From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (NAM12-MW2-obe.outbound.protection.outlook.com [40.107.244.88]) by mx.groups.io with SMTP id smtpd.web09.1440.1631205232252519705 for ; Thu, 09 Sep 2021 09:33:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@nvidia.com header.s=selector2 header.b=K+RWL09N; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: nvidia.com, ip: 40.107.244.88, mailfrom: bobm@nvidia.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Tf+3rCrUAwMJf0N9u2zs+xu41crR+0x2iWYjfneI4YYL4WtYFsXyFTdREBjYUYIJ2Tp1mLVf3LCGP0ix+Qu1eufi18mXn10Up/PETA29fAfwhz90s4kQfAcFUbq155NFpr7YvEVboua4lNlnX1Iymcqpzn0PypipjyBhxf4FOexmJipAymin07fQVd80r3XSQz/psGlwWV8LTWm84tZH4mahW/tWmxzFcZjIUdCAOA2TDkQbLeHLHJdY2whyWbQQNT5UlJasxCDofO9W0yN0MlcHiNjQ6sBcIAG1fM46UH2/c0tUovNI6BAqqb5H9v4mfIHaf20X09jZWEuXeNYMhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Zkl22AHxsew6/fs94FALk/U74bvKpdLI4D27y628GzA=; b=Qu8Kq/cN5oObVkmxcuXoWq1OYR5OOdANOTajBixCGmlBg6YtcXJFru+5DI1rnDmxxBHKwPtBRxcKX3YIQPQD16+/xROLDtt1oXxhDMtlb9O2XTniico3BHOsfWmS3olY677a9hZhHC9J019eKkqDHNUZ/w8trOxqfEhoZtq6ZRgGnKNnYNOlLP7J9FZID1xLLRlkq7mWpmbxDUxaT+RNPeNRzbEsxEup/gmdiGczC/zBYPHqfCsEF91fOTCcOuMQRq2zPLGJvotsR96ujwAZhCrNBnWIUQNx5kHUgoh8VzPwpus0DQYElxz5H4ntubwqHLNlCmQkLBFkFKwY/fapEA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zkl22AHxsew6/fs94FALk/U74bvKpdLI4D27y628GzA=; b=K+RWL09NJ5E2T897qVvPyUUheJjX2elPZ5VYGGsaQLNerdVNFdmTkP19crxWt5uyl01GzBTlAo3tzNVU3vrTLS6R6JDYQpOQ6uHjAo3kc+QrEEQGYaZIU6szsOd+z2F1LnFniCUKQvDvgXcUZLY8TmAufriDnkQ6BCUSVylcEY54S4TaEanGuv9Du2zOkmhbUBldZBbeHc67+nVtoXVJvjzQnjrlKYyPGy54aEd7qjcMZw+iglgZQLpXYIwmZ1cAgcvIkkJ+ZliGbZ1ouDf9LFA/YDM/lWdon6bcOFdz3eW7v4yUg7JcXp7Bbn0GbHnVmdjjNBc62Cg4G8kz0qPVrg== Received: from DM6PR12MB4779.namprd12.prod.outlook.com (2603:10b6:5:172::23) by DM5PR12MB2342.namprd12.prod.outlook.com (2603:10b6:4:ba::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.14; Thu, 9 Sep 2021 16:33:50 +0000 Received: from DM6PR12MB4779.namprd12.prod.outlook.com ([fe80::755d:82d1:d79b:48b4]) by DM6PR12MB4779.namprd12.prod.outlook.com ([fe80::755d:82d1:d79b:48b4%7]) with mapi id 15.20.4500.016; Thu, 9 Sep 2021 16:33:50 +0000 From: "Bob Morgan" To: "devel@edk2.groups.io" , Bob Morgan CC: "jiewen.yao@intel.com" , "jian.j.wang@intel.com" , "xiaoyux.lu@intel.com" , "guomin.jiang@intel.com" Subject: Re: [edk2-devel] [PATCH] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify() Thread-Topic: [edk2-devel] [PATCH] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify() Thread-Index: AQHXm4KMn+C42+TXikSnYpRE0USrJ6ub+VzQ Date: Thu, 9 Sep 2021 16:33:50 +0000 Message-ID: References: <169F43F2EBFB154A.19159@groups.io> In-Reply-To: <169F43F2EBFB154A.19159@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=nvidia.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: fb155381-129b-4850-31b3-08d973af9b1f x-ms-traffictypediagnostic: DM5PR12MB2342: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: L1ST/ZQ1kli+4p1w6qErHqiMdLrk0ydWBRpD0bKEBa0IEFPnacFqn14LsD15ZdUhfrhbnhHJzyubAeiqdwJznZ+y4+xWAEXlGH+6LEEG8rOT50uGCyZstoNY6XmGAebX3EFB8Bo2l+wN/62MUOIyURhRoVe84u5rq12/k9ardNyIlC8coFgIufuEUbDldXkdLqI84daEnCgFCZvxsdXYiv+eVnbYPK9IDpMFdjz53t1Pia8onldfQR2+U3/MqlwtRjcl+rMJnm6u7w3iH+QjJDdexr2GFsHYI/n9ttync6suKFbIC6gCQ8TbWR0OVCNa61zZKfku9fZGSjnc+lEeNvV4xpzlSTL72kevBNiCCFW8nDdC3IHYfrUt5gELxak2P2qQviSMFQe/qY2t4VuFbv3cTbziYKvEqZIJ5W4FffeFZJSywKx2Ap2lvkwpzkdsNU4pY5mcW4U4ICVGRe/oMXkDAH0M+8yAnw2cirE/lB5nnSrnBQYjDi/15LsOCb7Tco0Ix3GLuue3ErJ9d4JhnQc9L3Bl/3zHLBzBFhJWc8BYY7ljotxnbmA8eybJz1tPW2j2TOc6cItgLJICEPdRRn3uh4M+yWcm/jInBmEK52eazOlKM0yJ3VVDAmwJlKDkrUmFT3vMspcWqbhQmy/Cth3t60vhI4a35Z9g6f2BeqFL8C/LOfJ+RhvIngqSeMsuEs0WQTUOgTVtQ4D/4OstK28IPnOU1UvlyRZHj4Iznjyd7GmGLqtuSN46NmZjv2HS/lPuERq/SNgkp73HHsoHRQB2uzH4vgOkV9UKFD/u1pY= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR12MB4779.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(136003)(376002)(346002)(39860400002)(396003)(66476007)(66556008)(316002)(122000001)(26005)(64756008)(38100700002)(76116006)(66446008)(66946007)(966005)(38070700005)(33656002)(52536014)(478600001)(186003)(71200400001)(2906002)(86362001)(6506007)(110136005)(8936002)(54906003)(83380400001)(53546011)(7696005)(8676002)(55016002)(4326008)(9686003)(5660300002);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?TBWvnwqO7WN+CzSzwIZFwcGRWZaeUxueZW/0ZVlhPLIqWwhYE6BUS7UO/kBz?= =?us-ascii?Q?FpUraC2e4KySR+V13K7L2Yzs/eFCIO9tgLQNLbS9koXkQ//bx2H17nBcU6Mw?= =?us-ascii?Q?Q7p+cZp2cYz+qUUa/YpHsHEg15yxn1HlNI+kSvkRKgeRm+IFP0G/46Cz6TwM?= =?us-ascii?Q?PjWDfYnU9VOAtStdn2cG1L7QCOEGsBr+Z9/lAfxZr8Bb98ZCT7vgQG3TyoQh?= =?us-ascii?Q?G9ZCmTfkvBKgK2bouNSERlyg4QSRdO6bImHUZDS8LXBMBKbjKv+7pi8cfndt?= =?us-ascii?Q?KnXsvvg81zQYMOk0Fwo9RwZnhnysjTtrN5/TGnLdiiFU11RRu1RKGVtbAv5i?= =?us-ascii?Q?xbx4mzqAkFJr4qCdUEGNqYM9+zjq5r+s1kZVIlOH0kJdtdDw1LVCK92OlvGl?= =?us-ascii?Q?D+FqPJP/5qwKagM6DJbpz1+cYiFJibDniofWxglzS2/itoShB4d+mqBnSob/?= =?us-ascii?Q?uc/lQE9KWObGSj+sJuqAnIRAsAQmbHNpIS4KZ3Xl9LKZSoZJqvey2fjNFPbM?= =?us-ascii?Q?Vvjujrmu8QiPeTfdiy+ta1UjQAUDt0ThwwqgKXD2+eoNWJ/0V0xegA10jIq6?= =?us-ascii?Q?BTMGn/MsJxaO3WmHkfaXf0a0DlWPpUkbqN23h3/69BPfmOwVCcRdfKFQUnGc?= =?us-ascii?Q?MpVjXwTOHvWQwZ9XA/pi9PCs98IxAc1Wh5NUljZ8rmjg071fC1pupd0GJFzJ?= =?us-ascii?Q?px4c5EWY+lztyI8WJM34Nfwiyg6bf/awO8kIKgVXEPZwSbVUtlUPpsatuF2b?= =?us-ascii?Q?iK0wrxq2uRnXLn/d00UQPZKooAvffDDPgbwFS9UCHFzxF+b0eRmaZ391UYa4?= =?us-ascii?Q?0m4tKRpAN8n0R3IDzCkJHnN3D9k2LoQyjnIVF3vc4Usi0an5uomnYfbE9RGc?= =?us-ascii?Q?eZTBHooS16s0A02GW3q4wpTQVBtaske4VYBa7vbKYhT7sYVoaGRjwLBj7tUd?= =?us-ascii?Q?q3ggkcSOij78dddAqXTsQgk03dbzLFkdNoeQNsbTTJpjK9+UzCzqOs0B7GVU?= =?us-ascii?Q?x3DRnJ7U/gmlt80QPEJ1L27S6vurgOuJzY2t+1wF16SQqQcgQuEzX8NNs/+Y?= =?us-ascii?Q?sP5mSNmCHc5wQC9MzdGoWo8dvVqnOdCh5wHp4u6Cw/2xV6mIXwjuX+6qIBj9?= =?us-ascii?Q?X1tLZj5xvrC81bmlc/g+/Xu+ZpdYOGZemEg1oVxwF3Tkd9vhMkbzRNOysxga?= =?us-ascii?Q?ikPs8GTU6rJbByeVhf8CJTfow9+6mXEQposEhFF9aERfIXXHCGqxh98zPJmZ?= =?us-ascii?Q?bSkCuLGXp5Z4lJLJilltrQpgjAo0mzUcA1DqEveZiTYo+202g925oBqbaolZ?= =?us-ascii?Q?2YGqIFykpdPPk7BoFu914Y4w?= MIME-Version: 1.0 X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR12MB4779.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: fb155381-129b-4850-31b3-08d973af9b1f X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Sep 2021 16:33:50.7640 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: uBn9jPYpGwd9IRXrMVcLdDvYVDl71l+f+x/P+tQDEHoR9KICwJw/k4/qZoIpf70w X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB2342 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, Any feedback or status update on this? Thanks, -bob -----Original Message----- From: devel@edk2.groups.io On Behalf Of Bob Morgan v= ia groups.io Sent: Friday, August 27, 2021 2:07 PM To: devel@edk2.groups.io Cc: jiewen.yao@intel.com; jian.j.wang@intel.com; xiaoyux.lu@intel.com; guom= in.jiang@intel.com; Bob Morgan Subject: [edk2-devel] [PATCH] CryptoPkg/BaseCryptLib: Eliminate extra buffe= r copy in Pkcs7Verify() External email: Use caution opening links or attachments Create a read-only openSSL BIO wrapper for the existing input buffer passed= to Pkcs7Verify() instead of copying the buffer into an empty writable BIO = which causes memory allocations within openSSL. Signed-off-by: Bob Morgan --- CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c b/C= ryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c index d99597d181..8eda98f7b2 100644 --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c @@ -864,15 +864,11 @@ Pkcs7Verify ( // For generic PKCS#7 handling, InData may be NULL if the content is pre= sent // in PKCS#7 structure. So ignore NULL checking here. // - DataBio =3D BIO_new (BIO_s_mem ()); + DataBio =3D BIO_new_mem_buf (InData, (int) DataLength); if (DataBio =3D=3D NULL) { goto _Exit; } - if (BIO_write (DataBio, InData, (int) DataLength) <=3D 0) { - goto _Exit; - } - // // Allow partial certificate chains, terminated by a non-self-signed but // still trusted intermediate certificate. Also disable time checks. -- 2.17.1