From: Laszlo Ersek <lersek@redhat.com>
To: "Li, Songpeng" <songpeng.li@intel.com>,
edk2-devel-01 <edk2-devel@lists.01.org>
Cc: "Fu, Siyuan" <siyuan.fu@intel.com>, "Wu, Jiaxin" <jiaxin.wu@intel.com>
Subject: Re: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval
Date: Tue, 21 Aug 2018 15:30:53 +0200 [thread overview]
Message-ID: <839b4bce-a166-0cfd-5311-700a09330060@redhat.com> (raw)
In-Reply-To: <F4A2861CFE7EF04096224C048078577DB9955B@shsmsx102.ccr.corp.intel.com>
On 08/20/18 08:29, Li, Songpeng wrote:
> It worked on my end.
>
> Tested-by: Songpeng Li <songpeng.li@intel.com>
Thank you!
Jiaxin, Siyuan, are you guys OK with this patch?
Thanks
Laszlo
>> -----Original Message-----
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Friday, August 17, 2018 10:36 PM
>> To: edk2-devel-01 <edk2-devel@lists.01.org>
>> Cc: Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Li,
>> Songpeng <songpeng.li@intel.com>
>> Subject: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate
>> attributes retrieval
>>
>> Per spec, the GetVariable() runtime service is not required to populate
>> (*Attributes) on output when it fails with EFI_BUFFER_TOO_SMALL.
>>
>> Therefore we have to fetch the full contents of the TlsCaCertificate
>> variable temporarily, just so we can (a) get the current attributes, and
>> (b) add EFI_VARIABLE_APPEND_WRITE to them for the subsequent
>> SetVariable()
>> call.
>>
>> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
>> Cc: Siyuan Fu <siyuan.fu@intel.com>
>> Cc: Songpeng Li <songpeng.li@intel.com>
>> Reported-by: Songpeng Li <songpeng.li@intel.com>
>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1090
>> Fixes: b90c335fbbb674470fbf09601cc522bf61564c30
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>> ---
>>
>> Notes:
>> Tested via loading the same CA cert .pem file twice in a row, using the
>> HII form, first without any pre-existent TlsCaCertificate variable.
>>
>> Songpeng, can you please test this patch as well, and confirm if it
>> works on your end? Thanks!
>>
>> NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 27
>> +++++++++++++++++++-
>> 1 file changed, 26 insertions(+), 1 deletion(-)
>>
>> diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
>> b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
>> index 7259c5e82f61..0780b03bbab4 100644
>> --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
>> +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
>> @@ -663,6 +663,7 @@ EnrollX509toVariable (
>> EFI_SIGNATURE_LIST *CACert;
>> EFI_SIGNATURE_DATA *CACertData;
>> VOID *Data;
>> + VOID *CurrentData;
>> UINTN DataSize;
>> UINTN SigDataSize;
>> UINT32 Attr;
>> @@ -674,6 +675,7 @@ EnrollX509toVariable (
>> CACert = NULL;
>> CACertData = NULL;
>> Data = NULL;
>> + CurrentData = NULL;
>> Attr = 0;
>>
>> Status = ReadFileContent (
>> @@ -716,11 +718,30 @@ EnrollX509toVariable (
>> Status = gRT->GetVariable(
>> VariableName,
>> &gEfiTlsCaCertificateGuid,
>> - &Attr,
>> + NULL,
>> &DataSize,
>> NULL
>> );
>> if (Status == EFI_BUFFER_TOO_SMALL) {
>> + //
>> + // Per spec, we have to fetch the variable's contents, even though we're
>> + // only interested in the variable's attributes.
>> + //
>> + CurrentData = AllocatePool (DataSize);
>> + if (CurrentData == NULL) {
>> + Status = EFI_OUT_OF_RESOURCES;
>> + goto ON_EXIT;
>> + }
>> + Status = gRT->GetVariable(
>> + VariableName,
>> + &gEfiTlsCaCertificateGuid,
>> + &Attr,
>> + &DataSize,
>> + CurrentData
>> + );
>> + if (EFI_ERROR (Status)) {
>> + goto ON_EXIT;
>> + }
>> Attr |= EFI_VARIABLE_APPEND_WRITE;
>> } else if (Status == EFI_NOT_FOUND) {
>> Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
>> @@ -751,6 +772,10 @@ ON_EXIT:
>> FreePool (Data);
>> }
>>
>> + if (CurrentData != NULL) {
>> + FreePool (CurrentData);
>> + }
>> +
>> if (X509Data != NULL) {
>> FreePool (X509Data);
>> }
>> --
>> 2.14.1.3.gb7cf6e02401b
>>
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
>
next prev parent reply other threads:[~2018-08-21 13:30 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-17 14:35 [PATCH 0/4] {Mde, IntelFramework, Network, UefiCpu}Pkg: roundup for BZs 1074, 1090, 1092 Laszlo Ersek
2018-08-17 14:35 ` [PATCH 1/4] MdePkg/UefiLib: don't special-case EFI_FILE_MODE_CREATE in OpenMode Laszlo Ersek
2018-08-17 20:35 ` Gao, Liming
2018-08-17 14:35 ` [PATCH 2/4] IntelFrameworkPkg/FrameworkUefiLib: don't special-case EFI_FILE_MODE_CREATE Laszlo Ersek
2018-08-17 20:35 ` Gao, Liming
2018-08-17 14:35 ` [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval Laszlo Ersek
2018-08-20 6:29 ` Li, Songpeng
2018-08-21 13:30 ` Laszlo Ersek [this message]
2018-08-22 0:36 ` Wu, Jiaxin
2018-08-22 0:31 ` Fu, Siyuan
2018-08-17 14:35 ` [PATCH 4/4] UefiCpuPkg/PiSmmCpuDxeSmm: clear exec file mode bits on "PiSmmCpuDxeSmm.c" Laszlo Ersek
2018-08-20 1:31 ` Zeng, Star
2018-08-22 8:41 ` [PATCH 0/4] {Mde, IntelFramework, Network, UefiCpu}Pkg: roundup for BZs 1074, 1090, 1092 Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=839b4bce-a166-0cfd-5311-700a09330060@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox