[openssl-users] i2d_PKCS7_bio() very slow for large file when reading in memory

Jan Kohnert nospam001-lists at jankoh.mooo.com
Sat Apr 23 01:57:55 UTC 2016


this is my very first post on this list, so thanks for letting me in. :)

I have question regarding i2d_PKCS7_bio() in Version 1.0.1c, 1.0.2g and 
newer versions.

The code looks as follows (all error checking and other stuff removed 
for reading purposes):

// init, keys, certs, stuff...

// read file
BIO *bioCryptedData = NULL;
bioCryptedData = BIO_new_file( dataFile, "r" );

// infile DER to internal format
PKCS7 *cryptData = NULL;
d2i_PKCS7_bio( bioCryptedData, &cryptData );

// decrypt
BIO *bioSignedData = NULL;
bioSignedData = BIO_new( BIO_s_mem() );
PKCS7_decrypt(cryptData, m_PKey, NULL, bioSignedData, NULL);

// sigfile DER to internal format
PKCS7 *signedData = NULL;
d2i_PKCS7_bio( bioSignedData, &signedData );

// verify
BIO *bioClearText = NULL;
bioClearText = BIO_new_file( clearFile, "w" ) );
PKCS7_verify(signedData, NULL, m_VeriStore, NULL, bioClearText, NULL);

// do stuff with the decrypted file, close bio's etc...

My problem occurs in the second call of d2i_PKCS7_bio() within memory: 
while the entire rest of the code runs in seconds even for larger 
(>60MB; >150MB) files, this single line takes about 10min for a 65MB 
file. Basically I see one difference between the first and the second 
call: the first call reads from a file-BIO, the second from a 
memory-BIO. But could that one difference slow things down *that* much? 
Or am I missing something obvious? I really don't want to save the 
signed file, since I only need the verified one.

Thanks a lot for any suggestions.

Best regards Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160423/bdff2516/attachment-0001.html>

More information about the openssl-users mailing list