xref: /openssl/apps/speed.c (revision 8baf61d5)
1 /*
2  * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4  *
5  * Licensed under the Apache License 2.0 (the "License").  You may not use
6  * this file except in compliance with the License.  You can obtain a copy
7  * in the file LICENSE in the source distribution or at
8  * https://www.openssl.org/source/license.html
9  */
10 
11 #undef SECONDS
12 #define SECONDS          3
13 #define PKEY_SECONDS    10
14 
15 #define RSA_SECONDS     PKEY_SECONDS
16 #define DSA_SECONDS     PKEY_SECONDS
17 #define ECDSA_SECONDS   PKEY_SECONDS
18 #define ECDH_SECONDS    PKEY_SECONDS
19 #define EdDSA_SECONDS   PKEY_SECONDS
20 #define SM2_SECONDS     PKEY_SECONDS
21 #define FFDH_SECONDS    PKEY_SECONDS
22 #define KEM_SECONDS     PKEY_SECONDS
23 #define SIG_SECONDS     PKEY_SECONDS
24 
25 #define MAX_ALGNAME_SUFFIX 100
26 
27 /* We need to use some deprecated APIs */
28 #define OPENSSL_SUPPRESS_DEPRECATED
29 #include "internal/e_os.h"
30 
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <math.h>
35 #include "apps.h"
36 #include "progs.h"
37 #include "internal/nelem.h"
38 #include "internal/numbers.h"
39 #include <openssl/crypto.h>
40 #include <openssl/rand.h>
41 #include <openssl/err.h>
42 #include <openssl/evp.h>
43 #include <openssl/objects.h>
44 #include <openssl/core_names.h>
45 #include <openssl/async.h>
46 #include <openssl/provider.h>
47 #if !defined(OPENSSL_SYS_MSDOS)
48 # include <unistd.h>
49 #endif
50 
51 #if defined(_WIN32)
52 # include <windows.h>
53 /*
54  * While VirtualLock is available under the app partition (e.g. UWP),
55  * the headers do not define the API. Define it ourselves instead.
56  */
57 WINBASEAPI
58 BOOL
59 WINAPI
60 VirtualLock(
61     _In_ LPVOID lpAddress,
62     _In_ SIZE_T dwSize
63     );
64 #endif
65 
66 #if defined(OPENSSL_SYS_LINUX)
67 # include <sys/mman.h>
68 #endif
69 
70 #include <openssl/bn.h>
71 #include <openssl/rsa.h>
72 #include "./testrsa.h"
73 #ifndef OPENSSL_NO_DH
74 # include <openssl/dh.h>
75 #endif
76 #include <openssl/x509.h>
77 #include <openssl/dsa.h>
78 #include "./testdsa.h"
79 #include <openssl/modes.h>
80 
81 #ifndef HAVE_FORK
82 # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
83 #  define HAVE_FORK 0
84 # else
85 #  define HAVE_FORK 1
86 #  include <sys/wait.h>
87 # endif
88 #endif
89 
90 #if HAVE_FORK
91 # undef NO_FORK
92 #else
93 # define NO_FORK
94 #endif
95 
96 #define MAX_MISALIGNMENT 63
97 #define MAX_ECDH_SIZE   256
98 #define MISALIGN        64
99 #define MAX_FFDH_SIZE 1024
100 
101 #ifndef RSA_DEFAULT_PRIME_NUM
102 # define RSA_DEFAULT_PRIME_NUM 2
103 #endif
104 
105 typedef struct openssl_speed_sec_st {
106     int sym;
107     int rsa;
108     int dsa;
109     int ecdsa;
110     int ecdh;
111     int eddsa;
112     int sm2;
113     int ffdh;
114     int kem;
115     int sig;
116 } openssl_speed_sec_t;
117 
118 static volatile int run = 0;
119 
120 static int mr = 0;  /* machine-readeable output format to merge fork results */
121 static int usertime = 1;
122 
123 static double Time_F(int s);
124 static void print_message(const char *s, int length, int tm);
125 static void pkey_print_message(const char *str, const char *str2,
126                                unsigned int bits, int sec);
127 static void kskey_print_message(const char *str, const char *str2, int tm);
128 static void print_result(int alg, int run_no, int count, double time_used);
129 #ifndef NO_FORK
130 static int do_multi(int multi, int size_num);
131 #endif
132 
133 static int domlock = 0;
134 static int testmode = 0;
135 static int testmoderesult = 0;
136 
137 static const int lengths_list[] = {
138     16, 64, 256, 1024, 8 * 1024, 16 * 1024
139 };
140 #define SIZE_NUM         OSSL_NELEM(lengths_list)
141 static const int *lengths = lengths_list;
142 
143 static const int aead_lengths_list[] = {
144     2, 31, 136, 1024, 8 * 1024, 16 * 1024
145 };
146 
147 #define START   0
148 #define STOP    1
149 
150 #ifdef SIGALRM
151 
alarmed(ossl_unused int sig)152 static void alarmed(ossl_unused int sig)
153 {
154     signal(SIGALRM, alarmed);
155     run = 0;
156 }
157 
Time_F(int s)158 static double Time_F(int s)
159 {
160     double ret = app_tminterval(s, usertime);
161     if (s == STOP)
162         alarm(0);
163     return ret;
164 }
165 
166 #elif defined(_WIN32)
167 
168 # define SIGALRM -1
169 
170 static unsigned int lapse;
171 static volatile unsigned int schlock;
alarm_win32(unsigned int secs)172 static void alarm_win32(unsigned int secs)
173 {
174     lapse = secs * 1000;
175 }
176 
177 # define alarm alarm_win32
178 
sleepy(VOID * arg)179 static DWORD WINAPI sleepy(VOID * arg)
180 {
181     schlock = 1;
182     Sleep(lapse);
183     run = 0;
184     return 0;
185 }
186 
Time_F(int s)187 static double Time_F(int s)
188 {
189     double ret;
190     static HANDLE thr;
191 
192     if (s == START) {
193         schlock = 0;
194         thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
195         if (thr == NULL) {
196             DWORD err = GetLastError();
197             BIO_printf(bio_err, "unable to CreateThread (%lu)", err);
198             ExitProcess(err);
199         }
200         while (!schlock)
201             Sleep(0);           /* scheduler spinlock */
202         ret = app_tminterval(s, usertime);
203     } else {
204         ret = app_tminterval(s, usertime);
205         if (run)
206             TerminateThread(thr, 0);
207         CloseHandle(thr);
208     }
209 
210     return ret;
211 }
212 #else
213 # error "SIGALRM not defined and the platform is not Windows"
214 #endif
215 
216 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
217                              const openssl_speed_sec_t *seconds);
218 
opt_found(const char * name,unsigned int * result,const OPT_PAIR pairs[],unsigned int nbelem)219 static int opt_found(const char *name, unsigned int *result,
220                      const OPT_PAIR pairs[], unsigned int nbelem)
221 {
222     unsigned int idx;
223 
224     for (idx = 0; idx < nbelem; ++idx, pairs++)
225         if (strcmp(name, pairs->name) == 0) {
226             *result = pairs->retval;
227             return 1;
228         }
229     return 0;
230 }
231 #define opt_found(value, pairs, result)\
232     opt_found(value, result, pairs, OSSL_NELEM(pairs))
233 
234 typedef enum OPTION_choice {
235     OPT_COMMON,
236     OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
237     OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM,
238     OPT_CONFIG, OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC,
239     OPT_MLOCK, OPT_TESTMODE, OPT_KEM, OPT_SIG
240 } OPTION_CHOICE;
241 
242 const OPTIONS speed_options[] = {
243     {OPT_HELP_STR, 1, '-',
244      "Usage: %s [options] [algorithm...]\n"
245      "All +int options consider prefix '0' as base-8 input, "
246      "prefix '0x'/'0X' as base-16 input.\n"
247     },
248 
249     OPT_SECTION("General"),
250     {"help", OPT_HELP, '-', "Display this summary"},
251     {"mb", OPT_MB, '-',
252      "Enable (tls1>=1) multi-block mode on EVP-named cipher"},
253     {"mr", OPT_MR, '-', "Produce machine readable output"},
254 #ifndef NO_FORK
255     {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
256 #endif
257 #ifndef OPENSSL_NO_ASYNC
258     {"async_jobs", OPT_ASYNCJOBS, 'p',
259      "Enable async mode and start specified number of jobs"},
260 #endif
261 #ifndef OPENSSL_NO_ENGINE
262     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
263 #endif
264     {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
265     {"mlock", OPT_MLOCK, '-', "Lock memory for better result determinism"},
266     {"testmode", OPT_TESTMODE, '-', "Run the speed command in test mode"},
267     OPT_CONFIG_OPTION,
268 
269     OPT_SECTION("Selection"),
270     {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
271     {"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"},
272     {"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"},
273     {"decrypt", OPT_DECRYPT, '-',
274      "Time decryption instead of encryption (only EVP)"},
275     {"aead", OPT_AEAD, '-',
276      "Benchmark EVP-named AEAD cipher in TLS-like sequence"},
277     {"kem-algorithms", OPT_KEM, '-',
278      "Benchmark KEM algorithms"},
279     {"signature-algorithms", OPT_SIG, '-',
280      "Benchmark signature algorithms"},
281 
282     OPT_SECTION("Timing"),
283     {"elapsed", OPT_ELAPSED, '-',
284      "Use wall-clock time instead of CPU user time as divisor"},
285     {"seconds", OPT_SECONDS, 'p',
286      "Run benchmarks for specified amount of seconds"},
287     {"bytes", OPT_BYTES, 'p',
288      "Run [non-PKI] benchmarks on custom-sized buffer"},
289     {"misalign", OPT_MISALIGN, 'p',
290      "Use specified offset to mis-align buffers"},
291 
292     OPT_R_OPTIONS,
293     OPT_PROV_OPTIONS,
294 
295     OPT_PARAMETERS(),
296     {"algorithm", 0, 0, "Algorithm(s) to test (optional; otherwise tests all)"},
297     {NULL}
298 };
299 
300 enum {
301     D_MD2, D_MDC2, D_MD4, D_MD5, D_SHA1, D_RMD160,
302     D_SHA256, D_SHA512, D_WHIRLPOOL, D_HMAC,
303     D_CBC_DES, D_EDE3_DES, D_RC4, D_CBC_IDEA, D_CBC_SEED,
304     D_CBC_RC2, D_CBC_RC5, D_CBC_BF, D_CBC_CAST,
305     D_CBC_128_AES, D_CBC_192_AES, D_CBC_256_AES,
306     D_CBC_128_CML, D_CBC_192_CML, D_CBC_256_CML,
307     D_EVP, D_GHASH, D_RAND, D_EVP_CMAC, D_KMAC128, D_KMAC256,
308     ALGOR_NUM
309 };
310 /* name of algorithms to test. MUST BE KEEP IN SYNC with above enum ! */
311 static const char *names[ALGOR_NUM] = {
312     "md2", "mdc2", "md4", "md5", "sha1", "rmd160",
313     "sha256", "sha512", "whirlpool", "hmac(sha256)",
314     "des-cbc", "des-ede3", "rc4", "idea-cbc", "seed-cbc",
315     "rc2-cbc", "rc5-cbc", "blowfish", "cast-cbc",
316     "aes-128-cbc", "aes-192-cbc", "aes-256-cbc",
317     "camellia-128-cbc", "camellia-192-cbc", "camellia-256-cbc",
318     "evp", "ghash", "rand", "cmac", "kmac128", "kmac256"
319 };
320 
321 /* list of configured algorithm (remaining), with some few alias */
322 static const OPT_PAIR doit_choices[] = {
323     {"md2", D_MD2},
324     {"mdc2", D_MDC2},
325     {"md4", D_MD4},
326     {"md5", D_MD5},
327     {"hmac", D_HMAC},
328     {"sha1", D_SHA1},
329     {"sha256", D_SHA256},
330     {"sha512", D_SHA512},
331     {"whirlpool", D_WHIRLPOOL},
332     {"ripemd", D_RMD160},
333     {"rmd160", D_RMD160},
334     {"ripemd160", D_RMD160},
335     {"rc4", D_RC4},
336     {"des-cbc", D_CBC_DES},
337     {"des-ede3", D_EDE3_DES},
338     {"aes-128-cbc", D_CBC_128_AES},
339     {"aes-192-cbc", D_CBC_192_AES},
340     {"aes-256-cbc", D_CBC_256_AES},
341     {"camellia-128-cbc", D_CBC_128_CML},
342     {"camellia-192-cbc", D_CBC_192_CML},
343     {"camellia-256-cbc", D_CBC_256_CML},
344     {"rc2-cbc", D_CBC_RC2},
345     {"rc2", D_CBC_RC2},
346     {"rc5-cbc", D_CBC_RC5},
347     {"rc5", D_CBC_RC5},
348     {"idea-cbc", D_CBC_IDEA},
349     {"idea", D_CBC_IDEA},
350     {"seed-cbc", D_CBC_SEED},
351     {"seed", D_CBC_SEED},
352     {"bf-cbc", D_CBC_BF},
353     {"blowfish", D_CBC_BF},
354     {"bf", D_CBC_BF},
355     {"cast-cbc", D_CBC_CAST},
356     {"cast", D_CBC_CAST},
357     {"cast5", D_CBC_CAST},
358     {"ghash", D_GHASH},
359     {"rand", D_RAND},
360     {"kmac128", D_KMAC128},
361     {"kmac256", D_KMAC256},
362 };
363 
364 static double results[ALGOR_NUM][SIZE_NUM];
365 
366 #ifndef OPENSSL_NO_DSA
367 enum { R_DSA_1024, R_DSA_2048, DSA_NUM };
368 static const OPT_PAIR dsa_choices[DSA_NUM] = {
369     {"dsa1024", R_DSA_1024},
370     {"dsa2048", R_DSA_2048}
371 };
372 static double dsa_results[DSA_NUM][2];  /* 2 ops: sign then verify */
373 #endif /* OPENSSL_NO_DSA */
374 
375 enum {
376     R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680,
377     R_RSA_15360, RSA_NUM
378 };
379 static const OPT_PAIR rsa_choices[RSA_NUM] = {
380     {"rsa512", R_RSA_512},
381     {"rsa1024", R_RSA_1024},
382     {"rsa2048", R_RSA_2048},
383     {"rsa3072", R_RSA_3072},
384     {"rsa4096", R_RSA_4096},
385     {"rsa7680", R_RSA_7680},
386     {"rsa15360", R_RSA_15360}
387 };
388 
389 static double rsa_results[RSA_NUM][4];  /* 4 ops: sign, verify, encrypt, decrypt */
390 
391 #ifndef OPENSSL_NO_DH
392 enum ff_params_t {
393     R_FFDH_2048, R_FFDH_3072, R_FFDH_4096, R_FFDH_6144, R_FFDH_8192, FFDH_NUM
394 };
395 
396 static const OPT_PAIR ffdh_choices[FFDH_NUM] = {
397     {"ffdh2048", R_FFDH_2048},
398     {"ffdh3072", R_FFDH_3072},
399     {"ffdh4096", R_FFDH_4096},
400     {"ffdh6144", R_FFDH_6144},
401     {"ffdh8192", R_FFDH_8192},
402 };
403 
404 static double ffdh_results[FFDH_NUM][1];  /* 1 op: derivation */
405 #endif /* OPENSSL_NO_DH */
406 
407 enum ec_curves_t {
408     R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
409 #ifndef OPENSSL_NO_EC2M
410     R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
411     R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
412 #endif
413     R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1,
414     R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM
415 };
416 /* list of ecdsa curves */
417 static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
418     {"ecdsap160", R_EC_P160},
419     {"ecdsap192", R_EC_P192},
420     {"ecdsap224", R_EC_P224},
421     {"ecdsap256", R_EC_P256},
422     {"ecdsap384", R_EC_P384},
423     {"ecdsap521", R_EC_P521},
424 #ifndef OPENSSL_NO_EC2M
425     {"ecdsak163", R_EC_K163},
426     {"ecdsak233", R_EC_K233},
427     {"ecdsak283", R_EC_K283},
428     {"ecdsak409", R_EC_K409},
429     {"ecdsak571", R_EC_K571},
430     {"ecdsab163", R_EC_B163},
431     {"ecdsab233", R_EC_B233},
432     {"ecdsab283", R_EC_B283},
433     {"ecdsab409", R_EC_B409},
434     {"ecdsab571", R_EC_B571},
435 #endif
436     {"ecdsabrp256r1", R_EC_BRP256R1},
437     {"ecdsabrp256t1", R_EC_BRP256T1},
438     {"ecdsabrp384r1", R_EC_BRP384R1},
439     {"ecdsabrp384t1", R_EC_BRP384T1},
440     {"ecdsabrp512r1", R_EC_BRP512R1},
441     {"ecdsabrp512t1", R_EC_BRP512T1}
442 };
443 enum {
444 #ifndef OPENSSL_NO_ECX
445     R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM
446 #else
447     EC_NUM = ECDSA_NUM
448 #endif
449 };
450 /* list of ecdh curves, extension of |ecdsa_choices| list above */
451 static const OPT_PAIR ecdh_choices[EC_NUM] = {
452     {"ecdhp160", R_EC_P160},
453     {"ecdhp192", R_EC_P192},
454     {"ecdhp224", R_EC_P224},
455     {"ecdhp256", R_EC_P256},
456     {"ecdhp384", R_EC_P384},
457     {"ecdhp521", R_EC_P521},
458 #ifndef OPENSSL_NO_EC2M
459     {"ecdhk163", R_EC_K163},
460     {"ecdhk233", R_EC_K233},
461     {"ecdhk283", R_EC_K283},
462     {"ecdhk409", R_EC_K409},
463     {"ecdhk571", R_EC_K571},
464     {"ecdhb163", R_EC_B163},
465     {"ecdhb233", R_EC_B233},
466     {"ecdhb283", R_EC_B283},
467     {"ecdhb409", R_EC_B409},
468     {"ecdhb571", R_EC_B571},
469 #endif
470     {"ecdhbrp256r1", R_EC_BRP256R1},
471     {"ecdhbrp256t1", R_EC_BRP256T1},
472     {"ecdhbrp384r1", R_EC_BRP384R1},
473     {"ecdhbrp384t1", R_EC_BRP384T1},
474     {"ecdhbrp512r1", R_EC_BRP512R1},
475     {"ecdhbrp512t1", R_EC_BRP512T1},
476 #ifndef OPENSSL_NO_ECX
477     {"ecdhx25519", R_EC_X25519},
478     {"ecdhx448", R_EC_X448}
479 #endif
480 };
481 
482 static double ecdh_results[EC_NUM][1];      /* 1 op: derivation */
483 static double ecdsa_results[ECDSA_NUM][2];  /* 2 ops: sign then verify */
484 
485 #ifndef OPENSSL_NO_ECX
486 enum { R_EC_Ed25519, R_EC_Ed448, EdDSA_NUM };
487 static const OPT_PAIR eddsa_choices[EdDSA_NUM] = {
488     {"ed25519", R_EC_Ed25519},
489     {"ed448", R_EC_Ed448}
490 
491 };
492 static double eddsa_results[EdDSA_NUM][2];    /* 2 ops: sign then verify */
493 #endif /* OPENSSL_NO_ECX */
494 
495 #ifndef OPENSSL_NO_SM2
496 enum { R_EC_CURVESM2, SM2_NUM };
497 static const OPT_PAIR sm2_choices[SM2_NUM] = {
498     {"curveSM2", R_EC_CURVESM2}
499 };
500 # define SM2_ID        "TLSv1.3+GM+Cipher+Suite"
501 # define SM2_ID_LEN    sizeof("TLSv1.3+GM+Cipher+Suite") - 1
502 static double sm2_results[SM2_NUM][2];    /* 2 ops: sign then verify */
503 #endif /* OPENSSL_NO_SM2 */
504 
505 #define MAX_KEM_NUM 111
506 static size_t kems_algs_len = 0;
507 static char *kems_algname[MAX_KEM_NUM] = { NULL };
508 static double kems_results[MAX_KEM_NUM][3];  /* keygen, encaps, decaps */
509 
510 #define MAX_SIG_NUM 111
511 static size_t sigs_algs_len = 0;
512 static char *sigs_algname[MAX_SIG_NUM] = { NULL };
513 static double sigs_results[MAX_SIG_NUM][3];  /* keygen, sign, verify */
514 
515 #define COND(unused_cond) (run && count < (testmode ? 1 : INT_MAX))
516 #define COUNT(d) (count)
517 
518 #define TAG_LEN 16
519 
520 static unsigned int mode_op; /* AE Mode of operation */
521 static unsigned int aead = 0; /* AEAD flag */
522 static unsigned char aead_iv[12]; /* For AEAD modes */
523 static unsigned char aad[EVP_AEAD_TLS1_AAD_LEN] = { 0xcc };
524 static int aead_ivlen = sizeof(aead_iv);
525 
526 typedef struct loopargs_st {
527     ASYNC_JOB *inprogress_job;
528     ASYNC_WAIT_CTX *wait_ctx;
529     unsigned char *buf;
530     unsigned char *buf2;
531     unsigned char *buf_malloc;
532     unsigned char *buf2_malloc;
533     unsigned char *key;
534     unsigned char tag[TAG_LEN];
535     size_t buflen;
536     size_t sigsize;
537     size_t encsize;
538     EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM];
539     EVP_PKEY_CTX *rsa_verify_ctx[RSA_NUM];
540     EVP_PKEY_CTX *rsa_encrypt_ctx[RSA_NUM];
541     EVP_PKEY_CTX *rsa_decrypt_ctx[RSA_NUM];
542 #ifndef OPENSSL_NO_DSA
543     EVP_PKEY_CTX *dsa_sign_ctx[DSA_NUM];
544     EVP_PKEY_CTX *dsa_verify_ctx[DSA_NUM];
545 #endif
546     EVP_PKEY_CTX *ecdsa_sign_ctx[ECDSA_NUM];
547     EVP_PKEY_CTX *ecdsa_verify_ctx[ECDSA_NUM];
548     EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
549 #ifndef OPENSSL_NO_ECX
550     EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
551     EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM];
552 #endif /* OPENSSL_NO_ECX */
553 #ifndef OPENSSL_NO_SM2
554     EVP_MD_CTX *sm2_ctx[SM2_NUM];
555     EVP_MD_CTX *sm2_vfy_ctx[SM2_NUM];
556     EVP_PKEY *sm2_pkey[SM2_NUM];
557 #endif
558     unsigned char *secret_a;
559     unsigned char *secret_b;
560     size_t outlen[EC_NUM];
561 #ifndef OPENSSL_NO_DH
562     EVP_PKEY_CTX *ffdh_ctx[FFDH_NUM];
563     unsigned char *secret_ff_a;
564     unsigned char *secret_ff_b;
565 #endif
566     EVP_CIPHER_CTX *ctx;
567     EVP_MAC_CTX *mctx;
568     EVP_PKEY_CTX *kem_gen_ctx[MAX_KEM_NUM];
569     EVP_PKEY_CTX *kem_encaps_ctx[MAX_KEM_NUM];
570     EVP_PKEY_CTX *kem_decaps_ctx[MAX_KEM_NUM];
571     size_t kem_out_len[MAX_KEM_NUM];
572     size_t kem_secret_len[MAX_KEM_NUM];
573     unsigned char *kem_out[MAX_KEM_NUM];
574     unsigned char *kem_send_secret[MAX_KEM_NUM];
575     unsigned char *kem_rcv_secret[MAX_KEM_NUM];
576     EVP_PKEY_CTX *sig_gen_ctx[MAX_KEM_NUM];
577     EVP_PKEY_CTX *sig_sign_ctx[MAX_KEM_NUM];
578     EVP_PKEY_CTX *sig_verify_ctx[MAX_KEM_NUM];
579     size_t sig_max_sig_len[MAX_KEM_NUM];
580     size_t sig_act_sig_len[MAX_KEM_NUM];
581     unsigned char *sig_sig[MAX_KEM_NUM];
582 } loopargs_t;
583 static int run_benchmark(int async_jobs, int (*loop_function) (void *),
584                          loopargs_t *loopargs);
585 
586 static unsigned int testnum;
587 
588 static char *evp_mac_mdname = "sha256";
589 static char *evp_hmac_name = NULL;
590 static const char *evp_md_name = NULL;
591 static char *evp_mac_ciphername = "aes-128-cbc";
592 static char *evp_cmac_name = NULL;
593 
dofail(void)594 static void dofail(void)
595 {
596     ERR_print_errors(bio_err);
597     testmoderesult = 1;
598 }
599 
have_md(const char * name)600 static int have_md(const char *name)
601 {
602     int ret = 0;
603     EVP_MD *md = NULL;
604 
605     if (opt_md_silent(name, &md)) {
606         EVP_MD_CTX *ctx = EVP_MD_CTX_new();
607 
608         if (ctx != NULL && EVP_DigestInit(ctx, md) > 0)
609             ret = 1;
610         EVP_MD_CTX_free(ctx);
611         EVP_MD_free(md);
612     }
613     return ret;
614 }
615 
have_cipher(const char * name)616 static int have_cipher(const char *name)
617 {
618     int ret = 0;
619     EVP_CIPHER *cipher = NULL;
620 
621     if (opt_cipher_silent(name, &cipher)) {
622         EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
623 
624         if (ctx != NULL
625             && EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) > 0)
626             ret = 1;
627         EVP_CIPHER_CTX_free(ctx);
628         EVP_CIPHER_free(cipher);
629     }
630     return ret;
631 }
632 
EVP_Digest_loop(const char * mdname,ossl_unused int algindex,void * args)633 static int EVP_Digest_loop(const char *mdname, ossl_unused int algindex, void *args)
634 {
635     loopargs_t *tempargs = *(loopargs_t **) args;
636     unsigned char *buf = tempargs->buf;
637     unsigned char digest[EVP_MAX_MD_SIZE];
638     int count;
639     EVP_MD *md = NULL;
640     EVP_MD_CTX *ctx = NULL;
641 
642     if (!opt_md_silent(mdname, &md))
643         return -1;
644     if (EVP_MD_xof(md)) {
645         ctx = EVP_MD_CTX_new();
646         if (ctx == NULL) {
647             count = -1;
648             goto out;
649         }
650 
651         for (count = 0; COND(c[algindex][testnum]); count++) {
652              if (!EVP_DigestInit_ex2(ctx, md, NULL)
653                  || !EVP_DigestUpdate(ctx, buf, (size_t)lengths[testnum])
654                  || !EVP_DigestFinalXOF(ctx, digest, sizeof(digest))) {
655                 count = -1;
656                 break;
657             }
658         }
659     } else {
660         for (count = 0; COND(c[algindex][testnum]); count++) {
661             if (!EVP_Digest(buf, (size_t)lengths[testnum], digest, NULL, md,
662                             NULL)) {
663                 count = -1;
664                 break;
665             }
666         }
667     }
668 out:
669     EVP_MD_free(md);
670     EVP_MD_CTX_free(ctx);
671     return count;
672 }
673 
EVP_Digest_md_loop(void * args)674 static int EVP_Digest_md_loop(void *args)
675 {
676     return EVP_Digest_loop(evp_md_name, D_EVP, args);
677 }
678 
EVP_Digest_MD2_loop(void * args)679 static int EVP_Digest_MD2_loop(void *args)
680 {
681     return EVP_Digest_loop("md2", D_MD2, args);
682 }
683 
EVP_Digest_MDC2_loop(void * args)684 static int EVP_Digest_MDC2_loop(void *args)
685 {
686     return EVP_Digest_loop("mdc2", D_MDC2, args);
687 }
688 
EVP_Digest_MD4_loop(void * args)689 static int EVP_Digest_MD4_loop(void *args)
690 {
691     return EVP_Digest_loop("md4", D_MD4, args);
692 }
693 
MD5_loop(void * args)694 static int MD5_loop(void *args)
695 {
696     return EVP_Digest_loop("md5", D_MD5, args);
697 }
698 
mac_setup(const char * name,EVP_MAC ** mac,OSSL_PARAM params[],loopargs_t * loopargs,unsigned int loopargs_len)699 static int mac_setup(const char *name,
700                      EVP_MAC **mac, OSSL_PARAM params[],
701                      loopargs_t *loopargs, unsigned int loopargs_len)
702 {
703     unsigned int i;
704 
705     *mac = EVP_MAC_fetch(app_get0_libctx(), name, app_get0_propq());
706     if (*mac == NULL)
707         return 0;
708 
709     for (i = 0; i < loopargs_len; i++) {
710         loopargs[i].mctx = EVP_MAC_CTX_new(*mac);
711         if (loopargs[i].mctx == NULL)
712             return 0;
713 
714         if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
715             return 0;
716     }
717 
718     return 1;
719 }
720 
mac_teardown(EVP_MAC ** mac,loopargs_t * loopargs,unsigned int loopargs_len)721 static void mac_teardown(EVP_MAC **mac,
722                          loopargs_t *loopargs, unsigned int loopargs_len)
723 {
724     unsigned int i;
725 
726     for (i = 0; i < loopargs_len; i++)
727         EVP_MAC_CTX_free(loopargs[i].mctx);
728     EVP_MAC_free(*mac);
729     *mac = NULL;
730 
731     return;
732 }
733 
EVP_MAC_loop(ossl_unused int algindex,void * args)734 static int EVP_MAC_loop(ossl_unused int algindex, void *args)
735 {
736     loopargs_t *tempargs = *(loopargs_t **) args;
737     unsigned char *buf = tempargs->buf;
738     EVP_MAC_CTX *mctx = tempargs->mctx;
739     unsigned char mac[EVP_MAX_MD_SIZE];
740     int count;
741 
742     for (count = 0; COND(c[algindex][testnum]); count++) {
743         size_t outl;
744 
745         if (!EVP_MAC_init(mctx, NULL, 0, NULL)
746             || !EVP_MAC_update(mctx, buf, lengths[testnum])
747             || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
748             return -1;
749     }
750     return count;
751 }
752 
HMAC_loop(void * args)753 static int HMAC_loop(void *args)
754 {
755     return EVP_MAC_loop(D_HMAC, args);
756 }
757 
CMAC_loop(void * args)758 static int CMAC_loop(void *args)
759 {
760     return EVP_MAC_loop(D_EVP_CMAC, args);
761 }
762 
KMAC128_loop(void * args)763 static int KMAC128_loop(void *args)
764 {
765     return EVP_MAC_loop(D_KMAC128, args);
766 }
767 
KMAC256_loop(void * args)768 static int KMAC256_loop(void *args)
769 {
770     return EVP_MAC_loop(D_KMAC256, args);
771 }
772 
SHA1_loop(void * args)773 static int SHA1_loop(void *args)
774 {
775     return EVP_Digest_loop("sha1", D_SHA1, args);
776 }
777 
SHA256_loop(void * args)778 static int SHA256_loop(void *args)
779 {
780     return EVP_Digest_loop("sha256", D_SHA256, args);
781 }
782 
SHA512_loop(void * args)783 static int SHA512_loop(void *args)
784 {
785     return EVP_Digest_loop("sha512", D_SHA512, args);
786 }
787 
WHIRLPOOL_loop(void * args)788 static int WHIRLPOOL_loop(void *args)
789 {
790     return EVP_Digest_loop("whirlpool", D_WHIRLPOOL, args);
791 }
792 
EVP_Digest_RMD160_loop(void * args)793 static int EVP_Digest_RMD160_loop(void *args)
794 {
795     return EVP_Digest_loop("ripemd160", D_RMD160, args);
796 }
797 
798 static int algindex;
799 
EVP_Cipher_loop(void * args)800 static int EVP_Cipher_loop(void *args)
801 {
802     loopargs_t *tempargs = *(loopargs_t **) args;
803     unsigned char *buf = tempargs->buf;
804     int count;
805 
806     if (tempargs->ctx == NULL)
807         return -1;
808     for (count = 0; COND(c[algindex][testnum]); count++)
809         if (EVP_Cipher(tempargs->ctx, buf, buf, (size_t)lengths[testnum]) <= 0)
810             return -1;
811     return count;
812 }
813 
GHASH_loop(void * args)814 static int GHASH_loop(void *args)
815 {
816     loopargs_t *tempargs = *(loopargs_t **) args;
817     unsigned char *buf = tempargs->buf;
818     EVP_MAC_CTX *mctx = tempargs->mctx;
819     int count;
820 
821     /* just do the update in the loop to be comparable with 1.1.1 */
822     for (count = 0; COND(c[D_GHASH][testnum]); count++) {
823         if (!EVP_MAC_update(mctx, buf, lengths[testnum]))
824             return -1;
825     }
826     return count;
827 }
828 
829 #define MAX_BLOCK_SIZE 128
830 
831 static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
832 
init_evp_cipher_ctx(const char * ciphername,const unsigned char * key,int keylen)833 static EVP_CIPHER_CTX *init_evp_cipher_ctx(const char *ciphername,
834                                            const unsigned char *key,
835                                            int keylen)
836 {
837     EVP_CIPHER_CTX *ctx = NULL;
838     EVP_CIPHER *cipher = NULL;
839 
840     if (!opt_cipher_silent(ciphername, &cipher))
841         return NULL;
842 
843     if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
844         goto end;
845 
846     if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)) {
847         EVP_CIPHER_CTX_free(ctx);
848         ctx = NULL;
849         goto end;
850     }
851 
852     if (EVP_CIPHER_CTX_set_key_length(ctx, keylen) <= 0) {
853         EVP_CIPHER_CTX_free(ctx);
854         ctx = NULL;
855         goto end;
856     }
857 
858     if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1)) {
859         EVP_CIPHER_CTX_free(ctx);
860         ctx = NULL;
861         goto end;
862     }
863 
864 end:
865     EVP_CIPHER_free(cipher);
866     return ctx;
867 }
868 
RAND_bytes_loop(void * args)869 static int RAND_bytes_loop(void *args)
870 {
871     loopargs_t *tempargs = *(loopargs_t **) args;
872     unsigned char *buf = tempargs->buf;
873     int count;
874 
875     for (count = 0; COND(c[D_RAND][testnum]); count++)
876         RAND_bytes(buf, lengths[testnum]);
877     return count;
878 }
879 
880 static int decrypt = 0;
EVP_Update_loop(void * args)881 static int EVP_Update_loop(void *args)
882 {
883     loopargs_t *tempargs = *(loopargs_t **) args;
884     unsigned char *buf = tempargs->buf;
885     EVP_CIPHER_CTX *ctx = tempargs->ctx;
886     int outl, count, rc;
887 
888     if (decrypt) {
889         for (count = 0; COND(c[D_EVP][testnum]); count++) {
890             rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
891             if (rc != 1) {
892                 /* reset iv in case of counter overflow */
893                 rc = EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
894             }
895         }
896     } else {
897         for (count = 0; COND(c[D_EVP][testnum]); count++) {
898             rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
899             if (rc != 1) {
900                 /* reset iv in case of counter overflow */
901                 rc = EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
902             }
903         }
904     }
905     if (decrypt)
906         rc = EVP_DecryptFinal_ex(ctx, buf, &outl);
907     else
908         rc = EVP_EncryptFinal_ex(ctx, buf, &outl);
909 
910     if (rc == 0)
911         BIO_printf(bio_err, "Error finalizing cipher loop\n");
912     return count;
913 }
914 
915 /*
916  * To make AEAD benchmarking more relevant perform TLS-like operations,
917  * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
918  * payload length is not actually limited by 16KB...
919  * CCM does not support streaming. For the purpose of performance measurement,
920  * each message is encrypted using the same (key,iv)-pair. Do not use this
921  * code in your application.
922  */
EVP_Update_loop_aead_enc(void * args)923 static int EVP_Update_loop_aead_enc(void *args)
924 {
925     loopargs_t *tempargs = *(loopargs_t **) args;
926     unsigned char *buf = tempargs->buf;
927     unsigned char *key = tempargs->key;
928     EVP_CIPHER_CTX *ctx = tempargs->ctx;
929     int outl, count, realcount = 0;
930 
931     for (count = 0; COND(c[D_EVP][testnum]); count++) {
932         /* Set length of iv (Doesn't apply to SIV mode) */
933         if (mode_op != EVP_CIPH_SIV_MODE) {
934             if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
935                                      aead_ivlen, NULL)) {
936                 BIO_printf(bio_err, "\nFailed to set iv length\n");
937                 dofail();
938                 exit(1);
939             }
940         }
941         /* Set tag_len (Not for GCM/SIV at encryption stage) */
942         if (mode_op != EVP_CIPH_GCM_MODE
943             && mode_op != EVP_CIPH_SIV_MODE
944             && mode_op != EVP_CIPH_GCM_SIV_MODE) {
945             if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
946                                      TAG_LEN, NULL)) {
947                 BIO_printf(bio_err, "\nFailed to set tag length\n");
948                 dofail();
949                 exit(1);
950             }
951         }
952         if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) {
953             BIO_printf(bio_err, "\nFailed to set key and iv\n");
954             dofail();
955             exit(1);
956         }
957         /* Set total length of input. Only required for CCM */
958         if (mode_op == EVP_CIPH_CCM_MODE) {
959             if (!EVP_EncryptUpdate(ctx, NULL, &outl,
960                                    NULL, lengths[testnum])) {
961                 BIO_printf(bio_err, "\nCouldn't set input text length\n");
962                 dofail();
963                 exit(1);
964             }
965         }
966         if (aead) {
967             if (!EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) {
968                 BIO_printf(bio_err, "\nCouldn't insert AAD when encrypting\n");
969                 dofail();
970                 exit(1);
971             }
972         }
973         if (!EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum])) {
974             BIO_printf(bio_err, "\nFailed to encrypt the data\n");
975             dofail();
976             exit(1);
977         }
978         if (EVP_EncryptFinal_ex(ctx, buf, &outl))
979             realcount++;
980     }
981     return realcount;
982 }
983 
984 /*
985  * To make AEAD benchmarking more relevant perform TLS-like operations,
986  * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
987  * payload length is not actually limited by 16KB...
988  * CCM does not support streaming. For the purpose of performance measurement,
989  * each message is decrypted using the same (key,iv)-pair. Do not use this
990  * code in your application.
991  * For decryption, we will use buf2 to preserve the input text in buf.
992  */
EVP_Update_loop_aead_dec(void * args)993 static int EVP_Update_loop_aead_dec(void *args)
994 {
995     loopargs_t *tempargs = *(loopargs_t **) args;
996     unsigned char *buf = tempargs->buf;
997     unsigned char *outbuf = tempargs->buf2;
998     unsigned char *key = tempargs->key;
999     unsigned char tag[TAG_LEN];
1000     EVP_CIPHER_CTX *ctx = tempargs->ctx;
1001     int outl, count, realcount = 0;
1002 
1003     for (count = 0; COND(c[D_EVP][testnum]); count++) {
1004         /* Set the length of iv (Doesn't apply to SIV mode) */
1005         if (mode_op != EVP_CIPH_SIV_MODE) {
1006             if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
1007                                      aead_ivlen, NULL)) {
1008                 BIO_printf(bio_err, "\nFailed to set iv length\n");
1009                 dofail();
1010                 exit(1);
1011             }
1012         }
1013 
1014         /* Set the tag length (Doesn't apply to SIV mode) */
1015         if (mode_op != EVP_CIPH_SIV_MODE
1016             && mode_op != EVP_CIPH_GCM_MODE
1017             && mode_op != EVP_CIPH_GCM_SIV_MODE) {
1018             if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
1019                                      TAG_LEN, NULL)) {
1020                 BIO_printf(bio_err, "\nFailed to set tag length\n");
1021                 dofail();
1022                 exit(1);
1023             }
1024         }
1025         if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) {
1026             BIO_printf(bio_err, "\nFailed to set key and iv\n");
1027             dofail();
1028             exit(1);
1029         }
1030         /* Set iv before decryption (Doesn't apply to SIV mode) */
1031         if (mode_op != EVP_CIPH_SIV_MODE) {
1032             if (!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, aead_iv)) {
1033                 BIO_printf(bio_err, "\nFailed to set iv\n");
1034                 dofail();
1035                 exit(1);
1036             }
1037         }
1038         memcpy(tag, tempargs->tag, TAG_LEN);
1039 
1040         if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
1041                                  TAG_LEN, tag)) {
1042             BIO_printf(bio_err, "\nFailed to set tag\n");
1043             dofail();
1044             exit(1);
1045         }
1046         /* Set the total length of cipher text. Only required for CCM */
1047         if (mode_op == EVP_CIPH_CCM_MODE) {
1048             if (!EVP_DecryptUpdate(ctx, NULL, &outl,
1049                                    NULL, lengths[testnum])) {
1050                 BIO_printf(bio_err, "\nCouldn't set cipher text length\n");
1051                 dofail();
1052                 exit(1);
1053             }
1054         }
1055         if (aead) {
1056             if (!EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) {
1057                 BIO_printf(bio_err, "\nCouldn't insert AAD when decrypting\n");
1058                 dofail();
1059                 exit(1);
1060             }
1061         }
1062         if (!EVP_DecryptUpdate(ctx, outbuf, &outl, buf, lengths[testnum])) {
1063             BIO_printf(bio_err, "\nFailed to decrypt the data\n");
1064             dofail();
1065             exit(1);
1066         }
1067         if (EVP_DecryptFinal_ex(ctx, outbuf, &outl))
1068             realcount++;
1069     }
1070     return realcount;
1071 }
1072 
RSA_sign_loop(void * args)1073 static int RSA_sign_loop(void *args)
1074 {
1075     loopargs_t *tempargs = *(loopargs_t **) args;
1076     unsigned char *buf = tempargs->buf;
1077     unsigned char *buf2 = tempargs->buf2;
1078     size_t *rsa_num = &tempargs->sigsize;
1079     EVP_PKEY_CTX **rsa_sign_ctx = tempargs->rsa_sign_ctx;
1080     int ret, count;
1081 
1082     for (count = 0; COND(rsa_c[testnum][0]); count++) {
1083         *rsa_num = tempargs->buflen;
1084         ret = EVP_PKEY_sign(rsa_sign_ctx[testnum], buf2, rsa_num, buf, 36);
1085         if (ret <= 0) {
1086             BIO_printf(bio_err, "RSA sign failure\n");
1087             dofail();
1088             count = -1;
1089             break;
1090         }
1091     }
1092     return count;
1093 }
1094 
RSA_verify_loop(void * args)1095 static int RSA_verify_loop(void *args)
1096 {
1097     loopargs_t *tempargs = *(loopargs_t **) args;
1098     unsigned char *buf = tempargs->buf;
1099     unsigned char *buf2 = tempargs->buf2;
1100     size_t rsa_num = tempargs->sigsize;
1101     EVP_PKEY_CTX **rsa_verify_ctx = tempargs->rsa_verify_ctx;
1102     int ret, count;
1103 
1104     for (count = 0; COND(rsa_c[testnum][1]); count++) {
1105         ret = EVP_PKEY_verify(rsa_verify_ctx[testnum], buf2, rsa_num, buf, 36);
1106         if (ret <= 0) {
1107             BIO_printf(bio_err, "RSA verify failure\n");
1108             dofail();
1109             count = -1;
1110             break;
1111         }
1112     }
1113     return count;
1114 }
1115 
RSA_encrypt_loop(void * args)1116 static int RSA_encrypt_loop(void *args)
1117 {
1118     loopargs_t *tempargs = *(loopargs_t **) args;
1119     unsigned char *buf = tempargs->buf;
1120     unsigned char *buf2 = tempargs->buf2;
1121     size_t *rsa_num = &tempargs->encsize;
1122     EVP_PKEY_CTX **rsa_encrypt_ctx = tempargs->rsa_encrypt_ctx;
1123     int ret, count;
1124 
1125     for (count = 0; COND(rsa_c[testnum][2]); count++) {
1126         *rsa_num = tempargs->buflen;
1127         ret = EVP_PKEY_encrypt(rsa_encrypt_ctx[testnum], buf2, rsa_num, buf, 36);
1128         if (ret <= 0) {
1129             BIO_printf(bio_err, "RSA encrypt failure\n");
1130             dofail();
1131             count = -1;
1132             break;
1133         }
1134     }
1135     return count;
1136 }
1137 
RSA_decrypt_loop(void * args)1138 static int RSA_decrypt_loop(void *args)
1139 {
1140     loopargs_t *tempargs = *(loopargs_t **) args;
1141     unsigned char *buf = tempargs->buf;
1142     unsigned char *buf2 = tempargs->buf2;
1143     size_t rsa_num;
1144     EVP_PKEY_CTX **rsa_decrypt_ctx = tempargs->rsa_decrypt_ctx;
1145     int ret, count;
1146 
1147     for (count = 0; COND(rsa_c[testnum][3]); count++) {
1148         rsa_num = tempargs->buflen;
1149         ret = EVP_PKEY_decrypt(rsa_decrypt_ctx[testnum], buf, &rsa_num, buf2, tempargs->encsize);
1150         if (ret <= 0) {
1151             BIO_printf(bio_err, "RSA decrypt failure\n");
1152             dofail();
1153             count = -1;
1154             break;
1155         }
1156     }
1157     return count;
1158 }
1159 
1160 #ifndef OPENSSL_NO_DH
1161 
FFDH_derive_key_loop(void * args)1162 static int FFDH_derive_key_loop(void *args)
1163 {
1164     loopargs_t *tempargs = *(loopargs_t **) args;
1165     EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum];
1166     unsigned char *derived_secret = tempargs->secret_ff_a;
1167     int count;
1168 
1169     for (count = 0; COND(ffdh_c[testnum][0]); count++) {
1170         /* outlen can be overwritten with a too small value (no padding used) */
1171         size_t outlen = MAX_FFDH_SIZE;
1172 
1173         EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen);
1174     }
1175     return count;
1176 }
1177 #endif /* OPENSSL_NO_DH */
1178 
1179 #ifndef OPENSSL_NO_DSA
DSA_sign_loop(void * args)1180 static int DSA_sign_loop(void *args)
1181 {
1182     loopargs_t *tempargs = *(loopargs_t **) args;
1183     unsigned char *buf = tempargs->buf;
1184     unsigned char *buf2 = tempargs->buf2;
1185     size_t *dsa_num = &tempargs->sigsize;
1186     EVP_PKEY_CTX **dsa_sign_ctx = tempargs->dsa_sign_ctx;
1187     int ret, count;
1188 
1189     for (count = 0; COND(dsa_c[testnum][0]); count++) {
1190         *dsa_num = tempargs->buflen;
1191         ret = EVP_PKEY_sign(dsa_sign_ctx[testnum], buf2, dsa_num, buf, 20);
1192         if (ret <= 0) {
1193             BIO_printf(bio_err, "DSA sign failure\n");
1194             dofail();
1195             count = -1;
1196             break;
1197         }
1198     }
1199     return count;
1200 }
1201 
DSA_verify_loop(void * args)1202 static int DSA_verify_loop(void *args)
1203 {
1204     loopargs_t *tempargs = *(loopargs_t **) args;
1205     unsigned char *buf = tempargs->buf;
1206     unsigned char *buf2 = tempargs->buf2;
1207     size_t dsa_num = tempargs->sigsize;
1208     EVP_PKEY_CTX **dsa_verify_ctx = tempargs->dsa_verify_ctx;
1209     int ret, count;
1210 
1211     for (count = 0; COND(dsa_c[testnum][1]); count++) {
1212         ret = EVP_PKEY_verify(dsa_verify_ctx[testnum], buf2, dsa_num, buf, 20);
1213         if (ret <= 0) {
1214             BIO_printf(bio_err, "DSA verify failure\n");
1215             dofail();
1216             count = -1;
1217             break;
1218         }
1219     }
1220     return count;
1221 }
1222 #endif /* OPENSSL_NO_DSA */
1223 
ECDSA_sign_loop(void * args)1224 static int ECDSA_sign_loop(void *args)
1225 {
1226     loopargs_t *tempargs = *(loopargs_t **) args;
1227     unsigned char *buf = tempargs->buf;
1228     unsigned char *buf2 = tempargs->buf2;
1229     size_t *ecdsa_num = &tempargs->sigsize;
1230     EVP_PKEY_CTX **ecdsa_sign_ctx = tempargs->ecdsa_sign_ctx;
1231     int ret, count;
1232 
1233     for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
1234         *ecdsa_num = tempargs->buflen;
1235         ret = EVP_PKEY_sign(ecdsa_sign_ctx[testnum], buf2, ecdsa_num, buf, 20);
1236         if (ret <= 0) {
1237             BIO_printf(bio_err, "ECDSA sign failure\n");
1238             dofail();
1239             count = -1;
1240             break;
1241         }
1242     }
1243     return count;
1244 }
1245 
ECDSA_verify_loop(void * args)1246 static int ECDSA_verify_loop(void *args)
1247 {
1248     loopargs_t *tempargs = *(loopargs_t **) args;
1249     unsigned char *buf = tempargs->buf;
1250     unsigned char *buf2 = tempargs->buf2;
1251     size_t ecdsa_num = tempargs->sigsize;
1252     EVP_PKEY_CTX **ecdsa_verify_ctx = tempargs->ecdsa_verify_ctx;
1253     int ret, count;
1254 
1255     for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
1256         ret = EVP_PKEY_verify(ecdsa_verify_ctx[testnum], buf2, ecdsa_num,
1257                               buf, 20);
1258         if (ret <= 0) {
1259             BIO_printf(bio_err, "ECDSA verify failure\n");
1260             dofail();
1261             count = -1;
1262             break;
1263         }
1264     }
1265     return count;
1266 }
1267 
1268 /* ******************************************************************** */
1269 
ECDH_EVP_derive_key_loop(void * args)1270 static int ECDH_EVP_derive_key_loop(void *args)
1271 {
1272     loopargs_t *tempargs = *(loopargs_t **) args;
1273     EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum];
1274     unsigned char *derived_secret = tempargs->secret_a;
1275     int count;
1276     size_t *outlen = &(tempargs->outlen[testnum]);
1277 
1278     for (count = 0; COND(ecdh_c[testnum][0]); count++)
1279         EVP_PKEY_derive(ctx, derived_secret, outlen);
1280 
1281     return count;
1282 }
1283 
1284 #ifndef OPENSSL_NO_ECX
EdDSA_sign_loop(void * args)1285 static int EdDSA_sign_loop(void *args)
1286 {
1287     loopargs_t *tempargs = *(loopargs_t **) args;
1288     unsigned char *buf = tempargs->buf;
1289     EVP_MD_CTX **edctx = tempargs->eddsa_ctx;
1290     unsigned char *eddsasig = tempargs->buf2;
1291     size_t *eddsasigsize = &tempargs->sigsize;
1292     int ret, count;
1293 
1294     for (count = 0; COND(eddsa_c[testnum][0]); count++) {
1295         ret = EVP_DigestSignInit(edctx[testnum], NULL, NULL, NULL, NULL);
1296         if (ret == 0) {
1297             BIO_printf(bio_err, "EdDSA sign init failure\n");
1298             dofail();
1299             count = -1;
1300             break;
1301         }
1302         ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
1303         if (ret == 0) {
1304             BIO_printf(bio_err, "EdDSA sign failure\n");
1305             dofail();
1306             count = -1;
1307             break;
1308         }
1309     }
1310     return count;
1311 }
1312 
EdDSA_verify_loop(void * args)1313 static int EdDSA_verify_loop(void *args)
1314 {
1315     loopargs_t *tempargs = *(loopargs_t **) args;
1316     unsigned char *buf = tempargs->buf;
1317     EVP_MD_CTX **edctx = tempargs->eddsa_ctx2;
1318     unsigned char *eddsasig = tempargs->buf2;
1319     size_t eddsasigsize = tempargs->sigsize;
1320     int ret, count;
1321 
1322     for (count = 0; COND(eddsa_c[testnum][1]); count++) {
1323         ret = EVP_DigestVerifyInit(edctx[testnum], NULL, NULL, NULL, NULL);
1324         if (ret == 0) {
1325             BIO_printf(bio_err, "EdDSA verify init failure\n");
1326             dofail();
1327             count = -1;
1328             break;
1329         }
1330         ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
1331         if (ret != 1) {
1332             BIO_printf(bio_err, "EdDSA verify failure\n");
1333             dofail();
1334             count = -1;
1335             break;
1336         }
1337     }
1338     return count;
1339 }
1340 #endif /* OPENSSL_NO_ECX */
1341 
1342 #ifndef OPENSSL_NO_SM2
SM2_sign_loop(void * args)1343 static int SM2_sign_loop(void *args)
1344 {
1345     loopargs_t *tempargs = *(loopargs_t **) args;
1346     unsigned char *buf = tempargs->buf;
1347     EVP_MD_CTX **sm2ctx = tempargs->sm2_ctx;
1348     unsigned char *sm2sig = tempargs->buf2;
1349     size_t sm2sigsize;
1350     int ret, count;
1351     EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
1352     const size_t max_size = EVP_PKEY_get_size(sm2_pkey[testnum]);
1353 
1354     for (count = 0; COND(sm2_c[testnum][0]); count++) {
1355         sm2sigsize = max_size;
1356 
1357         if (!EVP_DigestSignInit(sm2ctx[testnum], NULL, EVP_sm3(),
1358                                 NULL, sm2_pkey[testnum])) {
1359             BIO_printf(bio_err, "SM2 init sign failure\n");
1360             dofail();
1361             count = -1;
1362             break;
1363         }
1364         ret = EVP_DigestSign(sm2ctx[testnum], sm2sig, &sm2sigsize,
1365                              buf, 20);
1366         if (ret == 0) {
1367             BIO_printf(bio_err, "SM2 sign failure\n");
1368             dofail();
1369             count = -1;
1370             break;
1371         }
1372         /* update the latest returned size and always use the fixed buffer size */
1373         tempargs->sigsize = sm2sigsize;
1374     }
1375 
1376     return count;
1377 }
1378 
SM2_verify_loop(void * args)1379 static int SM2_verify_loop(void *args)
1380 {
1381     loopargs_t *tempargs = *(loopargs_t **) args;
1382     unsigned char *buf = tempargs->buf;
1383     EVP_MD_CTX **sm2ctx = tempargs->sm2_vfy_ctx;
1384     unsigned char *sm2sig = tempargs->buf2;
1385     size_t sm2sigsize = tempargs->sigsize;
1386     int ret, count;
1387     EVP_PKEY **sm2_pkey = tempargs->sm2_pkey;
1388 
1389     for (count = 0; COND(sm2_c[testnum][1]); count++) {
1390         if (!EVP_DigestVerifyInit(sm2ctx[testnum], NULL, EVP_sm3(),
1391                                   NULL, sm2_pkey[testnum])) {
1392             BIO_printf(bio_err, "SM2 verify init failure\n");
1393             dofail();
1394             count = -1;
1395             break;
1396         }
1397         ret = EVP_DigestVerify(sm2ctx[testnum], sm2sig, sm2sigsize,
1398                                buf, 20);
1399         if (ret != 1) {
1400             BIO_printf(bio_err, "SM2 verify failure\n");
1401             dofail();
1402             count = -1;
1403             break;
1404         }
1405     }
1406     return count;
1407 }
1408 #endif                         /* OPENSSL_NO_SM2 */
1409 
KEM_keygen_loop(void * args)1410 static int KEM_keygen_loop(void *args)
1411 {
1412     loopargs_t *tempargs = *(loopargs_t **) args;
1413     EVP_PKEY_CTX *ctx = tempargs->kem_gen_ctx[testnum];
1414     EVP_PKEY *pkey = NULL;
1415     int count;
1416 
1417     for (count = 0; COND(kems_c[testnum][0]); count++) {
1418         if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
1419             return -1;
1420         /*
1421          * runtime defined to quite some degree by randomness,
1422          * so performance overhead of _free doesn't impact
1423          * results significantly. In any case this test is
1424          * meant to permit relative algorithm performance
1425          * comparison.
1426          */
1427         EVP_PKEY_free(pkey);
1428         pkey = NULL;
1429     }
1430     return count;
1431 }
1432 
KEM_encaps_loop(void * args)1433 static int KEM_encaps_loop(void *args)
1434 {
1435     loopargs_t *tempargs = *(loopargs_t **) args;
1436     EVP_PKEY_CTX *ctx = tempargs->kem_encaps_ctx[testnum];
1437     size_t out_len = tempargs->kem_out_len[testnum];
1438     size_t secret_len = tempargs->kem_secret_len[testnum];
1439     unsigned char *out = tempargs->kem_out[testnum];
1440     unsigned char *secret = tempargs->kem_send_secret[testnum];
1441     int count;
1442 
1443     for (count = 0; COND(kems_c[testnum][1]); count++) {
1444         if (EVP_PKEY_encapsulate(ctx, out, &out_len, secret, &secret_len) <= 0)
1445             return -1;
1446     }
1447     return count;
1448 }
1449 
KEM_decaps_loop(void * args)1450 static int KEM_decaps_loop(void *args)
1451 {
1452     loopargs_t *tempargs = *(loopargs_t **) args;
1453     EVP_PKEY_CTX *ctx = tempargs->kem_decaps_ctx[testnum];
1454     size_t out_len = tempargs->kem_out_len[testnum];
1455     size_t secret_len = tempargs->kem_secret_len[testnum];
1456     unsigned char *out = tempargs->kem_out[testnum];
1457     unsigned char *secret = tempargs->kem_send_secret[testnum];
1458     int count;
1459 
1460     for (count = 0; COND(kems_c[testnum][2]); count++) {
1461         if (EVP_PKEY_decapsulate(ctx, secret, &secret_len, out, out_len) <= 0)
1462             return -1;
1463     }
1464     return count;
1465 }
1466 
SIG_keygen_loop(void * args)1467 static int SIG_keygen_loop(void *args)
1468 {
1469     loopargs_t *tempargs = *(loopargs_t **) args;
1470     EVP_PKEY_CTX *ctx = tempargs->sig_gen_ctx[testnum];
1471     EVP_PKEY *pkey = NULL;
1472     int count;
1473 
1474     for (count = 0; COND(kems_c[testnum][0]); count++) {
1475         EVP_PKEY_keygen(ctx, &pkey);
1476         /* TBD: How much does free influence runtime? */
1477         EVP_PKEY_free(pkey);
1478         pkey = NULL;
1479     }
1480     return count;
1481 }
1482 
SIG_sign_loop(void * args)1483 static int SIG_sign_loop(void *args)
1484 {
1485     loopargs_t *tempargs = *(loopargs_t **) args;
1486     EVP_PKEY_CTX *ctx = tempargs->sig_sign_ctx[testnum];
1487     /* be sure to not change stored sig: */
1488     unsigned char *sig = app_malloc(tempargs->sig_max_sig_len[testnum],
1489                                     "sig sign loop");
1490     unsigned char md[SHA256_DIGEST_LENGTH] = { 0 };
1491     size_t md_len = SHA256_DIGEST_LENGTH;
1492     int count;
1493 
1494     for (count = 0; COND(kems_c[testnum][1]); count++) {
1495         size_t sig_len = tempargs->sig_max_sig_len[testnum];
1496         int ret = EVP_PKEY_sign(ctx, sig, &sig_len, md, md_len);
1497 
1498         if (ret <= 0) {
1499             BIO_printf(bio_err, "SIG sign failure at count %d\n", count);
1500             dofail();
1501             count = -1;
1502             break;
1503         }
1504     }
1505     OPENSSL_free(sig);
1506     return count;
1507 }
1508 
SIG_verify_loop(void * args)1509 static int SIG_verify_loop(void *args)
1510 {
1511     loopargs_t *tempargs = *(loopargs_t **) args;
1512     EVP_PKEY_CTX *ctx = tempargs->sig_verify_ctx[testnum];
1513     size_t sig_len = tempargs->sig_act_sig_len[testnum];
1514     unsigned char *sig = tempargs->sig_sig[testnum];
1515     unsigned char md[SHA256_DIGEST_LENGTH] = { 0 };
1516     size_t md_len = SHA256_DIGEST_LENGTH;
1517     int count;
1518 
1519     for (count = 0; COND(kems_c[testnum][2]); count++) {
1520         int ret = EVP_PKEY_verify(ctx, sig, sig_len, md, md_len);
1521 
1522         if (ret <= 0) {
1523             BIO_printf(bio_err, "SIG verify failure at count %d\n", count);
1524             dofail();
1525             count = -1;
1526             break;
1527         }
1528 
1529     }
1530     return count;
1531 }
1532 
check_block_size(EVP_CIPHER_CTX * ctx,int length)1533 static int check_block_size(EVP_CIPHER_CTX *ctx, int length)
1534 {
1535     const EVP_CIPHER *ciph = EVP_CIPHER_CTX_get0_cipher(ctx);
1536     int blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
1537 
1538     if (ciph == NULL || blocksize <= 0) {
1539         BIO_printf(bio_err, "\nInvalid cipher!\n");
1540         return 0;
1541     }
1542     if (length % blocksize != 0) {
1543         BIO_printf(bio_err,
1544                    "\nRequested encryption length not a multiple of block size for %s!\n",
1545                    EVP_CIPHER_get0_name(ciph));
1546         return 0;
1547     }
1548     return 1;
1549 }
1550 
run_benchmark(int async_jobs,int (* loop_function)(void *),loopargs_t * loopargs)1551 static int run_benchmark(int async_jobs,
1552                          int (*loop_function) (void *), loopargs_t *loopargs)
1553 {
1554     int job_op_count = 0;
1555     int total_op_count = 0;
1556     int num_inprogress = 0;
1557     int error = 0, i = 0, ret = 0;
1558     OSSL_ASYNC_FD job_fd = 0;
1559     size_t num_job_fds = 0;
1560 
1561     if (async_jobs == 0) {
1562         return loop_function((void *)&loopargs);
1563     }
1564 
1565     for (i = 0; i < async_jobs && !error; i++) {
1566         loopargs_t *looparg_item = loopargs + i;
1567 
1568         /* Copy pointer content (looparg_t item address) into async context */
1569         ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
1570                               &job_op_count, loop_function,
1571                               (void *)&looparg_item, sizeof(looparg_item));
1572         switch (ret) {
1573         case ASYNC_PAUSE:
1574             ++num_inprogress;
1575             break;
1576         case ASYNC_FINISH:
1577             if (job_op_count == -1) {
1578                 error = 1;
1579             } else {
1580                 total_op_count += job_op_count;
1581             }
1582             break;
1583         case ASYNC_NO_JOBS:
1584         case ASYNC_ERR:
1585             BIO_printf(bio_err, "Failure in the job\n");
1586             dofail();
1587             error = 1;
1588             break;
1589         }
1590     }
1591 
1592     while (num_inprogress > 0) {
1593 #if defined(OPENSSL_SYS_WINDOWS)
1594         DWORD avail = 0;
1595 #elif defined(OPENSSL_SYS_UNIX)
1596         int select_result = 0;
1597         OSSL_ASYNC_FD max_fd = 0;
1598         fd_set waitfdset;
1599 
1600         FD_ZERO(&waitfdset);
1601 
1602         for (i = 0; i < async_jobs && num_inprogress > 0; i++) {
1603             if (loopargs[i].inprogress_job == NULL)
1604                 continue;
1605 
1606             if (!ASYNC_WAIT_CTX_get_all_fds
1607                 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1608                 || num_job_fds > 1) {
1609                 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1610                 dofail();
1611                 error = 1;
1612                 break;
1613             }
1614             ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1615                                        &num_job_fds);
1616             FD_SET(job_fd, &waitfdset);
1617             if (job_fd > max_fd)
1618                 max_fd = job_fd;
1619         }
1620 
1621         if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
1622             BIO_printf(bio_err,
1623                        "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
1624                        "Decrease the value of async_jobs\n",
1625                        max_fd, FD_SETSIZE);
1626             dofail();
1627             error = 1;
1628             break;
1629         }
1630 
1631         select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL);
1632         if (select_result == -1 && errno == EINTR)
1633             continue;
1634 
1635         if (select_result == -1) {
1636             BIO_printf(bio_err, "Failure in the select\n");
1637             dofail();
1638             error = 1;
1639             break;
1640         }
1641 
1642         if (select_result == 0)
1643             continue;
1644 #endif
1645 
1646         for (i = 0; i < async_jobs; i++) {
1647             if (loopargs[i].inprogress_job == NULL)
1648                 continue;
1649 
1650             if (!ASYNC_WAIT_CTX_get_all_fds
1651                 (loopargs[i].wait_ctx, NULL, &num_job_fds)
1652                 || num_job_fds > 1) {
1653                 BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
1654                 dofail();
1655                 error = 1;
1656                 break;
1657             }
1658             ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
1659                                        &num_job_fds);
1660 
1661 #if defined(OPENSSL_SYS_UNIX)
1662             if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
1663                 continue;
1664 #elif defined(OPENSSL_SYS_WINDOWS)
1665             if (num_job_fds == 1
1666                 && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
1667                 && avail > 0)
1668                 continue;
1669 #endif
1670 
1671             ret = ASYNC_start_job(&loopargs[i].inprogress_job,
1672                                   loopargs[i].wait_ctx, &job_op_count,
1673                                   loop_function, (void *)(loopargs + i),
1674                                   sizeof(loopargs_t));
1675             switch (ret) {
1676             case ASYNC_PAUSE:
1677                 break;
1678             case ASYNC_FINISH:
1679                 if (job_op_count == -1) {
1680                     error = 1;
1681                 } else {
1682                     total_op_count += job_op_count;
1683                 }
1684                 --num_inprogress;
1685                 loopargs[i].inprogress_job = NULL;
1686                 break;
1687             case ASYNC_NO_JOBS:
1688             case ASYNC_ERR:
1689                 --num_inprogress;
1690                 loopargs[i].inprogress_job = NULL;
1691                 BIO_printf(bio_err, "Failure in the job\n");
1692                 dofail();
1693                 error = 1;
1694                 break;
1695             }
1696         }
1697     }
1698 
1699     return error ? -1 : total_op_count;
1700 }
1701 
1702 typedef struct ec_curve_st {
1703     const char *name;
1704     unsigned int nid;
1705     unsigned int bits;
1706     size_t sigsize; /* only used for EdDSA curves */
1707 } EC_CURVE;
1708 
get_ecdsa(const EC_CURVE * curve)1709 static EVP_PKEY *get_ecdsa(const EC_CURVE *curve)
1710 {
1711     EVP_PKEY_CTX *kctx = NULL;
1712     EVP_PKEY *key = NULL;
1713 
1714     /* Ensure that the error queue is empty */
1715     if (ERR_peek_error()) {
1716         BIO_printf(bio_err,
1717                    "WARNING: the error queue contains previous unhandled errors.\n");
1718         dofail();
1719     }
1720 
1721     /*
1722      * Let's try to create a ctx directly from the NID: this works for
1723      * curves like Curve25519 that are not implemented through the low
1724      * level EC interface.
1725      * If this fails we try creating a EVP_PKEY_EC generic param ctx,
1726      * then we set the curve by NID before deriving the actual keygen
1727      * ctx for that specific curve.
1728      */
1729     kctx = EVP_PKEY_CTX_new_id(curve->nid, NULL);
1730     if (kctx == NULL) {
1731         EVP_PKEY_CTX *pctx = NULL;
1732         EVP_PKEY *params = NULL;
1733         /*
1734          * If we reach this code EVP_PKEY_CTX_new_id() failed and a
1735          * "int_ctx_new:unsupported algorithm" error was added to the
1736          * error queue.
1737          * We remove it from the error queue as we are handling it.
1738          */
1739         unsigned long error = ERR_peek_error();
1740 
1741         if (error == ERR_peek_last_error() /* oldest and latest errors match */
1742             /* check that the error origin matches */
1743             && ERR_GET_LIB(error) == ERR_LIB_EVP
1744             && (ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM
1745                 || ERR_GET_REASON(error) == ERR_R_UNSUPPORTED))
1746             ERR_get_error(); /* pop error from queue */
1747         if (ERR_peek_error()) {
1748             BIO_printf(bio_err,
1749                        "Unhandled error in the error queue during EC key setup.\n");
1750             dofail();
1751             return NULL;
1752         }
1753 
1754         /* Create the context for parameter generation */
1755         if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL
1756             || EVP_PKEY_paramgen_init(pctx) <= 0
1757             || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
1758                                                       curve->nid) <= 0
1759             || EVP_PKEY_paramgen(pctx, &params) <= 0) {
1760             BIO_printf(bio_err, "EC params init failure.\n");
1761             dofail();
1762             EVP_PKEY_CTX_free(pctx);
1763             return NULL;
1764         }
1765         EVP_PKEY_CTX_free(pctx);
1766 
1767         /* Create the context for the key generation */
1768         kctx = EVP_PKEY_CTX_new(params, NULL);
1769         EVP_PKEY_free(params);
1770     }
1771     if (kctx == NULL
1772         || EVP_PKEY_keygen_init(kctx) <= 0
1773         || EVP_PKEY_keygen(kctx, &key) <= 0) {
1774         BIO_printf(bio_err, "EC key generation failure.\n");
1775         dofail();
1776         key = NULL;
1777     }
1778     EVP_PKEY_CTX_free(kctx);
1779     return key;
1780 }
1781 
1782 #define stop_it(do_it, test_num)\
1783     memset(do_it + test_num, 0, OSSL_NELEM(do_it) - test_num);
1784 
1785 /* Checks to see if algorithms are fetchable */
1786 #define IS_FETCHABLE(type, TYPE)                                \
1787     static int is_ ## type ## _fetchable(const TYPE *alg)       \
1788     {                                                           \
1789         TYPE *impl;                                             \
1790         const char *propq = app_get0_propq();                   \
1791         OSSL_LIB_CTX *libctx = app_get0_libctx();               \
1792         const char *name = TYPE ## _get0_name(alg);             \
1793                                                                 \
1794         ERR_set_mark();                                         \
1795         impl = TYPE ## _fetch(libctx, name, propq);             \
1796         ERR_pop_to_mark();                                      \
1797         if (impl == NULL)                                       \
1798             return 0;                                           \
1799         TYPE ## _free(impl);                                    \
1800         return 1;                                               \
1801     }
1802 
IS_FETCHABLE(signature,EVP_SIGNATURE)1803 IS_FETCHABLE(signature, EVP_SIGNATURE)
1804 IS_FETCHABLE(kem, EVP_KEM)
1805 
1806 DEFINE_STACK_OF(EVP_KEM)
1807 
1808 static int kems_cmp(const EVP_KEM * const *a,
1809                     const EVP_KEM * const *b)
1810 {
1811     return strcmp(OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*a)),
1812                   OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*b)));
1813 }
1814 
collect_kem(EVP_KEM * kem,void * stack)1815 static void collect_kem(EVP_KEM *kem, void *stack)
1816 {
1817     STACK_OF(EVP_KEM) *kem_stack = stack;
1818 
1819     if (is_kem_fetchable(kem)
1820             && sk_EVP_KEM_push(kem_stack, kem) > 0) {
1821         EVP_KEM_up_ref(kem);
1822     }
1823 }
1824 
kem_locate(const char * algo,unsigned int * idx)1825 static int kem_locate(const char *algo, unsigned int *idx)
1826 {
1827     unsigned int i;
1828 
1829     for (i = 0; i < kems_algs_len; i++) {
1830         if (strcmp(kems_algname[i], algo) == 0) {
1831             *idx = i;
1832             return 1;
1833         }
1834     }
1835     return 0;
1836 }
1837 
DEFINE_STACK_OF(EVP_SIGNATURE)1838 DEFINE_STACK_OF(EVP_SIGNATURE)
1839 
1840 static int signatures_cmp(const EVP_SIGNATURE * const *a,
1841                           const EVP_SIGNATURE * const *b)
1842 {
1843     return strcmp(OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*a)),
1844                   OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*b)));
1845 }
1846 
collect_signatures(EVP_SIGNATURE * sig,void * stack)1847 static void collect_signatures(EVP_SIGNATURE *sig, void *stack)
1848 {
1849     STACK_OF(EVP_SIGNATURE) *sig_stack = stack;
1850 
1851     if (is_signature_fetchable(sig)
1852             && sk_EVP_SIGNATURE_push(sig_stack, sig) > 0)
1853         EVP_SIGNATURE_up_ref(sig);
1854 }
1855 
sig_locate(const char * algo,unsigned int * idx)1856 static int sig_locate(const char *algo, unsigned int *idx)
1857 {
1858     unsigned int i;
1859 
1860     for (i = 0; i < sigs_algs_len; i++) {
1861         if (strcmp(sigs_algname[i], algo) == 0) {
1862             *idx = i;
1863             return 1;
1864         }
1865     }
1866     return 0;
1867 }
1868 
get_max(const uint8_t doit[],size_t algs_len)1869 static int get_max(const uint8_t doit[], size_t algs_len) {
1870     size_t i = 0;
1871     int maxcnt = 0;
1872 
1873     for (i = 0; i < algs_len; i++)
1874         if (maxcnt < doit[i]) maxcnt = doit[i];
1875     return maxcnt;
1876 }
1877 
speed_main(int argc,char ** argv)1878 int speed_main(int argc, char **argv)
1879 {
1880     CONF *conf = NULL;
1881     ENGINE *e = NULL;
1882     loopargs_t *loopargs = NULL;
1883     const char *prog;
1884     const char *engine_id = NULL;
1885     EVP_CIPHER *evp_cipher = NULL;
1886     EVP_MAC *mac = NULL;
1887     double d = 0.0;
1888     OPTION_CHOICE o;
1889     int async_init = 0, multiblock = 0, pr_header = 0;
1890     uint8_t doit[ALGOR_NUM] = { 0 };
1891     int ret = 1, misalign = 0, lengths_single = 0;
1892     STACK_OF(EVP_KEM) *kem_stack = NULL;
1893     STACK_OF(EVP_SIGNATURE) *sig_stack = NULL;
1894     long count = 0;
1895     unsigned int size_num = SIZE_NUM;
1896     unsigned int i, k, loopargs_len = 0, async_jobs = 0;
1897     unsigned int idx;
1898     int keylen = 0;
1899     int buflen;
1900     size_t declen;
1901     BIGNUM *bn = NULL;
1902     EVP_PKEY_CTX *genctx = NULL;
1903 #ifndef NO_FORK
1904     int multi = 0;
1905 #endif
1906     long op_count = 1;
1907     openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
1908                                     ECDSA_SECONDS, ECDH_SECONDS,
1909                                     EdDSA_SECONDS, SM2_SECONDS,
1910                                     FFDH_SECONDS, KEM_SECONDS,
1911                                     SIG_SECONDS };
1912 
1913     static const unsigned char key32[32] = {
1914         0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1915         0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1916         0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
1917         0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
1918     };
1919     static const unsigned char deskey[] = {
1920         0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, /* key1 */
1921         0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, /* key2 */
1922         0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34  /* key3 */
1923     };
1924     static const struct {
1925         const unsigned char *data;
1926         unsigned int length;
1927         unsigned int bits;
1928     } rsa_keys[] = {
1929         {   test512,   sizeof(test512),   512 },
1930         {  test1024,  sizeof(test1024),  1024 },
1931         {  test2048,  sizeof(test2048),  2048 },
1932         {  test3072,  sizeof(test3072),  3072 },
1933         {  test4096,  sizeof(test4096),  4096 },
1934         {  test7680,  sizeof(test7680),  7680 },
1935         { test15360, sizeof(test15360), 15360 }
1936     };
1937     uint8_t rsa_doit[RSA_NUM] = { 0 };
1938     int primes = RSA_DEFAULT_PRIME_NUM;
1939 #ifndef OPENSSL_NO_DH
1940     typedef struct ffdh_params_st {
1941         const char *name;
1942         unsigned int nid;
1943         unsigned int bits;
1944     } FFDH_PARAMS;
1945 
1946     static const FFDH_PARAMS ffdh_params[FFDH_NUM] = {
1947         {"ffdh2048", NID_ffdhe2048, 2048},
1948         {"ffdh3072", NID_ffdhe3072, 3072},
1949         {"ffdh4096", NID_ffdhe4096, 4096},
1950         {"ffdh6144", NID_ffdhe6144, 6144},
1951         {"ffdh8192", NID_ffdhe8192, 8192}
1952     };
1953     uint8_t ffdh_doit[FFDH_NUM] = { 0 };
1954 
1955 #endif /* OPENSSL_NO_DH */
1956 #ifndef OPENSSL_NO_DSA
1957     static const unsigned int dsa_bits[DSA_NUM] = { 1024, 2048 };
1958     uint8_t dsa_doit[DSA_NUM] = { 0 };
1959 #endif /* OPENSSL_NO_DSA */
1960     /*
1961      * We only test over the following curves as they are representative, To
1962      * add tests over more curves, simply add the curve NID and curve name to
1963      * the following arrays and increase the |ecdh_choices| and |ecdsa_choices|
1964      * lists accordingly.
1965      */
1966     static const EC_CURVE ec_curves[EC_NUM] = {
1967         /* Prime Curves */
1968         {"secp160r1", NID_secp160r1, 160},
1969         {"nistp192", NID_X9_62_prime192v1, 192},
1970         {"nistp224", NID_secp224r1, 224},
1971         {"nistp256", NID_X9_62_prime256v1, 256},
1972         {"nistp384", NID_secp384r1, 384},
1973         {"nistp521", NID_secp521r1, 521},
1974 #ifndef OPENSSL_NO_EC2M
1975         /* Binary Curves */
1976         {"nistk163", NID_sect163k1, 163},
1977         {"nistk233", NID_sect233k1, 233},
1978         {"nistk283", NID_sect283k1, 283},
1979         {"nistk409", NID_sect409k1, 409},
1980         {"nistk571", NID_sect571k1, 571},
1981         {"nistb163", NID_sect163r2, 163},
1982         {"nistb233", NID_sect233r1, 233},
1983         {"nistb283", NID_sect283r1, 283},
1984         {"nistb409", NID_sect409r1, 409},
1985         {"nistb571", NID_sect571r1, 571},
1986 #endif
1987         {"brainpoolP256r1", NID_brainpoolP256r1, 256},
1988         {"brainpoolP256t1", NID_brainpoolP256t1, 256},
1989         {"brainpoolP384r1", NID_brainpoolP384r1, 384},
1990         {"brainpoolP384t1", NID_brainpoolP384t1, 384},
1991         {"brainpoolP512r1", NID_brainpoolP512r1, 512},
1992         {"brainpoolP512t1", NID_brainpoolP512t1, 512},
1993 #ifndef OPENSSL_NO_ECX
1994         /* Other and ECDH only ones */
1995         {"X25519", NID_X25519, 253},
1996         {"X448", NID_X448, 448}
1997 #endif
1998     };
1999 #ifndef OPENSSL_NO_ECX
2000     static const EC_CURVE ed_curves[EdDSA_NUM] = {
2001         /* EdDSA */
2002         {"Ed25519", NID_ED25519, 253, 64},
2003         {"Ed448", NID_ED448, 456, 114}
2004     };
2005 #endif /* OPENSSL_NO_ECX */
2006 #ifndef OPENSSL_NO_SM2
2007     static const EC_CURVE sm2_curves[SM2_NUM] = {
2008         /* SM2 */
2009         {"CurveSM2", NID_sm2, 256}
2010     };
2011     uint8_t sm2_doit[SM2_NUM] = { 0 };
2012 #endif
2013     uint8_t ecdsa_doit[ECDSA_NUM] = { 0 };
2014     uint8_t ecdh_doit[EC_NUM] = { 0 };
2015 #ifndef OPENSSL_NO_ECX
2016     uint8_t eddsa_doit[EdDSA_NUM] = { 0 };
2017 #endif /* OPENSSL_NO_ECX */
2018 
2019     uint8_t kems_doit[MAX_KEM_NUM] = { 0 };
2020     uint8_t sigs_doit[MAX_SIG_NUM] = { 0 };
2021 
2022     uint8_t do_kems = 0;
2023     uint8_t do_sigs = 0;
2024 
2025     /* checks declared curves against choices list. */
2026 #ifndef OPENSSL_NO_ECX
2027     OPENSSL_assert(ed_curves[EdDSA_NUM - 1].nid == NID_ED448);
2028     OPENSSL_assert(strcmp(eddsa_choices[EdDSA_NUM - 1].name, "ed448") == 0);
2029 
2030     OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448);
2031     OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0);
2032 
2033     OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1);
2034     OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0);
2035 #endif /* OPENSSL_NO_ECX */
2036 
2037 #ifndef OPENSSL_NO_SM2
2038     OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2);
2039     OPENSSL_assert(strcmp(sm2_choices[SM2_NUM - 1].name, "curveSM2") == 0);
2040 #endif
2041 
2042     prog = opt_init(argc, argv, speed_options);
2043     while ((o = opt_next()) != OPT_EOF) {
2044         switch (o) {
2045         case OPT_EOF:
2046         case OPT_ERR:
2047  opterr:
2048             BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
2049             goto end;
2050         case OPT_HELP:
2051             opt_help(speed_options);
2052             ret = 0;
2053             goto end;
2054         case OPT_ELAPSED:
2055             usertime = 0;
2056             break;
2057         case OPT_EVP:
2058             if (doit[D_EVP]) {
2059                 BIO_printf(bio_err, "%s: -evp option cannot be used more than once\n", prog);
2060                 goto opterr;
2061             }
2062             ERR_set_mark();
2063             if (!opt_cipher_silent(opt_arg(), &evp_cipher)) {
2064                 if (have_md(opt_arg()))
2065                     evp_md_name = opt_arg();
2066             }
2067             if (evp_cipher == NULL && evp_md_name == NULL) {
2068                 ERR_clear_last_mark();
2069                 BIO_printf(bio_err,
2070                            "%s: %s is an unknown cipher or digest\n",
2071                            prog, opt_arg());
2072                 goto end;
2073             }
2074             ERR_pop_to_mark();
2075             doit[D_EVP] = 1;
2076             break;
2077         case OPT_HMAC:
2078             if (!have_md(opt_arg())) {
2079                 BIO_printf(bio_err, "%s: %s is an unknown digest\n",
2080                            prog, opt_arg());
2081                 goto end;
2082             }
2083             evp_mac_mdname = opt_arg();
2084             doit[D_HMAC] = 1;
2085             break;
2086         case OPT_CMAC:
2087             if (!have_cipher(opt_arg())) {
2088                 BIO_printf(bio_err, "%s: %s is an unknown cipher\n",
2089                            prog, opt_arg());
2090                 goto end;
2091             }
2092             evp_mac_ciphername = opt_arg();
2093             doit[D_EVP_CMAC] = 1;
2094             break;
2095         case OPT_DECRYPT:
2096             decrypt = 1;
2097             break;
2098         case OPT_ENGINE:
2099             /*
2100              * In a forked execution, an engine might need to be
2101              * initialised by each child process, not by the parent.
2102              * So store the name here and run setup_engine() later on.
2103              */
2104             engine_id = opt_arg();
2105             break;
2106         case OPT_MULTI:
2107 #ifndef NO_FORK
2108             multi = opt_int_arg();
2109             if ((size_t)multi >= SIZE_MAX / sizeof(int)) {
2110                 BIO_printf(bio_err, "%s: multi argument too large\n", prog);
2111                 return 0;
2112             }
2113 #endif
2114             break;
2115         case OPT_ASYNCJOBS:
2116 #ifndef OPENSSL_NO_ASYNC
2117             async_jobs = opt_int_arg();
2118             if (async_jobs > 99999) {
2119                 BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
2120                 goto opterr;
2121             }
2122             if (!ASYNC_is_capable()) {
2123                 BIO_printf(bio_err,
2124                            "%s: async_jobs specified but async not supported\n",
2125                            prog);
2126                 if (testmode)
2127                     /* Return success in the testmode. */
2128                     return 0;
2129                 goto opterr;
2130             }
2131 #endif
2132             break;
2133         case OPT_MISALIGN:
2134             misalign = opt_int_arg();
2135             if (misalign > MISALIGN) {
2136                 BIO_printf(bio_err,
2137                            "%s: Maximum offset is %d\n", prog, MISALIGN);
2138                 goto opterr;
2139             }
2140             break;
2141         case OPT_MR:
2142             mr = 1;
2143             break;
2144         case OPT_MB:
2145             multiblock = 1;
2146 #ifdef OPENSSL_NO_MULTIBLOCK
2147             BIO_printf(bio_err,
2148                        "%s: -mb specified but multi-block support is disabled\n",
2149                        prog);
2150             goto end;
2151 #endif
2152             break;
2153         case OPT_R_CASES:
2154             if (!opt_rand(o))
2155                 goto end;
2156             break;
2157         case OPT_PROV_CASES:
2158             if (!opt_provider(o))
2159                 goto end;
2160             break;
2161         case OPT_CONFIG:
2162             conf = app_load_config_modules(opt_arg());
2163             if (conf == NULL)
2164                 goto end;
2165             break;
2166         case OPT_PRIMES:
2167             primes = opt_int_arg();
2168             break;
2169         case OPT_SECONDS:
2170             seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
2171                         = seconds.ecdh = seconds.eddsa
2172                         = seconds.sm2 = seconds.ffdh
2173                         = seconds.kem = seconds.sig = opt_int_arg();
2174             break;
2175         case OPT_BYTES:
2176             lengths_single = opt_int_arg();
2177             lengths = &lengths_single;
2178             size_num = 1;
2179             break;
2180         case OPT_AEAD:
2181             aead = 1;
2182             break;
2183         case OPT_KEM:
2184             do_kems = 1;
2185             break;
2186         case OPT_SIG:
2187             do_sigs = 1;
2188             break;
2189         case OPT_MLOCK:
2190             domlock = 1;
2191 #if !defined(_WIN32) && !defined(OPENSSL_SYS_LINUX)
2192             BIO_printf(bio_err,
2193                        "%s: -mlock not supported on this platform\n",
2194                        prog);
2195             goto end;
2196 #endif
2197             break;
2198         case OPT_TESTMODE:
2199             testmode = 1;
2200             break;
2201         }
2202     }
2203 
2204     /* find all KEMs currently available */
2205     kem_stack = sk_EVP_KEM_new(kems_cmp);
2206     EVP_KEM_do_all_provided(app_get0_libctx(), collect_kem, kem_stack);
2207 
2208     kems_algs_len = 0;
2209 
2210     for (idx = 0; idx < (unsigned int)sk_EVP_KEM_num(kem_stack); idx++) {
2211         EVP_KEM *kem = sk_EVP_KEM_value(kem_stack, idx);
2212 
2213         if (strcmp(EVP_KEM_get0_name(kem), "RSA") == 0) {
2214             if (kems_algs_len + OSSL_NELEM(rsa_choices) >= MAX_KEM_NUM) {
2215                 BIO_printf(bio_err,
2216                            "Too many KEMs registered. Change MAX_KEM_NUM.\n");
2217                 goto end;
2218             }
2219             for (i = 0; i < OSSL_NELEM(rsa_choices); i++) {
2220                 kems_doit[kems_algs_len] = 1;
2221                 kems_algname[kems_algs_len++] = OPENSSL_strdup(rsa_choices[i].name);
2222             }
2223         } else if (strcmp(EVP_KEM_get0_name(kem), "EC") == 0) {
2224             if (kems_algs_len + 3 >= MAX_KEM_NUM) {
2225                 BIO_printf(bio_err,
2226                            "Too many KEMs registered. Change MAX_KEM_NUM.\n");
2227                 goto end;
2228             }
2229             kems_doit[kems_algs_len] = 1;
2230             kems_algname[kems_algs_len++] = OPENSSL_strdup("ECP-256");
2231             kems_doit[kems_algs_len] = 1;
2232             kems_algname[kems_algs_len++] = OPENSSL_strdup("ECP-384");
2233             kems_doit[kems_algs_len] = 1;
2234             kems_algname[kems_algs_len++] = OPENSSL_strdup("ECP-521");
2235         } else {
2236             if (kems_algs_len + 1 >= MAX_KEM_NUM) {
2237                 BIO_printf(bio_err,
2238                            "Too many KEMs registered. Change MAX_KEM_NUM.\n");
2239                 goto end;
2240             }
2241             kems_doit[kems_algs_len] = 1;
2242             kems_algname[kems_algs_len++] = OPENSSL_strdup(EVP_KEM_get0_name(kem));
2243         }
2244     }
2245     sk_EVP_KEM_pop_free(kem_stack, EVP_KEM_free);
2246     kem_stack = NULL;
2247 
2248     /* find all SIGNATUREs currently available */
2249     sig_stack = sk_EVP_SIGNATURE_new(signatures_cmp);
2250     EVP_SIGNATURE_do_all_provided(app_get0_libctx(), collect_signatures, sig_stack);
2251 
2252     sigs_algs_len = 0;
2253 
2254     for (idx = 0; idx < (unsigned int)sk_EVP_SIGNATURE_num(sig_stack); idx++) {
2255         EVP_SIGNATURE *s = sk_EVP_SIGNATURE_value(sig_stack, idx);
2256         const char *sig_name = EVP_SIGNATURE_get0_name(s);
2257 
2258         if (strcmp(sig_name, "RSA") == 0) {
2259             if (sigs_algs_len + OSSL_NELEM(rsa_choices) >= MAX_SIG_NUM) {
2260                 BIO_printf(bio_err,
2261                            "Too many signatures registered. Change MAX_SIG_NUM.\n");
2262                 goto end;
2263             }
2264             for (i = 0; i < OSSL_NELEM(rsa_choices); i++) {
2265                 sigs_doit[sigs_algs_len] = 1;
2266                 sigs_algname[sigs_algs_len++] = OPENSSL_strdup(rsa_choices[i].name);
2267             }
2268         }
2269 #ifndef OPENSSL_NO_DSA
2270         else if (strcmp(sig_name, "DSA") == 0) {
2271             if (sigs_algs_len + DSA_NUM >= MAX_SIG_NUM) {
2272                 BIO_printf(bio_err,
2273                            "Too many signatures registered. Change MAX_SIG_NUM.\n");
2274                 goto end;
2275             }
2276             for (i = 0; i < DSA_NUM; i++) {
2277                 sigs_doit[sigs_algs_len] = 1;
2278                 sigs_algname[sigs_algs_len++] = OPENSSL_strdup(dsa_choices[i].name);
2279             }
2280         }
2281 #endif /* OPENSSL_NO_DSA */
2282         /* skipping these algs as tested elsewhere - and b/o setup is a pain */
2283         else if (strcmp(sig_name, "ED25519") &&
2284                  strcmp(sig_name, "ED448") &&
2285                  strcmp(sig_name, "ECDSA") &&
2286                  strcmp(sig_name, "HMAC") &&
2287                  strcmp(sig_name, "SIPHASH") &&
2288                  strcmp(sig_name, "POLY1305") &&
2289                  strcmp(sig_name, "CMAC") &&
2290                  strcmp(sig_name, "SM2")) { /* skip alg */
2291             if (sigs_algs_len + 1 >= MAX_SIG_NUM) {
2292                 BIO_printf(bio_err,
2293                            "Too many signatures registered. Change MAX_SIG_NUM.\n");
2294                 goto end;
2295             }
2296             /* activate this provider algorithm */
2297             sigs_doit[sigs_algs_len] = 1;
2298             sigs_algname[sigs_algs_len++] = OPENSSL_strdup(sig_name);
2299         }
2300     }
2301     sk_EVP_SIGNATURE_pop_free(sig_stack, EVP_SIGNATURE_free);
2302     sig_stack = NULL;
2303 
2304     /* Remaining arguments are algorithms. */
2305     argc = opt_num_rest();
2306     argv = opt_rest();
2307 
2308     if (!app_RAND_load())
2309         goto end;
2310 
2311     for (; *argv; argv++) {
2312         const char *algo = *argv;
2313         int algo_found = 0;
2314 
2315         if (opt_found(algo, doit_choices, &i)) {
2316             doit[i] = 1;
2317             algo_found = 1;
2318         }
2319         if (strcmp(algo, "des") == 0) {
2320             doit[D_CBC_DES] = doit[D_EDE3_DES] = 1;
2321             algo_found = 1;
2322         }
2323         if (strcmp(algo, "sha") == 0) {
2324             doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
2325             algo_found = 1;
2326         }
2327 #ifndef OPENSSL_NO_DEPRECATED_3_0
2328         if (strcmp(algo, "openssl") == 0) /* just for compatibility */
2329             algo_found = 1;
2330 #endif
2331         if (HAS_PREFIX(algo, "rsa")) {
2332             if (algo[sizeof("rsa") - 1] == '\0') {
2333                 memset(rsa_doit, 1, sizeof(rsa_doit));
2334                 algo_found = 1;
2335             }
2336             if (opt_found(algo, rsa_choices, &i)) {
2337                 rsa_doit[i] = 1;
2338                 algo_found = 1;
2339             }
2340         }
2341 #ifndef OPENSSL_NO_DH
2342         if (HAS_PREFIX(algo, "ffdh")) {
2343             if (algo[sizeof("ffdh") - 1] == '\0') {
2344                 memset(ffdh_doit, 1, sizeof(ffdh_doit));
2345                 algo_found = 1;
2346             }
2347             if (opt_found(algo, ffdh_choices, &i)) {
2348                 ffdh_doit[i] = 2;
2349                 algo_found = 1;
2350             }
2351         }
2352 #endif
2353 #ifndef OPENSSL_NO_DSA
2354         if (HAS_PREFIX(algo, "dsa")) {
2355             if (algo[sizeof("dsa") - 1] == '\0') {
2356                 memset(dsa_doit, 1, sizeof(dsa_doit));
2357                 algo_found = 1;
2358             }
2359             if (opt_found(algo, dsa_choices, &i)) {
2360                 dsa_doit[i] = 2;
2361                 algo_found = 1;
2362             }
2363         }
2364 #endif
2365         if (strcmp(algo, "aes") == 0) {
2366             doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1;
2367             algo_found = 1;
2368         }
2369         if (strcmp(algo, "camellia") == 0) {
2370             doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
2371             algo_found = 1;
2372         }
2373         if (HAS_PREFIX(algo, "ecdsa")) {
2374             if (algo[sizeof("ecdsa") - 1] == '\0') {
2375                 memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
2376                 algo_found = 1;
2377             }
2378             if (opt_found(algo, ecdsa_choices, &i)) {
2379                 ecdsa_doit[i] = 2;
2380                 algo_found = 1;
2381             }
2382         }
2383         if (HAS_PREFIX(algo, "ecdh")) {
2384             if (algo[sizeof("ecdh") - 1] == '\0') {
2385                 memset(ecdh_doit, 1, sizeof(ecdh_doit));
2386                 algo_found = 1;
2387             }
2388             if (opt_found(algo, ecdh_choices, &i)) {
2389                 ecdh_doit[i] = 2;
2390                 algo_found = 1;
2391             }
2392         }
2393 #ifndef OPENSSL_NO_ECX
2394         if (strcmp(algo, "eddsa") == 0) {
2395             memset(eddsa_doit, 1, sizeof(eddsa_doit));
2396             algo_found = 1;
2397         }
2398         if (opt_found(algo, eddsa_choices, &i)) {
2399             eddsa_doit[i] = 2;
2400             algo_found = 1;
2401         }
2402 #endif /* OPENSSL_NO_ECX */
2403 #ifndef OPENSSL_NO_SM2
2404         if (strcmp(algo, "sm2") == 0) {
2405             memset(sm2_doit, 1, sizeof(sm2_doit));
2406             algo_found = 1;
2407         }
2408         if (opt_found(algo, sm2_choices, &i)) {
2409             sm2_doit[i] = 2;
2410             algo_found = 1;
2411         }
2412 #endif
2413         if (kem_locate(algo, &idx)) {
2414             kems_doit[idx]++;
2415             do_kems = 1;
2416             algo_found = 1;
2417         }
2418         if (sig_locate(algo, &idx)) {
2419             sigs_doit[idx]++;
2420             do_sigs = 1;
2421             algo_found = 1;
2422         }
2423         if (strcmp(algo, "kmac") == 0) {
2424             doit[D_KMAC128] = doit[D_KMAC256] = 1;
2425             algo_found = 1;
2426         }
2427         if (strcmp(algo, "cmac") == 0) {
2428             doit[D_EVP_CMAC] = 1;
2429             algo_found = 1;
2430         }
2431 
2432         if (!algo_found) {
2433             BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, algo);
2434             goto end;
2435         }
2436     }
2437 
2438     /* Sanity checks */
2439     if (aead) {
2440         if (evp_cipher == NULL) {
2441             BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
2442             goto end;
2443         } else if (!(EVP_CIPHER_get_flags(evp_cipher) &
2444                      EVP_CIPH_FLAG_AEAD_CIPHER)) {
2445             BIO_printf(bio_err, "%s is not an AEAD cipher\n",
2446                        EVP_CIPHER_get0_name(evp_cipher));
2447             goto end;
2448         }
2449     }
2450     if (kems_algs_len > 0) {
2451         int maxcnt = get_max(kems_doit, kems_algs_len);
2452 
2453         if (maxcnt > 1) {
2454             /* some algs explicitly selected */
2455             for (i = 0; i < kems_algs_len; i++) {
2456                 /* disable the rest */
2457                 kems_doit[i]--;
2458             }
2459         }
2460     }
2461     if (sigs_algs_len > 0) {
2462         int maxcnt = get_max(sigs_doit, sigs_algs_len);
2463 
2464         if (maxcnt > 1) {
2465             /* some algs explicitly selected */
2466             for (i = 0; i < sigs_algs_len; i++) {
2467                 /* disable the rest */
2468                 sigs_doit[i]--;
2469             }
2470         }
2471     }
2472     if (multiblock) {
2473         if (evp_cipher == NULL) {
2474             BIO_printf(bio_err, "-mb can be used only with a multi-block"
2475                                 " capable cipher\n");
2476             goto end;
2477         } else if (!(EVP_CIPHER_get_flags(evp_cipher) &
2478                      EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
2479             BIO_printf(bio_err, "%s is not a multi-block capable\n",
2480                        EVP_CIPHER_get0_name(evp_cipher));
2481             goto end;
2482         } else if (async_jobs > 0) {
2483             BIO_printf(bio_err, "Async mode is not supported with -mb");
2484             goto end;
2485         }
2486     }
2487 
2488     /* Initialize the job pool if async mode is enabled */
2489     if (async_jobs > 0) {
2490         async_init = ASYNC_init_thread(async_jobs, async_jobs);
2491         if (!async_init) {
2492             BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
2493             goto end;
2494         }
2495     }
2496 
2497     loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
2498     loopargs =
2499         app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
2500     memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
2501 
2502     buflen = lengths[size_num - 1];
2503     if (buflen < 36)    /* size of random vector in RSA benchmark */
2504         buflen = 36;
2505     if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) {
2506         BIO_printf(bio_err, "Error: buffer size too large\n");
2507         goto end;
2508     }
2509     buflen += MAX_MISALIGNMENT + 1;
2510     for (i = 0; i < loopargs_len; i++) {
2511         if (async_jobs > 0) {
2512             loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new();
2513             if (loopargs[i].wait_ctx == NULL) {
2514                 BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n");
2515                 goto end;
2516             }
2517         }
2518 
2519         loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
2520         loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
2521 
2522         /* Align the start of buffers on a 64 byte boundary */
2523         loopargs[i].buf = loopargs[i].buf_malloc + misalign;
2524         loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
2525         loopargs[i].buflen = buflen - misalign;
2526         loopargs[i].sigsize = buflen - misalign;
2527         loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
2528         loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
2529 #ifndef OPENSSL_NO_DH
2530         loopargs[i].secret_ff_a = app_malloc(MAX_FFDH_SIZE, "FFDH secret a");
2531         loopargs[i].secret_ff_b = app_malloc(MAX_FFDH_SIZE, "FFDH secret b");
2532 #endif
2533     }
2534 
2535 #ifndef NO_FORK
2536     if (multi && do_multi(multi, size_num))
2537         goto show_res;
2538 #endif
2539 
2540     for (i = 0; i < loopargs_len; ++i) {
2541         if (domlock) {
2542 #if defined(_WIN32)
2543             (void)VirtualLock(loopargs[i].buf_malloc, buflen);
2544             (void)VirtualLock(loopargs[i].buf2_malloc, buflen);
2545 #elif defined(OPENSSL_SYS_LINUX)
2546             (void)mlock(loopargs[i].buf_malloc, buflen);
2547             (void)mlock(loopargs[i].buf_malloc, buflen);
2548 #endif
2549         }
2550         memset(loopargs[i].buf_malloc, 0, buflen);
2551         memset(loopargs[i].buf2_malloc, 0, buflen);
2552     }
2553 
2554     /* Initialize the engine after the fork */
2555     e = setup_engine(engine_id, 0);
2556 
2557     /* No parameters; turn on everything. */
2558     if (argc == 0 && !doit[D_EVP] && !doit[D_HMAC]
2559         && !doit[D_EVP_CMAC] && !do_kems && !do_sigs) {
2560         memset(doit, 1, sizeof(doit));
2561         doit[D_EVP] = doit[D_EVP_CMAC] = 0;
2562         ERR_set_mark();
2563         for (i = D_MD2; i <= D_WHIRLPOOL; i++) {
2564             if (!have_md(names[i]))
2565                 doit[i] = 0;
2566         }
2567         for (i = D_CBC_DES; i <= D_CBC_256_CML; i++) {
2568             if (!have_cipher(names[i]))
2569                 doit[i] = 0;
2570         }
2571         if ((mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC",
2572                                  app_get0_propq())) != NULL) {
2573             EVP_MAC_free(mac);
2574             mac = NULL;
2575         } else {
2576             doit[D_GHASH] = 0;
2577         }
2578         if ((mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC",
2579                                  app_get0_propq())) != NULL) {
2580             EVP_MAC_free(mac);
2581             mac = NULL;
2582         } else {
2583             doit[D_HMAC] = 0;
2584         }
2585         ERR_pop_to_mark();
2586         memset(rsa_doit, 1, sizeof(rsa_doit));
2587 #ifndef OPENSSL_NO_DH
2588         memset(ffdh_doit, 1, sizeof(ffdh_doit));
2589 #endif
2590 #ifndef OPENSSL_NO_DSA
2591         memset(dsa_doit, 1, sizeof(dsa_doit));
2592 #endif
2593 #ifndef OPENSSL_NO_ECX
2594         memset(ecdsa_doit, 1, sizeof(ecdsa_doit));
2595         memset(ecdh_doit, 1, sizeof(ecdh_doit));
2596         memset(eddsa_doit, 1, sizeof(eddsa_doit));
2597 #endif /* OPENSSL_NO_ECX */
2598 #ifndef OPENSSL_NO_SM2
2599         memset(sm2_doit, 1, sizeof(sm2_doit));
2600 #endif
2601         memset(kems_doit, 1, sizeof(kems_doit));
2602         do_kems = 1;
2603         memset(sigs_doit, 1, sizeof(sigs_doit));
2604         do_sigs = 1;
2605     }
2606     for (i = 0; i < ALGOR_NUM; i++)
2607         if (doit[i])
2608             pr_header++;
2609 
2610     if (usertime == 0 && !mr)
2611         BIO_printf(bio_err,
2612                    "You have chosen to measure elapsed time "
2613                    "instead of user CPU time.\n");
2614 
2615 #if SIGALRM > 0
2616     signal(SIGALRM, alarmed);
2617 #endif
2618 
2619     if (doit[D_MD2]) {
2620         for (testnum = 0; testnum < size_num; testnum++) {
2621             print_message(names[D_MD2], lengths[testnum], seconds.sym);
2622             Time_F(START);
2623             count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
2624             d = Time_F(STOP);
2625             print_result(D_MD2, testnum, count, d);
2626             if (count < 0)
2627                 break;
2628         }
2629     }
2630 
2631     if (doit[D_MDC2]) {
2632         for (testnum = 0; testnum < size_num; testnum++) {
2633             print_message(names[D_MDC2], lengths[testnum], seconds.sym);
2634             Time_F(START);
2635             count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
2636             d = Time_F(STOP);
2637             print_result(D_MDC2, testnum, count, d);
2638             if (count < 0)
2639                 break;
2640         }
2641     }
2642 
2643     if (doit[D_MD4]) {
2644         for (testnum = 0; testnum < size_num; testnum++) {
2645             print_message(names[D_MD4], lengths[testnum], seconds.sym);
2646             Time_F(START);
2647             count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
2648             d = Time_F(STOP);
2649             print_result(D_MD4, testnum, count, d);
2650             if (count < 0)
2651                 break;
2652         }
2653     }
2654 
2655     if (doit[D_MD5]) {
2656         for (testnum = 0; testnum < size_num; testnum++) {
2657             print_message(names[D_MD5], lengths[testnum], seconds.sym);
2658             Time_F(START);
2659             count = run_benchmark(async_jobs, MD5_loop, loopargs);
2660             d = Time_F(STOP);
2661             print_result(D_MD5, testnum, count, d);
2662             if (count < 0)
2663                 break;
2664         }
2665     }
2666 
2667     if (doit[D_SHA1]) {
2668         for (testnum = 0; testnum < size_num; testnum++) {
2669             print_message(names[D_SHA1], lengths[testnum], seconds.sym);
2670             Time_F(START);
2671             count = run_benchmark(async_jobs, SHA1_loop, loopargs);
2672             d = Time_F(STOP);
2673             print_result(D_SHA1, testnum, count, d);
2674             if (count < 0)
2675                 break;
2676         }
2677     }
2678 
2679     if (doit[D_SHA256]) {
2680         for (testnum = 0; testnum < size_num; testnum++) {
2681             print_message(names[D_SHA256], lengths[testnum], seconds.sym);
2682             Time_F(START);
2683             count = run_benchmark(async_jobs, SHA256_loop, loopargs);
2684             d = Time_F(STOP);
2685             print_result(D_SHA256, testnum, count, d);
2686             if (count < 0)
2687                 break;
2688         }
2689     }
2690 
2691     if (doit[D_SHA512]) {
2692         for (testnum = 0; testnum < size_num; testnum++) {
2693             print_message(names[D_SHA512], lengths[testnum], seconds.sym);
2694             Time_F(START);
2695             count = run_benchmark(async_jobs, SHA512_loop, loopargs);
2696             d = Time_F(STOP);
2697             print_result(D_SHA512, testnum, count, d);
2698             if (count < 0)
2699                 break;
2700         }
2701     }
2702 
2703     if (doit[D_WHIRLPOOL]) {
2704         for (testnum = 0; testnum < size_num; testnum++) {
2705             print_message(names[D_WHIRLPOOL], lengths[testnum], seconds.sym);
2706             Time_F(START);
2707             count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
2708             d = Time_F(STOP);
2709             print_result(D_WHIRLPOOL, testnum, count, d);
2710             if (count < 0)
2711                 break;
2712         }
2713     }
2714 
2715     if (doit[D_RMD160]) {
2716         for (testnum = 0; testnum < size_num; testnum++) {
2717             print_message(names[D_RMD160], lengths[testnum], seconds.sym);
2718             Time_F(START);
2719             count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
2720             d = Time_F(STOP);
2721             print_result(D_RMD160, testnum, count, d);
2722             if (count < 0)
2723                 break;
2724         }
2725     }
2726 
2727     if (doit[D_HMAC]) {
2728         static const char hmac_key[] = "This is a key...";
2729         int len = strlen(hmac_key);
2730         size_t hmac_name_len = sizeof("hmac()") + strlen(evp_mac_mdname);
2731         OSSL_PARAM params[3];
2732 
2733         if (evp_mac_mdname == NULL)
2734             goto end;
2735         evp_hmac_name = app_malloc(hmac_name_len, "HMAC name");
2736         BIO_snprintf(evp_hmac_name, hmac_name_len, "hmac(%s)", evp_mac_mdname);
2737         names[D_HMAC] = evp_hmac_name;
2738 
2739         params[0] =
2740             OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
2741                                              evp_mac_mdname, 0);
2742         params[1] =
2743             OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
2744                                               (char *)hmac_key, len);
2745         params[2] = OSSL_PARAM_construct_end();
2746 
2747         if (mac_setup("HMAC", &mac, params, loopargs, loopargs_len) < 1)
2748             goto end;
2749         for (testnum = 0; testnum < size_num; testnum++) {
2750             print_message(names[D_HMAC], lengths[testnum], seconds.sym);
2751             Time_F(START);
2752             count = run_benchmark(async_jobs, HMAC_loop, loopargs);
2753             d = Time_F(STOP);
2754             print_result(D_HMAC, testnum, count, d);
2755             if (count < 0)
2756                 break;
2757         }
2758         mac_teardown(&mac, loopargs, loopargs_len);
2759     }
2760 
2761     if (doit[D_CBC_DES]) {
2762         int st = 1;
2763 
2764         for (i = 0; st && i < loopargs_len; i++) {
2765             loopargs[i].ctx = init_evp_cipher_ctx("des-cbc", deskey,
2766                                                   sizeof(deskey) / 3);
2767             st = loopargs[i].ctx != NULL;
2768         }
2769         algindex = D_CBC_DES;
2770         for (testnum = 0; st && testnum < size_num; testnum++) {
2771             if (!check_block_size(loopargs[0].ctx, lengths[testnum]))
2772                 break;
2773             print_message(names[D_CBC_DES], lengths[testnum], seconds.sym);
2774             Time_F(START);
2775             count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2776             d = Time_F(STOP);
2777             print_result(D_CBC_DES, testnum, count, d);
2778         }
2779         for (i = 0; i < loopargs_len; i++)
2780             EVP_CIPHER_CTX_free(loopargs[i].ctx);
2781     }
2782 
2783     if (doit[D_EDE3_DES]) {
2784         int st = 1;
2785 
2786         for (i = 0; st && i < loopargs_len; i++) {
2787             loopargs[i].ctx = init_evp_cipher_ctx("des-ede3-cbc", deskey,
2788                                                   sizeof(deskey));
2789             st = loopargs[i].ctx != NULL;
2790         }
2791         algindex = D_EDE3_DES;
2792         for (testnum = 0; st && testnum < size_num; testnum++) {
2793             if (!check_block_size(loopargs[0].ctx, lengths[testnum]))
2794                 break;
2795             print_message(names[D_EDE3_DES], lengths[testnum], seconds.sym);
2796             Time_F(START);
2797             count =
2798                 run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2799             d = Time_F(STOP);
2800             print_result(D_EDE3_DES, testnum, count, d);
2801         }
2802         for (i = 0; i < loopargs_len; i++)
2803             EVP_CIPHER_CTX_free(loopargs[i].ctx);
2804     }
2805 
2806     for (k = 0; k < 3; k++) {
2807         algindex = D_CBC_128_AES + k;
2808         if (doit[algindex]) {
2809             int st = 1;
2810 
2811             keylen = 16 + k * 8;
2812             for (i = 0; st && i < loopargs_len; i++) {
2813                 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2814                                                       key32, keylen);
2815                 st = loopargs[i].ctx != NULL;
2816             }
2817 
2818             for (testnum = 0; st && testnum < size_num; testnum++) {
2819                 if (!check_block_size(loopargs[0].ctx, lengths[testnum]))
2820                     break;
2821                 print_message(names[algindex], lengths[testnum], seconds.sym);
2822                 Time_F(START);
2823                 count =
2824                     run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2825                 d = Time_F(STOP);
2826                 print_result(algindex, testnum, count, d);
2827             }
2828             for (i = 0; i < loopargs_len; i++)
2829                 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2830         }
2831     }
2832 
2833     for (k = 0; k < 3; k++) {
2834         algindex = D_CBC_128_CML + k;
2835         if (doit[algindex]) {
2836             int st = 1;
2837 
2838             keylen = 16 + k * 8;
2839             for (i = 0; st && i < loopargs_len; i++) {
2840                 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2841                                                       key32, keylen);
2842                 st = loopargs[i].ctx != NULL;
2843             }
2844 
2845             for (testnum = 0; st && testnum < size_num; testnum++) {
2846                 if (!check_block_size(loopargs[0].ctx, lengths[testnum]))
2847                     break;
2848                 print_message(names[algindex], lengths[testnum], seconds.sym);
2849                 Time_F(START);
2850                 count =
2851                     run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2852                 d = Time_F(STOP);
2853                 print_result(algindex, testnum, count, d);
2854             }
2855             for (i = 0; i < loopargs_len; i++)
2856                 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2857         }
2858     }
2859 
2860     for (algindex = D_RC4; algindex <= D_CBC_CAST; algindex++) {
2861         if (doit[algindex]) {
2862             int st = 1;
2863 
2864             keylen = 16;
2865             for (i = 0; st && i < loopargs_len; i++) {
2866                 loopargs[i].ctx = init_evp_cipher_ctx(names[algindex],
2867                                                       key32, keylen);
2868                 st = loopargs[i].ctx != NULL;
2869             }
2870 
2871             for (testnum = 0; st && testnum < size_num; testnum++) {
2872                 if (!check_block_size(loopargs[0].ctx, lengths[testnum]))
2873                     break;
2874                 print_message(names[algindex], lengths[testnum], seconds.sym);
2875                 Time_F(START);
2876                 count =
2877                     run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
2878                 d = Time_F(STOP);
2879                 print_result(algindex, testnum, count, d);
2880             }
2881             for (i = 0; i < loopargs_len; i++)
2882                 EVP_CIPHER_CTX_free(loopargs[i].ctx);
2883         }
2884     }
2885     if (doit[D_GHASH]) {
2886         static const char gmac_iv[] = "0123456789ab";
2887         OSSL_PARAM params[4];
2888 
2889         params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
2890                                                      "aes-128-gcm", 0);
2891         params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV,
2892                                                       (char *)gmac_iv,
2893                                                       sizeof(gmac_iv) - 1);
2894         params[2] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
2895                                                       (void *)key32, 16);
2896         params[3] = OSSL_PARAM_construct_end();
2897 
2898         if (mac_setup("GMAC", &mac, params, loopargs, loopargs_len) < 1)
2899             goto end;
2900         /* b/c of the definition of GHASH_loop(), init() calls are needed here */
2901         for (i = 0; i < loopargs_len; i++) {
2902             if (!EVP_MAC_init(loopargs[i].mctx, NULL, 0, NULL))
2903                 goto end;
2904         }
2905         for (testnum = 0; testnum < size_num; testnum++) {
2906             print_message(names[D_GHASH], lengths[testnum], seconds.sym);
2907             Time_F(START);
2908             count = run_benchmark(async_jobs, GHASH_loop, loopargs);
2909             d = Time_F(STOP);
2910             print_result(D_GHASH, testnum, count, d);
2911             if (count < 0)
2912                 break;
2913         }
2914         mac_teardown(&mac, loopargs, loopargs_len);
2915     }
2916 
2917     if (doit[D_RAND]) {
2918         for (testnum = 0; testnum < size_num; testnum++) {
2919             print_message(names[D_RAND], lengths[testnum], seconds.sym);
2920             Time_F(START);
2921             count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs);
2922             d = Time_F(STOP);
2923             print_result(D_RAND, testnum, count, d);
2924         }
2925     }
2926 
2927     /*-
2928      * There are three scenarios for D_EVP:
2929      * 1- Using authenticated encryption (AE) e.g. CCM, GCM, OCB etc.
2930      * 2- Using AE + associated data (AD) i.e. AEAD using CCM, GCM, OCB etc.
2931      * 3- Not using AE or AD e.g. ECB, CBC, CFB etc.
2932      */
2933     if (doit[D_EVP]) {
2934         if (evp_cipher != NULL) {
2935             int (*loopfunc) (void *);
2936             int outlen = 0;
2937             unsigned int ae_mode = 0;
2938 
2939             if (multiblock && (EVP_CIPHER_get_flags(evp_cipher)
2940                                & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
2941                 multiblock_speed(evp_cipher, lengths_single, &seconds);
2942                 ret = 0;
2943                 goto end;
2944             }
2945 
2946             names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher);
2947 
2948             mode_op = EVP_CIPHER_get_mode(evp_cipher);
2949 
2950             if (aead) {
2951                 if (lengths == lengths_list) {
2952                     lengths = aead_lengths_list;
2953                     size_num = OSSL_NELEM(aead_lengths_list);
2954                 }
2955             }
2956             if (mode_op == EVP_CIPH_GCM_MODE
2957                 || mode_op == EVP_CIPH_CCM_MODE
2958                 || mode_op == EVP_CIPH_OCB_MODE
2959                 || mode_op == EVP_CIPH_SIV_MODE
2960                 || mode_op == EVP_CIPH_GCM_SIV_MODE) {
2961                 ae_mode = 1;
2962                 if (decrypt)
2963                     loopfunc = EVP_Update_loop_aead_dec;
2964                 else
2965                     loopfunc = EVP_Update_loop_aead_enc;
2966             } else {
2967                 loopfunc = EVP_Update_loop;
2968             }
2969 
2970             for (testnum = 0; testnum < size_num; testnum++) {
2971                 print_message(names[D_EVP], lengths[testnum], seconds.sym);
2972 
2973                 for (k = 0; k < loopargs_len; k++) {
2974                     loopargs[k].ctx = EVP_CIPHER_CTX_new();
2975                     if (loopargs[k].ctx == NULL) {
2976                         BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
2977                         exit(1);
2978                     }
2979 
2980                     /*
2981                      * For AE modes, we must first encrypt the data to get
2982                      * a valid tag that enables us to decrypt. If we don't
2983                      * encrypt first, we won't have a valid tag that enables
2984                      * authenticity and hence decryption will fail.
2985                      */
2986                     if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL,
2987                                            NULL, NULL, ae_mode ? 1 : !decrypt)) {
2988                         BIO_printf(bio_err, "\nCouldn't init the context\n");
2989                         dofail();
2990                         exit(1);
2991                     }
2992 
2993                     /* Padding isn't needed */
2994                     EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
2995 
2996                     keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx);
2997                     loopargs[k].key = app_malloc(keylen, "evp_cipher key");
2998                     EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
2999 
3000                     if (!ae_mode) {
3001                         if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
3002                                                loopargs[k].key, NULL, -1)) {
3003                             BIO_printf(bio_err, "\nFailed to set the key\n");
3004                             dofail();
3005                             exit(1);
3006                         }
3007                     } else if (mode_op == EVP_CIPH_SIV_MODE
3008                                || mode_op == EVP_CIPH_GCM_SIV_MODE) {
3009                         EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
3010                                             EVP_CTRL_SET_SPEED, 1, NULL);
3011                     }
3012                     if (ae_mode && decrypt) {
3013                         /* Set length of iv (Doesn't apply to SIV mode) */
3014                         if (mode_op != EVP_CIPH_SIV_MODE) {
3015                             if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
3016                                                      EVP_CTRL_AEAD_SET_IVLEN,
3017                                                      aead_ivlen, NULL)) {
3018                                 BIO_printf(bio_err, "\nFailed to set iv length\n");
3019                                 dofail();
3020                                 exit(1);
3021                             }
3022                         }
3023                         /* Set tag_len (Not for GCM/SIV at encryption stage) */
3024                         if (mode_op != EVP_CIPH_GCM_MODE
3025                             && mode_op != EVP_CIPH_SIV_MODE
3026                             && mode_op != EVP_CIPH_GCM_SIV_MODE) {
3027                             if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
3028                                                      EVP_CTRL_AEAD_SET_TAG,
3029                                                      TAG_LEN, NULL)) {
3030                                 BIO_printf(bio_err,
3031                                            "\nFailed to set tag length\n");
3032                                 dofail();
3033                                 exit(1);
3034                             }
3035                         }
3036                         if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
3037                                                loopargs[k].key, aead_iv, -1)) {
3038                             BIO_printf(bio_err, "\nFailed to set the key\n");
3039                             dofail();
3040                             exit(1);
3041                         }
3042                         /* Set total length of input. Only required for CCM */
3043                         if (mode_op == EVP_CIPH_CCM_MODE) {
3044                             if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
3045                                                    &outlen, NULL,
3046                                                    lengths[testnum])) {
3047                                 BIO_printf(bio_err,
3048                                            "\nCouldn't set input text length\n");
3049                                 dofail();
3050                                 exit(1);
3051                             }
3052                         }
3053                         if (aead) {
3054                             if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
3055                                                    &outlen, aad, sizeof(aad))) {
3056                                 BIO_printf(bio_err,
3057                                            "\nCouldn't insert AAD when encrypting\n");
3058                                 dofail();
3059                                 exit(1);
3060                             }
3061                         }
3062                         if (!EVP_EncryptUpdate(loopargs[k].ctx, loopargs[k].buf,
3063                                                &outlen, loopargs[k].buf,
3064                                                lengths[testnum])) {
3065                             BIO_printf(bio_err,
3066                                        "\nFailed to to encrypt the data\n");
3067                             dofail();
3068                             exit(1);
3069                         }
3070 
3071                         if (!EVP_EncryptFinal_ex(loopargs[k].ctx,
3072                                                  loopargs[k].buf, &outlen)) {
3073                             BIO_printf(bio_err,
3074                                        "\nFailed finalize the encryption\n");
3075                             dofail();
3076                             exit(1);
3077                         }
3078 
3079                         if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, EVP_CTRL_AEAD_GET_TAG,
3080                                                  TAG_LEN, &loopargs[k].tag)) {
3081                             BIO_printf(bio_err, "\nFailed to get the tag\n");
3082                             dofail();
3083                             exit(1);
3084                         }
3085 
3086                         EVP_CIPHER_CTX_free(loopargs[k].ctx);
3087                         loopargs[k].ctx = EVP_CIPHER_CTX_new();
3088                         if (loopargs[k].ctx == NULL) {
3089                             BIO_printf(bio_err,
3090                                        "\nEVP_CIPHER_CTX_new failure\n");
3091                             exit(1);
3092                         }
3093                         if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher,
3094                                                NULL, NULL, NULL, 0)) {
3095                             BIO_printf(bio_err,
3096                                        "\nFailed initializing the context\n");
3097                             dofail();
3098                             exit(1);
3099                         }
3100 
3101                         EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
3102 
3103                         /* GCM-SIV/SIV only allows for a single Update operation */
3104                         if (mode_op == EVP_CIPH_SIV_MODE
3105                             || mode_op == EVP_CIPH_GCM_SIV_MODE)
3106                             EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
3107                                                 EVP_CTRL_SET_SPEED, 1, NULL);
3108                     }
3109                 }
3110 
3111                 Time_F(START);
3112                 count = run_benchmark(async_jobs, loopfunc, loopargs);
3113                 d = Time_F(STOP);
3114                 for (k = 0; k < loopargs_len; k++) {
3115                     OPENSSL_clear_free(loopargs[k].key, keylen);
3116                     EVP_CIPHER_CTX_free(loopargs[k].ctx);
3117                 }
3118                 print_result(D_EVP, testnum, count, d);
3119             }
3120         } else if (evp_md_name != NULL) {
3121             names[D_EVP] = evp_md_name;
3122 
3123             for (testnum = 0; testnum < size_num; testnum++) {
3124                 print_message(names[D_EVP], lengths[testnum], seconds.sym);
3125                 Time_F(START);
3126                 count = run_benchmark(async_jobs, EVP_Digest_md_loop, loopargs);
3127                 d = Time_F(STOP);
3128                 print_result(D_EVP, testnum, count, d);
3129                 if (count < 0)
3130                     break;
3131             }
3132         }
3133     }
3134 
3135     if (doit[D_EVP_CMAC]) {
3136         size_t len = sizeof("cmac()") + strlen(evp_mac_ciphername);
3137         OSSL_PARAM params[3];
3138         EVP_CIPHER *cipher = NULL;
3139 
3140         if (!opt_cipher(evp_mac_ciphername, &cipher))
3141             goto end;
3142 
3143         keylen = EVP_CIPHER_get_key_length(cipher);
3144         EVP_CIPHER_free(cipher);
3145         if (keylen <= 0 || keylen > (int)sizeof(key32)) {
3146             BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n");
3147             goto end;
3148         }
3149         evp_cmac_name = app_malloc(len, "CMAC name");
3150         BIO_snprintf(evp_cmac_name, len, "cmac(%s)", evp_mac_ciphername);
3151         names[D_EVP_CMAC] = evp_cmac_name;
3152 
3153         params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
3154                                                      evp_mac_ciphername, 0);
3155         params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
3156                                                       (char *)key32, keylen);
3157         params[2] = OSSL_PARAM_construct_end();
3158 
3159         if (mac_setup("CMAC", &mac, params, loopargs, loopargs_len) < 1)
3160             goto end;
3161         for (testnum = 0; testnum < size_num; testnum++) {
3162             print_message(names[D_EVP_CMAC], lengths[testnum], seconds.sym);
3163             Time_F(START);
3164             count = run_benchmark(async_jobs, CMAC_loop, loopargs);
3165             d = Time_F(STOP);
3166             print_result(D_EVP_CMAC, testnum, count, d);
3167             if (count < 0)
3168                 break;
3169         }
3170         mac_teardown(&mac, loopargs, loopargs_len);
3171     }
3172 
3173     if (doit[D_KMAC128]) {
3174         OSSL_PARAM params[2];
3175 
3176         params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
3177                                                       (void *)key32, 16);
3178         params[1] = OSSL_PARAM_construct_end();
3179 
3180         if (mac_setup("KMAC-128", &mac, params, loopargs, loopargs_len) < 1)
3181             goto end;
3182         for (testnum = 0; testnum < size_num; testnum++) {
3183             print_message(names[D_KMAC128], lengths[testnum], seconds.sym);
3184             Time_F(START);
3185             count = run_benchmark(async_jobs, KMAC128_loop, loopargs);
3186             d = Time_F(STOP);
3187             print_result(D_KMAC128, testnum, count, d);
3188             if (count < 0)
3189                 break;
3190         }
3191         mac_teardown(&mac, loopargs, loopargs_len);
3192     }
3193 
3194     if (doit[D_KMAC256]) {
3195         OSSL_PARAM params[2];
3196 
3197         params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
3198                                                       (void *)key32, 32);
3199         params[1] = OSSL_PARAM_construct_end();
3200 
3201         if (mac_setup("KMAC-256", &mac, params, loopargs, loopargs_len) < 1)
3202             goto end;
3203         for (testnum = 0; testnum < size_num; testnum++) {
3204             print_message(names[D_KMAC256], lengths[testnum], seconds.sym);
3205             Time_F(START);
3206             count = run_benchmark(async_jobs, KMAC256_loop, loopargs);
3207             d = Time_F(STOP);
3208             print_result(D_KMAC256, testnum, count, d);
3209             if (count < 0)
3210                 break;
3211         }
3212         mac_teardown(&mac, loopargs, loopargs_len);
3213     }
3214 
3215     for (i = 0; i < loopargs_len; i++)
3216         if (RAND_bytes(loopargs[i].buf, 36) <= 0)
3217             goto end;
3218 
3219     for (testnum = 0; testnum < RSA_NUM; testnum++) {
3220         EVP_PKEY *rsa_key = NULL;
3221         int st = 0;
3222 
3223         if (!rsa_doit[testnum])
3224             continue;
3225 
3226         if (primes > RSA_DEFAULT_PRIME_NUM) {
3227             /* we haven't set keys yet,  generate multi-prime RSA keys */
3228             bn = BN_new();
3229             st = bn != NULL
3230                 && BN_set_word(bn, RSA_F4)
3231                 && init_gen_str(&genctx, "RSA", NULL, 0, NULL, NULL)
3232                 && EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, rsa_keys[testnum].bits) > 0
3233                 && EVP_PKEY_CTX_set1_rsa_keygen_pubexp(genctx, bn) > 0
3234                 && EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) > 0
3235                 && EVP_PKEY_keygen(genctx, &rsa_key) > 0;
3236             BN_free(bn);
3237             bn = NULL;
3238             EVP_PKEY_CTX_free(genctx);
3239             genctx = NULL;
3240         } else {
3241             const unsigned char *p = rsa_keys[testnum].data;
3242 
3243             st = (rsa_key = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p,
3244                                            rsa_keys[testnum].length)) != NULL;
3245         }
3246 
3247         for (i = 0; st && i < loopargs_len; i++) {
3248             loopargs[i].rsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL);
3249             loopargs[i].sigsize = loopargs[i].buflen;
3250             if (loopargs[i].rsa_sign_ctx[testnum] == NULL
3251                 || EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0
3252                 || EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum],
3253                                  loopargs[i].buf2,
3254                                  &loopargs[i].sigsize,
3255                                  loopargs[i].buf, 36) <= 0)
3256                 st = 0;
3257         }
3258         if (!st) {
3259             BIO_printf(bio_err,
3260                        "RSA sign setup failure.  No RSA sign will be done.\n");
3261             dofail();
3262             op_count = 1;
3263         } else {
3264             pkey_print_message("private", "rsa sign",
3265                                rsa_keys[testnum].bits, seconds.rsa);
3266             /* RSA_blinding_on(rsa_key[testnum],NULL); */
3267             Time_F(START);
3268             count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
3269             d = Time_F(STOP);
3270             BIO_printf(bio_err,
3271                        mr ? "+R1:%ld:%d:%.2f\n"
3272                        : "%ld %u bits private RSA sign ops in %.2fs\n",
3273                        count, rsa_keys[testnum].bits, d);
3274             rsa_results[testnum][0] = (double)count / d;
3275             op_count = count;
3276         }
3277 
3278         for (i = 0; st && i < loopargs_len; i++) {
3279             loopargs[i].rsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key,
3280                                                                    NULL);
3281             if (loopargs[i].rsa_verify_ctx[testnum] == NULL
3282                 || EVP_PKEY_verify_init(loopargs[i].rsa_verify_ctx[testnum]) <= 0
3283                 || EVP_PKEY_verify(loopargs[i].rsa_verify_ctx[testnum],
3284                                    loopargs[i].buf2,
3285                                    loopargs[i].sigsize,
3286                                    loopargs[i].buf, 36) <= 0)
3287                 st = 0;
3288         }
3289         if (!st) {
3290             BIO_printf(bio_err,
3291                        "RSA verify setup failure.  No RSA verify will be done.\n");
3292             dofail();
3293             rsa_doit[testnum] = 0;
3294         } else {
3295             pkey_print_message("public", "rsa verify",
3296                                rsa_keys[testnum].bits, seconds.rsa);
3297             Time_F(START);
3298             count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
3299             d = Time_F(STOP);
3300             BIO_printf(bio_err,
3301                        mr ? "+R2:%ld:%d:%.2f\n"
3302                        : "%ld %u bits public RSA verify ops in %.2fs\n",
3303                        count, rsa_keys[testnum].bits, d);
3304             rsa_results[testnum][1] = (double)count / d;
3305         }
3306 
3307         for (i = 0; st && i < loopargs_len; i++) {
3308             loopargs[i].rsa_encrypt_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL);
3309             loopargs[i].encsize = loopargs[i].buflen;
3310             if (loopargs[i].rsa_encrypt_ctx[testnum] == NULL
3311                 || EVP_PKEY_encrypt_init(loopargs[i].rsa_encrypt_ctx[testnum]) <= 0
3312                 || EVP_PKEY_encrypt(loopargs[i].rsa_encrypt_ctx[testnum],
3313                                     loopargs[i].buf2,
3314                                     &loopargs[i].encsize,
3315                                     loopargs[i].buf, 36) <= 0)
3316                 st = 0;
3317         }
3318         if (!st) {
3319             BIO_printf(bio_err,
3320                        "RSA encrypt setup failure.  No RSA encrypt will be done.\n");
3321             dofail();
3322             op_count = 1;
3323         } else {
3324             pkey_print_message("public", "rsa encrypt",
3325                                rsa_keys[testnum].bits, seconds.rsa);
3326             /* RSA_blinding_on(rsa_key[testnum],NULL); */
3327             Time_F(START);
3328             count = run_benchmark(async_jobs, RSA_encrypt_loop, loopargs);
3329             d = Time_F(STOP);
3330             BIO_printf(bio_err,
3331                        mr ? "+R3:%ld:%d:%.2f\n"
3332                        : "%ld %u bits public RSA encrypt ops in %.2fs\n",
3333                        count, rsa_keys[testnum].bits, d);
3334             rsa_results[testnum][2] = (double)count / d;
3335             op_count = count;
3336         }
3337 
3338         for (i = 0; st && i < loopargs_len; i++) {
3339             loopargs[i].rsa_decrypt_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL);
3340             declen = loopargs[i].buflen;
3341             if (loopargs[i].rsa_decrypt_ctx[testnum] == NULL
3342                 || EVP_PKEY_decrypt_init(loopargs[i].rsa_decrypt_ctx[testnum]) <= 0
3343                 || EVP_PKEY_decrypt(loopargs[i].rsa_decrypt_ctx[testnum],
3344                                     loopargs[i].buf,
3345                                     &declen,
3346                                     loopargs[i].buf2,
3347                                     loopargs[i].encsize) <= 0)
3348                 st = 0;
3349         }
3350         if (!st) {
3351             BIO_printf(bio_err,
3352                        "RSA decrypt setup failure.  No RSA decrypt will be done.\n");
3353             dofail();
3354             op_count = 1;
3355         } else {
3356             pkey_print_message("private", "rsa decrypt",
3357                                rsa_keys[testnum].bits, seconds.rsa);
3358             /* RSA_blinding_on(rsa_key[testnum],NULL); */
3359             Time_F(START);
3360             count = run_benchmark(async_jobs, RSA_decrypt_loop, loopargs);
3361             d = Time_F(STOP);
3362             BIO_printf(bio_err,
3363                        mr ? "+R4:%ld:%d:%.2f\n"
3364                        : "%ld %u bits private RSA decrypt ops in %.2fs\n",
3365                        count, rsa_keys[testnum].bits, d);
3366             rsa_results[testnum][3] = (double)count / d;
3367             op_count = count;
3368         }
3369 
3370         if (op_count <= 1) {
3371             /* if longer than 10s, don't do any more */
3372             stop_it(rsa_doit, testnum);
3373         }
3374         EVP_PKEY_free(rsa_key);
3375     }
3376 
3377 #ifndef OPENSSL_NO_DSA
3378     for (testnum = 0; testnum < DSA_NUM; testnum++) {
3379         EVP_PKEY *dsa_key = NULL;
3380         int st;
3381 
3382         if (!dsa_doit[testnum])
3383             continue;
3384 
3385         st = (dsa_key = get_dsa(dsa_bits[testnum])) != NULL;
3386 
3387         for (i = 0; st && i < loopargs_len; i++) {
3388             loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
3389                                                                  NULL);
3390             loopargs[i].sigsize = loopargs[i].buflen;
3391             if (loopargs[i].dsa_sign_ctx[testnum] == NULL
3392                 || EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0
3393                 || EVP_PKEY_sign(loopargs[i].dsa_sign_ctx[testnum],
3394                                  loopargs[i].buf2,
3395                                  &loopargs[i].sigsize,
3396                                  loopargs[i].buf, 20) <= 0)
3397                 st = 0;
3398         }
3399         if (!st) {
3400             BIO_printf(bio_err,
3401                        "DSA sign setup failure.  No DSA sign will be done.\n");
3402             dofail();
3403             op_count = 1;
3404         } else {
3405             pkey_print_message("sign", "dsa",
3406                                dsa_bits[testnum], seconds.dsa);
3407             Time_F(START);
3408             count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
3409             d = Time_F(STOP);
3410             BIO_printf(bio_err,
3411                        mr ? "+R5:%ld:%u:%.2f\n"
3412                        : "%ld %u bits DSA sign ops in %.2fs\n",
3413                        count, dsa_bits[testnum], d);
3414             dsa_results[testnum][0] = (double)count / d;
3415             op_count = count;
3416         }
3417 
3418         for (i = 0; st && i < loopargs_len; i++) {
3419             loopargs[i].dsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key,
3420                                                                    NULL);
3421             if (loopargs[i].dsa_verify_ctx[testnum] == NULL
3422                 || EVP_PKEY_verify_init(loopargs[i].dsa_verify_ctx[testnum]) <= 0
3423                 || EVP_PKEY_verify(loopargs[i].dsa_verify_ctx[testnum],
3424                                    loopargs[i].buf2,
3425                                    loopargs[i].sigsize,
3426                                    loopargs[i].buf, 36) <= 0)
3427                 st = 0;
3428         }
3429         if (!st) {
3430             BIO_printf(bio_err,
3431                        "DSA verify setup failure.  No DSA verify will be done.\n");
3432             dofail();
3433             dsa_doit[testnum] = 0;
3434         } else {
3435             pkey_print_message("verify", "dsa",
3436                                dsa_bits[testnum], seconds.dsa);
3437             Time_F(START);
3438             count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
3439             d = Time_F(STOP);
3440             BIO_printf(bio_err,
3441                        mr ? "+R6:%ld:%u:%.2f\n"
3442                        : "%ld %u bits DSA verify ops in %.2fs\n",
3443                        count, dsa_bits[testnum], d);
3444             dsa_results[testnum][1] = (double)count / d;
3445         }
3446 
3447         if (op_count <= 1) {
3448             /* if longer than 10s, don't do any more */
3449             stop_it(dsa_doit, testnum);
3450         }
3451         EVP_PKEY_free(dsa_key);
3452     }
3453 #endif /* OPENSSL_NO_DSA */
3454 
3455     for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
3456         EVP_PKEY *ecdsa_key = NULL;
3457         int st;
3458 
3459         if (!ecdsa_doit[testnum])
3460             continue;
3461 
3462         st = (ecdsa_key = get_ecdsa(&ec_curves[testnum])) != NULL;
3463 
3464         for (i = 0; st && i < loopargs_len; i++) {
3465             loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
3466                                                                    NULL);
3467             loopargs[i].sigsize = loopargs[i].buflen;
3468             if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL
3469                 || EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0
3470                 || EVP_PKEY_sign(loopargs[i].ecdsa_sign_ctx[testnum],
3471                                  loopargs[i].buf2,
3472                                  &loopargs[i].sigsize,
3473                                  loopargs[i].buf, 20) <= 0)
3474                 st = 0;
3475         }
3476         if (!st) {
3477             BIO_printf(bio_err,
3478                        "ECDSA sign setup failure.  No ECDSA sign will be done.\n");
3479             dofail();
3480             op_count = 1;
3481         } else {
3482             pkey_print_message("sign", "ecdsa",
3483                                ec_curves[testnum].bits, seconds.ecdsa);
3484             Time_F(START);
3485             count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
3486             d = Time_F(STOP);
3487             BIO_printf(bio_err,
3488                        mr ? "+R7:%ld:%u:%.2f\n"
3489                        : "%ld %u bits ECDSA sign ops in %.2fs\n",
3490                        count, ec_curves[testnum].bits, d);
3491             ecdsa_results[testnum][0] = (double)count / d;
3492             op_count = count;
3493         }
3494 
3495         for (i = 0; st && i < loopargs_len; i++) {
3496             loopargs[i].ecdsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key,
3497                                                                      NULL);
3498             if (loopargs[i].ecdsa_verify_ctx[testnum] == NULL
3499                 || EVP_PKEY_verify_init(loopargs[i].ecdsa_verify_ctx[testnum]) <= 0
3500                 || EVP_PKEY_verify(loopargs[i].ecdsa_verify_ctx[testnum],
3501                                    loopargs[i].buf2,
3502                                    loopargs[i].sigsize,
3503                                    loopargs[i].buf, 20) <= 0)
3504                 st = 0;
3505         }
3506         if (!st) {
3507             BIO_printf(bio_err,
3508                        "ECDSA verify setup failure.  No ECDSA verify will be done.\n");
3509             dofail();
3510             ecdsa_doit[testnum] = 0;
3511         } else {
3512             pkey_print_message("verify", "ecdsa",
3513                                ec_curves[testnum].bits, seconds.ecdsa);
3514             Time_F(START);
3515             count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
3516             d = Time_F(STOP);
3517             BIO_printf(bio_err,
3518                        mr ? "+R8:%ld:%u:%.2f\n"
3519                        : "%ld %u bits ECDSA verify ops in %.2fs\n",
3520                        count, ec_curves[testnum].bits, d);
3521             ecdsa_results[testnum][1] = (double)count / d;
3522         }
3523 
3524         if (op_count <= 1) {
3525             /* if longer than 10s, don't do any more */
3526             stop_it(ecdsa_doit, testnum);
3527         }
3528         EVP_PKEY_free(ecdsa_key);
3529     }
3530 
3531     for (testnum = 0; testnum < EC_NUM; testnum++) {
3532         int ecdh_checks = 1;
3533 
3534         if (!ecdh_doit[testnum])
3535             continue;
3536 
3537         for (i = 0; i < loopargs_len; i++) {
3538             EVP_PKEY_CTX *test_ctx = NULL;
3539             EVP_PKEY_CTX *ctx = NULL;
3540             EVP_PKEY *key_A = NULL;
3541             EVP_PKEY *key_B = NULL;
3542             size_t outlen;
3543             size_t test_outlen;
3544 
3545             if ((key_A = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key A */
3546                 || (key_B = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key B */
3547                 || (ctx = EVP_PKEY_CTX_new(key_A, NULL)) == NULL /* derivation ctx from skeyA */
3548                 || EVP_PKEY_derive_init(ctx) <= 0 /* init derivation ctx */
3549                 || EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 /* set peer pubkey in ctx */
3550                 || EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 /* determine max length */
3551                 || outlen == 0 /* ensure outlen is a valid size */
3552                 || outlen > MAX_ECDH_SIZE /* avoid buffer overflow */) {
3553                 ecdh_checks = 0;
3554                 BIO_printf(bio_err, "ECDH key generation failure.\n");
3555                 dofail();
3556                 op_count = 1;
3557                 break;
3558             }
3559 
3560             /*
3561              * Here we perform a test run, comparing the output of a*B and b*A;
3562              * we try this here and assume that further EVP_PKEY_derive calls
3563              * never fail, so we can skip checks in the actually benchmarked
3564              * code, for maximum performance.
3565              */
3566             if ((test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) == NULL /* test ctx from skeyB */
3567                 || EVP_PKEY_derive_init(test_ctx) <= 0 /* init derivation test_ctx */
3568                 || EVP_PKEY_derive_set_peer(test_ctx, key_A) <= 0 /* set peer pubkey in test_ctx */
3569                 || EVP_PKEY_derive(test_ctx, NULL, &test_outlen) <= 0 /* determine max length */
3570                 || EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) <= 0 /* compute a*B */
3571                 || EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) <= 0 /* compute b*A */
3572                 || test_outlen != outlen /* compare output length */) {
3573                 ecdh_checks = 0;
3574                 BIO_printf(bio_err, "ECDH computation failure.\n");
3575                 dofail();
3576                 op_count = 1;
3577                 break;
3578             }
3579 
3580             /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
3581             if (CRYPTO_memcmp(loopargs[i].secret_a,
3582                               loopargs[i].secret_b, outlen)) {
3583                 ecdh_checks = 0;
3584                 BIO_printf(bio_err, "ECDH computations don't match.\n");
3585                 dofail();
3586                 op_count = 1;
3587                 break;
3588             }
3589 
3590             loopargs[i].ecdh_ctx[testnum] = ctx;
3591             loopargs[i].outlen[testnum] = outlen;
3592 
3593             EVP_PKEY_free(key_A);
3594             EVP_PKEY_free(key_B);
3595             EVP_PKEY_CTX_free(test_ctx);
3596             test_ctx = NULL;
3597         }
3598         if (ecdh_checks != 0) {
3599             pkey_print_message("", "ecdh",
3600                                ec_curves[testnum].bits, seconds.ecdh);
3601             Time_F(START);
3602             count =
3603                 run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
3604             d = Time_F(STOP);
3605             BIO_printf(bio_err,
3606                        mr ? "+R9:%ld:%d:%.2f\n" :
3607                        "%ld %u-bits ECDH ops in %.2fs\n", count,
3608                        ec_curves[testnum].bits, d);
3609             ecdh_results[testnum][0] = (double)count / d;
3610             op_count = count;
3611         }
3612 
3613         if (op_count <= 1) {
3614             /* if longer than 10s, don't do any more */
3615             stop_it(ecdh_doit, testnum);
3616         }
3617     }
3618 
3619 #ifndef OPENSSL_NO_ECX
3620     for (testnum = 0; testnum < EdDSA_NUM; testnum++) {
3621         int st = 1;
3622         EVP_PKEY *ed_pkey = NULL;
3623         EVP_PKEY_CTX *ed_pctx = NULL;
3624 
3625         if (!eddsa_doit[testnum])
3626             continue;           /* Ignore Curve */
3627         for (i = 0; i < loopargs_len; i++) {
3628             loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new();
3629             if (loopargs[i].eddsa_ctx[testnum] == NULL) {
3630                 st = 0;
3631                 break;
3632             }
3633             loopargs[i].eddsa_ctx2[testnum] = EVP_MD_CTX_new();
3634             if (loopargs[i].eddsa_ctx2[testnum] == NULL) {
3635                 st = 0;
3636                 break;
3637             }
3638 
3639             if ((ed_pctx = EVP_PKEY_CTX_new_id(ed_curves[testnum].nid,
3640                                                NULL)) == NULL
3641                 || EVP_PKEY_keygen_init(ed_pctx) <= 0
3642                 || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) {
3643                 st = 0;
3644                 EVP_PKEY_CTX_free(ed_pctx);
3645                 break;
3646             }
3647             EVP_PKEY_CTX_free(ed_pctx);
3648 
3649             if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL,
3650                                     NULL, ed_pkey)) {
3651                 st = 0;
3652                 EVP_PKEY_free(ed_pkey);
3653                 break;
3654             }
3655             if (!EVP_DigestVerifyInit(loopargs[i].eddsa_ctx2[testnum], NULL,
3656                                       NULL, NULL, ed_pkey)) {
3657                 st = 0;
3658                 EVP_PKEY_free(ed_pkey);
3659                 break;
3660             }
3661 
3662             EVP_PKEY_free(ed_pkey);
3663             ed_pkey = NULL;
3664         }
3665         if (st == 0) {
3666             BIO_printf(bio_err, "EdDSA failure.\n");
3667             dofail();
3668             op_count = 1;
3669         } else {
3670             for (i = 0; i < loopargs_len; i++) {
3671                 /* Perform EdDSA signature test */
3672                 loopargs[i].sigsize = ed_curves[testnum].sigsize;
3673                 st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum],
3674                                     loopargs[i].buf2, &loopargs[i].sigsize,
3675                                     loopargs[i].buf, 20);
3676                 if (st == 0)
3677                     break;
3678             }
3679             if (st == 0) {
3680                 BIO_printf(bio_err,
3681                            "EdDSA sign failure.  No EdDSA sign will be done.\n");
3682                 dofail();
3683                 op_count = 1;
3684             } else {
3685                 pkey_print_message("sign", ed_curves[testnum].name,
3686                                    ed_curves[testnum].bits, seconds.eddsa);
3687                 Time_F(START);
3688                 count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs);
3689                 d = Time_F(STOP);
3690 
3691                 BIO_printf(bio_err,
3692                            mr ? "+R10:%ld:%u:%s:%.2f\n" :
3693                            "%ld %u bits %s sign ops in %.2fs \n",
3694                            count, ed_curves[testnum].bits,
3695                            ed_curves[testnum].name, d);
3696                 eddsa_results[testnum][0] = (double)count / d;
3697                 op_count = count;
3698             }
3699             /* Perform EdDSA verification test */
3700             for (i = 0; i < loopargs_len; i++) {
3701                 st = EVP_DigestVerify(loopargs[i].eddsa_ctx2[testnum],
3702                                       loopargs[i].buf2, loopargs[i].sigsize,
3703                                       loopargs[i].buf, 20);
3704                 if (st != 1)
3705                     break;
3706             }
3707             if (st != 1) {
3708                 BIO_printf(bio_err,
3709                            "EdDSA verify failure.  No EdDSA verify will be done.\n");
3710                 dofail();
3711                 eddsa_doit[testnum] = 0;
3712             } else {
3713                 pkey_print_message("verify", ed_curves[testnum].name,
3714                                    ed_curves[testnum].bits, seconds.eddsa);
3715                 Time_F(START);
3716                 count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs);
3717                 d = Time_F(STOP);
3718                 BIO_printf(bio_err,
3719                            mr ? "+R11:%ld:%u:%s:%.2f\n"
3720                            : "%ld %u bits %s verify ops in %.2fs\n",
3721                            count, ed_curves[testnum].bits,
3722                            ed_curves[testnum].name, d);
3723                 eddsa_results[testnum][1] = (double)count / d;
3724             }
3725 
3726             if (op_count <= 1) {
3727                 /* if longer than 10s, don't do any more */
3728                 stop_it(eddsa_doit, testnum);
3729             }
3730         }
3731     }
3732 #endif /* OPENSSL_NO_ECX */
3733 
3734 #ifndef OPENSSL_NO_SM2
3735     for (testnum = 0; testnum < SM2_NUM; testnum++) {
3736         int st = 1;
3737         EVP_PKEY *sm2_pkey = NULL;
3738 
3739         if (!sm2_doit[testnum])
3740             continue;           /* Ignore Curve */
3741         /* Init signing and verification */
3742         for (i = 0; i < loopargs_len; i++) {
3743             EVP_PKEY_CTX *sm2_pctx = NULL;
3744             EVP_PKEY_CTX *sm2_vfy_pctx = NULL;
3745             EVP_PKEY_CTX *pctx = NULL;
3746             st = 0;
3747 
3748             loopargs[i].sm2_ctx[testnum] = EVP_MD_CTX_new();
3749             loopargs[i].sm2_vfy_ctx[testnum] = EVP_MD_CTX_new();
3750             if (loopargs[i].sm2_ctx[testnum] == NULL
3751                     || loopargs[i].sm2_vfy_ctx[testnum] == NULL)
3752                 break;
3753 
3754             sm2_pkey = NULL;
3755 
3756             st = !((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL)) == NULL
3757                 || EVP_PKEY_keygen_init(pctx) <= 0
3758                 || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
3759                     sm2_curves[testnum].nid) <= 0
3760                 || EVP_PKEY_keygen(pctx, &sm2_pkey) <= 0);
3761             EVP_PKEY_CTX_free(pctx);
3762             if (st == 0)
3763                 break;
3764 
3765             st = 0; /* set back to zero */
3766             /* attach it sooner to rely on main final cleanup */
3767             loopargs[i].sm2_pkey[testnum] = sm2_pkey;
3768             loopargs[i].sigsize = EVP_PKEY_get_size(sm2_pkey);
3769 
3770             sm2_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
3771             sm2_vfy_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL);
3772             if (sm2_pctx == NULL || sm2_vfy_pctx == NULL) {
3773                 EVP_PKEY_CTX_free(sm2_vfy_pctx);
3774                 break;
3775             }
3776 
3777             /* attach them directly to respective ctx */
3778             EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_ctx[testnum], sm2_pctx);
3779             EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_vfy_ctx[testnum], sm2_vfy_pctx);
3780 
3781             /*
3782              * No need to allow user to set an explicit ID here, just use
3783              * the one defined in the 'draft-yang-tls-tl13-sm-suites' I-D.
3784              */
3785             if (EVP_PKEY_CTX_set1_id(sm2_pctx, SM2_ID, SM2_ID_LEN) != 1
3786                 || EVP_PKEY_CTX_set1_id(sm2_vfy_pctx, SM2_ID, SM2_ID_LEN) != 1)
3787                 break;
3788 
3789             if (!EVP_DigestSignInit(loopargs[i].sm2_ctx[testnum], NULL,
3790                                     EVP_sm3(), NULL, sm2_pkey))
3791                 break;
3792             if (!EVP_DigestVerifyInit(loopargs[i].sm2_vfy_ctx[testnum], NULL,
3793                                       EVP_sm3(), NULL, sm2_pkey))
3794                 break;
3795             st = 1;         /* mark loop as succeeded */
3796         }
3797         if (st == 0) {
3798             BIO_printf(bio_err, "SM2 init failure.\n");
3799             dofail();
3800             op_count = 1;
3801         } else {
3802             for (i = 0; i < loopargs_len; i++) {
3803                 /* Perform SM2 signature test */
3804                 st = EVP_DigestSign(loopargs[i].sm2_ctx[testnum],
3805                                     loopargs[i].buf2, &loopargs[i].sigsize,
3806                                     loopargs[i].buf, 20);
3807                 if (st == 0)
3808                     break;
3809             }
3810             if (st == 0) {
3811                 BIO_printf(bio_err,
3812                            "SM2 sign failure.  No SM2 sign will be done.\n");
3813                 dofail();
3814                 op_count = 1;
3815             } else {
3816                 pkey_print_message("sign", sm2_curves[testnum].name,
3817                                    sm2_curves[testnum].bits, seconds.sm2);
3818                 Time_F(START);
3819                 count = run_benchmark(async_jobs, SM2_sign_loop, loopargs);
3820                 d = Time_F(STOP);
3821 
3822                 BIO_printf(bio_err,
3823                            mr ? "+R12:%ld:%u:%s:%.2f\n" :
3824                            "%ld %u bits %s sign ops in %.2fs \n",
3825                            count, sm2_curves[testnum].bits,
3826                            sm2_curves[testnum].name, d);
3827                 sm2_results[testnum][0] = (double)count / d;
3828                 op_count = count;
3829             }
3830 
3831             /* Perform SM2 verification test */
3832             for (i = 0; i < loopargs_len; i++) {
3833                 st = EVP_DigestVerify(loopargs[i].sm2_vfy_ctx[testnum],
3834                                       loopargs[i].buf2, loopargs[i].sigsize,
3835                                       loopargs[i].buf, 20);
3836                 if (st != 1)
3837                     break;
3838             }
3839             if (st != 1) {
3840                 BIO_printf(bio_err,
3841                            "SM2 verify failure.  No SM2 verify will be done.\n");
3842                 dofail();
3843                 sm2_doit[testnum] = 0;
3844             } else {
3845                 pkey_print_message("verify", sm2_curves[testnum].name,
3846                                    sm2_curves[testnum].bits, seconds.sm2);
3847                 Time_F(START);
3848                 count = run_benchmark(async_jobs, SM2_verify_loop, loopargs);
3849                 d = Time_F(STOP);
3850                 BIO_printf(bio_err,
3851                            mr ? "+R13:%ld:%u:%s:%.2f\n"
3852                            : "%ld %u bits %s verify ops in %.2fs\n",
3853                            count, sm2_curves[testnum].bits,
3854                            sm2_curves[testnum].name, d);
3855                 sm2_results[testnum][1] = (double)count / d;
3856             }
3857 
3858             if (op_count <= 1) {
3859                 /* if longer than 10s, don't do any more */
3860                 for (testnum++; testnum < SM2_NUM; testnum++)
3861                     sm2_doit[testnum] = 0;
3862             }
3863         }
3864     }
3865 #endif                         /* OPENSSL_NO_SM2 */
3866 
3867 #ifndef OPENSSL_NO_DH
3868     for (testnum = 0; testnum < FFDH_NUM; testnum++) {
3869         int ffdh_checks = 1;
3870 
3871         if (!ffdh_doit[testnum])
3872             continue;
3873 
3874         for (i = 0; i < loopargs_len; i++) {
3875             EVP_PKEY *pkey_A = NULL;
3876             EVP_PKEY *pkey_B = NULL;
3877             EVP_PKEY_CTX *ffdh_ctx = NULL;
3878             EVP_PKEY_CTX *test_ctx = NULL;
3879             size_t secret_size;
3880             size_t test_out;
3881 
3882             /* Ensure that the error queue is empty */
3883             if (ERR_peek_error()) {
3884                 BIO_printf(bio_err,
3885                            "WARNING: the error queue contains previous unhandled errors.\n");
3886                 dofail();
3887             }
3888 
3889             pkey_A = EVP_PKEY_new();
3890             if (!pkey_A) {
3891                 BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
3892                 dofail();
3893                 op_count = 1;
3894                 ffdh_checks = 0;
3895                 break;
3896             }
3897             pkey_B = EVP_PKEY_new();
3898             if (!pkey_B) {
3899                 BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n");
3900                 dofail();
3901                 op_count = 1;
3902                 ffdh_checks = 0;
3903                 break;
3904             }
3905 
3906             ffdh_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
3907             if (!ffdh_ctx) {
3908                 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
3909                 dofail();
3910                 op_count = 1;
3911                 ffdh_checks = 0;
3912                 break;
3913             }
3914 
3915             if (EVP_PKEY_keygen_init(ffdh_ctx) <= 0) {
3916                 BIO_printf(bio_err, "Error while initialising EVP_PKEY_CTX.\n");
3917                 dofail();
3918                 op_count = 1;
3919                 ffdh_checks = 0;
3920                 break;
3921             }
3922             if (EVP_PKEY_CTX_set_dh_nid(ffdh_ctx, ffdh_params[testnum].nid) <= 0) {
3923                 BIO_printf(bio_err, "Error setting DH key size for keygen.\n");
3924                 dofail();
3925                 op_count = 1;
3926                 ffdh_checks = 0;
3927                 break;
3928             }
3929 
3930             if (EVP_PKEY_keygen(ffdh_ctx, &pkey_A) <= 0 ||
3931                 EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) {
3932                 BIO_printf(bio_err, "FFDH key generation failure.\n");
3933                 dofail();
3934                 op_count = 1;
3935                 ffdh_checks = 0;
3936                 break;
3937             }
3938 
3939             EVP_PKEY_CTX_free(ffdh_ctx);
3940 
3941             /*
3942              * check if the derivation works correctly both ways so that
3943              * we know if future derive calls will fail, and we can skip
3944              * error checking in benchmarked code
3945              */
3946             ffdh_ctx = EVP_PKEY_CTX_new(pkey_A, NULL);
3947             if (ffdh_ctx == NULL) {
3948                 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
3949                 dofail();
3950                 op_count = 1;
3951                 ffdh_checks = 0;
3952                 break;
3953             }
3954             if (EVP_PKEY_derive_init(ffdh_ctx) <= 0) {
3955                 BIO_printf(bio_err, "FFDH derivation context init failure.\n");
3956                 dofail();
3957                 op_count = 1;
3958                 ffdh_checks = 0;
3959                 break;
3960             }
3961             if (EVP_PKEY_derive_set_peer(ffdh_ctx, pkey_B) <= 0) {
3962                 BIO_printf(bio_err, "Assigning peer key for derivation failed.\n");
3963                 dofail();
3964                 op_count = 1;
3965                 ffdh_checks = 0;
3966                 break;
3967             }
3968             if (EVP_PKEY_derive(ffdh_ctx, NULL, &secret_size) <= 0) {
3969                 BIO_printf(bio_err, "Checking size of shared secret failed.\n");
3970                 dofail();
3971                 op_count = 1;
3972                 ffdh_checks = 0;
3973                 break;
3974             }
3975             if (secret_size > MAX_FFDH_SIZE) {
3976                 BIO_printf(bio_err, "Assertion failure: shared secret too large.\n");
3977                 op_count = 1;
3978                 ffdh_checks = 0;
3979                 break;
3980             }
3981             if (EVP_PKEY_derive(ffdh_ctx,
3982                                 loopargs[i].secret_ff_a,
3983                                 &secret_size) <= 0) {
3984                 BIO_printf(bio_err, "Shared secret derive failure.\n");
3985                 dofail();
3986                 op_count = 1;
3987                 ffdh_checks = 0;
3988                 break;
3989             }
3990             /* Now check from side B */
3991             test_ctx = EVP_PKEY_CTX_new(pkey_B, NULL);
3992             if (!test_ctx) {
3993                 BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n");
3994                 dofail();
3995                 op_count = 1;
3996                 ffdh_checks = 0;
3997                 break;
3998             }
3999             if (EVP_PKEY_derive_init(test_ctx) <= 0 ||
4000                 EVP_PKEY_derive_set_peer(test_ctx, pkey_A) <= 0 ||
4001                 EVP_PKEY_derive(test_ctx, NULL, &test_out) <= 0 ||
4002                 EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) <= 0 ||
4003                 test_out != secret_size) {
4004                 BIO_printf(bio_err, "FFDH computation failure.\n");
4005                 op_count = 1;
4006                 ffdh_checks = 0;
4007                 break;
4008             }
4009 
4010             /* compare the computed secrets */
4011             if (CRYPTO_memcmp(loopargs[i].secret_ff_a,
4012                               loopargs[i].secret_ff_b, secret_size)) {
4013                 BIO_printf(bio_err, "FFDH computations don't match.\n");
4014                 dofail();
4015                 op_count = 1;
4016                 ffdh_checks = 0;
4017                 break;
4018             }
4019 
4020             loopargs[i].ffdh_ctx[testnum] = ffdh_ctx;
4021 
4022             EVP_PKEY_free(pkey_A);
4023             pkey_A = NULL;
4024             EVP_PKEY_free(pkey_B);
4025             pkey_B = NULL;
4026             EVP_PKEY_CTX_free(test_ctx);
4027             test_ctx = NULL;
4028         }
4029         if (ffdh_checks != 0) {
4030             pkey_print_message("", "ffdh",
4031                                ffdh_params[testnum].bits, seconds.ffdh);
4032             Time_F(START);
4033             count =
4034                 run_benchmark(async_jobs, FFDH_derive_key_loop, loopargs);
4035             d = Time_F(STOP);
4036             BIO_printf(bio_err,
4037                        mr ? "+R14:%ld:%d:%.2f\n" :
4038                        "%ld %u-bits FFDH ops in %.2fs\n", count,
4039                        ffdh_params[testnum].bits, d);
4040             ffdh_results[testnum][0] = (double)count / d;
4041             op_count = count;
4042         }
4043         if (op_count <= 1) {
4044             /* if longer than 10s, don't do any more */
4045             stop_it(ffdh_doit, testnum);
4046         }
4047     }
4048 #endif  /* OPENSSL_NO_DH */
4049 
4050     for (testnum = 0; testnum < kems_algs_len; testnum++) {
4051         int kem_checks = 1;
4052         const char *kem_name = kems_algname[testnum];
4053 
4054         if (!kems_doit[testnum] || !do_kems)
4055             continue;
4056 
4057         for (i = 0; i < loopargs_len; i++) {
4058             EVP_PKEY *pkey = NULL;
4059             EVP_PKEY_CTX *kem_gen_ctx = NULL;
4060             EVP_PKEY_CTX *kem_encaps_ctx = NULL;
4061             EVP_PKEY_CTX *kem_decaps_ctx = NULL;
4062             size_t send_secret_len, out_len;
4063             size_t rcv_secret_len;
4064             unsigned char *out = NULL, *send_secret = NULL, *rcv_secret;
4065             unsigned int bits;
4066             char *name;
4067             char sfx[MAX_ALGNAME_SUFFIX];
4068             OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4069             int use_params = 0;
4070             enum kem_type_t { KEM_RSA = 1, KEM_EC, KEM_X25519, KEM_X448 } kem_type;
4071 
4072             /* no string after rsa<bitcnt> permitted: */
4073             if (strlen(kem_name) < MAX_ALGNAME_SUFFIX + 4 /* rsa+digit */
4074                 && sscanf(kem_name, "rsa%u%s", &bits, sfx) == 1)
4075                 kem_type = KEM_RSA;
4076             else if (strncmp(kem_name, "EC", 2) == 0)
4077                 kem_type = KEM_EC;
4078             else if (strcmp(kem_name, "X25519") == 0)
4079                 kem_type = KEM_X25519;
4080             else if (strcmp(kem_name, "X448") == 0)
4081                 kem_type = KEM_X448;
4082             else kem_type = 0;
4083 
4084             if (ERR_peek_error()) {
4085                 BIO_printf(bio_err,
4086                            "WARNING: the error queue contains previous unhandled errors.\n");
4087                 dofail();
4088             }
4089 
4090             if (kem_type == KEM_RSA) {
4091                 params[0] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_RSA_BITS,
4092                                                       &bits);
4093                 use_params = 1;
4094             } else if (kem_type == KEM_EC) {
4095                 name = (char *)(kem_name + 2);
4096                 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
4097                                                   name, 0);
4098                 use_params = 1;
4099             }
4100 
4101             kem_gen_ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(),
4102                                                (kem_type == KEM_RSA) ? "RSA":
4103                                                 (kem_type == KEM_EC) ? "EC":
4104                                                  kem_name,
4105                                                app_get0_propq());
4106 
4107             if ((!kem_gen_ctx || EVP_PKEY_keygen_init(kem_gen_ctx) <= 0)
4108                 || (use_params
4109                     && EVP_PKEY_CTX_set_params(kem_gen_ctx, params) <= 0)) {
4110                 BIO_printf(bio_err, "Error initializing keygen ctx for %s.\n",
4111                            kem_name);
4112                 goto kem_err_break;
4113             }
4114             if (EVP_PKEY_keygen(kem_gen_ctx, &pkey) <= 0) {
4115                 BIO_printf(bio_err, "Error while generating KEM EVP_PKEY.\n");
4116                 goto kem_err_break;
4117             }
4118             /* Now prepare encaps data structs */
4119             kem_encaps_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
4120                                                         pkey,
4121                                                         app_get0_propq());
4122             if (kem_encaps_ctx == NULL
4123                 || EVP_PKEY_encapsulate_init(kem_encaps_ctx, NULL) <= 0
4124                 || (kem_type == KEM_RSA
4125                     && EVP_PKEY_CTX_set_kem_op(kem_encaps_ctx, "RSASVE") <= 0)
4126                 || ((kem_type == KEM_EC
4127                     || kem_type == KEM_X25519
4128                     || kem_type == KEM_X448)
4129                    && EVP_PKEY_CTX_set_kem_op(kem_encaps_ctx, "DHKEM") <= 0)
4130                 || EVP_PKEY_encapsulate(kem_encaps_ctx, NULL, &out_len,
4131                                       NULL, &send_secret_len) <= 0) {
4132                 BIO_printf(bio_err,
4133                            "Error while initializing encaps data structs for %s.\n",
4134                            kem_name);
4135                 goto kem_err_break;
4136             }
4137             out = app_malloc(out_len, "encaps result");
4138             send_secret = app_malloc(send_secret_len, "encaps secret");
4139             if (out == NULL || send_secret == NULL) {
4140                 BIO_printf(bio_err, "MemAlloc error in encaps for %s.\n", kem_name);
4141                 goto kem_err_break;
4142             }
4143             if (EVP_PKEY_encapsulate(kem_encaps_ctx, out, &out_len,
4144                                      send_secret, &send_secret_len) <= 0) {
4145                 BIO_printf(bio_err, "Encaps error for %s.\n", kem_name);
4146                 goto kem_err_break;
4147             }
4148             /* Now prepare decaps data structs */
4149             kem_decaps_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
4150                                                         pkey,
4151                                                         app_get0_propq());
4152             if (kem_decaps_ctx == NULL
4153                 || EVP_PKEY_decapsulate_init(kem_decaps_ctx, NULL) <= 0
4154                 || (kem_type == KEM_RSA
4155                   && EVP_PKEY_CTX_set_kem_op(kem_decaps_ctx, "RSASVE") <= 0)
4156                 || ((kem_type == KEM_EC
4157                      || kem_type == KEM_X25519
4158                      || kem_type == KEM_X448)
4159                   && EVP_PKEY_CTX_set_kem_op(kem_decaps_ctx, "DHKEM") <= 0)
4160                 || EVP_PKEY_decapsulate(kem_decaps_ctx, NULL, &rcv_secret_len,
4161                                         out, out_len) <= 0) {
4162                 BIO_printf(bio_err,
4163                            "Error while initializing decaps data structs for %s.\n",
4164                            kem_name);
4165                 goto kem_err_break;
4166             }
4167             rcv_secret = app_malloc(rcv_secret_len, "KEM decaps secret");
4168             if (rcv_secret == NULL) {
4169                 BIO_printf(bio_err, "MemAlloc failure in decaps for %s.\n",
4170                            kem_name);
4171                 goto kem_err_break;
4172             }
4173             if (EVP_PKEY_decapsulate(kem_decaps_ctx, rcv_secret,
4174                                      &rcv_secret_len, out, out_len) <= 0
4175                 || rcv_secret_len != send_secret_len
4176                 || memcmp(send_secret, rcv_secret, send_secret_len)) {
4177                 BIO_printf(bio_err, "Decaps error for %s.\n", kem_name);
4178                 goto kem_err_break;
4179             }
4180             loopargs[i].kem_gen_ctx[testnum] = kem_gen_ctx;
4181             loopargs[i].kem_encaps_ctx[testnum] = kem_encaps_ctx;
4182             loopargs[i].kem_decaps_ctx[testnum] = kem_decaps_ctx;
4183             loopargs[i].kem_out_len[testnum] = out_len;
4184             loopargs[i].kem_secret_len[testnum] = send_secret_len;
4185             loopargs[i].kem_out[testnum] = out;
4186             loopargs[i].kem_send_secret[testnum] = send_secret;
4187             loopargs[i].kem_rcv_secret[testnum] = rcv_secret;
4188             EVP_PKEY_free(pkey);
4189             pkey = NULL;
4190             continue;
4191 
4192         kem_err_break:
4193             dofail();
4194             EVP_PKEY_free(pkey);
4195             op_count = 1;
4196             kem_checks = 0;
4197             break;
4198         }
4199         if (kem_checks != 0) {
4200             kskey_print_message(kem_name, "keygen", seconds.kem);
4201             Time_F(START);
4202             count =
4203                 run_benchmark(async_jobs, KEM_keygen_loop, loopargs);
4204             d = Time_F(STOP);
4205             BIO_printf(bio_err,
4206                        mr ? "+R15:%ld:%s:%.2f\n" :
4207                        "%ld %s KEM keygen ops in %.2fs\n", count,
4208                        kem_name, d);
4209             kems_results[testnum][0] = (double)count / d;
4210             op_count = count;
4211             kskey_print_message(kem_name, "encaps", seconds.kem);
4212             Time_F(START);
4213             count =
4214                 run_benchmark(async_jobs, KEM_encaps_loop, loopargs);
4215             d = Time_F(STOP);
4216             BIO_printf(bio_err,
4217                        mr ? "+R16:%ld:%s:%.2f\n" :
4218                        "%ld %s KEM encaps ops in %.2fs\n", count,
4219                        kem_name, d);
4220             kems_results[testnum][1] = (double)count / d;
4221             op_count = count;
4222             kskey_print_message(kem_name, "decaps", seconds.kem);
4223             Time_F(START);
4224             count =
4225                 run_benchmark(async_jobs, KEM_decaps_loop, loopargs);
4226             d = Time_F(STOP);
4227             BIO_printf(bio_err,
4228                        mr ? "+R17:%ld:%s:%.2f\n" :
4229                        "%ld %s KEM decaps ops in %.2fs\n", count,
4230                        kem_name, d);
4231             kems_results[testnum][2] = (double)count / d;
4232             op_count = count;
4233         }
4234         if (op_count <= 1) {
4235             /* if longer than 10s, don't do any more */
4236             stop_it(kems_doit, testnum);
4237         }
4238     }
4239 
4240     for (testnum = 0; testnum < sigs_algs_len; testnum++) {
4241         int sig_checks = 1;
4242         const char *sig_name = sigs_algname[testnum];
4243 
4244         if (!sigs_doit[testnum] || !do_sigs)
4245             continue;
4246 
4247         for (i = 0; i < loopargs_len; i++) {
4248             EVP_PKEY *pkey = NULL;
4249             EVP_PKEY_CTX *ctx_params = NULL;
4250             EVP_PKEY* pkey_params = NULL;
4251             EVP_PKEY_CTX *sig_gen_ctx = NULL;
4252             EVP_PKEY_CTX *sig_sign_ctx = NULL;
4253             EVP_PKEY_CTX *sig_verify_ctx = NULL;
4254             unsigned char md[SHA256_DIGEST_LENGTH];
4255             unsigned char *sig;
4256             char sfx[MAX_ALGNAME_SUFFIX];
4257             size_t md_len = SHA256_DIGEST_LENGTH;
4258             size_t max_sig_len, sig_len;
4259             unsigned int bits;
4260             OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4261             int use_params = 0;
4262 
4263             /* only sign little data to avoid measuring digest performance */
4264             memset(md, 0, SHA256_DIGEST_LENGTH);
4265 
4266             if (ERR_peek_error()) {
4267                 BIO_printf(bio_err,
4268                            "WARNING: the error queue contains previous unhandled errors.\n");
4269                 dofail();
4270             }
4271 
4272             /* no string after rsa<bitcnt> permitted: */
4273             if (strlen(sig_name) < MAX_ALGNAME_SUFFIX + 4 /* rsa+digit */
4274                 && sscanf(sig_name, "rsa%u%s", &bits, sfx) == 1) {
4275                 params[0] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_RSA_BITS,
4276                                                       &bits);
4277                 use_params = 1;
4278             }
4279 
4280             if (strncmp(sig_name, "dsa", 3) == 0) {
4281                 ctx_params = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL);
4282                 if (ctx_params == NULL
4283                     || EVP_PKEY_paramgen_init(ctx_params) <= 0
4284                     || EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx_params,
4285                                                         atoi(sig_name + 3)) <= 0
4286                     || EVP_PKEY_paramgen(ctx_params, &pkey_params) <= 0
4287                     || (sig_gen_ctx = EVP_PKEY_CTX_new(pkey_params, NULL)) == NULL
4288                     || EVP_PKEY_keygen_init(sig_gen_ctx) <= 0) {
4289                     BIO_printf(bio_err,
4290                                "Error initializing classic keygen ctx for %s.\n",
4291                                sig_name);
4292                     goto sig_err_break;
4293                 }
4294             }
4295 
4296             if (sig_gen_ctx == NULL)
4297                 sig_gen_ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(),
4298                                       use_params == 1 ? "RSA" : sig_name,
4299                                       app_get0_propq());
4300 
4301             if (!sig_gen_ctx || EVP_PKEY_keygen_init(sig_gen_ctx) <= 0
4302                 || (use_params &&
4303                     EVP_PKEY_CTX_set_params(sig_gen_ctx, params) <= 0)) {
4304                 BIO_printf(bio_err, "Error initializing keygen ctx for %s.\n",
4305                            sig_name);
4306                 goto sig_err_break;
4307             }
4308             if (EVP_PKEY_keygen(sig_gen_ctx, &pkey) <= 0) {
4309                 BIO_printf(bio_err,
4310                            "Error while generating signature EVP_PKEY for %s.\n",
4311                            sig_name);
4312                 goto sig_err_break;
4313             }
4314             /* Now prepare signature data structs */
4315             sig_sign_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
4316                                                       pkey,
4317                                                       app_get0_propq());
4318             if (sig_sign_ctx == NULL
4319                 || EVP_PKEY_sign_init(sig_sign_ctx) <= 0
4320                 || (use_params == 1
4321                     && (EVP_PKEY_CTX_set_rsa_padding(sig_sign_ctx,
4322                                                      RSA_PKCS1_PADDING) <= 0))
4323                 || EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len,
4324                                  md, md_len) <= 0) {
4325                     BIO_printf(bio_err,
4326                                "Error while initializing signing data structs for %s.\n",
4327                                sig_name);
4328                     goto sig_err_break;
4329             }
4330             sig = app_malloc(sig_len = max_sig_len, "signature buffer");
4331             if (sig == NULL) {
4332                 BIO_printf(bio_err, "MemAlloc error in sign for %s.\n", sig_name);
4333                 goto sig_err_break;
4334             }
4335             if (EVP_PKEY_sign(sig_sign_ctx, sig, &sig_len, md, md_len) <= 0) {
4336                 BIO_printf(bio_err, "Signing error for %s.\n", sig_name);
4337                 goto sig_err_break;
4338             }
4339             /* Now prepare verify data structs */
4340             memset(md, 0, SHA256_DIGEST_LENGTH);
4341             sig_verify_ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(),
4342                                                         pkey,
4343                                                         app_get0_propq());
4344             if (sig_verify_ctx == NULL
4345                 || EVP_PKEY_verify_init(sig_verify_ctx) <= 0
4346                 || (use_params == 1
4347                   && (EVP_PKEY_CTX_set_rsa_padding(sig_verify_ctx,
4348                                                    RSA_PKCS1_PADDING) <= 0))) {
4349                 BIO_printf(bio_err,
4350                            "Error while initializing verify data structs for %s.\n",
4351                            sig_name);
4352                 goto sig_err_break;
4353             }
4354             if (EVP_PKEY_verify(sig_verify_ctx, sig, sig_len, md, md_len) <= 0) {
4355                 BIO_printf(bio_err, "Verify error for %s.\n", sig_name);
4356                 goto sig_err_break;
4357             }
4358             if (EVP_PKEY_verify(sig_verify_ctx, sig, sig_len, md, md_len) <= 0) {
4359                 BIO_printf(bio_err, "Verify 2 error for %s.\n", sig_name);
4360                 goto sig_err_break;
4361             }
4362             loopargs[i].sig_gen_ctx[testnum] = sig_gen_ctx;
4363             loopargs[i].sig_sign_ctx[testnum] = sig_sign_ctx;
4364             loopargs[i].sig_verify_ctx[testnum] = sig_verify_ctx;
4365             loopargs[i].sig_max_sig_len[testnum] = max_sig_len;
4366             loopargs[i].sig_act_sig_len[testnum] = sig_len;
4367             loopargs[i].sig_sig[testnum] = sig;
4368             EVP_PKEY_free(pkey);
4369             pkey = NULL;
4370             continue;
4371 
4372         sig_err_break:
4373             dofail();
4374             EVP_PKEY_free(pkey);
4375             op_count = 1;
4376             sig_checks = 0;
4377             break;
4378         }
4379 
4380         if (sig_checks != 0) {
4381             kskey_print_message(sig_name, "keygen", seconds.sig);
4382             Time_F(START);
4383             count = run_benchmark(async_jobs, SIG_keygen_loop, loopargs);
4384             d = Time_F(STOP);
4385             BIO_printf(bio_err,
4386                        mr ? "+R18:%ld:%s:%.2f\n" :
4387                        "%ld %s signature keygen ops in %.2fs\n", count,
4388                        sig_name, d);
4389             sigs_results[testnum][0] = (double)count / d;
4390             op_count = count;
4391             kskey_print_message(sig_name, "signs", seconds.sig);
4392             Time_F(START);
4393             count =
4394                 run_benchmark(async_jobs, SIG_sign_loop, loopargs);
4395             d = Time_F(STOP);
4396             BIO_printf(bio_err,
4397                        mr ? "+R19:%ld:%s:%.2f\n" :
4398                        "%ld %s signature sign ops in %.2fs\n", count,
4399                        sig_name, d);
4400             sigs_results[testnum][1] = (double)count / d;
4401             op_count = count;
4402 
4403             kskey_print_message(sig_name, "verify", seconds.sig);
4404             Time_F(START);
4405             count =
4406                 run_benchmark(async_jobs, SIG_verify_loop, loopargs);
4407             d = Time_F(STOP);
4408             BIO_printf(bio_err,
4409                        mr ? "+R20:%ld:%s:%.2f\n" :
4410                        "%ld %s signature verify ops in %.2fs\n", count,
4411                        sig_name, d);
4412             sigs_results[testnum][2] = (double)count / d;
4413             op_count = count;
4414         }
4415         if (op_count <= 1)
4416             stop_it(sigs_doit, testnum);
4417     }
4418 
4419 #ifndef NO_FORK
4420  show_res:
4421 #endif
4422     if (!mr) {
4423         printf("version: %s\n", OpenSSL_version(OPENSSL_FULL_VERSION_STRING));
4424         printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
4425         printf("options: %s\n", BN_options());
4426         printf("%s\n", OpenSSL_version(OPENSSL_CFLAGS));
4427         printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO));
4428     }
4429 
4430     if (pr_header) {
4431         if (mr) {
4432             printf("+H");
4433         } else {
4434             printf("The 'numbers' are in 1000s of bytes per second processed.\n");
4435             printf("type        ");
4436         }
4437         for (testnum = 0; testnum < size_num; testnum++)
4438             printf(mr ? ":%d" : "%7d bytes", lengths[testnum]);
4439         printf("\n");
4440     }
4441 
4442     for (k = 0; k < ALGOR_NUM; k++) {
4443         const char *alg_name = names[k];
4444 
4445         if (!doit[k])
4446             continue;
4447 
4448         if (k == D_EVP) {
4449             if (evp_cipher == NULL)
4450                 alg_name = evp_md_name;
4451             else if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
4452                 app_bail_out("failed to get name of cipher '%s'\n", evp_cipher);
4453         }
4454 
4455         if (mr)
4456             printf("+F:%u:%s", k, alg_name);
4457         else
4458             printf("%-13s", alg_name);
4459         for (testnum = 0; testnum < size_num; testnum++) {
4460             if (results[k][testnum] > 10000 && !mr)
4461                 printf(" %11.2fk", results[k][testnum] / 1e3);
4462             else
4463                 printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
4464         }
4465         printf("\n");
4466     }
4467     testnum = 1;
4468     for (k = 0; k < RSA_NUM; k++) {
4469         if (!rsa_doit[k])
4470             continue;
4471         if (testnum && !mr) {
4472             printf("%19ssign    verify    encrypt   decrypt   sign/s verify/s  encr./s  decr./s\n", " ");
4473             testnum = 0;
4474         }
4475         if (mr)
4476             printf("+F2:%u:%u:%f:%f:%f:%f\n",
4477                    k, rsa_keys[k].bits, rsa_results[k][0], rsa_results[k][1],
4478                    rsa_results[k][2], rsa_results[k][3]);
4479         else
4480             printf("rsa %5u bits %8.6fs %8.6fs %8.6fs %8.6fs %8.1f %8.1f %8.1f %8.1f\n",
4481                    rsa_keys[k].bits, 1.0 / rsa_results[k][0],
4482                    1.0 / rsa_results[k][1], 1.0 / rsa_results[k][2],
4483                    1.0 / rsa_results[k][3],
4484                    rsa_results[k][0], rsa_results[k][1],
4485                    rsa_results[k][2], rsa_results[k][3]);
4486     }
4487     testnum = 1;
4488 #ifndef OPENSSL_NO_DSA
4489     for (k = 0; k < DSA_NUM; k++) {
4490         if (!dsa_doit[k])
4491             continue;
4492         if (testnum && !mr) {
4493             printf("%18ssign    verify    sign/s verify/s\n", " ");
4494             testnum = 0;
4495         }
4496         if (mr)
4497             printf("+F3:%u:%u:%f:%f\n",
4498                    k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
4499         else
4500             printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
4501                    dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
4502                    dsa_results[k][0], dsa_results[k][1]);
4503     }
4504 #endif /* OPENSSL_NO_DSA */
4505     testnum = 1;
4506     for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
4507         if (!ecdsa_doit[k])
4508             continue;
4509         if (testnum && !mr) {
4510             printf("%30ssign    verify    sign/s verify/s\n", " ");
4511             testnum = 0;
4512         }
4513 
4514         if (mr)
4515             printf("+F4:%u:%u:%f:%f\n",
4516                    k, ec_curves[k].bits,
4517                    ecdsa_results[k][0], ecdsa_results[k][1]);
4518         else
4519             printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
4520                    ec_curves[k].bits, ec_curves[k].name,
4521                    1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
4522                    ecdsa_results[k][0], ecdsa_results[k][1]);
4523     }
4524 
4525     testnum = 1;
4526     for (k = 0; k < EC_NUM; k++) {
4527         if (!ecdh_doit[k])
4528             continue;
4529         if (testnum && !mr) {
4530             printf("%30sop      op/s\n", " ");
4531             testnum = 0;
4532         }
4533         if (mr)
4534             printf("+F5:%u:%u:%f:%f\n",
4535                    k, ec_curves[k].bits,
4536                    ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
4537 
4538         else
4539             printf("%4u bits ecdh (%s) %8.4fs %8.1f\n",
4540                    ec_curves[k].bits, ec_curves[k].name,
4541                    1.0 / ecdh_results[k][0], ecdh_results[k][0]);
4542     }
4543 
4544 #ifndef OPENSSL_NO_ECX
4545     testnum = 1;
4546     for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) {
4547         if (!eddsa_doit[k])
4548             continue;
4549         if (testnum && !mr) {
4550             printf("%30ssign    verify    sign/s verify/s\n", " ");
4551             testnum = 0;
4552         }
4553 
4554         if (mr)
4555             printf("+F6:%u:%u:%s:%f:%f\n",
4556                    k, ed_curves[k].bits, ed_curves[k].name,
4557                    eddsa_results[k][0], eddsa_results[k][1]);
4558         else
4559             printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
4560                    ed_curves[k].bits, ed_curves[k].name,
4561                    1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1],
4562                    eddsa_results[k][0], eddsa_results[k][1]);
4563     }
4564 #endif /* OPENSSL_NO_ECX */
4565 
4566 #ifndef OPENSSL_NO_SM2
4567     testnum = 1;
4568     for (k = 0; k < OSSL_NELEM(sm2_doit); k++) {
4569         if (!sm2_doit[k])
4570             continue;
4571         if (testnum && !mr) {
4572             printf("%30ssign    verify    sign/s verify/s\n", " ");
4573             testnum = 0;
4574         }
4575 
4576         if (mr)
4577             printf("+F7:%u:%u:%s:%f:%f\n",
4578                    k, sm2_curves[k].bits, sm2_curves[k].name,
4579                    sm2_results[k][0], sm2_results[k][1]);
4580         else
4581             printf("%4u bits SM2 (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
4582                    sm2_curves[k].bits, sm2_curves[k].name,
4583                    1.0 / sm2_results[k][0], 1.0 / sm2_results[k][1],
4584                    sm2_results[k][0], sm2_results[k][1]);
4585     }
4586 #endif
4587 #ifndef OPENSSL_NO_DH
4588     testnum = 1;
4589     for (k = 0; k < FFDH_NUM; k++) {
4590         if (!ffdh_doit[k])
4591             continue;
4592         if (testnum && !mr) {
4593             printf("%23sop     op/s\n", " ");
4594             testnum = 0;
4595         }
4596         if (mr)
4597             printf("+F8:%u:%u:%f:%f\n",
4598                    k, ffdh_params[k].bits,
4599                    ffdh_results[k][0], 1.0 / ffdh_results[k][0]);
4600 
4601         else
4602             printf("%4u bits ffdh %8.4fs %8.1f\n",
4603                    ffdh_params[k].bits,
4604                    1.0 / ffdh_results[k][0], ffdh_results[k][0]);
4605     }
4606 #endif /* OPENSSL_NO_DH */
4607 
4608     testnum = 1;
4609     for (k = 0; k < kems_algs_len; k++) {
4610         const char *kem_name = kems_algname[k];
4611 
4612         if (!kems_doit[k] || !do_kems)
4613             continue;
4614         if (testnum && !mr) {
4615             printf("%31skeygen    encaps    decaps keygens/s  encaps/s  decaps/s\n", " ");
4616             testnum = 0;
4617         }
4618         if (mr)
4619             printf("+F9:%u:%f:%f:%f\n",
4620                    k, kems_results[k][0], kems_results[k][1],
4621                    kems_results[k][2]);
4622         else
4623             printf("%27s %8.6fs %8.6fs %8.6fs %9.1f %9.1f %9.1f\n", kem_name,
4624                    1.0 / kems_results[k][0],
4625                    1.0 / kems_results[k][1], 1.0 / kems_results[k][2],
4626                    kems_results[k][0], kems_results[k][1], kems_results[k][2]);
4627     }
4628     ret = 0;
4629 
4630     testnum = 1;
4631     for (k = 0; k < sigs_algs_len; k++) {
4632         const char *sig_name = sigs_algname[k];
4633 
4634         if (!sigs_doit[k] || !do_sigs)
4635             continue;
4636         if (testnum && !mr) {
4637             printf("%31skeygen     signs    verify keygens/s    sign/s  verify/s\n", " ");
4638             testnum = 0;
4639         }
4640         if (mr)
4641             printf("+F10:%u:%f:%f:%f\n",
4642                    k, sigs_results[k][0], sigs_results[k][1],
4643                    sigs_results[k][2]);
4644         else
4645             printf("%27s %8.6fs %8.6fs %8.6fs %9.1f %9.1f %9.1f\n", sig_name,
4646                    1.0 / sigs_results[k][0], 1.0 / sigs_results[k][1],
4647                    1.0 / sigs_results[k][2], sigs_results[k][0],
4648                    sigs_results[k][1], sigs_results[k][2]);
4649     }
4650     ret = 0;
4651 
4652  end:
4653     if (ret == 0 && testmode)
4654         ret = testmoderesult;
4655     ERR_print_errors(bio_err);
4656     for (i = 0; i < loopargs_len; i++) {
4657         OPENSSL_free(loopargs[i].buf_malloc);
4658         OPENSSL_free(loopargs[i].buf2_malloc);
4659 
4660         BN_free(bn);
4661         EVP_PKEY_CTX_free(genctx);
4662         for (k = 0; k < RSA_NUM; k++) {
4663             EVP_PKEY_CTX_free(loopargs[i].rsa_sign_ctx[k]);
4664             EVP_PKEY_CTX_free(loopargs[i].rsa_verify_ctx[k]);
4665             EVP_PKEY_CTX_free(loopargs[i].rsa_encrypt_ctx[k]);
4666             EVP_PKEY_CTX_free(loopargs[i].rsa_decrypt_ctx[k]);
4667         }
4668 #ifndef OPENSSL_NO_DH
4669         OPENSSL_free(loopargs[i].secret_ff_a);
4670         OPENSSL_free(loopargs[i].secret_ff_b);
4671         for (k = 0; k < FFDH_NUM; k++)
4672             EVP_PKEY_CTX_free(loopargs[i].ffdh_ctx[k]);
4673 #endif
4674 #ifndef OPENSSL_NO_DSA
4675         for (k = 0; k < DSA_NUM; k++) {
4676             EVP_PKEY_CTX_free(loopargs[i].dsa_sign_ctx[k]);
4677             EVP_PKEY_CTX_free(loopargs[i].dsa_verify_ctx[k]);
4678         }
4679 #endif
4680         for (k = 0; k < ECDSA_NUM; k++) {
4681             EVP_PKEY_CTX_free(loopargs[i].ecdsa_sign_ctx[k]);
4682             EVP_PKEY_CTX_free(loopargs[i].ecdsa_verify_ctx[k]);
4683         }
4684         for (k = 0; k < EC_NUM; k++)
4685             EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
4686 #ifndef OPENSSL_NO_ECX
4687         for (k = 0; k < EdDSA_NUM; k++) {
4688             EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]);
4689             EVP_MD_CTX_free(loopargs[i].eddsa_ctx2[k]);
4690         }
4691 #endif /* OPENSSL_NO_ECX */
4692 #ifndef OPENSSL_NO_SM2
4693         for (k = 0; k < SM2_NUM; k++) {
4694             EVP_PKEY_CTX *pctx = NULL;
4695 
4696             /* free signing ctx */
4697             if (loopargs[i].sm2_ctx[k] != NULL
4698                 && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL)
4699                 EVP_PKEY_CTX_free(pctx);
4700             EVP_MD_CTX_free(loopargs[i].sm2_ctx[k]);
4701             /* free verification ctx */
4702             if (loopargs[i].sm2_vfy_ctx[k] != NULL
4703                 && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL)
4704                 EVP_PKEY_CTX_free(pctx);
4705             EVP_MD_CTX_free(loopargs[i].sm2_vfy_ctx[k]);
4706             /* free pkey */
4707             EVP_PKEY_free(loopargs[i].sm2_pkey[k]);
4708         }
4709 #endif
4710         for (k = 0; k < kems_algs_len; k++) {
4711             EVP_PKEY_CTX_free(loopargs[i].kem_gen_ctx[k]);
4712             EVP_PKEY_CTX_free(loopargs[i].kem_encaps_ctx[k]);
4713             EVP_PKEY_CTX_free(loopargs[i].kem_decaps_ctx[k]);
4714             OPENSSL_free(loopargs[i].kem_out[k]);
4715             OPENSSL_free(loopargs[i].kem_send_secret[k]);
4716             OPENSSL_free(loopargs[i].kem_rcv_secret[k]);
4717         }
4718         for (k = 0; k < sigs_algs_len; k++) {
4719             EVP_PKEY_CTX_free(loopargs[i].sig_gen_ctx[k]);
4720             EVP_PKEY_CTX_free(loopargs[i].sig_sign_ctx[k]);
4721             EVP_PKEY_CTX_free(loopargs[i].sig_verify_ctx[k]);
4722             OPENSSL_free(loopargs[i].sig_sig[k]);
4723         }
4724         OPENSSL_free(loopargs[i].secret_a);
4725         OPENSSL_free(loopargs[i].secret_b);
4726     }
4727     OPENSSL_free(evp_hmac_name);
4728     OPENSSL_free(evp_cmac_name);
4729     for (k = 0; k < kems_algs_len; k++)
4730         OPENSSL_free(kems_algname[k]);
4731     if (kem_stack != NULL)
4732         sk_EVP_KEM_pop_free(kem_stack, EVP_KEM_free);
4733     for (k = 0; k < sigs_algs_len; k++)
4734         OPENSSL_free(sigs_algname[k]);
4735     if (sig_stack != NULL)
4736         sk_EVP_SIGNATURE_pop_free(sig_stack, EVP_SIGNATURE_free);
4737 
4738     if (async_jobs > 0) {
4739         for (i = 0; i < loopargs_len; i++)
4740             ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
4741     }
4742 
4743     if (async_init) {
4744         ASYNC_cleanup_thread();
4745     }
4746     OPENSSL_free(loopargs);
4747     release_engine(e);
4748     EVP_CIPHER_free(evp_cipher);
4749     EVP_MAC_free(mac);
4750     NCONF_free(conf);
4751     return ret;
4752 }
4753 
print_message(const char * s,int length,int tm)4754 static void print_message(const char *s, int length, int tm)
4755 {
4756     BIO_printf(bio_err,
4757                mr ? "+DT:%s:%d:%d\n"
4758                : "Doing %s ops for %ds on %d size blocks: ", s, tm, length);
4759     (void)BIO_flush(bio_err);
4760     run = 1;
4761     alarm(tm);
4762 }
4763 
pkey_print_message(const char * str,const char * str2,unsigned int bits,int tm)4764 static void pkey_print_message(const char *str, const char *str2, unsigned int bits,
4765                                int tm)
4766 {
4767     BIO_printf(bio_err,
4768                mr ? "+DTP:%d:%s:%s:%d\n"
4769                : "Doing %u bits %s %s ops for %ds: ", bits, str, str2, tm);
4770     (void)BIO_flush(bio_err);
4771     run = 1;
4772     alarm(tm);
4773 }
4774 
kskey_print_message(const char * str,const char * str2,int tm)4775 static void kskey_print_message(const char *str, const char *str2, int tm)
4776 {
4777     BIO_printf(bio_err,
4778                mr ? "+DTP:%s:%s:%d\n"
4779                : "Doing %s %s ops for %ds: ", str, str2, tm);
4780     (void)BIO_flush(bio_err);
4781     run = 1;
4782     alarm(tm);
4783 }
4784 
print_result(int alg,int run_no,int count,double time_used)4785 static void print_result(int alg, int run_no, int count, double time_used)
4786 {
4787     if (count == -1) {
4788         BIO_printf(bio_err, "%s error!\n", names[alg]);
4789         dofail();
4790         return;
4791     }
4792     BIO_printf(bio_err,
4793                mr ? "+R:%d:%s:%f\n"
4794                : "%d %s ops in %.2fs\n", count, names[alg], time_used);
4795     results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
4796 }
4797 
4798 #ifndef NO_FORK
sstrsep(char ** string,const char * delim)4799 static char *sstrsep(char **string, const char *delim)
4800 {
4801     char isdelim[256];
4802     char *token = *string;
4803 
4804     memset(isdelim, 0, sizeof(isdelim));
4805     isdelim[0] = 1;
4806 
4807     while (*delim) {
4808         isdelim[(unsigned char)(*delim)] = 1;
4809         delim++;
4810     }
4811 
4812     while (!isdelim[(unsigned char)(**string)])
4813         (*string)++;
4814 
4815     if (**string) {
4816         **string = 0;
4817         (*string)++;
4818     }
4819 
4820     return token;
4821 }
4822 
strtoint(const char * str,const int min_val,const int upper_val,int * res)4823 static int strtoint(const char *str, const int min_val, const int upper_val,
4824                     int *res)
4825 {
4826     char *end = NULL;
4827     long int val = 0;
4828 
4829     errno = 0;
4830     val = strtol(str, &end, 10);
4831     if (errno == 0 && end != str && *end == 0
4832         && min_val <= val && val < upper_val) {
4833         *res = (int)val;
4834         return 1;
4835     } else {
4836         return 0;
4837     }
4838 }
4839 
do_multi(int multi,int size_num)4840 static int do_multi(int multi, int size_num)
4841 {
4842     int n;
4843     int fd[2];
4844     int *fds;
4845     int status;
4846     static char sep[] = ":";
4847 
4848     fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
4849     for (n = 0; n < multi; ++n) {
4850         if (pipe(fd) == -1) {
4851             BIO_printf(bio_err, "pipe failure\n");
4852             exit(1);
4853         }
4854         fflush(stdout);
4855         (void)BIO_flush(bio_err);
4856         if (fork()) {
4857             close(fd[1]);
4858             fds[n] = fd[0];
4859         } else {
4860             close(fd[0]);
4861             close(1);
4862             if (dup(fd[1]) == -1) {
4863                 BIO_printf(bio_err, "dup failed\n");
4864                 exit(1);
4865             }
4866             close(fd[1]);
4867             mr = 1;
4868             usertime = 0;
4869             OPENSSL_free(fds);
4870             return 0;
4871         }
4872         printf("Forked child %d\n", n);
4873     }
4874 
4875     /* for now, assume the pipe is long enough to take all the output */
4876     for (n = 0; n < multi; ++n) {
4877         FILE *f;
4878         char buf[1024];
4879         char *p;
4880         char *tk;
4881         int k;
4882         double d;
4883 
4884         if ((f = fdopen(fds[n], "r")) == NULL) {
4885             BIO_printf(bio_err, "fdopen failure with 0x%x\n",
4886                        errno);
4887             OPENSSL_free(fds);
4888             return 1;
4889         }
4890         while (fgets(buf, sizeof(buf), f)) {
4891             p = strchr(buf, '\n');
4892             if (p)
4893                 *p = '\0';
4894             if (buf[0] != '+') {
4895                 BIO_printf(bio_err,
4896                            "Don't understand line '%s' from child %d\n", buf,
4897                            n);
4898                 continue;
4899             }
4900             printf("Got: %s from %d\n", buf, n);
4901             p = buf;
4902             if (CHECK_AND_SKIP_PREFIX(p, "+F:")) {
4903                 int alg;
4904                 int j;
4905 
4906                 if (strtoint(sstrsep(&p, sep), 0, ALGOR_NUM, &alg)) {
4907                     sstrsep(&p, sep);
4908                     for (j = 0; j < size_num; ++j)
4909                         results[alg][j] += atof(sstrsep(&p, sep));
4910                 }
4911             } else if (CHECK_AND_SKIP_PREFIX(p, "+F2:")) {
4912                 tk = sstrsep(&p, sep);
4913                 if (strtoint(tk, 0, OSSL_NELEM(rsa_results), &k)) {
4914                     sstrsep(&p, sep);
4915 
4916                     d = atof(sstrsep(&p, sep));
4917                     rsa_results[k][0] += d;
4918 
4919                     d = atof(sstrsep(&p, sep));
4920                     rsa_results[k][1] += d;
4921 
4922                     d = atof(sstrsep(&p, sep));
4923                     rsa_results[k][2] += d;
4924 
4925                     d = atof(sstrsep(&p, sep));
4926                     rsa_results[k][3] += d;
4927                 }
4928 # ifndef OPENSSL_NO_DSA
4929             } else if (CHECK_AND_SKIP_PREFIX(p, "+F3:")) {
4930                 tk = sstrsep(&p, sep);
4931                 if (strtoint(tk, 0, OSSL_NELEM(dsa_results), &k)) {
4932                     sstrsep(&p, sep);
4933 
4934                     d = atof(sstrsep(&p, sep));
4935                     dsa_results[k][0] += d;
4936 
4937                     d = atof(sstrsep(&p, sep));
4938                     dsa_results[k][1] += d;
4939                 }
4940 # endif /* OPENSSL_NO_DSA */
4941             } else if (CHECK_AND_SKIP_PREFIX(p, "+F4:")) {
4942                 tk = sstrsep(&p, sep);
4943                 if (strtoint(tk, 0, OSSL_NELEM(ecdsa_results), &k)) {
4944                     sstrsep(&p, sep);
4945 
4946                     d = atof(sstrsep(&p, sep));
4947                     ecdsa_results[k][0] += d;
4948 
4949                     d = atof(sstrsep(&p, sep));
4950                     ecdsa_results[k][1] += d;
4951                 }
4952             } else if (CHECK_AND_SKIP_PREFIX(p, "+F5:")) {
4953                 tk = sstrsep(&p, sep);
4954                 if (strtoint(tk, 0, OSSL_NELEM(ecdh_results), &k)) {
4955                     sstrsep(&p, sep);
4956 
4957                     d = atof(sstrsep(&p, sep));
4958                     ecdh_results[k][0] += d;
4959                 }
4960 # ifndef OPENSSL_NO_ECX
4961             } else if (CHECK_AND_SKIP_PREFIX(p, "+F6:")) {
4962                 tk = sstrsep(&p, sep);
4963                 if (strtoint(tk, 0, OSSL_NELEM(eddsa_results), &k)) {
4964                     sstrsep(&p, sep);
4965                     sstrsep(&p, sep);
4966 
4967                     d = atof(sstrsep(&p, sep));
4968                     eddsa_results[k][0] += d;
4969 
4970                     d = atof(sstrsep(&p, sep));
4971                     eddsa_results[k][1] += d;
4972                 }
4973 # endif /* OPENSSL_NO_ECX */
4974 # ifndef OPENSSL_NO_SM2
4975             } else if (CHECK_AND_SKIP_PREFIX(p, "+F7:")) {
4976                 tk = sstrsep(&p, sep);
4977                 if (strtoint(tk, 0, OSSL_NELEM(sm2_results), &k)) {
4978                     sstrsep(&p, sep);
4979                     sstrsep(&p, sep);
4980 
4981                     d = atof(sstrsep(&p, sep));
4982                     sm2_results[k][0] += d;
4983 
4984                     d = atof(sstrsep(&p, sep));
4985                     sm2_results[k][1] += d;
4986                 }
4987 # endif /* OPENSSL_NO_SM2 */
4988 # ifndef OPENSSL_NO_DH
4989             } else if (CHECK_AND_SKIP_PREFIX(p, "+F8:")) {
4990                 tk = sstrsep(&p, sep);
4991                 if (strtoint(tk, 0, OSSL_NELEM(ffdh_results), &k)) {
4992                     sstrsep(&p, sep);
4993 
4994                     d = atof(sstrsep(&p, sep));
4995                     ffdh_results[k][0] += d;
4996                 }
4997 # endif /* OPENSSL_NO_DH */
4998             } else if (CHECK_AND_SKIP_PREFIX(p, "+F9:")) {
4999                 tk = sstrsep(&p, sep);
5000                 if (strtoint(tk, 0, OSSL_NELEM(kems_results), &k)) {
5001                     d = atof(sstrsep(&p, sep));
5002                     kems_results[k][0] += d;
5003 
5004                     d = atof(sstrsep(&p, sep));
5005                     kems_results[k][1] += d;
5006 
5007                     d = atof(sstrsep(&p, sep));
5008                     kems_results[k][2] += d;
5009                 }
5010             } else if (CHECK_AND_SKIP_PREFIX(p, "+F10:")) {
5011                 tk = sstrsep(&p, sep);
5012                 if (strtoint(tk, 0, OSSL_NELEM(sigs_results), &k)) {
5013                     d = atof(sstrsep(&p, sep));
5014                     sigs_results[k][0] += d;
5015 
5016                     d = atof(sstrsep(&p, sep));
5017                     sigs_results[k][1] += d;
5018 
5019                     d = atof(sstrsep(&p, sep));
5020                     sigs_results[k][2] += d;
5021                 }
5022             } else if (!HAS_PREFIX(buf, "+H:")) {
5023                 BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
5024                            n);
5025             }
5026         }
5027 
5028         fclose(f);
5029     }
5030     OPENSSL_free(fds);
5031     for (n = 0; n < multi; ++n) {
5032         while (wait(&status) == -1)
5033             if (errno != EINTR) {
5034                 BIO_printf(bio_err, "Waitng for child failed with 0x%x\n",
5035                            errno);
5036                 return 1;
5037             }
5038         if (WIFEXITED(status) && WEXITSTATUS(status)) {
5039             BIO_printf(bio_err, "Child exited with %d\n", WEXITSTATUS(status));
5040         } else if (WIFSIGNALED(status)) {
5041             BIO_printf(bio_err, "Child terminated by signal %d\n",
5042                        WTERMSIG(status));
5043         }
5044     }
5045     return 1;
5046 }
5047 #endif
5048 
multiblock_speed(const EVP_CIPHER * evp_cipher,int lengths_single,const openssl_speed_sec_t * seconds)5049 static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
5050                              const openssl_speed_sec_t *seconds)
5051 {
5052     static const int mblengths_list[] = {
5053         8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024
5054     };
5055     const int *mblengths = mblengths_list;
5056     int j, count, keylen, num = OSSL_NELEM(mblengths_list), ciph_success = 1;
5057     const char *alg_name;
5058     unsigned char *inp = NULL, *out = NULL, *key, no_key[32], no_iv[16];
5059     EVP_CIPHER_CTX *ctx = NULL;
5060     double d = 0.0;
5061 
5062     if (lengths_single) {
5063         mblengths = &lengths_single;
5064         num = 1;
5065     }
5066 
5067     inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
5068     out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
5069     if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5070         app_bail_out("failed to allocate cipher context\n");
5071     if (!EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv))
5072         app_bail_out("failed to initialise cipher context\n");
5073 
5074     if ((keylen = EVP_CIPHER_CTX_get_key_length(ctx)) < 0) {
5075         BIO_printf(bio_err, "Impossible negative key length: %d\n", keylen);
5076         goto err;
5077     }
5078     key = app_malloc(keylen, "evp_cipher key");
5079     if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
5080         app_bail_out("failed to generate random cipher key\n");
5081     if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL))
5082         app_bail_out("failed to set cipher key\n");
5083     OPENSSL_clear_free(key, keylen);
5084 
5085     if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY,
5086                              sizeof(no_key), no_key) <= 0)
5087         app_bail_out("failed to set AEAD key\n");
5088     if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL)
5089         app_bail_out("failed to get cipher name\n");
5090 
5091     for (j = 0; j < num; j++) {
5092         print_message(alg_name, mblengths[j], seconds->sym);
5093         Time_F(START);
5094         for (count = 0; run && COND(count); count++) {
5095             EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
5096             size_t len = mblengths[j];
5097             int packlen;
5098 
5099             memset(aad, 0, 8);  /* avoid uninitialized values */
5100             aad[8] = 23;        /* SSL3_RT_APPLICATION_DATA */
5101             aad[9] = 3;         /* version */
5102             aad[10] = 2;
5103             aad[11] = 0;        /* length */
5104             aad[12] = 0;
5105             mb_param.out = NULL;
5106             mb_param.inp = aad;
5107             mb_param.len = len;
5108             mb_param.interleave = 8;
5109 
5110             packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
5111                                           sizeof(mb_param), &mb_param);
5112 
5113             if (packlen > 0) {
5114                 mb_param.out = out;
5115                 mb_param.inp = inp;
5116                 mb_param.len = len;
5117                 (void)EVP_CIPHER_CTX_ctrl(ctx,
5118                                           EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
5119                                           sizeof(mb_param), &mb_param);
5120             } else {
5121                 int pad;
5122 
5123                 if (RAND_bytes(inp, 16) <= 0)
5124                     app_bail_out("error setting random bytes\n");
5125                 len += 16;
5126                 aad[11] = (unsigned char)(len >> 8);
5127                 aad[12] = (unsigned char)(len);
5128                 pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
5129                                           EVP_AEAD_TLS1_AAD_LEN, aad);
5130                 ciph_success = EVP_Cipher(ctx, out, inp, len + pad);
5131             }
5132         }
5133         d = Time_F(STOP);
5134         BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
5135                    : "%d %s ops in %.2fs\n", count, "evp", d);
5136         if ((ciph_success <= 0) && (mr == 0))
5137             BIO_printf(bio_err, "Error performing cipher op\n");
5138         results[D_EVP][j] = ((double)count) / d * mblengths[j];
5139     }
5140 
5141     if (mr) {
5142         fprintf(stdout, "+H");
5143         for (j = 0; j < num; j++)
5144             fprintf(stdout, ":%d", mblengths[j]);
5145         fprintf(stdout, "\n");
5146         fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
5147         for (j = 0; j < num; j++)
5148             fprintf(stdout, ":%.2f", results[D_EVP][j]);
5149         fprintf(stdout, "\n");
5150     } else {
5151         fprintf(stdout,
5152                 "The 'numbers' are in 1000s of bytes per second processed.\n");
5153         fprintf(stdout, "type                    ");
5154         for (j = 0; j < num; j++)
5155             fprintf(stdout, "%7d bytes", mblengths[j]);
5156         fprintf(stdout, "\n");
5157         fprintf(stdout, "%-24s", alg_name);
5158 
5159         for (j = 0; j < num; j++) {
5160             if (results[D_EVP][j] > 10000)
5161                 fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
5162             else
5163                 fprintf(stdout, " %11.2f ", results[D_EVP][j]);
5164         }
5165         fprintf(stdout, "\n");
5166     }
5167 
5168  err:
5169     OPENSSL_free(inp);
5170     OPENSSL_free(out);
5171     EVP_CIPHER_CTX_free(ctx);
5172 }
5173