2016-05-18 02:18:30 +08:00
|
|
|
/*
|
2023-09-07 16:59:15 +08:00
|
|
|
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
2017-06-15 22:16:46 +08:00
|
|
|
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
1998-12-21 18:52:47 +08:00
|
|
|
*
|
2018-12-06 20:00:26 +08:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 02:18:30 +08:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
1998-12-21 18:52:47 +08:00
|
|
|
*/
|
2016-05-18 02:18:30 +08:00
|
|
|
|
2015-01-27 23:06:22 +08:00
|
|
|
#undef SECONDS
|
2021-02-18 17:48:18 +08:00
|
|
|
#define SECONDS 3
|
|
|
|
#define PKEY_SECONDS 10
|
|
|
|
|
|
|
|
#define RSA_SECONDS PKEY_SECONDS
|
|
|
|
#define DSA_SECONDS PKEY_SECONDS
|
|
|
|
#define ECDSA_SECONDS PKEY_SECONDS
|
|
|
|
#define ECDH_SECONDS PKEY_SECONDS
|
|
|
|
#define EdDSA_SECONDS PKEY_SECONDS
|
|
|
|
#define SM2_SECONDS PKEY_SECONDS
|
|
|
|
#define FFDH_SECONDS PKEY_SECONDS
|
2022-12-24 16:20:44 +08:00
|
|
|
#define KEM_SECONDS PKEY_SECONDS
|
|
|
|
#define SIG_SECONDS PKEY_SECONDS
|
2015-01-27 23:06:22 +08:00
|
|
|
|
2023-05-08 12:32:37 +08:00
|
|
|
#define MAX_ALGNAME_SUFFIX 100
|
|
|
|
|
2019-11-29 20:02:54 +08:00
|
|
|
/* We need to use some deprecated APIs */
|
|
|
|
#define OPENSSL_SUPPRESS_DEPRECATED
|
|
|
|
|
2015-01-27 23:06:22 +08:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <math.h>
|
|
|
|
#include "apps.h"
|
2018-01-31 18:13:10 +08:00
|
|
|
#include "progs.h"
|
2022-09-19 12:41:58 +08:00
|
|
|
#include "internal/nelem.h"
|
2022-02-03 02:08:41 +08:00
|
|
|
#include "internal/numbers.h"
|
2015-01-27 23:06:22 +08:00
|
|
|
#include <openssl/crypto.h>
|
|
|
|
#include <openssl/rand.h>
|
|
|
|
#include <openssl/err.h>
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
#include <openssl/objects.h>
|
2021-02-18 17:48:18 +08:00
|
|
|
#include <openssl/core_names.h>
|
2015-12-09 15:26:38 +08:00
|
|
|
#include <openssl/async.h>
|
2022-12-24 16:20:44 +08:00
|
|
|
#include <openssl/provider.h>
|
2015-01-27 23:06:22 +08:00
|
|
|
#if !defined(OPENSSL_SYS_MSDOS)
|
2019-06-21 05:07:25 +08:00
|
|
|
# include <unistd.h>
|
2015-01-27 23:06:22 +08:00
|
|
|
#endif
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2020-09-07 05:37:47 +08:00
|
|
|
#if defined(__TANDEM)
|
|
|
|
# if defined(OPENSSL_TANDEM_FLOSS)
|
|
|
|
# include <floss.h(floss_fork)>
|
|
|
|
# endif
|
|
|
|
#endif
|
|
|
|
|
2016-01-17 02:30:48 +08:00
|
|
|
#if defined(_WIN32)
|
2015-01-27 23:06:22 +08:00
|
|
|
# include <windows.h>
|
2022-08-29 23:05:41 +08:00
|
|
|
/*
|
|
|
|
* While VirtualLock is available under the app partition (e.g. UWP),
|
|
|
|
* the headers do not define the API. Define it ourselves instead.
|
|
|
|
*/
|
|
|
|
WINBASEAPI
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
VirtualLock(
|
|
|
|
_In_ LPVOID lpAddress,
|
|
|
|
_In_ SIZE_T dwSize
|
|
|
|
);
|
|
|
|
#endif
|
|
|
|
|
2022-12-02 02:24:47 +08:00
|
|
|
#if defined(OPENSSL_SYS_LINUX)
|
|
|
|
# include <sys/mman.h>
|
2015-01-27 23:06:22 +08:00
|
|
|
#endif
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2015-01-27 23:06:22 +08:00
|
|
|
#include <openssl/bn.h>
|
2021-02-18 17:48:18 +08:00
|
|
|
#include <openssl/rsa.h>
|
|
|
|
#include "./testrsa.h"
|
2020-01-19 02:13:02 +08:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
# include <openssl/dh.h>
|
|
|
|
#endif
|
2015-01-27 23:06:22 +08:00
|
|
|
#include <openssl/x509.h>
|
2021-02-18 17:48:18 +08:00
|
|
|
#include <openssl/dsa.h>
|
|
|
|
#include "./testdsa.h"
|
2015-01-27 23:06:22 +08:00
|
|
|
#include <openssl/modes.h>
|
2014-05-27 04:57:25 +08:00
|
|
|
|
2015-01-27 23:06:22 +08:00
|
|
|
#ifndef HAVE_FORK
|
2018-12-20 19:59:31 +08:00
|
|
|
# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
|
2015-01-27 23:06:22 +08:00
|
|
|
# define HAVE_FORK 0
|
2015-01-22 11:40:55 +08:00
|
|
|
# else
|
2015-01-27 23:06:22 +08:00
|
|
|
# define HAVE_FORK 1
|
2022-08-29 22:54:02 +08:00
|
|
|
# include <sys/wait.h>
|
2015-01-22 11:40:55 +08:00
|
|
|
# endif
|
2015-01-27 23:06:22 +08:00
|
|
|
#endif
|
2001-10-26 00:08:17 +08:00
|
|
|
|
2015-01-27 23:06:22 +08:00
|
|
|
#if HAVE_FORK
|
|
|
|
# undef NO_FORK
|
|
|
|
#else
|
|
|
|
# define NO_FORK
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#define MAX_MISALIGNMENT 63
|
2016-02-18 18:56:53 +08:00
|
|
|
#define MAX_ECDH_SIZE 256
|
|
|
|
#define MISALIGN 64
|
2020-01-19 02:13:02 +08:00
|
|
|
#define MAX_FFDH_SIZE 1024
|
2016-02-18 18:56:53 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef RSA_DEFAULT_PRIME_NUM
|
|
|
|
# define RSA_DEFAULT_PRIME_NUM 2
|
|
|
|
#endif
|
|
|
|
|
2018-01-12 11:37:39 +08:00
|
|
|
typedef struct openssl_speed_sec_st {
|
2017-12-02 17:05:35 +08:00
|
|
|
int sym;
|
|
|
|
int rsa;
|
|
|
|
int dsa;
|
|
|
|
int ecdsa;
|
|
|
|
int ecdh;
|
2018-09-07 14:39:19 +08:00
|
|
|
int eddsa;
|
2019-09-29 22:25:10 +08:00
|
|
|
int sm2;
|
2020-01-19 02:13:02 +08:00
|
|
|
int ffdh;
|
2022-12-24 16:20:44 +08:00
|
|
|
int kem;
|
|
|
|
int sig;
|
2018-01-12 11:37:39 +08:00
|
|
|
} openssl_speed_sec_t;
|
2017-12-02 17:05:35 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
static volatile int run = 0;
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2018-05-10 04:27:27 +08:00
|
|
|
static int mr = 0; /* machine-readeable output format to merge fork results */
|
2015-01-22 11:40:55 +08:00
|
|
|
static int usertime = 1;
|
2001-09-27 23:43:55 +08:00
|
|
|
|
2001-10-25 22:27:17 +08:00
|
|
|
static double Time_F(int s);
|
2023-04-21 15:04:57 +08:00
|
|
|
static void print_message(const char *s, int length, int tm);
|
2005-03-21 07:12:13 +08:00
|
|
|
static void pkey_print_message(const char *str, const char *str2,
|
2023-04-21 15:04:57 +08:00
|
|
|
unsigned int bits, int sec);
|
|
|
|
static void kskey_print_message(const char *str, const char *str2, int tm);
|
2015-01-22 11:40:55 +08:00
|
|
|
static void print_result(int alg, int run_no, int count, double time_used);
|
2015-01-27 23:06:22 +08:00
|
|
|
#ifndef NO_FORK
|
2017-12-02 17:05:35 +08:00
|
|
|
static int do_multi(int multi, int size_num);
|
2015-01-27 23:06:22 +08:00
|
|
|
#endif
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-08-29 23:05:41 +08:00
|
|
|
static int domlock = 0;
|
|
|
|
|
2017-12-02 17:05:35 +08:00
|
|
|
static const int lengths_list[] = {
|
|
|
|
16, 64, 256, 1024, 8 * 1024, 16 * 1024
|
|
|
|
};
|
2018-05-10 04:27:27 +08:00
|
|
|
#define SIZE_NUM OSSL_NELEM(lengths_list)
|
2017-12-02 17:05:35 +08:00
|
|
|
static const int *lengths = lengths_list;
|
|
|
|
|
2018-05-19 21:43:11 +08:00
|
|
|
static const int aead_lengths_list[] = {
|
|
|
|
2, 31, 136, 1024, 8 * 1024, 16 * 1024
|
|
|
|
};
|
|
|
|
|
2018-05-19 21:53:29 +08:00
|
|
|
#define START 0
|
|
|
|
#define STOP 1
|
|
|
|
|
2015-01-27 23:06:22 +08:00
|
|
|
#ifdef SIGALRM
|
2001-11-06 21:40:27 +08:00
|
|
|
|
2023-04-21 15:04:57 +08:00
|
|
|
static void alarmed(ossl_unused int sig)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2018-05-19 21:53:29 +08:00
|
|
|
signal(SIGALRM, alarmed);
|
2015-01-22 11:40:55 +08:00
|
|
|
run = 0;
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2018-05-19 21:53:29 +08:00
|
|
|
static double Time_F(int s)
|
|
|
|
{
|
|
|
|
double ret = app_tminterval(s, usertime);
|
|
|
|
if (s == STOP)
|
|
|
|
alarm(0);
|
|
|
|
return ret;
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2018-05-19 21:53:29 +08:00
|
|
|
#elif defined(_WIN32)
|
|
|
|
|
|
|
|
# define SIGALRM -1
|
2003-11-28 21:10:58 +08:00
|
|
|
|
2017-07-24 23:28:50 +08:00
|
|
|
static unsigned int lapse;
|
|
|
|
static volatile unsigned int schlock;
|
2015-01-22 11:40:55 +08:00
|
|
|
static void alarm_win32(unsigned int secs)
|
|
|
|
{
|
|
|
|
lapse = secs * 1000;
|
|
|
|
}
|
2003-11-28 21:10:58 +08:00
|
|
|
|
2015-01-27 23:06:22 +08:00
|
|
|
# define alarm alarm_win32
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
static DWORD WINAPI sleepy(VOID * arg)
|
|
|
|
{
|
|
|
|
schlock = 1;
|
|
|
|
Sleep(lapse);
|
|
|
|
run = 0;
|
|
|
|
return 0;
|
|
|
|
}
|
2000-07-01 01:16:46 +08:00
|
|
|
|
2005-11-06 19:40:59 +08:00
|
|
|
static double Time_F(int s)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
double ret;
|
|
|
|
static HANDLE thr;
|
|
|
|
|
|
|
|
if (s == START) {
|
|
|
|
schlock = 0;
|
|
|
|
thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
|
|
|
|
if (thr == NULL) {
|
2015-09-28 22:05:32 +08:00
|
|
|
DWORD err = GetLastError();
|
|
|
|
BIO_printf(bio_err, "unable to CreateThread (%lu)", err);
|
2016-06-16 22:59:42 +08:00
|
|
|
ExitProcess(err);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
while (!schlock)
|
|
|
|
Sleep(0); /* scheduler spinlock */
|
|
|
|
ret = app_tminterval(s, usertime);
|
|
|
|
} else {
|
|
|
|
ret = app_tminterval(s, usertime);
|
|
|
|
if (run)
|
|
|
|
TerminateThread(thr, 0);
|
|
|
|
CloseHandle(thr);
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
2015-01-27 23:06:22 +08:00
|
|
|
#else
|
2021-02-16 00:24:44 +08:00
|
|
|
# error "SIGALRM not defined and the platform is not Windows"
|
2015-01-27 23:06:22 +08:00
|
|
|
#endif
|
2003-02-28 23:37:10 +08:00
|
|
|
|
2018-04-30 07:13:58 +08:00
|
|
|
static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
|
2018-01-12 11:37:39 +08:00
|
|
|
const openssl_speed_sec_t *seconds);
|
2003-02-28 23:37:10 +08:00
|
|
|
|
2018-04-30 07:13:58 +08:00
|
|
|
static int opt_found(const char *name, unsigned int *result,
|
|
|
|
const OPT_PAIR pairs[], unsigned int nbelem)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{
|
2018-04-30 07:13:58 +08:00
|
|
|
unsigned int idx;
|
|
|
|
|
|
|
|
for (idx = 0; idx < nbelem; ++idx, pairs++)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
if (strcmp(name, pairs->name) == 0) {
|
|
|
|
*result = pairs->retval;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
2018-05-10 04:27:27 +08:00
|
|
|
#define opt_found(value, pairs, result)\
|
|
|
|
opt_found(value, result, pairs, OSSL_NELEM(pairs))
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
|
|
|
|
typedef enum OPTION_choice {
|
2021-05-01 21:29:00 +08:00
|
|
|
OPT_COMMON,
|
2018-08-14 12:04:47 +08:00
|
|
|
OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
|
2022-06-21 14:55:55 +08:00
|
|
|
OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM, OPT_CONFIG,
|
2022-12-24 16:20:44 +08:00
|
|
|
OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC, OPT_MLOCK, OPT_KEM, OPT_SIG
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
} OPTION_CHOICE;
|
|
|
|
|
2016-03-13 21:07:50 +08:00
|
|
|
const OPTIONS speed_options[] = {
|
2022-02-01 13:34:35 +08:00
|
|
|
{OPT_HELP_STR, 1, '-',
|
|
|
|
"Usage: %s [options] [algorithm...]\n"
|
|
|
|
"All +int options consider prefix '0' as base-8 input, "
|
|
|
|
"prefix '0x'/'0X' as base-16 input.\n"
|
|
|
|
},
|
2019-11-08 04:08:30 +08:00
|
|
|
|
|
|
|
OPT_SECTION("General"),
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"help", OPT_HELP, '-', "Display this summary"},
|
2016-07-29 03:15:52 +08:00
|
|
|
{"mb", OPT_MB, '-',
|
2018-05-19 21:43:11 +08:00
|
|
|
"Enable (tls1>=1) multi-block mode on EVP-named cipher"},
|
|
|
|
{"mr", OPT_MR, '-', "Produce machine readable output"},
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
#ifndef NO_FORK
|
|
|
|
{"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
|
|
|
|
#endif
|
2016-03-08 00:55:39 +08:00
|
|
|
#ifndef OPENSSL_NO_ASYNC
|
2016-08-07 18:04:26 +08:00
|
|
|
{"async_jobs", OPT_ASYNCJOBS, 'p',
|
2018-05-19 21:43:11 +08:00
|
|
|
"Enable async mode and start specified number of jobs"},
|
2015-12-09 15:26:38 +08:00
|
|
|
#endif
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
#ifndef OPENSSL_NO_ENGINE
|
|
|
|
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
|
|
|
#endif
|
2019-11-08 04:08:30 +08:00
|
|
|
{"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
|
2022-08-29 23:05:41 +08:00
|
|
|
{"mlock", OPT_MLOCK, '-', "Lock memory for better result determinism"},
|
2022-06-21 14:55:55 +08:00
|
|
|
OPT_CONFIG_OPTION,
|
2019-11-08 04:08:30 +08:00
|
|
|
|
|
|
|
OPT_SECTION("Selection"),
|
|
|
|
{"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
|
|
|
|
{"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"},
|
|
|
|
{"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"},
|
|
|
|
{"decrypt", OPT_DECRYPT, '-',
|
|
|
|
"Time decryption instead of encryption (only EVP)"},
|
|
|
|
{"aead", OPT_AEAD, '-',
|
|
|
|
"Benchmark EVP-named AEAD cipher in TLS-like sequence"},
|
2022-12-24 16:20:44 +08:00
|
|
|
{"kem-algorithms", OPT_KEM, '-',
|
|
|
|
"Benchmark KEM algorithms"},
|
|
|
|
{"signature-algorithms", OPT_SIG, '-',
|
|
|
|
"Benchmark signature algorithms"},
|
2019-11-08 04:08:30 +08:00
|
|
|
|
|
|
|
OPT_SECTION("Timing"),
|
2018-05-19 21:43:11 +08:00
|
|
|
{"elapsed", OPT_ELAPSED, '-',
|
|
|
|
"Use wall-clock time instead of CPU user time as divisor"},
|
2017-12-02 17:05:35 +08:00
|
|
|
{"seconds", OPT_SECONDS, 'p',
|
2018-05-19 21:43:11 +08:00
|
|
|
"Run benchmarks for specified amount of seconds"},
|
2017-12-02 17:05:35 +08:00
|
|
|
{"bytes", OPT_BYTES, 'p',
|
2018-05-19 21:43:11 +08:00
|
|
|
"Run [non-PKI] benchmarks on custom-sized buffer"},
|
|
|
|
{"misalign", OPT_MISALIGN, 'p',
|
|
|
|
"Use specified offset to mis-align buffers"},
|
2019-11-08 04:08:30 +08:00
|
|
|
|
|
|
|
OPT_R_OPTIONS,
|
2020-02-25 12:29:30 +08:00
|
|
|
OPT_PROV_OPTIONS,
|
2019-09-20 09:33:17 +08:00
|
|
|
|
|
|
|
OPT_PARAMETERS(),
|
|
|
|
{"algorithm", 0, 0, "Algorithm(s) to test (optional; otherwise tests all)"},
|
2018-04-30 07:13:58 +08:00
|
|
|
{NULL}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
};
|
|
|
|
|
2018-05-10 04:27:27 +08:00
|
|
|
enum {
|
2021-02-16 02:45:01 +08:00
|
|
|
D_MD2, D_MDC2, D_MD4, D_MD5, D_SHA1, D_RMD160,
|
|
|
|
D_SHA256, D_SHA512, D_WHIRLPOOL, D_HMAC,
|
2021-02-18 17:48:18 +08:00
|
|
|
D_CBC_DES, D_EDE3_DES, D_RC4, D_CBC_IDEA, D_CBC_SEED,
|
2018-05-10 04:27:27 +08:00
|
|
|
D_CBC_RC2, D_CBC_RC5, D_CBC_BF, D_CBC_CAST,
|
|
|
|
D_CBC_128_AES, D_CBC_192_AES, D_CBC_256_AES,
|
|
|
|
D_CBC_128_CML, D_CBC_192_CML, D_CBC_256_CML,
|
2021-02-22 20:20:28 +08:00
|
|
|
D_EVP, D_GHASH, D_RAND, D_EVP_CMAC, ALGOR_NUM
|
2018-05-10 04:27:27 +08:00
|
|
|
};
|
|
|
|
/* name of algorithms to test. MUST BE KEEP IN SYNC with above enum ! */
|
|
|
|
static const char *names[ALGOR_NUM] = {
|
2021-02-16 02:45:01 +08:00
|
|
|
"md2", "mdc2", "md4", "md5", "sha1", "rmd160",
|
|
|
|
"sha256", "sha512", "whirlpool", "hmac(md5)",
|
2021-02-18 17:48:18 +08:00
|
|
|
"des-cbc", "des-ede3", "rc4", "idea-cbc", "seed-cbc",
|
|
|
|
"rc2-cbc", "rc5-cbc", "blowfish", "cast-cbc",
|
|
|
|
"aes-128-cbc", "aes-192-cbc", "aes-256-cbc",
|
|
|
|
"camellia-128-cbc", "camellia-192-cbc", "camellia-256-cbc",
|
|
|
|
"evp", "ghash", "rand", "cmac"
|
2018-04-30 07:13:58 +08:00
|
|
|
};
|
|
|
|
|
2018-05-10 04:27:27 +08:00
|
|
|
/* list of configured algorithm (remaining), with some few alias */
|
2018-04-30 07:13:58 +08:00
|
|
|
static const OPT_PAIR doit_choices[] = {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"md2", D_MD2},
|
|
|
|
{"mdc2", D_MDC2},
|
|
|
|
{"md4", D_MD4},
|
|
|
|
{"md5", D_MD5},
|
|
|
|
{"hmac", D_HMAC},
|
|
|
|
{"sha1", D_SHA1},
|
|
|
|
{"sha256", D_SHA256},
|
|
|
|
{"sha512", D_SHA512},
|
|
|
|
{"whirlpool", D_WHIRLPOOL},
|
|
|
|
{"ripemd", D_RMD160},
|
|
|
|
{"rmd160", D_RMD160},
|
|
|
|
{"ripemd160", D_RMD160},
|
|
|
|
{"rc4", D_RC4},
|
|
|
|
{"des-cbc", D_CBC_DES},
|
|
|
|
{"des-ede3", D_EDE3_DES},
|
|
|
|
{"aes-128-cbc", D_CBC_128_AES},
|
|
|
|
{"aes-192-cbc", D_CBC_192_AES},
|
|
|
|
{"aes-256-cbc", D_CBC_256_AES},
|
2021-02-18 17:48:18 +08:00
|
|
|
{"camellia-128-cbc", D_CBC_128_CML},
|
|
|
|
{"camellia-192-cbc", D_CBC_192_CML},
|
|
|
|
{"camellia-256-cbc", D_CBC_256_CML},
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"rc2-cbc", D_CBC_RC2},
|
|
|
|
{"rc2", D_CBC_RC2},
|
|
|
|
{"rc5-cbc", D_CBC_RC5},
|
|
|
|
{"rc5", D_CBC_RC5},
|
|
|
|
{"idea-cbc", D_CBC_IDEA},
|
|
|
|
{"idea", D_CBC_IDEA},
|
|
|
|
{"seed-cbc", D_CBC_SEED},
|
|
|
|
{"seed", D_CBC_SEED},
|
|
|
|
{"bf-cbc", D_CBC_BF},
|
|
|
|
{"blowfish", D_CBC_BF},
|
|
|
|
{"bf", D_CBC_BF},
|
|
|
|
{"cast-cbc", D_CBC_CAST},
|
|
|
|
{"cast", D_CBC_CAST},
|
|
|
|
{"cast5", D_CBC_CAST},
|
|
|
|
{"ghash", D_GHASH},
|
2018-04-30 07:13:58 +08:00
|
|
|
{"rand", D_RAND}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
};
|
|
|
|
|
2018-05-10 04:27:27 +08:00
|
|
|
static double results[ALGOR_NUM][SIZE_NUM];
|
2018-04-30 07:13:58 +08:00
|
|
|
|
2023-03-25 20:06:46 +08:00
|
|
|
enum { R_DSA_1024, R_DSA_2048, DSA_NUM };
|
2018-05-10 04:27:27 +08:00
|
|
|
static const OPT_PAIR dsa_choices[DSA_NUM] = {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"dsa1024", R_DSA_1024},
|
2018-04-30 07:13:58 +08:00
|
|
|
{"dsa2048", R_DSA_2048}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
};
|
2018-04-30 07:13:58 +08:00
|
|
|
static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
|
2000-02-11 17:47:18 +08:00
|
|
|
|
2018-05-10 04:27:27 +08:00
|
|
|
enum {
|
|
|
|
R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680,
|
|
|
|
R_RSA_15360, RSA_NUM
|
|
|
|
};
|
|
|
|
static const OPT_PAIR rsa_choices[RSA_NUM] = {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"rsa512", R_RSA_512},
|
|
|
|
{"rsa1024", R_RSA_1024},
|
|
|
|
{"rsa2048", R_RSA_2048},
|
|
|
|
{"rsa3072", R_RSA_3072},
|
|
|
|
{"rsa4096", R_RSA_4096},
|
|
|
|
{"rsa7680", R_RSA_7680},
|
2018-04-30 07:13:58 +08:00
|
|
|
{"rsa15360", R_RSA_15360}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
};
|
2018-04-30 07:13:58 +08:00
|
|
|
|
2023-06-20 19:40:41 +08:00
|
|
|
static double rsa_results[RSA_NUM][4]; /* 4 ops: sign, verify, encrypt, decrypt */
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
|
2020-01-19 02:13:02 +08:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
enum ff_params_t {
|
|
|
|
R_FFDH_2048, R_FFDH_3072, R_FFDH_4096, R_FFDH_6144, R_FFDH_8192, FFDH_NUM
|
|
|
|
};
|
|
|
|
|
|
|
|
static const OPT_PAIR ffdh_choices[FFDH_NUM] = {
|
|
|
|
{"ffdh2048", R_FFDH_2048},
|
|
|
|
{"ffdh3072", R_FFDH_3072},
|
|
|
|
{"ffdh4096", R_FFDH_4096},
|
|
|
|
{"ffdh6144", R_FFDH_6144},
|
|
|
|
{"ffdh8192", R_FFDH_8192},
|
|
|
|
};
|
|
|
|
|
|
|
|
static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
|
|
|
|
#endif /* OPENSSL_NO_DH */
|
|
|
|
|
2018-05-10 04:27:27 +08:00
|
|
|
enum ec_curves_t {
|
|
|
|
R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_EC2M
|
2018-05-10 04:27:27 +08:00
|
|
|
R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
|
|
|
|
R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif
|
2018-05-10 04:27:27 +08:00
|
|
|
R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1,
|
|
|
|
R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM
|
|
|
|
};
|
|
|
|
/* list of ecdsa curves */
|
|
|
|
static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"ecdsap160", R_EC_P160},
|
|
|
|
{"ecdsap192", R_EC_P192},
|
|
|
|
{"ecdsap224", R_EC_P224},
|
|
|
|
{"ecdsap256", R_EC_P256},
|
|
|
|
{"ecdsap384", R_EC_P384},
|
|
|
|
{"ecdsap521", R_EC_P521},
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_EC2M
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"ecdsak163", R_EC_K163},
|
|
|
|
{"ecdsak233", R_EC_K233},
|
|
|
|
{"ecdsak283", R_EC_K283},
|
|
|
|
{"ecdsak409", R_EC_K409},
|
|
|
|
{"ecdsak571", R_EC_K571},
|
|
|
|
{"ecdsab163", R_EC_B163},
|
|
|
|
{"ecdsab233", R_EC_B233},
|
|
|
|
{"ecdsab283", R_EC_B283},
|
|
|
|
{"ecdsab409", R_EC_B409},
|
2018-05-08 16:34:59 +08:00
|
|
|
{"ecdsab571", R_EC_B571},
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif
|
2018-05-08 16:34:59 +08:00
|
|
|
{"ecdsabrp256r1", R_EC_BRP256R1},
|
|
|
|
{"ecdsabrp256t1", R_EC_BRP256T1},
|
|
|
|
{"ecdsabrp384r1", R_EC_BRP384R1},
|
|
|
|
{"ecdsabrp384t1", R_EC_BRP384T1},
|
|
|
|
{"ecdsabrp512r1", R_EC_BRP512R1},
|
|
|
|
{"ecdsabrp512t1", R_EC_BRP512T1}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
};
|
2023-04-17 16:20:31 +08:00
|
|
|
enum {
|
|
|
|
#ifndef OPENSSL_NO_ECX
|
|
|
|
R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM
|
|
|
|
#else
|
|
|
|
EC_NUM = ECDSA_NUM
|
|
|
|
#endif
|
|
|
|
};
|
2018-05-10 04:27:27 +08:00
|
|
|
/* list of ecdh curves, extension of |ecdsa_choices| list above */
|
|
|
|
static const OPT_PAIR ecdh_choices[EC_NUM] = {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"ecdhp160", R_EC_P160},
|
|
|
|
{"ecdhp192", R_EC_P192},
|
|
|
|
{"ecdhp224", R_EC_P224},
|
|
|
|
{"ecdhp256", R_EC_P256},
|
|
|
|
{"ecdhp384", R_EC_P384},
|
|
|
|
{"ecdhp521", R_EC_P521},
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_EC2M
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
{"ecdhk163", R_EC_K163},
|
|
|
|
{"ecdhk233", R_EC_K233},
|
|
|
|
{"ecdhk283", R_EC_K283},
|
|
|
|
{"ecdhk409", R_EC_K409},
|
|
|
|
{"ecdhk571", R_EC_K571},
|
|
|
|
{"ecdhb163", R_EC_B163},
|
|
|
|
{"ecdhb233", R_EC_B233},
|
|
|
|
{"ecdhb283", R_EC_B283},
|
|
|
|
{"ecdhb409", R_EC_B409},
|
|
|
|
{"ecdhb571", R_EC_B571},
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif
|
2018-05-08 16:34:59 +08:00
|
|
|
{"ecdhbrp256r1", R_EC_BRP256R1},
|
|
|
|
{"ecdhbrp256t1", R_EC_BRP256T1},
|
|
|
|
{"ecdhbrp384r1", R_EC_BRP384R1},
|
|
|
|
{"ecdhbrp384t1", R_EC_BRP384T1},
|
|
|
|
{"ecdhbrp512r1", R_EC_BRP512R1},
|
|
|
|
{"ecdhbrp512t1", R_EC_BRP512T1},
|
2023-04-17 16:20:31 +08:00
|
|
|
#ifndef OPENSSL_NO_ECX
|
2016-02-12 22:11:47 +08:00
|
|
|
{"ecdhx25519", R_EC_X25519},
|
2018-04-30 07:13:58 +08:00
|
|
|
{"ecdhx448", R_EC_X448}
|
2023-04-17 16:20:31 +08:00
|
|
|
#endif
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
};
|
2018-04-30 07:13:58 +08:00
|
|
|
|
2018-05-10 04:27:27 +08:00
|
|
|
static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */
|
|
|
|
static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */
|
2018-09-07 14:39:19 +08:00
|
|
|
|
2023-04-17 16:20:31 +08:00
|
|
|
#ifndef OPENSSL_NO_ECX
|
2018-05-10 04:27:27 +08:00
|
|
|
enum { R_EC_Ed25519, R_EC_Ed448, EdDSA_NUM };
|
|
|
|
static const OPT_PAIR eddsa_choices[EdDSA_NUM] = {
|
2018-09-07 14:39:19 +08:00
|
|
|
{"ed25519", R_EC_Ed25519},
|
|
|
|
{"ed448", R_EC_Ed448}
|
|
|
|
|
2018-05-10 04:27:27 +08:00
|
|
|
};
|
2018-09-07 14:39:19 +08:00
|
|
|
static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */
|
2023-04-17 16:20:31 +08:00
|
|
|
#endif /* OPENSSL_NO_ECX */
|
2019-09-29 22:25:10 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2018-05-10 04:27:27 +08:00
|
|
|
enum { R_EC_CURVESM2, SM2_NUM };
|
|
|
|
static const OPT_PAIR sm2_choices[SM2_NUM] = {
|
2019-09-29 22:25:10 +08:00
|
|
|
{"curveSM2", R_EC_CURVESM2}
|
|
|
|
};
|
2021-02-18 17:48:18 +08:00
|
|
|
# define SM2_ID "TLSv1.3+GM+Cipher+Suite"
|
|
|
|
# define SM2_ID_LEN sizeof("TLSv1.3+GM+Cipher+Suite") - 1
|
2019-09-29 22:25:10 +08:00
|
|
|
static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif /* OPENSSL_NO_SM2 */
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
|
2022-12-24 16:20:44 +08:00
|
|
|
#define MAX_KEM_NUM 111
|
|
|
|
static size_t kems_algs_len = 0;
|
|
|
|
static char *kems_algname[MAX_KEM_NUM] = { NULL };
|
|
|
|
static double kems_results[MAX_KEM_NUM][3]; /* keygen, encaps, decaps */
|
|
|
|
|
|
|
|
#define MAX_SIG_NUM 111
|
|
|
|
static size_t sigs_algs_len = 0;
|
|
|
|
static char *sigs_algname[MAX_SIG_NUM] = { NULL };
|
|
|
|
static double sigs_results[MAX_SIG_NUM][3]; /* keygen, sign, verify */
|
|
|
|
|
2022-02-05 20:39:45 +08:00
|
|
|
#define COND(unused_cond) (run && count < INT_MAX)
|
2021-02-16 00:24:44 +08:00
|
|
|
#define COUNT(d) (count)
|
2015-12-09 15:26:38 +08:00
|
|
|
|
2018-04-30 07:13:58 +08:00
|
|
|
typedef struct loopargs_st {
|
|
|
|
ASYNC_JOB *inprogress_job;
|
|
|
|
ASYNC_WAIT_CTX *wait_ctx;
|
|
|
|
unsigned char *buf;
|
|
|
|
unsigned char *buf2;
|
|
|
|
unsigned char *buf_malloc;
|
|
|
|
unsigned char *buf2_malloc;
|
|
|
|
unsigned char *key;
|
2021-11-03 11:28:23 +08:00
|
|
|
size_t buflen;
|
2018-09-10 23:03:14 +08:00
|
|
|
size_t sigsize;
|
2023-06-20 19:40:41 +08:00
|
|
|
size_t encsize;
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM];
|
|
|
|
EVP_PKEY_CTX *rsa_verify_ctx[RSA_NUM];
|
2023-06-20 19:40:41 +08:00
|
|
|
EVP_PKEY_CTX *rsa_encrypt_ctx[RSA_NUM];
|
|
|
|
EVP_PKEY_CTX *rsa_decrypt_ctx[RSA_NUM];
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_PKEY_CTX *dsa_sign_ctx[DSA_NUM];
|
|
|
|
EVP_PKEY_CTX *dsa_verify_ctx[DSA_NUM];
|
|
|
|
EVP_PKEY_CTX *ecdsa_sign_ctx[ECDSA_NUM];
|
|
|
|
EVP_PKEY_CTX *ecdsa_verify_ctx[ECDSA_NUM];
|
2018-04-30 07:13:58 +08:00
|
|
|
EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
|
2023-04-17 16:20:31 +08:00
|
|
|
#ifndef OPENSSL_NO_ECX
|
2018-09-07 14:39:19 +08:00
|
|
|
EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
|
2020-06-06 23:21:15 +08:00
|
|
|
EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM];
|
2023-04-17 16:20:31 +08:00
|
|
|
#endif /* OPENSSL_NO_ECX */
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2019-09-29 22:25:10 +08:00
|
|
|
EVP_MD_CTX *sm2_ctx[SM2_NUM];
|
|
|
|
EVP_MD_CTX *sm2_vfy_ctx[SM2_NUM];
|
|
|
|
EVP_PKEY *sm2_pkey[SM2_NUM];
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif
|
2018-04-30 07:13:58 +08:00
|
|
|
unsigned char *secret_a;
|
|
|
|
unsigned char *secret_b;
|
|
|
|
size_t outlen[EC_NUM];
|
2020-01-19 02:13:02 +08:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
EVP_PKEY_CTX *ffdh_ctx[FFDH_NUM];
|
|
|
|
unsigned char *secret_ff_a;
|
|
|
|
unsigned char *secret_ff_b;
|
2018-04-30 07:13:58 +08:00
|
|
|
#endif
|
|
|
|
EVP_CIPHER_CTX *ctx;
|
2021-02-16 02:45:01 +08:00
|
|
|
EVP_MAC_CTX *mctx;
|
2022-12-24 16:20:44 +08:00
|
|
|
EVP_PKEY_CTX *kem_gen_ctx[MAX_KEM_NUM];
|
|
|
|
EVP_PKEY_CTX *kem_encaps_ctx[MAX_KEM_NUM];
|
|
|
|
EVP_PKEY_CTX *kem_decaps_ctx[MAX_KEM_NUM];
|
|
|
|
size_t kem_out_len[MAX_KEM_NUM];
|
|
|
|
size_t kem_secret_len[MAX_KEM_NUM];
|
|
|
|
unsigned char *kem_out[MAX_KEM_NUM];
|
|
|
|
unsigned char *kem_send_secret[MAX_KEM_NUM];
|
|
|
|
unsigned char *kem_rcv_secret[MAX_KEM_NUM];
|
|
|
|
EVP_PKEY_CTX *sig_gen_ctx[MAX_KEM_NUM];
|
|
|
|
EVP_PKEY_CTX *sig_sign_ctx[MAX_KEM_NUM];
|
|
|
|
EVP_PKEY_CTX *sig_verify_ctx[MAX_KEM_NUM];
|
|
|
|
size_t sig_max_sig_len[MAX_KEM_NUM];
|
|
|
|
size_t sig_act_sig_len[MAX_KEM_NUM];
|
|
|
|
unsigned char *sig_sig[MAX_KEM_NUM];
|
2018-04-30 07:13:58 +08:00
|
|
|
} loopargs_t;
|
|
|
|
static int run_benchmark(int async_jobs, int (*loop_function) (void *),
|
2023-07-17 02:03:40 +08:00
|
|
|
loopargs_t *loopargs);
|
2018-04-30 07:13:58 +08:00
|
|
|
|
|
|
|
static unsigned int testnum;
|
2015-12-09 15:26:38 +08:00
|
|
|
|
2021-02-16 02:45:01 +08:00
|
|
|
static char *evp_mac_mdname = "md5";
|
|
|
|
static char *evp_hmac_name = NULL;
|
|
|
|
static const char *evp_md_name = NULL;
|
2021-02-18 17:48:18 +08:00
|
|
|
static char *evp_mac_ciphername = "aes-128-cbc";
|
|
|
|
static char *evp_cmac_name = NULL;
|
2021-02-16 02:45:01 +08:00
|
|
|
|
|
|
|
static int have_md(const char *name)
|
2015-12-09 15:26:38 +08:00
|
|
|
{
|
2021-02-18 17:48:18 +08:00
|
|
|
int ret = 0;
|
2021-04-26 18:08:27 +08:00
|
|
|
EVP_MD *md = NULL;
|
2016-07-20 05:57:18 +08:00
|
|
|
|
2021-04-26 18:08:27 +08:00
|
|
|
if (opt_md_silent(name, &md)) {
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
|
|
|
|
|
|
|
|
if (ctx != NULL && EVP_DigestInit(ctx, md) > 0)
|
|
|
|
ret = 1;
|
|
|
|
EVP_MD_CTX_free(ctx);
|
2021-04-26 18:08:27 +08:00
|
|
|
EVP_MD_free(md);
|
2016-06-18 22:46:13 +08:00
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int have_cipher(const char *name)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
2021-04-26 18:08:27 +08:00
|
|
|
EVP_CIPHER *cipher = NULL;
|
2021-02-18 17:48:18 +08:00
|
|
|
|
2021-04-26 18:08:27 +08:00
|
|
|
if (opt_cipher_silent(name, &cipher)) {
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
|
|
|
|
|
|
|
if (ctx != NULL
|
|
|
|
&& EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) > 0)
|
|
|
|
ret = 1;
|
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
2021-04-26 18:08:27 +08:00
|
|
|
EVP_CIPHER_free(cipher);
|
2021-02-18 17:48:18 +08:00
|
|
|
}
|
|
|
|
return ret;
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
|
2023-04-21 15:04:57 +08:00
|
|
|
static int EVP_Digest_loop(const char *mdname, ossl_unused int algindex, void *args)
|
2015-12-09 15:26:38 +08:00
|
|
|
{
|
2016-10-04 14:20:49 +08:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 15:26:38 +08:00
|
|
|
unsigned char *buf = tempargs->buf;
|
2021-02-16 02:45:01 +08:00
|
|
|
unsigned char digest[EVP_MAX_MD_SIZE];
|
2021-04-26 18:08:27 +08:00
|
|
|
int count;
|
|
|
|
EVP_MD *md = NULL;
|
2021-02-16 02:45:01 +08:00
|
|
|
|
2021-04-26 18:08:27 +08:00
|
|
|
if (!opt_md_silent(mdname, &md))
|
2021-02-16 02:45:01 +08:00
|
|
|
return -1;
|
|
|
|
for (count = 0; COND(c[algindex][testnum]); count++) {
|
|
|
|
if (!EVP_Digest(buf, (size_t)lengths[testnum], digest, NULL, md,
|
|
|
|
NULL)) {
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
2016-06-18 22:46:13 +08:00
|
|
|
}
|
2021-04-26 18:08:27 +08:00
|
|
|
EVP_MD_free(md);
|
2015-12-09 15:26:38 +08:00
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
2021-02-16 02:45:01 +08:00
|
|
|
static int EVP_Digest_md_loop(void *args)
|
|
|
|
{
|
|
|
|
return EVP_Digest_loop(evp_md_name, D_EVP, args);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int EVP_Digest_MD2_loop(void *args)
|
|
|
|
{
|
|
|
|
return EVP_Digest_loop("md2", D_MD2, args);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int EVP_Digest_MDC2_loop(void *args)
|
|
|
|
{
|
|
|
|
return EVP_Digest_loop("mdc2", D_MDC2, args);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int EVP_Digest_MD4_loop(void *args)
|
|
|
|
{
|
|
|
|
return EVP_Digest_loop("md4", D_MD4, args);
|
|
|
|
}
|
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
static int MD5_loop(void *args)
|
|
|
|
{
|
2021-02-16 02:45:01 +08:00
|
|
|
return EVP_Digest_loop("md5", D_MD5, args);
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
|
2023-04-21 15:04:57 +08:00
|
|
|
static int EVP_MAC_loop(ossl_unused int algindex, void *args)
|
2015-12-09 15:26:38 +08:00
|
|
|
{
|
2016-10-04 14:20:49 +08:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 15:26:38 +08:00
|
|
|
unsigned char *buf = tempargs->buf;
|
2021-02-16 02:45:01 +08:00
|
|
|
EVP_MAC_CTX *mctx = tempargs->mctx;
|
|
|
|
unsigned char mac[EVP_MAX_MD_SIZE];
|
2015-12-09 15:26:38 +08:00
|
|
|
int count;
|
2016-07-20 05:57:18 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
for (count = 0; COND(c[algindex][testnum]); count++) {
|
2021-02-16 02:45:01 +08:00
|
|
|
size_t outl;
|
2021-02-22 20:20:28 +08:00
|
|
|
|
2021-02-25 12:12:56 +08:00
|
|
|
if (!EVP_MAC_init(mctx, NULL, 0, NULL)
|
2021-02-16 02:45:01 +08:00
|
|
|
|| !EVP_MAC_update(mctx, buf, lengths[testnum])
|
|
|
|
|| !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
|
|
|
|
return -1;
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
static int HMAC_loop(void *args)
|
|
|
|
{
|
|
|
|
return EVP_MAC_loop(D_HMAC, args);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int CMAC_loop(void *args)
|
|
|
|
{
|
|
|
|
return EVP_MAC_loop(D_EVP_CMAC, args);
|
|
|
|
}
|
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
static int SHA1_loop(void *args)
|
|
|
|
{
|
2021-02-16 02:45:01 +08:00
|
|
|
return EVP_Digest_loop("sha1", D_SHA1, args);
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int SHA256_loop(void *args)
|
|
|
|
{
|
2021-02-16 02:45:01 +08:00
|
|
|
return EVP_Digest_loop("sha256", D_SHA256, args);
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int SHA512_loop(void *args)
|
|
|
|
{
|
2021-02-16 02:45:01 +08:00
|
|
|
return EVP_Digest_loop("sha512", D_SHA512, args);
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int WHIRLPOOL_loop(void *args)
|
|
|
|
{
|
2021-02-16 02:45:01 +08:00
|
|
|
return EVP_Digest_loop("whirlpool", D_WHIRLPOOL, args);
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static int EVP_Digest_RMD160_loop(void *args)
|
|
|
|
{
|
2021-02-16 02:45:01 +08:00
|
|
|
return EVP_Digest_loop("ripemd160", D_RMD160, args);
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
static int algindex;
|
2015-12-09 15:26:38 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
static int EVP_Cipher_loop(void *args)
|
2015-12-09 15:26:38 +08:00
|
|
|
{
|
2016-10-04 14:20:49 +08:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 15:26:38 +08:00
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
int count;
|
2021-02-18 17:48:18 +08:00
|
|
|
|
|
|
|
if (tempargs->ctx == NULL)
|
|
|
|
return -1;
|
|
|
|
for (count = 0; COND(c[algindex][testnum]); count++)
|
|
|
|
if (EVP_Cipher(tempargs->ctx, buf, buf, (size_t)lengths[testnum]) <= 0)
|
|
|
|
return -1;
|
2015-12-09 15:26:38 +08:00
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
static int GHASH_loop(void *args)
|
2015-12-09 15:26:38 +08:00
|
|
|
{
|
2016-10-04 14:20:49 +08:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 15:26:38 +08:00
|
|
|
unsigned char *buf = tempargs->buf;
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_MAC_CTX *mctx = tempargs->mctx;
|
2015-12-09 15:26:38 +08:00
|
|
|
int count;
|
2021-02-18 17:48:18 +08:00
|
|
|
|
|
|
|
/* just do the update in the loop to be comparable with 1.1.1 */
|
|
|
|
for (count = 0; COND(c[D_GHASH][testnum]); count++) {
|
|
|
|
if (!EVP_MAC_update(mctx, buf, lengths[testnum]))
|
|
|
|
return -1;
|
|
|
|
}
|
2015-12-09 15:26:38 +08:00
|
|
|
return count;
|
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
|
2016-04-13 18:28:45 +08:00
|
|
|
#define MAX_BLOCK_SIZE 128
|
2015-12-09 15:26:38 +08:00
|
|
|
|
|
|
|
static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
|
2019-12-06 01:09:49 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
static EVP_CIPHER_CTX *init_evp_cipher_ctx(const char *ciphername,
|
|
|
|
const unsigned char *key,
|
|
|
|
int keylen)
|
2015-12-09 15:26:38 +08:00
|
|
|
{
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_CIPHER_CTX *ctx = NULL;
|
2021-04-26 18:08:27 +08:00
|
|
|
EVP_CIPHER *cipher = NULL;
|
2015-12-09 15:26:38 +08:00
|
|
|
|
2021-04-26 18:08:27 +08:00
|
|
|
if (!opt_cipher_silent(ciphername, &cipher))
|
2021-02-18 17:48:18 +08:00
|
|
|
return NULL;
|
2015-12-09 15:26:38 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
|
|
|
|
goto end;
|
2015-12-09 15:26:38 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)) {
|
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
|
|
ctx = NULL;
|
|
|
|
goto end;
|
|
|
|
}
|
2015-12-09 15:26:38 +08:00
|
|
|
|
2022-05-24 22:57:53 +08:00
|
|
|
if (EVP_CIPHER_CTX_set_key_length(ctx, keylen) <= 0) {
|
2021-03-19 07:11:02 +08:00
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
|
|
ctx = NULL;
|
|
|
|
goto end;
|
|
|
|
}
|
2015-12-09 15:26:38 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1)) {
|
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
|
|
ctx = NULL;
|
|
|
|
goto end;
|
|
|
|
}
|
2015-12-09 15:26:38 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
end:
|
2021-04-26 18:08:27 +08:00
|
|
|
EVP_CIPHER_free(cipher);
|
2021-02-18 17:48:18 +08:00
|
|
|
return ctx;
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
|
2017-10-07 17:38:19 +08:00
|
|
|
static int RAND_bytes_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
int count;
|
|
|
|
|
|
|
|
for (count = 0; COND(c[D_RAND][testnum]); count++)
|
|
|
|
RAND_bytes(buf, lengths[testnum]);
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
static int decrypt = 0;
|
|
|
|
static int EVP_Update_loop(void *args)
|
|
|
|
{
|
2016-10-04 14:20:49 +08:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 15:26:38 +08:00
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
EVP_CIPHER_CTX *ctx = tempargs->ctx;
|
2017-12-05 20:10:11 +08:00
|
|
|
int outl, count, rc;
|
2019-10-20 01:37:01 +08:00
|
|
|
|
2017-12-05 20:10:11 +08:00
|
|
|
if (decrypt) {
|
2019-10-20 01:37:01 +08:00
|
|
|
for (count = 0; COND(c[D_EVP][testnum]); count++) {
|
2017-12-05 20:10:11 +08:00
|
|
|
rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
|
2018-02-02 18:09:25 +08:00
|
|
|
if (rc != 1) {
|
|
|
|
/* reset iv in case of counter overflow */
|
2021-06-25 01:23:07 +08:00
|
|
|
rc = EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
|
2018-02-02 18:09:25 +08:00
|
|
|
}
|
2017-12-05 20:10:11 +08:00
|
|
|
}
|
|
|
|
} else {
|
2019-10-20 01:37:01 +08:00
|
|
|
for (count = 0; COND(c[D_EVP][testnum]); count++) {
|
2017-12-05 20:10:11 +08:00
|
|
|
rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
|
2018-02-02 18:09:25 +08:00
|
|
|
if (rc != 1) {
|
|
|
|
/* reset iv in case of counter overflow */
|
2021-06-25 01:23:07 +08:00
|
|
|
rc = EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
|
2018-02-02 18:09:25 +08:00
|
|
|
}
|
2017-12-05 20:10:11 +08:00
|
|
|
}
|
|
|
|
}
|
2015-12-09 15:26:38 +08:00
|
|
|
if (decrypt)
|
2021-06-25 01:23:07 +08:00
|
|
|
rc = EVP_DecryptFinal_ex(ctx, buf, &outl);
|
2015-12-09 15:26:38 +08:00
|
|
|
else
|
2021-06-25 01:23:07 +08:00
|
|
|
rc = EVP_EncryptFinal_ex(ctx, buf, &outl);
|
|
|
|
|
2023-02-16 18:23:09 +08:00
|
|
|
if (rc == 0)
|
2021-06-25 01:23:07 +08:00
|
|
|
BIO_printf(bio_err, "Error finalizing cipher loop\n");
|
2015-12-09 15:26:38 +08:00
|
|
|
return count;
|
|
|
|
}
|
2018-05-19 21:43:11 +08:00
|
|
|
|
2017-02-21 00:49:36 +08:00
|
|
|
/*
|
|
|
|
* CCM does not support streaming. For the purpose of performance measurement,
|
|
|
|
* each message is encrypted using the same (key,iv)-pair. Do not use this
|
|
|
|
* code in your application.
|
|
|
|
*/
|
|
|
|
static int EVP_Update_loop_ccm(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
EVP_CIPHER_CTX *ctx = tempargs->ctx;
|
2021-06-25 01:23:07 +08:00
|
|
|
int outl, count, realcount = 0, final;
|
2017-02-21 00:49:36 +08:00
|
|
|
unsigned char tag[12];
|
2019-10-20 01:37:01 +08:00
|
|
|
|
2017-02-21 00:49:36 +08:00
|
|
|
if (decrypt) {
|
2019-10-20 01:37:01 +08:00
|
|
|
for (count = 0; COND(c[D_EVP][testnum]); count++) {
|
2021-06-25 01:23:07 +08:00
|
|
|
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag),
|
|
|
|
tag) > 0
|
|
|
|
/* reset iv */
|
|
|
|
&& EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) > 0
|
|
|
|
/* counter is reset on every update */
|
|
|
|
&& EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0)
|
|
|
|
realcount++;
|
2017-02-21 00:49:36 +08:00
|
|
|
}
|
|
|
|
} else {
|
2019-10-20 01:37:01 +08:00
|
|
|
for (count = 0; COND(c[D_EVP][testnum]); count++) {
|
2018-02-02 18:09:25 +08:00
|
|
|
/* restore iv length field */
|
2021-06-25 01:23:07 +08:00
|
|
|
if (EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]) > 0
|
|
|
|
/* counter is reset on every update */
|
|
|
|
&& EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0)
|
|
|
|
realcount++;
|
2017-02-21 00:49:36 +08:00
|
|
|
}
|
|
|
|
}
|
2018-02-02 18:09:25 +08:00
|
|
|
if (decrypt)
|
2021-06-25 01:23:07 +08:00
|
|
|
final = EVP_DecryptFinal_ex(ctx, buf, &outl);
|
2018-02-02 18:09:25 +08:00
|
|
|
else
|
2021-06-25 01:23:07 +08:00
|
|
|
final = EVP_EncryptFinal_ex(ctx, buf, &outl);
|
|
|
|
|
2023-02-16 18:23:09 +08:00
|
|
|
if (final == 0)
|
2021-06-25 01:23:07 +08:00
|
|
|
BIO_printf(bio_err, "Error finalizing ccm loop\n");
|
|
|
|
return realcount;
|
2017-02-21 00:49:36 +08:00
|
|
|
}
|
2015-12-09 15:26:38 +08:00
|
|
|
|
2018-05-19 21:43:11 +08:00
|
|
|
/*
|
|
|
|
* To make AEAD benchmarking more relevant perform TLS-like operations,
|
|
|
|
* 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
|
|
|
|
* payload length is not actually limited by 16KB...
|
|
|
|
*/
|
|
|
|
static int EVP_Update_loop_aead(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
EVP_CIPHER_CTX *ctx = tempargs->ctx;
|
2021-06-25 01:23:07 +08:00
|
|
|
int outl, count, realcount = 0;
|
2018-05-19 21:43:11 +08:00
|
|
|
unsigned char aad[13] = { 0xcc };
|
|
|
|
unsigned char faketag[16] = { 0xcc };
|
2019-10-20 01:37:01 +08:00
|
|
|
|
2018-05-19 21:43:11 +08:00
|
|
|
if (decrypt) {
|
2019-10-20 01:37:01 +08:00
|
|
|
for (count = 0; COND(c[D_EVP][testnum]); count++) {
|
2021-06-25 01:23:07 +08:00
|
|
|
if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) > 0
|
|
|
|
&& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
|
|
|
|
sizeof(faketag), faketag) > 0
|
|
|
|
&& EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)) > 0
|
|
|
|
&& EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0
|
|
|
|
&& EVP_DecryptFinal_ex(ctx, buf + outl, &outl) >0)
|
|
|
|
realcount++;
|
2018-05-19 21:43:11 +08:00
|
|
|
}
|
|
|
|
} else {
|
2019-10-20 01:37:01 +08:00
|
|
|
for (count = 0; COND(c[D_EVP][testnum]); count++) {
|
2021-06-25 01:23:07 +08:00
|
|
|
if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) > 0
|
|
|
|
&& EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)) > 0
|
|
|
|
&& EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0
|
|
|
|
&& EVP_EncryptFinal_ex(ctx, buf + outl, &outl) > 0)
|
|
|
|
realcount++;
|
2018-05-19 21:43:11 +08:00
|
|
|
}
|
|
|
|
}
|
2021-06-25 01:23:07 +08:00
|
|
|
return realcount;
|
2018-05-19 21:43:11 +08:00
|
|
|
}
|
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
static int RSA_sign_loop(void *args)
|
|
|
|
{
|
2016-10-04 14:20:49 +08:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 15:26:38 +08:00
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
2021-02-18 17:48:18 +08:00
|
|
|
size_t *rsa_num = &tempargs->sigsize;
|
|
|
|
EVP_PKEY_CTX **rsa_sign_ctx = tempargs->rsa_sign_ctx;
|
2015-12-09 15:26:38 +08:00
|
|
|
int ret, count;
|
2021-02-22 20:20:28 +08:00
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
for (count = 0; COND(rsa_c[testnum][0]); count++) {
|
2021-11-03 11:28:23 +08:00
|
|
|
*rsa_num = tempargs->buflen;
|
2021-02-18 17:48:18 +08:00
|
|
|
ret = EVP_PKEY_sign(rsa_sign_ctx[testnum], buf2, rsa_num, buf, 36);
|
|
|
|
if (ret <= 0) {
|
2015-12-09 15:26:38 +08:00
|
|
|
BIO_printf(bio_err, "RSA sign failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int RSA_verify_loop(void *args)
|
|
|
|
{
|
2016-10-04 14:20:49 +08:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 15:26:38 +08:00
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
2021-02-18 17:48:18 +08:00
|
|
|
size_t rsa_num = tempargs->sigsize;
|
|
|
|
EVP_PKEY_CTX **rsa_verify_ctx = tempargs->rsa_verify_ctx;
|
2015-12-09 15:26:38 +08:00
|
|
|
int ret, count;
|
2021-02-22 20:20:28 +08:00
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
for (count = 0; COND(rsa_c[testnum][1]); count++) {
|
2021-02-18 17:48:18 +08:00
|
|
|
ret = EVP_PKEY_verify(rsa_verify_ctx[testnum], buf2, rsa_num, buf, 36);
|
2015-12-09 15:26:38 +08:00
|
|
|
if (ret <= 0) {
|
|
|
|
BIO_printf(bio_err, "RSA verify failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
2023-06-20 19:40:41 +08:00
|
|
|
static int RSA_encrypt_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
|
|
|
size_t *rsa_num = &tempargs->encsize;
|
|
|
|
EVP_PKEY_CTX **rsa_encrypt_ctx = tempargs->rsa_encrypt_ctx;
|
|
|
|
int ret, count;
|
|
|
|
|
|
|
|
for (count = 0; COND(rsa_c[testnum][2]); count++) {
|
|
|
|
*rsa_num = tempargs->buflen;
|
|
|
|
ret = EVP_PKEY_encrypt(rsa_encrypt_ctx[testnum], buf2, rsa_num, buf, 36);
|
|
|
|
if (ret <= 0) {
|
|
|
|
BIO_printf(bio_err, "RSA encrypt failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int RSA_decrypt_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
|
|
|
size_t rsa_num;
|
|
|
|
EVP_PKEY_CTX **rsa_decrypt_ctx = tempargs->rsa_decrypt_ctx;
|
|
|
|
int ret, count;
|
|
|
|
|
|
|
|
for (count = 0; COND(rsa_c[testnum][3]); count++) {
|
|
|
|
rsa_num = tempargs->buflen;
|
|
|
|
ret = EVP_PKEY_decrypt(rsa_decrypt_ctx[testnum], buf, &rsa_num, buf2, tempargs->encsize);
|
|
|
|
if (ret <= 0) {
|
|
|
|
BIO_printf(bio_err, "RSA decrypt failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
2020-01-19 02:13:02 +08:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
|
|
|
|
static int FFDH_derive_key_loop(void *args)
|
|
|
|
{
|
2021-02-22 20:20:28 +08:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum];
|
|
|
|
unsigned char *derived_secret = tempargs->secret_ff_a;
|
|
|
|
int count;
|
2020-01-19 02:13:02 +08:00
|
|
|
|
2022-07-11 18:49:56 +08:00
|
|
|
for (count = 0; COND(ffdh_c[testnum][0]); count++) {
|
|
|
|
/* outlen can be overwritten with a too small value (no padding used) */
|
|
|
|
size_t outlen = MAX_FFDH_SIZE;
|
|
|
|
|
2021-02-22 20:20:28 +08:00
|
|
|
EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen);
|
2022-07-11 18:49:56 +08:00
|
|
|
}
|
2021-02-22 20:20:28 +08:00
|
|
|
return count;
|
2020-01-19 02:13:02 +08:00
|
|
|
}
|
|
|
|
#endif /* OPENSSL_NO_DH */
|
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
static int DSA_sign_loop(void *args)
|
|
|
|
{
|
2016-10-04 14:20:49 +08:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 15:26:38 +08:00
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
2021-02-18 17:48:18 +08:00
|
|
|
size_t *dsa_num = &tempargs->sigsize;
|
|
|
|
EVP_PKEY_CTX **dsa_sign_ctx = tempargs->dsa_sign_ctx;
|
2015-12-09 15:26:38 +08:00
|
|
|
int ret, count;
|
2021-02-22 20:20:28 +08:00
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
for (count = 0; COND(dsa_c[testnum][0]); count++) {
|
2021-11-03 11:28:23 +08:00
|
|
|
*dsa_num = tempargs->buflen;
|
2021-02-18 17:48:18 +08:00
|
|
|
ret = EVP_PKEY_sign(dsa_sign_ctx[testnum], buf2, dsa_num, buf, 20);
|
|
|
|
if (ret <= 0) {
|
2015-12-09 15:26:38 +08:00
|
|
|
BIO_printf(bio_err, "DSA sign failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2016-02-18 18:56:53 +08:00
|
|
|
count = -1;
|
2015-12-09 15:26:38 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int DSA_verify_loop(void *args)
|
|
|
|
{
|
2016-10-04 14:20:49 +08:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 15:26:38 +08:00
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
2021-02-18 17:48:18 +08:00
|
|
|
size_t dsa_num = tempargs->sigsize;
|
|
|
|
EVP_PKEY_CTX **dsa_verify_ctx = tempargs->dsa_verify_ctx;
|
2015-12-09 15:26:38 +08:00
|
|
|
int ret, count;
|
2021-02-22 20:20:28 +08:00
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
for (count = 0; COND(dsa_c[testnum][1]); count++) {
|
2021-02-18 17:48:18 +08:00
|
|
|
ret = EVP_PKEY_verify(dsa_verify_ctx[testnum], buf2, dsa_num, buf, 20);
|
2015-12-09 15:26:38 +08:00
|
|
|
if (ret <= 0) {
|
|
|
|
BIO_printf(bio_err, "DSA verify failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2016-02-18 18:56:53 +08:00
|
|
|
count = -1;
|
2015-12-09 15:26:38 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int ECDSA_sign_loop(void *args)
|
|
|
|
{
|
2016-10-04 14:20:49 +08:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 15:26:38 +08:00
|
|
|
unsigned char *buf = tempargs->buf;
|
2021-02-18 17:48:18 +08:00
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
|
|
|
size_t *ecdsa_num = &tempargs->sigsize;
|
|
|
|
EVP_PKEY_CTX **ecdsa_sign_ctx = tempargs->ecdsa_sign_ctx;
|
2015-12-09 15:26:38 +08:00
|
|
|
int ret, count;
|
2021-02-22 20:20:28 +08:00
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
|
2021-11-03 11:28:23 +08:00
|
|
|
*ecdsa_num = tempargs->buflen;
|
2021-02-18 17:48:18 +08:00
|
|
|
ret = EVP_PKEY_sign(ecdsa_sign_ctx[testnum], buf2, ecdsa_num, buf, 20);
|
|
|
|
if (ret <= 0) {
|
2015-12-09 15:26:38 +08:00
|
|
|
BIO_printf(bio_err, "ECDSA sign failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2016-02-18 18:56:53 +08:00
|
|
|
count = -1;
|
2015-12-09 15:26:38 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int ECDSA_verify_loop(void *args)
|
|
|
|
{
|
2016-10-04 14:20:49 +08:00
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
2015-12-09 15:26:38 +08:00
|
|
|
unsigned char *buf = tempargs->buf;
|
2021-02-18 17:48:18 +08:00
|
|
|
unsigned char *buf2 = tempargs->buf2;
|
|
|
|
size_t ecdsa_num = tempargs->sigsize;
|
|
|
|
EVP_PKEY_CTX **ecdsa_verify_ctx = tempargs->ecdsa_verify_ctx;
|
2015-12-09 15:26:38 +08:00
|
|
|
int ret, count;
|
2021-02-22 20:20:28 +08:00
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
|
2021-02-22 20:20:28 +08:00
|
|
|
ret = EVP_PKEY_verify(ecdsa_verify_ctx[testnum], buf2, ecdsa_num,
|
|
|
|
buf, 20);
|
2021-02-18 17:48:18 +08:00
|
|
|
if (ret <= 0) {
|
2015-12-09 15:26:38 +08:00
|
|
|
BIO_printf(bio_err, "ECDSA verify failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2016-02-18 18:56:53 +08:00
|
|
|
count = -1;
|
2015-12-09 15:26:38 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
2016-07-23 20:26:07 +08:00
|
|
|
/* ******************************************************************** */
|
2016-07-20 06:16:45 +08:00
|
|
|
|
2016-10-04 01:28:32 +08:00
|
|
|
static int ECDH_EVP_derive_key_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum];
|
|
|
|
unsigned char *derived_secret = tempargs->secret_a;
|
2016-08-02 17:20:45 +08:00
|
|
|
int count;
|
2016-10-04 14:17:11 +08:00
|
|
|
size_t *outlen = &(tempargs->outlen[testnum]);
|
2016-07-13 05:13:20 +08:00
|
|
|
|
2016-10-04 20:56:49 +08:00
|
|
|
for (count = 0; COND(ecdh_c[testnum][0]); count++)
|
2016-10-04 21:40:47 +08:00
|
|
|
EVP_PKEY_derive(ctx, derived_secret, outlen);
|
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
return count;
|
|
|
|
}
|
2016-07-29 19:22:42 +08:00
|
|
|
|
2023-04-17 16:20:31 +08:00
|
|
|
#ifndef OPENSSL_NO_ECX
|
2018-09-07 14:39:19 +08:00
|
|
|
static int EdDSA_sign_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
EVP_MD_CTX **edctx = tempargs->eddsa_ctx;
|
|
|
|
unsigned char *eddsasig = tempargs->buf2;
|
2018-09-10 23:03:14 +08:00
|
|
|
size_t *eddsasigsize = &tempargs->sigsize;
|
2018-09-07 14:39:19 +08:00
|
|
|
int ret, count;
|
|
|
|
|
|
|
|
for (count = 0; COND(eddsa_c[testnum][0]); count++) {
|
2023-07-19 21:24:49 +08:00
|
|
|
ret = EVP_DigestSignInit(edctx[testnum], NULL, NULL, NULL, NULL);
|
|
|
|
if (ret == 0) {
|
|
|
|
BIO_printf(bio_err, "EdDSA sign init failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
2018-09-10 23:03:14 +08:00
|
|
|
ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
|
2018-09-07 14:39:19 +08:00
|
|
|
if (ret == 0) {
|
|
|
|
BIO_printf(bio_err, "EdDSA sign failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int EdDSA_verify_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
unsigned char *buf = tempargs->buf;
|
2020-06-06 23:21:15 +08:00
|
|
|
EVP_MD_CTX **edctx = tempargs->eddsa_ctx2;
|
2018-09-07 14:39:19 +08:00
|
|
|
unsigned char *eddsasig = tempargs->buf2;
|
2018-09-10 23:03:14 +08:00
|
|
|
size_t eddsasigsize = tempargs->sigsize;
|
2018-09-07 14:39:19 +08:00
|
|
|
int ret, count;
|
|
|
|
|
|
|
|
for (count = 0; COND(eddsa_c[testnum][1]); count++) {
|
2023-07-19 21:24:49 +08:00
|
|
|
ret = EVP_DigestVerifyInit(edctx[testnum], NULL, NULL, NULL, NULL);
|
|
|
|
if (ret == 0) {
|
|
|
|
BIO_printf(bio_err, "EdDSA verify init failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
2018-09-10 23:03:14 +08:00
|
|
|
ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
|
2018-09-07 14:39:19 +08:00
|
|
|
if (ret != 1) {
|
|
|
|
BIO_printf(bio_err, "EdDSA verify failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
2023-04-17 16:20:31 +08:00
|
|
|
#endif /* OPENSSL_NO_ECX */
|
2019-09-29 22:25:10 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2019-09-29 22:25:10 +08:00
|
|
|
static int SM2_sign_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
EVP_MD_CTX **sm2ctx = tempargs->sm2_ctx;
|
|
|
|
unsigned char *sm2sig = tempargs->buf2;
|
2021-02-10 17:52:29 +08:00
|
|
|
size_t sm2sigsize;
|
2019-09-29 22:25:10 +08:00
|
|
|
int ret, count;
|
|
|
|
EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
const size_t max_size = EVP_PKEY_get_size(sm2_pkey[testnum]);
|
2019-09-29 22:25:10 +08:00
|
|
|
|
|
|
|
for (count = 0; COND(sm2_c[testnum][0]); count++) {
|
2021-02-10 17:52:29 +08:00
|
|
|
sm2sigsize = max_size;
|
|
|
|
|
2019-09-29 22:25:10 +08:00
|
|
|
if (!EVP_DigestSignInit(sm2ctx[testnum], NULL, EVP_sm3(),
|
|
|
|
NULL, sm2_pkey[testnum])) {
|
|
|
|
BIO_printf(bio_err, "SM2 init sign failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
ret = EVP_DigestSign(sm2ctx[testnum], sm2sig, &sm2sigsize,
|
|
|
|
buf, 20);
|
|
|
|
if (ret == 0) {
|
|
|
|
BIO_printf(bio_err, "SM2 sign failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/* update the latest returned size and always use the fixed buffer size */
|
|
|
|
tempargs->sigsize = sm2sigsize;
|
|
|
|
}
|
|
|
|
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int SM2_verify_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
unsigned char *buf = tempargs->buf;
|
|
|
|
EVP_MD_CTX **sm2ctx = tempargs->sm2_vfy_ctx;
|
|
|
|
unsigned char *sm2sig = tempargs->buf2;
|
|
|
|
size_t sm2sigsize = tempargs->sigsize;
|
|
|
|
int ret, count;
|
|
|
|
EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
|
|
|
|
|
|
|
|
for (count = 0; COND(sm2_c[testnum][1]); count++) {
|
|
|
|
if (!EVP_DigestVerifyInit(sm2ctx[testnum], NULL, EVP_sm3(),
|
|
|
|
NULL, sm2_pkey[testnum])) {
|
|
|
|
BIO_printf(bio_err, "SM2 verify init failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
ret = EVP_DigestVerify(sm2ctx[testnum], sm2sig, sm2sigsize,
|
|
|
|
buf, 20);
|
|
|
|
if (ret != 1) {
|
|
|
|
BIO_printf(bio_err, "SM2 verify failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif /* OPENSSL_NO_SM2 */
|
2015-12-09 15:26:38 +08:00
|
|
|
|
2022-12-24 16:20:44 +08:00
|
|
|
static int KEM_keygen_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
EVP_PKEY_CTX *ctx = tempargs->kem_gen_ctx[testnum];
|
|
|
|
EVP_PKEY *pkey = NULL;
|
|
|
|
int count;
|
|
|
|
|
|
|
|
for (count = 0; COND(kems_c[testnum][0]); count++) {
|
|
|
|
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
|
|
|
|
return -1;
|
|
|
|
/*
|
|
|
|
* runtime defined to quite some degree by randomness,
|
|
|
|
* so performance overhead of _free doesn't impact
|
|
|
|
* results significantly. In any case this test is
|
|
|
|
* meant to permit relative algorithm performance
|
|
|
|
* comparison.
|
|
|
|
*/
|
|
|
|
EVP_PKEY_free(pkey);
|
|
|
|
pkey = NULL;
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int KEM_encaps_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
EVP_PKEY_CTX *ctx = tempargs->kem_encaps_ctx[testnum];
|
|
|
|
size_t out_len = tempargs->kem_out_len[testnum];
|
|
|
|
size_t secret_len = tempargs->kem_secret_len[testnum];
|
|
|
|
unsigned char *out = tempargs->kem_out[testnum];
|
|
|
|
unsigned char *secret = tempargs->kem_send_secret[testnum];
|
|
|
|
int count;
|
|
|
|
|
|
|
|
for (count = 0; COND(kems_c[testnum][1]); count++) {
|
|
|
|
if (EVP_PKEY_encapsulate(ctx, out, &out_len, secret, &secret_len) <= 0)
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int KEM_decaps_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
EVP_PKEY_CTX *ctx = tempargs->kem_decaps_ctx[testnum];
|
|
|
|
size_t out_len = tempargs->kem_out_len[testnum];
|
|
|
|
size_t secret_len = tempargs->kem_secret_len[testnum];
|
|
|
|
unsigned char *out = tempargs->kem_out[testnum];
|
|
|
|
unsigned char *secret = tempargs->kem_send_secret[testnum];
|
|
|
|
int count;
|
|
|
|
|
|
|
|
for (count = 0; COND(kems_c[testnum][2]); count++) {
|
|
|
|
if (EVP_PKEY_decapsulate(ctx, secret, &secret_len, out, out_len) <= 0)
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int SIG_keygen_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
EVP_PKEY_CTX *ctx = tempargs->sig_gen_ctx[testnum];
|
|
|
|
EVP_PKEY *pkey = NULL;
|
|
|
|
int count;
|
|
|
|
|
|
|
|
for (count = 0; COND(kems_c[testnum][0]); count++) {
|
|
|
|
EVP_PKEY_keygen(ctx, &pkey);
|
|
|
|
/* TBD: How much does free influence runtime? */
|
|
|
|
EVP_PKEY_free(pkey);
|
|
|
|
pkey = NULL;
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int SIG_sign_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
EVP_PKEY_CTX *ctx = tempargs->sig_sign_ctx[testnum];
|
|
|
|
/* be sure to not change stored sig: */
|
|
|
|
unsigned char *sig = app_malloc(tempargs->sig_max_sig_len[testnum],
|
|
|
|
"sig sign loop");
|
|
|
|
unsigned char md[SHA256_DIGEST_LENGTH] = { 0 };
|
|
|
|
size_t md_len = SHA256_DIGEST_LENGTH;
|
|
|
|
int count;
|
|
|
|
|
|
|
|
for (count = 0; COND(kems_c[testnum][1]); count++) {
|
|
|
|
size_t sig_len = tempargs->sig_max_sig_len[testnum];
|
|
|
|
int ret = EVP_PKEY_sign(ctx, sig, &sig_len, md, md_len);
|
|
|
|
|
|
|
|
if (ret <= 0) {
|
|
|
|
BIO_printf(bio_err, "SIG sign failure at count %d\n", count);
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
OPENSSL_free(sig);
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int SIG_verify_loop(void *args)
|
|
|
|
{
|
|
|
|
loopargs_t *tempargs = *(loopargs_t **) args;
|
|
|
|
EVP_PKEY_CTX *ctx = tempargs->sig_verify_ctx[testnum];
|
|
|
|
size_t sig_len = tempargs->sig_act_sig_len[testnum];
|
|
|
|
unsigned char *sig = tempargs->sig_sig[testnum];
|
|
|
|
unsigned char md[SHA256_DIGEST_LENGTH] = { 0 };
|
|
|
|
size_t md_len = SHA256_DIGEST_LENGTH;
|
|
|
|
int count;
|
|
|
|
|
|
|
|
for (count = 0; COND(kems_c[testnum][2]); count++) {
|
|
|
|
int ret = EVP_PKEY_verify(ctx, sig, sig_len, md, md_len);
|
|
|
|
|
|
|
|
if (ret <= 0) {
|
|
|
|
BIO_printf(bio_err, "SIG verify failure at count %d\n", count);
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
count = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
2016-07-29 03:15:52 +08:00
|
|
|
static int run_benchmark(int async_jobs,
|
2023-07-17 02:03:40 +08:00
|
|
|
int (*loop_function) (void *), loopargs_t *loopargs)
|
2015-12-09 15:26:38 +08:00
|
|
|
{
|
|
|
|
int job_op_count = 0;
|
|
|
|
int total_op_count = 0;
|
|
|
|
int num_inprogress = 0;
|
2016-07-29 03:15:52 +08:00
|
|
|
int error = 0, i = 0, ret = 0;
|
2016-02-29 19:28:55 +08:00
|
|
|
OSSL_ASYNC_FD job_fd = 0;
|
|
|
|
size_t num_job_fds = 0;
|
2015-12-09 15:26:38 +08:00
|
|
|
|
2016-02-18 18:56:53 +08:00
|
|
|
if (async_jobs == 0) {
|
2016-08-18 06:51:20 +08:00
|
|
|
return loop_function((void *)&loopargs);
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < async_jobs && !error; i++) {
|
2016-08-18 06:51:20 +08:00
|
|
|
loopargs_t *looparg_item = loopargs + i;
|
|
|
|
|
|
|
|
/* Copy pointer content (looparg_t item address) into async context */
|
2016-07-29 03:15:52 +08:00
|
|
|
ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
|
|
|
|
&job_op_count, loop_function,
|
2016-08-18 06:51:20 +08:00
|
|
|
(void *)&looparg_item, sizeof(looparg_item));
|
2016-07-29 03:15:52 +08:00
|
|
|
switch (ret) {
|
2016-07-29 04:51:18 +08:00
|
|
|
case ASYNC_PAUSE:
|
|
|
|
++num_inprogress;
|
|
|
|
break;
|
|
|
|
case ASYNC_FINISH:
|
|
|
|
if (job_op_count == -1) {
|
2015-12-09 15:26:38 +08:00
|
|
|
error = 1;
|
2016-07-29 04:51:18 +08:00
|
|
|
} else {
|
|
|
|
total_op_count += job_op_count;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case ASYNC_NO_JOBS:
|
|
|
|
case ASYNC_ERR:
|
|
|
|
BIO_printf(bio_err, "Failure in the job\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
error = 1;
|
|
|
|
break;
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
while (num_inprogress > 0) {
|
2016-03-08 12:51:04 +08:00
|
|
|
#if defined(OPENSSL_SYS_WINDOWS)
|
2016-03-03 15:09:00 +08:00
|
|
|
DWORD avail = 0;
|
2016-03-08 12:51:04 +08:00
|
|
|
#elif defined(OPENSSL_SYS_UNIX)
|
2015-12-09 15:26:38 +08:00
|
|
|
int select_result = 0;
|
2016-03-03 15:09:00 +08:00
|
|
|
OSSL_ASYNC_FD max_fd = 0;
|
|
|
|
fd_set waitfdset;
|
2016-03-07 19:20:01 +08:00
|
|
|
|
2016-03-03 15:09:00 +08:00
|
|
|
FD_ZERO(&waitfdset);
|
2016-02-29 19:28:55 +08:00
|
|
|
|
2016-03-03 15:09:00 +08:00
|
|
|
for (i = 0; i < async_jobs && num_inprogress > 0; i++) {
|
|
|
|
if (loopargs[i].inprogress_job == NULL)
|
|
|
|
continue;
|
2016-02-29 19:28:55 +08:00
|
|
|
|
2016-10-04 14:20:49 +08:00
|
|
|
if (!ASYNC_WAIT_CTX_get_all_fds
|
|
|
|
(loopargs[i].wait_ctx, NULL, &num_job_fds)
|
|
|
|
|| num_job_fds > 1) {
|
2016-03-03 15:09:00 +08:00
|
|
|
BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
error = 1;
|
|
|
|
break;
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
2016-10-04 14:20:49 +08:00
|
|
|
ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
|
|
|
|
&num_job_fds);
|
2016-03-03 15:09:00 +08:00
|
|
|
FD_SET(job_fd, &waitfdset);
|
|
|
|
if (job_fd > max_fd)
|
|
|
|
max_fd = job_fd;
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
|
2016-04-15 16:45:25 +08:00
|
|
|
if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
|
2016-03-25 12:19:30 +08:00
|
|
|
BIO_printf(bio_err,
|
2016-10-04 14:20:49 +08:00
|
|
|
"Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
|
|
|
|
"Decrease the value of async_jobs\n",
|
|
|
|
max_fd, FD_SETSIZE);
|
2016-03-25 12:19:30 +08:00
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
error = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2016-03-03 15:09:00 +08:00
|
|
|
select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL);
|
2015-12-09 15:26:38 +08:00
|
|
|
if (select_result == -1 && errno == EINTR)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (select_result == -1) {
|
2016-03-03 15:09:00 +08:00
|
|
|
BIO_printf(bio_err, "Failure in the select\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
error = 1;
|
|
|
|
break;
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if (select_result == 0)
|
|
|
|
continue;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
for (i = 0; i < async_jobs; i++) {
|
|
|
|
if (loopargs[i].inprogress_job == NULL)
|
|
|
|
continue;
|
|
|
|
|
2016-10-04 14:20:49 +08:00
|
|
|
if (!ASYNC_WAIT_CTX_get_all_fds
|
|
|
|
(loopargs[i].wait_ctx, NULL, &num_job_fds)
|
|
|
|
|| num_job_fds > 1) {
|
2016-02-29 19:28:55 +08:00
|
|
|
BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
error = 1;
|
|
|
|
break;
|
|
|
|
}
|
2016-10-04 14:20:49 +08:00
|
|
|
ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
|
|
|
|
&num_job_fds);
|
2015-12-09 15:26:38 +08:00
|
|
|
|
2016-03-08 00:55:39 +08:00
|
|
|
#if defined(OPENSSL_SYS_UNIX)
|
2016-02-29 19:28:55 +08:00
|
|
|
if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
|
2015-12-09 15:26:38 +08:00
|
|
|
continue;
|
2016-03-08 00:55:39 +08:00
|
|
|
#elif defined(OPENSSL_SYS_WINDOWS)
|
2016-07-29 04:51:18 +08:00
|
|
|
if (num_job_fds == 1
|
2016-07-29 03:15:52 +08:00
|
|
|
&& !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
|
2016-07-29 04:51:18 +08:00
|
|
|
&& avail > 0)
|
2015-12-09 15:26:38 +08:00
|
|
|
continue;
|
|
|
|
#endif
|
|
|
|
|
2016-10-11 00:01:24 +08:00
|
|
|
ret = ASYNC_start_job(&loopargs[i].inprogress_job,
|
2016-10-04 14:20:49 +08:00
|
|
|
loopargs[i].wait_ctx, &job_op_count,
|
|
|
|
loop_function, (void *)(loopargs + i),
|
|
|
|
sizeof(loopargs_t));
|
2016-07-29 03:15:52 +08:00
|
|
|
switch (ret) {
|
2016-07-29 04:51:18 +08:00
|
|
|
case ASYNC_PAUSE:
|
|
|
|
break;
|
|
|
|
case ASYNC_FINISH:
|
|
|
|
if (job_op_count == -1) {
|
2015-12-09 15:26:38 +08:00
|
|
|
error = 1;
|
2016-07-29 04:51:18 +08:00
|
|
|
} else {
|
|
|
|
total_op_count += job_op_count;
|
|
|
|
}
|
|
|
|
--num_inprogress;
|
|
|
|
loopargs[i].inprogress_job = NULL;
|
|
|
|
break;
|
|
|
|
case ASYNC_NO_JOBS:
|
|
|
|
case ASYNC_ERR:
|
|
|
|
--num_inprogress;
|
|
|
|
loopargs[i].inprogress_job = NULL;
|
|
|
|
BIO_printf(bio_err, "Failure in the job\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
error = 1;
|
|
|
|
break;
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return error ? -1 : total_op_count;
|
|
|
|
}
|
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
typedef struct ec_curve_st {
|
|
|
|
const char *name;
|
|
|
|
unsigned int nid;
|
|
|
|
unsigned int bits;
|
|
|
|
size_t sigsize; /* only used for EdDSA curves */
|
|
|
|
} EC_CURVE;
|
2020-12-21 21:23:17 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
static EVP_PKEY *get_ecdsa(const EC_CURVE *curve)
|
2020-12-21 21:23:17 +08:00
|
|
|
{
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_PKEY_CTX *kctx = NULL;
|
|
|
|
EVP_PKEY *key = NULL;
|
2020-12-21 21:23:17 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
/* Ensure that the error queue is empty */
|
|
|
|
if (ERR_peek_error()) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"WARNING: the error queue contains previous unhandled errors.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-21 21:23:17 +08:00
|
|
|
}
|
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
/*
|
|
|
|
* Let's try to create a ctx directly from the NID: this works for
|
|
|
|
* curves like Curve25519 that are not implemented through the low
|
|
|
|
* level EC interface.
|
|
|
|
* If this fails we try creating a EVP_PKEY_EC generic param ctx,
|
|
|
|
* then we set the curve by NID before deriving the actual keygen
|
|
|
|
* ctx for that specific curve.
|
|
|
|
*/
|
|
|
|
kctx = EVP_PKEY_CTX_new_id(curve->nid, NULL);
|
|
|
|
if (kctx == NULL) {
|
|
|
|
EVP_PKEY_CTX *pctx = NULL;
|
|
|
|
EVP_PKEY *params = NULL;
|
|
|
|
/*
|
|
|
|
* If we reach this code EVP_PKEY_CTX_new_id() failed and a
|
|
|
|
* "int_ctx_new:unsupported algorithm" error was added to the
|
|
|
|
* error queue.
|
|
|
|
* We remove it from the error queue as we are handling it.
|
|
|
|
*/
|
|
|
|
unsigned long error = ERR_peek_error();
|
|
|
|
|
|
|
|
if (error == ERR_peek_last_error() /* oldest and latest errors match */
|
|
|
|
/* check that the error origin matches */
|
|
|
|
&& ERR_GET_LIB(error) == ERR_LIB_EVP
|
|
|
|
&& (ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM
|
|
|
|
|| ERR_GET_REASON(error) == ERR_R_UNSUPPORTED))
|
|
|
|
ERR_get_error(); /* pop error from queue */
|
|
|
|
if (ERR_peek_error()) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Unhandled error in the error queue during EC key setup.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Create the context for parameter generation */
|
|
|
|
if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL
|
|
|
|
|| EVP_PKEY_paramgen_init(pctx) <= 0
|
|
|
|
|| EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
|
|
|
|
curve->nid) <= 0
|
|
|
|
|| EVP_PKEY_paramgen(pctx, ¶ms) <= 0) {
|
|
|
|
BIO_printf(bio_err, "EC params init failure.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
EVP_PKEY_CTX_free(pctx);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
EVP_PKEY_CTX_free(pctx);
|
|
|
|
|
|
|
|
/* Create the context for the key generation */
|
|
|
|
kctx = EVP_PKEY_CTX_new(params, NULL);
|
|
|
|
EVP_PKEY_free(params);
|
|
|
|
}
|
|
|
|
if (kctx == NULL
|
|
|
|
|| EVP_PKEY_keygen_init(kctx) <= 0
|
|
|
|
|| EVP_PKEY_keygen(kctx, &key) <= 0) {
|
|
|
|
BIO_printf(bio_err, "EC key generation failure.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
key = NULL;
|
|
|
|
}
|
|
|
|
EVP_PKEY_CTX_free(kctx);
|
|
|
|
return key;
|
2020-12-21 21:23:17 +08:00
|
|
|
}
|
|
|
|
|
2018-06-06 01:56:06 +08:00
|
|
|
#define stop_it(do_it, test_num)\
|
|
|
|
memset(do_it + test_num, 0, OSSL_NELEM(do_it) - test_num);
|
|
|
|
|
2022-12-24 16:20:44 +08:00
|
|
|
/* Checks to see if algorithms are fetchable */
|
|
|
|
#define IS_FETCHABLE(type, TYPE) \
|
|
|
|
static int is_ ## type ## _fetchable(const TYPE *alg) \
|
|
|
|
{ \
|
|
|
|
TYPE *impl; \
|
|
|
|
const char *propq = app_get0_propq(); \
|
|
|
|
OSSL_LIB_CTX *libctx = app_get0_libctx(); \
|
|
|
|
const char *name = TYPE ## _get0_name(alg); \
|
|
|
|
\
|
|
|
|
ERR_set_mark(); \
|
|
|
|
impl = TYPE ## _fetch(libctx, name, propq); \
|
|
|
|
ERR_pop_to_mark(); \
|
|
|
|
if (impl == NULL) \
|
|
|
|
return 0; \
|
|
|
|
TYPE ## _free(impl); \
|
|
|
|
return 1; \
|
|
|
|
}
|
|
|
|
|
|
|
|
IS_FETCHABLE(signature, EVP_SIGNATURE)
|
|
|
|
IS_FETCHABLE(kem, EVP_KEM)
|
|
|
|
|
|
|
|
DEFINE_STACK_OF(EVP_KEM)
|
|
|
|
|
|
|
|
static int kems_cmp(const EVP_KEM * const *a,
|
|
|
|
const EVP_KEM * const *b)
|
|
|
|
{
|
|
|
|
return strcmp(OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*a)),
|
|
|
|
OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*b)));
|
|
|
|
}
|
|
|
|
|
|
|
|
static void collect_kem(EVP_KEM *kem, void *stack)
|
|
|
|
{
|
|
|
|
STACK_OF(EVP_KEM) *kem_stack = stack;
|
|
|
|
|
|
|
|
if (is_kem_fetchable(kem)
|
|
|
|
&& sk_EVP_KEM_push(kem_stack, kem) > 0) {
|
|
|
|
EVP_KEM_up_ref(kem);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static int kem_locate(const char *algo, unsigned int *idx)
|
|
|
|
{
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
|
for (i = 0; i < kems_algs_len; i++) {
|
|
|
|
if (strcmp(kems_algname[i], algo) == 0) {
|
|
|
|
*idx = i;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
DEFINE_STACK_OF(EVP_SIGNATURE)
|
|
|
|
|
|
|
|
static int signatures_cmp(const EVP_SIGNATURE * const *a,
|
|
|
|
const EVP_SIGNATURE * const *b)
|
|
|
|
{
|
|
|
|
return strcmp(OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*a)),
|
|
|
|
OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*b)));
|
|
|
|
}
|
|
|
|
|
|
|
|
static void collect_signatures(EVP_SIGNATURE *sig, void *stack)
|
|
|
|
{
|
|
|
|
STACK_OF(EVP_SIGNATURE) *sig_stack = stack;
|
|
|
|
|
|
|
|
if (is_signature_fetchable(sig)
|
|
|
|
&& sk_EVP_SIGNATURE_push(sig_stack, sig) > 0)
|
|
|
|
EVP_SIGNATURE_up_ref(sig);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int sig_locate(const char *algo, unsigned int *idx)
|
|
|
|
{
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
|
for (i = 0; i < sigs_algs_len; i++) {
|
|
|
|
if (strcmp(sigs_algname[i], algo) == 0) {
|
|
|
|
*idx = i;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int get_max(const uint8_t doit[], size_t algs_len) {
|
|
|
|
size_t i = 0;
|
|
|
|
int maxcnt = 0;
|
|
|
|
|
|
|
|
for (i = 0; i < algs_len; i++)
|
|
|
|
if (maxcnt < doit[i]) maxcnt = doit[i];
|
|
|
|
return maxcnt;
|
|
|
|
}
|
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
int speed_main(int argc, char **argv)
|
|
|
|
{
|
2022-06-21 14:55:55 +08:00
|
|
|
CONF *conf = NULL;
|
2016-09-29 05:39:18 +08:00
|
|
|
ENGINE *e = NULL;
|
2015-12-09 15:26:38 +08:00
|
|
|
loopargs_t *loopargs = NULL;
|
2018-04-30 07:13:58 +08:00
|
|
|
const char *prog;
|
2016-07-23 20:26:07 +08:00
|
|
|
const char *engine_id = NULL;
|
2020-12-21 21:23:17 +08:00
|
|
|
EVP_CIPHER *evp_cipher = NULL;
|
2021-06-10 10:05:28 +08:00
|
|
|
EVP_MAC *mac = NULL;
|
2015-12-09 15:26:38 +08:00
|
|
|
double d = 0.0;
|
|
|
|
OPTION_CHOICE o;
|
2018-04-30 07:13:58 +08:00
|
|
|
int async_init = 0, multiblock = 0, pr_header = 0;
|
2018-06-06 01:56:06 +08:00
|
|
|
uint8_t doit[ALGOR_NUM] = { 0 };
|
2018-05-19 21:43:11 +08:00
|
|
|
int ret = 1, misalign = 0, lengths_single = 0, aead = 0;
|
2022-12-24 16:20:44 +08:00
|
|
|
STACK_OF(EVP_KEM) *kem_stack = NULL;
|
|
|
|
STACK_OF(EVP_SIGNATURE) *sig_stack = NULL;
|
2016-07-23 20:26:07 +08:00
|
|
|
long count = 0;
|
2018-05-10 04:27:27 +08:00
|
|
|
unsigned int size_num = SIZE_NUM;
|
2018-06-06 01:56:06 +08:00
|
|
|
unsigned int i, k, loopargs_len = 0, async_jobs = 0;
|
2022-12-24 16:20:44 +08:00
|
|
|
unsigned int idx;
|
2017-12-05 00:40:23 +08:00
|
|
|
int keylen;
|
2017-12-05 01:32:12 +08:00
|
|
|
int buflen;
|
2023-06-20 19:40:41 +08:00
|
|
|
size_t declen;
|
2021-02-18 17:48:18 +08:00
|
|
|
BIGNUM *bn = NULL;
|
|
|
|
EVP_PKEY_CTX *genctx = NULL;
|
2015-12-09 15:26:38 +08:00
|
|
|
#ifndef NO_FORK
|
|
|
|
int multi = 0;
|
|
|
|
#endif
|
2021-02-18 17:48:18 +08:00
|
|
|
long op_count = 1;
|
2018-04-30 07:13:58 +08:00
|
|
|
openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
|
2018-09-07 14:39:19 +08:00
|
|
|
ECDSA_SECONDS, ECDH_SECONDS,
|
2020-01-19 02:13:02 +08:00
|
|
|
EdDSA_SECONDS, SM2_SECONDS,
|
2022-12-24 16:20:44 +08:00
|
|
|
FFDH_SECONDS, KEM_SECONDS,
|
|
|
|
SIG_SECONDS };
|
2016-07-29 19:22:42 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
static const unsigned char key32[32] = {
|
|
|
|
0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
|
|
|
|
0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
|
|
|
|
0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
|
|
|
|
0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
|
|
|
|
};
|
2021-02-18 17:48:18 +08:00
|
|
|
static const unsigned char deskey[] = {
|
|
|
|
0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, /* key1 */
|
|
|
|
0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, /* key2 */
|
|
|
|
0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 /* key3 */
|
|
|
|
};
|
2019-10-16 05:33:02 +08:00
|
|
|
static const struct {
|
|
|
|
const unsigned char *data;
|
|
|
|
unsigned int length;
|
|
|
|
unsigned int bits;
|
|
|
|
} rsa_keys[] = {
|
|
|
|
{ test512, sizeof(test512), 512 },
|
|
|
|
{ test1024, sizeof(test1024), 1024 },
|
|
|
|
{ test2048, sizeof(test2048), 2048 },
|
|
|
|
{ test3072, sizeof(test3072), 3072 },
|
2021-02-18 17:48:18 +08:00
|
|
|
{ test4096, sizeof(test4096), 4096 },
|
2019-10-16 05:33:02 +08:00
|
|
|
{ test7680, sizeof(test7680), 7680 },
|
|
|
|
{ test15360, sizeof(test15360), 15360 }
|
2015-01-22 11:40:55 +08:00
|
|
|
};
|
2018-06-06 01:56:06 +08:00
|
|
|
uint8_t rsa_doit[RSA_NUM] = { 0 };
|
2017-08-02 02:19:43 +08:00
|
|
|
int primes = RSA_DEFAULT_PRIME_NUM;
|
2020-01-19 02:13:02 +08:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
typedef struct ffdh_params_st {
|
|
|
|
const char *name;
|
|
|
|
unsigned int nid;
|
|
|
|
unsigned int bits;
|
|
|
|
} FFDH_PARAMS;
|
|
|
|
|
|
|
|
static const FFDH_PARAMS ffdh_params[FFDH_NUM] = {
|
|
|
|
{"ffdh2048", NID_ffdhe2048, 2048},
|
|
|
|
{"ffdh3072", NID_ffdhe3072, 3072},
|
|
|
|
{"ffdh4096", NID_ffdhe4096, 4096},
|
|
|
|
{"ffdh6144", NID_ffdhe6144, 6144},
|
|
|
|
{"ffdh8192", NID_ffdhe8192, 8192}
|
|
|
|
};
|
|
|
|
uint8_t ffdh_doit[FFDH_NUM] = { 0 };
|
|
|
|
|
|
|
|
#endif /* OPENSSL_NO_DH */
|
2023-03-25 20:06:46 +08:00
|
|
|
static const unsigned int dsa_bits[DSA_NUM] = { 1024, 2048 };
|
2018-06-06 01:56:06 +08:00
|
|
|
uint8_t dsa_doit[DSA_NUM] = { 0 };
|
2015-01-22 11:40:55 +08:00
|
|
|
/*
|
|
|
|
* We only test over the following curves as they are representative, To
|
|
|
|
* add tests over more curves, simply add the curve NID and curve name to
|
2018-05-10 04:27:27 +08:00
|
|
|
* the following arrays and increase the |ecdh_choices| and |ecdsa_choices|
|
|
|
|
* lists accordingly.
|
2015-01-22 11:40:55 +08:00
|
|
|
*/
|
2019-10-16 05:33:02 +08:00
|
|
|
static const EC_CURVE ec_curves[EC_NUM] = {
|
2015-01-22 11:40:55 +08:00
|
|
|
/* Prime Curves */
|
2016-11-29 06:36:50 +08:00
|
|
|
{"secp160r1", NID_secp160r1, 160},
|
|
|
|
{"nistp192", NID_X9_62_prime192v1, 192},
|
|
|
|
{"nistp224", NID_secp224r1, 224},
|
|
|
|
{"nistp256", NID_X9_62_prime256v1, 256},
|
2018-12-20 19:59:31 +08:00
|
|
|
{"nistp384", NID_secp384r1, 384},
|
2016-11-29 06:36:50 +08:00
|
|
|
{"nistp521", NID_secp521r1, 521},
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_EC2M
|
2015-01-22 11:40:55 +08:00
|
|
|
/* Binary Curves */
|
2016-11-29 06:36:50 +08:00
|
|
|
{"nistk163", NID_sect163k1, 163},
|
2018-12-20 19:59:31 +08:00
|
|
|
{"nistk233", NID_sect233k1, 233},
|
2016-11-29 06:36:50 +08:00
|
|
|
{"nistk283", NID_sect283k1, 283},
|
|
|
|
{"nistk409", NID_sect409k1, 409},
|
|
|
|
{"nistk571", NID_sect571k1, 571},
|
|
|
|
{"nistb163", NID_sect163r2, 163},
|
|
|
|
{"nistb233", NID_sect233r1, 233},
|
|
|
|
{"nistb283", NID_sect283r1, 283},
|
|
|
|
{"nistb409", NID_sect409r1, 409},
|
|
|
|
{"nistb571", NID_sect571r1, 571},
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif
|
2018-05-08 16:34:59 +08:00
|
|
|
{"brainpoolP256r1", NID_brainpoolP256r1, 256},
|
|
|
|
{"brainpoolP256t1", NID_brainpoolP256t1, 256},
|
|
|
|
{"brainpoolP384r1", NID_brainpoolP384r1, 384},
|
|
|
|
{"brainpoolP384t1", NID_brainpoolP384t1, 384},
|
|
|
|
{"brainpoolP512r1", NID_brainpoolP512r1, 512},
|
|
|
|
{"brainpoolP512t1", NID_brainpoolP512t1, 512},
|
2023-04-17 16:20:31 +08:00
|
|
|
#ifndef OPENSSL_NO_ECX
|
2018-04-30 07:13:58 +08:00
|
|
|
/* Other and ECDH only ones */
|
2016-11-29 06:36:50 +08:00
|
|
|
{"X25519", NID_X25519, 253},
|
|
|
|
{"X448", NID_X448, 448}
|
2023-04-17 16:20:31 +08:00
|
|
|
#endif
|
2015-01-22 11:40:55 +08:00
|
|
|
};
|
2023-04-17 16:20:31 +08:00
|
|
|
#ifndef OPENSSL_NO_ECX
|
2019-10-16 05:33:02 +08:00
|
|
|
static const EC_CURVE ed_curves[EdDSA_NUM] = {
|
2018-09-07 14:39:19 +08:00
|
|
|
/* EdDSA */
|
|
|
|
{"Ed25519", NID_ED25519, 253, 64},
|
|
|
|
{"Ed448", NID_ED448, 456, 114}
|
|
|
|
};
|
2023-04-17 16:20:31 +08:00
|
|
|
#endif /* OPENSSL_NO_ECX */
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2019-10-16 05:33:02 +08:00
|
|
|
static const EC_CURVE sm2_curves[SM2_NUM] = {
|
2019-09-29 22:25:10 +08:00
|
|
|
/* SM2 */
|
|
|
|
{"CurveSM2", NID_sm2, 256}
|
|
|
|
};
|
2018-06-06 01:56:06 +08:00
|
|
|
uint8_t sm2_doit[SM2_NUM] = { 0 };
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif
|
2018-06-06 01:56:06 +08:00
|
|
|
uint8_t ecdsa_doit[ECDSA_NUM] = { 0 };
|
|
|
|
uint8_t ecdh_doit[EC_NUM] = { 0 };
|
2023-04-17 16:20:31 +08:00
|
|
|
#ifndef OPENSSL_NO_ECX
|
2018-06-06 01:56:06 +08:00
|
|
|
uint8_t eddsa_doit[EdDSA_NUM] = { 0 };
|
2023-04-17 16:20:31 +08:00
|
|
|
#endif /* OPENSSL_NO_ECX */
|
2018-05-10 04:27:27 +08:00
|
|
|
|
2022-12-24 16:20:44 +08:00
|
|
|
uint8_t kems_doit[MAX_KEM_NUM] = { 0 };
|
|
|
|
uint8_t sigs_doit[MAX_SIG_NUM] = { 0 };
|
|
|
|
|
|
|
|
uint8_t do_kems = 0;
|
|
|
|
uint8_t do_sigs = 0;
|
|
|
|
|
2022-02-04 00:51:26 +08:00
|
|
|
/* checks declared curves against choices list. */
|
2023-04-17 16:20:31 +08:00
|
|
|
#ifndef OPENSSL_NO_ECX
|
2018-05-10 04:27:27 +08:00
|
|
|
OPENSSL_assert(ed_curves[EdDSA_NUM - 1].nid == NID_ED448);
|
|
|
|
OPENSSL_assert(strcmp(eddsa_choices[EdDSA_NUM - 1].name, "ed448") == 0);
|
|
|
|
|
|
|
|
OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448);
|
|
|
|
OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0);
|
|
|
|
|
|
|
|
OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1);
|
|
|
|
OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0);
|
2023-04-17 16:20:31 +08:00
|
|
|
#endif /* OPENSSL_NO_ECX */
|
2018-05-10 04:27:27 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2018-05-10 04:27:27 +08:00
|
|
|
OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);
|
|
|
|
OPENSSL_assert(strcmp(sm2_choices[SM2_NUM - 1].name, "curveSM2") == 0);
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
|
|
|
|
prog = opt_init(argc, argv, speed_options);
|
|
|
|
while ((o = opt_next()) != OPT_EOF) {
|
|
|
|
switch (o) {
|
|
|
|
case OPT_EOF:
|
|
|
|
case OPT_ERR:
|
|
|
|
opterr:
|
|
|
|
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
|
|
|
goto end;
|
|
|
|
case OPT_HELP:
|
|
|
|
opt_help(speed_options);
|
|
|
|
ret = 0;
|
|
|
|
goto end;
|
|
|
|
case OPT_ELAPSED:
|
2015-01-22 11:40:55 +08:00
|
|
|
usertime = 0;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_EVP:
|
2020-12-21 21:23:17 +08:00
|
|
|
if (doit[D_EVP]) {
|
|
|
|
BIO_printf(bio_err, "%s: -evp option cannot be used more than once\n", prog);
|
|
|
|
goto opterr;
|
|
|
|
}
|
2021-04-26 18:08:27 +08:00
|
|
|
ERR_set_mark();
|
|
|
|
if (!opt_cipher_silent(opt_arg(), &evp_cipher)) {
|
2021-02-16 02:45:01 +08:00
|
|
|
if (have_md(opt_arg()))
|
|
|
|
evp_md_name = opt_arg();
|
|
|
|
}
|
|
|
|
if (evp_cipher == NULL && evp_md_name == NULL) {
|
2021-04-26 18:08:27 +08:00
|
|
|
ERR_clear_last_mark();
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
BIO_printf(bio_err,
|
2016-07-23 21:39:49 +08:00
|
|
|
"%s: %s is an unknown cipher or digest\n",
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
prog, opt_arg());
|
2015-01-22 11:40:55 +08:00
|
|
|
goto end;
|
|
|
|
}
|
2021-04-26 18:08:27 +08:00
|
|
|
ERR_pop_to_mark();
|
2015-01-22 11:40:55 +08:00
|
|
|
doit[D_EVP] = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
2018-08-14 12:04:47 +08:00
|
|
|
case OPT_HMAC:
|
2021-02-16 02:45:01 +08:00
|
|
|
if (!have_md(opt_arg())) {
|
2018-08-14 12:04:47 +08:00
|
|
|
BIO_printf(bio_err, "%s: %s is an unknown digest\n",
|
|
|
|
prog, opt_arg());
|
|
|
|
goto end;
|
|
|
|
}
|
2021-02-16 02:45:01 +08:00
|
|
|
evp_mac_mdname = opt_arg();
|
|
|
|
doit[D_HMAC] = 1;
|
2018-08-14 12:04:47 +08:00
|
|
|
break;
|
2019-04-11 04:44:41 +08:00
|
|
|
case OPT_CMAC:
|
2021-02-18 17:48:18 +08:00
|
|
|
if (!have_cipher(opt_arg())) {
|
2019-04-11 04:44:41 +08:00
|
|
|
BIO_printf(bio_err, "%s: %s is an unknown cipher\n",
|
|
|
|
prog, opt_arg());
|
|
|
|
goto end;
|
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
evp_mac_ciphername = opt_arg();
|
2019-04-11 04:44:41 +08:00
|
|
|
doit[D_EVP_CMAC] = 1;
|
|
|
|
break;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
case OPT_DECRYPT:
|
2015-01-22 11:40:55 +08:00
|
|
|
decrypt = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_ENGINE:
|
2015-12-09 15:26:38 +08:00
|
|
|
/*
|
|
|
|
* In a forked execution, an engine might need to be
|
|
|
|
* initialised by each child process, not by the parent.
|
|
|
|
* So store the name here and run setup_engine() later on.
|
|
|
|
*/
|
|
|
|
engine_id = opt_arg();
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_MULTI:
|
2015-05-16 01:50:38 +08:00
|
|
|
#ifndef NO_FORK
|
2022-02-01 13:34:35 +08:00
|
|
|
multi = opt_int_arg();
|
2021-10-25 09:16:01 +08:00
|
|
|
if ((size_t)multi >= SIZE_MAX / sizeof(int)) {
|
|
|
|
BIO_printf(bio_err, "%s: multi argument too large\n", prog);
|
|
|
|
return 0;
|
|
|
|
}
|
2015-12-09 15:26:38 +08:00
|
|
|
#endif
|
|
|
|
break;
|
|
|
|
case OPT_ASYNCJOBS:
|
2016-03-08 00:55:39 +08:00
|
|
|
#ifndef OPENSSL_NO_ASYNC
|
2022-02-01 13:34:35 +08:00
|
|
|
async_jobs = opt_int_arg();
|
2016-03-08 00:55:39 +08:00
|
|
|
if (!ASYNC_is_capable()) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"%s: async_jobs specified but async not supported\n",
|
|
|
|
prog);
|
|
|
|
goto opterr;
|
|
|
|
}
|
2017-02-21 13:58:04 +08:00
|
|
|
if (async_jobs > 99999) {
|
2018-04-30 07:13:58 +08:00
|
|
|
BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
|
2017-02-21 13:58:04 +08:00
|
|
|
goto opterr;
|
|
|
|
}
|
2015-01-27 23:06:22 +08:00
|
|
|
#endif
|
2015-05-16 01:50:38 +08:00
|
|
|
break;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
case OPT_MISALIGN:
|
2021-04-21 19:08:21 +08:00
|
|
|
misalign = opt_int_arg();
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
if (misalign > MISALIGN) {
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(bio_err,
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
"%s: Maximum offset is %d\n", prog, MISALIGN);
|
|
|
|
goto opterr;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
|
|
|
case OPT_MR:
|
|
|
|
mr = 1;
|
|
|
|
break;
|
|
|
|
case OPT_MB:
|
|
|
|
multiblock = 1;
|
2016-08-04 06:23:39 +08:00
|
|
|
#ifdef OPENSSL_NO_MULTIBLOCK
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"%s: -mb specified but multi-block support is disabled\n",
|
|
|
|
prog);
|
|
|
|
goto end;
|
|
|
|
#endif
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
break;
|
2017-07-05 22:58:48 +08:00
|
|
|
case OPT_R_CASES:
|
|
|
|
if (!opt_rand(o))
|
|
|
|
goto end;
|
|
|
|
break;
|
2020-02-25 12:29:30 +08:00
|
|
|
case OPT_PROV_CASES:
|
|
|
|
if (!opt_provider(o))
|
|
|
|
goto end;
|
|
|
|
break;
|
2022-06-21 14:55:55 +08:00
|
|
|
case OPT_CONFIG:
|
|
|
|
conf = app_load_config_modules(opt_arg());
|
|
|
|
if (conf == NULL)
|
|
|
|
goto end;
|
|
|
|
break;
|
2017-08-02 02:19:43 +08:00
|
|
|
case OPT_PRIMES:
|
2021-04-21 19:08:21 +08:00
|
|
|
primes = opt_int_arg();
|
2017-08-02 02:19:43 +08:00
|
|
|
break;
|
2017-12-02 17:05:35 +08:00
|
|
|
case OPT_SECONDS:
|
|
|
|
seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
|
2019-09-29 22:25:10 +08:00
|
|
|
= seconds.ecdh = seconds.eddsa
|
2022-12-24 16:20:44 +08:00
|
|
|
= seconds.sm2 = seconds.ffdh
|
|
|
|
= seconds.kem = seconds.sig = opt_int_arg();
|
2017-12-02 17:05:35 +08:00
|
|
|
break;
|
|
|
|
case OPT_BYTES:
|
2022-02-01 13:34:35 +08:00
|
|
|
lengths_single = opt_int_arg();
|
2017-12-02 17:05:35 +08:00
|
|
|
lengths = &lengths_single;
|
|
|
|
size_num = 1;
|
|
|
|
break;
|
2018-05-19 21:43:11 +08:00
|
|
|
case OPT_AEAD:
|
|
|
|
aead = 1;
|
|
|
|
break;
|
2022-12-24 16:20:44 +08:00
|
|
|
case OPT_KEM:
|
|
|
|
do_kems = 1;
|
|
|
|
break;
|
|
|
|
case OPT_SIG:
|
|
|
|
do_sigs = 1;
|
|
|
|
break;
|
2022-08-29 23:05:41 +08:00
|
|
|
case OPT_MLOCK:
|
|
|
|
domlock = 1;
|
|
|
|
#if !defined(_WIN32) && !defined(OPENSSL_SYS_LINUX)
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"%s: -mlock not supported on this platform\n",
|
|
|
|
prog);
|
|
|
|
goto end;
|
|
|
|
#endif
|
|
|
|
break;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
}
|
|
|
|
}
|
2020-11-29 05:12:58 +08:00
|
|
|
|
2022-12-24 16:20:44 +08:00
|
|
|
/* find all KEMs currently available */
|
|
|
|
kem_stack = sk_EVP_KEM_new(kems_cmp);
|
|
|
|
EVP_KEM_do_all_provided(app_get0_libctx(), collect_kem, kem_stack);
|
|
|
|
|
|
|
|
kems_algs_len = 0;
|
|
|
|
|
|
|
|
for (idx = 0; idx < (unsigned int)sk_EVP_KEM_num(kem_stack); idx++) {
|
|
|
|
EVP_KEM *kem = sk_EVP_KEM_value(kem_stack, idx);
|
|
|
|
|
|
|
|
if (strcmp(EVP_KEM_get0_name(kem), "RSA") == 0) {
|
|
|
|
if (kems_algs_len + OSSL_NELEM(rsa_choices) >= MAX_KEM_NUM) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Too many KEMs registered. Change MAX_KEM_NUM.\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
for (i = 0; i < OSSL_NELEM(rsa_choices); i++) {
|
|
|
|
kems_doit[kems_algs_len] = 1;
|
|
|
|
kems_algname[kems_algs_len++] = OPENSSL_strdup(rsa_choices[i].name);
|
|
|
|
}
|
|
|
|
} else if (strcmp(EVP_KEM_get0_name(kem), "EC") == 0) {
|
|
|
|
if (kems_algs_len + 3 >= MAX_KEM_NUM) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Too many KEMs registered. Change MAX_KEM_NUM.\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
kems_doit[kems_algs_len] = 1;
|
|
|
|
kems_algname[kems_algs_len++] = OPENSSL_strdup("ECP-256");
|
|
|
|
kems_doit[kems_algs_len] = 1;
|
|
|
|
kems_algname[kems_algs_len++] = OPENSSL_strdup("ECP-384");
|
|
|
|
kems_doit[kems_algs_len] = 1;
|
|
|
|
kems_algname[kems_algs_len++] = OPENSSL_strdup("ECP-521");
|
|
|
|
} else {
|
|
|
|
if (kems_algs_len + 1 >= MAX_KEM_NUM) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Too many KEMs registered. Change MAX_KEM_NUM.\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
kems_doit[kems_algs_len] = 1;
|
|
|
|
kems_algname[kems_algs_len++] = OPENSSL_strdup(EVP_KEM_get0_name(kem));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
sk_EVP_KEM_pop_free(kem_stack, EVP_KEM_free);
|
|
|
|
kem_stack = NULL;
|
|
|
|
|
|
|
|
/* find all SIGNATUREs currently available */
|
|
|
|
sig_stack = sk_EVP_SIGNATURE_new(signatures_cmp);
|
|
|
|
EVP_SIGNATURE_do_all_provided(app_get0_libctx(), collect_signatures, sig_stack);
|
|
|
|
|
|
|
|
sigs_algs_len = 0;
|
|
|
|
|
|
|
|
for (idx = 0; idx < (unsigned int)sk_EVP_SIGNATURE_num(sig_stack); idx++) {
|
|
|
|
EVP_SIGNATURE *s = sk_EVP_SIGNATURE_value(sig_stack, idx);
|
|
|
|
const char *sig_name = EVP_SIGNATURE_get0_name(s);
|
|
|
|
|
|
|
|
if (strcmp(sig_name, "RSA") == 0) {
|
|
|
|
if (sigs_algs_len + OSSL_NELEM(rsa_choices) >= MAX_SIG_NUM) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Too many signatures registered. Change MAX_SIG_NUM.\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
for (i = 0; i < OSSL_NELEM(rsa_choices); i++) {
|
|
|
|
sigs_doit[sigs_algs_len] = 1;
|
|
|
|
sigs_algname[sigs_algs_len++] = OPENSSL_strdup(rsa_choices[i].name);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (strcmp(sig_name, "DSA") == 0) {
|
|
|
|
if (sigs_algs_len + DSA_NUM >= MAX_SIG_NUM) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Too many signatures registered. Change MAX_SIG_NUM.\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
for (i = 0; i < DSA_NUM; i++) {
|
|
|
|
sigs_doit[sigs_algs_len] = 1;
|
|
|
|
sigs_algname[sigs_algs_len++] = OPENSSL_strdup(dsa_choices[i].name);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/* skipping these algs as tested elsewhere - and b/o setup is a pain */
|
|
|
|
else if (strcmp(sig_name, "ED25519") &&
|
|
|
|
strcmp(sig_name, "ED448") &&
|
|
|
|
strcmp(sig_name, "ECDSA") &&
|
|
|
|
strcmp(sig_name, "HMAC") &&
|
|
|
|
strcmp(sig_name, "SIPHASH") &&
|
|
|
|
strcmp(sig_name, "POLY1305") &&
|
|
|
|
strcmp(sig_name, "CMAC") &&
|
|
|
|
strcmp(sig_name, "SM2")) { /* skip alg */
|
|
|
|
if (sigs_algs_len + 1 >= MAX_SIG_NUM) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Too many signatures registered. Change MAX_SIG_NUM.\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
/* activate this provider algorithm */
|
|
|
|
sigs_doit[sigs_algs_len] = 1;
|
|
|
|
sigs_algname[sigs_algs_len++] = OPENSSL_strdup(sig_name);
|
|
|
|
}
|
|
|
|
}
|
2023-07-19 20:59:16 +08:00
|
|
|
sk_EVP_SIGNATURE_pop_free(sig_stack, EVP_SIGNATURE_free);
|
|
|
|
sig_stack = NULL;
|
2022-12-24 16:20:44 +08:00
|
|
|
|
2020-11-29 05:12:58 +08:00
|
|
|
/* Remaining arguments are algorithms. */
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
argc = opt_num_rest();
|
|
|
|
argv = opt_rest();
|
|
|
|
|
2021-04-03 18:53:51 +08:00
|
|
|
if (!app_RAND_load())
|
|
|
|
goto end;
|
|
|
|
|
2016-10-04 14:20:49 +08:00
|
|
|
for (; *argv; argv++) {
|
2018-06-06 01:56:06 +08:00
|
|
|
const char *algo = *argv;
|
2022-12-24 16:20:44 +08:00
|
|
|
int algo_found = 0;
|
2018-06-06 01:56:06 +08:00
|
|
|
|
2018-05-10 04:27:27 +08:00
|
|
|
if (opt_found(algo, doit_choices, &i)) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
doit[i] = 1;
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
}
|
2018-06-06 01:56:06 +08:00
|
|
|
if (strcmp(algo, "des") == 0) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
doit[D_CBC_DES] = doit[D_EDE3_DES] = 1;
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
}
|
2018-06-06 01:56:06 +08:00
|
|
|
if (strcmp(algo, "sha") == 0) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
}
|
2020-12-18 04:37:15 +08:00
|
|
|
#ifndef OPENSSL_NO_DEPRECATED_3_0
|
2018-06-06 01:56:06 +08:00
|
|
|
if (strcmp(algo, "openssl") == 0) /* just for compatibility */
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif
|
2021-06-21 14:55:50 +08:00
|
|
|
if (HAS_PREFIX(algo, "rsa")) {
|
|
|
|
if (algo[sizeof("rsa") - 1] == '\0') {
|
2018-06-06 01:56:06 +08:00
|
|
|
memset(rsa_doit, 1, sizeof(rsa_doit));
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2018-06-06 01:56:06 +08:00
|
|
|
}
|
2018-05-10 04:27:27 +08:00
|
|
|
if (opt_found(algo, rsa_choices, &i)) {
|
2018-06-06 01:56:06 +08:00
|
|
|
rsa_doit[i] = 1;
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2018-06-06 01:56:06 +08:00
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
}
|
2020-01-19 02:13:02 +08:00
|
|
|
#ifndef OPENSSL_NO_DH
|
2021-06-21 14:55:50 +08:00
|
|
|
if (HAS_PREFIX(algo, "ffdh")) {
|
|
|
|
if (algo[sizeof("ffdh") - 1] == '\0') {
|
2020-01-19 02:13:02 +08:00
|
|
|
memset(ffdh_doit, 1, sizeof(ffdh_doit));
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
}
|
|
|
|
if (opt_found(algo, ffdh_choices, &i)) {
|
|
|
|
ffdh_doit[i] = 2;
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
2021-06-21 14:55:50 +08:00
|
|
|
if (HAS_PREFIX(algo, "dsa")) {
|
|
|
|
if (algo[sizeof("dsa") - 1] == '\0') {
|
2018-06-06 01:56:06 +08:00
|
|
|
memset(dsa_doit, 1, sizeof(dsa_doit));
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2018-06-06 01:56:06 +08:00
|
|
|
}
|
2018-05-10 04:27:27 +08:00
|
|
|
if (opt_found(algo, dsa_choices, &i)) {
|
2018-06-06 01:56:06 +08:00
|
|
|
dsa_doit[i] = 2;
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2018-06-06 01:56:06 +08:00
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
}
|
2018-06-06 01:56:06 +08:00
|
|
|
if (strcmp(algo, "aes") == 0) {
|
2016-10-04 14:20:49 +08:00
|
|
|
doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1;
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
}
|
2018-06-06 01:56:06 +08:00
|
|
|
if (strcmp(algo, "camellia") == 0) {
|
2016-10-04 14:20:49 +08:00
|
|
|
doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
}
|
2021-06-21 14:55:50 +08:00
|
|
|
if (HAS_PREFIX(algo, "ecdsa")) {
|
|
|
|
if (algo[sizeof("ecdsa") - 1] == '\0') {
|
2018-06-06 01:56:06 +08:00
|
|
|
memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2018-06-06 01:56:06 +08:00
|
|
|
}
|
2018-05-10 04:27:27 +08:00
|
|
|
if (opt_found(algo, ecdsa_choices, &i)) {
|
2018-06-06 01:56:06 +08:00
|
|
|
ecdsa_doit[i] = 2;
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2018-06-06 01:56:06 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2021-06-21 14:55:50 +08:00
|
|
|
if (HAS_PREFIX(algo, "ecdh")) {
|
|
|
|
if (algo[sizeof("ecdh") - 1] == '\0') {
|
2018-06-06 01:56:06 +08:00
|
|
|
memset(ecdh_doit, 1, sizeof(ecdh_doit));
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2018-06-06 01:56:06 +08:00
|
|
|
}
|
2018-05-10 04:27:27 +08:00
|
|
|
if (opt_found(algo, ecdh_choices, &i)) {
|
2018-06-06 01:56:06 +08:00
|
|
|
ecdh_doit[i] = 2;
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2018-06-06 01:56:06 +08:00
|
|
|
}
|
2018-09-07 14:39:19 +08:00
|
|
|
}
|
2023-04-17 16:20:31 +08:00
|
|
|
#ifndef OPENSSL_NO_ECX
|
2018-05-10 04:27:27 +08:00
|
|
|
if (strcmp(algo, "eddsa") == 0) {
|
|
|
|
memset(eddsa_doit, 1, sizeof(eddsa_doit));
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2018-05-10 04:27:27 +08:00
|
|
|
}
|
|
|
|
if (opt_found(algo, eddsa_choices, &i)) {
|
|
|
|
eddsa_doit[i] = 2;
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2018-09-07 14:39:19 +08:00
|
|
|
}
|
2023-04-17 16:20:31 +08:00
|
|
|
#endif /* OPENSSL_NO_ECX */
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2018-06-06 01:56:06 +08:00
|
|
|
if (strcmp(algo, "sm2") == 0) {
|
|
|
|
memset(sm2_doit, 1, sizeof(sm2_doit));
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2019-09-29 22:25:10 +08:00
|
|
|
}
|
2018-05-10 04:27:27 +08:00
|
|
|
if (opt_found(algo, sm2_choices, &i)) {
|
2019-09-29 22:25:10 +08:00
|
|
|
sm2_doit[i] = 2;
|
2022-12-24 16:20:44 +08:00
|
|
|
algo_found = 1;
|
2019-09-29 22:25:10 +08:00
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif
|
2022-12-24 16:20:44 +08:00
|
|
|
if (kem_locate(algo, &idx)) {
|
|
|
|
kems_doit[idx]++;
|
|
|
|
do_kems = 1;
|
|
|
|
algo_found = 1;
|
|
|
|
}
|
|
|
|
if (sig_locate(algo, &idx)) {
|
|
|
|
sigs_doit[idx]++;
|
|
|
|
do_sigs = 1;
|
|
|
|
algo_found = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!algo_found) {
|
|
|
|
BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, algo);
|
|
|
|
goto end;
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2018-05-19 21:43:11 +08:00
|
|
|
/* Sanity checks */
|
|
|
|
if (aead) {
|
|
|
|
if (evp_cipher == NULL) {
|
|
|
|
BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
|
|
|
|
goto end;
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
} else if (!(EVP_CIPHER_get_flags(evp_cipher) &
|
2018-05-19 21:43:11 +08:00
|
|
|
EVP_CIPH_FLAG_AEAD_CIPHER)) {
|
|
|
|
BIO_printf(bio_err, "%s is not an AEAD cipher\n",
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
EVP_CIPHER_get0_name(evp_cipher));
|
2018-05-19 21:43:11 +08:00
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
}
|
2022-12-24 16:20:44 +08:00
|
|
|
if (kems_algs_len > 0) {
|
|
|
|
int maxcnt = get_max(kems_doit, kems_algs_len);
|
|
|
|
|
|
|
|
if (maxcnt > 1) {
|
|
|
|
/* some algs explicitly selected */
|
|
|
|
for (i = 0; i < kems_algs_len; i++) {
|
|
|
|
/* disable the rest */
|
|
|
|
kems_doit[i]--;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (sigs_algs_len > 0) {
|
|
|
|
int maxcnt = get_max(sigs_doit, sigs_algs_len);
|
|
|
|
|
|
|
|
if (maxcnt > 1) {
|
|
|
|
/* some algs explicitly selected */
|
|
|
|
for (i = 0; i < sigs_algs_len; i++) {
|
|
|
|
/* disable the rest */
|
|
|
|
sigs_doit[i]--;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2018-05-19 21:43:11 +08:00
|
|
|
if (multiblock) {
|
|
|
|
if (evp_cipher == NULL) {
|
2021-02-22 20:20:28 +08:00
|
|
|
BIO_printf(bio_err, "-mb can be used only with a multi-block"
|
|
|
|
" capable cipher\n");
|
2018-05-19 21:43:11 +08:00
|
|
|
goto end;
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
} else if (!(EVP_CIPHER_get_flags(evp_cipher) &
|
2018-05-19 21:43:11 +08:00
|
|
|
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
|
|
|
|
BIO_printf(bio_err, "%s is not a multi-block capable\n",
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
EVP_CIPHER_get0_name(evp_cipher));
|
2018-05-19 21:43:11 +08:00
|
|
|
goto end;
|
|
|
|
} else if (async_jobs > 0) {
|
|
|
|
BIO_printf(bio_err, "Async mode is not supported with -mb");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
/* Initialize the job pool if async mode is enabled */
|
|
|
|
if (async_jobs > 0) {
|
2016-05-17 23:40:14 +08:00
|
|
|
async_init = ASYNC_init_thread(async_jobs, async_jobs);
|
|
|
|
if (!async_init) {
|
2015-12-09 15:26:38 +08:00
|
|
|
BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
|
2016-10-04 14:20:49 +08:00
|
|
|
loopargs =
|
|
|
|
app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
|
2015-12-09 15:26:38 +08:00
|
|
|
memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
|
|
|
|
|
2022-08-29 23:05:41 +08:00
|
|
|
buflen = lengths[size_num - 1];
|
|
|
|
if (buflen < 36) /* size of random vector in RSA benchmark */
|
|
|
|
buflen = 36;
|
|
|
|
if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) {
|
|
|
|
BIO_printf(bio_err, "Error: buffer size too large\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
buflen += MAX_MISALIGNMENT + 1;
|
2016-02-18 18:56:53 +08:00
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2016-02-29 19:28:55 +08:00
|
|
|
if (async_jobs > 0) {
|
|
|
|
loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new();
|
|
|
|
if (loopargs[i].wait_ctx == NULL) {
|
|
|
|
BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n");
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-12-05 01:32:12 +08:00
|
|
|
loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
|
|
|
|
loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
|
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
/* Align the start of buffers on a 64 byte boundary */
|
|
|
|
loopargs[i].buf = loopargs[i].buf_malloc + misalign;
|
|
|
|
loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
|
2021-11-03 11:28:23 +08:00
|
|
|
loopargs[i].buflen = buflen - misalign;
|
|
|
|
loopargs[i].sigsize = buflen - misalign;
|
2016-02-18 18:56:53 +08:00
|
|
|
loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
|
|
|
|
loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
|
2020-01-19 02:13:02 +08:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
loopargs[i].secret_ff_a = app_malloc(MAX_FFDH_SIZE, "FFDH secret a");
|
|
|
|
loopargs[i].secret_ff_b = app_malloc(MAX_FFDH_SIZE, "FFDH secret b");
|
2016-02-18 18:56:53 +08:00
|
|
|
#endif
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
|
|
|
|
2015-01-27 23:06:22 +08:00
|
|
|
#ifndef NO_FORK
|
2017-12-02 17:05:35 +08:00
|
|
|
if (multi && do_multi(multi, size_num))
|
2015-01-22 11:40:55 +08:00
|
|
|
goto show_res;
|
2015-01-27 23:06:22 +08:00
|
|
|
#endif
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2022-08-29 23:05:41 +08:00
|
|
|
for (i = 0; i < loopargs_len; ++i) {
|
|
|
|
if (domlock) {
|
|
|
|
#if defined(_WIN32)
|
|
|
|
(void)VirtualLock(loopargs[i].buf_malloc, buflen);
|
|
|
|
(void)VirtualLock(loopargs[i].buf2_malloc, buflen);
|
|
|
|
#elif defined(OPENSSL_SYS_LINUX)
|
|
|
|
(void)mlock(loopargs[i].buf_malloc, buflen);
|
|
|
|
(void)mlock(loopargs[i].buf_malloc, buflen);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
memset(loopargs[i].buf_malloc, 0, buflen);
|
|
|
|
memset(loopargs[i].buf2_malloc, 0, buflen);
|
|
|
|
}
|
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
/* Initialize the engine after the fork */
|
2016-09-29 05:39:18 +08:00
|
|
|
e = setup_engine(engine_id, 0);
|
2015-12-09 15:26:38 +08:00
|
|
|
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
/* No parameters; turn on everything. */
|
2022-12-24 16:20:44 +08:00
|
|
|
if (argc == 0 && !doit[D_EVP] && !doit[D_HMAC]
|
|
|
|
&& !doit[D_EVP_CMAC] && !do_kems && !do_sigs) {
|
2018-06-06 01:56:06 +08:00
|
|
|
memset(doit, 1, sizeof(doit));
|
2021-02-16 02:45:01 +08:00
|
|
|
doit[D_EVP] = doit[D_EVP_CMAC] = 0;
|
2021-02-18 17:48:18 +08:00
|
|
|
ERR_set_mark();
|
2021-02-16 02:45:01 +08:00
|
|
|
for (i = D_MD2; i <= D_WHIRLPOOL; i++) {
|
|
|
|
if (!have_md(names[i]))
|
|
|
|
doit[i] = 0;
|
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
for (i = D_CBC_DES; i <= D_CBC_256_CML; i++) {
|
|
|
|
if (!have_cipher(names[i]))
|
|
|
|
doit[i] = 0;
|
|
|
|
}
|
2021-06-10 09:27:31 +08:00
|
|
|
if ((mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC",
|
2021-06-10 10:05:28 +08:00
|
|
|
app_get0_propq())) != NULL) {
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_MAC_free(mac);
|
2021-06-10 10:05:28 +08:00
|
|
|
mac = NULL;
|
|
|
|
} else {
|
2021-02-18 17:48:18 +08:00
|
|
|
doit[D_GHASH] = 0;
|
2021-06-10 10:05:28 +08:00
|
|
|
}
|
2021-06-10 09:27:31 +08:00
|
|
|
if ((mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC",
|
2021-06-10 10:05:28 +08:00
|
|
|
app_get0_propq())) != NULL) {
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_MAC_free(mac);
|
2021-06-10 10:05:28 +08:00
|
|
|
mac = NULL;
|
|
|
|
} else {
|
2021-02-18 17:48:18 +08:00
|
|
|
doit[D_HMAC] = 0;
|
2021-06-10 10:05:28 +08:00
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
ERR_pop_to_mark();
|
2018-06-06 01:56:06 +08:00
|
|
|
memset(rsa_doit, 1, sizeof(rsa_doit));
|
2020-01-19 02:13:02 +08:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
memset(ffdh_doit, 1, sizeof(ffdh_doit));
|
|
|
|
#endif
|
2018-06-06 01:56:06 +08:00
|
|
|
memset(dsa_doit, 1, sizeof(dsa_doit));
|
2023-04-17 16:20:31 +08:00
|
|
|
#ifndef OPENSSL_NO_ECX
|
2018-06-06 01:56:06 +08:00
|
|
|
memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
|
|
|
|
memset(ecdh_doit, 1, sizeof(ecdh_doit));
|
|
|
|
memset(eddsa_doit, 1, sizeof(eddsa_doit));
|
2023-04-17 16:20:31 +08:00
|
|
|
#endif /* OPENSSL_NO_ECX */
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2018-06-06 01:56:06 +08:00
|
|
|
memset(sm2_doit, 1, sizeof(sm2_doit));
|
2015-01-27 23:06:22 +08:00
|
|
|
#endif
|
2022-12-24 16:20:44 +08:00
|
|
|
memset(kems_doit, 1, sizeof(kems_doit));
|
|
|
|
do_kems = 1;
|
|
|
|
memset(sigs_doit, 1, sizeof(sigs_doit));
|
|
|
|
do_sigs = 1;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
for (i = 0; i < ALGOR_NUM; i++)
|
|
|
|
if (doit[i])
|
|
|
|
pr_header++;
|
|
|
|
|
|
|
|
if (usertime == 0 && !mr)
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"You have chosen to measure elapsed time "
|
|
|
|
"instead of user CPU time.\n");
|
|
|
|
|
2021-02-16 00:24:44 +08:00
|
|
|
#if SIGALRM > 0
|
2018-05-19 21:53:29 +08:00
|
|
|
signal(SIGALRM, alarmed);
|
2021-02-16 00:24:44 +08:00
|
|
|
#endif
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
if (doit[D_MD2]) {
|
2017-12-02 17:05:35 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_MD2], lengths[testnum], seconds.sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2015-12-09 15:26:38 +08:00
|
|
|
count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 15:26:38 +08:00
|
|
|
print_result(D_MD2, testnum, count, d);
|
2021-02-16 02:45:01 +08:00
|
|
|
if (count < 0)
|
|
|
|
break;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
2021-02-16 02:45:01 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (doit[D_MDC2]) {
|
2017-12-02 17:05:35 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_MDC2], lengths[testnum], seconds.sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2015-12-09 15:26:38 +08:00
|
|
|
count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 15:26:38 +08:00
|
|
|
print_result(D_MDC2, testnum, count, d);
|
2019-10-19 22:38:21 +08:00
|
|
|
if (count < 0)
|
|
|
|
break;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (doit[D_MD4]) {
|
2017-12-02 17:05:35 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_MD4], lengths[testnum], seconds.sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2015-12-09 15:26:38 +08:00
|
|
|
count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 15:26:38 +08:00
|
|
|
print_result(D_MD4, testnum, count, d);
|
2019-10-19 22:38:21 +08:00
|
|
|
if (count < 0)
|
|
|
|
break;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
2000-08-14 22:05:53 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (doit[D_MD5]) {
|
2017-12-02 17:05:35 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_MD5], lengths[testnum], seconds.sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2015-12-09 15:26:38 +08:00
|
|
|
count = run_benchmark(async_jobs, MD5_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 15:26:38 +08:00
|
|
|
print_result(D_MD5, testnum, count, d);
|
2021-02-16 02:45:01 +08:00
|
|
|
if (count < 0)
|
|
|
|
break;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (doit[D_SHA1]) {
|
2017-12-02 17:05:35 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_SHA1], lengths[testnum], seconds.sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2015-12-09 15:26:38 +08:00
|
|
|
count = run_benchmark(async_jobs, SHA1_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 15:26:38 +08:00
|
|
|
print_result(D_SHA1, testnum, count, d);
|
2021-02-16 02:45:01 +08:00
|
|
|
if (count < 0)
|
|
|
|
break;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
2021-02-16 02:45:01 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (doit[D_SHA256]) {
|
2017-12-02 17:05:35 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_SHA256], lengths[testnum], seconds.sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2015-12-09 15:26:38 +08:00
|
|
|
count = run_benchmark(async_jobs, SHA256_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 15:26:38 +08:00
|
|
|
print_result(D_SHA256, testnum, count, d);
|
2021-02-16 02:45:01 +08:00
|
|
|
if (count < 0)
|
|
|
|
break;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
2021-02-16 02:45:01 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (doit[D_SHA512]) {
|
2017-12-02 17:05:35 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_SHA512], lengths[testnum], seconds.sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2015-12-09 15:26:38 +08:00
|
|
|
count = run_benchmark(async_jobs, SHA512_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 15:26:38 +08:00
|
|
|
print_result(D_SHA512, testnum, count, d);
|
2021-02-16 02:45:01 +08:00
|
|
|
if (count < 0)
|
|
|
|
break;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
2021-02-16 02:45:01 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (doit[D_WHIRLPOOL]) {
|
2017-12-02 17:05:35 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_WHIRLPOOL], lengths[testnum], seconds.sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2015-12-09 15:26:38 +08:00
|
|
|
count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 15:26:38 +08:00
|
|
|
print_result(D_WHIRLPOOL, testnum, count, d);
|
2021-02-16 02:45:01 +08:00
|
|
|
if (count < 0)
|
|
|
|
break;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
2004-07-26 02:57:35 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (doit[D_RMD160]) {
|
2017-12-02 17:05:35 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_RMD160], lengths[testnum], seconds.sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2015-12-09 15:26:38 +08:00
|
|
|
count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 15:26:38 +08:00
|
|
|
print_result(D_RMD160, testnum, count, d);
|
2019-10-19 22:38:21 +08:00
|
|
|
if (count < 0)
|
|
|
|
break;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
2021-02-16 02:45:01 +08:00
|
|
|
|
|
|
|
if (doit[D_HMAC]) {
|
|
|
|
static const char hmac_key[] = "This is a key...";
|
|
|
|
int len = strlen(hmac_key);
|
|
|
|
OSSL_PARAM params[3];
|
|
|
|
|
2021-06-10 10:05:28 +08:00
|
|
|
mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC", app_get0_propq());
|
2021-02-16 02:45:01 +08:00
|
|
|
if (mac == NULL || evp_mac_mdname == NULL)
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
evp_hmac_name = app_malloc(sizeof("hmac()") + strlen(evp_mac_mdname),
|
|
|
|
"HMAC name");
|
|
|
|
sprintf(evp_hmac_name, "hmac(%s)", evp_mac_mdname);
|
|
|
|
names[D_HMAC] = evp_hmac_name;
|
|
|
|
|
|
|
|
params[0] =
|
2021-02-22 20:20:28 +08:00
|
|
|
OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
|
|
|
|
evp_mac_mdname, 0);
|
2021-02-16 02:45:01 +08:00
|
|
|
params[1] =
|
2021-02-22 20:20:28 +08:00
|
|
|
OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
|
|
|
|
(char *)hmac_key, len);
|
2021-02-16 02:45:01 +08:00
|
|
|
params[2] = OSSL_PARAM_construct_end();
|
|
|
|
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
loopargs[i].mctx = EVP_MAC_CTX_new(mac);
|
|
|
|
if (loopargs[i].mctx == NULL)
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
|
2021-12-21 23:52:25 +08:00
|
|
|
goto skip_hmac; /* Digest not found */
|
2021-02-16 02:45:01 +08:00
|
|
|
}
|
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_HMAC], lengths[testnum], seconds.sym);
|
2021-02-16 02:45:01 +08:00
|
|
|
Time_F(START);
|
|
|
|
count = run_benchmark(async_jobs, HMAC_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
print_result(D_HMAC, testnum, count, d);
|
|
|
|
if (count < 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
for (i = 0; i < loopargs_len; i++)
|
|
|
|
EVP_MAC_CTX_free(loopargs[i].mctx);
|
|
|
|
EVP_MAC_free(mac);
|
2021-06-10 10:05:28 +08:00
|
|
|
mac = NULL;
|
2021-02-16 02:45:01 +08:00
|
|
|
}
|
2021-12-21 23:52:25 +08:00
|
|
|
skip_hmac:
|
2015-01-22 11:40:55 +08:00
|
|
|
if (doit[D_CBC_DES]) {
|
2021-02-18 17:48:18 +08:00
|
|
|
int st = 1;
|
|
|
|
|
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
loopargs[i].ctx = init_evp_cipher_ctx("des-cbc", deskey,
|
2021-02-22 20:20:28 +08:00
|
|
|
sizeof(deskey) / 3);
|
2021-02-18 17:48:18 +08:00
|
|
|
st = loopargs[i].ctx != NULL;
|
|
|
|
}
|
|
|
|
algindex = D_CBC_DES;
|
|
|
|
for (testnum = 0; st && testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_CBC_DES], lengths[testnum], seconds.sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2021-02-18 17:48:18 +08:00
|
|
|
count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 15:26:38 +08:00
|
|
|
print_result(D_CBC_DES, testnum, count, d);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2021-02-22 20:20:28 +08:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_CIPHER_CTX_free(loopargs[i].ctx);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-12-02 05:42:55 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (doit[D_EDE3_DES]) {
|
2021-02-18 17:48:18 +08:00
|
|
|
int st = 1;
|
2016-04-13 18:28:45 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
loopargs[i].ctx = init_evp_cipher_ctx("des-ede3-cbc", deskey,
|
|
|
|
sizeof(deskey));
|
|
|
|
st = loopargs[i].ctx != NULL;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
algindex = D_EDE3_DES;
|
|
|
|
for (testnum = 0; st && testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_EDE3_DES], lengths[testnum], seconds.sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2016-10-04 14:20:49 +08:00
|
|
|
count =
|
2021-02-18 17:48:18 +08:00
|
|
|
run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2021-02-18 17:48:18 +08:00
|
|
|
print_result(D_EDE3_DES, testnum, count, d);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2021-02-22 20:20:28 +08:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_CIPHER_CTX_free(loopargs[i].ctx);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2007-05-13 20:57:59 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
for (k = 0; k < 3; k++) {
|
|
|
|
algindex = D_CBC_128_AES + k;
|
|
|
|
if (doit[algindex]) {
|
|
|
|
int st = 1;
|
2019-12-06 01:09:49 +08:00
|
|
|
|
2021-04-06 20:26:25 +08:00
|
|
|
keylen = 16 + k * 8;
|
2021-02-18 17:48:18 +08:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
|
|
|
|
key32, keylen);
|
|
|
|
st = loopargs[i].ctx != NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (testnum = 0; st && testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[algindex], lengths[testnum], seconds.sym);
|
2021-02-18 17:48:18 +08:00
|
|
|
Time_F(START);
|
|
|
|
count =
|
|
|
|
run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
print_result(algindex, testnum, count, d);
|
|
|
|
}
|
2021-02-22 20:20:28 +08:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_CIPHER_CTX_free(loopargs[i].ctx);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
|
|
|
|
for (k = 0; k < 3; k++) {
|
|
|
|
algindex = D_CBC_128_CML + k;
|
|
|
|
if (doit[algindex]) {
|
|
|
|
int st = 1;
|
|
|
|
|
2021-04-07 10:48:14 +08:00
|
|
|
keylen = 16 + k * 8;
|
2021-02-18 17:48:18 +08:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
|
|
|
|
key32, keylen);
|
|
|
|
st = loopargs[i].ctx != NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (testnum = 0; st && testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[algindex], lengths[testnum], seconds.sym);
|
2021-02-18 17:48:18 +08:00
|
|
|
Time_F(START);
|
|
|
|
count =
|
|
|
|
run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
print_result(algindex, testnum, count, d);
|
|
|
|
}
|
2021-02-22 20:20:28 +08:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_CIPHER_CTX_free(loopargs[i].ctx);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
|
|
|
|
for (algindex = D_RC4; algindex <= D_CBC_CAST; algindex++) {
|
|
|
|
if (doit[algindex]) {
|
|
|
|
int st = 1;
|
2021-02-22 20:20:28 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
keylen = 16;
|
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
|
|
|
|
key32, keylen);
|
|
|
|
st = loopargs[i].ctx != NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (testnum = 0; st && testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[algindex], lengths[testnum], seconds.sym);
|
2021-02-18 17:48:18 +08:00
|
|
|
Time_F(START);
|
|
|
|
count =
|
|
|
|
run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
print_result(algindex, testnum, count, d);
|
|
|
|
}
|
2021-02-22 20:20:28 +08:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_CIPHER_CTX_free(loopargs[i].ctx);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if (doit[D_GHASH]) {
|
2021-02-18 17:48:18 +08:00
|
|
|
static const char gmac_iv[] = "0123456789ab";
|
2021-02-25 12:12:56 +08:00
|
|
|
OSSL_PARAM params[3];
|
2021-02-18 17:48:18 +08:00
|
|
|
|
2021-06-10 10:05:28 +08:00
|
|
|
mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC", app_get0_propq());
|
2021-02-18 17:48:18 +08:00
|
|
|
if (mac == NULL)
|
|
|
|
goto end;
|
|
|
|
|
2021-02-22 20:20:28 +08:00
|
|
|
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
|
|
|
|
"aes-128-gcm", 0);
|
2021-02-25 12:12:56 +08:00
|
|
|
params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
|
2021-02-22 20:20:28 +08:00
|
|
|
(char *)gmac_iv,
|
|
|
|
sizeof(gmac_iv) - 1);
|
2021-02-25 12:12:56 +08:00
|
|
|
params[2] = OSSL_PARAM_construct_end();
|
2021-02-18 17:48:18 +08:00
|
|
|
|
2016-02-18 18:56:53 +08:00
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2021-02-18 17:48:18 +08:00
|
|
|
loopargs[i].mctx = EVP_MAC_CTX_new(mac);
|
|
|
|
if (loopargs[i].mctx == NULL)
|
|
|
|
goto end;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2021-02-25 12:12:56 +08:00
|
|
|
if (!EVP_MAC_init(loopargs[i].mctx, key32, 16, params))
|
2021-02-18 17:48:18 +08:00
|
|
|
goto end;
|
|
|
|
}
|
2017-12-02 17:05:35 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_GHASH], lengths[testnum], seconds.sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2021-02-18 17:48:18 +08:00
|
|
|
count = run_benchmark(async_jobs, GHASH_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2015-12-09 15:26:38 +08:00
|
|
|
print_result(D_GHASH, testnum, count, d);
|
2021-02-18 17:48:18 +08:00
|
|
|
if (count < 0)
|
|
|
|
break;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2016-02-18 18:56:53 +08:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_MAC_CTX_free(loopargs[i].mctx);
|
|
|
|
EVP_MAC_free(mac);
|
2021-06-10 10:05:28 +08:00
|
|
|
mac = NULL;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
|
2017-10-07 17:38:19 +08:00
|
|
|
if (doit[D_RAND]) {
|
2017-12-02 17:05:35 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_RAND], lengths[testnum], seconds.sym);
|
2017-10-07 17:38:19 +08:00
|
|
|
Time_F(START);
|
|
|
|
count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
print_result(D_RAND, testnum, count, d);
|
|
|
|
}
|
|
|
|
}
|
2006-06-09 23:44:59 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (doit[D_EVP]) {
|
2018-05-19 21:43:11 +08:00
|
|
|
if (evp_cipher != NULL) {
|
2019-10-20 01:37:01 +08:00
|
|
|
int (*loopfunc) (void *) = EVP_Update_loop;
|
2018-05-19 21:43:11 +08:00
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) &
|
2018-05-19 21:43:11 +08:00
|
|
|
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
|
|
|
|
multiblock_speed(evp_cipher, lengths_single, &seconds);
|
|
|
|
ret = 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
goto end;
|
|
|
|
}
|
2018-05-19 21:43:11 +08:00
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher);
|
2018-05-19 21:43:11 +08:00
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
|
2018-05-19 21:43:11 +08:00
|
|
|
loopfunc = EVP_Update_loop_ccm;
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
} else if (aead && (EVP_CIPHER_get_flags(evp_cipher) &
|
2018-05-19 21:43:11 +08:00
|
|
|
EVP_CIPH_FLAG_AEAD_CIPHER)) {
|
|
|
|
loopfunc = EVP_Update_loop_aead;
|
|
|
|
if (lengths == lengths_list) {
|
|
|
|
lengths = aead_lengths_list;
|
|
|
|
size_num = OSSL_NELEM(aead_lengths_list);
|
|
|
|
}
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2018-05-19 21:43:11 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_EVP], lengths[testnum], seconds.sym);
|
2015-12-09 15:26:38 +08:00
|
|
|
|
|
|
|
for (k = 0; k < loopargs_len; k++) {
|
|
|
|
loopargs[k].ctx = EVP_CIPHER_CTX_new();
|
2019-04-13 16:01:09 +08:00
|
|
|
if (loopargs[k].ctx == NULL) {
|
|
|
|
BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL,
|
|
|
|
NULL, iv, decrypt ? 0 : 1)) {
|
|
|
|
BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
exit(1);
|
|
|
|
}
|
2017-12-05 00:40:23 +08:00
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
|
2017-12-05 00:40:23 +08:00
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx);
|
2017-12-05 00:40:23 +08:00
|
|
|
loopargs[k].key = app_malloc(keylen, "evp_cipher key");
|
|
|
|
EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
|
2019-04-13 16:01:09 +08:00
|
|
|
if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
|
|
|
|
loopargs[k].key, NULL, -1)) {
|
|
|
|
BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
exit(1);
|
|
|
|
}
|
2017-12-05 00:40:23 +08:00
|
|
|
OPENSSL_clear_free(loopargs[k].key, keylen);
|
2017-05-19 22:27:28 +08:00
|
|
|
|
2022-04-29 02:56:11 +08:00
|
|
|
/* GCM-SIV/SIV mode only allows for a single Update operation */
|
|
|
|
if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_SIV_MODE
|
|
|
|
|| EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_GCM_SIV_MODE)
|
2021-07-05 16:30:27 +08:00
|
|
|
(void)EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
|
|
|
|
EVP_CTRL_SET_SPEED, 1, NULL);
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
Time_F(START);
|
2017-02-21 00:49:36 +08:00
|
|
|
count = run_benchmark(async_jobs, loopfunc, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2021-02-22 20:20:28 +08:00
|
|
|
for (k = 0; k < loopargs_len; k++)
|
2015-12-09 15:26:38 +08:00
|
|
|
EVP_CIPHER_CTX_free(loopargs[k].ctx);
|
2018-05-19 21:43:11 +08:00
|
|
|
print_result(D_EVP, testnum, count, d);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2021-02-16 02:45:01 +08:00
|
|
|
} else if (evp_md_name != NULL) {
|
|
|
|
names[D_EVP] = evp_md_name;
|
2018-05-19 21:43:11 +08:00
|
|
|
|
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_EVP], lengths[testnum], seconds.sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2021-02-16 02:45:01 +08:00
|
|
|
count = run_benchmark(async_jobs, EVP_Digest_md_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
2018-05-19 21:43:11 +08:00
|
|
|
print_result(D_EVP, testnum, count, d);
|
2021-02-16 02:45:01 +08:00
|
|
|
if (count < 0)
|
|
|
|
break;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
if (doit[D_EVP_CMAC]) {
|
|
|
|
OSSL_PARAM params[3];
|
2021-04-26 18:08:27 +08:00
|
|
|
EVP_CIPHER *cipher = NULL;
|
2019-10-20 01:37:01 +08:00
|
|
|
|
2021-06-10 10:05:28 +08:00
|
|
|
mac = EVP_MAC_fetch(app_get0_libctx(), "CMAC", app_get0_propq());
|
2021-02-18 17:48:18 +08:00
|
|
|
if (mac == NULL || evp_mac_ciphername == NULL)
|
|
|
|
goto end;
|
2021-04-26 18:08:27 +08:00
|
|
|
if (!opt_cipher(evp_mac_ciphername, &cipher))
|
2021-02-18 17:48:18 +08:00
|
|
|
goto end;
|
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
keylen = EVP_CIPHER_get_key_length(cipher);
|
2021-04-26 18:08:27 +08:00
|
|
|
EVP_CIPHER_free(cipher);
|
2021-02-18 17:48:18 +08:00
|
|
|
if (keylen <= 0 || keylen > (int)sizeof(key32)) {
|
|
|
|
BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n");
|
|
|
|
goto end;
|
|
|
|
}
|
2021-02-22 20:20:28 +08:00
|
|
|
evp_cmac_name = app_malloc(sizeof("cmac()")
|
|
|
|
+ strlen(evp_mac_ciphername), "CMAC name");
|
2021-02-18 17:48:18 +08:00
|
|
|
sprintf(evp_cmac_name, "cmac(%s)", evp_mac_ciphername);
|
2019-10-20 01:37:01 +08:00
|
|
|
names[D_EVP_CMAC] = evp_cmac_name;
|
|
|
|
|
2021-02-22 20:20:28 +08:00
|
|
|
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
|
|
|
|
evp_mac_ciphername, 0);
|
|
|
|
params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
|
|
|
|
(char *)key32, keylen);
|
2021-02-18 17:48:18 +08:00
|
|
|
params[2] = OSSL_PARAM_construct_end();
|
|
|
|
|
2019-10-20 01:37:01 +08:00
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2021-02-18 17:48:18 +08:00
|
|
|
loopargs[i].mctx = EVP_MAC_CTX_new(mac);
|
|
|
|
if (loopargs[i].mctx == NULL)
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
|
|
|
|
goto end;
|
2019-04-11 04:44:41 +08:00
|
|
|
}
|
2021-02-22 20:20:28 +08:00
|
|
|
|
2019-10-20 01:37:01 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(names[D_EVP_CMAC], lengths[testnum], seconds.sym);
|
2019-10-20 01:37:01 +08:00
|
|
|
Time_F(START);
|
2021-02-18 17:48:18 +08:00
|
|
|
count = run_benchmark(async_jobs, CMAC_loop, loopargs);
|
2019-10-20 01:37:01 +08:00
|
|
|
d = Time_F(STOP);
|
|
|
|
print_result(D_EVP_CMAC, testnum, count, d);
|
2021-02-18 17:48:18 +08:00
|
|
|
if (count < 0)
|
|
|
|
break;
|
2019-10-20 01:37:01 +08:00
|
|
|
}
|
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_MAC_CTX_free(loopargs[i].mctx);
|
|
|
|
EVP_MAC_free(mac);
|
2021-06-10 10:05:28 +08:00
|
|
|
mac = NULL;
|
2019-04-11 04:44:41 +08:00
|
|
|
}
|
|
|
|
|
2016-02-18 18:56:53 +08:00
|
|
|
for (i = 0; i < loopargs_len; i++)
|
2018-06-24 15:28:33 +08:00
|
|
|
if (RAND_bytes(loopargs[i].buf, 36) <= 0)
|
|
|
|
goto end;
|
2015-12-09 15:26:38 +08:00
|
|
|
|
|
|
|
for (testnum = 0; testnum < RSA_NUM; testnum++) {
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_PKEY *rsa_key = NULL;
|
2015-12-09 15:26:38 +08:00
|
|
|
int st = 0;
|
2021-02-18 17:48:18 +08:00
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
if (!rsa_doit[testnum])
|
2015-01-22 11:40:55 +08:00
|
|
|
continue;
|
2017-08-02 02:19:43 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
if (primes > RSA_DEFAULT_PRIME_NUM) {
|
|
|
|
/* we haven't set keys yet, generate multi-prime RSA keys */
|
|
|
|
bn = BN_new();
|
|
|
|
st = bn != NULL
|
|
|
|
&& BN_set_word(bn, RSA_F4)
|
|
|
|
&& init_gen_str(&genctx, "RSA", NULL, 0, NULL, NULL)
|
|
|
|
&& EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, rsa_keys[testnum].bits) > 0
|
|
|
|
&& EVP_PKEY_CTX_set1_rsa_keygen_pubexp(genctx, bn) > 0
|
|
|
|
&& EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) > 0
|
|
|
|
&& EVP_PKEY_keygen(genctx, &rsa_key);
|
|
|
|
BN_free(bn);
|
|
|
|
bn = NULL;
|
|
|
|
EVP_PKEY_CTX_free(genctx);
|
|
|
|
genctx = NULL;
|
|
|
|
} else {
|
|
|
|
const unsigned char *p = rsa_keys[testnum].data;
|
2017-08-02 02:19:43 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
st = (rsa_key = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p,
|
|
|
|
rsa_keys[testnum].length)) != NULL;
|
|
|
|
}
|
2017-08-02 02:19:43 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
2021-02-22 20:20:28 +08:00
|
|
|
loopargs[i].rsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL);
|
2021-11-03 11:28:23 +08:00
|
|
|
loopargs[i].sigsize = loopargs[i].buflen;
|
2021-02-18 17:48:18 +08:00
|
|
|
if (loopargs[i].rsa_sign_ctx[testnum] == NULL
|
|
|
|
|| EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0
|
|
|
|
|| EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum],
|
|
|
|
loopargs[i].buf2,
|
|
|
|
&loopargs[i].sigsize,
|
|
|
|
loopargs[i].buf, 36) <= 0)
|
|
|
|
st = 0;
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
if (!st) {
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(bio_err,
|
2021-02-18 17:48:18 +08:00
|
|
|
"RSA sign setup failure. No RSA sign will be done.\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2015-01-22 11:40:55 +08:00
|
|
|
} else {
|
2023-06-20 19:40:41 +08:00
|
|
|
pkey_print_message("private", "rsa sign",
|
2023-04-21 15:04:57 +08:00
|
|
|
rsa_keys[testnum].bits, seconds.rsa);
|
2015-12-09 15:26:38 +08:00
|
|
|
/* RSA_blinding_on(rsa_key[testnum],NULL); */
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2015-12-09 15:26:38 +08:00
|
|
|
count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
mr ? "+R1:%ld:%d:%.2f\n"
|
2023-06-20 19:40:41 +08:00
|
|
|
: "%ld %u bits private RSA sign ops in %.2fs\n",
|
2019-10-16 05:33:02 +08:00
|
|
|
count, rsa_keys[testnum].bits, d);
|
2016-08-02 16:13:00 +08:00
|
|
|
rsa_results[testnum][0] = (double)count / d;
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = count;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
loopargs[i].rsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key,
|
|
|
|
NULL);
|
|
|
|
if (loopargs[i].rsa_verify_ctx[testnum] == NULL
|
|
|
|
|| EVP_PKEY_verify_init(loopargs[i].rsa_verify_ctx[testnum]) <= 0
|
|
|
|
|| EVP_PKEY_verify(loopargs[i].rsa_verify_ctx[testnum],
|
|
|
|
loopargs[i].buf2,
|
|
|
|
loopargs[i].sigsize,
|
|
|
|
loopargs[i].buf, 36) <= 0)
|
|
|
|
st = 0;
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
if (!st) {
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(bio_err,
|
2021-02-18 17:48:18 +08:00
|
|
|
"RSA verify setup failure. No RSA verify will be done.\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
ERR_print_errors(bio_err);
|
2015-12-09 15:26:38 +08:00
|
|
|
rsa_doit[testnum] = 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
} else {
|
2023-06-20 19:40:41 +08:00
|
|
|
pkey_print_message("public", "rsa verify",
|
2023-04-21 15:04:57 +08:00
|
|
|
rsa_keys[testnum].bits, seconds.rsa);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2015-12-09 15:26:38 +08:00
|
|
|
count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
mr ? "+R2:%ld:%d:%.2f\n"
|
2023-06-20 19:40:41 +08:00
|
|
|
: "%ld %u bits public RSA verify ops in %.2fs\n",
|
2019-10-16 05:33:02 +08:00
|
|
|
count, rsa_keys[testnum].bits, d);
|
2016-08-02 16:13:00 +08:00
|
|
|
rsa_results[testnum][1] = (double)count / d;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2023-06-20 19:40:41 +08:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
loopargs[i].rsa_encrypt_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL);
|
|
|
|
loopargs[i].encsize = loopargs[i].buflen;
|
|
|
|
if (loopargs[i].rsa_encrypt_ctx[testnum] == NULL
|
|
|
|
|| EVP_PKEY_encrypt_init(loopargs[i].rsa_encrypt_ctx[testnum]) <= 0
|
|
|
|
|| EVP_PKEY_encrypt(loopargs[i].rsa_encrypt_ctx[testnum],
|
|
|
|
loopargs[i].buf2,
|
|
|
|
&loopargs[i].encsize,
|
|
|
|
loopargs[i].buf, 36) <= 0)
|
|
|
|
st = 0;
|
|
|
|
}
|
|
|
|
if (!st) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"RSA encrypt setup failure. No RSA encrypt will be done.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
op_count = 1;
|
|
|
|
} else {
|
|
|
|
pkey_print_message("private", "rsa encrypt",
|
|
|
|
rsa_keys[testnum].bits, seconds.rsa);
|
|
|
|
/* RSA_blinding_on(rsa_key[testnum],NULL); */
|
|
|
|
Time_F(START);
|
|
|
|
count = run_benchmark(async_jobs, RSA_encrypt_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
mr ? "+R3:%ld:%d:%.2f\n"
|
|
|
|
: "%ld %u bits public RSA encrypt ops in %.2fs\n",
|
|
|
|
count, rsa_keys[testnum].bits, d);
|
|
|
|
rsa_results[testnum][2] = (double)count / d;
|
|
|
|
op_count = count;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
loopargs[i].rsa_decrypt_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL);
|
|
|
|
declen = loopargs[i].buflen;
|
|
|
|
if (loopargs[i].rsa_decrypt_ctx[testnum] == NULL
|
|
|
|
|| EVP_PKEY_decrypt_init(loopargs[i].rsa_decrypt_ctx[testnum]) <= 0
|
|
|
|
|| EVP_PKEY_decrypt(loopargs[i].rsa_decrypt_ctx[testnum],
|
|
|
|
loopargs[i].buf,
|
|
|
|
&declen,
|
|
|
|
loopargs[i].buf2,
|
|
|
|
loopargs[i].encsize) <= 0)
|
|
|
|
st = 0;
|
|
|
|
}
|
|
|
|
if (!st) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"RSA decrypt setup failure. No RSA decrypt will be done.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
op_count = 1;
|
|
|
|
} else {
|
|
|
|
pkey_print_message("private", "rsa decrypt",
|
|
|
|
rsa_keys[testnum].bits, seconds.rsa);
|
|
|
|
/* RSA_blinding_on(rsa_key[testnum],NULL); */
|
|
|
|
Time_F(START);
|
|
|
|
count = run_benchmark(async_jobs, RSA_decrypt_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
mr ? "+R4:%ld:%d:%.2f\n"
|
|
|
|
: "%ld %u bits private RSA decrypt ops in %.2fs\n",
|
|
|
|
count, rsa_keys[testnum].bits, d);
|
|
|
|
rsa_results[testnum][3] = (double)count / d;
|
|
|
|
op_count = count;
|
|
|
|
}
|
|
|
|
|
2020-12-02 17:49:49 +08:00
|
|
|
if (op_count <= 1) {
|
2015-01-22 11:40:55 +08:00
|
|
|
/* if longer than 10s, don't do any more */
|
2018-06-06 01:56:06 +08:00
|
|
|
stop_it(rsa_doit, testnum);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_PKEY_free(rsa_key);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2015-12-09 15:26:38 +08:00
|
|
|
|
|
|
|
for (testnum = 0; testnum < DSA_NUM; testnum++) {
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_PKEY *dsa_key = NULL;
|
|
|
|
int st;
|
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
if (!dsa_doit[testnum])
|
2015-01-22 11:40:55 +08:00
|
|
|
continue;
|
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
st = (dsa_key = get_dsa(dsa_bits[testnum])) != NULL;
|
|
|
|
|
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
|
|
|
|
NULL);
|
2021-11-03 11:28:23 +08:00
|
|
|
loopargs[i].sigsize = loopargs[i].buflen;
|
2021-02-18 17:48:18 +08:00
|
|
|
if (loopargs[i].dsa_sign_ctx[testnum] == NULL
|
|
|
|
|| EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0
|
|
|
|
|
|
|
|
|| EVP_PKEY_sign(loopargs[i].dsa_sign_ctx[testnum],
|
|
|
|
loopargs[i].buf2,
|
|
|
|
&loopargs[i].sigsize,
|
|
|
|
loopargs[i].buf, 20) <= 0)
|
|
|
|
st = 0;
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
if (!st) {
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(bio_err,
|
2021-02-18 17:48:18 +08:00
|
|
|
"DSA sign setup failure. No DSA sign will be done.\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2015-01-22 11:40:55 +08:00
|
|
|
} else {
|
|
|
|
pkey_print_message("sign", "dsa",
|
2023-04-21 15:04:57 +08:00
|
|
|
dsa_bits[testnum], seconds.dsa);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2015-12-09 15:26:38 +08:00
|
|
|
count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R5:%ld:%u:%.2f\n"
|
2023-07-19 16:49:44 +08:00
|
|
|
: "%ld %u bits DSA sign ops in %.2fs\n",
|
2015-12-09 15:26:38 +08:00
|
|
|
count, dsa_bits[testnum], d);
|
2016-08-02 16:22:27 +08:00
|
|
|
dsa_results[testnum][0] = (double)count / d;
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = count;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2002-08-09 16:43:04 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
loopargs[i].dsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
|
|
|
|
NULL);
|
|
|
|
if (loopargs[i].dsa_verify_ctx[testnum] == NULL
|
|
|
|
|| EVP_PKEY_verify_init(loopargs[i].dsa_verify_ctx[testnum]) <= 0
|
|
|
|
|| EVP_PKEY_verify(loopargs[i].dsa_verify_ctx[testnum],
|
|
|
|
loopargs[i].buf2,
|
|
|
|
loopargs[i].sigsize,
|
|
|
|
loopargs[i].buf, 36) <= 0)
|
|
|
|
st = 0;
|
2015-12-09 15:26:38 +08:00
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
if (!st) {
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(bio_err,
|
2021-02-18 17:48:18 +08:00
|
|
|
"DSA verify setup failure. No DSA verify will be done.\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
ERR_print_errors(bio_err);
|
2015-12-09 15:26:38 +08:00
|
|
|
dsa_doit[testnum] = 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
} else {
|
|
|
|
pkey_print_message("verify", "dsa",
|
2023-04-21 15:04:57 +08:00
|
|
|
dsa_bits[testnum], seconds.dsa);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2015-12-09 15:26:38 +08:00
|
|
|
count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
|
2015-01-22 11:40:55 +08:00
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R6:%ld:%u:%.2f\n"
|
2023-07-19 16:49:44 +08:00
|
|
|
: "%ld %u bits DSA verify ops in %.2fs\n",
|
2015-12-09 15:26:38 +08:00
|
|
|
count, dsa_bits[testnum], d);
|
2016-08-02 16:22:27 +08:00
|
|
|
dsa_results[testnum][1] = (double)count / d;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2002-08-09 16:43:04 +08:00
|
|
|
|
2020-12-02 17:49:49 +08:00
|
|
|
if (op_count <= 1) {
|
2015-01-22 11:40:55 +08:00
|
|
|
/* if longer than 10s, don't do any more */
|
2018-06-06 01:56:06 +08:00
|
|
|
stop_it(dsa_doit, testnum);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_PKEY_free(dsa_key);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2002-08-09 16:43:04 +08:00
|
|
|
|
2018-04-30 07:13:58 +08:00
|
|
|
for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
|
2021-02-18 17:48:18 +08:00
|
|
|
EVP_PKEY *ecdsa_key = NULL;
|
|
|
|
int st;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
if (!ecdsa_doit[testnum])
|
2021-02-18 17:48:18 +08:00
|
|
|
continue;
|
|
|
|
|
|
|
|
st = (ecdsa_key = get_ecdsa(&ec_curves[testnum])) != NULL;
|
|
|
|
|
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
|
|
|
|
NULL);
|
2021-11-03 11:28:23 +08:00
|
|
|
loopargs[i].sigsize = loopargs[i].buflen;
|
2021-02-18 17:48:18 +08:00
|
|
|
if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL
|
|
|
|
|| EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0
|
|
|
|
|
|
|
|
|| EVP_PKEY_sign(loopargs[i].ecdsa_sign_ctx[testnum],
|
|
|
|
loopargs[i].buf2,
|
|
|
|
&loopargs[i].sigsize,
|
|
|
|
loopargs[i].buf, 20) <= 0)
|
2016-02-18 18:56:53 +08:00
|
|
|
st = 0;
|
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
if (!st) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"ECDSA sign setup failure. No ECDSA sign will be done.\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2015-01-22 11:40:55 +08:00
|
|
|
} else {
|
2021-02-18 17:48:18 +08:00
|
|
|
pkey_print_message("sign", "ecdsa",
|
2023-04-21 15:04:57 +08:00
|
|
|
ec_curves[testnum].bits, seconds.ecdsa);
|
2021-02-18 17:48:18 +08:00
|
|
|
Time_F(START);
|
|
|
|
count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R7:%ld:%u:%.2f\n"
|
2023-07-19 16:49:44 +08:00
|
|
|
: "%ld %u bits ECDSA sign ops in %.2fs\n",
|
2021-02-18 17:48:18 +08:00
|
|
|
count, ec_curves[testnum].bits, d);
|
|
|
|
ecdsa_results[testnum][0] = (double)count / d;
|
|
|
|
op_count = count;
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
for (i = 0; st && i < loopargs_len; i++) {
|
|
|
|
loopargs[i].ecdsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
|
2021-02-22 20:20:28 +08:00
|
|
|
NULL);
|
2021-02-18 17:48:18 +08:00
|
|
|
if (loopargs[i].ecdsa_verify_ctx[testnum] == NULL
|
|
|
|
|| EVP_PKEY_verify_init(loopargs[i].ecdsa_verify_ctx[testnum]) <= 0
|
|
|
|
|| EVP_PKEY_verify(loopargs[i].ecdsa_verify_ctx[testnum],
|
|
|
|
loopargs[i].buf2,
|
|
|
|
loopargs[i].sigsize,
|
|
|
|
loopargs[i].buf, 20) <= 0)
|
|
|
|
st = 0;
|
|
|
|
}
|
|
|
|
if (!st) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"ECDSA verify setup failure. No ECDSA verify will be done.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
ecdsa_doit[testnum] = 0;
|
|
|
|
} else {
|
|
|
|
pkey_print_message("verify", "ecdsa",
|
2023-04-21 15:04:57 +08:00
|
|
|
ec_curves[testnum].bits, seconds.ecdsa);
|
2021-02-18 17:48:18 +08:00
|
|
|
Time_F(START);
|
|
|
|
count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R8:%ld:%u:%.2f\n"
|
2023-07-19 16:49:44 +08:00
|
|
|
: "%ld %u bits ECDSA verify ops in %.2fs\n",
|
2021-02-18 17:48:18 +08:00
|
|
|
count, ec_curves[testnum].bits, d);
|
|
|
|
ecdsa_results[testnum][1] = (double)count / d;
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
if (op_count <= 1) {
|
|
|
|
/* if longer than 10s, don't do any more */
|
|
|
|
stop_it(ecdsa_doit, testnum);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
for (testnum = 0; testnum < EC_NUM; testnum++) {
|
2016-07-20 05:54:21 +08:00
|
|
|
int ecdh_checks = 1;
|
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
if (!ecdh_doit[testnum])
|
2015-01-22 11:40:55 +08:00
|
|
|
continue;
|
2016-10-04 01:28:32 +08:00
|
|
|
|
2016-02-18 18:56:53 +08:00
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2016-10-04 21:40:47 +08:00
|
|
|
EVP_PKEY_CTX *test_ctx = NULL;
|
2016-10-04 20:50:11 +08:00
|
|
|
EVP_PKEY_CTX *ctx = NULL;
|
|
|
|
EVP_PKEY *key_A = NULL;
|
|
|
|
EVP_PKEY *key_B = NULL;
|
2016-10-04 14:17:11 +08:00
|
|
|
size_t outlen;
|
2016-10-04 21:40:47 +08:00
|
|
|
size_t test_outlen;
|
2016-10-04 01:28:32 +08:00
|
|
|
|
2021-02-22 20:20:28 +08:00
|
|
|
if ((key_A = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key A */
|
|
|
|
|| (key_B = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key B */
|
|
|
|
|| (ctx = EVP_PKEY_CTX_new(key_A, NULL)) == NULL /* derivation ctx from skeyA */
|
|
|
|
|| EVP_PKEY_derive_init(ctx) <= 0 /* init derivation ctx */
|
|
|
|
|| EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 /* set peer pubkey in ctx */
|
|
|
|
|| EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 /* determine max length */
|
|
|
|
|| outlen == 0 /* ensure outlen is a valid size */
|
|
|
|
|| outlen > MAX_ECDH_SIZE /* avoid buffer overflow */) {
|
2016-10-04 01:28:32 +08:00
|
|
|
ecdh_checks = 0;
|
|
|
|
BIO_printf(bio_err, "ECDH key generation failure.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2016-10-04 01:28:32 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2021-02-22 20:20:28 +08:00
|
|
|
/*
|
|
|
|
* Here we perform a test run, comparing the output of a*B and b*A;
|
2016-10-04 21:40:47 +08:00
|
|
|
* we try this here and assume that further EVP_PKEY_derive calls
|
|
|
|
* never fail, so we can skip checks in the actually benchmarked
|
2021-02-22 20:20:28 +08:00
|
|
|
* code, for maximum performance.
|
|
|
|
*/
|
|
|
|
if ((test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) == NULL /* test ctx from skeyB */
|
2022-11-15 11:25:38 +08:00
|
|
|
|| EVP_PKEY_derive_init(test_ctx) <= 0 /* init derivation test_ctx */
|
|
|
|
|| EVP_PKEY_derive_set_peer(test_ctx, key_A) <= 0 /* set peer pubkey in test_ctx */
|
|
|
|
|| EVP_PKEY_derive(test_ctx, NULL, &test_outlen) <= 0 /* determine max length */
|
|
|
|
|| EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) <= 0 /* compute a*B */
|
|
|
|
|| EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) <= 0 /* compute b*A */
|
2021-02-22 20:20:28 +08:00
|
|
|
|| test_outlen != outlen /* compare output length */) {
|
2016-10-04 21:40:47 +08:00
|
|
|
ecdh_checks = 0;
|
|
|
|
BIO_printf(bio_err, "ECDH computation failure.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2016-10-04 21:40:47 +08:00
|
|
|
break;
|
|
|
|
}
|
2016-10-06 18:17:00 +08:00
|
|
|
|
|
|
|
/* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
|
|
|
|
if (CRYPTO_memcmp(loopargs[i].secret_a,
|
|
|
|
loopargs[i].secret_b, outlen)) {
|
|
|
|
ecdh_checks = 0;
|
2016-10-04 21:40:47 +08:00
|
|
|
BIO_printf(bio_err, "ECDH computations don't match.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2016-10-04 21:40:47 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2016-10-04 01:28:32 +08:00
|
|
|
loopargs[i].ecdh_ctx[testnum] = ctx;
|
2016-10-04 14:17:11 +08:00
|
|
|
loopargs[i].outlen[testnum] = outlen;
|
2016-10-04 01:28:32 +08:00
|
|
|
|
2017-12-04 23:23:24 +08:00
|
|
|
EVP_PKEY_free(key_A);
|
|
|
|
EVP_PKEY_free(key_B);
|
2016-10-04 21:40:47 +08:00
|
|
|
EVP_PKEY_CTX_free(test_ctx);
|
|
|
|
test_ctx = NULL;
|
2016-10-04 01:28:32 +08:00
|
|
|
}
|
|
|
|
if (ecdh_checks != 0) {
|
|
|
|
pkey_print_message("", "ecdh",
|
2019-10-16 05:33:02 +08:00
|
|
|
ec_curves[testnum].bits, seconds.ecdh);
|
2016-10-04 01:28:32 +08:00
|
|
|
Time_F(START);
|
2016-10-04 14:20:49 +08:00
|
|
|
count =
|
|
|
|
run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
|
2016-10-04 01:28:32 +08:00
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R9:%ld:%d:%.2f\n" :
|
2016-11-29 06:36:50 +08:00
|
|
|
"%ld %u-bits ECDH ops in %.2fs\n", count,
|
2019-10-16 05:33:02 +08:00
|
|
|
ec_curves[testnum].bits, d);
|
2016-08-02 16:41:30 +08:00
|
|
|
ecdh_results[testnum][0] = (double)count / d;
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = count;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2002-08-09 16:43:04 +08:00
|
|
|
|
2020-12-02 17:49:49 +08:00
|
|
|
if (op_count <= 1) {
|
2015-01-22 11:40:55 +08:00
|
|
|
/* if longer than 10s, don't do any more */
|
2018-06-06 01:56:06 +08:00
|
|
|
stop_it(ecdh_doit, testnum);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
2018-09-07 14:39:19 +08:00
|
|
|
|
2023-04-17 16:20:31 +08:00
|
|
|
#ifndef OPENSSL_NO_ECX
|
2018-09-07 14:39:19 +08:00
|
|
|
for (testnum = 0; testnum < EdDSA_NUM; testnum++) {
|
|
|
|
int st = 1;
|
|
|
|
EVP_PKEY *ed_pkey = NULL;
|
|
|
|
EVP_PKEY_CTX *ed_pctx = NULL;
|
|
|
|
|
|
|
|
if (!eddsa_doit[testnum])
|
|
|
|
continue; /* Ignore Curve */
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new();
|
|
|
|
if (loopargs[i].eddsa_ctx[testnum] == NULL) {
|
|
|
|
st = 0;
|
|
|
|
break;
|
|
|
|
}
|
2020-06-06 23:21:15 +08:00
|
|
|
loopargs[i].eddsa_ctx2[testnum] = EVP_MD_CTX_new();
|
|
|
|
if (loopargs[i].eddsa_ctx2[testnum] == NULL) {
|
|
|
|
st = 0;
|
|
|
|
break;
|
|
|
|
}
|
2018-09-07 14:39:19 +08:00
|
|
|
|
2021-02-22 20:20:28 +08:00
|
|
|
if ((ed_pctx = EVP_PKEY_CTX_new_id(ed_curves[testnum].nid,
|
|
|
|
NULL)) == NULL
|
2019-09-30 11:33:24 +08:00
|
|
|
|| EVP_PKEY_keygen_init(ed_pctx) <= 0
|
|
|
|
|| EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) {
|
2018-09-07 14:39:19 +08:00
|
|
|
st = 0;
|
|
|
|
EVP_PKEY_CTX_free(ed_pctx);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
EVP_PKEY_CTX_free(ed_pctx);
|
|
|
|
|
|
|
|
if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL,
|
|
|
|
NULL, ed_pkey)) {
|
|
|
|
st = 0;
|
|
|
|
EVP_PKEY_free(ed_pkey);
|
|
|
|
break;
|
|
|
|
}
|
2021-02-22 20:20:28 +08:00
|
|
|
if (!EVP_DigestVerifyInit(loopargs[i].eddsa_ctx2[testnum], NULL,
|
|
|
|
NULL, NULL, ed_pkey)) {
|
2020-06-06 23:21:15 +08:00
|
|
|
st = 0;
|
|
|
|
EVP_PKEY_free(ed_pkey);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2018-09-07 14:39:19 +08:00
|
|
|
EVP_PKEY_free(ed_pkey);
|
2020-09-25 11:50:25 +08:00
|
|
|
ed_pkey = NULL;
|
2018-09-07 14:39:19 +08:00
|
|
|
}
|
|
|
|
if (st == 0) {
|
|
|
|
BIO_printf(bio_err, "EdDSA failure.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2018-09-07 14:39:19 +08:00
|
|
|
} else {
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
/* Perform EdDSA signature test */
|
2019-10-16 05:33:02 +08:00
|
|
|
loopargs[i].sigsize = ed_curves[testnum].sigsize;
|
2018-09-07 14:39:19 +08:00
|
|
|
st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum],
|
2018-09-10 23:03:14 +08:00
|
|
|
loopargs[i].buf2, &loopargs[i].sigsize,
|
2018-09-07 14:39:19 +08:00
|
|
|
loopargs[i].buf, 20);
|
|
|
|
if (st == 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (st == 0) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"EdDSA sign failure. No EdDSA sign will be done.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2018-09-07 14:39:19 +08:00
|
|
|
} else {
|
2019-10-16 05:33:02 +08:00
|
|
|
pkey_print_message("sign", ed_curves[testnum].name,
|
|
|
|
ed_curves[testnum].bits, seconds.eddsa);
|
2018-09-07 14:39:19 +08:00
|
|
|
Time_F(START);
|
|
|
|
count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R10:%ld:%u:%s:%.2f\n" :
|
2023-07-19 16:49:44 +08:00
|
|
|
"%ld %u bits %s sign ops in %.2fs \n",
|
2019-10-16 05:33:02 +08:00
|
|
|
count, ed_curves[testnum].bits,
|
|
|
|
ed_curves[testnum].name, d);
|
2018-09-07 14:39:19 +08:00
|
|
|
eddsa_results[testnum][0] = (double)count / d;
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = count;
|
2018-09-07 14:39:19 +08:00
|
|
|
}
|
|
|
|
/* Perform EdDSA verification test */
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2020-06-06 23:21:15 +08:00
|
|
|
st = EVP_DigestVerify(loopargs[i].eddsa_ctx2[testnum],
|
2018-09-10 23:03:14 +08:00
|
|
|
loopargs[i].buf2, loopargs[i].sigsize,
|
2018-09-07 14:39:19 +08:00
|
|
|
loopargs[i].buf, 20);
|
|
|
|
if (st != 1)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (st != 1) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"EdDSA verify failure. No EdDSA verify will be done.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
eddsa_doit[testnum] = 0;
|
|
|
|
} else {
|
2019-10-16 05:33:02 +08:00
|
|
|
pkey_print_message("verify", ed_curves[testnum].name,
|
|
|
|
ed_curves[testnum].bits, seconds.eddsa);
|
2018-09-07 14:39:19 +08:00
|
|
|
Time_F(START);
|
|
|
|
count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R11:%ld:%u:%s:%.2f\n"
|
2023-07-19 16:49:44 +08:00
|
|
|
: "%ld %u bits %s verify ops in %.2fs\n",
|
2019-10-16 05:33:02 +08:00
|
|
|
count, ed_curves[testnum].bits,
|
|
|
|
ed_curves[testnum].name, d);
|
2018-09-07 14:39:19 +08:00
|
|
|
eddsa_results[testnum][1] = (double)count / d;
|
|
|
|
}
|
|
|
|
|
2020-12-02 17:49:49 +08:00
|
|
|
if (op_count <= 1) {
|
2018-09-07 14:39:19 +08:00
|
|
|
/* if longer than 10s, don't do any more */
|
2018-06-06 01:56:06 +08:00
|
|
|
stop_it(eddsa_doit, testnum);
|
2018-09-07 14:39:19 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2023-04-17 16:20:31 +08:00
|
|
|
#endif /* OPENSSL_NO_ECX */
|
2018-09-07 14:39:19 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2019-09-29 22:25:10 +08:00
|
|
|
for (testnum = 0; testnum < SM2_NUM; testnum++) {
|
|
|
|
int st = 1;
|
|
|
|
EVP_PKEY *sm2_pkey = NULL;
|
|
|
|
|
|
|
|
if (!sm2_doit[testnum])
|
|
|
|
continue; /* Ignore Curve */
|
|
|
|
/* Init signing and verification */
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2019-10-19 23:55:36 +08:00
|
|
|
EVP_PKEY_CTX *sm2_pctx = NULL;
|
|
|
|
EVP_PKEY_CTX *sm2_vfy_pctx = NULL;
|
|
|
|
EVP_PKEY_CTX *pctx = NULL;
|
|
|
|
st = 0;
|
|
|
|
|
2019-09-29 22:25:10 +08:00
|
|
|
loopargs[i].sm2_ctx[testnum] = EVP_MD_CTX_new();
|
|
|
|
loopargs[i].sm2_vfy_ctx[testnum] = EVP_MD_CTX_new();
|
2019-10-19 23:55:36 +08:00
|
|
|
if (loopargs[i].sm2_ctx[testnum] == NULL
|
|
|
|
|| loopargs[i].sm2_vfy_ctx[testnum] == NULL)
|
2019-09-29 22:25:10 +08:00
|
|
|
break;
|
|
|
|
|
2021-02-10 17:52:29 +08:00
|
|
|
sm2_pkey = NULL;
|
|
|
|
|
|
|
|
st = !((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL)) == NULL
|
2019-09-29 22:25:10 +08:00
|
|
|
|| EVP_PKEY_keygen_init(pctx) <= 0
|
|
|
|
|| EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
|
2019-10-16 05:33:02 +08:00
|
|
|
sm2_curves[testnum].nid) <= 0
|
2019-10-19 23:55:36 +08:00
|
|
|
|| EVP_PKEY_keygen(pctx, &sm2_pkey) <= 0);
|
2019-09-29 22:25:10 +08:00
|
|
|
EVP_PKEY_CTX_free(pctx);
|
2019-10-19 23:55:36 +08:00
|
|
|
if (st == 0)
|
|
|
|
break;
|
2019-09-29 22:25:10 +08:00
|
|
|
|
2019-10-19 23:55:36 +08:00
|
|
|
st = 0; /* set back to zero */
|
|
|
|
/* attach it sooner to rely on main final cleanup */
|
|
|
|
loopargs[i].sm2_pkey[testnum] = sm2_pkey;
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
loopargs[i].sigsize = EVP_PKEY_get_size(sm2_pkey);
|
2019-09-29 22:25:10 +08:00
|
|
|
|
|
|
|
sm2_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
|
|
|
|
sm2_vfy_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
|
2019-10-19 23:55:36 +08:00
|
|
|
if (sm2_pctx == NULL || sm2_vfy_pctx == NULL) {
|
|
|
|
EVP_PKEY_CTX_free(sm2_vfy_pctx);
|
2019-09-29 22:25:10 +08:00
|
|
|
break;
|
|
|
|
}
|
2020-01-28 13:14:18 +08:00
|
|
|
|
2019-10-19 23:55:36 +08:00
|
|
|
/* attach them directly to respective ctx */
|
|
|
|
EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_ctx[testnum], sm2_pctx);
|
|
|
|
EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_vfy_ctx[testnum], sm2_vfy_pctx);
|
|
|
|
|
2019-09-29 22:25:10 +08:00
|
|
|
/*
|
|
|
|
* No need to allow user to set an explicit ID here, just use
|
|
|
|
* the one defined in the 'draft-yang-tls-tl13-sm-suites' I-D.
|
|
|
|
*/
|
2019-10-19 23:55:36 +08:00
|
|
|
if (EVP_PKEY_CTX_set1_id(sm2_pctx, SM2_ID, SM2_ID_LEN) != 1
|
|
|
|
|| EVP_PKEY_CTX_set1_id(sm2_vfy_pctx, SM2_ID, SM2_ID_LEN) != 1)
|
2019-09-29 22:25:10 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
if (!EVP_DigestSignInit(loopargs[i].sm2_ctx[testnum], NULL,
|
2019-10-19 23:55:36 +08:00
|
|
|
EVP_sm3(), NULL, sm2_pkey))
|
2019-09-29 22:25:10 +08:00
|
|
|
break;
|
|
|
|
if (!EVP_DigestVerifyInit(loopargs[i].sm2_vfy_ctx[testnum], NULL,
|
2019-10-19 23:55:36 +08:00
|
|
|
EVP_sm3(), NULL, sm2_pkey))
|
2019-09-29 22:25:10 +08:00
|
|
|
break;
|
2019-10-19 23:55:36 +08:00
|
|
|
st = 1; /* mark loop as succeeded */
|
2019-09-29 22:25:10 +08:00
|
|
|
}
|
|
|
|
if (st == 0) {
|
2019-10-19 23:55:36 +08:00
|
|
|
BIO_printf(bio_err, "SM2 init failure.\n");
|
2019-09-29 22:25:10 +08:00
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2019-09-29 22:25:10 +08:00
|
|
|
} else {
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
/* Perform SM2 signature test */
|
|
|
|
st = EVP_DigestSign(loopargs[i].sm2_ctx[testnum],
|
2021-02-10 17:52:29 +08:00
|
|
|
loopargs[i].buf2, &loopargs[i].sigsize,
|
2019-09-29 22:25:10 +08:00
|
|
|
loopargs[i].buf, 20);
|
|
|
|
if (st == 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (st == 0) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"SM2 sign failure. No SM2 sign will be done.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2019-09-29 22:25:10 +08:00
|
|
|
} else {
|
2019-10-16 05:33:02 +08:00
|
|
|
pkey_print_message("sign", sm2_curves[testnum].name,
|
|
|
|
sm2_curves[testnum].bits, seconds.sm2);
|
2019-09-29 22:25:10 +08:00
|
|
|
Time_F(START);
|
|
|
|
count = run_benchmark(async_jobs, SM2_sign_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R12:%ld:%u:%s:%.2f\n" :
|
2023-07-19 16:49:44 +08:00
|
|
|
"%ld %u bits %s sign ops in %.2fs \n",
|
2019-10-16 05:33:02 +08:00
|
|
|
count, sm2_curves[testnum].bits,
|
|
|
|
sm2_curves[testnum].name, d);
|
2019-09-29 22:25:10 +08:00
|
|
|
sm2_results[testnum][0] = (double)count / d;
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = count;
|
2019-09-29 22:25:10 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Perform SM2 verification test */
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
st = EVP_DigestVerify(loopargs[i].sm2_vfy_ctx[testnum],
|
|
|
|
loopargs[i].buf2, loopargs[i].sigsize,
|
|
|
|
loopargs[i].buf, 20);
|
|
|
|
if (st != 1)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (st != 1) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"SM2 verify failure. No SM2 verify will be done.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
sm2_doit[testnum] = 0;
|
|
|
|
} else {
|
2019-10-16 05:33:02 +08:00
|
|
|
pkey_print_message("verify", sm2_curves[testnum].name,
|
|
|
|
sm2_curves[testnum].bits, seconds.sm2);
|
2019-09-29 22:25:10 +08:00
|
|
|
Time_F(START);
|
|
|
|
count = run_benchmark(async_jobs, SM2_verify_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R13:%ld:%u:%s:%.2f\n"
|
2023-07-19 16:49:44 +08:00
|
|
|
: "%ld %u bits %s verify ops in %.2fs\n",
|
2019-10-16 05:33:02 +08:00
|
|
|
count, sm2_curves[testnum].bits,
|
|
|
|
sm2_curves[testnum].name, d);
|
2019-09-29 22:25:10 +08:00
|
|
|
sm2_results[testnum][1] = (double)count / d;
|
|
|
|
}
|
|
|
|
|
2020-12-02 17:49:49 +08:00
|
|
|
if (op_count <= 1) {
|
2019-09-29 22:25:10 +08:00
|
|
|
/* if longer than 10s, don't do any more */
|
|
|
|
for (testnum++; testnum < SM2_NUM; testnum++)
|
|
|
|
sm2_doit[testnum] = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif /* OPENSSL_NO_SM2 */
|
2020-01-19 02:13:02 +08:00
|
|
|
|
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
for (testnum = 0; testnum < FFDH_NUM; testnum++) {
|
|
|
|
int ffdh_checks = 1;
|
|
|
|
|
|
|
|
if (!ffdh_doit[testnum])
|
|
|
|
continue;
|
|
|
|
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
EVP_PKEY *pkey_A = NULL;
|
|
|
|
EVP_PKEY *pkey_B = NULL;
|
|
|
|
EVP_PKEY_CTX *ffdh_ctx = NULL;
|
|
|
|
EVP_PKEY_CTX *test_ctx = NULL;
|
|
|
|
size_t secret_size;
|
|
|
|
size_t test_out;
|
|
|
|
|
|
|
|
/* Ensure that the error queue is empty */
|
|
|
|
if (ERR_peek_error()) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"WARNING: the error queue contains previous unhandled errors.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
}
|
|
|
|
|
|
|
|
pkey_A = EVP_PKEY_new();
|
|
|
|
if (!pkey_A) {
|
|
|
|
BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
pkey_B = EVP_PKEY_new();
|
|
|
|
if (!pkey_B) {
|
|
|
|
BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
ffdh_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
|
|
|
|
if (!ffdh_ctx) {
|
|
|
|
BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (EVP_PKEY_keygen_init(ffdh_ctx) <= 0) {
|
|
|
|
BIO_printf(bio_err, "Error while initialising EVP_PKEY_CTX.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (EVP_PKEY_CTX_set_dh_nid(ffdh_ctx, ffdh_params[testnum].nid) <= 0) {
|
|
|
|
BIO_printf(bio_err, "Error setting DH key size for keygen.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (EVP_PKEY_keygen(ffdh_ctx, &pkey_A) <= 0 ||
|
|
|
|
EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) {
|
|
|
|
BIO_printf(bio_err, "FFDH key generation failure.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
EVP_PKEY_CTX_free(ffdh_ctx);
|
|
|
|
|
2021-02-22 20:20:28 +08:00
|
|
|
/*
|
|
|
|
* check if the derivation works correctly both ways so that
|
2020-01-19 02:13:02 +08:00
|
|
|
* we know if future derive calls will fail, and we can skip
|
2021-02-22 20:20:28 +08:00
|
|
|
* error checking in benchmarked code
|
|
|
|
*/
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_ctx = EVP_PKEY_CTX_new(pkey_A, NULL);
|
2021-02-18 17:48:18 +08:00
|
|
|
if (ffdh_ctx == NULL) {
|
2020-01-19 02:13:02 +08:00
|
|
|
BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (EVP_PKEY_derive_init(ffdh_ctx) <= 0) {
|
|
|
|
BIO_printf(bio_err, "FFDH derivation context init failure.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (EVP_PKEY_derive_set_peer(ffdh_ctx, pkey_B) <= 0) {
|
|
|
|
BIO_printf(bio_err, "Assigning peer key for derivation failed.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (EVP_PKEY_derive(ffdh_ctx, NULL, &secret_size) <= 0) {
|
|
|
|
BIO_printf(bio_err, "Checking size of shared secret failed.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (secret_size > MAX_FFDH_SIZE) {
|
|
|
|
BIO_printf(bio_err, "Assertion failure: shared secret too large.\n");
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (EVP_PKEY_derive(ffdh_ctx,
|
|
|
|
loopargs[i].secret_ff_a,
|
|
|
|
&secret_size) <= 0) {
|
|
|
|
BIO_printf(bio_err, "Shared secret derive failure.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/* Now check from side B */
|
|
|
|
test_ctx = EVP_PKEY_CTX_new(pkey_B, NULL);
|
|
|
|
if (!test_ctx) {
|
|
|
|
BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
2022-11-15 11:25:38 +08:00
|
|
|
if (EVP_PKEY_derive_init(test_ctx) <= 0 ||
|
|
|
|
EVP_PKEY_derive_set_peer(test_ctx, pkey_A) <= 0 ||
|
|
|
|
EVP_PKEY_derive(test_ctx, NULL, &test_out) <= 0 ||
|
|
|
|
EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) <= 0 ||
|
2020-01-19 02:13:02 +08:00
|
|
|
test_out != secret_size) {
|
|
|
|
BIO_printf(bio_err, "FFDH computation failure.\n");
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* compare the computed secrets */
|
|
|
|
if (CRYPTO_memcmp(loopargs[i].secret_ff_a,
|
|
|
|
loopargs[i].secret_ff_b, secret_size)) {
|
|
|
|
BIO_printf(bio_err, "FFDH computations don't match.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = 1;
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
loopargs[i].ffdh_ctx[testnum] = ffdh_ctx;
|
|
|
|
|
|
|
|
EVP_PKEY_free(pkey_A);
|
|
|
|
pkey_A = NULL;
|
|
|
|
EVP_PKEY_free(pkey_B);
|
|
|
|
pkey_B = NULL;
|
|
|
|
EVP_PKEY_CTX_free(test_ctx);
|
|
|
|
test_ctx = NULL;
|
|
|
|
}
|
|
|
|
if (ffdh_checks != 0) {
|
2023-04-21 15:04:57 +08:00
|
|
|
pkey_print_message("", "ffdh",
|
2020-01-19 02:13:02 +08:00
|
|
|
ffdh_params[testnum].bits, seconds.ffdh);
|
|
|
|
Time_F(START);
|
|
|
|
count =
|
|
|
|
run_benchmark(async_jobs, FFDH_derive_key_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R14:%ld:%d:%.2f\n" :
|
2020-01-19 02:13:02 +08:00
|
|
|
"%ld %u-bits FFDH ops in %.2fs\n", count,
|
|
|
|
ffdh_params[testnum].bits, d);
|
|
|
|
ffdh_results[testnum][0] = (double)count / d;
|
2020-12-02 17:49:49 +08:00
|
|
|
op_count = count;
|
2021-02-22 20:20:28 +08:00
|
|
|
}
|
2020-12-02 17:49:49 +08:00
|
|
|
if (op_count <= 1) {
|
2020-01-19 02:13:02 +08:00
|
|
|
/* if longer than 10s, don't do any more */
|
|
|
|
stop_it(ffdh_doit, testnum);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* OPENSSL_NO_DH */
|
2022-12-24 16:20:44 +08:00
|
|
|
|
|
|
|
for (testnum = 0; testnum < kems_algs_len; testnum++) {
|
|
|
|
int kem_checks = 1;
|
|
|
|
const char *kem_name = kems_algname[testnum];
|
|
|
|
|
|
|
|
if (!kems_doit[testnum] || !do_kems)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
EVP_PKEY *pkey = NULL;
|
|
|
|
EVP_PKEY_CTX *kem_gen_ctx = NULL;
|
|
|
|
EVP_PKEY_CTX *kem_encaps_ctx = NULL;
|
|
|
|
EVP_PKEY_CTX *kem_decaps_ctx = NULL;
|
|
|
|
size_t send_secret_len, out_len;
|
|
|
|
size_t rcv_secret_len;
|
|
|
|
unsigned char *out = NULL, *send_secret = NULL, *rcv_secret;
|
2023-05-08 12:32:37 +08:00
|
|
|
unsigned int bits;
|
2022-12-24 16:20:44 +08:00
|
|
|
char *name;
|
2023-05-08 12:32:37 +08:00
|
|
|
char sfx[MAX_ALGNAME_SUFFIX];
|
2022-12-24 16:20:44 +08:00
|
|
|
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
|
|
|
int use_params = 0;
|
|
|
|
enum kem_type_t { KEM_RSA = 1, KEM_EC, KEM_X25519, KEM_X448 } kem_type;
|
|
|
|
|
2023-05-08 12:32:37 +08:00
|
|
|
/* no string after rsa<bitcnt> permitted: */
|
|
|
|
if (strlen(kem_name) < MAX_ALGNAME_SUFFIX + 4 /* rsa+digit */
|
|
|
|
&& sscanf(kem_name, "rsa%u%s", &bits, sfx) == 1)
|
2022-12-24 16:20:44 +08:00
|
|
|
kem_type = KEM_RSA;
|
|
|
|
else if (strncmp(kem_name, "EC", 2) == 0)
|
|
|
|
kem_type = KEM_EC;
|
|
|
|
else if (strcmp(kem_name, "X25519") == 0)
|
|
|
|
kem_type = KEM_X25519;
|
|
|
|
else if (strcmp(kem_name, "X448") == 0)
|
|
|
|
kem_type = KEM_X448;
|
|
|
|
else kem_type = 0;
|
|
|
|
|
|
|
|
if (ERR_peek_error()) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"WARNING: the error queue contains previous unhandled errors.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (kem_type == KEM_RSA) {
|
2023-05-08 12:32:37 +08:00
|
|
|
params[0] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_RSA_BITS,
|
|
|
|
&bits);
|
2022-12-24 16:20:44 +08:00
|
|
|
use_params = 1;
|
|
|
|
} else if (kem_type == KEM_EC) {
|
|
|
|
name = (char *)(kem_name + 2);
|
|
|
|
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
|
|
|
|
name, 0);
|
|
|
|
use_params = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
kem_gen_ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(),
|
|
|
|
(kem_type == KEM_RSA) ? "RSA":
|
|
|
|
(kem_type == KEM_EC) ? "EC":
|
|
|
|
kem_name,
|
|
|
|
app_get0_propq());
|
|
|
|
|
|
|
|
if ((!kem_gen_ctx || EVP_PKEY_keygen_init(kem_gen_ctx) <= 0)
|
|
|
|
|| (use_params
|
|
|
|
&& EVP_PKEY_CTX_set_params(kem_gen_ctx, params) <= 0)) {
|
|
|
|
BIO_printf(bio_err, "Error initializing keygen ctx for %s.\n",
|
|
|
|
kem_name);
|
|
|
|
goto kem_err_break;
|
|
|
|
}
|
|
|
|
if (EVP_PKEY_keygen(kem_gen_ctx, &pkey) <= 0) {
|
|
|
|
BIO_printf(bio_err, "Error while generating KEM EVP_PKEY.\n");
|
|
|
|
goto kem_err_break;
|
|
|
|
}
|
|
|
|
/* Now prepare encaps data structs */
|
|
|
|
kem_encaps_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
|
|
|
|
pkey,
|
|
|
|
app_get0_propq());
|
|
|
|
if (kem_encaps_ctx == NULL
|
|
|
|
|| EVP_PKEY_encapsulate_init(kem_encaps_ctx, NULL) <= 0
|
|
|
|
|| (kem_type == KEM_RSA
|
|
|
|
&& EVP_PKEY_CTX_set_kem_op(kem_encaps_ctx, "RSASVE") <= 0)
|
|
|
|
|| ((kem_type == KEM_EC
|
|
|
|
|| kem_type == KEM_X25519
|
|
|
|
|| kem_type == KEM_X448)
|
|
|
|
&& EVP_PKEY_CTX_set_kem_op(kem_encaps_ctx, "DHKEM") <= 0)
|
|
|
|
|| EVP_PKEY_encapsulate(kem_encaps_ctx, NULL, &out_len,
|
|
|
|
NULL, &send_secret_len) <= 0) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Error while initializing encaps data structs for %s.\n",
|
|
|
|
kem_name);
|
|
|
|
goto kem_err_break;
|
|
|
|
}
|
|
|
|
out = app_malloc(out_len, "encaps result");
|
|
|
|
send_secret = app_malloc(send_secret_len, "encaps secret");
|
|
|
|
if (out == NULL || send_secret == NULL) {
|
|
|
|
BIO_printf(bio_err, "MemAlloc error in encaps for %s.\n", kem_name);
|
|
|
|
goto kem_err_break;
|
|
|
|
}
|
|
|
|
if (EVP_PKEY_encapsulate(kem_encaps_ctx, out, &out_len,
|
|
|
|
send_secret, &send_secret_len) <= 0) {
|
|
|
|
BIO_printf(bio_err, "Encaps error for %s.\n", kem_name);
|
|
|
|
goto kem_err_break;
|
|
|
|
}
|
|
|
|
/* Now prepare decaps data structs */
|
|
|
|
kem_decaps_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
|
|
|
|
pkey,
|
|
|
|
app_get0_propq());
|
|
|
|
if (kem_decaps_ctx == NULL
|
|
|
|
|| EVP_PKEY_decapsulate_init(kem_decaps_ctx, NULL) <= 0
|
|
|
|
|| (kem_type == KEM_RSA
|
|
|
|
&& EVP_PKEY_CTX_set_kem_op(kem_decaps_ctx, "RSASVE") <= 0)
|
|
|
|
|| ((kem_type == KEM_EC
|
|
|
|
|| kem_type == KEM_X25519
|
|
|
|
|| kem_type == KEM_X448)
|
|
|
|
&& EVP_PKEY_CTX_set_kem_op(kem_decaps_ctx, "DHKEM") <= 0)
|
|
|
|
|| EVP_PKEY_decapsulate(kem_decaps_ctx, NULL, &rcv_secret_len,
|
|
|
|
out, out_len) <= 0) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Error while initializing decaps data structs for %s.\n",
|
|
|
|
kem_name);
|
|
|
|
goto kem_err_break;
|
|
|
|
}
|
|
|
|
rcv_secret = app_malloc(rcv_secret_len, "KEM decaps secret");
|
|
|
|
if (rcv_secret == NULL) {
|
|
|
|
BIO_printf(bio_err, "MemAlloc failure in decaps for %s.\n",
|
|
|
|
kem_name);
|
|
|
|
goto kem_err_break;
|
|
|
|
}
|
|
|
|
if (EVP_PKEY_decapsulate(kem_decaps_ctx, rcv_secret,
|
|
|
|
&rcv_secret_len, out, out_len) <= 0
|
|
|
|
|| rcv_secret_len != send_secret_len
|
|
|
|
|| memcmp(send_secret, rcv_secret, send_secret_len)) {
|
|
|
|
BIO_printf(bio_err, "Decaps error for %s.\n", kem_name);
|
|
|
|
goto kem_err_break;
|
|
|
|
}
|
|
|
|
loopargs[i].kem_gen_ctx[testnum] = kem_gen_ctx;
|
|
|
|
loopargs[i].kem_encaps_ctx[testnum] = kem_encaps_ctx;
|
|
|
|
loopargs[i].kem_decaps_ctx[testnum] = kem_decaps_ctx;
|
|
|
|
loopargs[i].kem_out_len[testnum] = out_len;
|
|
|
|
loopargs[i].kem_secret_len[testnum] = send_secret_len;
|
|
|
|
loopargs[i].kem_out[testnum] = out;
|
|
|
|
loopargs[i].kem_send_secret[testnum] = send_secret;
|
|
|
|
loopargs[i].kem_rcv_secret[testnum] = rcv_secret;
|
2023-10-16 20:06:04 +08:00
|
|
|
EVP_PKEY_free(pkey);
|
|
|
|
pkey = NULL;
|
2023-10-16 20:07:05 +08:00
|
|
|
continue;
|
2022-12-24 16:20:44 +08:00
|
|
|
|
|
|
|
kem_err_break:
|
|
|
|
ERR_print_errors(bio_err);
|
2023-10-16 20:06:04 +08:00
|
|
|
EVP_PKEY_free(pkey);
|
2022-12-24 16:20:44 +08:00
|
|
|
op_count = 1;
|
|
|
|
kem_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (kem_checks != 0) {
|
2023-04-21 15:04:57 +08:00
|
|
|
kskey_print_message(kem_name, "keygen", seconds.kem);
|
2022-12-24 16:20:44 +08:00
|
|
|
Time_F(START);
|
|
|
|
count =
|
|
|
|
run_benchmark(async_jobs, KEM_keygen_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R15:%ld:%s:%.2f\n" :
|
2023-07-19 16:49:44 +08:00
|
|
|
"%ld %s KEM keygen ops in %.2fs\n", count,
|
2022-12-24 16:20:44 +08:00
|
|
|
kem_name, d);
|
|
|
|
kems_results[testnum][0] = (double)count / d;
|
|
|
|
op_count = count;
|
2023-04-21 15:04:57 +08:00
|
|
|
kskey_print_message(kem_name, "encaps", seconds.kem);
|
2022-12-24 16:20:44 +08:00
|
|
|
Time_F(START);
|
|
|
|
count =
|
|
|
|
run_benchmark(async_jobs, KEM_encaps_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R16:%ld:%s:%.2f\n" :
|
2023-07-19 16:49:44 +08:00
|
|
|
"%ld %s KEM encaps ops in %.2fs\n", count,
|
2022-12-24 16:20:44 +08:00
|
|
|
kem_name, d);
|
|
|
|
kems_results[testnum][1] = (double)count / d;
|
|
|
|
op_count = count;
|
2023-04-21 15:04:57 +08:00
|
|
|
kskey_print_message(kem_name, "decaps", seconds.kem);
|
2022-12-24 16:20:44 +08:00
|
|
|
Time_F(START);
|
|
|
|
count =
|
|
|
|
run_benchmark(async_jobs, KEM_decaps_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R17:%ld:%s:%.2f\n" :
|
2023-07-19 16:49:44 +08:00
|
|
|
"%ld %s KEM decaps ops in %.2fs\n", count,
|
2022-12-24 16:20:44 +08:00
|
|
|
kem_name, d);
|
|
|
|
kems_results[testnum][2] = (double)count / d;
|
|
|
|
op_count = count;
|
|
|
|
}
|
|
|
|
if (op_count <= 1) {
|
|
|
|
/* if longer than 10s, don't do any more */
|
|
|
|
stop_it(kems_doit, testnum);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for (testnum = 0; testnum < sigs_algs_len; testnum++) {
|
|
|
|
int sig_checks = 1;
|
|
|
|
const char *sig_name = sigs_algname[testnum];
|
|
|
|
|
|
|
|
if (!sigs_doit[testnum] || !do_sigs)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
|
|
|
EVP_PKEY *pkey = NULL;
|
|
|
|
EVP_PKEY_CTX *ctx_params = NULL;
|
|
|
|
EVP_PKEY* pkey_params = NULL;
|
|
|
|
EVP_PKEY_CTX *sig_gen_ctx = NULL;
|
|
|
|
EVP_PKEY_CTX *sig_sign_ctx = NULL;
|
|
|
|
EVP_PKEY_CTX *sig_verify_ctx = NULL;
|
|
|
|
unsigned char md[SHA256_DIGEST_LENGTH];
|
|
|
|
unsigned char *sig;
|
2023-05-08 12:32:37 +08:00
|
|
|
char sfx[MAX_ALGNAME_SUFFIX];
|
2022-12-24 16:20:44 +08:00
|
|
|
size_t md_len = SHA256_DIGEST_LENGTH;
|
|
|
|
size_t max_sig_len, sig_len;
|
2023-05-08 12:32:37 +08:00
|
|
|
unsigned int bits;
|
2022-12-24 16:20:44 +08:00
|
|
|
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
|
|
|
int use_params = 0;
|
|
|
|
|
|
|
|
/* only sign little data to avoid measuring digest performance */
|
|
|
|
memset(md, 0, SHA256_DIGEST_LENGTH);
|
|
|
|
|
|
|
|
if (ERR_peek_error()) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"WARNING: the error queue contains previous unhandled errors.\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
}
|
|
|
|
|
2023-05-08 12:32:37 +08:00
|
|
|
/* no string after rsa<bitcnt> permitted: */
|
|
|
|
if (strlen(sig_name) < MAX_ALGNAME_SUFFIX + 4 /* rsa+digit */
|
|
|
|
&& sscanf(sig_name, "rsa%u%s", &bits, sfx) == 1) {
|
|
|
|
params[0] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_RSA_BITS,
|
|
|
|
&bits);
|
2022-12-24 16:20:44 +08:00
|
|
|
use_params = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (strncmp(sig_name, "dsa", 3) == 0) {
|
|
|
|
ctx_params = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL);
|
|
|
|
if (ctx_params == NULL
|
|
|
|
|| EVP_PKEY_paramgen_init(ctx_params) <= 0
|
|
|
|
|| EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx_params,
|
|
|
|
atoi(sig_name + 3)) <= 0
|
|
|
|
|| EVP_PKEY_paramgen(ctx_params, &pkey_params) <= 0
|
|
|
|
|| (sig_gen_ctx = EVP_PKEY_CTX_new(pkey_params, NULL)) == NULL
|
|
|
|
|| EVP_PKEY_keygen_init(sig_gen_ctx) <= 0) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Error initializing classic keygen ctx for %s.\n",
|
|
|
|
sig_name);
|
|
|
|
goto sig_err_break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sig_gen_ctx == NULL)
|
|
|
|
sig_gen_ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(),
|
2023-05-08 12:32:37 +08:00
|
|
|
use_params == 1 ? "RSA" : sig_name,
|
2022-12-24 16:20:44 +08:00
|
|
|
app_get0_propq());
|
|
|
|
|
|
|
|
if (!sig_gen_ctx || EVP_PKEY_keygen_init(sig_gen_ctx) <= 0
|
|
|
|
|| (use_params &&
|
|
|
|
EVP_PKEY_CTX_set_params(sig_gen_ctx, params) <= 0)) {
|
|
|
|
BIO_printf(bio_err, "Error initializing keygen ctx for %s.\n",
|
|
|
|
sig_name);
|
|
|
|
goto sig_err_break;
|
|
|
|
}
|
|
|
|
if (EVP_PKEY_keygen(sig_gen_ctx, &pkey) <= 0) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Error while generating signature EVP_PKEY for %s.\n",
|
|
|
|
sig_name);
|
|
|
|
goto sig_err_break;
|
|
|
|
}
|
|
|
|
/* Now prepare signature data structs */
|
|
|
|
sig_sign_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
|
|
|
|
pkey,
|
|
|
|
app_get0_propq());
|
|
|
|
if (sig_sign_ctx == NULL
|
|
|
|
|| EVP_PKEY_sign_init(sig_sign_ctx) <= 0
|
2023-05-08 12:32:37 +08:00
|
|
|
|| (use_params == 1
|
2022-12-24 16:20:44 +08:00
|
|
|
&& (EVP_PKEY_CTX_set_rsa_padding(sig_sign_ctx,
|
|
|
|
RSA_PKCS1_PADDING) <= 0))
|
|
|
|
|| EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len,
|
|
|
|
md, md_len) <= 0) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Error while initializing signing data structs for %s.\n",
|
|
|
|
sig_name);
|
|
|
|
goto sig_err_break;
|
|
|
|
}
|
|
|
|
sig = app_malloc(sig_len = max_sig_len, "signature buffer");
|
|
|
|
if (sig == NULL) {
|
|
|
|
BIO_printf(bio_err, "MemAlloc error in sign for %s.\n", sig_name);
|
|
|
|
goto sig_err_break;
|
|
|
|
}
|
|
|
|
if (EVP_PKEY_sign(sig_sign_ctx, sig, &sig_len, md, md_len) <= 0) {
|
|
|
|
BIO_printf(bio_err, "Signing error for %s.\n", sig_name);
|
|
|
|
goto sig_err_break;
|
|
|
|
}
|
|
|
|
/* Now prepare verify data structs */
|
|
|
|
memset(md, 0, SHA256_DIGEST_LENGTH);
|
|
|
|
sig_verify_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
|
|
|
|
pkey,
|
|
|
|
app_get0_propq());
|
|
|
|
if (sig_verify_ctx == NULL
|
|
|
|
|| EVP_PKEY_verify_init(sig_verify_ctx) <= 0
|
2023-05-08 12:32:37 +08:00
|
|
|
|| (use_params == 1
|
2022-12-24 16:20:44 +08:00
|
|
|
&& (EVP_PKEY_CTX_set_rsa_padding(sig_verify_ctx,
|
|
|
|
RSA_PKCS1_PADDING) <= 0))) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Error while initializing verify data structs for %s.\n",
|
|
|
|
sig_name);
|
|
|
|
goto sig_err_break;
|
|
|
|
}
|
|
|
|
if (EVP_PKEY_verify(sig_verify_ctx, sig, sig_len, md, md_len) <= 0) {
|
|
|
|
BIO_printf(bio_err, "Verify error for %s.\n", sig_name);
|
|
|
|
goto sig_err_break;
|
|
|
|
}
|
|
|
|
if (EVP_PKEY_verify(sig_verify_ctx, sig, sig_len, md, md_len) <= 0) {
|
|
|
|
BIO_printf(bio_err, "Verify 2 error for %s.\n", sig_name);
|
|
|
|
goto sig_err_break;
|
|
|
|
}
|
|
|
|
loopargs[i].sig_gen_ctx[testnum] = sig_gen_ctx;
|
|
|
|
loopargs[i].sig_sign_ctx[testnum] = sig_sign_ctx;
|
|
|
|
loopargs[i].sig_verify_ctx[testnum] = sig_verify_ctx;
|
|
|
|
loopargs[i].sig_max_sig_len[testnum] = max_sig_len;
|
|
|
|
loopargs[i].sig_act_sig_len[testnum] = sig_len;
|
|
|
|
loopargs[i].sig_sig[testnum] = sig;
|
2023-10-16 20:06:04 +08:00
|
|
|
EVP_PKEY_free(pkey);
|
|
|
|
pkey = NULL;
|
2023-10-16 20:07:05 +08:00
|
|
|
continue;
|
2022-12-24 16:20:44 +08:00
|
|
|
|
|
|
|
sig_err_break:
|
|
|
|
ERR_print_errors(bio_err);
|
2023-10-16 20:06:04 +08:00
|
|
|
EVP_PKEY_free(pkey);
|
2022-12-24 16:20:44 +08:00
|
|
|
op_count = 1;
|
|
|
|
sig_checks = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sig_checks != 0) {
|
2023-04-21 15:04:57 +08:00
|
|
|
kskey_print_message(sig_name, "keygen", seconds.sig);
|
2022-12-24 16:20:44 +08:00
|
|
|
Time_F(START);
|
|
|
|
count = run_benchmark(async_jobs, SIG_keygen_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R18:%ld:%s:%.2f\n" :
|
2023-07-19 16:49:44 +08:00
|
|
|
"%ld %s signature keygen ops in %.2fs\n", count,
|
2022-12-24 16:20:44 +08:00
|
|
|
sig_name, d);
|
|
|
|
sigs_results[testnum][0] = (double)count / d;
|
|
|
|
op_count = count;
|
2023-04-21 15:04:57 +08:00
|
|
|
kskey_print_message(sig_name, "signs", seconds.sig);
|
2022-12-24 16:20:44 +08:00
|
|
|
Time_F(START);
|
|
|
|
count =
|
|
|
|
run_benchmark(async_jobs, SIG_sign_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R19:%ld:%s:%.2f\n" :
|
2023-07-19 16:49:44 +08:00
|
|
|
"%ld %s signature sign ops in %.2fs\n", count,
|
2022-12-24 16:20:44 +08:00
|
|
|
sig_name, d);
|
|
|
|
sigs_results[testnum][1] = (double)count / d;
|
|
|
|
op_count = count;
|
|
|
|
|
2023-04-21 15:04:57 +08:00
|
|
|
kskey_print_message(sig_name, "verify", seconds.sig);
|
2022-12-24 16:20:44 +08:00
|
|
|
Time_F(START);
|
|
|
|
count =
|
|
|
|
run_benchmark(async_jobs, SIG_verify_loop, loopargs);
|
|
|
|
d = Time_F(STOP);
|
|
|
|
BIO_printf(bio_err,
|
2023-06-20 19:40:41 +08:00
|
|
|
mr ? "+R20:%ld:%s:%.2f\n" :
|
2023-07-19 16:49:44 +08:00
|
|
|
"%ld %s signature verify ops in %.2fs\n", count,
|
2022-12-24 16:20:44 +08:00
|
|
|
sig_name, d);
|
|
|
|
sigs_results[testnum][2] = (double)count / d;
|
|
|
|
op_count = count;
|
|
|
|
}
|
|
|
|
if (op_count <= 1)
|
|
|
|
stop_it(sigs_doit, testnum);
|
|
|
|
}
|
|
|
|
|
2015-01-27 23:06:22 +08:00
|
|
|
#ifndef NO_FORK
|
2015-01-22 11:40:55 +08:00
|
|
|
show_res:
|
2015-01-27 23:06:22 +08:00
|
|
|
#endif
|
2015-01-22 11:40:55 +08:00
|
|
|
if (!mr) {
|
Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev
We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.
The most central change is that we now express the version number with
three macros, one for each part of the version number:
OPENSSL_VERSION_MAJOR
OPENSSL_VERSION_MINOR
OPENSSL_VERSION_PATCH
We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):
OPENSSL_VERSION_PRE_RELEASE
OPENSSL_VERSION_BUILD_METADATA
To get the library's idea of all those values, we introduce the
following functions:
unsigned int OPENSSL_version_major(void);
unsigned int OPENSSL_version_minor(void);
unsigned int OPENSSL_version_patch(void);
const char *OPENSSL_version_pre_release(void);
const char *OPENSSL_version_build_metadata(void);
Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):
OPENSSL_SHLIB_VERSION
We also provide a macro that contains the release date. This is not
part of the version number, but is extra information that we want to
be able to display:
OPENSSL_RELEASE_DATE
Finally, also provide the following convenience functions:
const char *OPENSSL_version_text(void);
const char *OPENSSL_version_text_full(void);
The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:
OPENSSL_VERSION_NUMBER
OPENSSL_VERSION_TEXT
OPENSSL_VERSION
OpenSSL_version_num()
OpenSSL_version()
Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:
OPENSSL_info()
For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-09-27 21:56:35 +08:00
|
|
|
printf("version: %s\n", OpenSSL_version(OPENSSL_FULL_VERSION_STRING));
|
2021-09-09 03:58:19 +08:00
|
|
|
printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
|
|
|
|
printf("options: %s\n", BN_options());
|
|
|
|
printf("%s\n", OpenSSL_version(OPENSSL_CFLAGS));
|
2019-08-22 20:28:23 +08:00
|
|
|
printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO));
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2002-08-09 16:43:04 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (pr_header) {
|
2021-02-22 20:20:28 +08:00
|
|
|
if (mr) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
printf("+H");
|
2021-02-22 20:20:28 +08:00
|
|
|
} else {
|
|
|
|
printf("The 'numbers' are in 1000s of bytes per second processed.\n");
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
printf("type ");
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2017-12-02 17:05:35 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++)
|
2015-12-09 15:26:38 +08:00
|
|
|
printf(mr ? ":%d" : "%7d bytes", lengths[testnum]);
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
printf("\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2002-08-09 16:43:04 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
for (k = 0; k < ALGOR_NUM; k++) {
|
2023-06-16 00:16:49 +08:00
|
|
|
const char *alg_name = names[k];
|
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (!doit[k])
|
|
|
|
continue;
|
2023-06-16 00:16:49 +08:00
|
|
|
|
|
|
|
if (k == D_EVP) {
|
|
|
|
if (evp_cipher == NULL)
|
|
|
|
alg_name = evp_md_name;
|
|
|
|
else if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
|
|
|
|
app_bail_out("failed to get name of cipher '%s'\n", evp_cipher);
|
|
|
|
}
|
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (mr)
|
2023-06-16 00:16:49 +08:00
|
|
|
printf("+F:%u:%s", k, alg_name);
|
2015-01-22 11:40:55 +08:00
|
|
|
else
|
2023-06-16 00:16:49 +08:00
|
|
|
printf("%-13s", alg_name);
|
2017-12-02 17:05:35 +08:00
|
|
|
for (testnum = 0; testnum < size_num; testnum++) {
|
2015-12-09 15:26:38 +08:00
|
|
|
if (results[k][testnum] > 10000 && !mr)
|
|
|
|
printf(" %11.2fk", results[k][testnum] / 1e3);
|
2015-01-22 11:40:55 +08:00
|
|
|
else
|
2015-12-09 15:26:38 +08:00
|
|
|
printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
printf("\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2015-12-09 15:26:38 +08:00
|
|
|
testnum = 1;
|
2015-01-22 11:40:55 +08:00
|
|
|
for (k = 0; k < RSA_NUM; k++) {
|
|
|
|
if (!rsa_doit[k])
|
|
|
|
continue;
|
2015-12-09 15:26:38 +08:00
|
|
|
if (testnum && !mr) {
|
2023-06-20 19:40:41 +08:00
|
|
|
printf("%19ssign verify encrypt decrypt sign/s verify/s encr./s decr./s\n", " ");
|
2015-12-09 15:26:38 +08:00
|
|
|
testnum = 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
if (mr)
|
2023-06-20 19:40:41 +08:00
|
|
|
printf("+F2:%u:%u:%f:%f:%f:%f\n",
|
|
|
|
k, rsa_keys[k].bits, rsa_results[k][0], rsa_results[k][1],
|
|
|
|
rsa_results[k][2], rsa_results[k][3]);
|
2015-01-22 11:40:55 +08:00
|
|
|
else
|
2023-06-20 19:40:41 +08:00
|
|
|
printf("rsa %5u bits %8.6fs %8.6fs %8.6fs %8.6fs %8.1f %8.1f %8.1f %8.1f\n",
|
2022-12-24 16:20:44 +08:00
|
|
|
rsa_keys[k].bits, 1.0 / rsa_results[k][0],
|
2023-06-20 19:40:41 +08:00
|
|
|
1.0 / rsa_results[k][1], 1.0 / rsa_results[k][2],
|
|
|
|
1.0 / rsa_results[k][3],
|
|
|
|
rsa_results[k][0], rsa_results[k][1],
|
|
|
|
rsa_results[k][2], rsa_results[k][3]);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2015-12-09 15:26:38 +08:00
|
|
|
testnum = 1;
|
2015-01-22 11:40:55 +08:00
|
|
|
for (k = 0; k < DSA_NUM; k++) {
|
|
|
|
if (!dsa_doit[k])
|
|
|
|
continue;
|
2015-12-09 15:26:38 +08:00
|
|
|
if (testnum && !mr) {
|
2015-01-22 11:40:55 +08:00
|
|
|
printf("%18ssign verify sign/s verify/s\n", " ");
|
2015-12-09 15:26:38 +08:00
|
|
|
testnum = 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
if (mr)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
printf("+F3:%u:%u:%f:%f\n",
|
|
|
|
k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
|
2015-01-22 11:40:55 +08:00
|
|
|
else
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
|
2016-08-02 16:22:27 +08:00
|
|
|
dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
|
|
|
|
dsa_results[k][0], dsa_results[k][1]);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2015-12-09 15:26:38 +08:00
|
|
|
testnum = 1;
|
2018-04-30 07:13:58 +08:00
|
|
|
for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
|
2015-01-22 11:40:55 +08:00
|
|
|
if (!ecdsa_doit[k])
|
|
|
|
continue;
|
2015-12-09 15:26:38 +08:00
|
|
|
if (testnum && !mr) {
|
2015-01-22 11:40:55 +08:00
|
|
|
printf("%30ssign verify sign/s verify/s\n", " ");
|
2015-12-09 15:26:38 +08:00
|
|
|
testnum = 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
if (mr)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
printf("+F4:%u:%u:%f:%f\n",
|
2019-10-16 05:33:02 +08:00
|
|
|
k, ec_curves[k].bits,
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
ecdsa_results[k][0], ecdsa_results[k][1]);
|
2015-01-22 11:40:55 +08:00
|
|
|
else
|
2016-11-29 06:36:50 +08:00
|
|
|
printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
|
2019-10-16 05:33:02 +08:00
|
|
|
ec_curves[k].bits, ec_curves[k].name,
|
2016-08-02 16:38:45 +08:00
|
|
|
1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
|
|
|
|
ecdsa_results[k][0], ecdsa_results[k][1]);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
|
2015-12-09 15:26:38 +08:00
|
|
|
testnum = 1;
|
2015-01-22 11:40:55 +08:00
|
|
|
for (k = 0; k < EC_NUM; k++) {
|
|
|
|
if (!ecdh_doit[k])
|
|
|
|
continue;
|
2015-12-09 15:26:38 +08:00
|
|
|
if (testnum && !mr) {
|
2015-01-22 11:40:55 +08:00
|
|
|
printf("%30sop op/s\n", " ");
|
2015-12-09 15:26:38 +08:00
|
|
|
testnum = 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
if (mr)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
printf("+F5:%u:%u:%f:%f\n",
|
2019-10-16 05:33:02 +08:00
|
|
|
k, ec_curves[k].bits,
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
else
|
2016-11-29 06:36:50 +08:00
|
|
|
printf("%4u bits ecdh (%s) %8.4fs %8.1f\n",
|
2019-10-16 05:33:02 +08:00
|
|
|
ec_curves[k].bits, ec_curves[k].name,
|
2016-08-02 16:41:30 +08:00
|
|
|
1.0 / ecdh_results[k][0], ecdh_results[k][0]);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2018-09-07 14:39:19 +08:00
|
|
|
|
2023-04-17 16:20:31 +08:00
|
|
|
#ifndef OPENSSL_NO_ECX
|
2018-09-07 14:39:19 +08:00
|
|
|
testnum = 1;
|
|
|
|
for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) {
|
|
|
|
if (!eddsa_doit[k])
|
|
|
|
continue;
|
|
|
|
if (testnum && !mr) {
|
|
|
|
printf("%30ssign verify sign/s verify/s\n", " ");
|
|
|
|
testnum = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (mr)
|
|
|
|
printf("+F6:%u:%u:%s:%f:%f\n",
|
2019-10-16 05:33:02 +08:00
|
|
|
k, ed_curves[k].bits, ed_curves[k].name,
|
2018-09-07 14:39:19 +08:00
|
|
|
eddsa_results[k][0], eddsa_results[k][1]);
|
|
|
|
else
|
|
|
|
printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
|
2019-10-16 05:33:02 +08:00
|
|
|
ed_curves[k].bits, ed_curves[k].name,
|
2018-09-07 14:39:19 +08:00
|
|
|
1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1],
|
|
|
|
eddsa_results[k][0], eddsa_results[k][1]);
|
|
|
|
}
|
2023-04-17 16:20:31 +08:00
|
|
|
#endif /* OPENSSL_NO_ECX */
|
2019-09-29 22:25:10 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2019-09-29 22:25:10 +08:00
|
|
|
testnum = 1;
|
|
|
|
for (k = 0; k < OSSL_NELEM(sm2_doit); k++) {
|
|
|
|
if (!sm2_doit[k])
|
|
|
|
continue;
|
|
|
|
if (testnum && !mr) {
|
|
|
|
printf("%30ssign verify sign/s verify/s\n", " ");
|
|
|
|
testnum = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (mr)
|
2020-04-16 22:34:24 +08:00
|
|
|
printf("+F7:%u:%u:%s:%f:%f\n",
|
2019-10-16 05:33:02 +08:00
|
|
|
k, sm2_curves[k].bits, sm2_curves[k].name,
|
2019-09-29 22:25:10 +08:00
|
|
|
sm2_results[k][0], sm2_results[k][1]);
|
|
|
|
else
|
|
|
|
printf("%4u bits SM2 (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
|
2019-10-16 05:33:02 +08:00
|
|
|
sm2_curves[k].bits, sm2_curves[k].name,
|
2019-09-29 22:25:10 +08:00
|
|
|
1.0 / sm2_results[k][0], 1.0 / sm2_results[k][1],
|
|
|
|
sm2_results[k][0], sm2_results[k][1]);
|
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif
|
2020-01-19 02:13:02 +08:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
testnum = 1;
|
|
|
|
for (k = 0; k < FFDH_NUM; k++) {
|
|
|
|
if (!ffdh_doit[k])
|
|
|
|
continue;
|
|
|
|
if (testnum && !mr) {
|
|
|
|
printf("%23sop op/s\n", " ");
|
|
|
|
testnum = 0;
|
|
|
|
}
|
|
|
|
if (mr)
|
|
|
|
printf("+F8:%u:%u:%f:%f\n",
|
|
|
|
k, ffdh_params[k].bits,
|
|
|
|
ffdh_results[k][0], 1.0 / ffdh_results[k][0]);
|
|
|
|
|
|
|
|
else
|
|
|
|
printf("%4u bits ffdh %8.4fs %8.1f\n",
|
|
|
|
ffdh_params[k].bits,
|
|
|
|
1.0 / ffdh_results[k][0], ffdh_results[k][0]);
|
|
|
|
}
|
|
|
|
#endif /* OPENSSL_NO_DH */
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-12-24 16:20:44 +08:00
|
|
|
testnum = 1;
|
|
|
|
for (k = 0; k < kems_algs_len; k++) {
|
|
|
|
const char *kem_name = kems_algname[k];
|
|
|
|
|
|
|
|
if (!kems_doit[k] || !do_kems)
|
|
|
|
continue;
|
|
|
|
if (testnum && !mr) {
|
|
|
|
printf("%31skeygen encaps decaps keygens/s encaps/s decaps/s\n", " ");
|
|
|
|
testnum = 0;
|
|
|
|
}
|
|
|
|
if (mr)
|
|
|
|
printf("+F9:%u:%f:%f:%f\n",
|
|
|
|
k, kems_results[k][0], kems_results[k][1],
|
|
|
|
kems_results[k][2]);
|
|
|
|
else
|
|
|
|
printf("%27s %8.6fs %8.6fs %8.6fs %9.1f %9.1f %9.1f\n", kem_name,
|
|
|
|
1.0 / kems_results[k][0],
|
|
|
|
1.0 / kems_results[k][1], 1.0 / kems_results[k][2],
|
|
|
|
kems_results[k][0], kems_results[k][1], kems_results[k][2]);
|
|
|
|
}
|
|
|
|
ret = 0;
|
|
|
|
|
|
|
|
testnum = 1;
|
|
|
|
for (k = 0; k < sigs_algs_len; k++) {
|
|
|
|
const char *sig_name = sigs_algname[k];
|
|
|
|
|
|
|
|
if (!sigs_doit[k] || !do_sigs)
|
|
|
|
continue;
|
|
|
|
if (testnum && !mr) {
|
|
|
|
printf("%31skeygen signs verify keygens/s sign/s verify/s\n", " ");
|
|
|
|
testnum = 0;
|
|
|
|
}
|
|
|
|
if (mr)
|
|
|
|
printf("+F10:%u:%f:%f:%f\n",
|
|
|
|
k, sigs_results[k][0], sigs_results[k][1],
|
|
|
|
sigs_results[k][2]);
|
|
|
|
else
|
|
|
|
printf("%27s %8.6fs %8.6fs %8.6fs %9.1f %9.1f %9.1f\n", sig_name,
|
|
|
|
1.0 / sigs_results[k][0], 1.0 / sigs_results[k][1],
|
|
|
|
1.0 / sigs_results[k][2], sigs_results[k][0],
|
|
|
|
sigs_results[k][1], sigs_results[k][2]);
|
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
ret = 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
end:
|
|
|
|
ERR_print_errors(bio_err);
|
2016-02-18 18:56:53 +08:00
|
|
|
for (i = 0; i < loopargs_len; i++) {
|
2016-02-27 14:14:49 +08:00
|
|
|
OPENSSL_free(loopargs[i].buf_malloc);
|
|
|
|
OPENSSL_free(loopargs[i].buf2_malloc);
|
2016-07-29 19:22:42 +08:00
|
|
|
|
2021-02-18 17:48:18 +08:00
|
|
|
BN_free(bn);
|
|
|
|
EVP_PKEY_CTX_free(genctx);
|
|
|
|
for (k = 0; k < RSA_NUM; k++) {
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].rsa_sign_ctx[k]);
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].rsa_verify_ctx[k]);
|
2023-10-16 20:06:04 +08:00
|
|
|
EVP_PKEY_CTX_free(loopargs[i].rsa_encrypt_ctx[k]);
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].rsa_decrypt_ctx[k]);
|
2021-02-18 17:48:18 +08:00
|
|
|
}
|
2020-01-19 02:13:02 +08:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
OPENSSL_free(loopargs[i].secret_ff_a);
|
|
|
|
OPENSSL_free(loopargs[i].secret_ff_b);
|
2021-02-22 20:20:28 +08:00
|
|
|
for (k = 0; k < FFDH_NUM; k++)
|
2020-01-19 02:13:02 +08:00
|
|
|
EVP_PKEY_CTX_free(loopargs[i].ffdh_ctx[k]);
|
|
|
|
#endif
|
2021-02-18 17:48:18 +08:00
|
|
|
for (k = 0; k < DSA_NUM; k++) {
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].dsa_sign_ctx[k]);
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].dsa_verify_ctx[k]);
|
|
|
|
}
|
|
|
|
for (k = 0; k < ECDSA_NUM; k++) {
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].ecdsa_sign_ctx[k]);
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].ecdsa_verify_ctx[k]);
|
|
|
|
}
|
2018-04-30 07:13:58 +08:00
|
|
|
for (k = 0; k < EC_NUM; k++)
|
2016-10-04 01:28:32 +08:00
|
|
|
EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
|
2023-04-17 16:20:31 +08:00
|
|
|
#ifndef OPENSSL_NO_ECX
|
2020-06-06 23:21:15 +08:00
|
|
|
for (k = 0; k < EdDSA_NUM; k++) {
|
2018-09-07 14:39:19 +08:00
|
|
|
EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]);
|
2020-06-06 23:21:15 +08:00
|
|
|
EVP_MD_CTX_free(loopargs[i].eddsa_ctx2[k]);
|
2021-02-22 20:20:28 +08:00
|
|
|
}
|
2023-04-17 16:20:31 +08:00
|
|
|
#endif /* OPENSSL_NO_ECX */
|
2021-02-18 17:48:18 +08:00
|
|
|
#ifndef OPENSSL_NO_SM2
|
2019-09-29 22:25:10 +08:00
|
|
|
for (k = 0; k < SM2_NUM; k++) {
|
|
|
|
EVP_PKEY_CTX *pctx = NULL;
|
|
|
|
|
|
|
|
/* free signing ctx */
|
|
|
|
if (loopargs[i].sm2_ctx[k] != NULL
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
&& (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL)
|
2019-09-29 22:25:10 +08:00
|
|
|
EVP_PKEY_CTX_free(pctx);
|
|
|
|
EVP_MD_CTX_free(loopargs[i].sm2_ctx[k]);
|
|
|
|
/* free verification ctx */
|
|
|
|
if (loopargs[i].sm2_vfy_ctx[k] != NULL
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
&& (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL)
|
2019-09-29 22:25:10 +08:00
|
|
|
EVP_PKEY_CTX_free(pctx);
|
|
|
|
EVP_MD_CTX_free(loopargs[i].sm2_vfy_ctx[k]);
|
|
|
|
/* free pkey */
|
|
|
|
EVP_PKEY_free(loopargs[i].sm2_pkey[k]);
|
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
#endif
|
2022-12-24 16:20:44 +08:00
|
|
|
for (k = 0; k < kems_algs_len; k++) {
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].kem_gen_ctx[k]);
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].kem_encaps_ctx[k]);
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].kem_decaps_ctx[k]);
|
|
|
|
OPENSSL_free(loopargs[i].kem_out[k]);
|
|
|
|
OPENSSL_free(loopargs[i].kem_send_secret[k]);
|
|
|
|
OPENSSL_free(loopargs[i].kem_rcv_secret[k]);
|
|
|
|
}
|
|
|
|
for (k = 0; k < sigs_algs_len; k++) {
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].sig_gen_ctx[k]);
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].sig_sign_ctx[k]);
|
|
|
|
EVP_PKEY_CTX_free(loopargs[i].sig_verify_ctx[k]);
|
|
|
|
OPENSSL_free(loopargs[i].sig_sig[k]);
|
|
|
|
}
|
2016-02-27 14:14:49 +08:00
|
|
|
OPENSSL_free(loopargs[i].secret_a);
|
|
|
|
OPENSSL_free(loopargs[i].secret_b);
|
2016-07-29 19:22:42 +08:00
|
|
|
}
|
2018-08-14 12:04:47 +08:00
|
|
|
OPENSSL_free(evp_hmac_name);
|
2019-04-11 04:44:41 +08:00
|
|
|
OPENSSL_free(evp_cmac_name);
|
2022-12-24 16:20:44 +08:00
|
|
|
for (k = 0; k < kems_algs_len; k++)
|
|
|
|
OPENSSL_free(kems_algname[k]);
|
2023-07-19 20:59:16 +08:00
|
|
|
if (kem_stack != NULL)
|
|
|
|
sk_EVP_KEM_pop_free(kem_stack, EVP_KEM_free);
|
2022-12-24 16:20:44 +08:00
|
|
|
for (k = 0; k < sigs_algs_len; k++)
|
|
|
|
OPENSSL_free(sigs_algname[k]);
|
2023-07-19 20:59:16 +08:00
|
|
|
if (sig_stack != NULL)
|
|
|
|
sk_EVP_SIGNATURE_pop_free(sig_stack, EVP_SIGNATURE_free);
|
2016-07-29 19:22:42 +08:00
|
|
|
|
2016-02-29 19:28:55 +08:00
|
|
|
if (async_jobs > 0) {
|
|
|
|
for (i = 0; i < loopargs_len; i++)
|
|
|
|
ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
|
2016-05-17 23:40:14 +08:00
|
|
|
}
|
2016-02-29 19:28:55 +08:00
|
|
|
|
2016-05-17 23:40:14 +08:00
|
|
|
if (async_init) {
|
2015-12-09 15:26:38 +08:00
|
|
|
ASYNC_cleanup_thread();
|
2016-02-29 19:28:55 +08:00
|
|
|
}
|
|
|
|
OPENSSL_free(loopargs);
|
2016-09-29 05:39:18 +08:00
|
|
|
release_engine(e);
|
2021-04-26 18:08:27 +08:00
|
|
|
EVP_CIPHER_free(evp_cipher);
|
2021-06-10 10:05:28 +08:00
|
|
|
EVP_MAC_free(mac);
|
2022-06-21 14:55:55 +08:00
|
|
|
NCONF_free(conf);
|
2017-10-17 22:04:09 +08:00
|
|
|
return ret;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2023-04-21 15:04:57 +08:00
|
|
|
static void print_message(const char *s, int length, int tm)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
mr ? "+DT:%s:%d:%d\n"
|
2023-07-19 16:49:44 +08:00
|
|
|
: "Doing %s ops for %ds on %d size blocks: ", s, tm, length);
|
2015-01-22 11:40:55 +08:00
|
|
|
(void)BIO_flush(bio_err);
|
2019-12-23 02:40:03 +08:00
|
|
|
run = 1;
|
2017-12-02 17:05:35 +08:00
|
|
|
alarm(tm);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2023-04-21 15:04:57 +08:00
|
|
|
static void pkey_print_message(const char *str, const char *str2, unsigned int bits,
|
|
|
|
int tm)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
mr ? "+DTP:%d:%s:%s:%d\n"
|
2023-07-19 16:49:44 +08:00
|
|
|
: "Doing %u bits %s %s ops for %ds: ", bits, str, str2, tm);
|
2015-01-22 11:40:55 +08:00
|
|
|
(void)BIO_flush(bio_err);
|
2019-12-27 11:36:36 +08:00
|
|
|
run = 1;
|
2015-01-22 11:40:55 +08:00
|
|
|
alarm(tm);
|
|
|
|
}
|
1998-12-21 18:56:39 +08:00
|
|
|
|
2023-04-21 15:04:57 +08:00
|
|
|
static void kskey_print_message(const char *str, const char *str2, int tm)
|
2022-12-24 16:20:44 +08:00
|
|
|
{
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
mr ? "+DTP:%s:%s:%d\n"
|
2023-07-19 16:49:44 +08:00
|
|
|
: "Doing %s %s ops for %ds: ", str, str2, tm);
|
2022-12-24 16:20:44 +08:00
|
|
|
(void)BIO_flush(bio_err);
|
|
|
|
run = 1;
|
|
|
|
alarm(tm);
|
|
|
|
}
|
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
static void print_result(int alg, int run_no, int count, double time_used)
|
|
|
|
{
|
2016-06-18 22:46:13 +08:00
|
|
|
if (count == -1) {
|
2019-10-19 22:38:21 +08:00
|
|
|
BIO_printf(bio_err, "%s error!\n", names[alg]);
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
return;
|
2016-06-18 22:46:13 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(bio_err,
|
|
|
|
mr ? "+R:%d:%s:%f\n"
|
2023-07-19 16:49:44 +08:00
|
|
|
: "%d %s ops in %.2fs\n", count, names[alg], time_used);
|
2015-01-22 11:40:55 +08:00
|
|
|
results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
|
|
|
|
}
|
2001-10-25 22:27:17 +08:00
|
|
|
|
2015-01-27 23:06:22 +08:00
|
|
|
#ifndef NO_FORK
|
2001-10-25 22:27:17 +08:00
|
|
|
static char *sstrsep(char **string, const char *delim)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2001-10-25 22:27:17 +08:00
|
|
|
char isdelim[256];
|
|
|
|
char *token = *string;
|
|
|
|
|
2017-12-08 02:39:34 +08:00
|
|
|
memset(isdelim, 0, sizeof(isdelim));
|
2001-10-25 22:27:17 +08:00
|
|
|
isdelim[0] = 1;
|
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
while (*delim) {
|
2001-10-25 22:27:17 +08:00
|
|
|
isdelim[(unsigned char)(*delim)] = 1;
|
|
|
|
delim++;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2001-10-25 22:27:17 +08:00
|
|
|
|
2021-02-22 20:20:28 +08:00
|
|
|
while (!isdelim[(unsigned char)(**string)])
|
2001-10-25 22:27:17 +08:00
|
|
|
(*string)++;
|
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (**string) {
|
2001-10-25 22:27:17 +08:00
|
|
|
**string = 0;
|
|
|
|
(*string)++;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2001-10-25 22:27:17 +08:00
|
|
|
|
|
|
|
return token;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2001-10-25 22:27:17 +08:00
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
static int strtoint(const char *str, const int min_val, const int upper_val,
|
|
|
|
int *res)
|
|
|
|
{
|
|
|
|
char *end = NULL;
|
|
|
|
long int val = 0;
|
|
|
|
|
|
|
|
errno = 0;
|
|
|
|
val = strtol(str, &end, 10);
|
|
|
|
if (errno == 0 && end != str && *end == 0
|
|
|
|
&& min_val <= val && val < upper_val) {
|
|
|
|
*res = (int)val;
|
|
|
|
return 1;
|
|
|
|
} else {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-12-02 17:05:35 +08:00
|
|
|
static int do_multi(int multi, int size_num)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
int n;
|
|
|
|
int fd[2];
|
|
|
|
int *fds;
|
2022-08-29 22:54:02 +08:00
|
|
|
int status;
|
2015-01-22 11:40:55 +08:00
|
|
|
static char sep[] = ":";
|
|
|
|
|
2018-05-21 22:28:16 +08:00
|
|
|
fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
|
2015-01-22 11:40:55 +08:00
|
|
|
for (n = 0; n < multi; ++n) {
|
|
|
|
if (pipe(fd) == -1) {
|
2015-06-05 02:26:55 +08:00
|
|
|
BIO_printf(bio_err, "pipe failure\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
fflush(stdout);
|
2015-06-05 02:26:55 +08:00
|
|
|
(void)BIO_flush(bio_err);
|
2015-01-22 11:40:55 +08:00
|
|
|
if (fork()) {
|
|
|
|
close(fd[1]);
|
|
|
|
fds[n] = fd[0];
|
|
|
|
} else {
|
|
|
|
close(fd[0]);
|
|
|
|
close(1);
|
|
|
|
if (dup(fd[1]) == -1) {
|
2015-06-05 02:26:55 +08:00
|
|
|
BIO_printf(bio_err, "dup failed\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
close(fd[1]);
|
|
|
|
mr = 1;
|
|
|
|
usertime = 0;
|
2019-07-14 15:53:17 +08:00
|
|
|
OPENSSL_free(fds);
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
printf("Forked child %d\n", n);
|
|
|
|
}
|
2002-08-09 16:43:04 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
/* for now, assume the pipe is long enough to take all the output */
|
|
|
|
for (n = 0; n < multi; ++n) {
|
|
|
|
FILE *f;
|
|
|
|
char buf[1024];
|
|
|
|
char *p;
|
2022-09-19 12:41:58 +08:00
|
|
|
char *tk;
|
|
|
|
int k;
|
|
|
|
double d;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-11-11 01:36:44 +08:00
|
|
|
if ((f = fdopen(fds[n], "r")) == NULL) {
|
|
|
|
BIO_printf(bio_err, "fdopen failure with 0x%x\n",
|
|
|
|
errno);
|
2022-12-14 06:21:39 +08:00
|
|
|
OPENSSL_free(fds);
|
2022-11-11 01:36:44 +08:00
|
|
|
return 1;
|
|
|
|
}
|
2017-12-08 02:39:34 +08:00
|
|
|
while (fgets(buf, sizeof(buf), f)) {
|
2015-01-22 11:40:55 +08:00
|
|
|
p = strchr(buf, '\n');
|
|
|
|
if (p)
|
|
|
|
*p = '\0';
|
|
|
|
if (buf[0] != '+') {
|
2016-10-04 14:20:49 +08:00
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Don't understand line '%s' from child %d\n", buf,
|
|
|
|
n);
|
2015-01-22 11:40:55 +08:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
printf("Got: %s from %d\n", buf, n);
|
2021-06-21 14:55:50 +08:00
|
|
|
p = buf;
|
|
|
|
if (CHECK_AND_SKIP_PREFIX(p, "+F:")) {
|
2015-01-22 11:40:55 +08:00
|
|
|
int alg;
|
|
|
|
int j;
|
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
if (strtoint(sstrsep(&p, sep), 0, ALGOR_NUM, &alg)) {
|
|
|
|
sstrsep(&p, sep);
|
|
|
|
for (j = 0; j < size_num; ++j)
|
|
|
|
results[alg][j] += atof(sstrsep(&p, sep));
|
|
|
|
}
|
2021-06-21 14:55:50 +08:00
|
|
|
} else if (CHECK_AND_SKIP_PREFIX(p, "+F2:")) {
|
2022-09-19 12:41:58 +08:00
|
|
|
tk = sstrsep(&p, sep);
|
|
|
|
if (strtoint(tk, 0, OSSL_NELEM(rsa_results), &k)) {
|
|
|
|
sstrsep(&p, sep);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
rsa_results[k][0] += d;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
rsa_results[k][1] += d;
|
2023-06-20 19:40:41 +08:00
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
rsa_results[k][2] += d;
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
rsa_results[k][3] += d;
|
2022-09-19 12:41:58 +08:00
|
|
|
}
|
2021-06-21 14:55:50 +08:00
|
|
|
} else if (CHECK_AND_SKIP_PREFIX(p, "+F3:")) {
|
2022-09-19 12:41:58 +08:00
|
|
|
tk = sstrsep(&p, sep);
|
|
|
|
if (strtoint(tk, 0, OSSL_NELEM(dsa_results), &k)) {
|
|
|
|
sstrsep(&p, sep);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
dsa_results[k][0] += d;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
dsa_results[k][1] += d;
|
|
|
|
}
|
2021-06-21 14:55:50 +08:00
|
|
|
} else if (CHECK_AND_SKIP_PREFIX(p, "+F4:")) {
|
2022-09-19 12:41:58 +08:00
|
|
|
tk = sstrsep(&p, sep);
|
|
|
|
if (strtoint(tk, 0, OSSL_NELEM(ecdsa_results), &k)) {
|
|
|
|
sstrsep(&p, sep);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
ecdsa_results[k][0] += d;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
ecdsa_results[k][1] += d;
|
|
|
|
}
|
2021-06-21 14:55:50 +08:00
|
|
|
} else if (CHECK_AND_SKIP_PREFIX(p, "+F5:")) {
|
2022-09-19 12:41:58 +08:00
|
|
|
tk = sstrsep(&p, sep);
|
|
|
|
if (strtoint(tk, 0, OSSL_NELEM(ecdh_results), &k)) {
|
|
|
|
sstrsep(&p, sep);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
ecdh_results[k][0] += d;
|
|
|
|
}
|
2023-04-17 16:20:31 +08:00
|
|
|
# ifndef OPENSSL_NO_ECX
|
2021-06-21 14:55:50 +08:00
|
|
|
} else if (CHECK_AND_SKIP_PREFIX(p, "+F6:")) {
|
2022-09-19 12:41:58 +08:00
|
|
|
tk = sstrsep(&p, sep);
|
|
|
|
if (strtoint(tk, 0, OSSL_NELEM(eddsa_results), &k)) {
|
|
|
|
sstrsep(&p, sep);
|
|
|
|
sstrsep(&p, sep);
|
2018-09-07 14:39:19 +08:00
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
eddsa_results[k][0] += d;
|
2018-09-07 14:39:19 +08:00
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
eddsa_results[k][1] += d;
|
|
|
|
}
|
2023-04-17 16:20:31 +08:00
|
|
|
# endif /* OPENSSL_NO_ECX */
|
2021-02-18 17:48:18 +08:00
|
|
|
# ifndef OPENSSL_NO_SM2
|
2021-06-21 14:55:50 +08:00
|
|
|
} else if (CHECK_AND_SKIP_PREFIX(p, "+F7:")) {
|
2022-09-19 12:41:58 +08:00
|
|
|
tk = sstrsep(&p, sep);
|
|
|
|
if (strtoint(tk, 0, OSSL_NELEM(sm2_results), &k)) {
|
|
|
|
sstrsep(&p, sep);
|
|
|
|
sstrsep(&p, sep);
|
2019-09-29 22:25:10 +08:00
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
sm2_results[k][0] += d;
|
2019-09-29 22:25:10 +08:00
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
sm2_results[k][1] += d;
|
|
|
|
}
|
2021-02-18 17:48:18 +08:00
|
|
|
# endif /* OPENSSL_NO_SM2 */
|
2020-01-19 02:13:02 +08:00
|
|
|
# ifndef OPENSSL_NO_DH
|
2021-06-21 14:55:50 +08:00
|
|
|
} else if (CHECK_AND_SKIP_PREFIX(p, "+F8:")) {
|
2022-09-19 12:41:58 +08:00
|
|
|
tk = sstrsep(&p, sep);
|
|
|
|
if (strtoint(tk, 0, OSSL_NELEM(ffdh_results), &k)) {
|
|
|
|
sstrsep(&p, sep);
|
2020-01-19 02:13:02 +08:00
|
|
|
|
2022-09-19 12:41:58 +08:00
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
ffdh_results[k][0] += d;
|
|
|
|
}
|
2020-01-19 02:13:02 +08:00
|
|
|
# endif /* OPENSSL_NO_DH */
|
2022-12-24 16:20:44 +08:00
|
|
|
} else if (CHECK_AND_SKIP_PREFIX(p, "+F9:")) {
|
|
|
|
tk = sstrsep(&p, sep);
|
|
|
|
if (strtoint(tk, 0, OSSL_NELEM(kems_results), &k)) {
|
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
kems_results[k][0] += d;
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
kems_results[k][1] += d;
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
kems_results[k][2] += d;
|
|
|
|
}
|
|
|
|
} else if (CHECK_AND_SKIP_PREFIX(p, "+F10:")) {
|
|
|
|
tk = sstrsep(&p, sep);
|
|
|
|
if (strtoint(tk, 0, OSSL_NELEM(sigs_results), &k)) {
|
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
sigs_results[k][0] += d;
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
sigs_results[k][1] += d;
|
|
|
|
|
|
|
|
d = atof(sstrsep(&p, sep));
|
|
|
|
sigs_results[k][2] += d;
|
|
|
|
}
|
2022-01-17 13:49:58 +08:00
|
|
|
} else if (!HAS_PREFIX(buf, "+H:")) {
|
2016-10-04 14:20:49 +08:00
|
|
|
BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
|
|
|
|
n);
|
2021-02-22 20:20:28 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
fclose(f);
|
|
|
|
}
|
2019-07-14 15:53:17 +08:00
|
|
|
OPENSSL_free(fds);
|
2022-08-29 22:54:02 +08:00
|
|
|
for (n = 0; n < multi; ++n) {
|
|
|
|
while (wait(&status) == -1)
|
|
|
|
if (errno != EINTR) {
|
|
|
|
BIO_printf(bio_err, "Waitng for child failed with 0x%x\n",
|
|
|
|
errno);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
if (WIFEXITED(status) && WEXITSTATUS(status)) {
|
|
|
|
BIO_printf(bio_err, "Child exited with %d\n", WEXITSTATUS(status));
|
|
|
|
} else if (WIFSIGNALED(status)) {
|
|
|
|
BIO_printf(bio_err, "Child terminated by signal %d\n",
|
|
|
|
WTERMSIG(status));
|
|
|
|
}
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
return 1;
|
|
|
|
}
|
2015-01-27 23:06:22 +08:00
|
|
|
#endif
|
2014-07-06 05:53:55 +08:00
|
|
|
|
2018-04-30 07:13:58 +08:00
|
|
|
static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
|
2018-01-12 11:37:39 +08:00
|
|
|
const openssl_speed_sec_t *seconds)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2017-12-02 17:05:35 +08:00
|
|
|
static const int mblengths_list[] =
|
2015-01-22 11:40:55 +08:00
|
|
|
{ 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
|
2017-12-02 17:05:35 +08:00
|
|
|
const int *mblengths = mblengths_list;
|
2021-06-25 01:23:07 +08:00
|
|
|
int j, count, keylen, num = OSSL_NELEM(mblengths_list), ciph_success = 1;
|
2015-01-22 11:40:55 +08:00
|
|
|
const char *alg_name;
|
2021-03-29 10:37:43 +08:00
|
|
|
unsigned char *inp = NULL, *out = NULL, *key, no_key[32], no_iv[16];
|
|
|
|
EVP_CIPHER_CTX *ctx = NULL;
|
2015-01-22 11:40:55 +08:00
|
|
|
double d = 0.0;
|
|
|
|
|
2017-12-02 17:05:35 +08:00
|
|
|
if (lengths_single) {
|
|
|
|
mblengths = &lengths_single;
|
|
|
|
num = 1;
|
|
|
|
}
|
|
|
|
|
2015-05-01 05:48:31 +08:00
|
|
|
inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
|
|
|
|
out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
|
2021-03-19 07:11:02 +08:00
|
|
|
if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
|
|
|
|
app_bail_out("failed to allocate cipher context\n");
|
|
|
|
if (!EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv))
|
|
|
|
app_bail_out("failed to initialise cipher context\n");
|
2017-12-05 00:40:23 +08:00
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
if ((keylen = EVP_CIPHER_CTX_get_key_length(ctx)) < 0) {
|
2021-03-22 10:49:50 +08:00
|
|
|
BIO_printf(bio_err, "Impossible negative key length: %d\n", keylen);
|
2021-03-29 10:37:43 +08:00
|
|
|
goto err;
|
2021-03-22 10:49:50 +08:00
|
|
|
}
|
2017-12-05 00:40:23 +08:00
|
|
|
key = app_malloc(keylen, "evp_cipher key");
|
2022-05-24 22:59:41 +08:00
|
|
|
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
|
2021-03-19 07:11:02 +08:00
|
|
|
app_bail_out("failed to generate random cipher key\n");
|
|
|
|
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL))
|
|
|
|
app_bail_out("failed to set cipher key\n");
|
2017-12-05 00:40:23 +08:00
|
|
|
OPENSSL_clear_free(key, keylen);
|
|
|
|
|
2022-05-21 16:17:23 +08:00
|
|
|
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
|
|
|
|
sizeof(no_key), no_key) <= 0)
|
2021-03-19 07:11:02 +08:00
|
|
|
app_bail_out("failed to set AEAD key\n");
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
|
2021-03-19 07:11:02 +08:00
|
|
|
app_bail_out("failed to get cipher name\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
for (j = 0; j < num; j++) {
|
2023-04-21 15:04:57 +08:00
|
|
|
print_message(alg_name, mblengths[j], seconds->sym);
|
2015-01-22 11:40:55 +08:00
|
|
|
Time_F(START);
|
2022-02-05 20:39:45 +08:00
|
|
|
for (count = 0; run && count < INT_MAX; count++) {
|
2015-04-27 18:07:06 +08:00
|
|
|
unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
|
2015-01-22 11:40:55 +08:00
|
|
|
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
|
|
|
|
size_t len = mblengths[j];
|
|
|
|
int packlen;
|
|
|
|
|
|
|
|
memset(aad, 0, 8); /* avoid uninitialized values */
|
|
|
|
aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */
|
|
|
|
aad[9] = 3; /* version */
|
|
|
|
aad[10] = 2;
|
|
|
|
aad[11] = 0; /* length */
|
|
|
|
aad[12] = 0;
|
|
|
|
mb_param.out = NULL;
|
|
|
|
mb_param.inp = aad;
|
|
|
|
mb_param.len = len;
|
|
|
|
mb_param.interleave = 8;
|
|
|
|
|
2015-12-14 05:08:41 +08:00
|
|
|
packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
|
2015-01-22 11:40:55 +08:00
|
|
|
sizeof(mb_param), &mb_param);
|
|
|
|
|
|
|
|
if (packlen > 0) {
|
|
|
|
mb_param.out = out;
|
|
|
|
mb_param.inp = inp;
|
|
|
|
mb_param.len = len;
|
2021-07-05 16:30:27 +08:00
|
|
|
(void)EVP_CIPHER_CTX_ctrl(ctx,
|
|
|
|
EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
|
|
|
|
sizeof(mb_param), &mb_param);
|
2015-01-22 11:40:55 +08:00
|
|
|
} else {
|
|
|
|
int pad;
|
|
|
|
|
2023-08-10 18:56:24 +08:00
|
|
|
if (RAND_bytes(inp, 16) <= 0)
|
|
|
|
app_bail_out("error setting random bytes\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
len += 16;
|
2017-11-12 05:23:12 +08:00
|
|
|
aad[11] = (unsigned char)(len >> 8);
|
|
|
|
aad[12] = (unsigned char)(len);
|
2015-12-14 05:08:41 +08:00
|
|
|
pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
|
2015-04-27 18:07:06 +08:00
|
|
|
EVP_AEAD_TLS1_AAD_LEN, aad);
|
2021-06-25 01:23:07 +08:00
|
|
|
ciph_success = EVP_Cipher(ctx, out, inp, len + pad);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
d = Time_F(STOP);
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
|
2023-07-19 16:49:44 +08:00
|
|
|
: "%d %s ops in %.2fs\n", count, "evp", d);
|
2021-06-25 01:23:07 +08:00
|
|
|
if ((ciph_success <= 0) && (mr == 0))
|
|
|
|
BIO_printf(bio_err, "Error performing cipher op\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
results[D_EVP][j] = ((double)count) / d * mblengths[j];
|
|
|
|
}
|
|
|
|
|
|
|
|
if (mr) {
|
|
|
|
fprintf(stdout, "+H");
|
|
|
|
for (j = 0; j < num; j++)
|
|
|
|
fprintf(stdout, ":%d", mblengths[j]);
|
|
|
|
fprintf(stdout, "\n");
|
|
|
|
fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
|
|
|
|
for (j = 0; j < num; j++)
|
|
|
|
fprintf(stdout, ":%.2f", results[D_EVP][j]);
|
|
|
|
fprintf(stdout, "\n");
|
|
|
|
} else {
|
|
|
|
fprintf(stdout,
|
|
|
|
"The 'numbers' are in 1000s of bytes per second processed.\n");
|
|
|
|
fprintf(stdout, "type ");
|
|
|
|
for (j = 0; j < num; j++)
|
|
|
|
fprintf(stdout, "%7d bytes", mblengths[j]);
|
|
|
|
fprintf(stdout, "\n");
|
|
|
|
fprintf(stdout, "%-24s", alg_name);
|
|
|
|
|
|
|
|
for (j = 0; j < num; j++) {
|
|
|
|
if (results[D_EVP][j] > 10000)
|
|
|
|
fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
|
|
|
|
else
|
|
|
|
fprintf(stdout, " %11.2f ", results[D_EVP][j]);
|
|
|
|
}
|
|
|
|
fprintf(stdout, "\n");
|
|
|
|
}
|
|
|
|
|
2021-03-29 10:37:43 +08:00
|
|
|
err:
|
2015-05-01 22:02:07 +08:00
|
|
|
OPENSSL_free(inp);
|
|
|
|
OPENSSL_free(out);
|
2015-12-14 05:08:41 +08:00
|
|
|
EVP_CIPHER_CTX_free(ctx);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|