Hello, this is my very first post on this list, so thanks for letting me in. :) I have question regarding i2d_PKCS7_bio() in Version 1.0.1c, 1.0.2g and maybe newer versions. The code looks as follows (all error checking and other stuff removed for reading purposes): ---------------------------------- // init, keys, certs, stuff... // read file BIO *bioCryptedData = NULL; bioCryptedData = BIO_new_file( dataFile, "r" ); // infile DER to internal format PKCS7 *cryptData = NULL; d2i_PKCS7_bio( bioCryptedData, &cryptData ); // decrypt BIO *bioSignedData = NULL; bioSignedData = BIO_new( BIO_s_mem() ); PKCS7_decrypt(cryptData, m_PKey, NULL, bioSignedData, NULL); // sigfile DER to internal format PKCS7 *signedData = NULL; d2i_PKCS7_bio( bioSignedData, &signedData ); // verify BIO *bioClearText = NULL; bioClearText = BIO_new_file( clearFile, "w" ) ); PKCS7_verify(signedData, NULL, m_VeriStore, NULL, bioClearText, NULL); // do stuff with the decrypted file, close bio's etc... ---------------------------------- My problem occurs in the second call of d2i_PKCS7_bio() within memory: while the entire rest of the code runs in seconds even for larger (>60MB; >150MB) files, this single line takes about 10min for a 65MB file. Basically I see one difference between the first and the second call: the first call reads from a file-BIO, the second from a memory-BIO. But could that one difference slow things down *that* much? Or am I missing something obvious? I really don't want to save the signed file, since I only need the verified one. Thanks a lot for any suggestions. Best regards Jan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160423/bdff2516/attachment-0001.html>
