public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Laszlo Ersek <lersek@redhat.com>
To: "Li, Songpeng" <songpeng.li@intel.com>,
	edk2-devel-01 <edk2-devel@lists.01.org>
Cc: "Fu, Siyuan" <siyuan.fu@intel.com>, "Wu, Jiaxin" <jiaxin.wu@intel.com>
Subject: Re: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval
Date: Tue, 21 Aug 2018 15:30:53 +0200	[thread overview]
Message-ID: <839b4bce-a166-0cfd-5311-700a09330060@redhat.com> (raw)
In-Reply-To: <F4A2861CFE7EF04096224C048078577DB9955B@shsmsx102.ccr.corp.intel.com>

On 08/20/18 08:29, Li, Songpeng wrote:
> It worked on my end.
> 
> Tested-by: Songpeng Li <songpeng.li@intel.com>

Thank you!

Jiaxin, Siyuan, are you guys OK with this patch?

Thanks
Laszlo

>> -----Original Message-----
>> From: Laszlo Ersek [mailto:lersek@redhat.com]
>> Sent: Friday, August 17, 2018 10:36 PM
>> To: edk2-devel-01 <edk2-devel@lists.01.org>
>> Cc: Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Li,
>> Songpeng <songpeng.li@intel.com>
>> Subject: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate
>> attributes retrieval
>>
>> Per spec, the GetVariable() runtime service is not required to populate
>> (*Attributes) on output when it fails with EFI_BUFFER_TOO_SMALL.
>>
>> Therefore we have to fetch the full contents of the TlsCaCertificate
>> variable temporarily, just so we can (a) get the current attributes, and
>> (b) add EFI_VARIABLE_APPEND_WRITE to them for the subsequent
>> SetVariable()
>> call.
>>
>> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
>> Cc: Siyuan Fu <siyuan.fu@intel.com>
>> Cc: Songpeng Li <songpeng.li@intel.com>
>> Reported-by: Songpeng Li <songpeng.li@intel.com>
>> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1090
>> Fixes: b90c335fbbb674470fbf09601cc522bf61564c30
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
>> ---
>>
>> Notes:
>>     Tested via loading the same CA cert .pem file twice in a row, using the
>>     HII form, first without any pre-existent TlsCaCertificate variable.
>>
>>     Songpeng, can you please test this patch as well, and confirm if it
>>     works on your end? Thanks!
>>
>>  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 27
>> +++++++++++++++++++-
>>  1 file changed, 26 insertions(+), 1 deletion(-)
>>
>> diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
>> b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
>> index 7259c5e82f61..0780b03bbab4 100644
>> --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
>> +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
>> @@ -663,6 +663,7 @@ EnrollX509toVariable (
>>    EFI_SIGNATURE_LIST                *CACert;
>>    EFI_SIGNATURE_DATA                *CACertData;
>>    VOID                              *Data;
>> +  VOID                              *CurrentData;
>>    UINTN                             DataSize;
>>    UINTN                             SigDataSize;
>>    UINT32                            Attr;
>> @@ -674,6 +675,7 @@ EnrollX509toVariable (
>>    CACert        = NULL;
>>    CACertData    = NULL;
>>    Data          = NULL;
>> +  CurrentData   = NULL;
>>    Attr          = 0;
>>
>>    Status = ReadFileContent (
>> @@ -716,11 +718,30 @@ EnrollX509toVariable (
>>    Status = gRT->GetVariable(
>>                    VariableName,
>>                    &gEfiTlsCaCertificateGuid,
>> -                  &Attr,
>> +                  NULL,
>>                    &DataSize,
>>                    NULL
>>                    );
>>    if (Status == EFI_BUFFER_TOO_SMALL) {
>> +    //
>> +    // Per spec, we have to fetch the variable's contents, even though we're
>> +    // only interested in the variable's attributes.
>> +    //
>> +    CurrentData = AllocatePool (DataSize);
>> +    if (CurrentData == NULL) {
>> +      Status = EFI_OUT_OF_RESOURCES;
>> +      goto ON_EXIT;
>> +    }
>> +    Status = gRT->GetVariable(
>> +                    VariableName,
>> +                    &gEfiTlsCaCertificateGuid,
>> +                    &Attr,
>> +                    &DataSize,
>> +                    CurrentData
>> +                    );
>> +    if (EFI_ERROR (Status)) {
>> +      goto ON_EXIT;
>> +    }
>>      Attr |= EFI_VARIABLE_APPEND_WRITE;
>>    } else if (Status == EFI_NOT_FOUND) {
>>      Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
>> @@ -751,6 +772,10 @@ ON_EXIT:
>>      FreePool (Data);
>>    }
>>
>> +  if (CurrentData != NULL) {
>> +    FreePool (CurrentData);
>> +  }
>> +
>>    if (X509Data != NULL) {
>>      FreePool (X509Data);
>>    }
>> --
>> 2.14.1.3.gb7cf6e02401b
>>
> 
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel
> 



  reply	other threads:[~2018-08-21 13:30 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-17 14:35 [PATCH 0/4] {Mde, IntelFramework, Network, UefiCpu}Pkg: roundup for BZs 1074, 1090, 1092 Laszlo Ersek
2018-08-17 14:35 ` [PATCH 1/4] MdePkg/UefiLib: don't special-case EFI_FILE_MODE_CREATE in OpenMode Laszlo Ersek
2018-08-17 20:35   ` Gao, Liming
2018-08-17 14:35 ` [PATCH 2/4] IntelFrameworkPkg/FrameworkUefiLib: don't special-case EFI_FILE_MODE_CREATE Laszlo Ersek
2018-08-17 20:35   ` Gao, Liming
2018-08-17 14:35 ` [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval Laszlo Ersek
2018-08-20  6:29   ` Li, Songpeng
2018-08-21 13:30     ` Laszlo Ersek [this message]
2018-08-22  0:36     ` Wu, Jiaxin
2018-08-22  0:31   ` Fu, Siyuan
2018-08-17 14:35 ` [PATCH 4/4] UefiCpuPkg/PiSmmCpuDxeSmm: clear exec file mode bits on "PiSmmCpuDxeSmm.c" Laszlo Ersek
2018-08-20  1:31   ` Zeng, Star
2018-08-22  8:41 ` [PATCH 0/4] {Mde, IntelFramework, Network, UefiCpu}Pkg: roundup for BZs 1074, 1090, 1092 Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=839b4bce-a166-0cfd-5311-700a09330060@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox