EVP_SignFinal dramatically slow

[armstrong]

Hi
    Is someone here can help me?  I am using "EVP Public Key Interface" to
sign and verify some digital signatures. And i find the call to
"EVP_SignFinal" is very slow.

    In the test, RSA1024-SHA1 was used,   the call to "EVP_SignFinal"
consuming almost 0.19~0.2 second. 

    In contrast to the openssl benchmark(i.e openssl   speed   rsa1024), 
the benchmark reports  'rsa 1024 bit' sign operation only take
0.002s(approximate) on my computer.   This result is close to my call to
RSA_sign directly.

    And now, i am puzzling at the big difference of the two method( EVP
interface and direct sign/verify API).Though i estimated that EVP interface
will slower than  directly sign/ verify , such big difference amazing me.

     Is there something wrong with EVP_SignFinal?  Or the code call the
EVP_SignFinal misused?

     following is the code i got from Internet, which call the 
EVP_SignFinal 

void
sign_data_evp(EVP_PKEY *key,
              FILE *data_file,
              FILE *signature_file)
{
     unsigned char *data;
     int data_len;

     unsigned char *sig;
     int sig_len;
     int rv;

     LARGE_INTEGER start, finish, tmp;
     double  duration, secondsPerTick;        //some variables used to count
time elapsed


     EVP_MD_CTX *ctx = EVP_MD_CTX_create();
     sig = malloc(EVP_PKEY_size(key));
     sig_len = EVP_PKEY_size(key);

     rv = EVP_SignInit(ctx, EVP_sha1());
     check_ssl_rv("EVP_SignInit", rv, 1);

     data = malloc(102400);

     data_len = fread(data, 1, 102400, data_file);
     while (data_len > 0) {
          rv = EVP_SignUpdate(ctx, data, data_len);
          check_ssl_rv("EVP_SignUpdate", rv, 1);
          data_len = fread(data, 1, 102400, data_file);
     }

       // start to count
     QueryPerformanceFrequency( &tmp );
     secondsPerTick = 1.0 / tmp.QuadPart;
     QueryPerformanceCounter( &start );


     rv = EVP_SignFinal(ctx, sig, &sig_len,  key);    //the time of call i
am intreresting

      QueryPerformanceCounter( &finish );    // finish the count time
elapsed
     duration = secondsPerTick * (finish.QuadPart - start.QuadPart);
     printf( "%f seconds\n", duration );         


     check_ssl_rv("EVP_SignFinal", rv, 1);

     if (sig_len > 0) {
          fwrite(sig, sig_len, 1, signature_file);
     }

     EVP_MD_CTX_destroy(ctx);
     free(sig);
     free(data);
}
By the way,  my platform is Windows XP with Openssl library, the data file
to be signed contain 1024 bit, using RSA1024-SHA1 
      i wish someone could help me. Any tips will be appreciated!
                                                                                
                                                
Miaohua
                                                                                
                                           
2009-10-4
-- 
View this message in context: 
http://www.nabble.com/EVP_SignFinal---dramatically-slow-tp25730650p25730650.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org