X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fspeed.c;h=50a110df041831d126a3f131687190064d8476ca;hp=d9dd1b65d72a52378c19d3bb64bb37a0397b6f62;hb=9dd84053419aa220b5e66a5f9fcf809dbd6d9369;hpb=95de3d204f7b28c88172c58fa4905583b05da4bb

diff --git a/apps/speed.c b/apps/speed.c
index d9dd1b65d7..50a110df04 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -88,7 +88,7 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include <signal.h>
+
 #include <string.h>
 #include <math.h>
 #include "apps.h"
@@ -104,6 +104,10 @@
 #include OPENSSL_UNISTD
 #endif
 
+#ifndef OPENSSL_SYS_NETWARE
+#include <signal.h>
+#endif
+
 #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX)
 # define USE_TOD
 #elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
@@ -113,6 +117,12 @@
 # define TIMEB
 #endif
 
+#if defined(OPENSSL_SYS_NETWARE)
+#undef TIMES
+#undef TIMEB
+#include <time.h>
+#endif
+
 #ifndef _IRIX
 # include <time.h>
 #endif
@@ -137,7 +147,7 @@
 #include <sys/timeb.h>
 #endif
 
-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS)
+#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
 #error "It seems neither struct tms nor struct timeb is supported in this platform!"
 #endif
 
@@ -147,6 +157,7 @@
 #include <sys/param.h>
 #endif
 
+#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DES
 #include <openssl/des.h>
 #endif
@@ -199,6 +210,7 @@
 #endif
 #include <openssl/x509.h>
 #ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
 #include "./testdsa.h"
 #endif
 #ifndef OPENSSL_NO_ECDSA
@@ -236,7 +248,7 @@
 # endif
 #endif
 
-#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2)
+#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE)
 # define HAVE_FORK 1
 #endif
 
@@ -250,13 +262,14 @@ static int usertime=1;
 
 static double Time_F(int s);
 static void print_message(const char *s,long num,int length);
-static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
+static void pkey_print_message(const char *str, const char *str2,
+	long num, int bits, int sec);
 static void print_result(int alg,int run_no,int count,double time_used);
 #ifdef HAVE_FORK
 static int do_multi(int multi);
 #endif
 
-#define ALGOR_NUM	19
+#define ALGOR_NUM	21
 #define SIZE_NUM	5
 #define RSA_NUM		4
 #define DSA_NUM		3
@@ -268,7 +281,7 @@ static const char *names[ALGOR_NUM]={
   "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
   "des cbc","des ede3","idea cbc",
   "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
-  "aes-128 cbc","aes-192 cbc","aes-256 cbc"};
+  "aes-128 cbc","aes-192 cbc","aes-256 cbc","evp","sha256","sha512"};
 static double results[ALGOR_NUM][SIZE_NUM];
 static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
 static double rsa_results[RSA_NUM][2];
@@ -298,6 +311,32 @@ static SIGRETTYPE sig_done(int sig)
 #define START	0
 #define STOP	1
 
+#if defined(OPENSSL_SYS_NETWARE)
+
+   /* for NetWare the best we can do is use clock() which returns the
+    * time, in hundredths of a second, since the NLM began executing
+   */
+static double Time_F(int s)
+	{
+	double ret;
+
+   static clock_t tstart,tend;
+
+   if (s == START)
+   {
+      tstart=clock();
+      return(0);
+   }
+   else
+   {
+      tend=clock();
+      ret=(double)((double)(tend)-(double)(tstart));
+      return((ret < 0.001)?0.001:ret);
+   }
+   }
+
+#else
+
 static double Time_F(int s)
 	{
 	double ret;
@@ -406,14 +445,17 @@ static double Time_F(int s)
 # endif
 #endif
 	}
+#endif /* if defined(OPENSSL_SYS_NETWARE) */
 
 
 static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(void *in, size_t inlen, void *out, size_t outlen)
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
 	{
 #ifndef OPENSSL_NO_SHA
-	if (outlen != SHA_DIGEST_LENGTH)
+	if (*outlen < SHA_DIGEST_LENGTH)
 		return NULL;
+	else
+		*outlen = SHA_DIGEST_LENGTH;
 	return SHA1(in, inlen, out);
 #else
 	return NULL;
@@ -454,6 +496,8 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_SHA
 	unsigned char sha[SHA_DIGEST_LENGTH];
+	unsigned char sha256[SHA256_DIGEST_LENGTH];
+	unsigned char sha512[SHA512_DIGEST_LENGTH];
 #endif
 #ifndef OPENSSL_NO_RIPEMD
 	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
@@ -526,6 +570,8 @@ int MAIN(int argc, char **argv)
 #define D_CBC_192_AES	16
 #define D_CBC_256_AES	17
 #define D_EVP		18
+#define D_SHA256	19
+#define D_SHA512	20
 	double d=0.0;
 	long c[ALGOR_NUM][SIZE_NUM];
 #define	R_DSA_512	0
@@ -595,7 +641,7 @@ int MAIN(int argc, char **argv)
 	NID_sect409r1,
 	NID_sect571r1
 	}; 
-	static char * test_curves_names[EC_NUM] = 
+	static const char * test_curves_names[EC_NUM] = 
 	{
 	/* Prime Curves */
 	"secp160r1",
@@ -626,19 +672,19 @@ int MAIN(int argc, char **argv)
 #endif
 
 #ifndef OPENSSL_NO_ECDSA
-        unsigned char ecdsasig[256];
-        unsigned int ecdsasiglen;
-        EC_KEY *ecdsa[EC_NUM];
-        long ecdsa_c[EC_NUM][2];
+	unsigned char ecdsasig[256];
+	unsigned int ecdsasiglen;
+	EC_KEY *ecdsa[EC_NUM];
+	long ecdsa_c[EC_NUM][2];
 #endif
 
 #ifndef OPENSSL_NO_ECDH
-        EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
-        unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
-        int secret_size_a, secret_size_b;
-        int ecdh_checks = 0;
-        int secret_idx = 0;
-        long ecdh_c[EC_NUM][2];
+	EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
+	unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
+	int secret_size_a, secret_size_b;
+	int ecdh_checks = 0;
+	int secret_idx = 0;
+	long ecdh_c[EC_NUM][2];
 #endif
 
 	int rsa_doit[RSA_NUM];
@@ -828,7 +874,13 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_SHA
 			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
 		else
-			if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
+			if (strcmp(*argv,"sha") == 0)	doit[D_SHA1]=1,
+							doit[D_SHA256]=1,
+							doit[D_SHA512]=1;
+		else
+			if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;
+		else
+			if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1;
 		else
 #endif
 #ifndef OPENSSL_NO_RIPEMD
@@ -939,11 +991,13 @@ int MAIN(int argc, char **argv)
 			{
 			dsa_doit[R_DSA_512]=1;
 			dsa_doit[R_DSA_1024]=1;
+			dsa_doit[R_DSA_2048]=1;
 			}
 		else
 #endif
 #ifndef OPENSSL_NO_ECDSA
 		     if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
+		else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2;
 		else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
 		else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
 		else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
@@ -967,6 +1021,7 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_ECDH
 		     if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
+		else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2;
 		else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
 		else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
 		else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
@@ -1009,6 +1064,8 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_SHA1
 			BIO_printf(bio_err,"sha1     ");
+			BIO_printf(bio_err,"sha256  ");
+			BIO_printf(bio_err,"sha512  ");
 #endif
 #ifndef OPENSSL_NO_RIPEMD160
 			BIO_printf(bio_err,"rmd160");
@@ -1054,13 +1111,13 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
 #endif
 #ifndef OPENSSL_NO_ECDSA
-			BIO_printf(bio_err,"ecdsap160 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
+			BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
 			BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
 			BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
 			BIO_printf(bio_err,"ecdsa\n");
 #endif
 #ifndef OPENSSL_NO_ECDH
-			BIO_printf(bio_err,"ecdhp160  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
+			BIO_printf(bio_err,"ecdhp160  ecdhp192  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
 			BIO_printf(bio_err,"ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
 			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
 			BIO_printf(bio_err,"ecdh\n");
@@ -1206,10 +1263,10 @@ int MAIN(int argc, char **argv)
 	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
 	count=10;
 	do	{
-		long i;
+		long it;
 		count*=2;
 		Time_F(START);
-		for (i=count; i; i--)
+		for (it=count; it; it--)
 			DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
 				&sch,DES_ENCRYPT);
 		d=Time_F(STOP);
@@ -1233,6 +1290,8 @@ int MAIN(int argc, char **argv)
 	c[D_CBC_128_AES][0]=count;
 	c[D_CBC_192_AES][0]=count;
 	c[D_CBC_256_AES][0]=count;
+	c[D_SHA256][0]=count;
+	c[D_SHA512][0]=count;
 
 	for (i=1; i<SIZE_NUM; i++)
 		{
@@ -1243,6 +1302,8 @@ int MAIN(int argc, char **argv)
 		c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
 		c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
 		c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
+		c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i];
+		c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i];
 		}
 	for (i=1; i<SIZE_NUM; i++)
 		{
@@ -1305,7 +1366,7 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ECDSA
 	ecdsa_c[R_EC_P160][0]=count/1000;
 	ecdsa_c[R_EC_P160][1]=count/1000/2;
-	for (i=R_EC_P224; i<=R_EC_P521; i++)
+	for (i=R_EC_P192; i<=R_EC_P521; i++)
 		{
 		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
 		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
@@ -1359,7 +1420,7 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_ECDH
 	ecdh_c[R_EC_P160][0]=count/1000;
 	ecdh_c[R_EC_P160][1]=count/1000;
-	for (i=R_EC_P224; i<=R_EC_P521; i++)
+	for (i=R_EC_P192; i<=R_EC_P521; i++)
 		{
 		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
 		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
@@ -1519,6 +1580,37 @@ int MAIN(int argc, char **argv)
 			print_result(D_SHA1,j,count,d);
 			}
 		}
+
+#ifndef OPENSSL_NO_SHA256
+	if (doit[D_SHA256])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_SHA256][j]); count++)
+				SHA256(buf,lengths[j],sha256);
+			d=Time_F(STOP);
+			print_result(D_SHA256,j,count,d);
+			}
+		}
+#endif
+
+#ifndef OPENSSL_NO_SHA512
+	if (doit[D_SHA512])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_SHA512][j]); count++)
+				SHA512(buf,lengths[j],sha512);
+			d=Time_F(STOP);
+			print_result(D_SHA512,j,count,d);
+			}
+		}
+#endif
+
 #endif
 #ifndef OPENSSL_NO_RIPEMD
 	if (doit[D_RMD160])
@@ -1726,6 +1818,7 @@ int MAIN(int argc, char **argv)
 					EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
 				else
 					EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+				EVP_CIPHER_CTX_set_padding(&ctx, 0);
 
 				Time_F(START);
 				if(decrypt)
@@ -1947,7 +2040,7 @@ int MAIN(int argc, char **argv)
 		int ret;
 
 		if (!ecdsa_doit[j]) continue; /* Ignore Curve */ 
-		ecdsa[j] = EC_KEY_new();
+		ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);
 		if (ecdsa[j] == NULL) 
 			{
 			BIO_printf(bio_err,"ECDSA failure.\n");
@@ -1956,100 +2049,89 @@ int MAIN(int argc, char **argv)
 			} 
 		else 
 			{
-			ecdsa[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
-			/* Could not obtain group information */
-			if (ecdsa[j]->group == NULL) 
+#if 1
+			EC_KEY_precompute_mult(ecdsa[j], NULL);
+#endif
+			/* Perform ECDSA signature test */
+			EC_KEY_generate_key(ecdsa[j]);
+			ret = ECDSA_sign(0, buf, 20, ecdsasig, 
+				&ecdsasiglen, ecdsa[j]);
+			if (ret == 0) 
 				{
-				BIO_printf(bio_err,"ECDSA failure.Could not obtain group information\n");
+				BIO_printf(bio_err,"ECDSA sign failure.  No ECDSA sign will be done.\n");
 				ERR_print_errors(bio_err);
 				rsa_count=1;
 				} 
 			else 
 				{
-#if 1
-				EC_GROUP_precompute_mult(ecdsa[j]->group, NULL);
-#endif
-				/* Perform ECDSA signature test */
-				EC_KEY_generate_key(ecdsa[j]);
-				ret = ECDSA_sign(0, buf, 20, ecdsasig, 
-					&ecdsasiglen, ecdsa[j]);
-				if (ret == 0) 
-					{
-					BIO_printf(bio_err,"ECDSA sign failure.  No ECDSA sign will be done.\n");
-					ERR_print_errors(bio_err);
-					rsa_count=1;
-					} 
-				else 
+				pkey_print_message("sign","ecdsa",
+					ecdsa_c[j][0], 
+					test_curves_bits[j],
+					ECDSA_SECONDS);
+
+				Time_F(START);
+				for (count=0,run=1; COND(ecdsa_c[j][0]);
+					count++) 
 					{
-					pkey_print_message("sign","ecdsa",
-						ecdsa_c[j][0], 
-						test_curves_bits[j],
-						ECDSA_SECONDS);
-
-					Time_F(START);
-					for (count=0,run=1; COND(ecdsa_c[j][0]);
-						count++) 
+					ret=ECDSA_sign(0, buf, 20, 
+						ecdsasig, &ecdsasiglen,
+						ecdsa[j]);
+					if (ret == 0) 
 						{
-						ret=ECDSA_sign(0, buf, 20, 
-							ecdsasig, &ecdsasiglen,
-							ecdsa[j]);
-						if (ret == 0) 
-							{
-							BIO_printf(bio_err, "ECDSA sign failure\n");
-							ERR_print_errors(bio_err);
-							count=1;
-							break;
-							}
+						BIO_printf(bio_err, "ECDSA sign failure\n");
+						ERR_print_errors(bio_err);
+						count=1;
+						break;
 						}
-						d=Time_F(STOP);
-
-						BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
-						"%ld %d bit ECDSA signs in %.2fs \n", 
-						count, test_curves_bits[j], d);
-						ecdsa_results[j][0]=d/(double)count;
-						rsa_count=count;
 					}
+				d=Time_F(STOP);
 
-				/* Perform ECDSA verification test */
-				ret=ECDSA_verify(0, buf, 20, ecdsasig, 
-					ecdsasiglen, ecdsa[j]);
-				if (ret != 1) 
-					{
-					BIO_printf(bio_err,"ECDSA verify failure.  No ECDSA verify will be done.\n");
-					ERR_print_errors(bio_err);
-					ecdsa_doit[j] = 0;
-					} 
-				else 
+				BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
+					"%ld %d bit ECDSA signs in %.2fs \n", 
+					count, test_curves_bits[j], d);
+				ecdsa_results[j][0]=d/(double)count;
+				rsa_count=count;
+				}
+
+			/* Perform ECDSA verification test */
+			ret=ECDSA_verify(0, buf, 20, ecdsasig, 
+				ecdsasiglen, ecdsa[j]);
+			if (ret != 1) 
+				{
+				BIO_printf(bio_err,"ECDSA verify failure.  No ECDSA verify will be done.\n");
+				ERR_print_errors(bio_err);
+				ecdsa_doit[j] = 0;
+				} 
+			else 
+				{
+				pkey_print_message("verify","ecdsa",
+				ecdsa_c[j][1],
+				test_curves_bits[j],
+				ECDSA_SECONDS);
+				Time_F(START);
+				for (count=0,run=1; COND(ecdsa_c[j][1]); count++) 
 					{
-					pkey_print_message("verify","ecdsa",
-					ecdsa_c[j][1],
-					test_curves_bits[j],
-					ECDSA_SECONDS);
-					Time_F(START);
-					for (count=0,run=1; COND(ecdsa_c[j][1]); count++) 
+					ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
+					if (ret != 1) 
 						{
-						ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
-						if (ret != 1) 
-							{
-							BIO_printf(bio_err, "ECDSA verify failure\n");
-							ERR_print_errors(bio_err);
-							count=1;
-							break;
-							}
+						BIO_printf(bio_err, "ECDSA verify failure\n");
+						ERR_print_errors(bio_err);
+						count=1;
+						break;
 						}
-						d=Time_F(STOP);
-						BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
-							: "%ld %d bit ECDSA verify in %.2fs\n",
-						count, test_curves_bits[j], d);
-						ecdsa_results[j][1]=d/(double)count;
 					}
+				d=Time_F(STOP);
+				BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
+						: "%ld %d bit ECDSA verify in %.2fs\n",
+				count, test_curves_bits[j], d);
+				ecdsa_results[j][1]=d/(double)count;
+				}
 
-				if (rsa_count <= 1) 
-					{
-					/* if longer than 10s, don't do any more */
-					for (j++; j<EC_NUM; j++)
-					ecdsa_doit[j]=0;
-					}
+			if (rsa_count <= 1) 
+				{
+				/* if longer than 10s, don't do any more */
+				for (j++; j<EC_NUM; j++)
+				ecdsa_doit[j]=0;
 				}
 			}
 		}
@@ -2065,8 +2147,8 @@ int MAIN(int argc, char **argv)
 	for (j=0; j<EC_NUM; j++)
 		{
 		if (!ecdh_doit[j]) continue;
-		ecdh_a[j] = EC_KEY_new();
-		ecdh_b[j] = EC_KEY_new();
+		ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+		ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);
 		if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
 			{
 			BIO_printf(bio_err,"ECDH failure.\n");
@@ -2075,90 +2157,79 @@ int MAIN(int argc, char **argv)
 			}
 		else
 			{
-			ecdh_a[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
-			if (ecdh_a[j]->group == NULL)
+			/* generate two ECDH key pairs */
+			if (!EC_KEY_generate_key(ecdh_a[j]) ||
+				!EC_KEY_generate_key(ecdh_b[j]))
 				{
-				BIO_printf(bio_err,"ECDH failure.\n");
+				BIO_printf(bio_err,"ECDH key generation failure.\n");
 				ERR_print_errors(bio_err);
-				rsa_count=1;
+				rsa_count=1;		
 				}
 			else
 				{
-				ecdh_b[j]->group = EC_GROUP_dup(ecdh_a[j]->group);
-
-				/* generate two ECDH key pairs */
-				if (!EC_KEY_generate_key(ecdh_a[j]) ||
-					!EC_KEY_generate_key(ecdh_b[j]))
+				/* If field size is not more than 24 octets, then use SHA-1 hash of result;
+				 * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
+				 */
+				int field_size, outlen;
+				void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen);
+				field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));
+				if (field_size <= 24 * 8)
 					{
-					BIO_printf(bio_err,"ECDH key generation failure.\n");
-					ERR_print_errors(bio_err);
-					rsa_count=1;		
+					outlen = KDF1_SHA1_len;
+					kdf = KDF1_SHA1;
 					}
 				else
 					{
-					/* If field size is not more than 24 octets, then use SHA-1 hash of result;
-					 * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
-					 */
-					int field_size, outlen;
-					void *(*kdf)(void *in, size_t inlen, void *out, size_t xoutlen);
-					field_size = EC_GROUP_get_degree(ecdh_a[j]->group);
-					if (field_size <= 24 * 8)
-						{
-						outlen = KDF1_SHA1_len;
-						kdf = KDF1_SHA1;
-						}
-					else
-						{
-						outlen = (field_size+7)/8;
-						kdf = NULL;
-						}
-					secret_size_a = ECDH_compute_key(secret_a, outlen,
-						ecdh_b[j]->pub_key,
-						ecdh_a[j], kdf);
-					secret_size_b = ECDH_compute_key(secret_b, outlen,
-						ecdh_a[j]->pub_key,
-						ecdh_b[j], kdf);
-					if (secret_size_a != secret_size_b) 
-						ecdh_checks = 0;
-					else
-						ecdh_checks = 1;
-
-					for (secret_idx = 0; 
-					    (secret_idx < secret_size_a)
-						&& (ecdh_checks == 1);
-					    secret_idx++)
-						{
-						if (secret_a[secret_idx] != secret_b[secret_idx])
-						ecdh_checks = 0;
-						}
+					outlen = (field_size+7)/8;
+					kdf = NULL;
+					}
+				secret_size_a = ECDH_compute_key(secret_a, outlen,
+					EC_KEY_get0_public_key(ecdh_b[j]),
+					ecdh_a[j], kdf);
+				secret_size_b = ECDH_compute_key(secret_b, outlen,
+					EC_KEY_get0_public_key(ecdh_a[j]),
+					ecdh_b[j], kdf);
+				if (secret_size_a != secret_size_b) 
+					ecdh_checks = 0;
+				else
+					ecdh_checks = 1;
 
-					if (ecdh_checks == 0)
-						{
-						BIO_printf(bio_err,"ECDH computations don't match.\n");
-						ERR_print_errors(bio_err);
-						rsa_count=1;		
-						}
+				for (secret_idx = 0; 
+				    (secret_idx < secret_size_a)
+					&& (ecdh_checks == 1);
+				    secret_idx++)
+					{
+					if (secret_a[secret_idx] != secret_b[secret_idx])
+					ecdh_checks = 0;
+					}
 
-					pkey_print_message("","ecdh",
-					ecdh_c[j][0], 
-					test_curves_bits[j],
-					ECDH_SECONDS);
-					Time_F(START);
-					for (count=0,run=1; COND(ecdh_c[j][0]); count++)
-						{
-						ECDH_compute_key(secret_a, outlen,
-						ecdh_b[j]->pub_key,
-						ecdh_a[j], kdf);
-						}
-					d=Time_F(STOP);
-					BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
-					count, test_curves_bits[j], d);
-					ecdh_results[j][0]=d/(double)count;
-					rsa_count=count;
+				if (ecdh_checks == 0)
+					{
+					BIO_printf(bio_err,"ECDH computations don't match.\n");
+					ERR_print_errors(bio_err);
+					rsa_count=1;		
 					}
+
+				pkey_print_message("","ecdh",
+				ecdh_c[j][0], 
+				test_curves_bits[j],
+				ECDH_SECONDS);
+				Time_F(START);
+				for (count=0,run=1; COND(ecdh_c[j][0]); count++)
+					{
+					ECDH_compute_key(secret_a, outlen,
+					EC_KEY_get0_public_key(ecdh_b[j]),
+					ecdh_a[j], kdf);
+					}
+				d=Time_F(STOP);
+				BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
+				count, test_curves_bits[j], d);
+				ecdh_results[j][0]=d/(double)count;
+				rsa_count=count;
 				}
 			}
 
+
 		if (rsa_count <= 1)
 			{
 			/* if longer than 10s, don't do any more */
@@ -2272,7 +2343,7 @@ show_res:
 				k,rsa_bits[k],rsa_results[k][0],
 				rsa_results[k][1]);
 		else
-			fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n",
+			fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
 				rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
 				1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
 		}
@@ -2291,7 +2362,7 @@ show_res:
 			fprintf(stdout,"+F3:%u:%u:%f:%f\n",
 				k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
 		else
-			fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n",
+			fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
 				dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
 				1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
 		}
@@ -2398,8 +2469,8 @@ static void print_message(const char *s, long num, int length)
 #endif
 	}
 
-static void pkey_print_message(char *str, char *str2, long num, int bits,
-	     int tm)
+static void pkey_print_message(const char *str, const char *str2, long num,
+	int bits, int tm)
 	{
 #ifdef SIGALRM
 	BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"