDH_NUM; k++)
|
2020-01-18 18:13:02 +00:00
|
|
|
EVP_PKEY_CTX_free(loopargs[i].ffdh_ctx[k]);
|
|
|
|
|
#endif
|
2021-02-18 09:48:18 +00:00
|
|
|
for (k = 0; k < DSA_NUM; k++) {
|
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].dsa_sign_ctx[k]);
|
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].dsa_verify_ctx[k]);
|
|
|
|
|
}
|
|
|
|
|
for (k = 0; k < ECDSA_NUM; k++) {
|
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].ecdsa_sign_ctx[k]);
|
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].ecdsa_verify_ctx[k]);
|
|
|
|
|
}
|
2018-04-29 23:13:58 +00:00
|
|
|
for (k = 0; k < EC_NUM; k++)
|
2016-10-03 17:28:32 +00:00
|
|
|
EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
|
2020-06-06 15:21:15 +00:00
|
|
|
for (k = 0; k < EdDSA_NUM; k++) {
|
2018-09-07 06:39:19 +00:00
|
|
|
EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]);
|
2020-06-06 15:21:15 +00:00
|
|
|
EVP_MD_CTX_free(loopargs[i].eddsa_ctx2[k]);
|
2021-02-22 12:20:28 +00:00
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2019-09-29 14:25:10 +00:00
|
|
|
for (k = 0; k < SM2_NUM; k++) {
|
|
|
|
|
EVP_PKEY_CTX *pctx = NULL;
|
|
|
|
|
|
|
|
|
|
/* free signing ctx */
|
|
|
|
|
if (loopargs[i].sm2_ctx[k] != NULL
|
|
|
|
|
&& (pctx = EVP_MD_CTX_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL)
|
|
|
|
|
EVP_PKEY_CTX_free(pctx);
|
|
|
|
|
EVP_MD_CTX_free(loopargs[i].sm2_ctx[k]);
|
|
|
|
|
/* free verification ctx */
|
|
|
|
|
if (loopargs[i].sm2_vfy_ctx[k] != NULL
|
|
|
|
|
&& (pctx = EVP_MD_CTX_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL)
|
|
|
|
|
EVP_PKEY_CTX_free(pctx);
|
|
|
|
|
EVP_MD_CTX_free(loopargs[i].sm2_vfy_ctx[k]);
|
|
|
|
|
/* free pkey */
|
|
|
|
|
EVP_PKEY_free(loopargs[i].sm2_pkey[k]);
|
|
|
|
|
}
|
2021-02-18 09:48:18 +00:00
|
|
|
#endif
|
2016-02-27 06:14:49 +00:00
|
|
|
OPENSSL_free(loopargs[i].secret_a);
|
|
|
|
|
OPENSSL_free(loopargs[i].secret_b);
|
2016-07-29 11:22:42 +00:00
|
|
|
}
|
2018-08-14 04:04:47 +00:00
|
|
|
OPENSSL_free(evp_hmac_name);
|
2019-04-10 20:44:41 +00:00
|
|
|
OPENSSL_free(evp_cmac_name);
|
2016-07-29 11:22:42 +00:00
|
|
|
|
2016-02-29 11:28:55 +00:00
|
|
|
if (async_jobs > 0) {
|
|
|
|
|
for (i = 0; i < loopargs_len; i++)
|
|
|
|
|
ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
|
2016-05-17 15:40:14 +00:00
|
|
|
}
|
2016-02-29 11:28:55 +00:00
|
|
|
|
2016-05-17 15:40:14 +00:00
|
|
|
if (async_init) {
|
2015-12-09 07:26:38 +00:00
|
|
|
ASYNC_cleanup_thread();
|
2016-02-29 11:28:55 +00:00
|
|
|
}
|
|
|
|
|
OPENSSL_free(loopargs);
|
2016-09-28 21:39:18 +00:00
|
|
|
release_engine(e);
|
2021-02-18 09:48:18 +00:00
|
|
|
if (fetched_cipher) {
|
2020-12-21 13:23:17 +00:00
|
|
|
EVP_CIPHER_free(evp_cipher);
|
|
|
|
|
}
|
2017-10-17 14:04:09 +00:00
|
|
|
return ret;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2017-12-02 09:05:35 +00:00
|
|
|
static void print_message(const char *s, long num, int length, int tm)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
mr ? "+DT:%s:%d:%d\n"
|
2017-12-02 09:05:35 +00:00
|
|
|
: "Doing %s for %ds on %d size blocks: ", s, tm, length);
|
2015-01-22 03:40:55 +00:00
|
|
|
(void)BIO_flush(bio_err);
|
2019-12-22 18:40:03 +00:00
|
|
|
run = 1;
|
2017-12-02 09:05:35 +00:00
|
|
|
alarm(tm);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2005-03-20 23:12:13 +00:00
|
|
|
static void pkey_print_message(const char *str, const char *str2, long num,
|
2016-11-28 22:36:50 +00:00
|
|
|
unsigned int bits, int tm)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
mr ? "+DTP:%d:%s:%s:%d\n"
|
2016-11-28 22:36:50 +00:00
|
|
|
: "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
|
2015-01-22 03:40:55 +00:00
|
|
|
(void)BIO_flush(bio_err);
|
2019-12-27 03:36:36 +00:00
|
|
|
run = 1;
|
2015-01-22 03:40:55 +00:00
|
|
|
alarm(tm);
|
|
|
|
|
}
|
1998-12-21 10:56:39 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
static void print_result(int alg, int run_no, int count, double time_used)
|
|
|
|
|
{
|
2016-06-18 14:46:13 +00:00
|
|
|
if (count == -1) {
|
2019-10-19 14:38:21 +00:00
|
|
|
BIO_printf(bio_err, "%s error!\n", names[alg]);
|
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
|
return;
|
2016-06-18 14:46:13 +00:00
|
|
|
}
|
2015-01-22 03:40:55 +00:00
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
mr ? "+R:%d:%s:%f\n"
|
|
|
|
|
: "%d %s's in %.2fs\n", count, names[alg], time_used);
|
|
|
|
|
results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
|
|
|
|
|
}
|
2001-10-25 14:27:17 +00:00
|
|
|
|
2015-01-27 15:06:22 +00:00
|
|
|
#ifndef NO_FORK
|
2001-10-25 14:27:17 +00:00
|
|
|
static char *sstrsep(char **string, const char *delim)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
2001-10-25 14:27:17 +00:00
|
|
|
char isdelim[256];
|
|
|
|
|
char *token = *string;
|
|
|
|
|
|
|
|
|
|
if (**string == 0)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2017-12-07 18:39:34 +00:00
|
|
|
memset(isdelim, 0, sizeof(isdelim));
|
2001-10-25 14:27:17 +00:00
|
|
|
isdelim[0] = 1;
|
|
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
while (*delim) {
|
2001-10-25 14:27:17 +00:00
|
|
|
isdelim[(unsigned char)(*delim)] = 1;
|
|
|
|
|
delim++;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2001-10-25 14:27:17 +00:00
|
|
|
|
2021-02-22 12:20:28 +00:00
|
|
|
while (!isdelim[(unsigned char)(**string)])
|
2001-10-25 14:27:17 +00:00
|
|
|
(*string)++;
|
|
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (**string) {
|
2001-10-25 14:27:17 +00:00
|
|
|
**string = 0;
|
|
|
|
|
(*string)++;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2001-10-25 14:27:17 +00:00
|
|
|
|
|
|
|
|
return token;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2001-10-25 14:27:17 +00:00
|
|
|
|
2017-12-02 09:05:35 +00:00
|
|
|
static int do_multi(int multi, int size_num)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
|
|
|
|
int n;
|
|
|
|
|
int fd[2];
|
|
|
|
|
int *fds;
|
|
|
|
|
static char sep[] = ":";
|
|
|
|
|
|
2018-05-21 14:28:16 +00:00
|
|
|
fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
|
2015-01-22 03:40:55 +00:00
|
|
|
for (n = 0; n < multi; ++n) {
|
|
|
|
|
if (pipe(fd) == -1) {
|
2015-06-04 18:26:55 +00:00
|
|
|
BIO_printf(bio_err, "pipe failure\n");
|
2015-01-22 03:40:55 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
fflush(stdout);
|
2015-06-04 18:26:55 +00:00
|
|
|
(void)BIO_flush(bio_err);
|
2015-01-22 03:40:55 +00:00
|
|
|
if (fork()) {
|
|
|
|
|
close(fd[1]);
|
|
|
|
|
fds[n] = fd[0];
|
|
|
|
|
} else {
|
|
|
|
|
close(fd[0]);
|
|
|
|
|
close(1);
|
|
|
|
|
if (dup(fd[1]) == -1) {
|
2015-06-04 18:26:55 +00:00
|
|
|
BIO_printf(bio_err, "dup failed\n");
|
2015-01-22 03:40:55 +00:00
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
close(fd[1]);
|
|
|
|
|
mr = 1;
|
|
|
|
|
usertime = 0;
|
2019-07-14 07:53:17 +00:00
|
|
|
OPENSSL_free(fds);
|
2015-01-22 03:40:55 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
printf("Forked child %d\n", n);
|
|
|
|
|
}
|
2002-08-09 08:43:04 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
/* for now, assume the pipe is long enough to take all the output */
|
|
|
|
|
for (n = 0; n < multi; ++n) {
|
|
|
|
|
FILE *f;
|
|
|
|
|
char buf[1024];
|
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
|
|
f = fdopen(fds[n], "r");
|
2017-12-07 18:39:34 +00:00
|
|
|
while (fgets(buf, sizeof(buf), f)) {
|
2015-01-22 03:40:55 +00:00
|
|
|
p = strchr(buf, '\n');
|
|
|
|
|
if (p)
|
|
|
|
|
*p = '\0';
|
|
|
|
|
if (buf[0] != '+') {
|
2016-10-04 06:20:49 +00:00
|
|
|
BIO_printf(bio_err,
|
|
|
|
|
"Don't understand line '%s' from child %d\n", buf,
|
|
|
|
|
n);
|
2015-01-22 03:40:55 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
printf("Got: %s from %d\n", buf, n);
|
2015-05-06 18:56:14 +00:00
|
|
|
if (strncmp(buf, "+F:", 3) == 0) {
|
2015-01-22 03:40:55 +00:00
|
|
|
int alg;
|
|
|
|
|
int j;
|
|
|
|
|
|
|
|
|
|
p = buf + 3;
|
|
|
|
|
alg = atoi(sstrsep(&p, sep));
|
|
|
|
|
sstrsep(&p, sep);
|
2017-12-02 09:05:35 +00:00
|
|
|
for (j = 0; j < size_num; ++j)
|
2015-01-22 03:40:55 +00:00
|
|
|
results[alg][j] += atof(sstrsep(&p, sep));
|
2021-02-22 12:20:28 +00:00
|
|
|
} else if (strncmp(buf, "+F2:", 4) == 0) {
|
2015-01-22 03:40:55 +00:00
|
|
|
int k;
|
|
|
|
|
double d;
|
|
|
|
|
|
|
|
|
|
p = buf + 4;
|
|
|
|
|
k = atoi(sstrsep(&p, sep));
|
|
|
|
|
sstrsep(&p, sep);
|
|
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
2016-08-02 08:13:00 +00:00
|
|
|
rsa_results[k][0] += d;
|
2015-01-22 03:40:55 +00:00
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
2016-08-02 08:13:00 +00:00
|
|
|
rsa_results[k][1] += d;
|
2021-02-22 12:20:28 +00:00
|
|
|
} else if (strncmp(buf, "+F3:", 4) == 0) {
|
2015-01-22 03:40:55 +00:00
|
|
|
int k;
|
|
|
|
|
double d;
|
|
|
|
|
|
|
|
|
|
p = buf + 4;
|
|
|
|
|
k = atoi(sstrsep(&p, sep));
|
|
|
|
|
sstrsep(&p, sep);
|
|
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
2016-08-02 08:22:27 +00:00
|
|
|
dsa_results[k][0] += d;
|
2015-01-22 03:40:55 +00:00
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
2016-08-02 08:22:27 +00:00
|
|
|
dsa_results[k][1] += d;
|
2021-02-22 12:20:28 +00:00
|
|
|
} else if (strncmp(buf, "+F4:", 4) == 0) {
|
2015-01-22 03:40:55 +00:00
|
|
|
int k;
|
|
|
|
|
double d;
|
|
|
|
|
|
|
|
|
|
p = buf + 4;
|
|
|
|
|
k = atoi(sstrsep(&p, sep));
|
|
|
|
|
sstrsep(&p, sep);
|
|
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
2016-08-02 08:38:45 +00:00
|
|
|
ecdsa_results[k][0] += d;
|
2015-01-22 03:40:55 +00:00
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
2016-08-02 08:38:45 +00:00
|
|
|
ecdsa_results[k][1] += d;
|
2016-08-07 10:04:26 +00:00
|
|
|
} else if (strncmp(buf, "+F5:", 4) == 0) {
|
2015-01-22 03:40:55 +00:00
|
|
|
int k;
|
|
|
|
|
double d;
|
|
|
|
|
|
|
|
|
|
p = buf + 4;
|
|
|
|
|
k = atoi(sstrsep(&p, sep));
|
|
|
|
|
sstrsep(&p, sep);
|
|
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
2016-08-02 08:41:30 +00:00
|
|
|
ecdh_results[k][0] += d;
|
2018-09-07 06:39:19 +00:00
|
|
|
} else if (strncmp(buf, "+F6:", 4) == 0) {
|
|
|
|
|
int k;
|
|
|
|
|
double d;
|
|
|
|
|
|
|
|
|
|
p = buf + 4;
|
|
|
|
|
k = atoi(sstrsep(&p, sep));
|
|
|
|
|
sstrsep(&p, sep);
|
2019-10-29 06:40:55 +00:00
|
|
|
sstrsep(&p, sep);
|
2018-09-07 06:39:19 +00:00
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
|
eddsa_results[k][0] += d;
|
|
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
|
eddsa_results[k][1] += d;
|
2021-02-18 09:48:18 +00:00
|
|
|
# ifndef OPENSSL_NO_SM2
|
2021-02-22 12:20:28 +00:00
|
|
|
} else if (strncmp(buf, "+F7:", 4) == 0) {
|
2019-09-29 14:25:10 +00:00
|
|
|
int k;
|
|
|
|
|
double d;
|
|
|
|
|
|
|
|
|
|
p = buf + 4;
|
|
|
|
|
k = atoi(sstrsep(&p, sep));
|
|
|
|
|
sstrsep(&p, sep);
|
2020-04-16 14:34:24 +00:00
|
|
|
sstrsep(&p, sep);
|
2019-09-29 14:25:10 +00:00
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
|
sm2_results[k][0] += d;
|
|
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
|
sm2_results[k][1] += d;
|
2021-02-18 09:48:18 +00:00
|
|
|
# endif /* OPENSSL_NO_SM2 */
|
2020-01-18 18:13:02 +00:00
|
|
|
# ifndef OPENSSL_NO_DH
|
2021-02-22 12:20:28 +00:00
|
|
|
} else if (strncmp(buf, "+F8:", 4) == 0) {
|
2020-01-18 18:13:02 +00:00
|
|
|
int k;
|
|
|
|
|
double d;
|
|
|
|
|
|
|
|
|
|
p = buf + 4;
|
|
|
|
|
k = atoi(sstrsep(&p, sep));
|
|
|
|
|
sstrsep(&p, sep);
|
|
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
|
ffdh_results[k][0] += d;
|
|
|
|
|
# endif /* OPENSSL_NO_DH */
|
2021-02-22 12:20:28 +00:00
|
|
|
} else if (strncmp(buf, "+H:", 3) == 0) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
;
|
2021-02-22 12:20:28 +00:00
|
|
|
} else {
|
2016-10-04 06:20:49 +00:00
|
|
|
BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
|
|
|
|
|
n);
|
2021-02-22 12:20:28 +00:00
|
|
|
}
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fclose(f);
|
|
|
|
|
}
|
2019-07-14 07:53:17 +00:00
|
|
|
OPENSSL_free(fds);
|
2015-01-22 03:40:55 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
2015-01-27 15:06:22 +00:00
|
|
|
#endif
|
2014-07-05 21:53:55 +00:00
|
|
|
|
2018-04-29 23:13:58 +00:00
|
|
|
static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
|
2018-01-12 03:37:39 +00:00
|
|
|
const openssl_speed_sec_t *seconds)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
2017-12-02 09:05:35 +00:00
|
|
|
static const int mblengths_list[] =
|
2015-01-22 03:40:55 +00:00
|
|
|
{ 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
|
2017-12-02 09:05:35 +00:00
|
|
|
const int *mblengths = mblengths_list;
|
2017-12-04 16:40:23 +00:00
|
|
|
int j, count, keylen, num = OSSL_NELEM(mblengths_list);
|
2015-01-22 03:40:55 +00:00
|
|
|
const char *alg_name;
|
2021-03-29 02:37:43 +00:00
|
|
|
unsigned char *inp = NULL, *out = NULL, *key, no_key[32], no_iv[16];
|
|
|
|
|
EVP_CIPHER_CTX *ctx = NULL;
|
2015-01-22 03:40:55 +00:00
|
|
|
double d = 0.0;
|
|
|
|
|
|
2017-12-02 09:05:35 +00:00
|
|
|
if (lengths_single) {
|
|
|
|
|
mblengths = &lengths_single;
|
|
|
|
|
num = 1;
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-30 21:48:31 +00:00
|
|
|
inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
|
|
|
|
|
out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
|
2021-03-18 23:11:02 +00:00
|
|
|
if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
|
|
|
|
|
app_bail_out("failed to allocate cipher context\n");
|
|
|
|
|
if (!EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv))
|
|
|
|
|
app_bail_out("failed to initialise cipher context\n");
|
2017-12-04 16:40:23 +00:00
|
|
|
|
2021-03-22 02:49:50 +00:00
|
|
|
if ((keylen = EVP_CIPHER_CTX_key_length(ctx)) < 0) {
|
|
|
|
|
BIO_printf(bio_err, "Impossible negative key length: %d\n", keylen);
|
2021-03-29 02:37:43 +00:00
|
|
|
goto err;
|
2021-03-22 02:49:50 +00:00
|
|
|
}
|
2017-12-04 16:40:23 +00:00
|
|
|
key = app_malloc(keylen, "evp_cipher key");
|
2021-03-18 23:11:02 +00:00
|
|
|
if (!EVP_CIPHER_CTX_rand_key(ctx, key))
|
|
|
|
|
app_bail_out("failed to generate random cipher key\n");
|
|
|
|
|
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL))
|
|
|
|
|
app_bail_out("failed to set cipher key\n");
|
2017-12-04 16:40:23 +00:00
|
|
|
OPENSSL_clear_free(key, keylen);
|
|
|
|
|
|
2021-03-18 23:11:02 +00:00
|
|
|
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
|
|
|
|
|
sizeof(no_key), no_key))
|
|
|
|
|
app_bail_out("failed to set AEAD key\n");
|
2021-03-26 16:57:16 +00:00
|
|
|
if ((alg_name = EVP_CIPHER_name(evp_cipher)) == NULL)
|
2021-03-18 23:11:02 +00:00
|
|
|
app_bail_out("failed to get cipher name\n");
|
2015-01-22 03:40:55 +00:00
|
|
|
|
|
|
|
|
for (j = 0; j < num; j++) {
|
2017-12-02 09:05:35 +00:00
|
|
|
print_message(alg_name, 0, mblengths[j], seconds->sym);
|
2015-01-22 03:40:55 +00:00
|
|
|
Time_F(START);
|
2019-12-22 18:40:03 +00:00
|
|
|
for (count = 0; run && count < 0x7fffffff; count++) {
|
2015-04-27 10:07:06 +00:00
|
|
|
unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
|
2015-01-22 03:40:55 +00:00
|
|
|
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
|
|
|
|
|
size_t len = mblengths[j];
|
|
|
|
|
int packlen;
|
|
|
|
|
|
|
|
|
|
memset(aad, 0, 8); /* avoid uninitialized values */
|
|
|
|
|
aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */
|
|
|
|
|
aad[9] = 3; /* version */
|
|
|
|
|
aad[10] = 2;
|
|
|
|
|
aad[11] = 0; /* length */
|
|
|
|
|
aad[12] = 0;
|
|
|
|
|
mb_param.out = NULL;
|
|
|
|
|
mb_param.inp = aad;
|
|
|
|
|
mb_param.len = len;
|
|
|
|
|
mb_param.interleave = 8;
|
|
|
|
|
|
2015-12-13 21:08:41 +00:00
|
|
|
packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
|
2015-01-22 03:40:55 +00:00
|
|
|
sizeof(mb_param), &mb_param);
|
|
|
|
|
|
|
|
|
|
if (packlen > 0) {
|
|
|
|
|
mb_param.out = out;
|
|
|
|
|
mb_param.inp = inp;
|
|
|
|
|
mb_param.len = len;
|
2015-12-13 21:08:41 +00:00
|
|
|
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
|
2015-01-22 03:40:55 +00:00
|
|
|
sizeof(mb_param), &mb_param);
|
|
|
|
|
} else {
|
|
|
|
|
int pad;
|
|
|
|
|
|
|
|
|
|
RAND_bytes(out, 16);
|
|
|
|
|
len += 16;
|
2017-11-11 21:23:12 +00:00
|
|
|
aad[11] = (unsigned char)(len >> 8);
|
|
|
|
|
aad[12] = (unsigned char)(len);
|
2015-12-13 21:08:41 +00:00
|
|
|
pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
|
2015-04-27 10:07:06 +00:00
|
|
|
EVP_AEAD_TLS1_AAD_LEN, aad);
|
2015-12-13 21:08:41 +00:00
|
|
|
EVP_Cipher(ctx, out, inp, len + pad);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
d = Time_F(STOP);
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-24 19:26:15 +00:00
|
|
|
BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
|
2015-01-22 03:40:55 +00:00
|
|
|
: "%d %s's in %.2fs\n", count, "evp", d);
|
|
|
|
|
results[D_EVP][j] = ((double)count) / d * mblengths[j];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (mr) {
|
|
|
|
|
fprintf(stdout, "+H");
|
|
|
|
|
for (j = 0; j < num; j++)
|
|
|
|
|
fprintf(stdout, ":%d", mblengths[j]);
|
|
|
|
|
fprintf(stdout, "\n");
|
|
|
|
|
fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
|
|
|
|
|
for (j = 0; j < num; j++)
|
|
|
|
|
fprintf(stdout, ":%.2f", results[D_EVP][j]);
|
|
|
|
|
fprintf(stdout, "\n");
|
|
|
|
|
} else {
|
|
|
|
|
fprintf(stdout,
|
|
|
|
|
"The 'numbers' are in 1000s of bytes per second processed.\n");
|
|
|
|
|
fprintf(stdout, "type ");
|
|
|
|
|
for (j = 0; j < num; j++)
|
|
|
|
|
fprintf(stdout, "%7d bytes", mblengths[j]);
|
|
|
|
|
fprintf(stdout, "\n");
|
|
|
|
|
fprintf(stdout, "%-24s", alg_name);
|
|
|
|
|
|
|
|
|
|
for (j = 0; j < num; j++) {
|
|
|
|
|
if (results[D_EVP][j] > 10000)
|
|
|
|
|
fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
|
|
|
|
|
else
|
|
|
|
|
fprintf(stdout, " %11.2f ", results[D_EVP][j]);
|
|
|
|
|
}
|
|
|
|
|
fprintf(stdout, "\n");
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-29 02:37:43 +00:00
|
|
|
err:
|
2015-05-01 14:02:07 +00:00
|
|
|
OPENSSL_free(inp);
|
|
|
|
|
OPENSSL_free(out);
|
2015-12-13 21:08:41 +00:00
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
