From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=66.187.233.73; helo=mx1.redhat.com; envelope-from=lersek@redhat.com; receiver=edk2-devel@lists.01.org Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 559F5210F8F0A for ; Tue, 21 Aug 2018 06:30:56 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A5FAF804B9F2; Tue, 21 Aug 2018 13:30:55 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-121-71.rdu2.redhat.com [10.10.121.71]) by smtp.corp.redhat.com (Postfix) with ESMTP id C36852166BA1; Tue, 21 Aug 2018 13:30:54 +0000 (UTC) To: "Li, Songpeng" , edk2-devel-01 Cc: "Fu, Siyuan" , "Wu, Jiaxin" References: <20180817143534.28393-1-lersek@redhat.com> <20180817143534.28393-4-lersek@redhat.com> From: Laszlo Ersek Message-ID: <839b4bce-a166-0cfd-5311-700a09330060@redhat.com> Date: Tue, 21 Aug 2018 15:30:53 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Tue, 21 Aug 2018 13:30:55 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Tue, 21 Aug 2018 13:30:55 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'lersek@redhat.com' RCPT:'' Subject: Re: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Aug 2018 13:30:56 -0000 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit On 08/20/18 08:29, Li, Songpeng wrote: > It worked on my end. > > Tested-by: Songpeng Li Thank you! Jiaxin, Siyuan, are you guys OK with this patch? Thanks Laszlo >> -----Original Message----- >> From: Laszlo Ersek [mailto:lersek@redhat.com] >> Sent: Friday, August 17, 2018 10:36 PM >> To: edk2-devel-01 >> Cc: Wu, Jiaxin ; Fu, Siyuan ; Li, >> Songpeng >> Subject: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate >> attributes retrieval >> >> Per spec, the GetVariable() runtime service is not required to populate >> (*Attributes) on output when it fails with EFI_BUFFER_TOO_SMALL. >> >> Therefore we have to fetch the full contents of the TlsCaCertificate >> variable temporarily, just so we can (a) get the current attributes, and >> (b) add EFI_VARIABLE_APPEND_WRITE to them for the subsequent >> SetVariable() >> call. >> >> Cc: Jiaxin Wu >> Cc: Siyuan Fu >> Cc: Songpeng Li >> Reported-by: Songpeng Li >> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1090 >> Fixes: b90c335fbbb674470fbf09601cc522bf61564c30 >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Laszlo Ersek >> --- >> >> Notes: >> Tested via loading the same CA cert .pem file twice in a row, using the >> HII form, first without any pre-existent TlsCaCertificate variable. >> >> Songpeng, can you please test this patch as well, and confirm if it >> works on your end? Thanks! >> >> NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 27 >> +++++++++++++++++++- >> 1 file changed, 26 insertions(+), 1 deletion(-) >> >> diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c >> b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c >> index 7259c5e82f61..0780b03bbab4 100644 >> --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c >> +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c >> @@ -663,6 +663,7 @@ EnrollX509toVariable ( >> EFI_SIGNATURE_LIST *CACert; >> EFI_SIGNATURE_DATA *CACertData; >> VOID *Data; >> + VOID *CurrentData; >> UINTN DataSize; >> UINTN SigDataSize; >> UINT32 Attr; >> @@ -674,6 +675,7 @@ EnrollX509toVariable ( >> CACert = NULL; >> CACertData = NULL; >> Data = NULL; >> + CurrentData = NULL; >> Attr = 0; >> >> Status = ReadFileContent ( >> @@ -716,11 +718,30 @@ EnrollX509toVariable ( >> Status = gRT->GetVariable( >> VariableName, >> &gEfiTlsCaCertificateGuid, >> - &Attr, >> + NULL, >> &DataSize, >> NULL >> ); >> if (Status == EFI_BUFFER_TOO_SMALL) { >> + // >> + // Per spec, we have to fetch the variable's contents, even though we're >> + // only interested in the variable's attributes. >> + // >> + CurrentData = AllocatePool (DataSize); >> + if (CurrentData == NULL) { >> + Status = EFI_OUT_OF_RESOURCES; >> + goto ON_EXIT; >> + } >> + Status = gRT->GetVariable( >> + VariableName, >> + &gEfiTlsCaCertificateGuid, >> + &Attr, >> + &DataSize, >> + CurrentData >> + ); >> + if (EFI_ERROR (Status)) { >> + goto ON_EXIT; >> + } >> Attr |= EFI_VARIABLE_APPEND_WRITE; >> } else if (Status == EFI_NOT_FOUND) { >> Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR; >> @@ -751,6 +772,10 @@ ON_EXIT: >> FreePool (Data); >> } >> >> + if (CurrentData != NULL) { >> + FreePool (CurrentData); >> + } >> + >> if (X509Data != NULL) { >> FreePool (X509Data); >> } >> -- >> 2.14.1.3.gb7cf6e02401b >> > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel >