From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiaxin.wu@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=192.55.52.43; helo=mga05.intel.com;
 envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id D6794221ED764
 for <edk2-devel@lists.01.org>; Wed, 20 Dec 2017 21:11:57 -0800 (PST)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga007.jf.intel.com ([10.7.209.58])
 by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 20 Dec 2017 21:16:45 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.45,434,1508828400"; 
   d="scan'208";a="4427322"
Received: from jiaxinwu-mobl2.ccr.corp.intel.com ([10.239.196.141])
 by orsmga007.jf.intel.com with ESMTP; 20 Dec 2017 21:16:43 -0800
From: Jiaxin Wu <jiaxin.wu@intel.com>
To: edk2-devel@lists.01.org
Cc: Ye Ting <ting.ye@intel.com>, Long Qin <qin.long@intel.com>,
 Fu Siyuan <siyuan.fu@intel.com>, Wu Jiaxin <jiaxin.wu@intel.com>
Date: Thu, 21 Dec 2017 13:16:41 +0800
Message-Id: <1513833401-13644-1-git-send-email-jiaxin.wu@intel.com>
X-Mailer: git-send-email 1.9.5.msysgit.1
Subject: [Patch] CryptoPkg/TlsLib: Add some parameter check and clarification.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Dec 2017 05:11:58 -0000

Cc: Ye Ting <ting.ye@intel.com>
Cc: Long Qin <qin.long@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
---
 CryptoPkg/Include/Library/TlsLib.h   | 6 ++++++
 CryptoPkg/Library/TlsLib/TlsConfig.c | 8 +++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/CryptoPkg/Include/Library/TlsLib.h b/CryptoPkg/Include/Library/TlsLib.h
index b69d513..e19a38a 100644
--- a/CryptoPkg/Include/Library/TlsLib.h
+++ b/CryptoPkg/Include/Library/TlsLib.h
@@ -521,10 +521,12 @@ TlsSetCertRevocationList (
   Gets the protocol version used by the specified TLS connection.
 
   This function returns the protocol version used by the specified TLS
   connection.
 
+  If Tls is NULL, then ASSERT().
+
   @param[in]  Tls    Pointer to the TLS object.
 
   @return  The protocol version of the specified TLS connection.
 
 **/
@@ -538,10 +540,12 @@ TlsGetVersion (
   Gets the connection end of the specified TLS connection.
 
   This function returns the connection end (as client or as server) used by
   the specified TLS connection.
 
+  If Tls is NULL, then ASSERT().
+
   @param[in]  Tls    Pointer to the TLS object.
 
   @return  The connection end used by the specified TLS connection.
 
 **/
@@ -599,10 +603,12 @@ TlsGetCurrentCompressionId (
   Gets the verification mode currently set in the TLS connection.
 
   This function returns the peer verification mode currently set in the
   specified TLS connection.
 
+  If Tls is NULL, then ASSERT().
+
   @param[in]  Tls    Pointer to the TLS object.
 
   @return  The verification mode set in the specified TLS connection.
 
 **/
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index 4c88229..2ffe58a 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -640,10 +640,12 @@ TlsSetCertRevocationList (
   Gets the protocol version used by the specified TLS connection.
 
   This function returns the protocol version used by the specified TLS
   connection.
 
+  If Tls is NULL, then ASSERT().
+
   @param[in]  Tls    Pointer to the TLS object.
 
   @return  The protocol version of the specified TLS connection.
 
 **/
@@ -666,10 +668,12 @@ TlsGetVersion (
   Gets the connection end of the specified TLS connection.
 
   This function returns the connection end (as client or as server) used by
   the specified TLS connection.
 
+  If Tls is NULL, then ASSERT().
+
   @param[in]  Tls    Pointer to the TLS object.
 
   @return  The connection end used by the specified TLS connection.
 
 **/
@@ -759,10 +763,12 @@ TlsGetCurrentCompressionId (
   Gets the verification mode currently set in the TLS connection.
 
   This function returns the peer verification mode currently set in the
   specified TLS connection.
 
+  If Tls is NULL, then ASSERT().
+
   @param[in]  Tls    Pointer to the TLS object.
 
   @return  The verification mode set in the specified TLS connection.
 
 **/
@@ -982,11 +988,11 @@ TlsGetHostPublicCert (
   TLS_CONNECTION  *TlsConn;
 
   Cert    = NULL;
   TlsConn = (TLS_CONNECTION *) Tls;
 
-  if (TlsConn == NULL || TlsConn->Ssl == NULL || DataSize == NULL) {
+  if (TlsConn == NULL || TlsConn->Ssl == NULL || DataSize == NULL || (*DataSize != 0 && Data == NULL)) {
     return EFI_INVALID_PARAMETER;
   }
 
   Cert = SSL_get_certificate(TlsConn->Ssl);
   if (Cert == NULL) {
-- 
1.9.5.msysgit.1