i2d_PKCS7_bio() very slow for large file when reading in memory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 23/04/2016 03:57, Jan Kohnert wrote:
>
> Hello,
>
> this is my very first post on this list, so thanks for letting me in. :)
>
> I have question regarding i2d_PKCS7_bio() in Version 1.0.1c, 1.0.2g 
> and maybe
>
> newer versions.
>
> The code looks as follows (all error checking and other stuff removed
>
> for reading purposes):
>
> ----------------------------------
>
> // init, keys, certs, stuff...
>
> // read file
>
> BIO *bioCryptedData = NULL;
>
> bioCryptedData = BIO_new_file( dataFile, "r" );
>
> // infile DER to internal format
>
> PKCS7 *cryptData = NULL;
>
> d2i_PKCS7_bio( bioCryptedData, &cryptData );
>
> // decrypt
>
> BIO *bioSignedData = NULL;
>
> bioSignedData = BIO_new( BIO_s_mem() );
>
> PKCS7_decrypt(cryptData, m_PKey, NULL, bioSignedData, NULL);
>
> // sigfile DER to internal format
>
> PKCS7 *signedData = NULL;
>
> d2i_PKCS7_bio( bioSignedData, &signedData );
>
> // verify
>
> BIO *bioClearText = NULL;
>
> bioClearText = BIO_new_file( clearFile, "w" ) );
>
> PKCS7_verify(signedData, NULL, m_VeriStore, NULL, bioClearText, NULL);
>
> // do stuff with the decrypted file, close bio's etc...
>
> ----------------------------------
>
> My problem occurs in the second call of d2i_PKCS7_bio() within memory:
>
> while the entire rest of the code runs in seconds even for larger
>
> (>60MB; >150MB) files, this single line takes about 10min for a 65MB
>
> file. Basically I see one difference between the first and the second
>
> call: the first call reads from a file-BIO, the second from a
>
> memory-BIO. But could that one difference slow things down *that* much?
>
> Or am I missing something obvious? I really don't want to save the
>
> signed file, since I only need the verified one.
>
>
Just to get a more relevant speed comparison, since the two
calls are parsing very different data, could you try the
test again going via a file, just to double check the
following:

1. Does parsing the same data also take 10 minutes when
   from a file?

2. Is the signed data encoded in some inefficient way (such
   as indefinite or chunked BER), which may slow down the
   BER/DER parser?

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux