edk2/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-remove-else-.patch

From 5aa2d52451b7890480d31a3437a0024bfd9e1a57 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 31 Jan 2020 12:42:39 +0100
Subject: [PATCH 03/12] SecurityPkg/DxeImageVerificationHandler: remove "else"
 after return/break
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20200131124248.22369-4-lersek@redhat.com>
Patchwork-id: 93614
O-Subject: [RHEL-8.2.0 edk2 PATCH 03/12] SecurityPkg/DxeImageVerificationHandler: remove "else" after return/break
Bugzilla: 1751993
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>

In the code structure

  if (condition) {
    //
    // block1
    //
    return;
  } else {
    //
    // block2
    //
  }

nesting "block2" in an "else" branch is superfluous, and harms
readability. It can be transformed to:

  if (condition) {
    //
    // block1
    //
    return;
  }
  //
  // block2
  //

with identical behavior, and improved readability (less nesting).

The same applies to "break" (instead of "return") in a loop body.

Perform these transformations on DxeImageVerificationHandler().

This patch is a no-op for behavior. Use

  git show -b -W

for reviewing it more easily.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200116190705.18816-3-lersek@redhat.com>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
[lersek@redhat.com: push with Mike's R-b due to Chinese New Year
 Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid
 <d3fbb76dabed4e1987c512c328c82810@intel.com>]
(cherry picked from commit eccb856f013aec700234211e7371f03454ef9d52)

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
 .../DxeImageVerificationLib.c                      | 41 +++++++++++-----------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 5afd723..8204c9c 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -1621,7 +1621,8 @@ DxeImageVerificationHandler (
   //
   if (Policy == ALWAYS_EXECUTE) {
     return EFI_SUCCESS;
-  } else if (Policy == NEVER_EXECUTE) {
+  }
+  if (Policy == NEVER_EXECUTE) {
     return EFI_ACCESS_DENIED;
   }
 
@@ -1833,7 +1834,8 @@ DxeImageVerificationHandler (
       DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but %s hash of image is found in DBX.\n", mHashTypeStr));
       IsVerified = FALSE;
       break;
-    } else if (!IsVerified) {
+    }
+    if (!IsVerified) {
       if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {
         IsVerified = TRUE;
       } else {
@@ -1851,25 +1853,24 @@ DxeImageVerificationHandler (
 
   if (IsVerified) {
     return EFI_SUCCESS;
-  } else {
-    Status = EFI_ACCESS_DENIED;
-    if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
-      //
-      // Get image hash value as signature of executable.
-      //
-      SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
-      SignatureList     = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
-      if (SignatureList == NULL) {
-        Status = EFI_OUT_OF_RESOURCES;
-        goto Done;
-      }
-      SignatureList->SignatureHeaderSize  = 0;
-      SignatureList->SignatureListSize    = (UINT32) SignatureListSize;
-      SignatureList->SignatureSize        = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);
-      CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
-      Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));
-      CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
+  }
+  Status = EFI_ACCESS_DENIED;
+  if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
+    //
+    // Get image hash value as signature of executable.
+    //
+    SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
+    SignatureList     = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
+    if (SignatureList == NULL) {
+      Status = EFI_OUT_OF_RESOURCES;
+      goto Done;
     }
+    SignatureList->SignatureHeaderSize  = 0;
+    SignatureList->SignatureListSize    = (UINT32) SignatureListSize;
+    SignatureList->SignatureSize        = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);
+    CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
+    Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));
+    CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
   }
 
 Done:
-- 
1.8.3.1
import edk2-20190829git37eef91017ad-9.el8 2020-04-28 08:50:06 +00:00			`From 5aa2d52451b7890480d31a3437a0024bfd9e1a57 Mon Sep 17 00:00:00 2001`
			`From: Laszlo Ersek <lersek@redhat.com>`
			`Date: Fri, 31 Jan 2020 12:42:39 +0100`
			`Subject: [PATCH 03/12] SecurityPkg/DxeImageVerificationHandler: remove "else"`
			`after return/break`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`RH-Author: Laszlo Ersek <lersek@redhat.com>`
			`Message-id: <20200131124248.22369-4-lersek@redhat.com>`
			`Patchwork-id: 93614`
			`O-Subject: [RHEL-8.2.0 edk2 PATCH 03/12] SecurityPkg/DxeImageVerificationHandler: remove "else" after return/break`
			`Bugzilla: 1751993`
			`RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>`
			`RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>`

			`In the code structure`

			`if (condition) {`
			`//`
			`// block1`
			`//`
			`return;`
			`} else {`
			`//`
			`// block2`
			`//`
			`}`

			`nesting "block2" in an "else" branch is superfluous, and harms`
			`readability. It can be transformed to:`

			`if (condition) {`
			`//`
			`// block1`
			`//`
			`return;`
			`}`
			`//`
			`// block2`
			`//`

			`with identical behavior, and improved readability (less nesting).`

			`The same applies to "break" (instead of "return") in a loop body.`

			`Perform these transformations on DxeImageVerificationHandler().`

			`This patch is a no-op for behavior. Use`

			`git show -b -W`

			`for reviewing it more easily.`

			`Cc: Chao Zhang <chao.b.zhang@intel.com>`
			`Cc: Jian J Wang <jian.j.wang@intel.com>`
			`Cc: Jiewen Yao <jiewen.yao@intel.com>`
			`Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129`
			`Signed-off-by: Laszlo Ersek <lersek@redhat.com>`
			`Message-Id: <20200116190705.18816-3-lersek@redhat.com>`
			`Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>`
			`[lersek@redhat.com: push with Mike's R-b due to Chinese New Year`
			`Holiday: <https://edk2.groups.io/g/devel/message/53429>; msgid`
			`<d3fbb76dabed4e1987c512c328c82810@intel.com>]`
			`(cherry picked from commit eccb856f013aec700234211e7371f03454ef9d52)`

			`Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>`
			`---`
			`.../DxeImageVerificationLib.c \| 41 +++++++++++-----------`
			`1 file changed, 21 insertions(+), 20 deletions(-)`

			`diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c`
			`index 5afd723..8204c9c 100644`
			`--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c`
			`+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c`
			`@@ -1621,7 +1621,8 @@ DxeImageVerificationHandler (`
			`//`
			`if (Policy == ALWAYS_EXECUTE) {`
			`return EFI_SUCCESS;`
			`- } else if (Policy == NEVER_EXECUTE) {`
			`+ }`
			`+ if (Policy == NEVER_EXECUTE) {`
			`return EFI_ACCESS_DENIED;`
			`}`

			`@@ -1833,7 +1834,8 @@ DxeImageVerificationHandler (`
			`DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but %s hash of image is found in DBX.\n", mHashTypeStr));`
			`IsVerified = FALSE;`
			`break;`
			`- } else if (!IsVerified) {`
			`+ }`
			`+ if (!IsVerified) {`
			`if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {`
			`IsVerified = TRUE;`
			`} else {`
			`@@ -1851,25 +1853,24 @@ DxeImageVerificationHandler (`

			`if (IsVerified) {`
			`return EFI_SUCCESS;`
			`- } else {`
			`- Status = EFI_ACCESS_DENIED;`
			`- if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED \|\| Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {`
			`- //`
			`- // Get image hash value as signature of executable.`
			`- //`
			`- SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;`
			`- SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);`
			`- if (SignatureList == NULL) {`
			`- Status = EFI_OUT_OF_RESOURCES;`
			`- goto Done;`
			`- }`
			`- SignatureList->SignatureHeaderSize = 0;`
			`- SignatureList->SignatureListSize = (UINT32) SignatureListSize;`
			`- SignatureList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);`
			`- CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));`
			`- Signature = (EFI_SIGNATURE_DATA ) ((UINT8 ) SignatureList + sizeof (EFI_SIGNATURE_LIST));`
			`- CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);`
			`+ }`
			`+ Status = EFI_ACCESS_DENIED;`
			`+ if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED \|\| Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {`
			`+ //`
			`+ // Get image hash value as signature of executable.`
			`+ //`
			`+ SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;`
			`+ SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);`
			`+ if (SignatureList == NULL) {`
			`+ Status = EFI_OUT_OF_RESOURCES;`
			`+ goto Done;`
			`}`
			`+ SignatureList->SignatureHeaderSize = 0;`
			`+ SignatureList->SignatureListSize = (UINT32) SignatureListSize;`
			`+ SignatureList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);`
			`+ CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));`
			`+ Signature = (EFI_SIGNATURE_DATA ) ((UINT8 ) SignatureList + sizeof (EFI_SIGNATURE_LIST));`
			`+ CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);`
			`}`

			`Done:`
			`--`
			`1.8.3.1`