Commit fcd5cca4 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

PKCS7_verify() performance optimization. When the content is large and a 

memory BIO (for example from SMIME_read_PKCS7 and detached data) avoid lots
of slow memory copies from the memory BIO by saving the content in a
temporary read only memory BIO.
parent 9222bc6b

crypto/pkcs7/pk7_smime.c

+33 −4
Original line number Diff line number Diff line
@@ -157,7 +157,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, 
	char buf[4096];

	int i, j=0, k, ret = 0;

	BIO *p7bio;

	BIO *tmpout;

	BIO *tmpin, *tmpout;



	if(!p7) {

		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
@@ -232,7 +232,30 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, 
		/* Check for revocation status here */

	}



	p7bio=PKCS7_dataInit(p7,indata);

	/* Performance optimization: if the content is a memory BIO then

	 * store its contents in a temporary read only memory BIO. This

	 * avoids potentially large numbers of slow copies of data which will

	 * occur when reading from a read write memory BIO when signatures

	 * are calculated.

	 */



	if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))

		{

		char *ptr;

		long len;

		len = BIO_get_mem_data(indata, &ptr);

		tmpin = BIO_new_mem_buf(ptr, len);

		if (tmpin == NULL)

			{

			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);

			return 0;

			}

		}

	else

		tmpin = indata;

		



	p7bio=PKCS7_dataInit(p7,tmpin);



	if(flags & PKCS7_TEXT) {

		if(!(tmpout = BIO_new(BIO_s_mem()))) {
@@ -275,8 +298,14 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, 


	err:

	

	if (tmpin == indata)

		{

		if(indata) BIO_pop(p7bio);

		BIO_free_all(p7bio);

		}

	else

		BIO_free_all(tmpin);



	sk_X509_free(signers);



	return ret;