[openssl-users] i2d_PKCS7_bio() very slow for large file when reading in memory
Jakob Bohm
jb-openssl at wisemo.com
Wed Apr 27 05:14:21 UTC 2016
On 23/04/2016 03:57, Jan Kohnert wrote:
>
> Hello,
>
> this is my very first post on this list, so thanks for letting me in. :)
>
> I have question regarding i2d_PKCS7_bio() in Version 1.0.1c, 1.0.2g
> and maybe
>
> newer versions.
>
> The code looks as follows (all error checking and other stuff removed
>
> for reading purposes):
>
> ----------------------------------
>
> // init, keys, certs, stuff...
>
> // read file
>
> BIO *bioCryptedData = NULL;
>
> bioCryptedData = BIO_new_file( dataFile, "r" );
>
> // infile DER to internal format
>
> PKCS7 *cryptData = NULL;
>
> d2i_PKCS7_bio( bioCryptedData, &cryptData );
>
> // decrypt
>
> BIO *bioSignedData = NULL;
>
> bioSignedData = BIO_new( BIO_s_mem() );
>
> PKCS7_decrypt(cryptData, m_PKey, NULL, bioSignedData, NULL);
>
> // sigfile DER to internal format
>
> PKCS7 *signedData = NULL;
>
> d2i_PKCS7_bio( bioSignedData, &signedData );
>
> // verify
>
> BIO *bioClearText = NULL;
>
> bioClearText = BIO_new_file( clearFile, "w" ) );
>
> PKCS7_verify(signedData, NULL, m_VeriStore, NULL, bioClearText, NULL);
>
> // do stuff with the decrypted file, close bio's etc...
>
> ----------------------------------
>
> My problem occurs in the second call of d2i_PKCS7_bio() within memory:
>
> while the entire rest of the code runs in seconds even for larger
>
> (>60MB; >150MB) files, this single line takes about 10min for a 65MB
>
> file. Basically I see one difference between the first and the second
>
> call: the first call reads from a file-BIO, the second from a
>
> memory-BIO. But could that one difference slow things down *that* much?
>
> Or am I missing something obvious? I really don't want to save the
>
> signed file, since I only need the verified one.
>
>
Just to get a more relevant speed comparison, since the two
calls are parsing very different data, could you try the
test again going via a file, just to double check the
following:
1. Does parsing the same data also take 10 minutes when
from a file?
2. Is the signed data encoded in some inefficient way (such
as indefinite or chunked BER), which may slow down the
BER/DER parser?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list