From fcd5cca418c1efcd420cfbdcd56182e0524698c1 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 14 Jan 2005 17:52:24 +0000 Subject: [PATCH] PKCS7_verify() performance optimization. When the content is large and a memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots of slow memory copies from the memory BIO by saving the content in a temporary read only memory BIO. --- crypto/pkcs7/pk7_smime.c | 37 +++++++++++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 6aca0222da..f22c07fb55 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -157,7 +157,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, char buf[4096]; int i, j=0, k, ret = 0; BIO *p7bio; - BIO *tmpout; + BIO *tmpin, *tmpout; if(!p7) { PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); @@ -232,7 +232,30 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, /* Check for revocation status here */ } - p7bio=PKCS7_dataInit(p7,indata); + /* Performance optimization: if the content is a memory BIO then + * store its contents in a temporary read only memory BIO. This + * avoids potentially large numbers of slow copies of data which will + * occur when reading from a read write memory BIO when signatures + * are calculated. + */ + + if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) + { + char *ptr; + long len; + len = BIO_get_mem_data(indata, &ptr); + tmpin = BIO_new_mem_buf(ptr, len); + if (tmpin == NULL) + { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); + return 0; + } + } + else + tmpin = indata; + + + p7bio=PKCS7_dataInit(p7,tmpin); if(flags & PKCS7_TEXT) { if(!(tmpout = BIO_new(BIO_s_mem()))) { @@ -274,9 +297,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, ret = 1; err: + + if (tmpin == indata) + { + if(indata) BIO_pop(p7bio); + BIO_free_all(p7bio); + } + else + BIO_free_all(tmpin); - if(indata) BIO_pop(p7bio); - BIO_free_all(p7bio); sk_X509_free(signers); return ret; -- GitLab