public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Laszlo Ersek <lersek@redhat.com>
To: edk2-devel-01 <edk2-devel@lists.01.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Chao Zhang <chao.b.zhang@intel.com>, Gary Lin <glin@suse.com>,
	Leif Lindholm <leif.lindholm@linaro.org>,
	Long Qin <qin.long@intel.com>
Subject: [PATCH] SecurityPkg/AuthVariableLib: fix GCC build error
Date: Tue, 17 Oct 2017 21:16:46 +0200	[thread overview]
Message-ID: <20171017191646.26065-1-lersek@redhat.com> (raw)

Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for
Private Auth Variable", 2017-09-12) introduced the following build
failure under several GCC toolchain versions:

> SecurityPkg/Library/AuthVariableLib/AuthService.c: In function
> 'CalculatePrivAuthVarSignChainSHA256Digest':
> SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error:
> pointer targets in passing argument 3 of 'X509GetCommonName' differ in
> signedness [-Werror=pointer-sign]
>    Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
>                                                           ^~~~~~~~~~~~~~
> In file included from
> SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0,
>                  from
>                  SecurityPkg/Library/AuthVariableLib/AuthService.c:32:
> CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 *
> {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}'
>  X509GetCommonName (
>  ^~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors

Fix it by changing the type of "CertCommonName" to array-of-CHAR8.

Locations where "CertCommonName" is used in the
CalculatePrivAuthVarSignChainSHA256Digest() function:

- it is taken the size of -- not impacted by this patch;

- passed to X509GetCommonName() as an argument -- the patch fixes the
  build error;

- passed to Sha256Update() as argument for "IN CONST VOID  *Data" -- not
  impacted by the patch;

- passed to AsciiStrLen() as argument -- drop the now-superfluous explicit
  cast.

Since we are touching the Sha256Update() function call, fix the coding
style too:

- the line is overlong, so break each argument to its own line;

- insert a space between "AsciiStrLen" and the opening paren "(".

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Gary Lin <glin@suse.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Long Qin <qin.long@intel.com>
Reported-by: Gary Lin <glin@suse.com>
Suggested-by: Gary Lin <glin@suse.com>
Suggested-by: Long Qin <qin.long@intel.com>
Fixes: 53c6ff18032737fabb644a9e0c781d91a6830248
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---

Notes:
    The GCC build has been broken for too long by now; I'll push the patch
    as soon as I get any Reviewed-by.

 SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 7188ff600823..2966811fa7ff 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -1554,7 +1554,7 @@ CalculatePrivAuthVarSignChainSHA256Digest(
 {
   UINT8                   *TbsCert;
   UINTN                   TbsCertSize;
-  UINT8                   CertCommonName[128];
+  CHAR8                   CertCommonName[128];
   UINTN                   CertCommonNameSize;
   BOOLEAN                 CryptoStatus;
   EFI_STATUS              Status;
@@ -1590,7 +1590,11 @@ CalculatePrivAuthVarSignChainSHA256Digest(
   //
   // '\0' is forced in CertCommonName. No overflow issue
   //
-  CryptoStatus = Sha256Update (mHashCtx, CertCommonName, AsciiStrLen((CHAR8 *)CertCommonName));
+  CryptoStatus = Sha256Update (
+                   mHashCtx,
+                   CertCommonName,
+                   AsciiStrLen (CertCommonName)
+                   );
   if (!CryptoStatus) {
     return EFI_ABORTED;
   }
-- 
2.14.1.3.gb7cf6e02401b



             reply	other threads:[~2017-10-17 19:13 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-17 19:16 Laszlo Ersek [this message]
2017-10-17 19:28 ` [PATCH] SecurityPkg/AuthVariableLib: fix GCC build error Ard Biesheuvel
2017-10-17 19:42 ` Leif Lindholm
2017-10-17 19:54 ` Laszlo Ersek
2017-10-18  6:46   ` Gary Lin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171017191646.26065-1-lersek@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox