From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.20; helo=mga02.intel.com; envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 92F07210F156E for ; Tue, 21 Aug 2018 17:36:40 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Aug 2018 17:36:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,271,1531810800"; d="scan'208";a="256934360" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by fmsmga006.fm.intel.com with ESMTP; 21 Aug 2018 17:36:34 -0700 Received: from fmsmsx152.amr.corp.intel.com (10.18.125.5) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 21 Aug 2018 17:36:33 -0700 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by FMSMSX152.amr.corp.intel.com (10.18.125.5) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 21 Aug 2018 17:36:33 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.240]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.150]) with mapi id 14.03.0319.002; Wed, 22 Aug 2018 08:36:31 +0800 From: "Wu, Jiaxin" To: "Li, Songpeng" , Laszlo Ersek , edk2-devel-01 CC: "Fu, Siyuan" Thread-Topic: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval Thread-Index: AQHUNjedZ2Lx01x1V0CMhENt1C4yCaTHq6GAgANIGPA= Date: Wed, 22 Aug 2018 00:36:31 +0000 Message-ID: <895558F6EA4E3B41AC93A00D163B72741648CCAA@SHSMSX103.ccr.corp.intel.com> References: <20180817143534.28393-1-lersek@redhat.com> <20180817143534.28393-4-lersek@redhat.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZTE0NjBkMmMtYzA0ZS00OTk2LWIxMjMtYjNkZWRlOGZlMjA5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiQit3aldaN2FxY2Q3ZVVld0hpYURPWkNhTndmWjZtUVwvT0NCYUozUm1jQUd4OUxab3Q1cXo3K01KemVDNkFqdDAifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Aug 2018 00:36:40 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Wu Jiaxin Thanks, Jiaxin > -----Original Message----- > From: Li, Songpeng > Sent: Monday, August 20, 2018 2:29 PM > To: Laszlo Ersek ; edk2-devel-01 devel@lists.01.org> > Cc: Wu, Jiaxin ; Fu, Siyuan > Subject: RE: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificat= e > attributes retrieval >=20 > It worked on my end. >=20 > Tested-by: Songpeng Li >=20 >=20 > Thanks & Best Regards, > Songpeng >=20 > > -----Original Message----- > > From: Laszlo Ersek [mailto:lersek@redhat.com] > > Sent: Friday, August 17, 2018 10:36 PM > > To: edk2-devel-01 > > Cc: Wu, Jiaxin ; Fu, Siyuan ;= Li, > > Songpeng > > Subject: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate > > attributes retrieval > > > > Per spec, the GetVariable() runtime service is not required to populate > > (*Attributes) on output when it fails with EFI_BUFFER_TOO_SMALL. > > > > Therefore we have to fetch the full contents of the TlsCaCertificate > > variable temporarily, just so we can (a) get the current attributes, an= d > > (b) add EFI_VARIABLE_APPEND_WRITE to them for the subsequent > > SetVariable() > > call. > > > > Cc: Jiaxin Wu > > Cc: Siyuan Fu > > Cc: Songpeng Li > > Reported-by: Songpeng Li > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1090 > > Fixes: b90c335fbbb674470fbf09601cc522bf61564c30 > > Contributed-under: TianoCore Contribution Agreement 1.1 > > Signed-off-by: Laszlo Ersek > > --- > > > > Notes: > > Tested via loading the same CA cert .pem file twice in a row, using= the > > HII form, first without any pre-existent TlsCaCertificate variable. > > > > Songpeng, can you please test this patch as well, and confirm if it > > works on your end? Thanks! > > > > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 27 > > +++++++++++++++++++- > > 1 file changed, 26 insertions(+), 1 deletion(-) > > > > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > > index 7259c5e82f61..0780b03bbab4 100644 > > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > > @@ -663,6 +663,7 @@ EnrollX509toVariable ( > > EFI_SIGNATURE_LIST *CACert; > > EFI_SIGNATURE_DATA *CACertData; > > VOID *Data; > > + VOID *CurrentData; > > UINTN DataSize; > > UINTN SigDataSize; > > UINT32 Attr; > > @@ -674,6 +675,7 @@ EnrollX509toVariable ( > > CACert =3D NULL; > > CACertData =3D NULL; > > Data =3D NULL; > > + CurrentData =3D NULL; > > Attr =3D 0; > > > > Status =3D ReadFileContent ( > > @@ -716,11 +718,30 @@ EnrollX509toVariable ( > > Status =3D gRT->GetVariable( > > VariableName, > > &gEfiTlsCaCertificateGuid, > > - &Attr, > > + NULL, > > &DataSize, > > NULL > > ); > > if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > > + // > > + // Per spec, we have to fetch the variable's contents, even though > we're > > + // only interested in the variable's attributes. > > + // > > + CurrentData =3D AllocatePool (DataSize); > > + if (CurrentData =3D=3D NULL) { > > + Status =3D EFI_OUT_OF_RESOURCES; > > + goto ON_EXIT; > > + } > > + Status =3D gRT->GetVariable( > > + VariableName, > > + &gEfiTlsCaCertificateGuid, > > + &Attr, > > + &DataSize, > > + CurrentData > > + ); > > + if (EFI_ERROR (Status)) { > > + goto ON_EXIT; > > + } > > Attr |=3D EFI_VARIABLE_APPEND_WRITE; > > } else if (Status =3D=3D EFI_NOT_FOUND) { > > Attr =3D TLS_AUTH_CONFIG_VAR_BASE_ATTR; > > @@ -751,6 +772,10 @@ ON_EXIT: > > FreePool (Data); > > } > > > > + if (CurrentData !=3D NULL) { > > + FreePool (CurrentData); > > + } > > + > > if (X509Data !=3D NULL) { > > FreePool (X509Data); > > } > > -- > > 2.14.1.3.gb7cf6e02401b > >