summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/usr.bin/openssl')
-rw-r--r--src/usr.bin/openssl/asn1pars.c8
-rw-r--r--src/usr.bin/openssl/ca.c101
-rw-r--r--src/usr.bin/openssl/certhash.c22
-rw-r--r--src/usr.bin/openssl/cms.c53
-rw-r--r--src/usr.bin/openssl/dgst.c7
-rw-r--r--src/usr.bin/openssl/gendsa.c5
-rw-r--r--src/usr.bin/openssl/genrsa.c5
-rw-r--r--src/usr.bin/openssl/openssl.138
-rw-r--r--src/usr.bin/openssl/openssl.c9
-rw-r--r--src/usr.bin/openssl/pkcs12.c38
-rw-r--r--src/usr.bin/openssl/pkcs8.c6
-rw-r--r--src/usr.bin/openssl/smime.c16
-rw-r--r--src/usr.bin/openssl/speed.c554
-rw-r--r--src/usr.bin/openssl/ts.c24
14 files changed, 399 insertions, 487 deletions
diff --git a/src/usr.bin/openssl/asn1pars.c b/src/usr.bin/openssl/asn1pars.c
index 355784169e..52991c392e 100644
--- a/src/usr.bin/openssl/asn1pars.c
+++ b/src/usr.bin/openssl/asn1pars.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: asn1pars.c,v 1.17 2025/01/02 12:31:44 tb Exp $ */ 1/* $OpenBSD: asn1pars.c,v 1.18 2025/11/27 08:22:32 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -241,7 +241,7 @@ asn1parse_main(int argc, char **argv)
241 BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL; 241 BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL;
242 char *str = NULL; 242 char *str = NULL;
243 const char *errstr = NULL; 243 const char *errstr = NULL;
244 unsigned char *tmpbuf; 244 const unsigned char *tmpbuf;
245 const unsigned char *ctmpbuf; 245 const unsigned char *ctmpbuf;
246 BUF_MEM *buf = NULL; 246 BUF_MEM *buf = NULL;
247 ASN1_TYPE *at = NULL; 247 ASN1_TYPE *at = NULL;
@@ -368,8 +368,8 @@ asn1parse_main(int argc, char **argv)
368 goto end; 368 goto end;
369 } 369 }
370 /* hmm... this is a little evil but it works */ 370 /* hmm... this is a little evil but it works */
371 tmpbuf = at->value.asn1_string->data; 371 tmpbuf = ASN1_STRING_get0_data(at->value.asn1_string);
372 tmplen = at->value.asn1_string->length; 372 tmplen = ASN1_STRING_length(at->value.asn1_string);
373 } 373 }
374 str = (char *) tmpbuf; 374 str = (char *) tmpbuf;
375 num = tmplen; 375 num = tmplen;
diff --git a/src/usr.bin/openssl/ca.c b/src/usr.bin/openssl/ca.c
index b644b746b9..a2e8a68368 100644
--- a/src/usr.bin/openssl/ca.c
+++ b/src/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ca.c,v 1.62 2025/04/14 08:39:27 tb Exp $ */ 1/* $OpenBSD: ca.c,v 1.64 2025/12/21 07:14:47 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -69,6 +69,7 @@
69 69
70#include "apps.h" 70#include "apps.h"
71 71
72#include <openssl/asn1.h>
72#include <openssl/bio.h> 73#include <openssl/bio.h>
73#include <openssl/bn.h> 74#include <openssl/bn.h>
74#include <openssl/conf.h> 75#include <openssl/conf.h>
@@ -1652,6 +1653,54 @@ certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
1652} 1653}
1653 1654
1654static int 1655static int
1656is_printablestring_octet(const uint8_t u8)
1657{
1658 /*
1659 * X.680, 41.4, Table 10 lists the allowed characters in this order.
1660 */
1661
1662 if (u8 >= 'A' && u8 <= 'Z')
1663 return 1;
1664 if (u8 >= 'a' && u8 <= 'z')
1665 return 1;
1666 if (u8 >= '0' && u8 <= '9')
1667 return 1;
1668
1669 return u8 == ' ' || u8 == '\'' || u8 == '(' || u8 == ')' || u8 == '+' ||
1670 u8 == ',' || u8 == '-' || u8 == '.' || u8 == '/' || u8 == ':' ||
1671 u8 == '=' || u8 == '?';
1672}
1673
1674/*
1675 * Allows the high bit to be set only for UTF8, BMP and T61 strings, and
1676 * checks that a PrintableString only contains the specified characters.
1677 */
1678static int
1679validate_octets(const ASN1_STRING *astr)
1680{
1681 const uint8_t *buf = ASN1_STRING_get0_data(astr);
1682 int type = ASN1_STRING_type(astr);
1683 int i;
1684
1685 if (type == V_ASN1_BMPSTRING || type == V_ASN1_UTF8STRING ||
1686 type == V_ASN1_T61STRING)
1687 return 1;
1688
1689 for (i = 0; i < ASN1_STRING_length(astr); i++) {
1690 if (is_printablestring_octet(buf[i]))
1691 continue;
1692
1693 if (type == V_ASN1_PRINTABLESTRING)
1694 return 0;
1695
1696 if ((buf[i] & 0x80) != 0)
1697 return 0;
1698 }
1699
1700 return 1;
1701}
1702
1703static int
1655do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst, 1704do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1656 STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy, 1705 STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy,
1657 CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, 1706 CA_DB *db, BIGNUM *serial, char *subj, unsigned long chtype, int multirdn,
@@ -1717,22 +1766,17 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1717 1766
1718 /* check some things */ 1767 /* check some things */
1719 if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && 1768 if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
1720 (str->type != V_ASN1_IA5STRING)) { 1769 (ASN1_STRING_type(str) != V_ASN1_IA5STRING)) {
1721 BIO_printf(bio_err, 1770 BIO_printf(bio_err,
1722 "\nemailAddress type needs to be of type IA5STRING\n"); 1771 "\nemailAddress type needs to be of type IA5STRING\n");
1723 goto err; 1772 goto err;
1724 } 1773 }
1725 if ((str->type != V_ASN1_BMPSTRING) && 1774
1726 (str->type != V_ASN1_UTF8STRING)) { 1775 if (!validate_octets(str)) {
1727 j = ASN1_PRINTABLE_type(str->data, str->length); 1776 BIO_printf(bio_err,
1728 if (((j == V_ASN1_T61STRING) && 1777 "\nThe string contains characters that are illegal "
1729 (str->type != V_ASN1_T61STRING)) || 1778 "for the ASN.1 type\n");
1730 ((j == V_ASN1_IA5STRING) && 1779 goto err;
1731 (str->type == V_ASN1_PRINTABLESTRING))) {
1732 BIO_printf(bio_err,
1733 "\nThe string contains characters that are illegal for the ASN.1 type\n");
1734 goto err;
1735 }
1736 } 1780 }
1737 if (default_op) 1781 if (default_op)
1738 old_entry_print(bio_err, obj, str); 1782 old_entry_print(bio_err, obj, str);
@@ -1830,9 +1874,9 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
1830 BIO_printf(bio_err, 1874 BIO_printf(bio_err,
1831 "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n", 1875 "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",
1832 cv->name, ((str2 == NULL) ? 1876 cv->name, ((str2 == NULL) ?
1833 "NULL" : (char *) str2->data), 1877 "NULL" : (const char *) ASN1_STRING_get0_data(str2)),
1834 ((str == NULL) ? 1878 ((str == NULL) ?
1835 "NULL" : (char *) str->data)); 1879 "NULL" : (const char *) ASN1_STRING_get0_data(str)));
1836 goto err; 1880 goto err;
1837 } 1881 }
1838 } else { 1882 } else {
@@ -2153,7 +2197,8 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
2153 2197
2154 if ((tm = X509_get_notAfter(ret)) == NULL) 2198 if ((tm = X509_get_notAfter(ret)) == NULL)
2155 goto err; 2199 goto err;
2156 row[DB_exp_date] = strndup(tm->data, tm->length); 2200 row[DB_exp_date] = strndup(ASN1_STRING_get0_data(tm),
2201 ASN1_STRING_length(tm));
2157 if (row[DB_type] == NULL || row[DB_exp_date] == NULL) { 2202 if (row[DB_type] == NULL || row[DB_exp_date] == NULL) {
2158 BIO_printf(bio_err, "Memory allocation failure\n"); 2203 BIO_printf(bio_err, "Memory allocation failure\n");
2159 goto err; 2204 goto err;
@@ -2280,7 +2325,8 @@ do_revoke(X509 *x509, CA_DB *db, int type, char *value)
2280 2325
2281 if ((tm = X509_get_notAfter(x509)) == NULL) 2326 if ((tm = X509_get_notAfter(x509)) == NULL)
2282 goto err; 2327 goto err;
2283 row[DB_exp_date] = strndup(tm->data, tm->length); 2328 row[DB_exp_date] = strndup(ASN1_STRING_get0_data(tm),
2329 ASN1_STRING_length(tm));
2284 if (row[DB_type] == NULL || row[DB_exp_date] == NULL) { 2330 if (row[DB_type] == NULL || row[DB_exp_date] == NULL) {
2285 BIO_printf(bio_err, "Memory allocation failure\n"); 2331 BIO_printf(bio_err, "Memory allocation failure\n");
2286 goto err; 2332 goto err;
@@ -2443,7 +2489,7 @@ do_updatedb(CA_DB *db)
2443 cnt = -1; 2489 cnt = -1;
2444 goto err; 2490 goto err;
2445 } 2491 }
2446 a_tm_s = strndup(a_tm->data, a_tm->length); 2492 a_tm_s = strndup(ASN1_STRING_get0_data(a_tm), ASN1_STRING_length(a_tm));
2447 if (a_tm_s == NULL) { 2493 if (a_tm_s == NULL) {
2448 cnt = -1; 2494 cnt = -1;
2449 goto err; 2495 goto err;
@@ -2579,7 +2625,7 @@ make_revocation_str(int rev_type, char *rev_arg)
2579 if (revtm == NULL) 2625 if (revtm == NULL)
2580 return NULL; 2626 return NULL;
2581 2627
2582 if (asprintf(&str, "%s%s%s%s%s", revtm->data, 2628 if (asprintf(&str, "%s%s%s%s%s", ASN1_STRING_get0_data(revtm),
2583 reason ? "," : "", reason ? reason : "", 2629 reason ? "," : "", reason ? reason : "",
2584 other ? "," : "", other ? other : "") == -1) 2630 other ? "," : "", other ? other : "") == -1)
2585 str = NULL; 2631 str = NULL;
@@ -2652,7 +2698,8 @@ make_revoked(X509_REVOKED *rev, const char *str)
2652int 2698int
2653old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str) 2699old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
2654{ 2700{
2655 char buf[25], *pbuf, *p; 2701 const char *p;
2702 char buf[25], *pbuf;
2656 int j; 2703 int j;
2657 2704
2658 j = i2a_ASN1_OBJECT(bp, obj); 2705 j = i2a_ASN1_OBJECT(bp, obj);
@@ -2663,19 +2710,19 @@ old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
2663 *(pbuf++) = '\0'; 2710 *(pbuf++) = '\0';
2664 BIO_puts(bp, buf); 2711 BIO_puts(bp, buf);
2665 2712
2666 if (str->type == V_ASN1_PRINTABLESTRING) 2713 if (ASN1_STRING_type(str) == V_ASN1_PRINTABLESTRING)
2667 BIO_printf(bp, "PRINTABLE:'"); 2714 BIO_printf(bp, "PRINTABLE:'");
2668 else if (str->type == V_ASN1_T61STRING) 2715 else if (ASN1_STRING_type(str) == V_ASN1_T61STRING)
2669 BIO_printf(bp, "T61STRING:'"); 2716 BIO_printf(bp, "T61STRING:'");
2670 else if (str->type == V_ASN1_IA5STRING) 2717 else if (ASN1_STRING_type(str) == V_ASN1_IA5STRING)
2671 BIO_printf(bp, "IA5STRING:'"); 2718 BIO_printf(bp, "IA5STRING:'");
2672 else if (str->type == V_ASN1_UNIVERSALSTRING) 2719 else if (ASN1_STRING_type(str) == V_ASN1_UNIVERSALSTRING)
2673 BIO_printf(bp, "UNIVERSALSTRING:'"); 2720 BIO_printf(bp, "UNIVERSALSTRING:'");
2674 else 2721 else
2675 BIO_printf(bp, "ASN.1 %2d:'", str->type); 2722 BIO_printf(bp, "ASN.1 %2d:'", ASN1_STRING_type(str));
2676 2723
2677 p = (char *) str->data; 2724 p = (const char *) ASN1_STRING_get0_data(str);
2678 for (j = str->length; j > 0; j--) { 2725 for (j = ASN1_STRING_length(str); j > 0; j--) {
2679 if ((*p >= ' ') && (*p <= '~')) 2726 if ((*p >= ' ') && (*p <= '~'))
2680 BIO_printf(bp, "%c", *p); 2727 BIO_printf(bp, "%c", *p);
2681 else if (*p & 0x80) 2728 else if (*p & 0x80)
diff --git a/src/usr.bin/openssl/certhash.c b/src/usr.bin/openssl/certhash.c
index 5ee29b8d01..1ee1165516 100644
--- a/src/usr.bin/openssl/certhash.c
+++ b/src/usr.bin/openssl/certhash.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: certhash.c,v 1.21 2023/03/06 14:32:05 tb Exp $ */ 1/* $OpenBSD: certhash.c,v 1.22 2025/07/27 14:46:20 joshua Exp $ */
2/* 2/*
3 * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -297,11 +297,10 @@ hashinfo_from_linkname(const char *linkname, const char *target)
297} 297}
298 298
299static struct hashinfo * 299static struct hashinfo *
300certhash_cert(BIO *bio, const char *filename) 300certhash_cert(BIO *bio, const char *filename, const EVP_MD *digest)
301{ 301{
302 unsigned char fingerprint[EVP_MAX_MD_SIZE]; 302 unsigned char fingerprint[EVP_MAX_MD_SIZE];
303 struct hashinfo *hi = NULL; 303 struct hashinfo *hi = NULL;
304 const EVP_MD *digest;
305 X509 *cert = NULL; 304 X509 *cert = NULL;
306 unsigned long hash; 305 unsigned long hash;
307 unsigned int len; 306 unsigned int len;
@@ -311,7 +310,6 @@ certhash_cert(BIO *bio, const char *filename)
311 310
312 hash = X509_subject_name_hash(cert); 311 hash = X509_subject_name_hash(cert);
313 312
314 digest = EVP_sha256();
315 if (X509_digest(cert, digest, fingerprint, &len) != 1) { 313 if (X509_digest(cert, digest, fingerprint, &len) != 1) {
316 fprintf(stderr, "out of memory\n"); 314 fprintf(stderr, "out of memory\n");
317 goto err; 315 goto err;
@@ -326,11 +324,10 @@ certhash_cert(BIO *bio, const char *filename)
326} 324}
327 325
328static struct hashinfo * 326static struct hashinfo *
329certhash_crl(BIO *bio, const char *filename) 327certhash_crl(BIO *bio, const char *filename, const EVP_MD *digest)
330{ 328{
331 unsigned char fingerprint[EVP_MAX_MD_SIZE]; 329 unsigned char fingerprint[EVP_MAX_MD_SIZE];
332 struct hashinfo *hi = NULL; 330 struct hashinfo *hi = NULL;
333 const EVP_MD *digest;
334 X509_CRL *crl = NULL; 331 X509_CRL *crl = NULL;
335 unsigned long hash; 332 unsigned long hash;
336 unsigned int len; 333 unsigned int len;
@@ -340,7 +337,6 @@ certhash_crl(BIO *bio, const char *filename)
340 337
341 hash = X509_NAME_hash(X509_CRL_get_issuer(crl)); 338 hash = X509_NAME_hash(X509_CRL_get_issuer(crl));
342 339
343 digest = EVP_sha256();
344 if (X509_CRL_digest(crl, digest, fingerprint, &len) != 1) { 340 if (X509_CRL_digest(crl, digest, fingerprint, &len) != 1) {
345 fprintf(stderr, "out of memory\n"); 341 fprintf(stderr, "out of memory\n");
346 goto err; 342 goto err;
@@ -509,7 +505,7 @@ certhash_link(struct dirent *dep, struct hashinfo **links)
509 505
510static int 506static int
511certhash_file(struct dirent *dep, struct hashinfo **certs, 507certhash_file(struct dirent *dep, struct hashinfo **certs,
512 struct hashinfo **crls) 508 struct hashinfo **crls, const EVP_MD *digest)
513{ 509{
514 struct hashinfo *hi = NULL; 510 struct hashinfo *hi = NULL;
515 int has_cert, has_crl; 511 int has_cert, has_crl;
@@ -529,7 +525,7 @@ certhash_file(struct dirent *dep, struct hashinfo **certs,
529 goto err; 525 goto err;
530 } 526 }
531 527
532 if ((hi = certhash_cert(bio, dep->d_name)) != NULL) { 528 if ((hi = certhash_cert(bio, dep->d_name, digest)) != NULL) {
533 has_cert = 1; 529 has_cert = 1;
534 *certs = hashinfo_chain(*certs, hi); 530 *certs = hashinfo_chain(*certs, hi);
535 } 531 }
@@ -539,7 +535,7 @@ certhash_file(struct dirent *dep, struct hashinfo **certs,
539 goto err; 535 goto err;
540 } 536 }
541 537
542 if ((hi = certhash_crl(bio, dep->d_name)) != NULL) { 538 if ((hi = certhash_crl(bio, dep->d_name, digest)) != NULL) {
543 has_crl = hi->is_crl = 1; 539 has_crl = hi->is_crl = 1;
544 *crls = hashinfo_chain(*crls, hi); 540 *crls = hashinfo_chain(*crls, hi);
545 } 541 }
@@ -557,7 +553,7 @@ certhash_file(struct dirent *dep, struct hashinfo **certs,
557} 553}
558 554
559static int 555static int
560certhash_directory(const char *path) 556certhash_directory(const char *path, const EVP_MD *digest)
561{ 557{
562 struct hashinfo *links = NULL, *certs = NULL, *crls = NULL, *link; 558 struct hashinfo *links = NULL, *certs = NULL, *crls = NULL, *link;
563 int ret = 0; 559 int ret = 0;
@@ -579,7 +575,7 @@ certhash_directory(const char *path)
579 goto err; 575 goto err;
580 } 576 }
581 if (filename_is_pem(dep->d_name)) { 577 if (filename_is_pem(dep->d_name)) {
582 if (certhash_file(dep, &certs, &crls) == -1) 578 if (certhash_file(dep, &certs, &crls, digest) == -1)
583 goto err; 579 goto err;
584 } 580 }
585 } 581 }
@@ -678,7 +674,7 @@ certhash_main(int argc, char **argv)
678 ret = 1; 674 ret = 1;
679 continue; 675 continue;
680 } 676 }
681 ret |= certhash_directory(argv[i]); 677 ret |= certhash_directory(argv[i], EVP_sha256());
682 if (fchdir(cwdfd) == -1) { 678 if (fchdir(cwdfd) == -1) {
683 perror("failed to restore current directory"); 679 perror("failed to restore current directory");
684 ret = 1; 680 ret = 1;
diff --git a/src/usr.bin/openssl/cms.c b/src/usr.bin/openssl/cms.c
index 8e5015feba..7430f4c935 100644
--- a/src/usr.bin/openssl/cms.c
+++ b/src/usr.bin/openssl/cms.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: cms.c,v 1.37 2025/05/10 05:25:43 tb Exp $ */ 1/* $OpenBSD: cms.c,v 1.40 2025/12/20 07:02:37 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -89,12 +89,10 @@ static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
89#define SMIME_DATA_CREATE (8 | SMIME_OP) 89#define SMIME_DATA_CREATE (8 | SMIME_OP)
90#define SMIME_DIGEST_VERIFY (9 | SMIME_IP) 90#define SMIME_DIGEST_VERIFY (9 | SMIME_IP)
91#define SMIME_DIGEST_CREATE (10 | SMIME_OP) 91#define SMIME_DIGEST_CREATE (10 | SMIME_OP)
92#define SMIME_UNCOMPRESS (11 | SMIME_IP) 92#define SMIME_ENCRYPTED_DECRYPT (11 | SMIME_IP)
93#define SMIME_COMPRESS (12 | SMIME_OP) 93#define SMIME_ENCRYPTED_ENCRYPT (12 | SMIME_OP)
94#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP) 94#define SMIME_SIGN_RECEIPT (13 | SMIME_IP | SMIME_OP)
95#define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP) 95#define SMIME_VERIFY_RECEIPT (14 | SMIME_IP)
96#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
97#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
98 96
99int verify_err = 0; 97int verify_err = 0;
100 98
@@ -493,7 +491,7 @@ static const struct option cms_options[] = {
493 }, 491 },
494 { 492 {
495 .name = "aes256", 493 .name = "aes256",
496 .desc = "Encrypt PEM output with CBC AES", 494 .desc = "Encrypt PEM output with CBC AES (default)",
497 .type = OPTION_ARGV_FUNC, 495 .type = OPTION_ARGV_FUNC,
498 .opt.argvfunc = cms_opt_cipher, 496 .opt.argvfunc = cms_opt_cipher,
499 }, 497 },
@@ -527,7 +525,7 @@ static const struct option cms_options[] = {
527 }, 525 },
528 { 526 {
529 .name = "des3", 527 .name = "des3",
530 .desc = "Encrypt with triple DES (default)", 528 .desc = "Encrypt with triple DES",
531 .type = OPTION_ARGV_FUNC, 529 .type = OPTION_ARGV_FUNC,
532 .opt.argvfunc = cms_opt_cipher, 530 .opt.argvfunc = cms_opt_cipher,
533 }, 531 },
@@ -602,13 +600,6 @@ static const struct option cms_options[] = {
602 .value = SMIME_CMSOUT, 600 .value = SMIME_CMSOUT,
603 }, 601 },
604 { 602 {
605 .name = "compress",
606 .desc = "Create CMS CompressedData type",
607 .type = OPTION_VALUE,
608 .opt.value = &cfg.operation,
609 .value = SMIME_COMPRESS,
610 },
611 {
612 .name = "content", 603 .name = "content",
613 .argname = "file", 604 .argname = "file",
614 .desc = "Supply or override content for detached signature", 605 .desc = "Supply or override content for detached signature",
@@ -998,13 +989,6 @@ static const struct option cms_options[] = {
998 .opt.arg = &cfg.to, 989 .opt.arg = &cfg.to,
999 }, 990 },
1000 { 991 {
1001 .name = "uncompress",
1002 .desc = "Uncompress CMS CompressedData type",
1003 .type = OPTION_VALUE,
1004 .opt.value = &cfg.operation,
1005 .value = SMIME_UNCOMPRESS,
1006 },
1007 {
1008 .name = "verify", 992 .name = "verify",
1009 .desc = "Verify signed message", 993 .desc = "Verify signed message",
1010 .type = OPTION_VALUE, 994 .type = OPTION_VALUE,
@@ -1138,7 +1122,7 @@ cms_usage(void)
1138 " -camellia192 | -camellia256 | -des | -des3 |\n" 1122 " -camellia192 | -camellia256 | -des | -des3 |\n"
1139 " -rc2-40 | -rc2-64 | -rc2-128] [-CAfile file]\n" 1123 " -rc2-40 | -rc2-64 | -rc2-128] [-CAfile file]\n"
1140 " [-CApath directory] [-CRLfile file] [-binary]\n" 1124 " [-CApath directory] [-CRLfile file] [-binary]\n"
1141 " [-certfile file] [-certsout file] [-cmsout] [-compress]\n" 1125 " [-certfile file] [-certsout file] [-cmsout]\n"
1142 " [-content file] [-crlfeol] [-data_create] [-data_out]\n" 1126 " [-content file] [-crlfeol] [-data_create] [-data_out]\n"
1143 " [-debug_decrypt] [-decrypt] [-digest_create] [-digest_verify]\n" 1127 " [-debug_decrypt] [-decrypt] [-digest_create] [-digest_verify]\n"
1144 " [-econtent_type type] [-encrypt] [-EncryptedData_decrypt]\n" 1128 " [-econtent_type type] [-encrypt] [-EncryptedData_decrypt]\n"
@@ -1156,7 +1140,7 @@ cms_usage(void)
1156 " [-receipt_request_to addr] [-recip file] [-resign]\n" 1140 " [-receipt_request_to addr] [-recip file] [-resign]\n"
1157 " [-secretkey key] [-secretkeyid id] [-sign] [-sign_receipt]\n" 1141 " [-secretkey key] [-secretkeyid id] [-sign] [-sign_receipt]\n"
1158 " [-signer file] [-stream | -indef | -noindef] [-subject s]\n" 1142 " [-signer file] [-stream | -indef | -noindef] [-subject s]\n"
1159 " [-text] [-to addr] [-uncompress] [-verify]\n" 1143 " [-text] [-to addr] [-verify]\n"
1160 " [-verify_receipt file] [-verify_retcode] [cert.pem ...]\n\n"); 1144 " [-verify_receipt file] [-verify_retcode] [cert.pem ...]\n\n");
1161 1145
1162 options_usage(cms_options); 1146 options_usage(cms_options);
@@ -1309,14 +1293,8 @@ cms_main(int argc, char **argv)
1309 } 1293 }
1310 1294
1311 if (cfg.operation == SMIME_ENCRYPT) { 1295 if (cfg.operation == SMIME_ENCRYPT) {
1312 if (cfg.cipher == NULL) { 1296 if (cfg.cipher == NULL)
1313#ifndef OPENSSL_NO_DES 1297 cfg.cipher = EVP_aes_256_cbc();
1314 cfg.cipher = EVP_des_ede3_cbc();
1315#else
1316 BIO_printf(bio_err, "No cipher selected\n");
1317 goto end;
1318#endif
1319 }
1320 if (cfg.secret_key != NULL && 1298 if (cfg.secret_key != NULL &&
1321 cfg.secret_keyid == NULL) { 1299 cfg.secret_keyid == NULL) {
1322 BIO_printf(bio_err, "No secret key id\n"); 1300 BIO_printf(bio_err, "No secret key id\n");
@@ -1488,8 +1466,6 @@ cms_main(int argc, char **argv)
1488 } else if (cfg.operation == SMIME_DIGEST_CREATE) { 1466 } else if (cfg.operation == SMIME_DIGEST_CREATE) {
1489 cms = CMS_digest_create(in, cfg.sign_md, 1467 cms = CMS_digest_create(in, cfg.sign_md,
1490 cfg.flags); 1468 cfg.flags);
1491 } else if (cfg.operation == SMIME_COMPRESS) {
1492 cms = CMS_compress(in, -1, cfg.flags);
1493 } else if (cfg.operation == SMIME_ENCRYPT) { 1469 } else if (cfg.operation == SMIME_ENCRYPT) {
1494 int i; 1470 int i;
1495 cfg.flags |= CMS_PARTIAL; 1471 cfg.flags |= CMS_PARTIAL;
@@ -1697,9 +1673,6 @@ cms_main(int argc, char **argv)
1697 } else if (cfg.operation == SMIME_DATAOUT) { 1673 } else if (cfg.operation == SMIME_DATAOUT) {
1698 if (!CMS_data(cms, out, cfg.flags)) 1674 if (!CMS_data(cms, out, cfg.flags))
1699 goto end; 1675 goto end;
1700 } else if (cfg.operation == SMIME_UNCOMPRESS) {
1701 if (!CMS_uncompress(cms, indata, out, cfg.flags))
1702 goto end;
1703 } else if (cfg.operation == SMIME_DIGEST_VERIFY) { 1676 } else if (cfg.operation == SMIME_DIGEST_VERIFY) {
1704 if (CMS_digest_verify(cms, indata, out, cfg.flags) > 0) 1677 if (CMS_digest_verify(cms, indata, out, cfg.flags) > 0)
1705 BIO_printf(bio_err, "Verification successful\n"); 1678 BIO_printf(bio_err, "Verification successful\n");
@@ -1890,14 +1863,14 @@ receipt_request_print(BIO *out, CMS_ContentInfo *cms)
1890 BIO_puts(bio_err, " Receipt Request Parse Error\n"); 1863 BIO_puts(bio_err, " Receipt Request Parse Error\n");
1891 ERR_print_errors(bio_err); 1864 ERR_print_errors(bio_err);
1892 } else { 1865 } else {
1893 char *id; 1866 const char *id;
1894 int idlen; 1867 int idlen;
1895 1868
1896 CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, 1869 CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
1897 &rlist, &rto); 1870 &rlist, &rto);
1898 BIO_puts(out, " Signed Content ID:\n"); 1871 BIO_puts(out, " Signed Content ID:\n");
1899 idlen = ASN1_STRING_length(scid); 1872 idlen = ASN1_STRING_length(scid);
1900 id = (char *) ASN1_STRING_data(scid); 1873 id = (const char *) ASN1_STRING_get0_data(scid);
1901 BIO_dump_indent(out, id, idlen, 4); 1874 BIO_dump_indent(out, id, idlen, 4);
1902 BIO_puts(out, " Receipts From"); 1875 BIO_puts(out, " Receipts From");
1903 if (rlist != NULL) { 1876 if (rlist != NULL) {
diff --git a/src/usr.bin/openssl/dgst.c b/src/usr.bin/openssl/dgst.c
index 3979966481..30a0e50f62 100644
--- a/src/usr.bin/openssl/dgst.c
+++ b/src/usr.bin/openssl/dgst.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dgst.c,v 1.21 2023/03/06 14:32:05 tb Exp $ */ 1/* $OpenBSD: dgst.c,v 1.22 2026/01/02 00:05:48 kenjiro Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -85,7 +85,6 @@ static struct {
85 char *hmac_key; 85 char *hmac_key;
86 char *keyfile; 86 char *keyfile;
87 int keyform; 87 int keyform;
88 const EVP_MD *m;
89 char *mac_name; 88 char *mac_name;
90 STACK_OF(OPENSSL_STRING) *macopts; 89 STACK_OF(OPENSSL_STRING) *macopts;
91 const EVP_MD *md; 90 const EVP_MD *md;
@@ -122,11 +121,9 @@ dgst_opt_md(int argc, char **argv, int *argsused)
122 if (*name++ != '-') 121 if (*name++ != '-')
123 return (1); 122 return (1);
124 123
125 if ((cfg.m = EVP_get_digestbyname(name)) == NULL) 124 if ((cfg.md = EVP_get_digestbyname(name)) == NULL)
126 return (1); 125 return (1);
127 126
128 cfg.md = cfg.m;
129
130 *argsused = 1; 127 *argsused = 1;
131 return (0); 128 return (0);
132} 129}
diff --git a/src/usr.bin/openssl/gendsa.c b/src/usr.bin/openssl/gendsa.c
index 00635c4551..69a7994da7 100644
--- a/src/usr.bin/openssl/gendsa.c
+++ b/src/usr.bin/openssl/gendsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gendsa.c,v 1.17 2023/03/06 14:32:06 tb Exp $ */ 1/* $OpenBSD: gendsa.c,v 1.18 2025/06/07 08:33:58 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -80,7 +80,8 @@ static struct {
80 char *passargout; 80 char *passargout;
81} cfg; 81} cfg;
82 82
83static const EVP_CIPHER *get_cipher_by_name(char *name) 83static const EVP_CIPHER *
84get_cipher_by_name(char *name)
84{ 85{
85 if (name == NULL || strcmp(name, "") == 0) 86 if (name == NULL || strcmp(name, "") == 0)
86 return (NULL); 87 return (NULL);
diff --git a/src/usr.bin/openssl/genrsa.c b/src/usr.bin/openssl/genrsa.c
index 0b5323fa5f..647780d8fa 100644
--- a/src/usr.bin/openssl/genrsa.c
+++ b/src/usr.bin/openssl/genrsa.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: genrsa.c,v 1.22 2023/03/06 14:32:06 tb Exp $ */ 1/* $OpenBSD: genrsa.c,v 1.23 2025/06/07 08:33:58 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -108,7 +108,8 @@ set_public_exponent(int argc, char **argv, int *argsused)
108 return (0); 108 return (0);
109} 109}
110 110
111static const EVP_CIPHER *get_cipher_by_name(char *name) 111static const EVP_CIPHER *
112get_cipher_by_name(char *name)
112{ 113{
113 if (name == NULL || strcmp(name, "") == 0) 114 if (name == NULL || strcmp(name, "") == 0)
114 return (NULL); 115 return (NULL);
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index d27b504ce3..f3e0be15ed 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: openssl.1,v 1.164 2025/04/19 17:20:24 kn Exp $ 1.\" $OpenBSD: openssl.1,v 1.168 2025/12/20 07:02:37 tb Exp $
2.\" ==================================================================== 2.\" ====================================================================
3.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. 3.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4.\" 4.\"
@@ -110,7 +110,7 @@
110.\" copied and put under another distribution licence 110.\" copied and put under another distribution licence
111.\" [including the GNU Public Licence.] 111.\" [including the GNU Public Licence.]
112.\" 112.\"
113.Dd $Mdocdate: April 19 2025 $ 113.Dd $Mdocdate: December 20 2025 $
114.Dt OPENSSL 1 114.Dt OPENSSL 1
115.Os 115.Os
116.Sh NAME 116.Sh NAME
@@ -931,7 +931,6 @@ but without cipher suite codes.
931.Op Fl certfile Ar file 931.Op Fl certfile Ar file
932.Op Fl certsout Ar file 932.Op Fl certsout Ar file
933.Op Fl cmsout 933.Op Fl cmsout
934.Op Fl compress
935.Op Fl content Ar file 934.Op Fl content Ar file
936.Op Fl crlfeol 935.Op Fl crlfeol
937.Op Fl data_create 936.Op Fl data_create
@@ -985,7 +984,6 @@ but without cipher suite codes.
985.Op Fl subject Ar s 984.Op Fl subject Ar s
986.Op Fl text 985.Op Fl text
987.Op Fl to Ar addr 986.Op Fl to Ar addr
988.Op Fl uncompress
989.Op Fl verify 987.Op Fl verify
990.Op Fl verify_receipt Ar file 988.Op Fl verify_receipt Ar file
991.Op Fl verify_retcode 989.Op Fl verify_retcode
@@ -996,8 +994,7 @@ but without cipher suite codes.
996The 994The
997.Nm cms 995.Nm cms
998command handles S/MIME v3.1 mail. 996command handles S/MIME v3.1 mail.
999It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME 997It can encrypt, decrypt, sign and verify S/MIME messages.
1000messages.
1001.Pp 998.Pp
1002The MIME message must be sent without any blank lines between the headers and 999The MIME message must be sent without any blank lines between the headers and
1003the output. 1000the output.
@@ -1053,12 +1050,6 @@ Output a content from the input CMS Data type.
1053Create a CMS DigestedData type. 1050Create a CMS DigestedData type.
1054.It Fl digest_verify 1051.It Fl digest_verify
1055Verify a CMS DigestedData type and output the content. 1052Verify a CMS DigestedData type and output the content.
1056.It Fl compress
1057Create a CMS CompressedData type.
1058Must be compiled with zlib support for this option to work.
1059.It Fl uncompress
1060Uncompress a CMS CompressedData type and output the content.
1061Must be compiled with zlib support for this option to work.
1062.It Fl EncryptedData_encrypt 1053.It Fl EncryptedData_encrypt
1063Encrypt a content using supplied symmetric key and algorithm using a 1054Encrypt a content using supplied symmetric key and algorithm using a
1064CMS EncryptedData type. 1055CMS EncryptedData type.
@@ -1091,7 +1082,7 @@ The encryption algorithm to use.
1091128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA, 1082128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA,
1092DES (56 bits), triple DES (168 bits), 1083DES (56 bits), triple DES (168 bits),
1093or 40-, 64-, or 128-bit RC2, respectively; 1084or 40-, 64-, or 128-bit RC2, respectively;
1094if not specified, triple DES is 1085if not specified, 256-bit AES is
1095used. 1086used.
1096Only used with 1087Only used with
1097.Fl encrypt 1088.Fl encrypt
@@ -2973,9 +2964,6 @@ command processes private keys
2973(both encrypted and unencrypted) 2964(both encrypted and unencrypted)
2974in PKCS#8 format 2965in PKCS#8 format
2975with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. 2966with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
2976The default encryption is only 56 bits;
2977keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
2978are more secure.
2979.Pp 2967.Pp
2980The options are as follows: 2968The options are as follows:
2981.Bl -tag -width Ds 2969.Bl -tag -width Ds
@@ -3021,16 +3009,12 @@ which allow strong encryption algorithms like triple DES or 128-bit RC2.
3021.El 3009.El
3022.It Fl v2 Ar alg 3010.It Fl v2 Ar alg
3023Use PKCS#5 v2.0 algorithms. 3011Use PKCS#5 v2.0 algorithms.
3024Supports algorithms such as 168-bit triple DES or 128-bit RC2, 3012These are block ciphers used in CBC mode.
3025however not many implementations support PKCS#5 v2.0 yet 3013The default is AES-256-CBC.
3026(if using private keys with 3014With the exception of AES, the choices available in RFC 8018
3027.Nm openssl 3015are considered decrepit.
3028this doesn't matter). 3016They can be enabled with des, des3, and rc2
3029.Pp 3017(rc5 is no longer supported).
3030.Ar alg
3031is the encryption algorithm to use;
3032valid values include des, des3, and rc2.
3033It is recommended that des3 is used.
3034.El 3018.El
3035.Tg pkcs12 3019.Tg pkcs12
3036.Sh PKCS12 3020.Sh PKCS12
@@ -5105,7 +5089,7 @@ The remaining options are as follows:
5105The encryption algorithm to use. 5089The encryption algorithm to use.
5106128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits), 5090128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
5107or 40-, 64-, or 128-bit RC2, respectively; 5091or 40-, 64-, or 128-bit RC2, respectively;
5108if not specified, 40-bit RC2 is 5092if not specified, 256-bit AES is
5109used. 5093used.
5110Only used with 5094Only used with
5111.Fl encrypt . 5095.Fl encrypt .
diff --git a/src/usr.bin/openssl/openssl.c b/src/usr.bin/openssl/openssl.c
index 75a0e4d266..056912a9ed 100644
--- a/src/usr.bin/openssl/openssl.c
+++ b/src/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: openssl.c,v 1.39 2025/01/02 13:10:03 tb Exp $ */ 1/* $OpenBSD: openssl.c,v 1.41 2026/01/02 00:14:24 kenjiro Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -231,13 +231,14 @@ FUNCTION functions[] = {
231#ifndef OPENSSL_NO_SHA512 231#ifndef OPENSSL_NO_SHA512
232 { FUNC_TYPE_MD, "sha512", dgst_main }, 232 { FUNC_TYPE_MD, "sha512", dgst_main },
233#endif 233#endif
234 { FUNC_TYPE_MD, "sha3-224", dgst_main },
235 { FUNC_TYPE_MD, "sha3-256", dgst_main },
236 { FUNC_TYPE_MD, "sha3-384", dgst_main },
237 { FUNC_TYPE_MD, "sha3-512", dgst_main },
234#ifndef OPENSSL_NO_SM3 238#ifndef OPENSSL_NO_SM3
235 { FUNC_TYPE_MD, "sm3", dgst_main }, 239 { FUNC_TYPE_MD, "sm3", dgst_main },
236 { FUNC_TYPE_MD, "sm3WithRSAEncryption", dgst_main }, 240 { FUNC_TYPE_MD, "sm3WithRSAEncryption", dgst_main },
237#endif 241#endif
238#ifndef OPENSSL_NO_WHIRLPOOL
239 { FUNC_TYPE_MD, "whirlpool", dgst_main },
240#endif
241 242
242 /* Ciphers. */ 243 /* Ciphers. */
243 { FUNC_TYPE_CIPHER, "base64", enc_main }, 244 { FUNC_TYPE_CIPHER, "base64", enc_main },
diff --git a/src/usr.bin/openssl/pkcs12.c b/src/usr.bin/openssl/pkcs12.c
index 1407a96e03..d29a12ce60 100644
--- a/src/usr.bin/openssl/pkcs12.c
+++ b/src/usr.bin/openssl/pkcs12.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs12.c,v 1.29 2024/12/26 14:10:48 tb Exp $ */ 1/* $OpenBSD: pkcs12.c,v 1.31 2025/11/27 08:26:32 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -88,7 +88,6 @@ static int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
88 int passlen, int options, char *pempass); 88 int passlen, int options, char *pempass);
89static int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, 89static int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
90 const char *name); 90 const char *name);
91static void hex_prin(BIO *out, unsigned char *buf, int len);
92static int alg_print(BIO *x, const X509_ALGOR *alg); 91static int alg_print(BIO *x, const X509_ALGOR *alg);
93static int set_pbe(BIO *err, int *ppbe, const char *str); 92static int set_pbe(BIO *err, int *ppbe, const char *str);
94 93
@@ -152,7 +151,8 @@ pkcs12_opt_passarg(char *arg)
152 return (0); 151 return (0);
153} 152}
154 153
155static const EVP_CIPHER *get_cipher_by_name(char *name) 154static const EVP_CIPHER *
155get_cipher_by_name(char *name)
156{ 156{
157 if (name == NULL || strcmp(name, "") == 0) 157 if (name == NULL || strcmp(name, "") == 0)
158 return (NULL); 158 return (NULL);
@@ -1020,6 +1020,17 @@ alg_print(BIO *x, const X509_ALGOR *alg)
1020 return 1; 1020 return 1;
1021} 1021}
1022 1022
1023static void
1024hex_print(BIO *out, const ASN1_STRING *str)
1025{
1026 const unsigned char *buf = ASN1_STRING_get0_data(str);
1027 int len = ASN1_STRING_length(str);
1028 int i;
1029
1030 for (i = 0; i < len; i++)
1031 BIO_printf(out, "%02X ", buf[i]);
1032}
1033
1023/* Generalised attribute print: handle PKCS#8 and bag attributes */ 1034/* Generalised attribute print: handle PKCS#8 and bag attributes */
1024static void 1035static void
1025print_attribute(BIO *out, const ASN1_TYPE *av) 1036print_attribute(BIO *out, const ASN1_TYPE *av)
@@ -1029,21 +1040,19 @@ print_attribute(BIO *out, const ASN1_TYPE *av)
1029 switch (av->type) { 1040 switch (av->type) {
1030 case V_ASN1_BMPSTRING: 1041 case V_ASN1_BMPSTRING:
1031 value = OPENSSL_uni2asc( 1042 value = OPENSSL_uni2asc(
1032 av->value.bmpstring->data, 1043 ASN1_STRING_get0_data(av->value.bmpstring),
1033 av->value.bmpstring->length); 1044 ASN1_STRING_length(av->value.bmpstring));
1034 BIO_printf(out, "%s\n", value); 1045 BIO_printf(out, "%s\n", value != NULL ? value : "(null)");
1035 free(value); 1046 free(value);
1036 break; 1047 break;
1037 1048
1038 case V_ASN1_OCTET_STRING: 1049 case V_ASN1_OCTET_STRING:
1039 hex_prin(out, av->value.octet_string->data, 1050 hex_print(out, av->value.octet_string);
1040 av->value.octet_string->length);
1041 BIO_printf(out, "\n"); 1051 BIO_printf(out, "\n");
1042 break; 1052 break;
1043 1053
1044 case V_ASN1_BIT_STRING: 1054 case V_ASN1_BIT_STRING:
1045 hex_prin(out, av->value.bit_string->data, 1055 hex_print(out, av->value.bit_string);
1046 av->value.bit_string->length);
1047 BIO_printf(out, "\n"); 1056 BIO_printf(out, "\n");
1048 break; 1057 break;
1049 1058
@@ -1095,15 +1104,6 @@ print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
1095 return 1; 1104 return 1;
1096} 1105}
1097 1106
1098static void
1099hex_prin(BIO *out, unsigned char *buf, int len)
1100{
1101 int i;
1102
1103 for (i = 0; i < len; i++)
1104 BIO_printf(out, "%02X ", buf[i]);
1105}
1106
1107static int 1107static int
1108set_pbe(BIO *err, int *ppbe, const char *str) 1108set_pbe(BIO *err, int *ppbe, const char *str)
1109{ 1109{
diff --git a/src/usr.bin/openssl/pkcs8.c b/src/usr.bin/openssl/pkcs8.c
index 10fad7aed1..5d7c52f865 100644
--- a/src/usr.bin/openssl/pkcs8.c
+++ b/src/usr.bin/openssl/pkcs8.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pkcs8.c,v 1.18 2025/01/02 12:31:44 tb Exp $ */ 1/* $OpenBSD: pkcs8.c,v 1.19 2025/05/24 02:35:25 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999-2004. 3 * project 1999-2004.
4 */ 4 */
@@ -224,8 +224,8 @@ pkcs8_main(int argc, char **argv)
224 BIO_printf(bio_err, "Error getting passwords\n"); 224 BIO_printf(bio_err, "Error getting passwords\n");
225 goto end; 225 goto end;
226 } 226 }
227 if ((cfg.pbe_nid == -1) && !cfg.cipher) 227 if (cfg.pbe_nid == -1 && cfg.cipher == NULL)
228 cfg.pbe_nid = NID_pbeWithMD5AndDES_CBC; 228 cfg.cipher = EVP_aes_256_cbc();
229 229
230 if (cfg.infile) { 230 if (cfg.infile) {
231 if (!(in = BIO_new_file(cfg.infile, "rb"))) { 231 if (!(in = BIO_new_file(cfg.infile, "rb"))) {
diff --git a/src/usr.bin/openssl/smime.c b/src/usr.bin/openssl/smime.c
index 46bfa08679..f9d7049ff9 100644
--- a/src/usr.bin/openssl/smime.c
+++ b/src/usr.bin/openssl/smime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: smime.c,v 1.20 2023/04/14 15:27:13 tb Exp $ */ 1/* $OpenBSD: smime.c,v 1.21 2025/06/07 08:28:49 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -271,7 +271,7 @@ static const struct option smime_options[] = {
271 }, 271 },
272 { 272 {
273 .name = "aes256", 273 .name = "aes256",
274 .desc = "Encrypt PEM output with CBC AES", 274 .desc = "Encrypt PEM output with CBC AES (default)",
275 .type = OPTION_ARGV_FUNC, 275 .type = OPTION_ARGV_FUNC,
276 .opt.argvfunc = smime_opt_cipher, 276 .opt.argvfunc = smime_opt_cipher,
277 }, 277 },
@@ -313,7 +313,7 @@ static const struct option smime_options[] = {
313#ifndef OPENSSL_NO_RC2 313#ifndef OPENSSL_NO_RC2
314 { 314 {
315 .name = "rc2-40", 315 .name = "rc2-40",
316 .desc = "Encrypt with RC2-40 (default)", 316 .desc = "Encrypt with RC2-40",
317 .type = OPTION_ARGV_FUNC, 317 .type = OPTION_ARGV_FUNC,
318 .opt.argvfunc = smime_opt_cipher, 318 .opt.argvfunc = smime_opt_cipher,
319 }, 319 },
@@ -825,14 +825,8 @@ smime_main(int argc, char **argv)
825 } 825 }
826 826
827 if (cfg.operation == SMIME_ENCRYPT) { 827 if (cfg.operation == SMIME_ENCRYPT) {
828 if (cfg.cipher == NULL) { 828 if (cfg.cipher == NULL)
829#ifndef OPENSSL_NO_RC2 829 cfg.cipher = EVP_aes_256_cbc();
830 cfg.cipher = EVP_rc2_40_cbc();
831#else
832 BIO_printf(bio_err, "No cipher selected\n");
833 goto end;
834#endif
835 }
836 if ((encerts = sk_X509_new_null()) == NULL) 830 if ((encerts = sk_X509_new_null()) == NULL)
837 goto end; 831 goto end;
838 while (*args != NULL) { 832 while (*args != NULL) {
diff --git a/src/usr.bin/openssl/speed.c b/src/usr.bin/openssl/speed.c
index 9d03c6516e..1ece133f2e 100644
--- a/src/usr.bin/openssl/speed.c
+++ b/src/usr.bin/openssl/speed.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: speed.c,v 1.41 2025/01/02 13:37:43 tb Exp $ */ 1/* $OpenBSD: speed.c,v 1.50 2025/12/13 01:58:53 kenjiro Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -142,9 +142,6 @@
142#ifndef OPENSSL_NO_SHA 142#ifndef OPENSSL_NO_SHA
143#include <openssl/sha.h> 143#include <openssl/sha.h>
144#endif 144#endif
145#ifndef OPENSSL_NO_WHIRLPOOL
146#include <openssl/whrlpool.h>
147#endif
148 145
149#define BUFSIZE (1024*8+64) 146#define BUFSIZE (1024*8+64)
150volatile sig_atomic_t run; 147volatile sig_atomic_t run;
@@ -152,29 +149,78 @@ volatile sig_atomic_t run;
152static int mr = 0; 149static int mr = 0;
153static int usertime = 1; 150static int usertime = 1;
154 151
155static double Time_F(int s); 152static void print_message(const char *s, int length);
156static void print_message(const char *s, long num, int length);
157static void 153static void
158pkey_print_message(const char *str, const char *str2, 154pkey_print_message(const char *str, const char *str2,
159 long num, int bits, int sec); 155 int bits, int sec);
160static void print_result(int alg, int run_no, int count, double time_used); 156static void print_result(int alg, int run_no, int count, double time_used);
161static int do_multi(int multi); 157static int do_multi(int multi);
162 158
163#define ALGOR_NUM 32
164#define SIZE_NUM 5 159#define SIZE_NUM 5
165#define RSA_NUM 4 160#define MAX_ECDH_SIZE 256
166#define DSA_NUM 3 161
162enum {
163 D_MD4,
164 D_MD5,
165 D_HMAC,
166 D_SHA1,
167 D_RMD160,
168 D_RC4,
169 D_CBC_DES,
170 D_EDE3_DES,
171 D_CBC_IDEA,
172 D_CBC_RC2,
173 D_CBC_BF,
174 D_CBC_CAST,
175 D_CBC_128_AES,
176 D_CBC_192_AES,
177 D_CBC_256_AES,
178 D_CBC_128_CML,
179 D_CBC_192_CML,
180 D_CBC_256_CML,
181 D_EVP,
182 D_SHA256,
183 D_SHA512,
184 D_IGE_128_AES,
185 D_IGE_192_AES,
186 D_IGE_256_AES,
187 D_GHASH,
188 D_AES_128_GCM,
189 D_AES_256_GCM,
190 D_CHACHA20_POLY1305,
191 ALGOR_NUM,
192};
193
194enum {
195 R_DSA_512,
196 R_DSA_1024,
197 R_DSA_2048,
198 DSA_NUM,
199};
200
201enum {
202 R_RSA_512,
203 R_RSA_1024,
204 R_RSA_2048,
205 R_RSA_4096,
206 RSA_NUM,
207};
167 208
168#define EC_NUM 4 209enum {
169#define MAX_ECDH_SIZE 256 210 R_EC_P224,
211 R_EC_P256,
212 R_EC_P384,
213 R_EC_P521,
214 EC_NUM,
215};
170 216
171static const char *names[ALGOR_NUM] = { 217static const char *names[ALGOR_NUM] = {
172 "md2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", 218 "md4", "md5", "hmac(sha256)", "sha1", "rmd160",
173 "rc4", "des cbc", "des ede3", "idea cbc", "seed cbc", 219 "rc4", "des cbc", "des ede3", "idea cbc",
174 "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc", 220 "rc2 cbc", "blowfish cbc", "cast cbc",
175 "aes-128 cbc", "aes-192 cbc", "aes-256 cbc", 221 "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
176 "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", 222 "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
177 "evp", "sha256", "sha512", "whirlpool", 223 "evp", "sha256", "sha512",
178 "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash", 224 "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash",
179 "aes-128 gcm", "aes-256 gcm", "chacha20 poly1305", 225 "aes-128 gcm", "aes-256 gcm", "chacha20 poly1305",
180}; 226};
@@ -895,6 +941,22 @@ static const unsigned char test4096[] = {
895 0xaf, 0xf8, 0x2a, 0x91, 0x9d, 0x50, 0x44, 0x21, 0x17, 941 0xaf, 0xf8, 0x2a, 0x91, 0x9d, 0x50, 0x44, 0x21, 0x17,
896}; 942};
897 943
944static const unsigned char key16[] = {
945 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
946 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
947};
948static const unsigned char key24[] = {
949 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
950 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
951 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
952};
953static const unsigned char key32[] = {
954 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
955 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
956 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
957 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56,
958};
959
898static void 960static void
899sig_done(int sig) 961sig_done(int sig)
900{ 962{
@@ -904,16 +966,14 @@ sig_done(int sig)
904#define START TM_RESET 966#define START TM_RESET
905#define STOP TM_GET 967#define STOP TM_GET
906 968
907
908static double 969static double
909Time_F(int s) 970time_f(int s)
910{ 971{
911 if (usertime) 972 if (usertime)
912 return app_timer_user(s); 973 return app_timer_user(s);
913 else
914 return app_timer_real(s);
915}
916 974
975 return app_timer_real(s);
976}
917 977
918static const int KDF1_SHA1_len = 20; 978static const int KDF1_SHA1_len = 20;
919static void * 979static void *
@@ -937,33 +997,12 @@ speed_main(int argc, char **argv)
937 unsigned char *buf = NULL, *buf2 = NULL; 997 unsigned char *buf = NULL, *buf2 = NULL;
938 size_t unaligned = 0; 998 size_t unaligned = 0;
939 int mret = 1; 999 int mret = 1;
940 long count = 0, save_count = 0; 1000 long count = 0;
941 int i, j, k; 1001 int i, j, k;
942 long rsa_count; 1002 long rsa_count;
943 unsigned rsa_num; 1003 unsigned rsa_num;
944 unsigned char md[EVP_MAX_MD_SIZE]; 1004 unsigned char md[EVP_MAX_MD_SIZE];
945#ifndef OPENSSL_NO_MD4 1005
946 unsigned char md4[MD4_DIGEST_LENGTH];
947#endif
948#ifndef OPENSSL_NO_MD5
949 unsigned char md5[MD5_DIGEST_LENGTH];
950 unsigned char hmac[MD5_DIGEST_LENGTH];
951#endif
952#ifndef OPENSSL_NO_SHA
953 unsigned char sha[SHA_DIGEST_LENGTH];
954#ifndef OPENSSL_NO_SHA256
955 unsigned char sha256[SHA256_DIGEST_LENGTH];
956#endif
957#ifndef OPENSSL_NO_SHA512
958 unsigned char sha512[SHA512_DIGEST_LENGTH];
959#endif
960#endif
961#ifndef OPENSSL_NO_WHIRLPOOL
962 unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
963#endif
964#ifndef OPENSSL_NO_RIPEMD
965 unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
966#endif
967#ifndef OPENSSL_NO_RC4 1006#ifndef OPENSSL_NO_RC4
968 RC4_KEY rc4_ks; 1007 RC4_KEY rc4_ks;
969#endif 1008#endif
@@ -979,38 +1018,8 @@ speed_main(int argc, char **argv)
979#ifndef OPENSSL_NO_CAST 1018#ifndef OPENSSL_NO_CAST
980 CAST_KEY cast_ks; 1019 CAST_KEY cast_ks;
981#endif 1020#endif
982 static const unsigned char key16[16] =
983 {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
984 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12};
985#ifndef OPENSSL_NO_AES
986 static const unsigned char key24[24] =
987 {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
988 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
989 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34};
990 static const unsigned char key32[32] =
991 {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
992 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
993 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
994 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56};
995#endif
996#ifndef OPENSSL_NO_CAMELLIA
997 static const unsigned char ckey24[24] =
998 {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
999 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1000 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34};
1001 static const unsigned char ckey32[32] =
1002 {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
1003 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
1004 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
1005 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56};
1006#endif
1007#ifndef OPENSSL_NO_AES
1008#define MAX_BLOCK_SIZE 128
1009#else
1010#define MAX_BLOCK_SIZE 64
1011#endif
1012 unsigned char DES_iv[8]; 1021 unsigned char DES_iv[8];
1013 unsigned char iv[2 * MAX_BLOCK_SIZE / 8]; 1022 unsigned char iv[2 * 16];
1014#ifndef OPENSSL_NO_DES 1023#ifndef OPENSSL_NO_DES
1015 static DES_cblock key = {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0}; 1024 static DES_cblock key = {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0};
1016 static DES_cblock key2 = {0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12}; 1025 static DES_cblock key2 = {0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12};
@@ -1025,55 +1034,9 @@ speed_main(int argc, char **argv)
1025#ifndef OPENSSL_NO_CAMELLIA 1034#ifndef OPENSSL_NO_CAMELLIA
1026 CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3; 1035 CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
1027#endif 1036#endif
1028#define D_MD2 0
1029#define D_MD4 1
1030#define D_MD5 2
1031#define D_HMAC 3
1032#define D_SHA1 4
1033#define D_RMD160 5
1034#define D_RC4 6
1035#define D_CBC_DES 7
1036#define D_EDE3_DES 8
1037#define D_CBC_IDEA 9
1038#define D_CBC_SEED 10
1039#define D_CBC_RC2 11
1040#define D_CBC_RC5 12
1041#define D_CBC_BF 13
1042#define D_CBC_CAST 14
1043#define D_CBC_128_AES 15
1044#define D_CBC_192_AES 16
1045#define D_CBC_256_AES 17
1046#define D_CBC_128_CML 18
1047#define D_CBC_192_CML 19
1048#define D_CBC_256_CML 20
1049#define D_EVP 21
1050#define D_SHA256 22
1051#define D_SHA512 23
1052#define D_WHIRLPOOL 24
1053#define D_IGE_128_AES 25
1054#define D_IGE_192_AES 26
1055#define D_IGE_256_AES 27
1056#define D_GHASH 28
1057#define D_AES_128_GCM 29
1058#define D_AES_256_GCM 30
1059#define D_CHACHA20_POLY1305 31
1060 double d = 0.0; 1037 double d = 0.0;
1061 long c[ALGOR_NUM][SIZE_NUM];
1062#define R_DSA_512 0
1063#define R_DSA_1024 1
1064#define R_DSA_2048 2
1065#define R_RSA_512 0
1066#define R_RSA_1024 1
1067#define R_RSA_2048 2
1068#define R_RSA_4096 3
1069
1070#define R_EC_P224 0
1071#define R_EC_P256 1
1072#define R_EC_P384 2
1073#define R_EC_P521 3
1074 1038
1075 RSA *rsa_key[RSA_NUM]; 1039 RSA *rsa_key[RSA_NUM];
1076 long rsa_c[RSA_NUM][2];
1077 static unsigned int rsa_bits[RSA_NUM] = {512, 1024, 2048, 4096}; 1040 static unsigned int rsa_bits[RSA_NUM] = {512, 1024, 2048, 4096};
1078 static const unsigned char *rsa_data[RSA_NUM] = 1041 static const unsigned char *rsa_data[RSA_NUM] =
1079 {test512, test1024, test2048, test4096}; 1042 {test512, test1024, test2048, test4096};
@@ -1081,7 +1044,6 @@ speed_main(int argc, char **argv)
1081 sizeof(test512), sizeof(test1024), 1044 sizeof(test512), sizeof(test1024),
1082 sizeof(test2048), sizeof(test4096)}; 1045 sizeof(test2048), sizeof(test4096)};
1083 DSA *dsa_key[DSA_NUM]; 1046 DSA *dsa_key[DSA_NUM];
1084 long dsa_c[DSA_NUM][2];
1085 static unsigned int dsa_bits[DSA_NUM] = {512, 1024, 2048}; 1047 static unsigned int dsa_bits[DSA_NUM] = {512, 1024, 2048};
1086#ifndef OPENSSL_NO_EC 1048#ifndef OPENSSL_NO_EC
1087 /* 1049 /*
@@ -1111,14 +1073,12 @@ speed_main(int argc, char **argv)
1111 unsigned char ecdsasig[256]; 1073 unsigned char ecdsasig[256];
1112 unsigned int ecdsasiglen; 1074 unsigned int ecdsasiglen;
1113 EC_KEY *ecdsa[EC_NUM]; 1075 EC_KEY *ecdsa[EC_NUM];
1114 long ecdsa_c[EC_NUM][2];
1115 1076
1116 EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM]; 1077 EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
1117 unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE]; 1078 unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
1118 int secret_size_a, secret_size_b; 1079 int secret_size_a, secret_size_b;
1119 int ecdh_checks = 0; 1080 int ecdh_checks = 0;
1120 int secret_idx = 0; 1081 int secret_idx = 0;
1121 long ecdh_c[EC_NUM][2];
1122 1082
1123 int rsa_doit[RSA_NUM]; 1083 int rsa_doit[RSA_NUM];
1124 int dsa_doit[DSA_NUM]; 1084 int dsa_doit[DSA_NUM];
@@ -1161,7 +1121,6 @@ speed_main(int argc, char **argv)
1161 BIO_printf(bio_err, "out of memory\n"); 1121 BIO_printf(bio_err, "out of memory\n");
1162 goto end; 1122 goto end;
1163 } 1123 }
1164 memset(c, 0, sizeof(c));
1165 memset(DES_iv, 0, sizeof(DES_iv)); 1124 memset(DES_iv, 0, sizeof(DES_iv));
1166 memset(iv, 0, sizeof(iv)); 1125 memset(iv, 0, sizeof(iv));
1167 1126
@@ -1275,11 +1234,6 @@ speed_main(int argc, char **argv)
1275 else 1234 else
1276#endif 1235#endif
1277#endif 1236#endif
1278#ifndef OPENSSL_NO_WHIRLPOOL
1279 if (strcmp(*argv, "whirlpool") == 0)
1280 doit[D_WHIRLPOOL] = 1;
1281 else
1282#endif
1283#ifndef OPENSSL_NO_RIPEMD 1237#ifndef OPENSSL_NO_RIPEMD
1284 if (strcmp(*argv, "ripemd") == 0) 1238 if (strcmp(*argv, "ripemd") == 0)
1285 doit[D_RMD160] = 1; 1239 doit[D_RMD160] = 1;
@@ -1462,16 +1416,12 @@ speed_main(int argc, char **argv)
1462#ifndef OPENSSL_NO_SHA512 1416#ifndef OPENSSL_NO_SHA512
1463 BIO_printf(bio_err, "sha512 "); 1417 BIO_printf(bio_err, "sha512 ");
1464#endif 1418#endif
1465#ifndef OPENSSL_NO_WHIRLPOOL
1466 BIO_printf(bio_err, "whirlpool");
1467#endif
1468#ifndef OPENSSL_NO_RIPEMD160 1419#ifndef OPENSSL_NO_RIPEMD160
1469 BIO_printf(bio_err, "rmd160"); 1420 BIO_printf(bio_err, "rmd160");
1470#endif 1421#endif
1471#if !defined(OPENSSL_NO_MD2) || \ 1422#if !defined(OPENSSL_NO_MD2) || \
1472 !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \ 1423 !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
1473 !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \ 1424 !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160)
1474 !defined(OPENSSL_NO_WHIRLPOOL)
1475 BIO_printf(bio_err, "\n"); 1425 BIO_printf(bio_err, "\n");
1476#endif 1426#endif
1477 1427
@@ -1602,8 +1552,8 @@ speed_main(int argc, char **argv)
1602#endif 1552#endif
1603#ifndef OPENSSL_NO_CAMELLIA 1553#ifndef OPENSSL_NO_CAMELLIA
1604 Camellia_set_key(key16, 128, &camellia_ks1); 1554 Camellia_set_key(key16, 128, &camellia_ks1);
1605 Camellia_set_key(ckey24, 192, &camellia_ks2); 1555 Camellia_set_key(key24, 192, &camellia_ks2);
1606 Camellia_set_key(ckey32, 256, &camellia_ks3); 1556 Camellia_set_key(key32, 256, &camellia_ks3);
1607#endif 1557#endif
1608#ifndef OPENSSL_NO_IDEA 1558#ifndef OPENSSL_NO_IDEA
1609 idea_set_encrypt_key(key16, &idea_ks); 1559 idea_set_encrypt_key(key16, &idea_ks);
@@ -1620,8 +1570,7 @@ speed_main(int argc, char **argv)
1620#ifndef OPENSSL_NO_CAST 1570#ifndef OPENSSL_NO_CAST
1621 CAST_set_key(&cast_ks, 16, key16); 1571 CAST_set_key(&cast_ks, 16, key16);
1622#endif 1572#endif
1623 memset(rsa_c, 0, sizeof(rsa_c)); 1573#define COND (run && count<0x7fffffff)
1624#define COND(c) (run && count<0x7fffffff)
1625#define COUNT(d) (count) 1574#define COUNT(d) (count)
1626 1575
1627 memset(&sa, 0, sizeof(sa)); 1576 memset(&sa, 0, sizeof(sa));
@@ -1633,11 +1582,11 @@ speed_main(int argc, char **argv)
1633#ifndef OPENSSL_NO_MD4 1582#ifndef OPENSSL_NO_MD4
1634 if (doit[D_MD4]) { 1583 if (doit[D_MD4]) {
1635 for (j = 0; j < SIZE_NUM; j++) { 1584 for (j = 0; j < SIZE_NUM; j++) {
1636 print_message(names[D_MD4], c[D_MD4][j], lengths[j]); 1585 print_message(names[D_MD4], lengths[j]);
1637 Time_F(START); 1586 time_f(START);
1638 for (count = 0, run = 1; COND(c[D_MD4][j]); count++) 1587 for (count = 0, run = 1; COND; count++)
1639 EVP_Digest(&(buf[0]), (unsigned long) lengths[j], &(md4[0]), NULL, EVP_md4(), NULL); 1588 EVP_Digest(&(buf[0]), (unsigned long) lengths[j], md, NULL, EVP_md4(), NULL);
1640 d = Time_F(STOP); 1589 d = time_f(STOP);
1641 print_result(D_MD4, j, count, d); 1590 print_result(D_MD4, j, count, d);
1642 } 1591 }
1643 } 1592 }
@@ -1646,17 +1595,17 @@ speed_main(int argc, char **argv)
1646#ifndef OPENSSL_NO_MD5 1595#ifndef OPENSSL_NO_MD5
1647 if (doit[D_MD5]) { 1596 if (doit[D_MD5]) {
1648 for (j = 0; j < SIZE_NUM; j++) { 1597 for (j = 0; j < SIZE_NUM; j++) {
1649 print_message(names[D_MD5], c[D_MD5][j], lengths[j]); 1598 print_message(names[D_MD5], lengths[j]);
1650 Time_F(START); 1599 time_f(START);
1651 for (count = 0, run = 1; COND(c[D_MD5][j]); count++) 1600 for (count = 0, run = 1; COND; count++)
1652 EVP_Digest(&(buf[0]), (unsigned long) lengths[j], &(md5[0]), NULL, EVP_get_digestbyname("md5"), NULL); 1601 EVP_Digest(&(buf[0]), (unsigned long) lengths[j], md, NULL, EVP_get_digestbyname("md5"), NULL);
1653 d = Time_F(STOP); 1602 d = time_f(STOP);
1654 print_result(D_MD5, j, count, d); 1603 print_result(D_MD5, j, count, d);
1655 } 1604 }
1656 } 1605 }
1657#endif 1606#endif
1658 1607
1659#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC) 1608#if !defined(OPENSSL_NO_SHA256) && !defined(OPENSSL_NO_HMAC)
1660 if (doit[D_HMAC]) { 1609 if (doit[D_HMAC]) {
1661 HMAC_CTX *hctx; 1610 HMAC_CTX *hctx;
1662 1611
@@ -1666,12 +1615,12 @@ speed_main(int argc, char **argv)
1666 } 1615 }
1667 1616
1668 HMAC_Init_ex(hctx, (unsigned char *) "This is a key...", 1617 HMAC_Init_ex(hctx, (unsigned char *) "This is a key...",
1669 16, EVP_md5(), NULL); 1618 16, EVP_sha256(), NULL);
1670 1619
1671 for (j = 0; j < SIZE_NUM; j++) { 1620 for (j = 0; j < SIZE_NUM; j++) {
1672 print_message(names[D_HMAC], c[D_HMAC][j], lengths[j]); 1621 print_message(names[D_HMAC], lengths[j]);
1673 Time_F(START); 1622 time_f(START);
1674 for (count = 0, run = 1; COND(c[D_HMAC][j]); count++) { 1623 for (count = 0, run = 1; COND; count++) {
1675 if (!HMAC_Init_ex(hctx, NULL, 0, NULL, NULL)) { 1624 if (!HMAC_Init_ex(hctx, NULL, 0, NULL, NULL)) {
1676 HMAC_CTX_free(hctx); 1625 HMAC_CTX_free(hctx);
1677 goto end; 1626 goto end;
@@ -1680,12 +1629,12 @@ speed_main(int argc, char **argv)
1680 HMAC_CTX_free(hctx); 1629 HMAC_CTX_free(hctx);
1681 goto end; 1630 goto end;
1682 } 1631 }
1683 if (!HMAC_Final(hctx, &(hmac[0]), NULL)) { 1632 if (!HMAC_Final(hctx, md, NULL)) {
1684 HMAC_CTX_free(hctx); 1633 HMAC_CTX_free(hctx);
1685 goto end; 1634 goto end;
1686 } 1635 }
1687 } 1636 }
1688 d = Time_F(STOP); 1637 d = time_f(STOP);
1689 print_result(D_HMAC, j, count, d); 1638 print_result(D_HMAC, j, count, d);
1690 } 1639 }
1691 HMAC_CTX_free(hctx); 1640 HMAC_CTX_free(hctx);
@@ -1694,22 +1643,22 @@ speed_main(int argc, char **argv)
1694#ifndef OPENSSL_NO_SHA 1643#ifndef OPENSSL_NO_SHA
1695 if (doit[D_SHA1]) { 1644 if (doit[D_SHA1]) {
1696 for (j = 0; j < SIZE_NUM; j++) { 1645 for (j = 0; j < SIZE_NUM; j++) {
1697 print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]); 1646 print_message(names[D_SHA1], lengths[j]);
1698 Time_F(START); 1647 time_f(START);
1699 for (count = 0, run = 1; COND(c[D_SHA1][j]); count++) 1648 for (count = 0, run = 1; COND; count++)
1700 EVP_Digest(buf, (unsigned long) lengths[j], &(sha[0]), NULL, EVP_sha1(), NULL); 1649 EVP_Digest(buf, (unsigned long) lengths[j], md, NULL, EVP_sha1(), NULL);
1701 d = Time_F(STOP); 1650 d = time_f(STOP);
1702 print_result(D_SHA1, j, count, d); 1651 print_result(D_SHA1, j, count, d);
1703 } 1652 }
1704 } 1653 }
1705#ifndef OPENSSL_NO_SHA256 1654#ifndef OPENSSL_NO_SHA256
1706 if (doit[D_SHA256]) { 1655 if (doit[D_SHA256]) {
1707 for (j = 0; j < SIZE_NUM; j++) { 1656 for (j = 0; j < SIZE_NUM; j++) {
1708 print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]); 1657 print_message(names[D_SHA256], lengths[j]);
1709 Time_F(START); 1658 time_f(START);
1710 for (count = 0, run = 1; COND(c[D_SHA256][j]); count++) 1659 for (count = 0, run = 1; COND; count++)
1711 SHA256(buf, lengths[j], sha256); 1660 SHA256(buf, lengths[j], md);
1712 d = Time_F(STOP); 1661 d = time_f(STOP);
1713 print_result(D_SHA256, j, count, d); 1662 print_result(D_SHA256, j, count, d);
1714 } 1663 }
1715 } 1664 }
@@ -1718,38 +1667,25 @@ speed_main(int argc, char **argv)
1718#ifndef OPENSSL_NO_SHA512 1667#ifndef OPENSSL_NO_SHA512
1719 if (doit[D_SHA512]) { 1668 if (doit[D_SHA512]) {
1720 for (j = 0; j < SIZE_NUM; j++) { 1669 for (j = 0; j < SIZE_NUM; j++) {
1721 print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]); 1670 print_message(names[D_SHA512], lengths[j]);
1722 Time_F(START); 1671 time_f(START);
1723 for (count = 0, run = 1; COND(c[D_SHA512][j]); count++) 1672 for (count = 0, run = 1; COND; count++)
1724 SHA512(buf, lengths[j], sha512); 1673 SHA512(buf, lengths[j], md);
1725 d = Time_F(STOP); 1674 d = time_f(STOP);
1726 print_result(D_SHA512, j, count, d); 1675 print_result(D_SHA512, j, count, d);
1727 } 1676 }
1728 } 1677 }
1729#endif 1678#endif
1730#endif 1679#endif
1731 1680
1732#ifndef OPENSSL_NO_WHIRLPOOL
1733 if (doit[D_WHIRLPOOL]) {
1734 for (j = 0; j < SIZE_NUM; j++) {
1735 print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][j], lengths[j]);
1736 Time_F(START);
1737 for (count = 0, run = 1; COND(c[D_WHIRLPOOL][j]); count++)
1738 WHIRLPOOL(buf, lengths[j], whirlpool);
1739 d = Time_F(STOP);
1740 print_result(D_WHIRLPOOL, j, count, d);
1741 }
1742 }
1743#endif
1744
1745#ifndef OPENSSL_NO_RIPEMD 1681#ifndef OPENSSL_NO_RIPEMD
1746 if (doit[D_RMD160]) { 1682 if (doit[D_RMD160]) {
1747 for (j = 0; j < SIZE_NUM; j++) { 1683 for (j = 0; j < SIZE_NUM; j++) {
1748 print_message(names[D_RMD160], c[D_RMD160][j], lengths[j]); 1684 print_message(names[D_RMD160], lengths[j]);
1749 Time_F(START); 1685 time_f(START);
1750 for (count = 0, run = 1; COND(c[D_RMD160][j]); count++) 1686 for (count = 0, run = 1; COND; count++)
1751 EVP_Digest(buf, (unsigned long) lengths[j], &(rmd160[0]), NULL, EVP_ripemd160(), NULL); 1687 EVP_Digest(buf, (unsigned long) lengths[j], md, NULL, EVP_ripemd160(), NULL);
1752 d = Time_F(STOP); 1688 d = time_f(STOP);
1753 print_result(D_RMD160, j, count, d); 1689 print_result(D_RMD160, j, count, d);
1754 } 1690 }
1755 } 1691 }
@@ -1757,12 +1693,12 @@ speed_main(int argc, char **argv)
1757#ifndef OPENSSL_NO_RC4 1693#ifndef OPENSSL_NO_RC4
1758 if (doit[D_RC4]) { 1694 if (doit[D_RC4]) {
1759 for (j = 0; j < SIZE_NUM; j++) { 1695 for (j = 0; j < SIZE_NUM; j++) {
1760 print_message(names[D_RC4], c[D_RC4][j], lengths[j]); 1696 print_message(names[D_RC4], lengths[j]);
1761 Time_F(START); 1697 time_f(START);
1762 for (count = 0, run = 1; COND(c[D_RC4][j]); count++) 1698 for (count = 0, run = 1; COND; count++)
1763 RC4(&rc4_ks, (unsigned int) lengths[j], 1699 RC4(&rc4_ks, (unsigned int) lengths[j],
1764 buf, buf); 1700 buf, buf);
1765 d = Time_F(STOP); 1701 d = time_f(STOP);
1766 print_result(D_RC4, j, count, d); 1702 print_result(D_RC4, j, count, d);
1767 } 1703 }
1768 } 1704 }
@@ -1770,24 +1706,24 @@ speed_main(int argc, char **argv)
1770#ifndef OPENSSL_NO_DES 1706#ifndef OPENSSL_NO_DES
1771 if (doit[D_CBC_DES]) { 1707 if (doit[D_CBC_DES]) {
1772 for (j = 0; j < SIZE_NUM; j++) { 1708 for (j = 0; j < SIZE_NUM; j++) {
1773 print_message(names[D_CBC_DES], c[D_CBC_DES][j], lengths[j]); 1709 print_message(names[D_CBC_DES], lengths[j]);
1774 Time_F(START); 1710 time_f(START);
1775 for (count = 0, run = 1; COND(c[D_CBC_DES][j]); count++) 1711 for (count = 0, run = 1; COND; count++)
1776 DES_ncbc_encrypt(buf, buf, lengths[j], &sch, 1712 DES_ncbc_encrypt(buf, buf, lengths[j], &sch,
1777 &DES_iv, DES_ENCRYPT); 1713 &DES_iv, DES_ENCRYPT);
1778 d = Time_F(STOP); 1714 d = time_f(STOP);
1779 print_result(D_CBC_DES, j, count, d); 1715 print_result(D_CBC_DES, j, count, d);
1780 } 1716 }
1781 } 1717 }
1782 if (doit[D_EDE3_DES]) { 1718 if (doit[D_EDE3_DES]) {
1783 for (j = 0; j < SIZE_NUM; j++) { 1719 for (j = 0; j < SIZE_NUM; j++) {
1784 print_message(names[D_EDE3_DES], c[D_EDE3_DES][j], lengths[j]); 1720 print_message(names[D_EDE3_DES], lengths[j]);
1785 Time_F(START); 1721 time_f(START);
1786 for (count = 0, run = 1; COND(c[D_EDE3_DES][j]); count++) 1722 for (count = 0, run = 1; COND; count++)
1787 DES_ede3_cbc_encrypt(buf, buf, lengths[j], 1723 DES_ede3_cbc_encrypt(buf, buf, lengths[j],
1788 &sch, &sch2, &sch3, 1724 &sch, &sch2, &sch3,
1789 &DES_iv, DES_ENCRYPT); 1725 &DES_iv, DES_ENCRYPT);
1790 d = Time_F(STOP); 1726 d = time_f(STOP);
1791 print_result(D_EDE3_DES, j, count, d); 1727 print_result(D_EDE3_DES, j, count, d);
1792 } 1728 }
1793 } 1729 }
@@ -1795,73 +1731,73 @@ speed_main(int argc, char **argv)
1795#ifndef OPENSSL_NO_AES 1731#ifndef OPENSSL_NO_AES
1796 if (doit[D_CBC_128_AES]) { 1732 if (doit[D_CBC_128_AES]) {
1797 for (j = 0; j < SIZE_NUM; j++) { 1733 for (j = 0; j < SIZE_NUM; j++) {
1798 print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][j], lengths[j]); 1734 print_message(names[D_CBC_128_AES], lengths[j]);
1799 Time_F(START); 1735 time_f(START);
1800 for (count = 0, run = 1; COND(c[D_CBC_128_AES][j]); count++) 1736 for (count = 0, run = 1; COND; count++)
1801 AES_cbc_encrypt(buf, buf, 1737 AES_cbc_encrypt(buf, buf,
1802 (unsigned long) lengths[j], &aes_ks1, 1738 (unsigned long) lengths[j], &aes_ks1,
1803 iv, AES_ENCRYPT); 1739 iv, AES_ENCRYPT);
1804 d = Time_F(STOP); 1740 d = time_f(STOP);
1805 print_result(D_CBC_128_AES, j, count, d); 1741 print_result(D_CBC_128_AES, j, count, d);
1806 } 1742 }
1807 } 1743 }
1808 if (doit[D_CBC_192_AES]) { 1744 if (doit[D_CBC_192_AES]) {
1809 for (j = 0; j < SIZE_NUM; j++) { 1745 for (j = 0; j < SIZE_NUM; j++) {
1810 print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][j], lengths[j]); 1746 print_message(names[D_CBC_192_AES], lengths[j]);
1811 Time_F(START); 1747 time_f(START);
1812 for (count = 0, run = 1; COND(c[D_CBC_192_AES][j]); count++) 1748 for (count = 0, run = 1; COND; count++)
1813 AES_cbc_encrypt(buf, buf, 1749 AES_cbc_encrypt(buf, buf,
1814 (unsigned long) lengths[j], &aes_ks2, 1750 (unsigned long) lengths[j], &aes_ks2,
1815 iv, AES_ENCRYPT); 1751 iv, AES_ENCRYPT);
1816 d = Time_F(STOP); 1752 d = time_f(STOP);
1817 print_result(D_CBC_192_AES, j, count, d); 1753 print_result(D_CBC_192_AES, j, count, d);
1818 } 1754 }
1819 } 1755 }
1820 if (doit[D_CBC_256_AES]) { 1756 if (doit[D_CBC_256_AES]) {
1821 for (j = 0; j < SIZE_NUM; j++) { 1757 for (j = 0; j < SIZE_NUM; j++) {
1822 print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][j], lengths[j]); 1758 print_message(names[D_CBC_256_AES], lengths[j]);
1823 Time_F(START); 1759 time_f(START);
1824 for (count = 0, run = 1; COND(c[D_CBC_256_AES][j]); count++) 1760 for (count = 0, run = 1; COND; count++)
1825 AES_cbc_encrypt(buf, buf, 1761 AES_cbc_encrypt(buf, buf,
1826 (unsigned long) lengths[j], &aes_ks3, 1762 (unsigned long) lengths[j], &aes_ks3,
1827 iv, AES_ENCRYPT); 1763 iv, AES_ENCRYPT);
1828 d = Time_F(STOP); 1764 d = time_f(STOP);
1829 print_result(D_CBC_256_AES, j, count, d); 1765 print_result(D_CBC_256_AES, j, count, d);
1830 } 1766 }
1831 } 1767 }
1832 if (doit[D_IGE_128_AES]) { 1768 if (doit[D_IGE_128_AES]) {
1833 for (j = 0; j < SIZE_NUM; j++) { 1769 for (j = 0; j < SIZE_NUM; j++) {
1834 print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][j], lengths[j]); 1770 print_message(names[D_IGE_128_AES], lengths[j]);
1835 Time_F(START); 1771 time_f(START);
1836 for (count = 0, run = 1; COND(c[D_IGE_128_AES][j]); count++) 1772 for (count = 0, run = 1; COND; count++)
1837 AES_ige_encrypt(buf, buf2, 1773 AES_ige_encrypt(buf, buf2,
1838 (unsigned long) lengths[j], &aes_ks1, 1774 (unsigned long) lengths[j], &aes_ks1,
1839 iv, AES_ENCRYPT); 1775 iv, AES_ENCRYPT);
1840 d = Time_F(STOP); 1776 d = time_f(STOP);
1841 print_result(D_IGE_128_AES, j, count, d); 1777 print_result(D_IGE_128_AES, j, count, d);
1842 } 1778 }
1843 } 1779 }
1844 if (doit[D_IGE_192_AES]) { 1780 if (doit[D_IGE_192_AES]) {
1845 for (j = 0; j < SIZE_NUM; j++) { 1781 for (j = 0; j < SIZE_NUM; j++) {
1846 print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][j], lengths[j]); 1782 print_message(names[D_IGE_192_AES], lengths[j]);
1847 Time_F(START); 1783 time_f(START);
1848 for (count = 0, run = 1; COND(c[D_IGE_192_AES][j]); count++) 1784 for (count = 0, run = 1; COND; count++)
1849 AES_ige_encrypt(buf, buf2, 1785 AES_ige_encrypt(buf, buf2,
1850 (unsigned long) lengths[j], &aes_ks2, 1786 (unsigned long) lengths[j], &aes_ks2,
1851 iv, AES_ENCRYPT); 1787 iv, AES_ENCRYPT);
1852 d = Time_F(STOP); 1788 d = time_f(STOP);
1853 print_result(D_IGE_192_AES, j, count, d); 1789 print_result(D_IGE_192_AES, j, count, d);
1854 } 1790 }
1855 } 1791 }
1856 if (doit[D_IGE_256_AES]) { 1792 if (doit[D_IGE_256_AES]) {
1857 for (j = 0; j < SIZE_NUM; j++) { 1793 for (j = 0; j < SIZE_NUM; j++) {
1858 print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][j], lengths[j]); 1794 print_message(names[D_IGE_256_AES], lengths[j]);
1859 Time_F(START); 1795 time_f(START);
1860 for (count = 0, run = 1; COND(c[D_IGE_256_AES][j]); count++) 1796 for (count = 0, run = 1; COND; count++)
1861 AES_ige_encrypt(buf, buf2, 1797 AES_ige_encrypt(buf, buf2,
1862 (unsigned long) lengths[j], &aes_ks3, 1798 (unsigned long) lengths[j], &aes_ks3,
1863 iv, AES_ENCRYPT); 1799 iv, AES_ENCRYPT);
1864 d = Time_F(STOP); 1800 d = time_f(STOP);
1865 print_result(D_IGE_256_AES, j, count, d); 1801 print_result(D_IGE_256_AES, j, count, d);
1866 } 1802 }
1867 } 1803 }
@@ -1870,11 +1806,11 @@ speed_main(int argc, char **argv)
1870 CRYPTO_gcm128_setiv(ctx, (unsigned char *) "0123456789ab", 12); 1806 CRYPTO_gcm128_setiv(ctx, (unsigned char *) "0123456789ab", 12);
1871 1807
1872 for (j = 0; j < SIZE_NUM; j++) { 1808 for (j = 0; j < SIZE_NUM; j++) {
1873 print_message(names[D_GHASH], c[D_GHASH][j], lengths[j]); 1809 print_message(names[D_GHASH], lengths[j]);
1874 Time_F(START); 1810 time_f(START);
1875 for (count = 0, run = 1; COND(c[D_GHASH][j]); count++) 1811 for (count = 0, run = 1; COND; count++)
1876 CRYPTO_gcm128_aad(ctx, buf, lengths[j]); 1812 CRYPTO_gcm128_aad(ctx, buf, lengths[j]);
1877 d = Time_F(STOP); 1813 d = time_f(STOP);
1878 print_result(D_GHASH, j, count, d); 1814 print_result(D_GHASH, j, count, d);
1879 } 1815 }
1880 CRYPTO_gcm128_release(ctx); 1816 CRYPTO_gcm128_release(ctx);
@@ -1896,12 +1832,12 @@ speed_main(int argc, char **argv)
1896 nonce_len = EVP_AEAD_nonce_length(aead); 1832 nonce_len = EVP_AEAD_nonce_length(aead);
1897 1833
1898 for (j = 0; j < SIZE_NUM; j++) { 1834 for (j = 0; j < SIZE_NUM; j++) {
1899 print_message(names[D_AES_128_GCM],c[D_AES_128_GCM][j],lengths[j]); 1835 print_message(names[D_AES_128_GCM], lengths[j]);
1900 Time_F(START); 1836 time_f(START);
1901 for (count = 0, run = 1; COND(c[D_AES_128_GCM][j]); count++) 1837 for (count = 0, run = 1; COND; count++)
1902 EVP_AEAD_CTX_seal(ctx, buf, &buf_len, BUFSIZE, nonce, 1838 EVP_AEAD_CTX_seal(ctx, buf, &buf_len, BUFSIZE, nonce,
1903 nonce_len, buf, lengths[j], NULL, 0); 1839 nonce_len, buf, lengths[j], NULL, 0);
1904 d=Time_F(STOP); 1840 d = time_f(STOP);
1905 print_result(D_AES_128_GCM,j,count,d); 1841 print_result(D_AES_128_GCM,j,count,d);
1906 } 1842 }
1907 EVP_AEAD_CTX_free(ctx); 1843 EVP_AEAD_CTX_free(ctx);
@@ -1924,12 +1860,12 @@ speed_main(int argc, char **argv)
1924 nonce_len = EVP_AEAD_nonce_length(aead); 1860 nonce_len = EVP_AEAD_nonce_length(aead);
1925 1861
1926 for (j = 0; j < SIZE_NUM; j++) { 1862 for (j = 0; j < SIZE_NUM; j++) {
1927 print_message(names[D_AES_256_GCM],c[D_AES_256_GCM][j],lengths[j]); 1863 print_message(names[D_AES_256_GCM], lengths[j]);
1928 Time_F(START); 1864 time_f(START);
1929 for (count = 0, run = 1; COND(c[D_AES_256_GCM][j]); count++) 1865 for (count = 0, run = 1; COND; count++)
1930 EVP_AEAD_CTX_seal(ctx, buf, &buf_len, BUFSIZE, nonce, 1866 EVP_AEAD_CTX_seal(ctx, buf, &buf_len, BUFSIZE, nonce,
1931 nonce_len, buf, lengths[j], NULL, 0); 1867 nonce_len, buf, lengths[j], NULL, 0);
1932 d=Time_F(STOP); 1868 d = time_f(STOP);
1933 print_result(D_AES_256_GCM, j, count, d); 1869 print_result(D_AES_256_GCM, j, count, d);
1934 } 1870 }
1935 EVP_AEAD_CTX_free(ctx); 1871 EVP_AEAD_CTX_free(ctx);
@@ -1953,13 +1889,12 @@ speed_main(int argc, char **argv)
1953 nonce_len = EVP_AEAD_nonce_length(aead); 1889 nonce_len = EVP_AEAD_nonce_length(aead);
1954 1890
1955 for (j = 0; j < SIZE_NUM; j++) { 1891 for (j = 0; j < SIZE_NUM; j++) {
1956 print_message(names[D_CHACHA20_POLY1305], 1892 print_message(names[D_CHACHA20_POLY1305], lengths[j]);
1957 c[D_CHACHA20_POLY1305][j], lengths[j]); 1893 time_f(START);
1958 Time_F(START); 1894 for (count = 0, run = 1; COND; count++)
1959 for (count = 0, run = 1; COND(c[D_CHACHA20_POLY1305][j]); count++)
1960 EVP_AEAD_CTX_seal(ctx, buf, &buf_len, BUFSIZE, nonce, 1895 EVP_AEAD_CTX_seal(ctx, buf, &buf_len, BUFSIZE, nonce,
1961 nonce_len, buf, lengths[j], NULL, 0); 1896 nonce_len, buf, lengths[j], NULL, 0);
1962 d=Time_F(STOP); 1897 d = time_f(STOP);
1963 print_result(D_CHACHA20_POLY1305, j, count, d); 1898 print_result(D_CHACHA20_POLY1305, j, count, d);
1964 } 1899 }
1965 EVP_AEAD_CTX_free(ctx); 1900 EVP_AEAD_CTX_free(ctx);
@@ -1968,37 +1903,37 @@ speed_main(int argc, char **argv)
1968#ifndef OPENSSL_NO_CAMELLIA 1903#ifndef OPENSSL_NO_CAMELLIA
1969 if (doit[D_CBC_128_CML]) { 1904 if (doit[D_CBC_128_CML]) {
1970 for (j = 0; j < SIZE_NUM; j++) { 1905 for (j = 0; j < SIZE_NUM; j++) {
1971 print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][j], lengths[j]); 1906 print_message(names[D_CBC_128_CML], lengths[j]);
1972 Time_F(START); 1907 time_f(START);
1973 for (count = 0, run = 1; COND(c[D_CBC_128_CML][j]); count++) 1908 for (count = 0, run = 1; COND; count++)
1974 Camellia_cbc_encrypt(buf, buf, 1909 Camellia_cbc_encrypt(buf, buf,
1975 (unsigned long) lengths[j], &camellia_ks1, 1910 (unsigned long) lengths[j], &camellia_ks1,
1976 iv, CAMELLIA_ENCRYPT); 1911 iv, CAMELLIA_ENCRYPT);
1977 d = Time_F(STOP); 1912 d = time_f(STOP);
1978 print_result(D_CBC_128_CML, j, count, d); 1913 print_result(D_CBC_128_CML, j, count, d);
1979 } 1914 }
1980 } 1915 }
1981 if (doit[D_CBC_192_CML]) { 1916 if (doit[D_CBC_192_CML]) {
1982 for (j = 0; j < SIZE_NUM; j++) { 1917 for (j = 0; j < SIZE_NUM; j++) {
1983 print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][j], lengths[j]); 1918 print_message(names[D_CBC_192_CML], lengths[j]);
1984 Time_F(START); 1919 time_f(START);
1985 for (count = 0, run = 1; COND(c[D_CBC_192_CML][j]); count++) 1920 for (count = 0, run = 1; COND; count++)
1986 Camellia_cbc_encrypt(buf, buf, 1921 Camellia_cbc_encrypt(buf, buf,
1987 (unsigned long) lengths[j], &camellia_ks2, 1922 (unsigned long) lengths[j], &camellia_ks2,
1988 iv, CAMELLIA_ENCRYPT); 1923 iv, CAMELLIA_ENCRYPT);
1989 d = Time_F(STOP); 1924 d = time_f(STOP);
1990 print_result(D_CBC_192_CML, j, count, d); 1925 print_result(D_CBC_192_CML, j, count, d);
1991 } 1926 }
1992 } 1927 }
1993 if (doit[D_CBC_256_CML]) { 1928 if (doit[D_CBC_256_CML]) {
1994 for (j = 0; j < SIZE_NUM; j++) { 1929 for (j = 0; j < SIZE_NUM; j++) {
1995 print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][j], lengths[j]); 1930 print_message(names[D_CBC_256_CML], lengths[j]);
1996 Time_F(START); 1931 time_f(START);
1997 for (count = 0, run = 1; COND(c[D_CBC_256_CML][j]); count++) 1932 for (count = 0, run = 1; COND; count++)
1998 Camellia_cbc_encrypt(buf, buf, 1933 Camellia_cbc_encrypt(buf, buf,
1999 (unsigned long) lengths[j], &camellia_ks3, 1934 (unsigned long) lengths[j], &camellia_ks3,
2000 iv, CAMELLIA_ENCRYPT); 1935 iv, CAMELLIA_ENCRYPT);
2001 d = Time_F(STOP); 1936 d = time_f(STOP);
2002 print_result(D_CBC_256_CML, j, count, d); 1937 print_result(D_CBC_256_CML, j, count, d);
2003 } 1938 }
2004 } 1939 }
@@ -2006,13 +1941,13 @@ speed_main(int argc, char **argv)
2006#ifndef OPENSSL_NO_IDEA 1941#ifndef OPENSSL_NO_IDEA
2007 if (doit[D_CBC_IDEA]) { 1942 if (doit[D_CBC_IDEA]) {
2008 for (j = 0; j < SIZE_NUM; j++) { 1943 for (j = 0; j < SIZE_NUM; j++) {
2009 print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][j], lengths[j]); 1944 print_message(names[D_CBC_IDEA], lengths[j]);
2010 Time_F(START); 1945 time_f(START);
2011 for (count = 0, run = 1; COND(c[D_CBC_IDEA][j]); count++) 1946 for (count = 0, run = 1; COND; count++)
2012 idea_cbc_encrypt(buf, buf, 1947 idea_cbc_encrypt(buf, buf,
2013 (unsigned long) lengths[j], &idea_ks, 1948 (unsigned long) lengths[j], &idea_ks,
2014 iv, IDEA_ENCRYPT); 1949 iv, IDEA_ENCRYPT);
2015 d = Time_F(STOP); 1950 d = time_f(STOP);
2016 print_result(D_CBC_IDEA, j, count, d); 1951 print_result(D_CBC_IDEA, j, count, d);
2017 } 1952 }
2018 } 1953 }
@@ -2020,13 +1955,13 @@ speed_main(int argc, char **argv)
2020#ifndef OPENSSL_NO_RC2 1955#ifndef OPENSSL_NO_RC2
2021 if (doit[D_CBC_RC2]) { 1956 if (doit[D_CBC_RC2]) {
2022 for (j = 0; j < SIZE_NUM; j++) { 1957 for (j = 0; j < SIZE_NUM; j++) {
2023 print_message(names[D_CBC_RC2], c[D_CBC_RC2][j], lengths[j]); 1958 print_message(names[D_CBC_RC2], lengths[j]);
2024 Time_F(START); 1959 time_f(START);
2025 for (count = 0, run = 1; COND(c[D_CBC_RC2][j]); count++) 1960 for (count = 0, run = 1; COND; count++)
2026 RC2_cbc_encrypt(buf, buf, 1961 RC2_cbc_encrypt(buf, buf,
2027 (unsigned long) lengths[j], &rc2_ks, 1962 (unsigned long) lengths[j], &rc2_ks,
2028 iv, RC2_ENCRYPT); 1963 iv, RC2_ENCRYPT);
2029 d = Time_F(STOP); 1964 d = time_f(STOP);
2030 print_result(D_CBC_RC2, j, count, d); 1965 print_result(D_CBC_RC2, j, count, d);
2031 } 1966 }
2032 } 1967 }
@@ -2034,13 +1969,13 @@ speed_main(int argc, char **argv)
2034#ifndef OPENSSL_NO_BF 1969#ifndef OPENSSL_NO_BF
2035 if (doit[D_CBC_BF]) { 1970 if (doit[D_CBC_BF]) {
2036 for (j = 0; j < SIZE_NUM; j++) { 1971 for (j = 0; j < SIZE_NUM; j++) {
2037 print_message(names[D_CBC_BF], c[D_CBC_BF][j], lengths[j]); 1972 print_message(names[D_CBC_BF], lengths[j]);
2038 Time_F(START); 1973 time_f(START);
2039 for (count = 0, run = 1; COND(c[D_CBC_BF][j]); count++) 1974 for (count = 0, run = 1; COND; count++)
2040 BF_cbc_encrypt(buf, buf, 1975 BF_cbc_encrypt(buf, buf,
2041 (unsigned long) lengths[j], &bf_ks, 1976 (unsigned long) lengths[j], &bf_ks,
2042 iv, BF_ENCRYPT); 1977 iv, BF_ENCRYPT);
2043 d = Time_F(STOP); 1978 d = time_f(STOP);
2044 print_result(D_CBC_BF, j, count, d); 1979 print_result(D_CBC_BF, j, count, d);
2045 } 1980 }
2046 } 1981 }
@@ -2048,13 +1983,13 @@ speed_main(int argc, char **argv)
2048#ifndef OPENSSL_NO_CAST 1983#ifndef OPENSSL_NO_CAST
2049 if (doit[D_CBC_CAST]) { 1984 if (doit[D_CBC_CAST]) {
2050 for (j = 0; j < SIZE_NUM; j++) { 1985 for (j = 0; j < SIZE_NUM; j++) {
2051 print_message(names[D_CBC_CAST], c[D_CBC_CAST][j], lengths[j]); 1986 print_message(names[D_CBC_CAST], lengths[j]);
2052 Time_F(START); 1987 time_f(START);
2053 for (count = 0, run = 1; COND(c[D_CBC_CAST][j]); count++) 1988 for (count = 0, run = 1; COND; count++)
2054 CAST_cbc_encrypt(buf, buf, 1989 CAST_cbc_encrypt(buf, buf,
2055 (unsigned long) lengths[j], &cast_ks, 1990 (unsigned long) lengths[j], &cast_ks,
2056 iv, CAST_ENCRYPT); 1991 iv, CAST_ENCRYPT);
2057 d = Time_F(STOP); 1992 d = time_f(STOP);
2058 print_result(D_CBC_CAST, j, count, d); 1993 print_result(D_CBC_CAST, j, count, d);
2059 } 1994 }
2060 } 1995 }
@@ -2073,8 +2008,7 @@ speed_main(int argc, char **argv)
2073 * optimization here! names[D_EVP] somehow 2008 * optimization here! names[D_EVP] somehow
2074 * becomes NULL 2009 * becomes NULL
2075 */ 2010 */
2076 print_message(names[D_EVP], save_count, 2011 print_message(names[D_EVP], lengths[j]);
2077 lengths[j]);
2078 2012
2079 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) { 2013 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) {
2080 BIO_printf(bio_err, "Failed to " 2014 BIO_printf(bio_err, "Failed to "
@@ -2087,30 +2021,29 @@ speed_main(int argc, char **argv)
2087 EVP_EncryptInit_ex(ctx, evp_cipher, NULL, key16, iv); 2021 EVP_EncryptInit_ex(ctx, evp_cipher, NULL, key16, iv);
2088 EVP_CIPHER_CTX_set_padding(ctx, 0); 2022 EVP_CIPHER_CTX_set_padding(ctx, 0);
2089 2023
2090 Time_F(START); 2024 time_f(START);
2091 if (decrypt) 2025 if (decrypt)
2092 for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++) 2026 for (count = 0, run = 1; COND; count++)
2093 EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[j]); 2027 EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[j]);
2094 else 2028 else
2095 for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++) 2029 for (count = 0, run = 1; COND; count++)
2096 EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[j]); 2030 EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[j]);
2097 if (decrypt) 2031 if (decrypt)
2098 EVP_DecryptFinal_ex(ctx, buf, &outl); 2032 EVP_DecryptFinal_ex(ctx, buf, &outl);
2099 else 2033 else
2100 EVP_EncryptFinal_ex(ctx, buf, &outl); 2034 EVP_EncryptFinal_ex(ctx, buf, &outl);
2101 d = Time_F(STOP); 2035 d = time_f(STOP);
2102 EVP_CIPHER_CTX_free(ctx); 2036 EVP_CIPHER_CTX_free(ctx);
2103 } 2037 }
2104 if (evp_md) { 2038 if (evp_md) {
2105 names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md)); 2039 names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md));
2106 print_message(names[D_EVP], save_count, 2040 print_message(names[D_EVP], lengths[j]);
2107 lengths[j]);
2108 2041
2109 Time_F(START); 2042 time_f(START);
2110 for (count = 0, run = 1; COND(save_count * 4 * lengths[0] / lengths[j]); count++) 2043 for (count = 0, run = 1; COND; count++)
2111 EVP_Digest(buf, lengths[j], &(md[0]), NULL, evp_md, NULL); 2044 EVP_Digest(buf, lengths[j], &(md[0]), NULL, evp_md, NULL);
2112 2045
2113 d = Time_F(STOP); 2046 d = time_f(STOP);
2114 } 2047 }
2115 print_result(D_EVP, j, count, d); 2048 print_result(D_EVP, j, count, d);
2116 } 2049 }
@@ -2127,11 +2060,11 @@ speed_main(int argc, char **argv)
2127 rsa_count = 1; 2060 rsa_count = 1;
2128 } else { 2061 } else {
2129 pkey_print_message("private", "rsa", 2062 pkey_print_message("private", "rsa",
2130 rsa_c[j][0], rsa_bits[j], 2063 rsa_bits[j],
2131 RSA_SECONDS); 2064 RSA_SECONDS);
2132/* RSA_blinding_on(rsa_key[j],NULL); */ 2065/* RSA_blinding_on(rsa_key[j],NULL); */
2133 Time_F(START); 2066 time_f(START);
2134 for (count = 0, run = 1; COND(rsa_c[j][0]); count++) { 2067 for (count = 0, run = 1; COND; count++) {
2135 ret = RSA_sign(NID_md5_sha1, buf, 36, buf2, 2068 ret = RSA_sign(NID_md5_sha1, buf, 36, buf2,
2136 &rsa_num, rsa_key[j]); 2069 &rsa_num, rsa_key[j]);
2137 if (ret == 0) { 2070 if (ret == 0) {
@@ -2142,7 +2075,7 @@ speed_main(int argc, char **argv)
2142 break; 2075 break;
2143 } 2076 }
2144 } 2077 }
2145 d = Time_F(STOP); 2078 d = time_f(STOP);
2146 BIO_printf(bio_err, mr ? "+R1:%ld:%d:%.2f\n" 2079 BIO_printf(bio_err, mr ? "+R1:%ld:%d:%.2f\n"
2147 : "%ld %d bit private RSA in %.2fs\n", 2080 : "%ld %d bit private RSA in %.2fs\n",
2148 count, rsa_bits[j], d); 2081 count, rsa_bits[j], d);
@@ -2157,10 +2090,10 @@ speed_main(int argc, char **argv)
2157 rsa_doit[j] = 0; 2090 rsa_doit[j] = 0;
2158 } else { 2091 } else {
2159 pkey_print_message("public", "rsa", 2092 pkey_print_message("public", "rsa",
2160 rsa_c[j][1], rsa_bits[j], 2093 rsa_bits[j],
2161 RSA_SECONDS); 2094 RSA_SECONDS);
2162 Time_F(START); 2095 time_f(START);
2163 for (count = 0, run = 1; COND(rsa_c[j][1]); count++) { 2096 for (count = 0, run = 1; COND; count++) {
2164 ret = RSA_verify(NID_md5_sha1, buf, 36, buf2, 2097 ret = RSA_verify(NID_md5_sha1, buf, 36, buf2,
2165 rsa_num, rsa_key[j]); 2098 rsa_num, rsa_key[j]);
2166 if (ret <= 0) { 2099 if (ret <= 0) {
@@ -2171,7 +2104,7 @@ speed_main(int argc, char **argv)
2171 break; 2104 break;
2172 } 2105 }
2173 } 2106 }
2174 d = Time_F(STOP); 2107 d = time_f(STOP);
2175 BIO_printf(bio_err, mr ? "+R2:%ld:%d:%.2f\n" 2108 BIO_printf(bio_err, mr ? "+R2:%ld:%d:%.2f\n"
2176 : "%ld %d bit public RSA in %.2fs\n", 2109 : "%ld %d bit public RSA in %.2fs\n",
2177 count, rsa_bits[j], d); 2110 count, rsa_bits[j], d);
@@ -2202,10 +2135,10 @@ speed_main(int argc, char **argv)
2202 rsa_count = 1; 2135 rsa_count = 1;
2203 } else { 2136 } else {
2204 pkey_print_message("sign", "dsa", 2137 pkey_print_message("sign", "dsa",
2205 dsa_c[j][0], dsa_bits[j], 2138 dsa_bits[j],
2206 DSA_SECONDS); 2139 DSA_SECONDS);
2207 Time_F(START); 2140 time_f(START);
2208 for (count = 0, run = 1; COND(dsa_c[j][0]); count++) { 2141 for (count = 0, run = 1; COND; count++) {
2209 ret = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, 2142 ret = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2,
2210 &kk, dsa_key[j]); 2143 &kk, dsa_key[j]);
2211 if (ret == 0) { 2144 if (ret == 0) {
@@ -2216,7 +2149,7 @@ speed_main(int argc, char **argv)
2216 break; 2149 break;
2217 } 2150 }
2218 } 2151 }
2219 d = Time_F(STOP); 2152 d = time_f(STOP);
2220 BIO_printf(bio_err, mr ? "+R3:%ld:%d:%.2f\n" 2153 BIO_printf(bio_err, mr ? "+R3:%ld:%d:%.2f\n"
2221 : "%ld %d bit DSA signs in %.2fs\n", 2154 : "%ld %d bit DSA signs in %.2fs\n",
2222 count, dsa_bits[j], d); 2155 count, dsa_bits[j], d);
@@ -2232,10 +2165,10 @@ speed_main(int argc, char **argv)
2232 dsa_doit[j] = 0; 2165 dsa_doit[j] = 0;
2233 } else { 2166 } else {
2234 pkey_print_message("verify", "dsa", 2167 pkey_print_message("verify", "dsa",
2235 dsa_c[j][1], dsa_bits[j], 2168 dsa_bits[j],
2236 DSA_SECONDS); 2169 DSA_SECONDS);
2237 Time_F(START); 2170 time_f(START);
2238 for (count = 0, run = 1; COND(dsa_c[j][1]); count++) { 2171 for (count = 0, run = 1; COND; count++) {
2239 ret = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, 2172 ret = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2,
2240 kk, dsa_key[j]); 2173 kk, dsa_key[j]);
2241 if (ret <= 0) { 2174 if (ret <= 0) {
@@ -2246,7 +2179,7 @@ speed_main(int argc, char **argv)
2246 break; 2179 break;
2247 } 2180 }
2248 } 2181 }
2249 d = Time_F(STOP); 2182 d = time_f(STOP);
2250 BIO_printf(bio_err, mr ? "+R4:%ld:%d:%.2f\n" 2183 BIO_printf(bio_err, mr ? "+R4:%ld:%d:%.2f\n"
2251 : "%ld %d bit DSA verify in %.2fs\n", 2184 : "%ld %d bit DSA verify in %.2fs\n",
2252 count, dsa_bits[j], d); 2185 count, dsa_bits[j], d);
@@ -2283,13 +2216,11 @@ speed_main(int argc, char **argv)
2283 rsa_count = 1; 2216 rsa_count = 1;
2284 } else { 2217 } else {
2285 pkey_print_message("sign", "ecdsa", 2218 pkey_print_message("sign", "ecdsa",
2286 ecdsa_c[j][0],
2287 test_curves_bits[j], 2219 test_curves_bits[j],
2288 ECDSA_SECONDS); 2220 ECDSA_SECONDS);
2289 2221
2290 Time_F(START); 2222 time_f(START);
2291 for (count = 0, run = 1; COND(ecdsa_c[j][0]); 2223 for (count = 0, run = 1; COND; count++) {
2292 count++) {
2293 ret = ECDSA_sign(0, buf, 20, 2224 ret = ECDSA_sign(0, buf, 20,
2294 ecdsasig, &ecdsasiglen, 2225 ecdsasig, &ecdsasiglen,
2295 ecdsa[j]); 2226 ecdsa[j]);
@@ -2300,7 +2231,7 @@ speed_main(int argc, char **argv)
2300 break; 2231 break;
2301 } 2232 }
2302 } 2233 }
2303 d = Time_F(STOP); 2234 d = time_f(STOP);
2304 2235
2305 BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" : 2236 BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
2306 "%ld %d bit ECDSA signs in %.2fs \n", 2237 "%ld %d bit ECDSA signs in %.2fs \n",
@@ -2318,11 +2249,10 @@ speed_main(int argc, char **argv)
2318 ecdsa_doit[j] = 0; 2249 ecdsa_doit[j] = 0;
2319 } else { 2250 } else {
2320 pkey_print_message("verify", "ecdsa", 2251 pkey_print_message("verify", "ecdsa",
2321 ecdsa_c[j][1],
2322 test_curves_bits[j], 2252 test_curves_bits[j],
2323 ECDSA_SECONDS); 2253 ECDSA_SECONDS);
2324 Time_F(START); 2254 time_f(START);
2325 for (count = 0, run = 1; COND(ecdsa_c[j][1]); count++) { 2255 for (count = 0, run = 1; COND; count++) {
2326 ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]); 2256 ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
2327 if (ret != 1) { 2257 if (ret != 1) {
2328 BIO_printf(bio_err, "ECDSA verify failure\n"); 2258 BIO_printf(bio_err, "ECDSA verify failure\n");
@@ -2331,7 +2261,7 @@ speed_main(int argc, char **argv)
2331 break; 2261 break;
2332 } 2262 }
2333 } 2263 }
2334 d = Time_F(STOP); 2264 d = time_f(STOP);
2335 BIO_printf(bio_err, mr ? "+R6:%ld:%d:%.2f\n" 2265 BIO_printf(bio_err, mr ? "+R6:%ld:%d:%.2f\n"
2336 : "%ld %d bit ECDSA verify in %.2fs\n", 2266 : "%ld %d bit ECDSA verify in %.2fs\n",
2337 count, test_curves_bits[j], d); 2267 count, test_curves_bits[j], d);
@@ -2405,18 +2335,16 @@ speed_main(int argc, char **argv)
2405 rsa_count = 1; 2335 rsa_count = 1;
2406 } else { 2336 } else {
2407 pkey_print_message("", "ecdh", 2337 pkey_print_message("", "ecdh",
2408 ecdh_c[j][0],
2409 test_curves_bits[j], 2338 test_curves_bits[j],
2410 ECDH_SECONDS); 2339 ECDH_SECONDS);
2411 Time_F(START); 2340 time_f(START);
2412 for (count = 0, run = 1; 2341 for (count = 0, run = 1; COND; count++) {
2413 COND(ecdh_c[j][0]); count++) {
2414 ECDH_compute_key(secret_a, 2342 ECDH_compute_key(secret_a,
2415 outlen, 2343 outlen,
2416 EC_KEY_get0_public_key(ecdh_b[j]), 2344 EC_KEY_get0_public_key(ecdh_b[j]),
2417 ecdh_a[j], kdf); 2345 ecdh_a[j], kdf);
2418 } 2346 }
2419 d = Time_F(STOP); 2347 d = time_f(STOP);
2420 BIO_printf(bio_err, mr 2348 BIO_printf(bio_err, mr
2421 ? "+R7:%ld:%d:%.2f\n" 2349 ? "+R7:%ld:%d:%.2f\n"
2422 : "%ld %d-bit ECDH ops in %.2fs\n", 2350 : "%ld %d-bit ECDH ops in %.2fs\n",
@@ -2569,7 +2497,7 @@ show_res:
2569} 2497}
2570 2498
2571static void 2499static void
2572print_message(const char *s, long num, int length) 2500print_message(const char *s, int length)
2573{ 2501{
2574 BIO_printf(bio_err, mr ? "+DT:%s:%d:%d\n" 2502 BIO_printf(bio_err, mr ? "+DT:%s:%d:%d\n"
2575 : "Doing %s for %ds on %d size blocks: ", s, SECONDS, length); 2503 : "Doing %s for %ds on %d size blocks: ", s, SECONDS, length);
@@ -2578,7 +2506,7 @@ print_message(const char *s, long num, int length)
2578} 2506}
2579 2507
2580static void 2508static void
2581pkey_print_message(const char *str, const char *str2, long num, 2509pkey_print_message(const char *str, const char *str2,
2582 int bits, int tm) 2510 int bits, int tm)
2583{ 2511{
2584 BIO_printf(bio_err, mr ? "+DTP:%d:%s:%s:%d\n" 2512 BIO_printf(bio_err, mr ? "+DTP:%d:%s:%s:%d\n"
diff --git a/src/usr.bin/openssl/ts.c b/src/usr.bin/openssl/ts.c
index 2bb35d84a4..29485bf7dc 100644
--- a/src/usr.bin/openssl/ts.c
+++ b/src/usr.bin/openssl/ts.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ts.c,v 1.29 2024/08/26 18:40:50 tb Exp $ */ 1/* $OpenBSD: ts.c,v 1.30 2025/11/21 08:25:43 tb Exp $ */
2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL 2/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3 * project 2002. 3 * project 2002.
4 */ 4 */
@@ -736,33 +736,23 @@ create_digest(BIO *input, char *digest, const EVP_MD *md,
736static ASN1_INTEGER * 736static ASN1_INTEGER *
737create_nonce(int bits) 737create_nonce(int bits)
738{ 738{
739 unsigned char buf[20]; 739 BIGNUM *bn;
740 ASN1_INTEGER *nonce = NULL; 740 ASN1_INTEGER *nonce = NULL;
741 int len = (bits - 1) / 8 + 1;
742 int i;
743 741
744 /* Generating random byte sequence. */ 742 if ((bn = BN_new()) == NULL)
745 if (len > (int) sizeof(buf))
746 goto err; 743 goto err;
747 arc4random_buf(buf, len); 744 if (!BN_rand(bn, bits, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
748
749 /* Find the first non-zero byte and creating ASN1_INTEGER object. */
750 for (i = 0; i < len && !buf[i]; ++i)
751 ;
752 if ((nonce = ASN1_INTEGER_new()) == NULL)
753 goto err; 745 goto err;
754 free(nonce->data); 746 if ((nonce = BN_to_ASN1_INTEGER(bn, NULL)) == NULL)
755 /* Allocate at least one byte. */
756 nonce->length = len - i;
757 if ((nonce->data = malloc(nonce->length + 1)) == NULL)
758 goto err; 747 goto err;
759 memcpy(nonce->data, buf + i, nonce->length); 748 BN_free(bn);
760 749
761 return nonce; 750 return nonce;
762 751
763 err: 752 err:
764 BIO_printf(bio_err, "could not create nonce\n"); 753 BIO_printf(bio_err, "could not create nonce\n");
765 ASN1_INTEGER_free(nonce); 754 ASN1_INTEGER_free(nonce);
755 BN_free(bn);
766 return NULL; 756 return NULL;
767} 757}
768 758
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-13 19:56:42 +0000