From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (NAM02-DM3-obe.outbound.protection.outlook.com [40.107.95.61]) by mx.groups.io with SMTP id smtpd.web08.759.1630095001622636621 for ; Fri, 27 Aug 2021 13:10:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@nvidia.com header.s=selector2 header.b=mezSjfYI; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: nvidia.com, ip: 40.107.95.61, mailfrom: bobm@nvidia.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T0LRt463O/LbCL2O0YGWNfcza72A/VD5VhstGQr6wHi/F7rDHYMVrxv/phihuJjGYnp9KU9gzeuYZJXDIb6SlTFxeeJOdKWfUGhj/r4dhPSA7ViqRGO9BZWNNANTigsqVqf5caJzjEXkugdjoqJF0ZrbgB4xTarLlacemrVga3n3/YRCvyHyTDyInRu/7FgNZVAhk8LMTJAZITaA2+1tHeZA4s6lt5oSyo17AvfnLUzVVF3b7GkGASwhrPquAhbXeajtJEqQ03sLg3s2Z0KQMj45qPAPgMxypCD9nob6vyT8KB9JVnMF56kb36+mebyxeoPkd78+ikdPNxIfiLy9Qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fJ7DxgX/4LLwHJHfLAlu+rG2eUaly+JAUEDhNJ5IiGc=; b=BWMrWPVlKatYEvyWsQr5HfERzL/uF2C1bHX+CLxQvFBIOO6ZDbcDA/Oi1xtufuxTYIxgnBLZUAXXWXCWEcLYoPC0R45WhP2eTklgB48PXIwCQmCsS31OAloC/+5Rdj69p6KQZcVvc/xsPATjCplzKZRAnBkPdrCpjM2UGgcLLYxPXxJBzWLzfLaCVapGgqg1v5cZXp9h8BsDRPf8d38Jvc5EPBmWDyK1nwEsdmcdfVf4ft+1Y0B5tZamf+ZNitDgCkyQCyT7BWzmABKaj+q1Qrj+FWZYAIR9JTagxC3d/IdpViPGC2roIfbZ9OYW67y7NvYk+FLAxbOTfGn+GsjLew== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.32) smtp.rcpttodomain=intel.com smtp.mailfrom=nvidia.com; dmarc=pass (p=quarantine sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fJ7DxgX/4LLwHJHfLAlu+rG2eUaly+JAUEDhNJ5IiGc=; b=mezSjfYI+tzWMJkPW2lDVVJ9dJoaCD4JQ9JQgC+bAdNikrj9tTuvrEzQtR9Ms28u2VppM/CCBztoR/8E/POOGFH2iHvEUbJ6jQ4evU//L4UQbsz9aCYv7Tr6rWPfecJWKchLvtaXq8/m6xHhy2VsEeubPaBW0kh2RUzSw0pubDmp8GgSb6V/kzEXnCQHmVKaYUUl3qJbO206ksMVTRDdsnSlB1qnjuYRu4Frs77lB0OZoL1oUEhpV6IJTJZudMhCKOE027QF/f6N+y5ONokrASJX3eIjE07fblMAgR+3hawhVwzi0kfxyCAJXM1FSdUOzasEB1a++NwA2NFhJLXJ9A== Received: from BN9PR03CA0008.namprd03.prod.outlook.com (2603:10b6:408:fa::13) by CY4PR12MB1222.namprd12.prod.outlook.com (2603:10b6:903:3b::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Fri, 27 Aug 2021 20:10:00 +0000 Received: from BN8NAM11FT036.eop-nam11.prod.protection.outlook.com (2603:10b6:408:fa:cafe::59) by BN9PR03CA0008.outlook.office365.com (2603:10b6:408:fa::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.18 via Frontend Transport; Fri, 27 Aug 2021 20:09:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.32) smtp.mailfrom=nvidia.com; intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.32 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.32; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.32) by BN8NAM11FT036.mail.protection.outlook.com (10.13.177.168) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4457.17 via Frontend Transport; Fri, 27 Aug 2021 20:09:59 +0000 Received: from HQMAIL101.nvidia.com (172.20.187.10) by HQMAIL109.nvidia.com (172.20.187.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 27 Aug 2021 13:09:59 -0700 Received: from localhost.localdomain (172.20.187.6) by mail.nvidia.com (172.20.187.10) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Fri, 27 Aug 2021 20:09:58 +0000 From: bobm@nvidia.com To: CC: , , , , Bob Morgan Subject: [PATCH] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify() Date: Fri, 27 Aug 2021 14:07:09 -0600 Message-ID: <46b077a7ba2e7372a3763fdfa59cbd0976eb4b89.1630093105.git.bobm@nvidia.com> X-Mailer: git-send-email 2.17.1 X-NVConfidentiality: public Return-Path: bobm@nvidia.com MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 40ff05e3-f263-45ef-e8c4-08d96996a5ec X-MS-TrafficTypeDiagnostic: CY4PR12MB1222: X-Microsoft-Antispam-PRVS: X-MS-Exchange-Transport-Forked: True X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: i4UV5/BK87F+f9zkUcE5WOMp+aHJj68hbgSlXP9XxMMfYwrF6/77oABdM/bbJVAHdcx+JyoQxxU7SQOpVNZXZMQ4OKseOrgvl6aKj7lXS3YoRLuB7rl/rN5FP5mW/k1xhO/OviVVxCBPg6ByLW2sF1uuyFXjzewGKN869iyjEYNZsskQOHNC1CeI7Vs7DNMGDljC58gKQzj+Ub7l+DGsr+/GpLXtaOM6nFmiItUoGdHDVIsIv+h0hQheZlkFT+a34hbGoV66iv/RN78BxDNf9nnkjASioaox8i2hO+6OEkZkrEJslnq2y99ynr+dDuemIfq+xw5QMVezZRmbEowRBMzB6ymWt7v34z2SFNMLsfQmpfq+IUAHx+TM0uNoYT68ksy19MbM+GKiVF07aGaKI8gZiqnLqYBBMmYDps/JzYdMuM3J/JBaSqyGTjlegxvcBhS4qb7UnKKf7fE5q9YajUqYQw98N3e+WxI+7P5OrdqszBDaClq9XIiAo8heMgQn0gnOk2edEIkgB5Z8grCKFyCtm44mc9P1fG+jvI4j17e+/EHqMLOSnpYAeDhV2GrxUEzsKV5N+KSPAiPejTR3QLUjWJmeyRCD2ADQzQBCowANAkduV2TGlKKxVtKftXJIkFpEbPdE6F0arIciNOqs2eG/2VJ1fJQqFT4u1Caxg5NpXhe9wImpEC6A/Tv56mA9uw0TIxVUArx7reHDKmwiKg== X-Forefront-Antispam-Report: CIP:216.228.112.32;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:schybrid01.nvidia.com;CAT:NONE;SFS:(4636009)(39860400002)(346002)(376002)(396003)(136003)(36840700001)(46966006)(186003)(316002)(6916009)(70586007)(54906003)(26005)(107886003)(478600001)(86362001)(70206006)(6666004)(8676002)(4326008)(82310400003)(36756003)(426003)(8936002)(336012)(82740400003)(7636003)(2906002)(356005)(2616005)(47076005)(5660300002)(36860700001)(83380400001);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Aug 2021 20:09:59.7724 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 40ff05e3-f263-45ef-e8c4-08d96996a5ec X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.112.32];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT036.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1222 Content-Type: text/plain Create a read-only openSSL BIO wrapper for the existing input buffer passed to Pkcs7Verify() instead of copying the buffer into an empty writable BIO which causes memory allocations within openSSL. Signed-off-by: Bob Morgan --- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c index d99597d181..8eda98f7b2 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c @@ -864,15 +864,11 @@ Pkcs7Verify ( // For generic PKCS#7 handling, InData may be NULL if the content is present // in PKCS#7 structure. So ignore NULL checking here. // - DataBio = BIO_new (BIO_s_mem ()); + DataBio = BIO_new_mem_buf (InData, (int) DataLength); if (DataBio == NULL) { goto _Exit; } - if (BIO_write (DataBio, InData, (int) DataLength) <= 0) { - goto _Exit; - } - // // Allow partial certificate chains, terminated by a non-self-signed but // still trusted intermediate certificate. Also disable time checks. -- 2.17.1