From: Matt Caswell Date: Mon, 12 Aug 2024 08:32:56 +0000 (+0100) Subject: Don't compile in support for DSA speed testing if not needed X-Git-Tag: openssl-3.4.0-alpha1~139 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=096a54ee45d6dc1f68989c0bcf86855b42fab822;p=thirdparty%2Fopenssl.git Don't compile in support for DSA speed testing if not needed If there is no DSA support in the library we should not compile in support for speed testing of DSA. We should skip it in much the same way that we do for other algorithms. Reviewed-by: Neil Horman Reviewed-by: Tom Cosgrove Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/25153) --- diff --git a/apps/speed.c b/apps/speed.c index dc3fe0c7806..81befba9d45 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -362,12 +362,14 @@ static const OPT_PAIR doit_choices[] = { static double results[ALGOR_NUM][SIZE_NUM]; +#ifndef OPENSSL_NO_DSA enum { R_DSA_1024, R_DSA_2048, DSA_NUM }; static const OPT_PAIR dsa_choices[DSA_NUM] = { {"dsa1024", R_DSA_1024}, {"dsa2048", R_DSA_2048} }; static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ +#endif /* OPENSSL_NO_DSA */ enum { R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680, @@ -527,8 +529,10 @@ typedef struct loopargs_st { EVP_PKEY_CTX *rsa_verify_ctx[RSA_NUM]; EVP_PKEY_CTX *rsa_encrypt_ctx[RSA_NUM]; EVP_PKEY_CTX *rsa_decrypt_ctx[RSA_NUM]; +#ifndef OPENSSL_NO_DSA EVP_PKEY_CTX *dsa_sign_ctx[DSA_NUM]; EVP_PKEY_CTX *dsa_verify_ctx[DSA_NUM]; +#endif EVP_PKEY_CTX *ecdsa_sign_ctx[ECDSA_NUM]; EVP_PKEY_CTX *ecdsa_verify_ctx[ECDSA_NUM]; EVP_PKEY_CTX *ecdh_ctx[EC_NUM]; @@ -1086,6 +1090,7 @@ static int FFDH_derive_key_loop(void *args) } #endif /* OPENSSL_NO_DH */ +#ifndef OPENSSL_NO_DSA static int DSA_sign_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; @@ -1128,6 +1133,7 @@ static int DSA_verify_loop(void *args) } return count; } +#endif /* OPENSSL_NO_DSA */ static int ECDSA_sign_loop(void *args) { @@ -1843,8 +1849,10 @@ int speed_main(int argc, char **argv) uint8_t ffdh_doit[FFDH_NUM] = { 0 }; #endif /* OPENSSL_NO_DH */ +#ifndef OPENSSL_NO_DSA static const unsigned int dsa_bits[DSA_NUM] = { 1024, 2048 }; uint8_t dsa_doit[DSA_NUM] = { 0 }; +#endif /* OPENSSL_NO_DSA */ /* * We only test over the following curves as they are representative, To * add tests over more curves, simply add the curve NID and curve name to @@ -2151,6 +2159,7 @@ int speed_main(int argc, char **argv) sigs_algname[sigs_algs_len++] = OPENSSL_strdup(rsa_choices[i].name); } } +#ifndef OPENSSL_NO_DSA else if (strcmp(sig_name, "DSA") == 0) { if (sigs_algs_len + DSA_NUM >= MAX_SIG_NUM) { BIO_printf(bio_err, @@ -2162,6 +2171,7 @@ int speed_main(int argc, char **argv) sigs_algname[sigs_algs_len++] = OPENSSL_strdup(dsa_choices[i].name); } } +#endif /* OPENSSL_NO_DSA */ /* skipping these algs as tested elsewhere - and b/o setup is a pain */ else if (strcmp(sig_name, "ED25519") && strcmp(sig_name, "ED448") && @@ -2233,6 +2243,7 @@ int speed_main(int argc, char **argv) } } #endif +#ifndef OPENSSL_NO_DSA if (HAS_PREFIX(algo, "dsa")) { if (algo[sizeof("dsa") - 1] == '\0') { memset(dsa_doit, 1, sizeof(dsa_doit)); @@ -2243,6 +2254,7 @@ int speed_main(int argc, char **argv) algo_found = 1; } } +#endif if (strcmp(algo, "aes") == 0) { doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1; algo_found = 1; @@ -2468,7 +2480,9 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_DH memset(ffdh_doit, 1, sizeof(ffdh_doit)); #endif +#ifndef OPENSSL_NO_DSA memset(dsa_doit, 1, sizeof(dsa_doit)); +#endif #ifndef OPENSSL_NO_ECX memset(ecdsa_doit, 1, sizeof(ecdsa_doit)); memset(ecdh_doit, 1, sizeof(ecdh_doit)); @@ -3117,6 +3131,7 @@ int speed_main(int argc, char **argv) EVP_PKEY_free(rsa_key); } +#ifndef OPENSSL_NO_DSA for (testnum = 0; testnum < DSA_NUM; testnum++) { EVP_PKEY *dsa_key = NULL; int st; @@ -3192,6 +3207,7 @@ int speed_main(int argc, char **argv) } EVP_PKEY_free(dsa_key); } +#endif /* OPENSSL_NO_DSA */ for (testnum = 0; testnum < ECDSA_NUM; testnum++) { EVP_PKEY *ecdsa_key = NULL; @@ -4226,6 +4242,7 @@ int speed_main(int argc, char **argv) rsa_results[k][2], rsa_results[k][3]); } testnum = 1; +#ifndef OPENSSL_NO_DSA for (k = 0; k < DSA_NUM; k++) { if (!dsa_doit[k]) continue; @@ -4241,6 +4258,7 @@ int speed_main(int argc, char **argv) dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1], dsa_results[k][0], dsa_results[k][1]); } +#endif /* OPENSSL_NO_DSA */ testnum = 1; for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) { if (!ecdsa_doit[k]) @@ -4410,10 +4428,12 @@ int speed_main(int argc, char **argv) for (k = 0; k < FFDH_NUM; k++) EVP_PKEY_CTX_free(loopargs[i].ffdh_ctx[k]); #endif +#ifndef OPENSSL_NO_DSA for (k = 0; k < DSA_NUM; k++) { EVP_PKEY_CTX_free(loopargs[i].dsa_sign_ctx[k]); EVP_PKEY_CTX_free(loopargs[i].dsa_verify_ctx[k]); } +#endif for (k = 0; k < ECDSA_NUM; k++) { EVP_PKEY_CTX_free(loopargs[i].ecdsa_sign_ctx[k]); EVP_PKEY_CTX_free(loopargs[i].ecdsa_verify_ctx[k]); @@ -4662,6 +4682,7 @@ static int do_multi(int multi, int size_num) d = atof(sstrsep(&p, sep)); rsa_results[k][3] += d; } +# ifndef OPENSSL_NO_DSA } else if (CHECK_AND_SKIP_PREFIX(p, "+F3:")) { tk = sstrsep(&p, sep); if (strtoint(tk, 0, OSSL_NELEM(dsa_results), &k)) { @@ -4673,6 +4694,7 @@ static int do_multi(int multi, int size_num) d = atof(sstrsep(&p, sep)); dsa_results[k][1] += d; } +# endif /* OPENSSL_NO_DSA */ } else if (CHECK_AND_SKIP_PREFIX(p, "+F4:")) { tk = sstrsep(&p, sep); if (strtoint(tk, 0, OSSL_NELEM(ecdsa_results), &k)) { diff --git a/test/recipes/20-test_speed.t b/test/recipes/20-test_speed.t index eb3ecd8a57e..aa6146a97c2 100644 --- a/test/recipes/20-test_speed.t +++ b/test/recipes/20-test_speed.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -26,8 +26,14 @@ ok(run(app(['openssl', 'speed', '-testmode'])), #ensure we don't spend too long in this test. That option also causes the speed #app to return an error code if anything unexpectedly goes wrong. -ok(run(app(['openssl', 'speed', '-testmode', '-multi', 2])), - "Test the multi option"); + +SKIP: { + skip "Multi option is not supported by this OpenSSL build", 1 + if $^O =~ /^(VMS|MSWin32)$/; + + ok(run(app(['openssl', 'speed', '-testmode', '-multi', 2])), + "Test the multi option"); +} ok(run(app(['openssl', 'speed', '-testmode', '-misalign', 1])), "Test the misalign option"); @@ -67,22 +73,32 @@ ok(run(app(['openssl', 'speed', '-testmode', '-evp', 'sha256'])), ok(run(app(['openssl', 'speed', '-testmode', '-hmac', 'sha256'])), "Test the hmac option"); -ok(run(app(['openssl', 'speed', '-testmode', '-cmac', 'aes-128-cbc'])), - "Test the cmac option"); +SKIP: { + skip "CMAC is not supported by this OpenSSL build", 1 + if disabled("cmac"); + + ok(run(app(['openssl', 'speed', '-testmode', '-cmac', 'aes-128-cbc'])), + "Test the cmac option"); +} ok(run(app(['openssl', 'speed', '-testmode', '-aead', '-evp', 'aes-128-gcm'])), "Test the aead and evp options"); SKIP: { - skip "ASYNC is not supported by this OpenSSL build", 1 - if disabled("async"); + skip "ASYNC/threads not supported by this OpenSSL build", 1 + if disabled("async") || disabled("threads"); ok(run(app(['openssl', 'speed', '-testmode', '-async_jobs', '1'])), "Test the async_jobs option"); } -ok(run(app(['openssl', 'speed', '-testmode', '-mlock'])), - "Test the mlock option"); +SKIP: { + skip "Mlock option is not supported by this OpenSSL build", 1 + if $^O !~ /^(linux|MSWin32)$/; + + ok(run(app(['openssl', 'speed', '-testmode', '-mlock'])), + "Test the mlock option"); +} #We don't expect these options to have an effect in testmode but we at least #test that the option parsing works ok