From: "Bob Morgan" <bobm@nvidia.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
Bob Morgan <bobm@nvidia.com>
Cc: "jiewen.yao@intel.com" <jiewen.yao@intel.com>,
"jian.j.wang@intel.com" <jian.j.wang@intel.com>,
"xiaoyux.lu@intel.com" <xiaoyux.lu@intel.com>,
"guomin.jiang@intel.com" <guomin.jiang@intel.com>
Subject: Re: [edk2-devel] [PATCH] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify()
Date: Thu, 9 Sep 2021 16:33:50 +0000 [thread overview]
Message-ID: <DM6PR12MB477976586B1AC2000163604CAAD59@DM6PR12MB4779.namprd12.prod.outlook.com> (raw)
In-Reply-To: <169F43F2EBFB154A.19159@groups.io>
Hi, Any feedback or status update on this?
Thanks,
-bob
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bob Morgan via groups.io
Sent: Friday, August 27, 2021 2:07 PM
To: devel@edk2.groups.io
Cc: jiewen.yao@intel.com; jian.j.wang@intel.com; xiaoyux.lu@intel.com; guomin.jiang@intel.com; Bob Morgan <bobm@nvidia.com>
Subject: [edk2-devel] [PATCH] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify()
External email: Use caution opening links or attachments
Create a read-only openSSL BIO wrapper for the existing input buffer passed to Pkcs7Verify() instead of copying the buffer into an empty writable BIO which causes memory allocations within openSSL.
Signed-off-by: Bob Morgan <bobm@nvidia.com>
---
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
index d99597d181..8eda98f7b2 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
@@ -864,15 +864,11 @@ Pkcs7Verify (
// For generic PKCS#7 handling, InData may be NULL if the content is present
// in PKCS#7 structure. So ignore NULL checking here.
//
- DataBio = BIO_new (BIO_s_mem ());
+ DataBio = BIO_new_mem_buf (InData, (int) DataLength);
if (DataBio == NULL) {
goto _Exit;
}
- if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
- goto _Exit;
- }
-
//
// Allow partial certificate chains, terminated by a non-self-signed but
// still trusted intermediate certificate. Also disable time checks.
--
2.17.1
next parent reply other threads:[~2021-09-09 16:33 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <169F43F2EBFB154A.19159@groups.io>
2021-09-09 16:33 ` Bob Morgan [this message]
2021-09-10 1:17 ` [edk2-devel] [PATCH] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify() Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DM6PR12MB477976586B1AC2000163604CAAD59@DM6PR12MB4779.namprd12.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox