OvmfPkg/EnrollDefaultKeys: clean up Base64Decode() retval handling

Since commit 35e242b698cd ("MdePkg/BaseLib: rewrite Base64Decode()",
2019-07-16), Base64Decode() guarantees that DestinationSize is larger on
output than it was on input if RETURN_BUFFER_TOO_SMALL is returned. Clean
up the retval handling for the first Base64Decode() call in
EnrollDefaultKeys, which used to work around the ambiguity in the previous
Base64Decode() interface contract.

Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1981
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

1 files changed, 2 insertions, 8 deletions

diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
index f45cb799f7..302b80d977 100644
--- a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
@@ -154,14 +154,8 @@ GetPkKek1 (
   Status = Base64Decode (Base64Cert, Base64CertLen, NULL, &DecodedCertSize);

   switch (Status) {

   case EFI_BUFFER_TOO_SMALL:

-    if (DecodedCertSize > 0) {

-      break;

-    }

-    //

-    // Fall through: the above Base64Decode() call is ill-specified in BaseLib

-    // if Source decodes to zero bytes (for example if it consists of ignored

-    // whitespace only).

-    //

+    ASSERT (DecodedCertSize > 0);

+    break;

   case EFI_SUCCESS:

     AsciiPrint ("error: empty certificate after app prefix %g\n",

       &gOvmfPkKek1AppPrefixGuid);