Re: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
To: "Li, Songpeng" <songpeng.li@intel.com>,
	Laszlo Ersek <lersek@redhat.com>,
	 edk2-devel-01 <edk2-devel@lists.01.org>
Cc: "Fu, Siyuan" <siyuan.fu@intel.com>
Subject: Re: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval
Date: Wed, 22 Aug 2018 00:36:31 +0000	[thread overview]
Message-ID: <895558F6EA4E3B41AC93A00D163B72741648CCAA@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <F4A2861CFE7EF04096224C048078577DB9955B@shsmsx102.ccr.corp.intel.com>

Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>

Thanks,
Jiaxin

> -----Original Message-----
> From: Li, Songpeng
> Sent: Monday, August 20, 2018 2:29 PM
> To: Laszlo Ersek <lersek@redhat.com>; edk2-devel-01 <edk2-
> devel@lists.01.org>
> Cc: Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>
> Subject: RE: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate
> attributes retrieval
> 
> It worked on my end.
> 
> Tested-by: Songpeng Li <songpeng.li@intel.com>
> 
> 
> Thanks & Best Regards,
> Songpeng
> 
> > -----Original Message-----
> > From: Laszlo Ersek [mailto:lersek@redhat.com]
> > Sent: Friday, August 17, 2018 10:36 PM
> > To: edk2-devel-01 <edk2-devel@lists.01.org>
> > Cc: Wu, Jiaxin <jiaxin.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>; Li,
> > Songpeng <songpeng.li@intel.com>
> > Subject: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate
> > attributes retrieval
> >
> > Per spec, the GetVariable() runtime service is not required to populate
> > (*Attributes) on output when it fails with EFI_BUFFER_TOO_SMALL.
> >
> > Therefore we have to fetch the full contents of the TlsCaCertificate
> > variable temporarily, just so we can (a) get the current attributes, and
> > (b) add EFI_VARIABLE_APPEND_WRITE to them for the subsequent
> > SetVariable()
> > call.
> >
> > Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> > Cc: Siyuan Fu <siyuan.fu@intel.com>
> > Cc: Songpeng Li <songpeng.li@intel.com>
> > Reported-by: Songpeng Li <songpeng.li@intel.com>
> > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1090
> > Fixes: b90c335fbbb674470fbf09601cc522bf61564c30
> > Contributed-under: TianoCore Contribution Agreement 1.1
> > Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> > ---
> >
> > Notes:
> >     Tested via loading the same CA cert .pem file twice in a row, using the
> >     HII form, first without any pre-existent TlsCaCertificate variable.
> >
> >     Songpeng, can you please test this patch as well, and confirm if it
> >     works on your end? Thanks!
> >
> >  NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 27
> > +++++++++++++++++++-
> >  1 file changed, 26 insertions(+), 1 deletion(-)
> >
> > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
> > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
> > index 7259c5e82f61..0780b03bbab4 100644
> > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
> > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
> > @@ -663,6 +663,7 @@ EnrollX509toVariable (
> >    EFI_SIGNATURE_LIST                *CACert;
> >    EFI_SIGNATURE_DATA                *CACertData;
> >    VOID                              *Data;
> > +  VOID                              *CurrentData;
> >    UINTN                             DataSize;
> >    UINTN                             SigDataSize;
> >    UINT32                            Attr;
> > @@ -674,6 +675,7 @@ EnrollX509toVariable (
> >    CACert        = NULL;
> >    CACertData    = NULL;
> >    Data          = NULL;
> > +  CurrentData   = NULL;
> >    Attr          = 0;
> >
> >    Status = ReadFileContent (
> > @@ -716,11 +718,30 @@ EnrollX509toVariable (
> >    Status = gRT->GetVariable(
> >                    VariableName,
> >                    &gEfiTlsCaCertificateGuid,
> > -                  &Attr,
> > +                  NULL,
> >                    &DataSize,
> >                    NULL
> >                    );
> >    if (Status == EFI_BUFFER_TOO_SMALL) {
> > +    //
> > +    // Per spec, we have to fetch the variable's contents, even though
> we're
> > +    // only interested in the variable's attributes.
> > +    //
> > +    CurrentData = AllocatePool (DataSize);
> > +    if (CurrentData == NULL) {
> > +      Status = EFI_OUT_OF_RESOURCES;
> > +      goto ON_EXIT;
> > +    }
> > +    Status = gRT->GetVariable(
> > +                    VariableName,
> > +                    &gEfiTlsCaCertificateGuid,
> > +                    &Attr,
> > +                    &DataSize,
> > +                    CurrentData
> > +                    );
> > +    if (EFI_ERROR (Status)) {
> > +      goto ON_EXIT;
> > +    }
> >      Attr |= EFI_VARIABLE_APPEND_WRITE;
> >    } else if (Status == EFI_NOT_FOUND) {
> >      Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
> > @@ -751,6 +772,10 @@ ON_EXIT:
> >      FreePool (Data);
> >    }
> >
> > +  if (CurrentData != NULL) {
> > +    FreePool (CurrentData);
> > +  }
> > +
> >    if (X509Data != NULL) {
> >      FreePool (X509Data);
> >    }
> > --
> > 2.14.1.3.gb7cf6e02401b
> >

next prev parent reply	other threads:[~2018-08-22  0:36 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-17 14:35 [PATCH 0/4] {Mde, IntelFramework, Network, UefiCpu}Pkg: roundup for BZs 1074, 1090, 1092 Laszlo Ersek
2018-08-17 14:35 ` [PATCH 1/4] MdePkg/UefiLib: don't special-case EFI_FILE_MODE_CREATE in OpenMode Laszlo Ersek
2018-08-17 20:35   ` Gao, Liming
2018-08-17 14:35 ` [PATCH 2/4] IntelFrameworkPkg/FrameworkUefiLib: don't special-case EFI_FILE_MODE_CREATE Laszlo Ersek
2018-08-17 20:35   ` Gao, Liming
2018-08-17 14:35 ` [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval Laszlo Ersek
2018-08-20  6:29   ` Li, Songpeng
2018-08-21 13:30     ` Laszlo Ersek
2018-08-22  0:36     ` Wu, Jiaxin [this message]
2018-08-22  0:31   ` Fu, Siyuan
2018-08-17 14:35 ` [PATCH 4/4] UefiCpuPkg/PiSmmCpuDxeSmm: clear exec file mode bits on "PiSmmCpuDxeSmm.c" Laszlo Ersek
2018-08-20  1:31   ` Zeng, Star
2018-08-22  8:41 ` [PATCH 0/4] {Mde, IntelFramework, Network, UefiCpu}Pkg: roundup for BZs 1074, 1090, 1092 Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=895558F6EA4E3B41AC93A00D163B72741648CCAA@SHSMSX103.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox