Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some CRL source data is very slow in tbs_cert_list dump(), regardless of CRL size #192

Open
pr0x1ma-byte opened this issue Oct 8, 2020 · 1 comment
Open

Some CRL source data is very slow in tbs_cert_list dump(), regardless of CRL size #192

pr0x1ma-byte opened this issue Oct 8, 2020 · 1 comment
Labels
performance

Comments

@pr0x1ma-byte
Copy link

I am having a problem when the TbsCertList.dump() gets called, and it's quite confusing as to why. The problem is that when that function is called, it takes a very long time for it to complete (we're talking minutes). We need the dump method because it is used in the verification process of a CRL.

Here is some example code to reproduce the problem and a fix which works by rebuilding the CertificateList object (could you explain why this works?):

I'm also using python 3.6.8

I attached the source crl file as a .txt, but you can rename it to source.crl (same with the python file)



import os

import asn1crypto.core
from asn1crypto import crl

from asn1crypto.crl import TbsCertList, CertificateList

def fix_certificate_list(in_list):
    ''' some certificate lists take a long time to dump(), but this appears to fix the problem '''
    tbslist = TbsCertList()

    if not isinstance(in_list['tbs_cert_list']['version'], asn1crypto.core.Void):
        tbslist['version'] = in_list['tbs_cert_list']['version']

    tbslist['signature'] = in_list['tbs_cert_list']['signature']
    tbslist['issuer'] = in_list['tbs_cert_list']['issuer']
    tbslist['this_update'] = in_list['tbs_cert_list']['this_update']

    if not isinstance(in_list['tbs_cert_list']['next_update'], asn1crypto.core.Void):
        tbslist['next_update'] = in_list['tbs_cert_list']['next_update']

    if not isinstance(in_list['tbs_cert_list']['revoked_certificates'], asn1crypto.core.Void):
        tbslist['revoked_certificates'] = in_list['tbs_cert_list']['revoked_certificates']

    if not isinstance(in_list['tbs_cert_list']['crl_extensions'], asn1crypto.core.Void):
        tbslist['crl_extensions'] = in_list['tbs_cert_list']['crl_extensions']

    outlist = CertificateList()
    outlist['tbs_cert_list'] = tbslist
    outlist['signature_algorithm'] = in_list['signature_algorithm']
    outlist['signature'] = in_list['signature']

    return outlist

print("load")
certificate_list = None
with open('source.crl', 'rb') as f:
    slow_list = crl.CertificateList.load(f.read())
    fast_list = fix_certificate_list(slow_list)

print("dump fast_list")
print(len(fast_list['tbs_cert_list'].dump()))
print("done")

print("dump slow_list")
print(len(slow_list['tbs_cert_list'].dump()))
print("done")

crl_dump_demo.py.txt
source.crl.txt
@wbond
Copy link
Owner

wbond commented Oct 9, 2020

Unfortunately I won't likely have time to look into this soon.

If you are keen to figure out what is going on, I'd recommend using https://pypi.org/project/line-profiler/ and see where the slowdown is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
performance
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wbond @pr0x1ma-byte