We are using OpenSSL to implement S/MIME. When we sign and
encrypt a message we use an intermediate memory BIO to hold the message.
The same is true when we decrypt and verify a message. If the message we
are processing is large (>200K) we find that the performance is very
bad.
By looking at the code, it seems that read-only memory BIOs just
move a pointer through the message, but read/write memory BIOs move the
remaining data to the beginning of the buffer. The SMIME_crlf_copy
routine reads one line at a time. This causes the 200K buffer to be
moved many times and therefore we see the performance problem.
There are actually two problems we have discovered:
1. The memory move in bss_mem.c is implemented via a for loop
that moves one character at a time. There is a memmove that is commented
out above the loop. memmove should be a lot faster.
2. The larger problem though is that the data really should not
be moved and only a pointer should be adjusted. A simple solution to
allowing data to be added in some cases and therefore still moving the
data while addressing this issue is to look at the
BIO_C_SET_BUF_MEM_EOF_RETURN flag. If this flag is set no more data will
be added and a pointer can be used.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
