From 7b39332f3fa61e7d1c2ff6b998177001597b2880 Mon Sep 17 00:00:00 2001 From: Andrew Hopkins Date: Fri, 7 Feb 2025 15:27:59 -0800 Subject: [PATCH] Update benchmark to skip chunk sizes that doesn't work with the algorithm (#2146) ### Description of changes: AES XTS requires at least 16 bytes of input, all other algorithms support 1 or more bytes. This change also updates the remaining algorithm benchmarks to support any sized chunks. ### Testing: Updated run_benchmark_build_tests.sh to test every libcrypto benchmark with 1 to 20,000 bytes. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license. --- tests/ci/run_benchmark_build_tests.sh | 20 +++++++------- tool/speed.cc | 38 ++++++++++++--------------- 2 files changed, 27 insertions(+), 31 deletions(-) diff --git a/tests/ci/run_benchmark_build_tests.sh b/tests/ci/run_benchmark_build_tests.sh index 7af958914f..3ad3e5f4fe 100755 --- a/tests/ci/run_benchmark_build_tests.sh +++ b/tests/ci/run_benchmark_build_tests.sh @@ -71,7 +71,7 @@ function build_boringssl { # has changes in speed.cc that could affect the comparison of the FIPS to non-FIPS, or if new # algorithms have been added to speed.cc build_aws_lc_fips -"${BUILD_ROOT}/tool/bssl" speed -timeout_ms 10 +"${BUILD_ROOT}/tool/bssl" speed -timeout_ms 10 -chunks 1,2,16,256,20000 build_aws_lc_branch fips-2021-10-20 build_aws_lc_branch fips-2022-11-02 @@ -94,15 +94,15 @@ open32:${install_dir}/openssl-${openssl_3_2_branch};\ openmaster:${install_dir}/openssl-${openssl_master_branch};\ boringssl:${install_dir}/boringssl;" -LD_LIBRARY_PATH="${install_dir}/aws-lc-fips-2021-10-20/lib" "${BUILD_ROOT}/tool/aws-lc-fips-2021" -timeout_ms 10 -LD_LIBRARY_PATH="${install_dir}/aws-lc-fips-2022-11-02/lib" "${BUILD_ROOT}/tool/aws-lc-fips-2022" -timeout_ms 10 -LD_LIBRARY_PATH="${install_dir}/aws-lc-fips-2024-09-27/lib" "${BUILD_ROOT}/tool/aws-lc-fips-2022" -timeout_ms 10 -LD_LIBRARY_PATH="${install_dir}/openssl-${openssl_1_0_2_branch}/lib" "${BUILD_ROOT}/tool/open102" -timeout_ms 10 -LD_LIBRARY_PATH="${install_dir}/openssl-${openssl_1_1_1_branch}/lib" "${BUILD_ROOT}/tool/open111" -timeout_ms 10 -LD_LIBRARY_PATH="${install_dir}/openssl-${openssl_3_1_branch}/lib64" "${BUILD_ROOT}/tool/open31" -timeout_ms 10 -LD_LIBRARY_PATH="${install_dir}/openssl-${openssl_3_2_branch}/lib64" "${BUILD_ROOT}/tool/open32" -timeout_ms 10 -LD_LIBRARY_PATH="${install_dir}/openssl-${openssl_master_branch}/lib64" "${BUILD_ROOT}/tool/openmaster" -timeout_ms 10 -LD_LIBRARY_PATH="${install_dir}/boringssl" "${BUILD_ROOT}/tool/boringssl" -timeout_ms 10 +LD_LIBRARY_PATH="${install_dir}/aws-lc-fips-2021-10-20/lib" "${BUILD_ROOT}/tool/aws-lc-fips-2021" -timeout_ms 10 -chunks 1,2,16,256,20000 +LD_LIBRARY_PATH="${install_dir}/aws-lc-fips-2022-11-02/lib" "${BUILD_ROOT}/tool/aws-lc-fips-2022" -timeout_ms 10 -chunks 1,2,16,256,20000 +LD_LIBRARY_PATH="${install_dir}/aws-lc-fips-2024-09-27/lib" "${BUILD_ROOT}/tool/aws-lc-fips-2022" -timeout_ms 10 -chunks 1,2,16,256,20000 +LD_LIBRARY_PATH="${install_dir}/openssl-${openssl_1_0_2_branch}/lib" "${BUILD_ROOT}/tool/open102" -timeout_ms 10 -chunks 1,2,16,256,20000 +LD_LIBRARY_PATH="${install_dir}/openssl-${openssl_1_1_1_branch}/lib" "${BUILD_ROOT}/tool/open111" -timeout_ms 10 -chunks 1,2,16,256,20000 +LD_LIBRARY_PATH="${install_dir}/openssl-${openssl_3_1_branch}/lib64" "${BUILD_ROOT}/tool/open31" -timeout_ms 10 -chunks 1,2,16,256,20000 +LD_LIBRARY_PATH="${install_dir}/openssl-${openssl_3_2_branch}/lib64" "${BUILD_ROOT}/tool/open32" -timeout_ms 10 -chunks 1,2,16,256,20000 +LD_LIBRARY_PATH="${install_dir}/openssl-${openssl_master_branch}/lib64" "${BUILD_ROOT}/tool/openmaster" -timeout_ms 10 -chunks 1,2,16,256,20000 +LD_LIBRARY_PATH="${install_dir}/boringssl" "${BUILD_ROOT}/tool/boringssl" -timeout_ms 10 -chunks 1,2,16,256,20000 echo "Testing ossl_bm with OpenSSL 1.0 with the legacy build option" run_build -DOPENSSL_1_0_INSTALL_DIR="${install_dir}/openssl-${openssl_1_0_2_branch}" -DASAN=1 -DCMAKE_BUILD_TYPE=RelWithDebInfo diff --git a/tool/speed.cc b/tool/speed.cc index 0b0176b8bd..051b11b3e6 100644 --- a/tool/speed.cc +++ b/tool/speed.cc @@ -1048,6 +1048,10 @@ static bool SpeedAES256XTS(const std::string &name, //const size_t in_len, // Benchmark initialisation and encryption for (size_t in_len : g_chunk_lengths) { + if (in_len < AES_BLOCK_SIZE) { + // AES-XTS requires encrypting at least the block size + continue; + } in.resize(in_len); out.resize(in_len); std::fill(in.begin(), in.end(), 0x5a); @@ -1080,6 +1084,10 @@ static bool SpeedAES256XTS(const std::string &name, //const size_t in_len, results.Print(name + " decrypt init"); for (size_t in_len : g_chunk_lengths) { + if (in_len < AES_BLOCK_SIZE) { + // AES-XTS requires decrypting at least the block size + continue; + } in.resize(in_len); out.resize(in_len); std::fill(in.begin(), in.end(), 0x5a); @@ -1156,25 +1164,21 @@ static bool SpeedHmacChunk(const EVP_MD *md, std::string name, #else BM_NAMESPACE::UniquePtr ctx(HMAC_CTX_new()); #endif - uint8_t scratch[16384]; + std::unique_ptr input(new uint8_t[chunk_len]); const size_t key_len = EVP_MD_size(md); std::unique_ptr key(new uint8_t[key_len]); BM_memset(key.get(), 0, key_len); - if (chunk_len > sizeof(scratch)) { - return false; - } - if (!HMAC_Init_ex(ctx.get(), key.get(), key_len, md, NULL /* ENGINE */)) { fprintf(stderr, "Failed to create HMAC_CTX.\n"); } TimeResults results; - if (!TimeFunction(&results, [&ctx, chunk_len, &scratch]() -> bool { + if (!TimeFunction(&results, [&ctx, chunk_len, &input]() -> bool { uint8_t digest[EVP_MAX_MD_SIZE]; unsigned int md_len; return HMAC_Init_ex(ctx.get(), NULL, 0, NULL, NULL) && - HMAC_Update(ctx.get(), scratch, chunk_len) && + HMAC_Update(ctx.get(), input.get(), chunk_len) && HMAC_Final(ctx.get(), digest, &md_len); })) { fprintf(stderr, "HMAC_Final failed.\n"); @@ -1221,22 +1225,19 @@ static bool SpeedHmac(const EVP_MD *md, const std::string &name, static bool SpeedHmacChunkOneShot(const EVP_MD *md, std::string name, size_t chunk_len) { - uint8_t scratch[16384]; + std::unique_ptr input(new uint8_t[chunk_len]); const size_t key_len = EVP_MD_size(md); std::unique_ptr key(new uint8_t[key_len]); BM_memset(key.get(), 0, key_len); - if (chunk_len > sizeof(scratch)) { - return false; - } TimeResults results; - if (!TimeFunction(&results, [&key, key_len, md, chunk_len, &scratch]() -> bool { + if (!TimeFunction(&results, [&key, key_len, md, chunk_len, &input]() -> bool { uint8_t digest[EVP_MAX_MD_SIZE] = {0}; unsigned int md_len = EVP_MAX_MD_SIZE; - return HMAC(md, key.get(), key_len, scratch, chunk_len, digest, &md_len) != nullptr; + return HMAC(md, key.get(), key_len, input.get(), chunk_len, digest, &md_len) != nullptr; })) { fprintf(stderr, "HMAC_Final failed.\n"); ERR_print_errors_fp(stderr); @@ -1262,19 +1263,14 @@ static bool SpeedHmacOneShot(const EVP_MD *md, const std::string &name, return true; } -const size_t SCRATCH_SIZE = 16384; using RandomFunction = std::function; static bool SpeedRandomChunk(RandomFunction function, std::string name, size_t chunk_len) { - std::unique_ptr scratch(new uint8_t[SCRATCH_SIZE]); - - if (chunk_len > SCRATCH_SIZE) { - return false; - } + std::unique_ptr output(new uint8_t[chunk_len]); TimeResults results; - if (!TimeFunction(&results, [chunk_len, &scratch, &function]() -> bool { - function(scratch.get(), chunk_len); + if (!TimeFunction(&results, [chunk_len, &output, &function]() -> bool { + function(output.get(), chunk_len); return true; })) { return false;