* [PATCH] Changes to support SNI feature in CryptoPkg
@ 2022-08-02 15:13 Prarthana Sagar V
2022-10-18 13:58 ` [edk2-devel] " Prarthana Sagar V
0 siblings, 1 reply; 2+ messages in thread
From: Prarthana Sagar V @ 2022-08-02 15:13 UTC (permalink / raw)
To: devel@edk2.groups.io, Prarthana Sagar V; +Cc: Vasudevan Sambandan, Sundaresan S
---
CryptoPkg/Library/TlsLib/TlsConfig.c | 71 ++++++++++++++++++++++++++++
1 file changed, 71 insertions(+)
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index 0673c9d532..aac1a88edf 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -594,6 +594,77 @@ TlsSetVerifyHost (
return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;
}
+/**
+ Callback function to get the server name.
+
+ @param[in] SSL
+ @param[in] INT32
+ @param[in] Arg
+
+ @retval INT32
+**/
+static
+INT32
+SslServerNameCallback(SSL *Ssl, INT32 *Ad, VOID *Arg)
+{
+ const CHAR8 *HostName = NULL;
+ TLS_EXT_CTX *TlsCtx = (TLS_EXT_CTX*)Arg;
+
+ HostName = SSL_get_servername (Ssl, TLSEXT_NAMETYPE_host_name);
+
+ if (SSL_get_servername_type(Ssl) != -1) {
+ TlsCtx->Ack = !SSL_session_reused(Ssl) && HostName != NULL;
+ }
+ return SSL_TLSEXT_ERR_OK;
+}
+
+/**
+ Set the specified server name in Server/Client.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] SslCtx Pointer to the SSL object.
+ @param[in] HostName The specified server name to be set.
+
+ @retval EFI_SUCCESS The Server Name was set successfully.
+ @retval EFI_UNSUPPORTED Failed to set the Server Name.
+**/
+EFI_STATUS
+TlsSetServerName (
+ VOID *Tls,
+ VOID *SslCtx,
+ CHAR8 *HostName
+)
+{
+ SSL_CTX *Ctx;
+ TLS_CONNECTION *TlsConn;
+ UINT32 RetVal;
+ TLS_EXT_CTX *TlsExtCtx = NULL;
+
+ TlsConn = (TLS_CONNECTION*) Tls;
+
+ Ctx = SSL_get_SSL_CTX (TlsConn->Ssl);
+
+ TlsExtCtx = AllocateZeroPool (sizeof(TLS_EXT_CTX));
+
+ RetVal = SSL_CTX_set_tlsext_servername_callback(Ctx, SslServerNameCallback);
+ if (!RetVal) {
+ return EFI_UNSUPPORTED;
+ }
+
+ RetVal = SSL_CTX_set_tlsext_servername_arg(Ctx, &TlsExtCtx);
+ if (!RetVal) {
+ return EFI_UNSUPPORTED;
+ }
+
+ TlsConn->Ssl->options = SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
+ RetVal = SSL_set_tlsext_host_name(TlsConn->Ssl, HostName);
+
+ if (!RetVal) {
+ return EFI_UNSUPPORTED;
+ }
+ return EFI_SUCCESS;
+}
+
/**
Sets a TLS/SSL session ID to be used during TLS/SSL connect.
--
2.26.0.windows.1
-The information contained in this message may be confidential and proprietary to American Megatrends (AMI). This communication is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited. Please promptly notify the sender by reply e-mail or by telephone at 770-246-8600, and then delete or destroy all copies of the transmission.
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [edk2-devel] [PATCH] Changes to support SNI feature in CryptoPkg
2022-08-02 15:13 [PATCH] Changes to support SNI feature in CryptoPkg Prarthana Sagar V
@ 2022-10-18 13:58 ` Prarthana Sagar V
0 siblings, 0 replies; 2+ messages in thread
From: Prarthana Sagar V @ 2022-10-18 13:58 UTC (permalink / raw)
To: Prarthana Sagar V, devel
[-- Attachment #1: Type: text/plain, Size: 50 bytes --]
Please review this changes and provide comments.
[-- Attachment #2: Type: text/html, Size: 50 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-10-18 13:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-02 15:13 [PATCH] Changes to support SNI feature in CryptoPkg Prarthana Sagar V
2022-10-18 13:58 ` [edk2-devel] " Prarthana Sagar V
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox