From: James Muir <james@openssl.org>
Date: Tue, 21 Nov 2023 05:09:38 +0000 (-0500)
Subject: speed: make hmac(sha256) the default hmac
X-Git-Tag: openssl-3.3.0-alpha1~582
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e580f06deceee8f4ca780b871c712bc6e5ec3a3f;p=thirdparty%2Fopenssl.git

speed: make hmac(sha256) the default hmac

prefer hmac(sha256) rather than hmac(md5).  Also, drop the "skip_hmac"
label.  If we are supposed to do hmac(hash_func) and hash_func cannot
be found, then error out immediately.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22793)
---

diff --git a/CHANGES.md b/CHANGES.md
index 2aa06179746..81044b3d707 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -28,6 +28,11 @@ OpenSSL 3.3
 
 ### Changes between 3.2 and 3.3 [xx XXX xxxx]
 
+ * In `openssl speed`, changed the default hash function used with `hmac` from
+   `md5` to `sha256`.
+
+   *James Muir*
+
  * The build of exporters (such as `.pc` files for pkg-config) cleaned up to
    be less hard coded in the build file templates, and to allow easier
    addition of more exporters.  With that, an exporter for CMake is also
diff --git a/apps/speed.c b/apps/speed.c
index 57aeb67bf89..d1c61d72d02 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -310,7 +310,7 @@ enum {
 /* name of algorithms to test. MUST BE KEEP IN SYNC with above enum ! */
 static const char *names[ALGOR_NUM] = {
     "md2", "mdc2", "md4", "md5", "sha1", "rmd160",
-    "sha256", "sha512", "whirlpool", "hmac(md5)",
+    "sha256", "sha512", "whirlpool", "hmac(sha256)",
     "des-cbc", "des-ede3", "rc4", "idea-cbc", "seed-cbc",
     "rc2-cbc", "rc5-cbc", "blowfish", "cast-cbc",
     "aes-128-cbc", "aes-192-cbc", "aes-256-cbc",
@@ -570,7 +570,7 @@ static int run_benchmark(int async_jobs, int (*loop_function) (void *),
 
 static unsigned int testnum;
 
-static char *evp_mac_mdname = "md5";
+static char *evp_mac_mdname = "sha256";
 static char *evp_hmac_name = NULL;
 static const char *evp_md_name = NULL;
 static char *evp_mac_ciphername = "aes-128-cbc";
@@ -2544,7 +2544,7 @@ int speed_main(int argc, char **argv)
                 goto end;
 
             if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params))
-                goto skip_hmac; /* Digest not found */
+                goto end; /* Digest not found */
         }
         for (testnum = 0; testnum < size_num; testnum++) {
             print_message(names[D_HMAC], lengths[testnum], seconds.sym);
@@ -2560,7 +2560,7 @@ int speed_main(int argc, char **argv)
         EVP_MAC_free(mac);
         mac = NULL;
     }
-skip_hmac:
+
     if (doit[D_CBC_DES]) {
         int st = 1;