Re: [edk2-devel] [PATCH] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify()

[Yao, Jiewen]

Seems good one.

Would you please follow process?
1) Submit Bugzilla https://bugzilla.tianocore.org/
2) Add all reviewers with Cc: in the patch.

Please also share the information on what test has been done for this change.

Thank you
Yao Jiewen

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bob
> Morgan via groups.io
> Sent: Friday, September 10, 2021 12:34 AM
> To: devel@edk2.groups.io; Bob Morgan <b...@nvidia.com>
> Cc: Yao, Jiewen <jiewen....@intel.com>; Wang, Jian J <jian.j.w...@intel.com>;
> Lu, XiaoyuX <xiaoyux...@intel.com>; Jiang, Guomin <guomin.ji...@intel.com>
> Subject: Re: [edk2-devel] [PATCH] CryptoPkg/BaseCryptLib: Eliminate extra
> buffer copy in Pkcs7Verify()
> 
> Hi, Any feedback or status update on this?
> 
> Thanks,
> 
> -bob
> 
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bob
> Morgan via groups.io
> Sent: Friday, August 27, 2021 2:07 PM
> To: devel@edk2.groups.io
> Cc: jiewen....@intel.com; jian.j.w...@intel.com; xiaoyux...@intel.com;
> guomin.ji...@intel.com; Bob Morgan <b...@nvidia.com>
> Subject: [edk2-devel] [PATCH] CryptoPkg/BaseCryptLib: Eliminate extra buffer
> copy in Pkcs7Verify()
> 
> External email: Use caution opening links or attachments
> 
> 
> Create a read-only openSSL BIO wrapper for the existing input buffer passed to
> Pkcs7Verify() instead of copying the buffer into an empty writable BIO which
> causes memory allocations within openSSL.
> 
> Signed-off-by: Bob Morgan <b...@nvidia.com>
> ---
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 6 +-----
>  1 file changed, 1 insertion(+), 5 deletions(-)
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
> index d99597d181..8eda98f7b2 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
> @@ -864,15 +864,11 @@ Pkcs7Verify (
>    // For generic PKCS#7 handling, InData may be NULL if the content is 
> present
>    // in PKCS#7 structure. So ignore NULL checking here.
>    //
> -  DataBio = BIO_new (BIO_s_mem ());
> +  DataBio = BIO_new_mem_buf (InData, (int) DataLength);
>    if (DataBio == NULL) {
>      goto _Exit;
>    }
> 
> -  if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
> -    goto _Exit;
> -  }
> -
>    //
>    // Allow partial certificate chains, terminated by a non-self-signed but
>    // still trusted intermediate certificate. Also disable time checks.
> --
> 2.17.1
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80463): https://edk2.groups.io/g/devel/message/80463
Mute This Topic: https://groups.io/mt/85195547/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-