SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for
Private Auth Variable", 2017-09-12) introduced the following build
failure under several GCC toolchain versions:
> SecurityPkg/Library/AuthVariableLib/AuthService.c: In function
> 'CalculatePrivAuthVarSignChainSHA256Digest':
> SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error:
> pointer targets in passing argument 3 of 'X509GetCommonName' differ in
> signedness [-Werror=pointer-sign]
> Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize);
> ^~~~~~~~~~~~~~
> In file included from
> SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0,
> from
> SecurityPkg/Library/AuthVariableLib/AuthService.c:32:
> CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 *
> {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}'
> X509GetCommonName (
> ^~~~~~~~~~~~~~~~~
> cc1: all warnings being treated as errors
Fix it by changing the type of "CertCommonName" to array-of-CHAR8.
Locations where "CertCommonName" is used in the
CalculatePrivAuthVarSignChainSHA256Digest() function:
- it is taken the size of -- not impacted by this patch;
- passed to X509GetCommonName() as an argument -- the patch fixes the
build error;
- passed to Sha256Update() as argument for "IN CONST VOID *Data" -- not
impacted by the patch;
- passed to AsciiStrLen() as argument -- drop the now-superfluous explicit
cast.
Since we are touching the Sha256Update() function call, fix the coding
style too:
- the line is overlong, so break each argument to its own line;
- insert a space between "AsciiStrLen" and the opening paren "(".
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Gary Lin <glin@suse.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Long Qin <qin.long@intel.com>
Reported-by: Gary Lin <glin@suse.com>
Suggested-by: Gary Lin <glin@suse.com>
Suggested-by: Long Qin <qin.long@intel.com>
Fixes: 53c6ff18032737fabb644a9e0c781d91a6830248
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
Notes:
The GCC build has been broken for too long by now; I'll push the patch
as soon as I get any Reviewed-by.
SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 7188ff600823..2966811fa7ff 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -1554,7 +1554,7 @@ CalculatePrivAuthVarSignChainSHA256Digest(
{
UINT8 *TbsCert;
UINTN TbsCertSize;
- UINT8 CertCommonName[128];
+ CHAR8 CertCommonName[128];
UINTN CertCommonNameSize;
BOOLEAN CryptoStatus;
EFI_STATUS Status;
@@ -1590,7 +1590,11 @@ CalculatePrivAuthVarSignChainSHA256Digest(
//
// '\0' is forced in CertCommonName. No overflow issue
//
- CryptoStatus = Sha256Update (mHashCtx, CertCommonName, AsciiStrLen((CHAR8 *)CertCommonName));
+ CryptoStatus = Sha256Update (
+ mHashCtx,
+ CertCommonName,
+ AsciiStrLen (CertCommonName)
+ );
if (!CryptoStatus) {
return EFI_ABORTED;
}
--
2.14.1.3.gb7cf6e02401b
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
On 17 October 2017 at 20:16, Laszlo Ersek <lersek@redhat.com> wrote: > Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for > Private Auth Variable", 2017-09-12) introduced the following build > failure under several GCC toolchain versions: > >> SecurityPkg/Library/AuthVariableLib/AuthService.c: In function >> 'CalculatePrivAuthVarSignChainSHA256Digest': >> SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error: >> pointer targets in passing argument 3 of 'X509GetCommonName' differ in >> signedness [-Werror=pointer-sign] >> Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize); >> ^~~~~~~~~~~~~~ >> In file included from >> SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0, >> from >> SecurityPkg/Library/AuthVariableLib/AuthService.c:32: >> CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 * >> {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}' >> X509GetCommonName ( >> ^~~~~~~~~~~~~~~~~ >> cc1: all warnings being treated as errors > > Fix it by changing the type of "CertCommonName" to array-of-CHAR8. > > Locations where "CertCommonName" is used in the > CalculatePrivAuthVarSignChainSHA256Digest() function: > > - it is taken the size of -- not impacted by this patch; > > - passed to X509GetCommonName() as an argument -- the patch fixes the > build error; > > - passed to Sha256Update() as argument for "IN CONST VOID *Data" -- not > impacted by the patch; > > - passed to AsciiStrLen() as argument -- drop the now-superfluous explicit > cast. > > Since we are touching the Sha256Update() function call, fix the coding > style too: > > - the line is overlong, so break each argument to its own line; > > - insert a space between "AsciiStrLen" and the opening paren "(". > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Chao Zhang <chao.b.zhang@intel.com> > Cc: Gary Lin <glin@suse.com> > Cc: Leif Lindholm <leif.lindholm@linaro.org> > Cc: Long Qin <qin.long@intel.com> > Reported-by: Gary Lin <glin@suse.com> > Suggested-by: Gary Lin <glin@suse.com> > Suggested-by: Long Qin <qin.long@intel.com> > Fixes: 53c6ff18032737fabb644a9e0c781d91a6830248 > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Laszlo Ersek <lersek@redhat.com> > --- > > Notes: > The GCC build has been broken for too long by now; I'll push the patch > as soon as I get any Reviewed-by. > Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> > SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c > index 7188ff600823..2966811fa7ff 100644 > --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c > +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c > @@ -1554,7 +1554,7 @@ CalculatePrivAuthVarSignChainSHA256Digest( > { > UINT8 *TbsCert; > UINTN TbsCertSize; > - UINT8 CertCommonName[128]; > + CHAR8 CertCommonName[128]; > UINTN CertCommonNameSize; > BOOLEAN CryptoStatus; > EFI_STATUS Status; > @@ -1590,7 +1590,11 @@ CalculatePrivAuthVarSignChainSHA256Digest( > // > // '\0' is forced in CertCommonName. No overflow issue > // > - CryptoStatus = Sha256Update (mHashCtx, CertCommonName, AsciiStrLen((CHAR8 *)CertCommonName)); > + CryptoStatus = Sha256Update ( > + mHashCtx, > + CertCommonName, > + AsciiStrLen (CertCommonName) > + ); > if (!CryptoStatus) { > return EFI_ABORTED; > } > -- > 2.14.1.3.gb7cf6e02401b > _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
On Tue, Oct 17, 2017 at 09:16:46PM +0200, Laszlo Ersek wrote: > Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for > Private Auth Variable", 2017-09-12) introduced the following build > failure under several GCC toolchain versions: > > > SecurityPkg/Library/AuthVariableLib/AuthService.c: In function > > 'CalculatePrivAuthVarSignChainSHA256Digest': > > SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error: > > pointer targets in passing argument 3 of 'X509GetCommonName' differ in > > signedness [-Werror=pointer-sign] > > Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize); > > ^~~~~~~~~~~~~~ > > In file included from > > SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0, > > from > > SecurityPkg/Library/AuthVariableLib/AuthService.c:32: > > CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 * > > {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}' > > X509GetCommonName ( > > ^~~~~~~~~~~~~~~~~ > > cc1: all warnings being treated as errors > > Fix it by changing the type of "CertCommonName" to array-of-CHAR8. > > Locations where "CertCommonName" is used in the > CalculatePrivAuthVarSignChainSHA256Digest() function: > > - it is taken the size of -- not impacted by this patch; > > - passed to X509GetCommonName() as an argument -- the patch fixes the > build error; > > - passed to Sha256Update() as argument for "IN CONST VOID *Data" -- not > impacted by the patch; > > - passed to AsciiStrLen() as argument -- drop the now-superfluous explicit > cast. > > Since we are touching the Sha256Update() function call, fix the coding > style too: > > - the line is overlong, so break each argument to its own line; > > - insert a space between "AsciiStrLen" and the opening paren "(". > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Chao Zhang <chao.b.zhang@intel.com> > Cc: Gary Lin <glin@suse.com> > Cc: Leif Lindholm <leif.lindholm@linaro.org> > Cc: Long Qin <qin.long@intel.com> > Reported-by: Gary Lin <glin@suse.com> > Suggested-by: Gary Lin <glin@suse.com> > Suggested-by: Long Qin <qin.long@intel.com> > Fixes: 53c6ff18032737fabb644a9e0c781d91a6830248 > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Laszlo Ersek <lersek@redhat.com> On the one hand, I am wondering whether that API _should_ be using UINT8 rather than an architecture-dependent type. On the other hand, that would be a much bigger change, and master is currently broken. Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org> / Leif > --- > > Notes: > The GCC build has been broken for too long by now; I'll push the patch > as soon as I get any Reviewed-by. > > SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c > index 7188ff600823..2966811fa7ff 100644 > --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c > +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c > @@ -1554,7 +1554,7 @@ CalculatePrivAuthVarSignChainSHA256Digest( > { > UINT8 *TbsCert; > UINTN TbsCertSize; > - UINT8 CertCommonName[128]; > + CHAR8 CertCommonName[128]; > UINTN CertCommonNameSize; > BOOLEAN CryptoStatus; > EFI_STATUS Status; > @@ -1590,7 +1590,11 @@ CalculatePrivAuthVarSignChainSHA256Digest( > // > // '\0' is forced in CertCommonName. No overflow issue > // > - CryptoStatus = Sha256Update (mHashCtx, CertCommonName, AsciiStrLen((CHAR8 *)CertCommonName)); > + CryptoStatus = Sha256Update ( > + mHashCtx, > + CertCommonName, > + AsciiStrLen (CertCommonName) > + ); > if (!CryptoStatus) { > return EFI_ABORTED; > } > -- > 2.14.1.3.gb7cf6e02401b > _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
On 10/17/17 21:16, Laszlo Ersek wrote: > Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for > Private Auth Variable", 2017-09-12) introduced the following build > failure under several GCC toolchain versions: > >> SecurityPkg/Library/AuthVariableLib/AuthService.c: In function >> 'CalculatePrivAuthVarSignChainSHA256Digest': >> SecurityPkg/Library/AuthVariableLib/AuthService.c:1567:58: error: >> pointer targets in passing argument 3 of 'X509GetCommonName' differ in >> signedness [-Werror=pointer-sign] >> Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize); >> ^~~~~~~~~~~~~~ >> In file included from >> SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h:34:0, >> from >> SecurityPkg/Library/AuthVariableLib/AuthService.c:32: >> CryptoPkg/Include/Library/BaseCryptLib.h:2202:1: note: expected 'CHAR8 * >> {aka char *}' but argument is of type 'UINT8 * {aka unsigned char *}' >> X509GetCommonName ( >> ^~~~~~~~~~~~~~~~~ >> cc1: all warnings being treated as errors > > Fix it by changing the type of "CertCommonName" to array-of-CHAR8. > > Locations where "CertCommonName" is used in the > CalculatePrivAuthVarSignChainSHA256Digest() function: > > - it is taken the size of -- not impacted by this patch; > > - passed to X509GetCommonName() as an argument -- the patch fixes the > build error; > > - passed to Sha256Update() as argument for "IN CONST VOID *Data" -- not > impacted by the patch; > > - passed to AsciiStrLen() as argument -- drop the now-superfluous explicit > cast. > > Since we are touching the Sha256Update() function call, fix the coding > style too: > > - the line is overlong, so break each argument to its own line; > > - insert a space between "AsciiStrLen" and the opening paren "(". > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Chao Zhang <chao.b.zhang@intel.com> > Cc: Gary Lin <glin@suse.com> > Cc: Leif Lindholm <leif.lindholm@linaro.org> > Cc: Long Qin <qin.long@intel.com> > Reported-by: Gary Lin <glin@suse.com> > Suggested-by: Gary Lin <glin@suse.com> > Suggested-by: Long Qin <qin.long@intel.com> > Fixes: 53c6ff18032737fabb644a9e0c781d91a6830248 > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Laszlo Ersek <lersek@redhat.com> > --- > > Notes: > The GCC build has been broken for too long by now; I'll push the patch > as soon as I get any Reviewed-by. > > SecurityPkg/Library/AuthVariableLib/AuthService.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c > index 7188ff600823..2966811fa7ff 100644 > --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c > +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c > @@ -1554,7 +1554,7 @@ CalculatePrivAuthVarSignChainSHA256Digest( > { > UINT8 *TbsCert; > UINTN TbsCertSize; > - UINT8 CertCommonName[128]; > + CHAR8 CertCommonName[128]; > UINTN CertCommonNameSize; > BOOLEAN CryptoStatus; > EFI_STATUS Status; > @@ -1590,7 +1590,11 @@ CalculatePrivAuthVarSignChainSHA256Digest( > // > // '\0' is forced in CertCommonName. No overflow issue > // > - CryptoStatus = Sha256Update (mHashCtx, CertCommonName, AsciiStrLen((CHAR8 *)CertCommonName)); > + CryptoStatus = Sha256Update ( > + mHashCtx, > + CertCommonName, > + AsciiStrLen (CertCommonName) > + ); > if (!CryptoStatus) { > return EFI_ABORTED; > } > Awesome; in such a short time, I got *two* R-b's. :) Commit 11b74aa4724a. Thanks! Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
On Tue, Oct 17, 2017 at 09:54:04PM +0200, Laszlo Ersek wrote: > On 10/17/17 21:16, Laszlo Ersek wrote: > > Commit 53c6ff180327 ("SecurityPkg:AuthVariableLib:Implement ECR1707 for > > Private Auth Variable", 2017-09-12) introduced the following build > > failure under several GCC toolchain versions: > > -->8-- > > Awesome; in such a short time, I got *two* R-b's. :) > > Commit 11b74aa4724a. Thanks for pushing the fix! Gary Lin _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
© 2016 - 2024 Red Hat, Inc.