summaryrefslogtreecommitdiffstats
path: root/CryptoPkg/Library
diff options
context:
space:
mode:
authorBob Morgan <bobm@nvidia.com>2021-09-11 05:34:14 +0800
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2021-10-13 01:45:18 +0000
commitf22feb0e3b3f08b95201b258b104c45a2acef71f (patch)
tree7b057f48ef2ebacf28902f0f58561cbc0e128957 /CryptoPkg/Library
parentba4ae92234b1985a89b3abed221d825b8d9ef9e2 (diff)
downloadedk2-f22feb0e3b3f08b95201b258b104c45a2acef71f.tar.gz
edk2-f22feb0e3b3f08b95201b258b104c45a2acef71f.tar.bz2
edk2-f22feb0e3b3f08b95201b258b104c45a2acef71f.zip
CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify()
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3617 Create a read-only openSSL BIO wrapper for the existing input buffer passed to Pkcs7Verify() instead of copying the buffer into an empty writable BIO which causes memory allocations within openSSL. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Bob Morgan <bobm@nvidia.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Diffstat (limited to 'CryptoPkg/Library')
-rw-r--r--CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c6
1 files changed, 1 insertions, 5 deletions
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
index d99597d181..8eda98f7b2 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
@@ -864,15 +864,11 @@ Pkcs7Verify (
// For generic PKCS#7 handling, InData may be NULL if the content is present
// in PKCS#7 structure. So ignore NULL checking here.
//
- DataBio = BIO_new (BIO_s_mem ());
+ DataBio = BIO_new_mem_buf (InData, (int) DataLength);
if (DataBio == NULL) {
goto _Exit;
}
- if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
- goto _Exit;
- }
-
//
// Allow partial certificate chains, terminated by a non-self-signed but
// still trusted intermediate certificate. Also disable time checks.