X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=CryptoPkg%2FLibrary%2FBaseCryptLib%2FPk%2FCryptPkcs7Sign.c;h=442f573f8bddb108bd0859f69c8fef59f903006b;hp=704eb4ec94003b54f7ff2536fc918ebf72b8177e;hb=2009f6b4c5cbd7dda95a2594288405224173d239;hpb=1463ce18ca7c4f971c08cc6341dbb0adb25c831a

diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
index 704eb4ec94..442f573f8b 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7Sign.c
@@ -1,14 +1,8 @@
 /** @file
   PKCS#7 SignedData Sign Wrapper Implementation over OpenSSL.
 
-Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution.  The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
 
@@ -18,7 +12,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 
-
 /**
   Creates a PKCS#7 signedData as described in "PKCS #7: Cryptographic Message
   Syntax Standard, version 1.5". This interface is only intended to be used for
@@ -35,7 +28,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
   @param[in]  OtherCerts       Pointer to an optional additional set of certificates to
                                include in the PKCS#7 signedData (e.g. any intermediate
                                CAs in the chain).
-  @param[out] SignedData       Pointer to output PKCS#7 signedData.
+  @param[out] SignedData       Pointer to output PKCS#7 signedData. It's caller's
+                               responsibility to free the buffer with FreePool().
   @param[out] SignedDataSize   Size of SignedData in bytes.
 
   @retval     TRUE             PKCS#7 data signing succeeded.
@@ -121,7 +115,7 @@ Pkcs7Sign (
   }
 
   //
-  // Convert the data to be signed to BIO format. 
+  // Convert the data to be signed to BIO format.
   //
   DataBio = BIO_new (BIO_s_mem ());
   if (DataBio == NULL) {
@@ -168,7 +162,7 @@ Pkcs7Sign (
   // is totally 19 bytes.
   //
   *SignedDataSize = P7DataSize - 19;
-  *SignedData     = malloc (*SignedDataSize);
+  *SignedData     = AllocatePool (*SignedDataSize);
   if (*SignedData == NULL) {
     OPENSSL_free (P7Data);
     goto _Exit;
@@ -184,13 +178,6 @@ _Exit:
   //
   // Release Resources
   //
-  if (RsaContext != NULL) {
-    RsaFree (RsaContext);
-    if (Key != NULL) {
-      Key->pkey.rsa = NULL;
-    }
-  }
-
   if (Key != NULL) {
     EVP_PKEY_free (Key);
   }