1. Patchew
  2. EDK2
  3. View series

[edk2-devel] [PATCH v2] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify()

Bob Morgan via groups.io posted 1 patch 4 years, 5 months ago
Failed in applying to current master (apply log)
CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
[edk2-devel] [PATCH v2] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify()
Posted by Bob Morgan via groups.io 4 years, 5 months ago 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3617

Create a read-only openSSL BIO wrapper for the existing input
buffer passed to Pkcs7Verify() instead of copying the buffer
into an empty writable BIO which causes memory allocations
within openSSL.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Guomin Jiang <guomin.jiang@intel.com>
Signed-off-by: Bob Morgan <bobm@nvidia.com>
---
 CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
index d99597d181..8eda98f7b2 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
@@ -864,15 +864,11 @@ Pkcs7Verify (
   // For generic PKCS#7 handling, InData may be NULL if the content is present
   // in PKCS#7 structure. So ignore NULL checking here.
   //
-  DataBio = BIO_new (BIO_s_mem ());
+  DataBio = BIO_new_mem_buf (InData, (int) DataLength);
   if (DataBio == NULL) {
     goto _Exit;
   }
 
-  if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
-    goto _Exit;
-  }
-
   //
   // Allow partial certificate chains, terminated by a non-self-signed but
   // still trusted intermediate certificate. Also disable time checks.
-- 
2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80509): https://edk2.groups.io/g/devel/message/80509
Mute This Topic: https://groups.io/mt/85520871/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify()
Posted by Yao, Jiewen 4 years, 4 months ago 
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: Bob Morgan <bobm@nvidia.com>
> Sent: Saturday, September 11, 2021 5:34 AM
> To: devel@edk2.groups.io
> Cc: Bob Morgan <bobm@nvidia.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> Jiang, Guomin <guomin.jiang@intel.com>
> Subject: [PATCH v2] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in
> Pkcs7Verify()
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3617
> 
> Create a read-only openSSL BIO wrapper for the existing input
> buffer passed to Pkcs7Verify() instead of copying the buffer
> into an empty writable BIO which causes memory allocations
> within openSSL.
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Signed-off-by: Bob Morgan <bobm@nvidia.com>
> ---
>  CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 6 +-----
>  1 file changed, 1 insertion(+), 5 deletions(-)
> 
> diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
> b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
> index d99597d181..8eda98f7b2 100644
> --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
> +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
> @@ -864,15 +864,11 @@ Pkcs7Verify (
>    // For generic PKCS#7 handling, InData may be NULL if the content is present
>    // in PKCS#7 structure. So ignore NULL checking here.
>    //
> -  DataBio = BIO_new (BIO_s_mem ());
> +  DataBio = BIO_new_mem_buf (InData, (int) DataLength);
>    if (DataBio == NULL) {
>      goto _Exit;
>    }
> 
> -  if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
> -    goto _Exit;
> -  }
> -
>    //
>    // Allow partial certificate chains, terminated by a non-self-signed but
>    // still trusted intermediate certificate. Also disable time checks.
> --
> 2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#80535): https://edk2.groups.io/g/devel/message/80535
Mute This Topic: https://groups.io/mt/85520871/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify()
Posted by Yao, Jiewen 4 years, 3 months ago 
https://github.com/tianocore/edk2/pull/2055

pushed:
https://github.com/tianocore/edk2/commit/f22feb0e3b3f08b95201b258b104c45a2acef71f

> -----Original Message-----
> From: Yao, Jiewen
> Sent: Saturday, September 11, 2021 11:30 PM
> To: Bob Morgan <bobm@nvidia.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <XiaoyuX.Lu@intel.com>;
> Jiang, Guomin <Guomin.Jiang@intel.com>
> Subject: RE: [PATCH v2] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in
> Pkcs7Verify()
> 
> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> 
> > -----Original Message-----
> > From: Bob Morgan <bobm@nvidia.com>
> > Sent: Saturday, September 11, 2021 5:34 AM
> > To: devel@edk2.groups.io
> > Cc: Bob Morgan <bobm@nvidia.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> > Wang, Jian J <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>;
> > Jiang, Guomin <guomin.jiang@intel.com>
> > Subject: [PATCH v2] CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in
> > Pkcs7Verify()
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3617
> >
> > Create a read-only openSSL BIO wrapper for the existing input
> > buffer passed to Pkcs7Verify() instead of copying the buffer
> > into an empty writable BIO which causes memory allocations
> > within openSSL.
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Cc: Guomin Jiang <guomin.jiang@intel.com>
> > Signed-off-by: Bob Morgan <bobm@nvidia.com>
> > ---
> >  CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c | 6 +-----
> >  1 file changed, 1 insertion(+), 5 deletions(-)
> >
> > diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
> > b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
> > index d99597d181..8eda98f7b2 100644
> > --- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
> > +++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyCommon.c
> > @@ -864,15 +864,11 @@ Pkcs7Verify (
> >    // For generic PKCS#7 handling, InData may be NULL if the content is present
> >    // in PKCS#7 structure. So ignore NULL checking here.
> >    //
> > -  DataBio = BIO_new (BIO_s_mem ());
> > +  DataBio = BIO_new_mem_buf (InData, (int) DataLength);
> >    if (DataBio == NULL) {
> >      goto _Exit;
> >    }
> >
> > -  if (BIO_write (DataBio, InData, (int) DataLength) <= 0) {
> > -    goto _Exit;
> > -  }
> > -
> >    //
> >    // Allow partial certificate chains, terminated by a non-self-signed but
> >    // still trusted intermediate certificate. Also disable time checks.
> > --
> > 2.17.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#81843): https://edk2.groups.io/g/devel/message/81843
Mute This Topic: https://groups.io/mt/85520871/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.