* [PATCH] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify()
@ 2021-08-27 20:07 bobm
0 siblings, 0 replies; only message in thread
From: bobm @ 2021-08-27 20:07 UTC (permalink / raw)
To: devel; +Cc: jiewen.yao, jian.j.wang, xiaoyux.lu, guomin.jiang, Bob Morgan
Create a read-only openSSL BIO wrapper for the existing input
buffer passed to Pkcs7Verify() instead of copying the buffer
into an empty writable BIO which causes memory allocations
within openSSL.
Signed-off-by: Bob Morgan <bobm@nvidia.com>
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
index d99597d181..8eda98f7b2 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
@@ -864,15 +864,11 @@ Pkcs7Verify (
// For generic PKCS#7 handling, InData may be NULL if the content is present
// in PKCS#7 structure. So ignore NULL checking here.
//
- DataBio = BIO_new (BIO_s_mem ());
+ DataBio = BIO_new_mem_buf (InData, (int) DataLength);
if (DataBio == NULL) {
goto _Exit;
}
- if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
- goto _Exit;
- }
-
//
// Allow partial certificate chains, terminated by a non-self-signed but
// still trusted intermediate certificate. Also disable time checks.
--
2.17.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-08-27 20:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-08-27 20:07 [PATCH] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify() bobm
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox