[edk2] [PATCH] SecurityPkg/AuthVariableLib: fix GCC build error

Laszlo Ersek posted 1 patch 7 years, 2 months ago
Failed in applying to current master (apply log)
SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
[edk2] [PATCH] SecurityPkg/AuthVariableLib: fix GCC build error
Posted by Laszlo Ersek 7 years, 2 months ago
Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for
Private Auth Variable", 2017-09-12) introduced the following build
failure under several GCC toolchain versions:

> SecurityPkg/Library/AuthVariableLib/AuthService.c: In function
> 'CalculatePrivAuthVarSignChainSHA256Digest':
> SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error:
> pointer targets in passing argument 3 of 'X509GetCommonName' differ in
> signedness [-Werror=pointer-sign]
>    Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
>                                                           ^~~~~~~~~~~~~~
> In file included from
> SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0,
>                  from
>                  SecurityPkg/Library/AuthVariableLib/AuthService.c:32:
> CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 *
> {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}'
>  X509GetCommonName (
>  ^~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors

Fix it by changing the type of "CertCommonName" to array-of-CHAR8.

Locations where "CertCommonName" is used in the
CalculatePrivAuthVarSignChainSHA256Digest() function:

- it is taken the size of -- not impacted by this patch;

- passed to X509GetCommonName() as an argument -- the patch fixes the
  build error;

- passed to Sha256Update() as argument for "IN CONST VOID  *Data" -- not
  impacted by the patch;

- passed to AsciiStrLen() as argument -- drop the now-superfluous explicit
  cast.

Since we are touching the Sha256Update() function call, fix the coding
style too:

- the line is overlong, so break each argument to its own line;

- insert a space between "AsciiStrLen" and the opening paren "(".

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Gary Lin <glin@suse.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Long Qin <qin.long@intel.com>
Reported-by: Gary Lin <glin@suse.com>
Suggested-by: Gary Lin <glin@suse.com>
Suggested-by: Long Qin <qin.long@intel.com>
Fixes: 53c6ff18032737fabb644a9e0c781d91a6830248
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---

Notes:
    The GCC build has been broken for too long by now; I'll push the patch
    as soon as I get any Reviewed-by.

 SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 7188ff600823..2966811fa7ff 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -1554,7 +1554,7 @@ CalculatePrivAuthVarSignChainSHA256Digest(
 {
   UINT8                   *TbsCert;
   UINTN                   TbsCertSize;
-  UINT8                   CertCommonName[128];
+  CHAR8                   CertCommonName[128];
   UINTN                   CertCommonNameSize;
   BOOLEAN                 CryptoStatus;
   EFI_STATUS              Status;
@@ -1590,7 +1590,11 @@ CalculatePrivAuthVarSignChainSHA256Digest(
   //
   // '\0' is forced in CertCommonName. No overflow issue
   //
-  CryptoStatus = Sha256Update (mHashCtx, CertCommonName, AsciiStrLen((CHAR8 *)CertCommonName));
+  CryptoStatus = Sha256Update (
+                   mHashCtx,
+                   CertCommonName,
+                   AsciiStrLen (CertCommonName)
+                   );
   if (!CryptoStatus) {
     return EFI_ABORTED;
   }
-- 
2.14.1.3.gb7cf6e02401b

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg/AuthVariableLib: fix GCC build error
Posted by Ard Biesheuvel 7 years, 2 months ago
On 17 October 2017 at 20:16, Laszlo Ersek <lersek@redhat.com> wrote:
> Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for
> Private Auth Variable", 2017-09-12) introduced the following build
> failure under several GCC toolchain versions:
>
>> SecurityPkg/Library/AuthVariableLib/AuthService.c: In function
>> 'CalculatePrivAuthVarSignChainSHA256Digest':
>> SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error:
>> pointer targets in passing argument 3 of 'X509GetCommonName' differ in
>> signedness [-Werror=pointer-sign]
>>    Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
>>                                                           ^~~~~~~~~~~~~~
>> In file included from
>> SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0,
>>                  from
>>                  SecurityPkg/Library/AuthVariableLib/AuthService.c:32:
>> CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 *
>> {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}'
>>  X509GetCommonName (
>>  ^~~~~~~~~~~~~~~~~
>> cc1: all warnings being treated as errors
>
> Fix it by changing the type of "CertCommonName" to array-of-CHAR8.
>
> Locations where "CertCommonName" is used in the
> CalculatePrivAuthVarSignChainSHA256Digest() function:
>
> - it is taken the size of -- not impacted by this patch;
>
> - passed to X509GetCommonName() as an argument -- the patch fixes the
>   build error;
>
> - passed to Sha256Update() as argument for "IN CONST VOID  *Data" -- not
>   impacted by the patch;
>
> - passed to AsciiStrLen() as argument -- drop the now-superfluous explicit
>   cast.
>
> Since we are touching the Sha256Update() function call, fix the coding
> style too:
>
> - the line is overlong, so break each argument to its own line;
>
> - insert a space between "AsciiStrLen" and the opening paren "(".
>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Gary Lin <glin@suse.com>
> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> Cc: Long Qin <qin.long@intel.com>
> Reported-by: Gary Lin <glin@suse.com>
> Suggested-by: Gary Lin <glin@suse.com>
> Suggested-by: Long Qin <qin.long@intel.com>
> Fixes: 53c6ff18032737fabb644a9e0c781d91a6830248
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
>
> Notes:
>     The GCC build has been broken for too long by now; I'll push the patch
>     as soon as I get any Reviewed-by.
>

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>


>  SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
> index 7188ff600823..2966811fa7ff 100644
> --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
> +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
> @@ -1554,7 +1554,7 @@ CalculatePrivAuthVarSignChainSHA256Digest(
>  {
>    UINT8                   *TbsCert;
>    UINTN                   TbsCertSize;
> -  UINT8                   CertCommonName[128];
> +  CHAR8                   CertCommonName[128];
>    UINTN                   CertCommonNameSize;
>    BOOLEAN                 CryptoStatus;
>    EFI_STATUS              Status;
> @@ -1590,7 +1590,11 @@ CalculatePrivAuthVarSignChainSHA256Digest(
>    //
>    // '\0' is forced in CertCommonName. No overflow issue
>    //
> -  CryptoStatus = Sha256Update (mHashCtx, CertCommonName, AsciiStrLen((CHAR8 *)CertCommonName));
> +  CryptoStatus = Sha256Update (
> +                   mHashCtx,
> +                   CertCommonName,
> +                   AsciiStrLen (CertCommonName)
> +                   );
>    if (!CryptoStatus) {
>      return EFI_ABORTED;
>    }
> --
> 2.14.1.3.gb7cf6e02401b
>
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg/AuthVariableLib: fix GCC build error
Posted by Leif Lindholm 7 years, 2 months ago
On Tue, Oct 17, 2017 at 09:16:46PM +0200, Laszlo Ersek wrote:
> Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for
> Private Auth Variable", 2017-09-12) introduced the following build
> failure under several GCC toolchain versions:
> 
> > SecurityPkg/Library/AuthVariableLib/AuthService.c: In function
> > 'CalculatePrivAuthVarSignChainSHA256Digest':
> > SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error:
> > pointer targets in passing argument 3 of 'X509GetCommonName' differ in
> > signedness [-Werror=pointer-sign]
> >    Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
> >                                                           ^~~~~~~~~~~~~~
> > In file included from
> > SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0,
> >                  from
> >                  SecurityPkg/Library/AuthVariableLib/AuthService.c:32:
> > CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 *
> > {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}'
> >  X509GetCommonName (
> >  ^~~~~~~~~~~~~~~~~
> > cc1: all warnings being treated as errors
> 
> Fix it by changing the type of "CertCommonName" to array-of-CHAR8.
> 
> Locations where "CertCommonName" is used in the
> CalculatePrivAuthVarSignChainSHA256Digest() function:
> 
> - it is taken the size of -- not impacted by this patch;
> 
> - passed to X509GetCommonName() as an argument -- the patch fixes the
>   build error;
> 
> - passed to Sha256Update() as argument for "IN CONST VOID  *Data" -- not
>   impacted by the patch;
> 
> - passed to AsciiStrLen() as argument -- drop the now-superfluous explicit
>   cast.
> 
> Since we are touching the Sha256Update() function call, fix the coding
> style too:
> 
> - the line is overlong, so break each argument to its own line;
> 
> - insert a space between "AsciiStrLen" and the opening paren "(".
> 
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Gary Lin <glin@suse.com>
> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> Cc: Long Qin <qin.long@intel.com>
> Reported-by: Gary Lin <glin@suse.com>
> Suggested-by: Gary Lin <glin@suse.com>
> Suggested-by: Long Qin <qin.long@intel.com>
> Fixes: 53c6ff18032737fabb644a9e0c781d91a6830248
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>

On the one hand, I am wondering whether that API _should_ be using
UINT8 rather than an architecture-dependent type.
On the other hand, that would be a much bigger change, and master is
currently broken.

Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>

/
    Leif

> ---
> 
> Notes:
>     The GCC build has been broken for too long by now; I'll push the patch
>     as soon as I get any Reviewed-by.
> 
>  SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
> index 7188ff600823..2966811fa7ff 100644
> --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
> +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
> @@ -1554,7 +1554,7 @@ CalculatePrivAuthVarSignChainSHA256Digest(
>  {
>    UINT8                   *TbsCert;
>    UINTN                   TbsCertSize;
> -  UINT8                   CertCommonName[128];
> +  CHAR8                   CertCommonName[128];
>    UINTN                   CertCommonNameSize;
>    BOOLEAN                 CryptoStatus;
>    EFI_STATUS              Status;
> @@ -1590,7 +1590,11 @@ CalculatePrivAuthVarSignChainSHA256Digest(
>    //
>    // '\0' is forced in CertCommonName. No overflow issue
>    //
> -  CryptoStatus = Sha256Update (mHashCtx, CertCommonName, AsciiStrLen((CHAR8 *)CertCommonName));
> +  CryptoStatus = Sha256Update (
> +                   mHashCtx,
> +                   CertCommonName,
> +                   AsciiStrLen (CertCommonName)
> +                   );
>    if (!CryptoStatus) {
>      return EFI_ABORTED;
>    }
> -- 
> 2.14.1.3.gb7cf6e02401b
> 
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg/AuthVariableLib: fix GCC build error
Posted by Laszlo Ersek 7 years, 2 months ago
On 10/17/17 21:16, Laszlo Ersek wrote:
> Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for
> Private Auth Variable", 2017-09-12) introduced the following build
> failure under several GCC toolchain versions:
> 
>> SecurityPkg/Library/AuthVariableLib/AuthService.c: In function
>> 'CalculatePrivAuthVarSignChainSHA256Digest':
>> SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error:
>> pointer targets in passing argument 3 of 'X509GetCommonName' differ in
>> signedness [-Werror=pointer-sign]
>>    Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
>>                                                           ^~~~~~~~~~~~~~
>> In file included from
>> SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0,
>>                  from
>>                  SecurityPkg/Library/AuthVariableLib/AuthService.c:32:
>> CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 *
>> {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}'
>>  X509GetCommonName (
>>  ^~~~~~~~~~~~~~~~~
>> cc1: all warnings being treated as errors
> 
> Fix it by changing the type of "CertCommonName" to array-of-CHAR8.
> 
> Locations where "CertCommonName" is used in the
> CalculatePrivAuthVarSignChainSHA256Digest() function:
> 
> - it is taken the size of -- not impacted by this patch;
> 
> - passed to X509GetCommonName() as an argument -- the patch fixes the
>   build error;
> 
> - passed to Sha256Update() as argument for "IN CONST VOID  *Data" -- not
>   impacted by the patch;
> 
> - passed to AsciiStrLen() as argument -- drop the now-superfluous explicit
>   cast.
> 
> Since we are touching the Sha256Update() function call, fix the coding
> style too:
> 
> - the line is overlong, so break each argument to its own line;
> 
> - insert a space between "AsciiStrLen" and the opening paren "(".
> 
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Gary Lin <glin@suse.com>
> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> Cc: Long Qin <qin.long@intel.com>
> Reported-by: Gary Lin <glin@suse.com>
> Suggested-by: Gary Lin <glin@suse.com>
> Suggested-by: Long Qin <qin.long@intel.com>
> Fixes: 53c6ff18032737fabb644a9e0c781d91a6830248
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
> 
> Notes:
>     The GCC build has been broken for too long by now; I'll push the patch
>     as soon as I get any Reviewed-by.
> 
>  SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
> index 7188ff600823..2966811fa7ff 100644
> --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
> +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
> @@ -1554,7 +1554,7 @@ CalculatePrivAuthVarSignChainSHA256Digest(
>  {
>    UINT8                   *TbsCert;
>    UINTN                   TbsCertSize;
> -  UINT8                   CertCommonName[128];
> +  CHAR8                   CertCommonName[128];
>    UINTN                   CertCommonNameSize;
>    BOOLEAN                 CryptoStatus;
>    EFI_STATUS              Status;
> @@ -1590,7 +1590,11 @@ CalculatePrivAuthVarSignChainSHA256Digest(
>    //
>    // '\0' is forced in CertCommonName. No overflow issue
>    //
> -  CryptoStatus = Sha256Update (mHashCtx, CertCommonName, AsciiStrLen((CHAR8 *)CertCommonName));
> +  CryptoStatus = Sha256Update (
> +                   mHashCtx,
> +                   CertCommonName,
> +                   AsciiStrLen (CertCommonName)
> +                   );
>    if (!CryptoStatus) {
>      return EFI_ABORTED;
>    }
> 

Awesome; in such a short time, I got *two* R-b's. :)

Commit 11b74aa4724a.

Thanks!
Laszlo
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] [PATCH] SecurityPkg/AuthVariableLib: fix GCC build error
Posted by Gary Lin 7 years, 2 months ago
On Tue, Oct 17, 2017 at 09:54:04PM +0200, Laszlo Ersek wrote:
> On 10/17/17 21:16, Laszlo Ersek wrote:
> > Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for
> > Private Auth Variable", 2017-09-12) introduced the following build
> > failure under several GCC toolchain versions:
> > 
-->8--
> 
> Awesome; in such a short time, I got *two* R-b's. :)
> 
> Commit 11b74aa4724a.
Thanks for pushing the fix!

Gary Lin
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel