tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify() 

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3617

Create a read-only openSSL BIO wrapper for the existing input
buffer passed to Pkcs7Verify() instead of copying the buffer
into an empty writable BIO which causes memory allocations
within openSSL.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Bob Morgan <bobm@nvidia.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Bob Morgan 2021-09-11 05:34:14 +08:00 committed by mergify[bot]
parent ba4ae92234
commit f22feb0e3b
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
View File

@ -864,15 +864,11 @@ Pkcs7Verify (
// For generic PKCS#7 handling, InData may be NULL if the content is present // For generic PKCS#7 handling, InData may be NULL if the content is present
// in PKCS#7 structure. So ignore NULL checking here. // in PKCS#7 structure. So ignore NULL checking here.
// //
DataBio = BIO_new (BIO_s_mem ()); DataBio = BIO_new_mem_buf (InData, (int) DataLength);
if (DataBio == NULL) { if (DataBio == NULL) {
goto _Exit; goto _Exit;
} }
if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
goto _Exit;
}
// //
// Allow partial certificate chains, terminated by a non-self-signed but // Allow partial certificate chains, terminated by a non-self-signed but
// still trusted intermediate certificate. Also disable time checks. // still trusted intermediate certificate. Also disable time checks.