From: Leif Lindholm <leif.lindholm@linaro.org>
To: Laszlo Ersek <lersek@redhat.com>
Cc: edk2-devel-01 <edk2-devel@lists.01.org>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Chao Zhang <chao.b.zhang@intel.com>, Gary Lin <glin@suse.com>,
Long Qin <qin.long@intel.com>
Subject: Re: [PATCH] SecurityPkg/AuthVariableLib: fix GCC build error
Date: Tue, 17 Oct 2017 20:42:37 +0100 [thread overview]
Message-ID: <20171017194237.fqn4rlcokhlhkyqz@bivouac.eciton.net> (raw)
In-Reply-To: <20171017191646.26065-1-lersek@redhat.com>
On Tue, Oct 17, 2017 at 09:16:46PM +0200, Laszlo Ersek wrote:
> Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for
> Private Auth Variable", 2017-09-12) introduced the following build
> failure under several GCC toolchain versions:
>
> > SecurityPkg/Library/AuthVariableLib/AuthService.c: In function
> > 'CalculatePrivAuthVarSignChainSHA256Digest':
> > SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error:
> > pointer targets in passing argument 3 of 'X509GetCommonName' differ in
> > signedness [-Werror=pointer-sign]
> > Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
> > ^~~~~~~~~~~~~~
> > In file included from
> > SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0,
> > from
> > SecurityPkg/Library/AuthVariableLib/AuthService.c:32:
> > CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 *
> > {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}'
> > X509GetCommonName (
> > ^~~~~~~~~~~~~~~~~
> > cc1: all warnings being treated as errors
>
> Fix it by changing the type of "CertCommonName" to array-of-CHAR8.
>
> Locations where "CertCommonName" is used in the
> CalculatePrivAuthVarSignChainSHA256Digest() function:
>
> - it is taken the size of -- not impacted by this patch;
>
> - passed to X509GetCommonName() as an argument -- the patch fixes the
> build error;
>
> - passed to Sha256Update() as argument for "IN CONST VOID *Data" -- not
> impacted by the patch;
>
> - passed to AsciiStrLen() as argument -- drop the now-superfluous explicit
> cast.
>
> Since we are touching the Sha256Update() function call, fix the coding
> style too:
>
> - the line is overlong, so break each argument to its own line;
>
> - insert a space between "AsciiStrLen" and the opening paren "(".
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Gary Lin <glin@suse.com>
> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> Cc: Long Qin <qin.long@intel.com>
> Reported-by: Gary Lin <glin@suse.com>
> Suggested-by: Gary Lin <glin@suse.com>
> Suggested-by: Long Qin <qin.long@intel.com>
> Fixes: 53c6ff18032737fabb644a9e0c781d91a6830248
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
On the one hand, I am wondering whether that API _should_ be using
UINT8 rather than an architecture-dependent type.
On the other hand, that would be a much bigger change, and master is
currently broken.
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
/
Leif
> ---
>
> Notes:
> The GCC build has been broken for too long by now; I'll push the patch
> as soon as I get any Reviewed-by.
>
> SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
> index 7188ff600823..2966811fa7ff 100644
> --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
> +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
> @@ -1554,7 +1554,7 @@ CalculatePrivAuthVarSignChainSHA256Digest(
> {
> UINT8 *TbsCert;
> UINTN TbsCertSize;
> - UINT8 CertCommonName[128];
> + CHAR8 CertCommonName[128];
> UINTN CertCommonNameSize;
> BOOLEAN CryptoStatus;
> EFI_STATUS Status;
> @@ -1590,7 +1590,11 @@ CalculatePrivAuthVarSignChainSHA256Digest(
> //
> // '\0' is forced in CertCommonName. No overflow issue
> //
> - CryptoStatus = Sha256Update (mHashCtx, CertCommonName, AsciiStrLen((CHAR8 *)CertCommonName));
> + CryptoStatus = Sha256Update (
> + mHashCtx,
> + CertCommonName,
> + AsciiStrLen (CertCommonName)
> + );
> if (!CryptoStatus) {
> return EFI_ABORTED;
> }
> --
> 2.14.1.3.gb7cf6e02401b
>
next prev parent reply other threads:[~2017-10-17 19:39 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-17 19:16 [PATCH] SecurityPkg/AuthVariableLib: fix GCC build error Laszlo Ersek
2017-10-17 19:28 ` Ard Biesheuvel
2017-10-17 19:42 ` Leif Lindholm [this message]
2017-10-17 19:54 ` Laszlo Ersek
2017-10-18 6:46 ` Gary Lin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171017194237.fqn4rlcokhlhkyqz@bivouac.eciton.net \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox