Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

EVP_SignFinal dramatically slow

80 views
Skip to first unread message

armstrong

unread,
Oct 3, 2009, 12:57:33 PM10/3/09
to

Hi
Is someone here can help me? I am using "EVP Public Key Interface" to
sign and verify some digital signatures. And i find the call to
"EVP_SignFinal" is very slow.

In the test, RSA1024-SHA1 was used, the call to "EVP_SignFinal"
consuming almost 0.19~0.2 second.

In contrast to the openssl benchmark(i.e openssl speed rsa1024),
the benchmark reports 'rsa 1024 bit' sign operation only take
0.002s(approximate) on my computer. This result is close to my call to
RSA_sign directly.

And now, i am puzzling at the big difference of the two method( EVP
interface and direct sign/verify API).Though i estimated that EVP interface
will slower than directly sign/ verify , such big difference amazing me.

Is there something wrong with EVP_SignFinal? Or the code call the
EVP_SignFinal misused?

following is the code i got from Internet, which call the
EVP_SignFinal

void
sign_data_evp(EVP_PKEY *key,
FILE *data_file,
FILE *signature_file)
{
unsigned char *data;
int data_len;

unsigned char *sig;
int sig_len;
int rv;

LARGE_INTEGER start, finish, tmp;
double duration, secondsPerTick; //some variables used to count
time elapsed


EVP_MD_CTX *ctx = EVP_MD_CTX_create();
sig = malloc(EVP_PKEY_size(key));
sig_len = EVP_PKEY_size(key);

rv = EVP_SignInit(ctx, EVP_sha1());
check_ssl_rv("EVP_SignInit", rv, 1);

data = malloc(102400);

data_len = fread(data, 1, 102400, data_file);
while (data_len > 0) {
rv = EVP_SignUpdate(ctx, data, data_len);
check_ssl_rv("EVP_SignUpdate", rv, 1);
data_len = fread(data, 1, 102400, data_file);
}

// start to count
QueryPerformanceFrequency( &tmp );
secondsPerTick = 1.0 / tmp.QuadPart;
QueryPerformanceCounter( &start );


rv = EVP_SignFinal(ctx, sig, &sig_len, key); //the time of call i
am intreresting

QueryPerformanceCounter( &finish ); // finish the count time
elapsed
duration = secondsPerTick * (finish.QuadPart - start.QuadPart);
printf( "%f seconds\n", duration );


check_ssl_rv("EVP_SignFinal", rv, 1);

if (sig_len > 0) {
fwrite(sig, sig_len, 1, signature_file);
}

EVP_MD_CTX_destroy(ctx);
free(sig);
free(data);
}
By the way, my platform is Windows XP with Openssl library, the data file
to be signed contain 1024 bit, using RSA1024-SHA1
i wish someone could help me. Any tips will be appreciated!

Miaohua

2009-10-4
--
View this message in context: http://www.nabble.com/EVP_SignFinal---dramatically-slow-tp25730650p25730650.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List opens...@openssl.org
Automated List Manager majo...@openssl.org

Kirk81

unread,
Oct 8, 2009, 6:57:31 AM10/8/09
to

Generally the interface is a bit slower than the common API functions. But to
be honest I cannot understand this big difference. I'm gonna try both
implementations and I'll let you know.

--
View this message in context: http://www.nabble.com/EVP_SignFinal---dramatically-slow-tp25730650p25801898.html

Kirk81

unread,
Oct 20, 2009, 4:56:04 PM10/20/09
to

Hello,

I've tried to use the function that u suggest but in fact I also have
strange value. are they seconds [s] or milliseconds [ms]? Why don't u try to
the CPU ticks instead?

If u have an intel single core processor u simply use the follow function:

LARGE_INTEGER RetrieveCPUTicks() {
LARGE_INTEGER ticks;
__asm {
rdtsc
mov ticks.LowPart, eax
mov ticks.HighPart, edx
}

return ticks;
}

LARGE_INTEGER Ticks, StartT, StopT; // CPU-Ticks

StartT = RetrieveCPUTicks();

// the function to benchmark

StopT = RetrieveCPUTicks();

Ticks.QuadPart = StopT.QuadPart - StartT.QuadPart;
printf(" --> CPU-Ticks.Low = %d\n", (Ticks.LowPart/100));

Now u can easily divide the #of Ticks for the frequency of your processor
and u get the [s] that passed.

--
View this message in context: http://www.nabble.com/EVP_SignFinal---dramatically-slow-tp25730650p25982390.html

Kirk81

unread,
Oct 28, 2009, 11:44:10 AM10/28/09
to


armstrong wrote:
>
> Hi
> Is someone here can help me? I am using "EVP Public Key Interface" to
> sign and verify some digital signatures. And i find the call to
> "EVP_SignFinal" is very slow.
>
> In the test, RSA1024-SHA1 was used, the call to "EVP_SignFinal"
> consuming almost 0.19~0.2 second.
>
> In contrast to the openssl benchmark(i.e openssl speed rsa1024), the
> benchmark reports 'rsa 1024 bit' sign operation only take
> 0.002s(approximate) on my computer. This result is close to my call to
> RSA_sign directly.
>

Hi,

I've created a RSA application for MVS: RSA-1024 with SHA56 using the native
functions (RSA_sign, SHA256, ...). Here u can find the code:

http://www.nabble.com/file/p26096986/rsa.cpp rsa.cpp

With an IA-32 Pentium M 1.5 GHz, I'm in the order of microseconds:
- signature: 3.6 ms
- verify: 0.19 ms

Now you can try the EVP interface.

Kirk

--
View this message in context: http://www.nabble.com/EVP_SignFinal---dramatically-slow-tp25730650p26096986.html

0 new messages