From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.20; helo=mga02.intel.com; envelope-from=songpeng.li@intel.com; receiver=edk2-devel@lists.01.org Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 697BE2033734C for ; Sun, 19 Aug 2018 23:29:08 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Aug 2018 23:29:08 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,263,1531810800"; d="scan'208";a="226042130" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga004.jf.intel.com with ESMTP; 19 Aug 2018 23:29:07 -0700 Received: from fmsmsx120.amr.corp.intel.com (10.18.124.208) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sun, 19 Aug 2018 23:29:06 -0700 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by fmsmsx120.amr.corp.intel.com (10.18.124.208) with Microsoft SMTP Server (TLS) id 14.3.319.2; Sun, 19 Aug 2018 23:29:06 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.226]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.205]) with mapi id 14.03.0319.002; Mon, 20 Aug 2018 14:29:04 +0800 From: "Li, Songpeng" To: Laszlo Ersek , edk2-devel-01 CC: "Wu, Jiaxin" , "Fu, Siyuan" Thread-Topic: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval Thread-Index: AQHUNjedKsmUxRNa8UeO3XV1ypzmIqTIL18w Date: Mon, 20 Aug 2018 06:29:03 +0000 Message-ID: References: <20180817143534.28393-1-lersek@redhat.com> <20180817143534.28393-4-lersek@redhat.com> In-Reply-To: <20180817143534.28393-4-lersek@redhat.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate attributes retrieval X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Aug 2018 06:29:08 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable It worked on my end. Tested-by: Songpeng Li Thanks & Best Regards, Songpeng > -----Original Message----- > From: Laszlo Ersek [mailto:lersek@redhat.com] > Sent: Friday, August 17, 2018 10:36 PM > To: edk2-devel-01 > Cc: Wu, Jiaxin ; Fu, Siyuan ; L= i, > Songpeng > Subject: [PATCH 3/4] NetworkPkg/TlsAuthConfigDxe: fix TlsCaCertificate > attributes retrieval >=20 > Per spec, the GetVariable() runtime service is not required to populate > (*Attributes) on output when it fails with EFI_BUFFER_TOO_SMALL. >=20 > Therefore we have to fetch the full contents of the TlsCaCertificate > variable temporarily, just so we can (a) get the current attributes, and > (b) add EFI_VARIABLE_APPEND_WRITE to them for the subsequent > SetVariable() > call. >=20 > Cc: Jiaxin Wu > Cc: Siyuan Fu > Cc: Songpeng Li > Reported-by: Songpeng Li > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1090 > Fixes: b90c335fbbb674470fbf09601cc522bf61564c30 > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Laszlo Ersek > --- >=20 > Notes: > Tested via loading the same CA cert .pem file twice in a row, using t= he > HII form, first without any pre-existent TlsCaCertificate variable. >=20 > Songpeng, can you please test this patch as well, and confirm if it > works on your end? Thanks! >=20 > NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 27 > +++++++++++++++++++- > 1 file changed, 26 insertions(+), 1 deletion(-) >=20 > diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > index 7259c5e82f61..0780b03bbab4 100644 > --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c > @@ -663,6 +663,7 @@ EnrollX509toVariable ( > EFI_SIGNATURE_LIST *CACert; > EFI_SIGNATURE_DATA *CACertData; > VOID *Data; > + VOID *CurrentData; > UINTN DataSize; > UINTN SigDataSize; > UINT32 Attr; > @@ -674,6 +675,7 @@ EnrollX509toVariable ( > CACert =3D NULL; > CACertData =3D NULL; > Data =3D NULL; > + CurrentData =3D NULL; > Attr =3D 0; >=20 > Status =3D ReadFileContent ( > @@ -716,11 +718,30 @@ EnrollX509toVariable ( > Status =3D gRT->GetVariable( > VariableName, > &gEfiTlsCaCertificateGuid, > - &Attr, > + NULL, > &DataSize, > NULL > ); > if (Status =3D=3D EFI_BUFFER_TOO_SMALL) { > + // > + // Per spec, we have to fetch the variable's contents, even though w= e're > + // only interested in the variable's attributes. > + // > + CurrentData =3D AllocatePool (DataSize); > + if (CurrentData =3D=3D NULL) { > + Status =3D EFI_OUT_OF_RESOURCES; > + goto ON_EXIT; > + } > + Status =3D gRT->GetVariable( > + VariableName, > + &gEfiTlsCaCertificateGuid, > + &Attr, > + &DataSize, > + CurrentData > + ); > + if (EFI_ERROR (Status)) { > + goto ON_EXIT; > + } > Attr |=3D EFI_VARIABLE_APPEND_WRITE; > } else if (Status =3D=3D EFI_NOT_FOUND) { > Attr =3D TLS_AUTH_CONFIG_VAR_BASE_ATTR; > @@ -751,6 +772,10 @@ ON_EXIT: > FreePool (Data); > } >=20 > + if (CurrentData !=3D NULL) { > + FreePool (CurrentData); > + } > + > if (X509Data !=3D NULL) { > FreePool (X509Data); > } > -- > 2.14.1.3.gb7cf6e02401b >=20