mirror of https://github.com/acidanthera/audk.git
CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify()
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3617 Create a read-only openSSL BIO wrapper for the existing input buffer passed to Pkcs7Verify() instead of copying the buffer into an empty writable BIO which causes memory allocations within openSSL. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> Cc: Guomin Jiang <guomin.jiang@intel.com> Signed-off-by: Bob Morgan <bobm@nvidia.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
parent
ba4ae92234
commit
f22feb0e3b
|
@ -864,15 +864,11 @@ Pkcs7Verify (
|
|||
// For generic PKCS#7 handling, InData may be NULL if the content is present
|
||||
// in PKCS#7 structure. So ignore NULL checking here.
|
||||
//
|
||||
DataBio = BIO_new (BIO_s_mem ());
|
||||
DataBio = BIO_new_mem_buf (InData, (int) DataLength);
|
||||
if (DataBio == NULL) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
|
||||
goto _Exit;
|
||||
}
|
||||
|
||||
//
|
||||
// Allow partial certificate chains, terminated by a non-self-signed but
|
||||
// still trusted intermediate certificate. Also disable time checks.
|
||||
|
|
Loading…
Reference in New Issue