From 7bee853d18686a1fd792da04f5279a937ec9ee3d Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 19 Aug 2016 15:11:20 -1000 Subject: [PATCH] Include |BN_MONT_CTX| construction in RSA verification speed test. Change-Id: I30d6560156bedeac781b12c16a65cfede7891bb7 Reviewed-on: https://boringssl-review.googlesource.com/10522 Reviewed-by: Adam Langley Commit-Queue: Adam Langley CQ-Verified: CQ bot account: commit-bot@chromium.org --- tool/speed.cc | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tool/speed.cc b/tool/speed.cc index 5b079214..780a7ea1 100644 --- a/tool/speed.cc +++ b/tool/speed.cc @@ -147,6 +147,9 @@ static bool SpeedRSA(const std::string &key_name, RSA *key, TimeResults results; if (!TimeFunction(&results, [key, &sig, &fake_sha256_hash, &sig_len]() -> bool { + /* Usually during RSA signing we're using a long-lived |RSA| that has + * already had all of its |BN_MONT_CTX|s constructed, so it makes + * sense to use |key| directly here. */ return RSA_sign(NID_sha256, fake_sha256_hash, sizeof(fake_sha256_hash), sig.get(), &sig_len, key); })) { @@ -158,6 +161,21 @@ static bool SpeedRSA(const std::string &key_name, RSA *key, if (!TimeFunction(&results, [key, &fake_sha256_hash, &sig, sig_len]() -> bool { + /* Usually during RSA verification we have to parse an RSA key from a + * certificate or similar, in which case we'd need to construct a new + * RSA key, with a new |BN_MONT_CTX| for the public modulus. If we were + * to use |key| directly instead, then these costs wouldn't be + * accounted for. */ + ScopedRSA verify_key(RSA_new()); + if (!verify_key) { + return false; + } + verify_key->n = BN_dup(key->n); + verify_key->e = BN_dup(key->e); + if (!verify_key->n || + !verify_key->e) { + return false; + } return RSA_verify(NID_sha256, fake_sha256_hash, sizeof(fake_sha256_hash), sig.get(), sig_len, key); })) {