From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@linaro.org header.s=google header.b=TGE/ghCS;
 spf=pass (domain: linaro.org, ip: 209.85.128.66, mailfrom: ard.biesheuvel@linaro.org)
Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66])
 by groups.io with SMTP; Wed, 04 Sep 2019 05:37:28 -0700
Received: by mail-wm1-f66.google.com with SMTP id t17so3139836wmi.2
        for <devel@edk2.groups.io>; Wed, 04 Sep 2019 05:37:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=ywDk8giAcYQzEKGV7O/PZ8b3V3nL6WwyCpg/uo/9ZIw=;
        b=TGE/ghCSfZ6udJXQmD22Nv8QE8cibN7b4hQK3118xbyP8M67NAwbNo5olT00C/4ZNK
         Cdh0W6pWV/5M7Mbg5yLnefWCUI5IbGMfC4V5W6vJa5tLsnjDqlOFnPoOxO1Xw3UhZT+h
         nfHZhEZCyndUH7BtHtM/hLYraL4uoJjcSAyf6SDo9cEgZnVX1zlsi8zUQazgSXkeweyt
         31EQXvBeYD6RMEIUlnB3smFdVzMvekK04FcuBH0202P0xzF6Z9Hz0jjb0SUi6FQx5gnS
         XTIyvoeuV0KRFu8j9G5hz2T8w3KNnIljySoIoBhb1KOC3snFZP1k3k0qXJHpTREpQMyl
         jJOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=ywDk8giAcYQzEKGV7O/PZ8b3V3nL6WwyCpg/uo/9ZIw=;
        b=QEfOXQp8a2mvy2DhBwNzYlrCDAuDNyEZtgBqkCcHtT0MAcXDJW3kblKw81OSNRgQMR
         UU6bMmnmG03PvuqmzshkBCLdsoy9KoIi2HDC5+UTRabKO0pBq6Ekns2VRMEY1QaWDkrp
         o/fElm4xhTfUwwWbwHPh1FB329iZyWZPOW5qolCnJytJ3s7WNBoN1IIsANSZEbRd6TTi
         +eCLleZ+wqcclSKsqUX2an8sxLfd7EhMobxq4pdK05ZPET6W214r/itTO1VZQMOCrTQb
         /29DN+sH18sPS6y86FHh8ks7K2zyEzEHWI9xG8OliW56HKvxZFcvwieV9Dx168i5f1pw
         56+g==
X-Gm-Message-State: APjAAAVmmB5PUb7EqAivgVuX4T7mDqnKSDROStA4hsu4mM2KDlZ6psZy
	UfJ33cSXlqt5cgX6VplU3XBHN5o89AqzWH0bAogQRA==
X-Google-Smtp-Source: APXvYqyAnk1/gFDHj6X1PJa8AmdnjeMw1tiZ8uhZkGVGTYcspU51Qas32mBOa3zoBOdMnOY1JhekdV6Z/PObxN0oCS0=
X-Received: by 2002:a1c:2546:: with SMTP id l67mr4407553wml.10.1567600646388;
 Wed, 04 Sep 2019 05:37:26 -0700 (PDT)
MIME-Version: 1.0
References: <20190904075233.5005-1-lersek@redhat.com>
In-Reply-To: <20190904075233.5005-1-lersek@redhat.com>
From: "Ard Biesheuvel" <ard.biesheuvel@linaro.org>
Date: Wed, 4 Sep 2019 05:37:14 -0700
Message-ID: <CAKv+Gu9Y+rna63LUgUOY3miiXjfqV6Tg7+PEBdurLN+TnztcOQ@mail.gmail.com>
Subject: Re: [PATCH v2] OvmfPkg/EnrollDefaultKeys: clean up Base64Decode() retval handling
To: Laszlo Ersek <lersek@redhat.com>
Cc: edk2-devel-groups-io <devel@edk2.groups.io>, Jordan Justen <jordan.l.justen@intel.com>, 
	=?UTF-8?Q?Philippe_Mathieu=2DDaud=C3=A9?= <philmd@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, 4 Sep 2019 at 00:52, Laszlo Ersek <lersek@redhat.com> wrote:
>
> Since commit 35e242b698cd ("MdePkg/BaseLib: rewrite Base64Decode()",
> 2019-07-16), Base64Decode() guarantees that DestinationSize is larger on
> output than it was on input if RETURN_BUFFER_TOO_SMALL is returned. Clean
> up the retval handling for the first Base64Decode() call in
> EnrollDefaultKeys, which used to work around the ambiguity in the previou=
s
> Base64Decode() interface contract.
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Philippe Mathieu-Daud=C3=A9 <philmd@redhat.com>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1981
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>

Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

> ---
>
> Notes:
>     v2:
>
>     - Repo:   https://github.com/lersek/edk2.git
>       Branch: enroll_base64_cleanup_bz1981_v2
>
>     - pick up Phil's R-b:
>       http://mid.mail-archive.com/d7e733d7-d32f-02ec-98ec-c121d6b406e0@re=
dhat.com
>       https://edk2.groups.io/g/devel/message/43771
>
>     - update BZ reference from TianoCore#1891 to TianoCore#1981 (due to t=
he
>       patch being split off of the original series linked at
>       <https://bugzilla.tianocore.org/show_bug.cgi?id=3D1891#c7>:
>       <http://mid.mail-archive.com/20190702102836.27589-1-lersek@redhat.c=
om>)
>
>     - refer to the specific commit hash of patch "MdePkg/BaseLib: rewrite
>       Base64Decode()" in the commit message
>
>     - no code changes
>
>  OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 10 ++--------
>  1 file changed, 2 insertions(+), 8 deletions(-)
>
> diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/Enro=
llDefaultKeys/EnrollDefaultKeys.c
> index f45cb799f726..302b80d97720 100644
> --- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
> +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
> @@ -153,16 +153,10 @@ GetPkKek1 (
>    DecodedCertSize =3D 0;
>    Status =3D Base64Decode (Base64Cert, Base64CertLen, NULL, &DecodedCert=
Size);
>    switch (Status) {
>    case EFI_BUFFER_TOO_SMALL:
> -    if (DecodedCertSize > 0) {
> -      break;
> -    }
> -    //
> -    // Fall through: the above Base64Decode() call is ill-specified in B=
aseLib
> -    // if Source decodes to zero bytes (for example if it consists of ig=
nored
> -    // whitespace only).
> -    //
> +    ASSERT (DecodedCertSize > 0);
> +    break;
>    case EFI_SUCCESS:
>      AsciiPrint ("error: empty certificate after app prefix %g\n",
>        &gOvmfPkKek1AppPrefixGuid);
>      return EFI_PROTOCOL_ERROR;
> --
> 2.19.1.3.g30247aa5d201
>