From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com [40.107.243.89]) by mx.groups.io with SMTP id smtpd.web12.149.1631309678054552421 for ; Fri, 10 Sep 2021 14:34:38 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@nvidia.com header.s=selector2 header.b=GVgyx6p3; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: nvidia.com, ip: 40.107.243.89, mailfrom: bobm@nvidia.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TeO+VQdOapEnZrngEBRzC7Q4mKvxroGfR5BSvJtVuisYzFZcgb4Y7fXPjPgn0HHeimWOehP1xGaBrM4CaI0XM5G+kvPWj1Temt2LEOBlAnJ2/AfAG7yX1WrjuOse78xfINO4vXMWdn+2T/TEqI/XqoFAwCSfE2Euqvlv799rqxYJbggW3iuJFSbeY54EWLsXoWqLIMiovmck4o6lr2iPAlRBgN/L2FbEZx/ir9kJbor26nZwBJbWmzSEe8dhVwCOQh/UewtwM8vvJvMJo6hwS1wLfUbhkg5/dnfY5bAmj4T+SKUHr6TYo8g6AWNv5OGl0QaHRfjVgMcpmQcu+d3u4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=uv7j8ZINRWRlseSBFQ5cJXOx+nuzmHQwXdnTXrtHVQA=; b=G6RLDYcvOK+OT5+ne34IDaLj8PwxVfAKVCAAhzu8CkesDXZ5KBLsGm5Y3SQYj9eWVtviHWhzUXi8GKMZmShqeu3AH3OrUh+QY3ZE4ZsLa+KjpYyVmsjZOppjk0Hs5pV7VP/ZipgpybrXHtjDjKtltkkmnN0pSH1isXkRxFy8FSb9T5VZJcaYWFbWp9ZHytT8fTYH4tnGaQCX/OAtOu3fPZoHTaflP33R6TcKsHckoRttgWdDRKFUUwjMRlXDievFu3Y3XYCG8aR5NTOM/G4EmDLqiZNEjn4+9rFLqDDC8zvE7dkNpC9AszQ4PRzCatB05KwmLuSOXZJrxDNRam1Org== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=nvidia.com; dmarc=pass (p=quarantine sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uv7j8ZINRWRlseSBFQ5cJXOx+nuzmHQwXdnTXrtHVQA=; b=GVgyx6p3yeBpMkH2sXkk3oi49KJqpC2+xq2dFMVIr61RIEbr5bLZByCXYNfI4xVx/JIz+ZzMwuxieIi/d/oCXoz+h3ne8LcJii1VHHKhDB1lOM1SKNmC+Acy+2+ReVBUp14hX68CTbEGObZ5nUOxbgkq5LilvShsKyFga+3kgj92OziCYdo1P9I26kbmwxLHnpRpYFdmXBS2N7BzJssOZ4nFbYY9NITH1XHA/JyQ+Wn+5fVUW72HTauqzX3i/t5tBfm90lwHWeBXo8Ll3Sj1waG06XXK+/kTi4XHzP3Msl2Num09jeOjbU+vsOTjVqVh0EAjbzudMoMLl0mxAeiFiA== Received: from DS7PR03CA0289.namprd03.prod.outlook.com (2603:10b6:5:3ad::24) by SA0PR12MB4511.namprd12.prod.outlook.com (2603:10b6:806:95::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.14; Fri, 10 Sep 2021 21:34:36 +0000 Received: from DM6NAM11FT005.eop-nam11.prod.protection.outlook.com (2603:10b6:5:3ad:cafe::7c) by DS7PR03CA0289.outlook.office365.com (2603:10b6:5:3ad::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.16 via Frontend Transport; Fri, 10 Sep 2021 21:34:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by DM6NAM11FT005.mail.protection.outlook.com (10.13.172.238) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4500.14 via Frontend Transport; Fri, 10 Sep 2021 21:34:36 +0000 Received: from HQMAIL105.nvidia.com (172.20.187.12) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Fri, 10 Sep 2021 21:34:35 +0000 Received: from HQMAIL111.nvidia.com (172.20.187.18) by HQMAIL105.nvidia.com (172.20.187.12) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Fri, 10 Sep 2021 21:34:35 +0000 Received: from localhost.localdomain (172.20.187.6) by mail.nvidia.com (172.20.187.18) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Fri, 10 Sep 2021 21:34:35 +0000 From: "Bob Morgan" To: CC: Bob Morgan , Jiewen Yao , "Jian J Wang" , Xiaoyu Lu , Guomin Jiang Subject: [PATCH v2] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify() Date: Fri, 10 Sep 2021 15:34:14 -0600 Message-ID: <5bfd69a9e8b78847c5dd55fe3be0d5f629486649.1631309581.git.bobm@nvidia.com> X-Mailer: git-send-email 2.17.1 X-NVConfidentiality: public Return-Path: bobm@nvidia.com MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a6de87b4-4fec-404f-b9dd-08d974a2c99c X-MS-TrafficTypeDiagnostic: SA0PR12MB4511: X-Microsoft-Antispam-PRVS: X-MS-Exchange-Transport-Forked: True X-MS-Oob-TLC-OOBClassifiers: OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: sEkbwA/PI4r2b0RcaPkxgXy1vKTWgoIow6oxOJtLwvoS3O1LpmYMjS/gRANKVWwmSkFieizPil7UCCWIgdf8xOT6ZA07yDhaHoYk68ymPTgBa79hEH+qcQYRJb+GuCdu83KGd5j1R5pwdQtoLCV9DlmgZuXjXz9vYxSEw6nOhQL9dWc6TNLpH/3N2F/LUIk/Q+nv5cVfWES6iTKrPK2GfMmjEvKUEIcJ01WUGImkyMDfHbVZJsgUkplGbiL8jyWT6lq6WXBoTmWa86gBO1gOvO9QtHU+31JfizWm4SyLY0C74k7r9qf96LQPqI3wNtI9T2V8ioyPC7gV0vAvtJE4he2zsKif5SBk68Vt1BDP644+oUMIWcJBon3RJ1AyXhIKktJXbwmjmg9WIOHcvqSanSZzbXy0XMRLK+ppf7K9sESfiZlx2FN9N9m5mohp+5qrZk5SqctRZKQ46Jt47sWDJlC7hP0eSgdfHeMPQfRO2Dn2RvpWZbTSORNPOgcJTmeEEiG/jVcX8DOXDGayNSixmqyC8CK+n/iM6CGRZ/oAG9apQVRSO8B7x0fqzuPwtrfjlGshcLOyXAMknC5Ho4YuFsWOa+bDVvaqL+nPEj3oZ22uBUBkFkEwyDj+vHFSgdIVB1CaYXJ1SpVFopNk9eoGpTJUzEe3fWzhx/ye5T/IpOQdchByOP9VCJ5NsVrIYJNrKA9wY4zQUpnckEkyqRafUHKS34vCBf6YMp9gokkTAjAVx6cDKBWJg1ss/F0cM50N/gROgrV4BKR0IJJyRINW2VLViGxKQ4CY96tud0t4aPE= X-Forefront-Antispam-Report: CIP:216.228.112.34;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:schybrid03.nvidia.com;CAT:NONE;SFS:(4636009)(396003)(346002)(39860400002)(136003)(376002)(46966006)(36840700001)(86362001)(8676002)(70586007)(2906002)(54906003)(82310400003)(70206006)(2616005)(36860700001)(336012)(4326008)(36906005)(316002)(6916009)(82740400003)(47076005)(36756003)(478600001)(426003)(5660300002)(356005)(6666004)(966005)(83380400001)(7636003)(26005)(8936002)(186003);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Sep 2021 21:34:36.4632 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a6de87b4-4fec-404f-b9dd-08d974a2c99c X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.112.34];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT005.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4511 Content-Type: text/plain REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3617 Create a read-only openSSL BIO wrapper for the existing input buffer passed to Pkcs7Verify() instead of copying the buffer into an empty writable BIO which causes memory allocations within openSSL. Cc: Jiewen Yao Cc: Jian J Wang Cc: Xiaoyu Lu Cc: Guomin Jiang Signed-off-by: Bob Morgan --- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c index d99597d181..8eda98f7b2 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c @@ -864,15 +864,11 @@ Pkcs7Verify ( // For generic PKCS#7 handling, InData may be NULL if the content is present // in PKCS#7 structure. So ignore NULL checking here. // - DataBio = BIO_new (BIO_s_mem ()); + DataBio = BIO_new_mem_buf (InData, (int) DataLength); if (DataBio == NULL) { goto _Exit; } - if (BIO_write (DataBio, InData, (int) DataLength) <= 0) { - goto _Exit; - } - // // Allow partial certificate chains, terminated by a non-self-signed but // still trusted intermediate certificate. Also disable time checks. -- 2.17.1