Speed for HMACs.

Add support for HMAC over any evp supported digest. Reviewed-by: N Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6945)

Speed for HMACs.
Add support for HMAC over any evp supported digest. Reviewed-by: N Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6945)
f88b9b79 · Pauli · b28bfa7e · f88b9b79 · f88b9b79
隐藏空白更改
内联并排

Showing with 61 addition and 4 deletion

apps/speed.c apps/speed.c +56 -4

doc/man1/speed.pod doc/man1/speed.pod +5 -0

未找到文件。
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -298,7 +298,7 @@ static int opt_found(const char *name, unsigned int *result,

 typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-    OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
+    OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
    OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM,
    OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD
 } OPTION_CHOICE;
@@ -308,6 +308,7 @@ const OPTIONS speed_options[] = {
    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
    {"help", OPT_HELP, '-', "Display this summary"},
    {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
+    {"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"},
    {"decrypt", OPT_DECRYPT, '-',
     "Time decryption instead of encryption (only EVP)"},
    {"aead", OPT_AEAD, '-',
@@ -369,6 +370,8 @@ const OPTIONS speed_options[] = {
 #define D_IGE_256_AES   28
 #define D_GHASH         29
 #define D_RAND          30
+#define D_EVP_HMAC      31
+
 /* name of algorithms to test */
 static const char *names[] = {
    "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
@@ -378,7 +381,7 @@ static const char *names[] = {
    "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
    "evp", "sha256", "sha512", "whirlpool",
    "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash",
-    "rand"
+    "rand", "hmac"
 };
 #define ALGOR_NUM       OSSL_NELEM(names)

@@ -1032,6 +1035,26 @@ static int EVP_Digest_loop(void *args)
    return count;
 }

+static const EVP_MD *evp_hmac_md = NULL;
+static char *evp_hmac_name = NULL;
+static int EVP_HMAC_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char no_key[32];
+    int count;
+#ifndef SIGALRM
+    int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
+#endif
+
+    for (count = 0; COND(nb_iter); count++) {
+        if (HMAC(evp_hmac_md, no_key, sizeof(no_key), buf, lengths[testnum],
+                 NULL, NULL) == NULL)
+            return -1;
+    }
+    return count;
+}
+
 #ifndef OPENSSL_NO_RSA
 static long rsa_c[RSA_NUM][2];  /* # RSA iteration test */

@@ -1567,6 +1590,15 @@ int speed_main(int argc, char **argv)
            }
            doit[D_EVP] = 1;
            break;
+        case OPT_HMAC:
+            evp_hmac_md = EVP_get_digestbyname(opt_arg());
+            if (evp_hmac_md == NULL) {
+                BIO_printf(bio_err, "%s: %s is an unknown digest\n",
+                           prog, opt_arg());
+                goto end;
+            }
+            doit[D_EVP_HMAC] = 1;
+            break;
        case OPT_DECRYPT:
            decrypt = 1;
            break;
@@ -1805,9 +1837,9 @@ int speed_main(int argc, char **argv)
    e = setup_engine(engine_id, 0);

    /* No parameters; turn on everything. */
-    if ((argc == 0) && !doit[D_EVP]) {
+    if (argc == 0 && !doit[D_EVP] && !doit[D_EVP_HMAC]) {
        for (i = 0; i < ALGOR_NUM; i++)
-            if (i != D_EVP)
+            if (i != D_EVP && i != D_EVP_HMAC)
                doit[i] = 1;
 #ifndef OPENSSL_NO_RSA
        for (i = 0; i < RSA_NUM; i++)
@@ -2649,6 +2681,25 @@ int speed_main(int argc, char **argv)
        }
    }

+    if (doit[D_EVP_HMAC]) {
+        if (evp_hmac_md != NULL) {
+            const char *md_name = OBJ_nid2ln(EVP_MD_type(evp_hmac_md));
+            evp_hmac_name = app_malloc(sizeof("HMAC()") + strlen(md_name),
+                                       "HMAC name");
+            sprintf(evp_hmac_name, "HMAC(%s)", md_name);
+            names[D_EVP_HMAC] = evp_hmac_name;
+
+            for (testnum = 0; testnum < size_num; testnum++) {
+                print_message(names[D_EVP_HMAC], save_count, lengths[testnum],
+                              seconds.sym);
+                Time_F(START);
+                count = run_benchmark(async_jobs, EVP_HMAC_loop, loopargs);
+                d = Time_F(STOP);
+                print_result(D_EVP_HMAC, testnum, count, d);
+            }
+        }
+    }
+
    for (i = 0; i < loopargs_len; i++)
        if (RAND_bytes(loopargs[i].buf, 36) <= 0)
            goto end;
@@ -3347,6 +3398,7 @@ int speed_main(int argc, char **argv)
        OPENSSL_free(loopargs[i].secret_b);
 #endif
    }
+    OPENSSL_free(evp_hmac_name);

    if (async_jobs > 0) {
        for (i = 0; i < loopargs_len; i++)

--- a/doc/man1/speed.pod
+++ b/doc/man1/speed.pod
@@ -12,6 +12,7 @@ B<openssl speed>
 [B<-engine id>]
 [B<-elapsed>]
 [B<-evp algo>]
+[B<-hmac algo>]
 [B<-decrypt>]
 [B<-rand file...>]
 [B<-writerand file>]
@@ -55,6 +56,10 @@ If B<algo> is an AEAD cipher, then you can pass <-aead> to benchmark a
 TLS-like sequence. And if B<algo> is a multi-buffer capable cipher, e.g.
 aes-128-cbc-hmac-sha1, then B<-mb> will time multi-buffer operation.

+=item B<-hmac digest>
+
+Time the HMAC algorithm using the specified message digest.
+
 =item B<-decrypt>

 Time the decryption instead of encryption. Affects only the EVP testing.