Re: [openssl-users] i2d_PKCS7_bio() very slow for large file when reading in memory

Tue, 26 Apr 2016 22:14:48 -0700 

On 23/04/2016 03:57, Jan Kohnert wrote:


Hello,

this is my very first post on this list, so thanks for letting me in. :)


I have question regarding i2d_PKCS7_bio() in Version 1.0.1c, 1.0.2g 
and maybe


newer versions.

The code looks as follows (all error checking and other stuff removed

for reading purposes):

----------------------------------

// init, keys, certs, stuff...

// read file

BIO *bioCryptedData = NULL;

bioCryptedData = BIO_new_file( dataFile, "r" );

// infile DER to internal format

PKCS7 *cryptData = NULL;

d2i_PKCS7_bio( bioCryptedData, &cryptData );

// decrypt

BIO *bioSignedData = NULL;

bioSignedData = BIO_new( BIO_s_mem() );

PKCS7_decrypt(cryptData, m_PKey, NULL, bioSignedData, NULL);

// sigfile DER to internal format

PKCS7 *signedData = NULL;

d2i_PKCS7_bio( bioSignedData, &signedData );

// verify

BIO *bioClearText = NULL;

bioClearText = BIO_new_file( clearFile, "w" ) );

PKCS7_verify(signedData, NULL, m_VeriStore, NULL, bioClearText, NULL);

// do stuff with the decrypted file, close bio's etc...

----------------------------------

My problem occurs in the second call of d2i_PKCS7_bio() within memory:

while the entire rest of the code runs in seconds even for larger

(>60MB; >150MB) files, this single line takes about 10min for a 65MB

file. Basically I see one difference between the first and the second

call: the first call reads from a file-BIO, the second from a

memory-BIO. But could that one difference slow things down *that* much?

Or am I missing something obvious? I really don't want to save the

signed file, since I only need the verified one.



Just to get a more relevant speed comparison, since the two
calls are parsing very different data, could you try the
test again going via a file, just to double check the
following:

1. Does parsing the same data also take 10 minutes when
  from a file?

2. Is the signed data encoded in some inefficient way (such
  as indefinite or chunked BER), which may slow down the
  BER/DER parser?

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users






















					Reply via email to