We are using OpenSSL to implement S/MIME. When we sign and encrypt a message we use an intermediate memory BIO to hold the message. The same is true when we decrypt and verify a message. If the message we are processing is large (>200K) we find that the performance is very bad. By looking at the code, it seems that read-only memory BIOs just move a pointer through the message, but read/write memory BIOs move the remaining data to the beginning of the buffer. The SMIME_crlf_copy routine reads one line at a time. This causes the 200K buffer to be moved many times and therefore we see the performance problem. There are actually two problems we have discovered: 1. The memory move in bss_mem.c is implemented via a for loop that moves one character at a time. There is a memmove that is commented out above the loop. memmove should be a lot faster. 2. The larger problem though is that the data really should not be moved and only a pointer should be adjusted. A simple solution to allowing data to be added in some cases and therefore still moving the data while addressing this issue is to look at the BIO_C_SET_BUF_MEM_EOF_RETURN flag. If this flag is set no more data will be added and a pointer can be used.
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]