* [PATCH 0/6] Convert files to CRLF line ending
@ 2017-04-06 2:25 Hao Wu
2017-04-06 2:25 ` [PATCH 1/6] CryptoPkg: " Hao Wu
` (5 more replies)
0 siblings, 6 replies; 13+ messages in thread
From: Hao Wu @ 2017-04-06 2:25 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu
This series converts the following file formats to CRLF line ending:
.c
.h
.inf
.uni
.vfr
.pl
Hao Wu (6):
CryptoPkg: Convert files to CRLF line ending
IntelFsp2Pkg: Convert files to CRLF line ending
IntelFsp2WrapperPkg: Convert files to CRLF line ending
SignedCapsulePkg: Convert files to CRLF line ending
MdePkg: Convert files to CRLF line ending
NetworkPkg: Convert files to CRLF line ending
CryptoPkg/Include/Library/TlsLib.h | 1575 ++++-----
CryptoPkg/Library/OpensslLib/process_files.pl | 447 +--
CryptoPkg/Library/TlsLib/InternalTlsLib.h | 85 +-
CryptoPkg/Library/TlsLib/TlsConfig.c | 2119 ++++++------
CryptoPkg/Library/TlsLib/TlsInit.c | 537 +--
CryptoPkg/Library/TlsLib/TlsLib.inf | 113 +-
CryptoPkg/Library/TlsLib/TlsLib.uni | 38 +-
CryptoPkg/Library/TlsLib/TlsProcess.c | 925 +++---
IntelFsp2Pkg/Readme.md | 14 +-
IntelFsp2WrapperPkg/Readme.md | 14 +-
MdePkg/Include/IndustryStandard/Tls1.h | 186 +-
MdePkg/Include/Protocol/Tls.h | 921 +++---
MdePkg/Include/Protocol/TlsConfig.h | 265 +-
MdePkg/Library/BaseLib/SafeString.c | 39 +-
NetworkPkg/HttpDxe/HttpsSupport.c | 3439 ++++++++++----------
NetworkPkg/HttpDxe/HttpsSupport.h | 521 +--
NetworkPkg/Include/Guid/TlsAuthConfigHii.h | 51 +-
NetworkPkg/Include/Guid/TlsAuthentication.h | 59 +-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c | 270 +-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf | 147 +-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni | 42 +-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni | 38 +-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni | 78 +-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 3377 +++++++++----------
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h | 564 ++--
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h | 99 +-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr | 305 +-
NetworkPkg/TlsDxe/TlsConfigProtocol.c | 305 +-
NetworkPkg/TlsDxe/TlsDriver.c | 993 +++---
NetworkPkg/TlsDxe/TlsDriver.h | 475 +--
NetworkPkg/TlsDxe/TlsDxe.inf | 131 +-
NetworkPkg/TlsDxe/TlsDxe.uni | 50 +-
NetworkPkg/TlsDxe/TlsDxeExtra.uni | 37 +-
NetworkPkg/TlsDxe/TlsImpl.c | 653 ++--
NetworkPkg/TlsDxe/TlsImpl.h | 631 ++--
NetworkPkg/TlsDxe/TlsProtocol.c | 1265 +++----
SignedCapsulePkg/Readme.md | 22 +-
37 files changed, 10428 insertions(+), 10402 deletions(-)
--
2.12.0.windows.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [PATCH 1/6] CryptoPkg: Convert files to CRLF line ending
2017-04-06 2:25 [PATCH 0/6] Convert files to CRLF line ending Hao Wu
@ 2017-04-06 2:25 ` Hao Wu
2017-04-06 2:56 ` Long, Qin
2017-04-06 2:25 ` [PATCH 2/6] IntelFsp2Pkg: " Hao Wu
` (4 subsequent siblings)
5 siblings, 1 reply; 13+ messages in thread
From: Hao Wu @ 2017-04-06 2:25 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Qin Long, Ting Ye
Cc: Qin Long <qin.long@intel.com>
Cc: Ting Ye <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
CryptoPkg/Include/Library/TlsLib.h | 1575 +++++++--------
CryptoPkg/Library/OpensslLib/process_files.pl | 447 +++--
CryptoPkg/Library/TlsLib/InternalTlsLib.h | 85 +-
CryptoPkg/Library/TlsLib/TlsConfig.c | 2119 ++++++++++----------
CryptoPkg/Library/TlsLib/TlsInit.c | 537 ++---
CryptoPkg/Library/TlsLib/TlsLib.inf | 113 +-
CryptoPkg/Library/TlsLib/TlsLib.uni | 38 +-
CryptoPkg/Library/TlsLib/TlsProcess.c | 925 ++++-----
8 files changed, 2923 insertions(+), 2916 deletions(-)
diff --git a/CryptoPkg/Include/Library/TlsLib.h b/CryptoPkg/Include/Library/TlsLib.h
index 45564f159e..fa6cb99d78 100644
--- a/CryptoPkg/Include/Library/TlsLib.h
+++ b/CryptoPkg/Include/Library/TlsLib.h
@@ -1,787 +1,788 @@
-/** @file
- Defines TLS Library APIs.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TLS_LIB_H__
-#define __TLS_LIB_H__
-
-/**
- Initializes the OpenSSL library.
-
- This function registers ciphers and digests used directly and indirectly
- by SSL/TLS, and initializes the readable error messages.
- This function must be called before any other action takes places.
-
-**/
-VOID
-EFIAPI
-TlsInitialize (
- VOID
- );
-
-/**
- Free an allocated SSL_CTX object.
-
- @param[in] TlsCtx Pointer to the SSL_CTX object to be released.
-
-**/
-VOID
-EFIAPI
-TlsCtxFree (
- IN VOID *TlsCtx
- );
-
-/**
- Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
- connections.
-
- @param[in] MajorVer Major Version of TLS/SSL Protocol.
- @param[in] MinorVer Minor Version of TLS/SSL Protocol.
-
- @return Pointer to an allocated SSL_CTX object.
- If the creation failed, TlsCtxNew() returns NULL.
-
-**/
-VOID *
-EFIAPI
-TlsCtxNew (
- IN UINT8 MajorVer,
- IN UINT8 MinorVer
- );
-
-/**
- Free an allocated TLS object.
-
- This function removes the TLS object pointed to by Tls and frees up the
- allocated memory. If Tls is NULL, nothing is done.
-
- @param[in] Tls Pointer to the TLS object to be freed.
-
-**/
-VOID
-EFIAPI
-TlsFree (
- IN VOID *Tls
- );
-
-/**
- Create a new TLS object for a connection.
-
- This function creates a new TLS object for a connection. The new object
- inherits the setting of the underlying context TlsCtx: connection method,
- options, verification setting.
-
- @param[in] TlsCtx Pointer to the SSL_CTX object.
-
- @return Pointer to an allocated SSL object.
- If the creation failed, TlsNew() returns NULL.
-
-**/
-VOID *
-EFIAPI
-TlsNew (
- IN VOID *TlsCtx
- );
-
-/**
- Checks if the TLS handshake was done.
-
- This function will check if the specified TLS handshake was done.
-
- @param[in] Tls Pointer to the TLS object for handshake state checking.
-
- @retval TRUE The TLS handshake was done.
- @retval FALSE The TLS handshake was not done.
-
-**/
-BOOLEAN
-EFIAPI
-TlsInHandshake (
- IN VOID *Tls
- );
-
-/**
- Perform a TLS/SSL handshake.
-
- This function will perform a TLS/SSL handshake.
-
- @param[in] Tls Pointer to the TLS object for handshake operation.
- @param[in] BufferIn Pointer to the most recently received TLS Handshake packet.
- @param[in] BufferInSize Packet size in bytes for the most recently received TLS
- Handshake packet.
- @param[out] BufferOut Pointer to the buffer to hold the built packet.
- @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- Tls is NULL.
- BufferIn is NULL but BufferInSize is NOT 0.
- BufferInSize is 0 but BufferIn is NOT NULL.
- BufferOutSize is NULL.
- BufferOut is NULL if *BufferOutSize is not zero.
- @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
- @retval EFI_ABORTED Something wrong during handshake.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsDoHandshake (
- IN VOID *Tls,
- IN UINT8 *BufferIn, OPTIONAL
- IN UINTN BufferInSize, OPTIONAL
- OUT UINT8 *BufferOut, OPTIONAL
- IN OUT UINTN *BufferOutSize
- );
-
-/**
- Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,
- TLS session has errors and the response packet needs to be Alert message based on error type.
-
- @param[in] Tls Pointer to the TLS object for state checking.
- @param[in] BufferIn Pointer to the most recently received TLS Alert packet.
- @param[in] BufferInSize Packet size in bytes for the most recently received TLS
- Alert packet.
- @param[out] BufferOut Pointer to the buffer to hold the built packet.
- @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- Tls is NULL.
- BufferIn is NULL but BufferInSize is NOT 0.
- BufferInSize is 0 but BufferIn is NOT NULL.
- BufferOutSize is NULL.
- BufferOut is NULL if *BufferOutSize is not zero.
- @retval EFI_ABORTED An error occurred.
- @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsHandleAlert (
- IN VOID *Tls,
- IN UINT8 *BufferIn, OPTIONAL
- IN UINTN BufferInSize, OPTIONAL
- OUT UINT8 *BufferOut, OPTIONAL
- IN OUT UINTN *BufferOutSize
- );
-
-/**
- Build the CloseNotify packet.
-
- @param[in] Tls Pointer to the TLS object for state checking.
- @param[in, out] Buffer Pointer to the buffer to hold the built packet.
- @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- Tls is NULL.
- BufferSize is NULL.
- Buffer is NULL if *BufferSize is not zero.
- @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCloseNotify (
- IN VOID *Tls,
- IN OUT UINT8 *Buffer,
- IN OUT UINTN *BufferSize
- );
-
-/**
- Attempts to read bytes from one TLS object and places the data in Buffer.
-
- This function will attempt to read BufferSize bytes from the TLS object
- and places the data in Buffer.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] Buffer Pointer to the buffer to store the data.
- @param[in] BufferSize The size of Buffer in bytes.
-
- @retval >0 The amount of data successfully read from the TLS object.
- @retval <=0 No data was successfully read.
-
-**/
-INTN
-EFIAPI
-TlsCtrlTrafficOut (
- IN VOID *Tls,
- IN OUT VOID *Buffer,
- IN UINTN BufferSize
- );
-
-/**
- Attempts to write data from the buffer to TLS object.
-
- This function will attempt to write BufferSize bytes data from the Buffer
- to the TLS object.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] Buffer Pointer to the data buffer.
- @param[in] BufferSize The size of Buffer in bytes.
-
- @retval >0 The amount of data successfully written to the TLS object.
- @retval <=0 No data was successfully written.
-
-**/
-INTN
-EFIAPI
-TlsCtrlTrafficIn (
- IN VOID *Tls,
- IN VOID *Buffer,
- IN UINTN BufferSize
- );
-
-/**
- Attempts to read bytes from the specified TLS connection into the buffer.
-
- This function tries to read BufferSize bytes data from the specified TLS
- connection into the Buffer.
-
- @param[in] Tls Pointer to the TLS connection for data reading.
- @param[in,out] Buffer Pointer to the data buffer.
- @param[in] BufferSize The size of Buffer in bytes.
-
- @retval >0 The read operation was successful, and return value is the
- number of bytes actually read from the TLS connection.
- @retval <=0 The read operation was not successful.
-
-**/
-INTN
-EFIAPI
-TlsRead (
- IN VOID *Tls,
- IN OUT VOID *Buffer,
- IN UINTN BufferSize
- );
-
-/**
- Attempts to write data to a TLS connection.
-
- This function tries to write BufferSize bytes data from the Buffer into the
- specified TLS connection.
-
- @param[in] Tls Pointer to the TLS connection for data writing.
- @param[in] Buffer Pointer to the data buffer.
- @param[in] BufferSize The size of Buffer in bytes.
-
- @retval >0 The write operation was successful, and return value is the
- number of bytes actually written to the TLS connection.
- @retval <=0 The write operation was not successful.
-
-**/
-INTN
-EFIAPI
-TlsWrite (
- IN VOID *Tls,
- IN VOID *Buffer,
- IN UINTN BufferSize
- );
-
-/**
- Set a new TLS/SSL method for a particular TLS object.
-
- This function sets a new TLS/SSL method for a particular TLS object.
-
- @param[in] Tls Pointer to a TLS object.
- @param[in] MajorVer Major Version of TLS/SSL Protocol.
- @param[in] MinorVer Minor Version of TLS/SSL Protocol.
-
- @retval EFI_SUCCESS The TLS/SSL method was set successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetVersion (
- IN VOID *Tls,
- IN UINT8 MajorVer,
- IN UINT8 MinorVer
- );
-
-/**
- Set TLS object to work in client or server mode.
-
- This function prepares a TLS object to work in client or server mode.
-
- @param[in] Tls Pointer to a TLS object.
- @param[in] IsServer Work in server mode.
-
- @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetConnectionEnd (
- IN VOID *Tls,
- IN BOOLEAN IsServer
- );
-
-/**
- Set the ciphers list to be used by the TLS object.
-
- This function sets the ciphers for use by a specified TLS object.
-
- @param[in] Tls Pointer to a TLS object.
- @param[in] CipherId Pointer to a string that contains one or more
- ciphers separated by a colon.
- @param[in] CipherNum The number of cipher in the list.
-
- @retval EFI_SUCCESS The ciphers list was set successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported TLS cipher in the list.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetCipherList (
- IN VOID *Tls,
- IN UINT16 *CipherId,
- IN UINTN CipherNum
- );
-
-/**
- Set the compression method for TLS/SSL operations.
-
- This function handles TLS/SSL integrated compression methods.
-
- @param[in] CompMethod The compression method ID.
-
- @retval EFI_SUCCESS The compression method for the communication was
- set successfully.
- @retval EFI_UNSUPPORTED Unsupported compression method.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetCompressionMethod (
- IN UINT8 CompMethod
- );
-
-/**
- Set peer certificate verification mode for the TLS connection.
-
- This function sets the verification mode flags for the TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] VerifyMode A set of logically or'ed verification mode flags.
-
-**/
-VOID
-EFIAPI
-TlsSetVerify (
- IN VOID *Tls,
- IN UINT32 VerifyMode
- );
-
-/**
- Sets a TLS/SSL session ID to be used during TLS/SSL connect.
-
- This function sets a session ID to be used when the TLS/SSL connection is
- to be established.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] SessionId Session ID data used for session resumption.
- @param[in] SessionIdLen Length of Session ID in bytes.
-
- @retval EFI_SUCCESS Session ID was set successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED No available session for ID setting.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetSessionId (
- IN VOID *Tls,
- IN UINT8 *SessionId,
- IN UINT16 SessionIdLen
- );
-
-/**
- Adds the CA to the cert store when requesting Server or Client authentication.
-
- This function adds the CA certificate to the list of CAs when requesting
- Server or Client authentication for the chosen TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a DER-encoded binary
- X.509 certificate or PEM-encoded X.509 certificate.
- @param[in] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
- @retval EFI_ABORTED Invalid X.509 certificate.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetCaCertificate (
- IN VOID *Tls,
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Loads the local public certificate into the specified TLS object.
-
- This function loads the X.509 certificate into the specified TLS object
- for TLS negotiation.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a DER-encoded binary
- X.509 certificate or PEM-encoded X.509 certificate.
- @param[in] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
- @retval EFI_ABORTED Invalid X.509 certificate.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetHostPublicCert (
- IN VOID *Tls,
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Adds the local private key to the specified TLS object.
-
- This function adds the local private key (PEM-encoded RSA or PKCS#8 private
- key) into the specified TLS object for TLS negotiation.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
- or PKCS#8 private key.
- @param[in] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_ABORTED Invalid private key data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetHostPrivateKey (
- IN VOID *Tls,
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Adds the CA-supplied certificate revocation list for certificate validation.
-
- This function adds the CA-supplied certificate revocation list data for
- certificate validity checking.
-
- @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
- @param[in] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_ABORTED Invalid CRL data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetCertRevocationList (
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Gets the protocol version used by the specified TLS connection.
-
- This function returns the protocol version used by the specified TLS
- connection.
-
- @param[in] Tls Pointer to the TLS object.
-
- @return The protocol version of the specified TLS connection.
-
-**/
-UINT16
-EFIAPI
-TlsGetVersion (
- IN VOID *Tls
- );
-
-/**
- Gets the connection end of the specified TLS connection.
-
- This function returns the connection end (as client or as server) used by
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
-
- @return The connection end used by the specified TLS connection.
-
-**/
-UINT8
-EFIAPI
-TlsGetConnectionEnd (
- IN VOID *Tls
- );
-
-/**
- Gets the cipher suite used by the specified TLS connection.
-
- This function returns current cipher suite used by the specified
- TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] CipherId The cipher suite used by the TLS object.
-
- @retval EFI_SUCCESS The cipher suite was returned successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported cipher suite.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetCurrentCipher (
- IN VOID *Tls,
- IN OUT UINT16 *CipherId
- );
-
-/**
- Gets the compression methods used by the specified TLS connection.
-
- This function returns current integrated compression methods used by
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] CompressionId The current compression method used by
- the TLS object.
-
- @retval EFI_SUCCESS The compression method was returned successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_ABORTED Invalid Compression method.
- @retval EFI_UNSUPPORTED This function is not supported.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetCurrentCompressionId (
- IN VOID *Tls,
- IN OUT UINT8 *CompressionId
- );
-
-/**
- Gets the verification mode currently set in the TLS connection.
-
- This function returns the peer verification mode currently set in the
- specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
-
- @return The verification mode set in the specified TLS connection.
-
-**/
-UINT32
-EFIAPI
-TlsGetVerify (
- IN VOID *Tls
- );
-
-/**
- Gets the session ID used by the specified TLS connection.
-
- This function returns the TLS/SSL session ID currently used by the
- specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] SessionId Buffer to contain the returned session ID.
- @param[in,out] SessionIdLen The length of Session ID in bytes.
-
- @retval EFI_SUCCESS The Session ID was returned successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetSessionId (
- IN VOID *Tls,
- IN OUT UINT8 *SessionId,
- IN OUT UINT16 *SessionIdLen
- );
-
-/**
- Gets the client random data used in the specified TLS connection.
-
- This function returns the TLS/SSL client random data currently used in
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] ClientRandom Buffer to contain the returned client
- random data (32 bytes).
-
-**/
-VOID
-EFIAPI
-TlsGetClientRandom (
- IN VOID *Tls,
- IN OUT UINT8 *ClientRandom
- );
-
-/**
- Gets the server random data used in the specified TLS connection.
-
- This function returns the TLS/SSL server random data currently used in
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] ServerRandom Buffer to contain the returned server
- random data (32 bytes).
-
-**/
-VOID
-EFIAPI
-TlsGetServerRandom (
- IN VOID *Tls,
- IN OUT UINT8 *ServerRandom
- );
-
-/**
- Gets the master key data used in the specified TLS connection.
-
- This function returns the TLS/SSL master key material currently used in
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] KeyMaterial Buffer to contain the returned key material.
-
- @retval EFI_SUCCESS Key material was returned successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetKeyMaterial (
- IN VOID *Tls,
- IN OUT UINT8 *KeyMaterial
- );
-
-/**
- Gets the CA Certificate from the cert store.
-
- This function returns the CA certificate for the chosen
- TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[out] Data Pointer to the data buffer to receive the CA
- certificate data sent to the client.
- @param[in,out] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetCaCertificate (
- IN VOID *Tls,
- OUT VOID *Data,
- IN OUT UINTN *DataSize
- );
-
-/**
- Gets the local public Certificate set in the specified TLS object.
-
- This function returns the local public certificate which was currently set
- in the specified TLS object.
-
- @param[in] Tls Pointer to the TLS object.
- @param[out] Data Pointer to the data buffer to receive the local
- public certificate.
- @param[in,out] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_NOT_FOUND The certificate is not found.
- @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetHostPublicCert (
- IN VOID *Tls,
- OUT VOID *Data,
- IN OUT UINTN *DataSize
- );
-
-/**
- Gets the local private key set in the specified TLS object.
-
- This function returns the local private key data which was currently set
- in the specified TLS object.
-
- @param[in] Tls Pointer to the TLS object.
- @param[out] Data Pointer to the data buffer to receive the local
- private key data.
- @param[in,out] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetHostPrivateKey (
- IN VOID *Tls,
- OUT VOID *Data,
- IN OUT UINTN *DataSize
- );
-
-/**
- Gets the CA-supplied certificate revocation list data set in the specified
- TLS object.
-
- This function returns the CA-supplied certificate revocation list data which
- was currently set in the specified TLS object.
-
- @param[out] Data Pointer to the data buffer to receive the CRL data.
- @param[in,out] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetCertRevocationList (
- OUT VOID *Data,
- IN OUT UINTN *DataSize
- );
-
-#endif // __TLS_LIB_H__
+/** @file
+ Defines TLS Library APIs.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __TLS_LIB_H__
+#define __TLS_LIB_H__
+
+/**
+ Initializes the OpenSSL library.
+
+ This function registers ciphers and digests used directly and indirectly
+ by SSL/TLS, and initializes the readable error messages.
+ This function must be called before any other action takes places.
+
+**/
+VOID
+EFIAPI
+TlsInitialize (
+ VOID
+ );
+
+/**
+ Free an allocated SSL_CTX object.
+
+ @param[in] TlsCtx Pointer to the SSL_CTX object to be released.
+
+**/
+VOID
+EFIAPI
+TlsCtxFree (
+ IN VOID *TlsCtx
+ );
+
+/**
+ Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
+ connections.
+
+ @param[in] MajorVer Major Version of TLS/SSL Protocol.
+ @param[in] MinorVer Minor Version of TLS/SSL Protocol.
+
+ @return Pointer to an allocated SSL_CTX object.
+ If the creation failed, TlsCtxNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+TlsCtxNew (
+ IN UINT8 MajorVer,
+ IN UINT8 MinorVer
+ );
+
+/**
+ Free an allocated TLS object.
+
+ This function removes the TLS object pointed to by Tls and frees up the
+ allocated memory. If Tls is NULL, nothing is done.
+
+ @param[in] Tls Pointer to the TLS object to be freed.
+
+**/
+VOID
+EFIAPI
+TlsFree (
+ IN VOID *Tls
+ );
+
+/**
+ Create a new TLS object for a connection.
+
+ This function creates a new TLS object for a connection. The new object
+ inherits the setting of the underlying context TlsCtx: connection method,
+ options, verification setting.
+
+ @param[in] TlsCtx Pointer to the SSL_CTX object.
+
+ @return Pointer to an allocated SSL object.
+ If the creation failed, TlsNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+TlsNew (
+ IN VOID *TlsCtx
+ );
+
+/**
+ Checks if the TLS handshake was done.
+
+ This function will check if the specified TLS handshake was done.
+
+ @param[in] Tls Pointer to the TLS object for handshake state checking.
+
+ @retval TRUE The TLS handshake was done.
+ @retval FALSE The TLS handshake was not done.
+
+**/
+BOOLEAN
+EFIAPI
+TlsInHandshake (
+ IN VOID *Tls
+ );
+
+/**
+ Perform a TLS/SSL handshake.
+
+ This function will perform a TLS/SSL handshake.
+
+ @param[in] Tls Pointer to the TLS object for handshake operation.
+ @param[in] BufferIn Pointer to the most recently received TLS Handshake packet.
+ @param[in] BufferInSize Packet size in bytes for the most recently received TLS
+ Handshake packet.
+ @param[out] BufferOut Pointer to the buffer to hold the built packet.
+ @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
+ the buffer size provided by the caller. On output, it
+ is the buffer size in fact needed to contain the
+ packet.
+
+ @retval EFI_SUCCESS The required TLS packet is built successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ Tls is NULL.
+ BufferIn is NULL but BufferInSize is NOT 0.
+ BufferInSize is 0 but BufferIn is NOT NULL.
+ BufferOutSize is NULL.
+ BufferOut is NULL if *BufferOutSize is not zero.
+ @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
+ @retval EFI_ABORTED Something wrong during handshake.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsDoHandshake (
+ IN VOID *Tls,
+ IN UINT8 *BufferIn, OPTIONAL
+ IN UINTN BufferInSize, OPTIONAL
+ OUT UINT8 *BufferOut, OPTIONAL
+ IN OUT UINTN *BufferOutSize
+ );
+
+/**
+ Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,
+ TLS session has errors and the response packet needs to be Alert message based on error type.
+
+ @param[in] Tls Pointer to the TLS object for state checking.
+ @param[in] BufferIn Pointer to the most recently received TLS Alert packet.
+ @param[in] BufferInSize Packet size in bytes for the most recently received TLS
+ Alert packet.
+ @param[out] BufferOut Pointer to the buffer to hold the built packet.
+ @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
+ the buffer size provided by the caller. On output, it
+ is the buffer size in fact needed to contain the
+ packet.
+
+ @retval EFI_SUCCESS The required TLS packet is built successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ Tls is NULL.
+ BufferIn is NULL but BufferInSize is NOT 0.
+ BufferInSize is 0 but BufferIn is NOT NULL.
+ BufferOutSize is NULL.
+ BufferOut is NULL if *BufferOutSize is not zero.
+ @retval EFI_ABORTED An error occurred.
+ @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsHandleAlert (
+ IN VOID *Tls,
+ IN UINT8 *BufferIn, OPTIONAL
+ IN UINTN BufferInSize, OPTIONAL
+ OUT UINT8 *BufferOut, OPTIONAL
+ IN OUT UINTN *BufferOutSize
+ );
+
+/**
+ Build the CloseNotify packet.
+
+ @param[in] Tls Pointer to the TLS object for state checking.
+ @param[in, out] Buffer Pointer to the buffer to hold the built packet.
+ @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
+ the buffer size provided by the caller. On output, it
+ is the buffer size in fact needed to contain the
+ packet.
+
+ @retval EFI_SUCCESS The required TLS packet is built successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ Tls is NULL.
+ BufferSize is NULL.
+ Buffer is NULL if *BufferSize is not zero.
+ @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsCloseNotify (
+ IN VOID *Tls,
+ IN OUT UINT8 *Buffer,
+ IN OUT UINTN *BufferSize
+ );
+
+/**
+ Attempts to read bytes from one TLS object and places the data in Buffer.
+
+ This function will attempt to read BufferSize bytes from the TLS object
+ and places the data in Buffer.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] Buffer Pointer to the buffer to store the data.
+ @param[in] BufferSize The size of Buffer in bytes.
+
+ @retval >0 The amount of data successfully read from the TLS object.
+ @retval <=0 No data was successfully read.
+
+**/
+INTN
+EFIAPI
+TlsCtrlTrafficOut (
+ IN VOID *Tls,
+ IN OUT VOID *Buffer,
+ IN UINTN BufferSize
+ );
+
+/**
+ Attempts to write data from the buffer to TLS object.
+
+ This function will attempt to write BufferSize bytes data from the Buffer
+ to the TLS object.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Buffer Pointer to the data buffer.
+ @param[in] BufferSize The size of Buffer in bytes.
+
+ @retval >0 The amount of data successfully written to the TLS object.
+ @retval <=0 No data was successfully written.
+
+**/
+INTN
+EFIAPI
+TlsCtrlTrafficIn (
+ IN VOID *Tls,
+ IN VOID *Buffer,
+ IN UINTN BufferSize
+ );
+
+/**
+ Attempts to read bytes from the specified TLS connection into the buffer.
+
+ This function tries to read BufferSize bytes data from the specified TLS
+ connection into the Buffer.
+
+ @param[in] Tls Pointer to the TLS connection for data reading.
+ @param[in,out] Buffer Pointer to the data buffer.
+ @param[in] BufferSize The size of Buffer in bytes.
+
+ @retval >0 The read operation was successful, and return value is the
+ number of bytes actually read from the TLS connection.
+ @retval <=0 The read operation was not successful.
+
+**/
+INTN
+EFIAPI
+TlsRead (
+ IN VOID *Tls,
+ IN OUT VOID *Buffer,
+ IN UINTN BufferSize
+ );
+
+/**
+ Attempts to write data to a TLS connection.
+
+ This function tries to write BufferSize bytes data from the Buffer into the
+ specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS connection for data writing.
+ @param[in] Buffer Pointer to the data buffer.
+ @param[in] BufferSize The size of Buffer in bytes.
+
+ @retval >0 The write operation was successful, and return value is the
+ number of bytes actually written to the TLS connection.
+ @retval <=0 The write operation was not successful.
+
+**/
+INTN
+EFIAPI
+TlsWrite (
+ IN VOID *Tls,
+ IN VOID *Buffer,
+ IN UINTN BufferSize
+ );
+
+/**
+ Set a new TLS/SSL method for a particular TLS object.
+
+ This function sets a new TLS/SSL method for a particular TLS object.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] MajorVer Major Version of TLS/SSL Protocol.
+ @param[in] MinorVer Minor Version of TLS/SSL Protocol.
+
+ @retval EFI_SUCCESS The TLS/SSL method was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetVersion (
+ IN VOID *Tls,
+ IN UINT8 MajorVer,
+ IN UINT8 MinorVer
+ );
+
+/**
+ Set TLS object to work in client or server mode.
+
+ This function prepares a TLS object to work in client or server mode.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] IsServer Work in server mode.
+
+ @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetConnectionEnd (
+ IN VOID *Tls,
+ IN BOOLEAN IsServer
+ );
+
+/**
+ Set the ciphers list to be used by the TLS object.
+
+ This function sets the ciphers for use by a specified TLS object.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] CipherId Pointer to a string that contains one or more
+ ciphers separated by a colon.
+ @param[in] CipherNum The number of cipher in the list.
+
+ @retval EFI_SUCCESS The ciphers list was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Unsupported TLS cipher in the list.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCipherList (
+ IN VOID *Tls,
+ IN UINT16 *CipherId,
+ IN UINTN CipherNum
+ );
+
+/**
+ Set the compression method for TLS/SSL operations.
+
+ This function handles TLS/SSL integrated compression methods.
+
+ @param[in] CompMethod The compression method ID.
+
+ @retval EFI_SUCCESS The compression method for the communication was
+ set successfully.
+ @retval EFI_UNSUPPORTED Unsupported compression method.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCompressionMethod (
+ IN UINT8 CompMethod
+ );
+
+/**
+ Set peer certificate verification mode for the TLS connection.
+
+ This function sets the verification mode flags for the TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] VerifyMode A set of logically or'ed verification mode flags.
+
+**/
+VOID
+EFIAPI
+TlsSetVerify (
+ IN VOID *Tls,
+ IN UINT32 VerifyMode
+ );
+
+/**
+ Sets a TLS/SSL session ID to be used during TLS/SSL connect.
+
+ This function sets a session ID to be used when the TLS/SSL connection is
+ to be established.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] SessionId Session ID data used for session resumption.
+ @param[in] SessionIdLen Length of Session ID in bytes.
+
+ @retval EFI_SUCCESS Session ID was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED No available session for ID setting.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetSessionId (
+ IN VOID *Tls,
+ IN UINT8 *SessionId,
+ IN UINT16 SessionIdLen
+ );
+
+/**
+ Adds the CA to the cert store when requesting Server or Client authentication.
+
+ This function adds the CA certificate to the list of CAs when requesting
+ Server or Client authentication for the chosen TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a DER-encoded binary
+ X.509 certificate or PEM-encoded X.509 certificate.
+ @param[in] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
+ @retval EFI_ABORTED Invalid X.509 certificate.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCaCertificate (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Loads the local public certificate into the specified TLS object.
+
+ This function loads the X.509 certificate into the specified TLS object
+ for TLS negotiation.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a DER-encoded binary
+ X.509 certificate or PEM-encoded X.509 certificate.
+ @param[in] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
+ @retval EFI_ABORTED Invalid X.509 certificate.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetHostPublicCert (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Adds the local private key to the specified TLS object.
+
+ This function adds the local private key (PEM-encoded RSA or PKCS#8 private
+ key) into the specified TLS object for TLS negotiation.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
+ or PKCS#8 private key.
+ @param[in] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_ABORTED Invalid private key data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetHostPrivateKey (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Adds the CA-supplied certificate revocation list for certificate validation.
+
+ This function adds the CA-supplied certificate revocation list data for
+ certificate validity checking.
+
+ @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
+ @param[in] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_ABORTED Invalid CRL data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCertRevocationList (
+ IN VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Gets the protocol version used by the specified TLS connection.
+
+ This function returns the protocol version used by the specified TLS
+ connection.
+
+ @param[in] Tls Pointer to the TLS object.
+
+ @return The protocol version of the specified TLS connection.
+
+**/
+UINT16
+EFIAPI
+TlsGetVersion (
+ IN VOID *Tls
+ );
+
+/**
+ Gets the connection end of the specified TLS connection.
+
+ This function returns the connection end (as client or as server) used by
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+
+ @return The connection end used by the specified TLS connection.
+
+**/
+UINT8
+EFIAPI
+TlsGetConnectionEnd (
+ IN VOID *Tls
+ );
+
+/**
+ Gets the cipher suite used by the specified TLS connection.
+
+ This function returns current cipher suite used by the specified
+ TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] CipherId The cipher suite used by the TLS object.
+
+ @retval EFI_SUCCESS The cipher suite was returned successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Unsupported cipher suite.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCurrentCipher (
+ IN VOID *Tls,
+ IN OUT UINT16 *CipherId
+ );
+
+/**
+ Gets the compression methods used by the specified TLS connection.
+
+ This function returns current integrated compression methods used by
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] CompressionId The current compression method used by
+ the TLS object.
+
+ @retval EFI_SUCCESS The compression method was returned successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_ABORTED Invalid Compression method.
+ @retval EFI_UNSUPPORTED This function is not supported.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCurrentCompressionId (
+ IN VOID *Tls,
+ IN OUT UINT8 *CompressionId
+ );
+
+/**
+ Gets the verification mode currently set in the TLS connection.
+
+ This function returns the peer verification mode currently set in the
+ specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+
+ @return The verification mode set in the specified TLS connection.
+
+**/
+UINT32
+EFIAPI
+TlsGetVerify (
+ IN VOID *Tls
+ );
+
+/**
+ Gets the session ID used by the specified TLS connection.
+
+ This function returns the TLS/SSL session ID currently used by the
+ specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] SessionId Buffer to contain the returned session ID.
+ @param[in,out] SessionIdLen The length of Session ID in bytes.
+
+ @retval EFI_SUCCESS The Session ID was returned successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetSessionId (
+ IN VOID *Tls,
+ IN OUT UINT8 *SessionId,
+ IN OUT UINT16 *SessionIdLen
+ );
+
+/**
+ Gets the client random data used in the specified TLS connection.
+
+ This function returns the TLS/SSL client random data currently used in
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] ClientRandom Buffer to contain the returned client
+ random data (32 bytes).
+
+**/
+VOID
+EFIAPI
+TlsGetClientRandom (
+ IN VOID *Tls,
+ IN OUT UINT8 *ClientRandom
+ );
+
+/**
+ Gets the server random data used in the specified TLS connection.
+
+ This function returns the TLS/SSL server random data currently used in
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] ServerRandom Buffer to contain the returned server
+ random data (32 bytes).
+
+**/
+VOID
+EFIAPI
+TlsGetServerRandom (
+ IN VOID *Tls,
+ IN OUT UINT8 *ServerRandom
+ );
+
+/**
+ Gets the master key data used in the specified TLS connection.
+
+ This function returns the TLS/SSL master key material currently used in
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] KeyMaterial Buffer to contain the returned key material.
+
+ @retval EFI_SUCCESS Key material was returned successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetKeyMaterial (
+ IN VOID *Tls,
+ IN OUT UINT8 *KeyMaterial
+ );
+
+/**
+ Gets the CA Certificate from the cert store.
+
+ This function returns the CA certificate for the chosen
+ TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[out] Data Pointer to the data buffer to receive the CA
+ certificate data sent to the client.
+ @param[in,out] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCaCertificate (
+ IN VOID *Tls,
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
+ );
+
+/**
+ Gets the local public Certificate set in the specified TLS object.
+
+ This function returns the local public certificate which was currently set
+ in the specified TLS object.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[out] Data Pointer to the data buffer to receive the local
+ public certificate.
+ @param[in,out] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_NOT_FOUND The certificate is not found.
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetHostPublicCert (
+ IN VOID *Tls,
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
+ );
+
+/**
+ Gets the local private key set in the specified TLS object.
+
+ This function returns the local private key data which was currently set
+ in the specified TLS object.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[out] Data Pointer to the data buffer to receive the local
+ private key data.
+ @param[in,out] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetHostPrivateKey (
+ IN VOID *Tls,
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
+ );
+
+/**
+ Gets the CA-supplied certificate revocation list data set in the specified
+ TLS object.
+
+ This function returns the CA-supplied certificate revocation list data which
+ was currently set in the specified TLS object.
+
+ @param[out] Data Pointer to the data buffer to receive the CRL data.
+ @param[in,out] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCertRevocationList (
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
+ );
+
+#endif // __TLS_LIB_H__
+
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index 210811b9ed..4a60073485 100644
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -1,223 +1,224 @@
-#!/usr/bin/perl -w
-#
-# This script runs the OpenSSL Configure script, then processes the
-# resulting file list into our local OpensslLib[Crypto].inf and also
-# takes a copy of opensslconf.h.
-#
-# This only needs to be done once by a developer when updating to a
-# new version of OpenSSL (or changing options, etc.). Normal users
-# do not need to do this, since the results are stored in the EDK2
-# git repository for them.
-#
-use strict;
-use Cwd;
-use File::Copy;
-
-#
-# Find the openssl directory name for use lib. We have to do this
-# inside of BEGIN. The variables we create here, however, don't seem
-# to be available to the main script, so we have to repeat the
-# exercise.
-#
-my $inf_file;
-my $OPENSSL_PATH;
-my @inf;
-
-BEGIN {
- $inf_file = "OpensslLib.inf";
-
- # Read the contents of the inf file
- open( FD, "<" . $inf_file ) ||
- die "Cannot open \"" . $inf_file . "\"!";
- @inf = (<FD>);
- close(FD) ||
- die "Cannot close \"" . $inf_file . "\"!";
-
- foreach (@inf) {
- if (/DEFINE\s+OPENSSL_PATH\s*=\s*([a-z]+)/) {
-
- # We need to run Configure before we can include its result...
- $OPENSSL_PATH = $1;
-
- my $basedir = getcwd();
-
- chdir($OPENSSL_PATH) ||
- die "Cannot change to OpenSSL directory \"" . $OPENSSL_PATH . "\"";
-
- # Configure UEFI
- system(
- "./Configure",
- "UEFI",
- "no-afalgeng",
- "no-asm",
- "no-async",
- "no-autoalginit",
- "no-autoerrinit",
- "no-bf",
- "no-blake2",
- "no-camellia",
- "no-capieng",
- "no-cast",
- "no-chacha",
- "no-cms",
- "no-ct",
- "no-deprecated",
- "no-dgram",
- "no-dsa",
- "no-dynamic-engine",
- "no-ec",
- "no-ec2m",
- "no-engine",
- "no-err",
- "no-filenames",
- "no-gost",
- "no-hw",
- "no-idea",
- "no-mdc2",
- "no-pic",
- "no-ocb",
- "no-poly1305",
- "no-posix-io",
- "no-rc2",
- "no-rfc3779",
- "no-rmd160",
- "no-scrypt",
- "no-seed",
- "no-sock",
- "no-srp",
- "no-ssl",
- "no-stdio",
- "no-threads",
- "no-ts",
- "no-ui",
- "no-whirlpool"
- ) == 0 ||
- die "OpenSSL Configure failed!\n";
-
- # Generate opensslconf.h per config data
- system(
- "perl -I. -Mconfigdata util/dofile.pl " .
- "include/openssl/opensslconf.h.in " .
- "> include/openssl/opensslconf.h"
- ) == 0 ||
- die "Failed to generate opensslconf.h!\n";
-
- chdir($basedir) ||
- die "Cannot change to base directory \"" . $basedir . "\"";
-
- push @INC, $1;
- last;
- }
- }
-}
-
-#
-# Retrieve file lists from OpenSSL configdata
-#
-use configdata qw/%unified_info/;
-
-my @cryptofilelist = ();
-my @sslfilelist = ();
-foreach my $product ((@{$unified_info{libraries}},
- @{$unified_info{engines}})) {
- foreach my $o (@{$unified_info{sources}->{$product}}) {
- foreach my $s (@{$unified_info{sources}->{$o}}) {
- next if ($unified_info{generate}->{$s});
- next if $s =~ "crypto/bio/b_print.c";
- if ($product =~ "libssl") {
- push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
- next;
- }
- push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
- }
- }
-}
-
-#
-# Update OpensslLib.inf with autogenerated file list
-#
-my @new_inf = ();
-my $subbing = 0;
-print "\n--> Updating OpensslLib.inf ... ";
-foreach (@inf) {
- if ( $_ =~ "# Autogenerated files list starts here" ) {
- push @new_inf, $_, @cryptofilelist, @sslfilelist;
- $subbing = 1;
- next;
- }
- if ( $_ =~ "# Autogenerated files list ends here" ) {
- push @new_inf, $_;
- $subbing = 0;
- next;
- }
-
- push @new_inf, $_
- unless ($subbing);
-}
-
-my $new_inf_file = $inf_file . ".new";
-open( FD, ">" . $new_inf_file ) ||
- die $new_inf_file;
-print( FD @new_inf ) ||
- die $new_inf_file;
-close(FD) ||
- die $new_inf_file;
-rename( $new_inf_file, $inf_file ) ||
- die "rename $inf_file";
-print "Done!";
-
-#
-# Update OpensslLibCrypto.inf with auto-generated file list (no libssl)
-#
-$inf_file = "OpensslLibCrypto.inf";
-
-# Read the contents of the inf file
-@inf = ();
-@new_inf = ();
-open( FD, "<" . $inf_file ) ||
- die "Cannot open \"" . $inf_file . "\"!";
-@inf = (<FD>);
-close(FD) ||
- die "Cannot close \"" . $inf_file . "\"!";
-
-$subbing = 0;
-print "\n--> Updating OpensslLibCrypto.inf ... ";
-foreach (@inf) {
- if ( $_ =~ "# Autogenerated files list starts here" ) {
- push @new_inf, $_, @cryptofilelist;
- $subbing = 1;
- next;
- }
- if ( $_ =~ "# Autogenerated files list ends here" ) {
- push @new_inf, $_;
- $subbing = 0;
- next;
- }
-
- push @new_inf, $_
- unless ($subbing);
-}
-
-$new_inf_file = $inf_file . ".new";
-open( FD, ">" . $new_inf_file ) ||
- die $new_inf_file;
-print( FD @new_inf ) ||
- die $new_inf_file;
-close(FD) ||
- die $new_inf_file;
-rename( $new_inf_file, $inf_file ) ||
- die "rename $inf_file";
-print "Done!";
-
-#
-# Copy opensslconf.h generated from OpenSSL Configuration
-#
-print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
-copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
- $OPENSSL_PATH . "/../../../Include/openssl/") ||
- die "Cannot copy opensslconf.h!";
-print "Done!\n";
-
-print "\nProcessing Files Done!\n";
-
-exit(0);
+#!/usr/bin/perl -w
+#
+# This script runs the OpenSSL Configure script, then processes the
+# resulting file list into our local OpensslLib[Crypto].inf and also
+# takes a copy of opensslconf.h.
+#
+# This only needs to be done once by a developer when updating to a
+# new version of OpenSSL (or changing options, etc.). Normal users
+# do not need to do this, since the results are stored in the EDK2
+# git repository for them.
+#
+use strict;
+use Cwd;
+use File::Copy;
+
+#
+# Find the openssl directory name for use lib. We have to do this
+# inside of BEGIN. The variables we create here, however, don't seem
+# to be available to the main script, so we have to repeat the
+# exercise.
+#
+my $inf_file;
+my $OPENSSL_PATH;
+my @inf;
+
+BEGIN {
+ $inf_file = "OpensslLib.inf";
+
+ # Read the contents of the inf file
+ open( FD, "<" . $inf_file ) ||
+ die "Cannot open \"" . $inf_file . "\"!";
+ @inf = (<FD>);
+ close(FD) ||
+ die "Cannot close \"" . $inf_file . "\"!";
+
+ foreach (@inf) {
+ if (/DEFINE\s+OPENSSL_PATH\s*=\s*([a-z]+)/) {
+
+ # We need to run Configure before we can include its result...
+ $OPENSSL_PATH = $1;
+
+ my $basedir = getcwd();
+
+ chdir($OPENSSL_PATH) ||
+ die "Cannot change to OpenSSL directory \"" . $OPENSSL_PATH . "\"";
+
+ # Configure UEFI
+ system(
+ "./Configure",
+ "UEFI",
+ "no-afalgeng",
+ "no-asm",
+ "no-async",
+ "no-autoalginit",
+ "no-autoerrinit",
+ "no-bf",
+ "no-blake2",
+ "no-camellia",
+ "no-capieng",
+ "no-cast",
+ "no-chacha",
+ "no-cms",
+ "no-ct",
+ "no-deprecated",
+ "no-dgram",
+ "no-dsa",
+ "no-dynamic-engine",
+ "no-ec",
+ "no-ec2m",
+ "no-engine",
+ "no-err",
+ "no-filenames",
+ "no-gost",
+ "no-hw",
+ "no-idea",
+ "no-mdc2",
+ "no-pic",
+ "no-ocb",
+ "no-poly1305",
+ "no-posix-io",
+ "no-rc2",
+ "no-rfc3779",
+ "no-rmd160",
+ "no-scrypt",
+ "no-seed",
+ "no-sock",
+ "no-srp",
+ "no-ssl",
+ "no-stdio",
+ "no-threads",
+ "no-ts",
+ "no-ui",
+ "no-whirlpool"
+ ) == 0 ||
+ die "OpenSSL Configure failed!\n";
+
+ # Generate opensslconf.h per config data
+ system(
+ "perl -I. -Mconfigdata util/dofile.pl " .
+ "include/openssl/opensslconf.h.in " .
+ "> include/openssl/opensslconf.h"
+ ) == 0 ||
+ die "Failed to generate opensslconf.h!\n";
+
+ chdir($basedir) ||
+ die "Cannot change to base directory \"" . $basedir . "\"";
+
+ push @INC, $1;
+ last;
+ }
+ }
+}
+
+#
+# Retrieve file lists from OpenSSL configdata
+#
+use configdata qw/%unified_info/;
+
+my @cryptofilelist = ();
+my @sslfilelist = ();
+foreach my $product ((@{$unified_info{libraries}},
+ @{$unified_info{engines}})) {
+ foreach my $o (@{$unified_info{sources}->{$product}}) {
+ foreach my $s (@{$unified_info{sources}->{$o}}) {
+ next if ($unified_info{generate}->{$s});
+ next if $s =~ "crypto/bio/b_print.c";
+ if ($product =~ "libssl") {
+ push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
+ next;
+ }
+ push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
+ }
+ }
+}
+
+#
+# Update OpensslLib.inf with autogenerated file list
+#
+my @new_inf = ();
+my $subbing = 0;
+print "\n--> Updating OpensslLib.inf ... ";
+foreach (@inf) {
+ if ( $_ =~ "# Autogenerated files list starts here" ) {
+ push @new_inf, $_, @cryptofilelist, @sslfilelist;
+ $subbing = 1;
+ next;
+ }
+ if ( $_ =~ "# Autogenerated files list ends here" ) {
+ push @new_inf, $_;
+ $subbing = 0;
+ next;
+ }
+
+ push @new_inf, $_
+ unless ($subbing);
+}
+
+my $new_inf_file = $inf_file . ".new";
+open( FD, ">" . $new_inf_file ) ||
+ die $new_inf_file;
+print( FD @new_inf ) ||
+ die $new_inf_file;
+close(FD) ||
+ die $new_inf_file;
+rename( $new_inf_file, $inf_file ) ||
+ die "rename $inf_file";
+print "Done!";
+
+#
+# Update OpensslLibCrypto.inf with auto-generated file list (no libssl)
+#
+$inf_file = "OpensslLibCrypto.inf";
+
+# Read the contents of the inf file
+@inf = ();
+@new_inf = ();
+open( FD, "<" . $inf_file ) ||
+ die "Cannot open \"" . $inf_file . "\"!";
+@inf = (<FD>);
+close(FD) ||
+ die "Cannot close \"" . $inf_file . "\"!";
+
+$subbing = 0;
+print "\n--> Updating OpensslLibCrypto.inf ... ";
+foreach (@inf) {
+ if ( $_ =~ "# Autogenerated files list starts here" ) {
+ push @new_inf, $_, @cryptofilelist;
+ $subbing = 1;
+ next;
+ }
+ if ( $_ =~ "# Autogenerated files list ends here" ) {
+ push @new_inf, $_;
+ $subbing = 0;
+ next;
+ }
+
+ push @new_inf, $_
+ unless ($subbing);
+}
+
+$new_inf_file = $inf_file . ".new";
+open( FD, ">" . $new_inf_file ) ||
+ die $new_inf_file;
+print( FD @new_inf ) ||
+ die $new_inf_file;
+close(FD) ||
+ die $new_inf_file;
+rename( $new_inf_file, $inf_file ) ||
+ die "rename $inf_file";
+print "Done!";
+
+#
+# Copy opensslconf.h generated from OpenSSL Configuration
+#
+print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
+copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
+ $OPENSSL_PATH . "/../../../Include/openssl/") ||
+ die "Cannot copy opensslconf.h!";
+print "Done!\n";
+
+print "\nProcessing Files Done!\n";
+
+exit(0);
+
diff --git a/CryptoPkg/Library/TlsLib/InternalTlsLib.h b/CryptoPkg/Library/TlsLib/InternalTlsLib.h
index 97727361e8..88c4e3b38e 100644
--- a/CryptoPkg/Library/TlsLib/InternalTlsLib.h
+++ b/CryptoPkg/Library/TlsLib/InternalTlsLib.h
@@ -1,42 +1,43 @@
-/** @file
- Internal include file for TlsLib.
-
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __INTERNAL_TLS_LIB_H__
-#define __INTERNAL_TLS_LIB_H__
-
-#undef _WIN32
-#undef _WIN64
-
-#include <Library/BaseCryptLib.h>
-#include <openssl/ssl.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-
-typedef struct {
- //
- // Main SSL Connection which is created by a server or a client
- // per established connection.
- //
- SSL *Ssl;
- //
- // Memory BIO for the TLS/SSL Reading operations.
- //
- BIO *InBio;
- //
- // Memory BIO for the TLS/SSL Writing operations.
- //
- BIO *OutBio;
-} TLS_CONNECTION;
-
-#endif
+/** @file
+ Internal include file for TlsLib.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __INTERNAL_TLS_LIB_H__
+#define __INTERNAL_TLS_LIB_H__
+
+#undef _WIN32
+#undef _WIN64
+
+#include <Library/BaseCryptLib.h>
+#include <openssl/ssl.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+typedef struct {
+ //
+ // Main SSL Connection which is created by a server or a client
+ // per established connection.
+ //
+ SSL *Ssl;
+ //
+ // Memory BIO for the TLS/SSL Reading operations.
+ //
+ BIO *InBio;
+ //
+ // Memory BIO for the TLS/SSL Writing operations.
+ //
+ BIO *OutBio;
+} TLS_CONNECTION;
+
+#endif
+
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index 43e275d400..4c88229b89 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -1,1059 +1,1060 @@
-/** @file
- SSL/TLS Configuration Library Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "InternalTlsLib.h"
-
-typedef struct {
- //
- // IANA/IETF defined Cipher Suite ID
- //
- UINT16 IanaCipher;
- //
- // OpenSSL-used Cipher Suite String
- //
- CONST CHAR8 *OpensslCipher;
-} TLS_CIPHER_PAIR;
-
-//
-// The mapping table between IANA/IETF Cipher Suite definitions and
-// OpenSSL-used Cipher Suite name.
-//
-STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
- { 0x0001, "NULL-MD5" }, /// TLS_RSA_WITH_NULL_MD5
- { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA
- { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5
- { 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA
- { 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1
- { 0x0016, "DHE-RSA-DES-CBC3-SHA" }, /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- { 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2
- { 0x0030, "DH-DSS-AES128-SHA" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA
- { 0x0031, "DH-RSA-AES128-SHA" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA
- { 0x0033, "DHE-RSA-AES128-SHA" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- { 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA
- { 0x0036, "DH-DSS-AES256-SHA" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA
- { 0x0037, "DH-RSA-AES256-SHA" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA
- { 0x0039, "DHE-RSA-AES256-SHA" }, /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- { 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256
- { 0x003C, "AES128-SHA256" }, /// TLS_RSA_WITH_AES_128_CBC_SHA256
- { 0x003D, "AES256-SHA256" }, /// TLS_RSA_WITH_AES_256_CBC_SHA256
- { 0x003E, "DH-DSS-AES128-SHA256" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256
- { 0x003F, "DH-RSA-AES128-SHA256" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256
- { 0x0067, "DHE-RSA-AES128-SHA256" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- { 0x0068, "DH-DSS-AES256-SHA256" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256
- { 0x0069, "DH-RSA-AES256-SHA256" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256
- { 0x006B, "DHE-RSA-AES256-SHA256" } /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
-};
-
-/**
- Gets the OpenSSL cipher suite string for the supplied IANA TLS cipher suite.
-
- @param[in] CipherId The supplied IANA TLS cipher suite ID.
-
- @return The corresponding OpenSSL cipher suite string if found,
- NULL otherwise.
-
-**/
-STATIC
-CONST CHAR8 *
-TlsGetCipherString (
- IN UINT16 CipherId
- )
-{
- CONST TLS_CIPHER_PAIR *CipherEntry;
- UINTN TableSize;
- UINTN Index;
-
- CipherEntry = TlsCipherMappingTable;
- TableSize = sizeof (TlsCipherMappingTable) / sizeof (TLS_CIPHER_PAIR);
-
- //
- // Search Cipher Mapping Table for IANA-OpenSSL Cipher Translation
- //
- for (Index = 0; Index < TableSize; Index++, CipherEntry++) {
- //
- // Translate IANA cipher suite name to OpenSSL name.
- //
- if (CipherEntry->IanaCipher == CipherId) {
- return CipherEntry->OpensslCipher;
- }
- }
-
- //
- // No Cipher Mapping found, return NULL.
- //
- return NULL;
-}
-
-/**
- Set a new TLS/SSL method for a particular TLS object.
-
- This function sets a new TLS/SSL method for a particular TLS object.
-
- @param[in] Tls Pointer to a TLS object.
- @param[in] MajorVer Major Version of TLS/SSL Protocol.
- @param[in] MinorVer Minor Version of TLS/SSL Protocol.
-
- @retval EFI_SUCCESS The TLS/SSL method was set successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetVersion (
- IN VOID *Tls,
- IN UINT8 MajorVer,
- IN UINT8 MinorVer
- )
-{
- TLS_CONNECTION *TlsConn;
- UINT16 ProtoVersion;
-
- TlsConn = (TLS_CONNECTION *)Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- ProtoVersion = (MajorVer << 8) | MinorVer;
-
- //
- // Bound TLS method to the particular specified version.
- //
- switch (ProtoVersion) {
- case TLS1_VERSION:
- //
- // TLS 1.0
- //
- SSL_set_min_proto_version (TlsConn->Ssl, TLS1_VERSION);
- SSL_set_max_proto_version (TlsConn->Ssl, TLS1_VERSION);
- break;
- case TLS1_1_VERSION:
- //
- // TLS 1.1
- //
- SSL_set_min_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
- SSL_set_max_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
- break;
- case TLS1_2_VERSION:
- //
- // TLS 1.2
- //
- SSL_set_min_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
- SSL_set_max_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
- break;
- default:
- //
- // Unsupported Protocol Version
- //
- return EFI_UNSUPPORTED;
- }
-
- return EFI_SUCCESS;;
-}
-
-/**
- Set TLS object to work in client or server mode.
-
- This function prepares a TLS object to work in client or server mode.
-
- @param[in] Tls Pointer to a TLS object.
- @param[in] IsServer Work in server mode.
-
- @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetConnectionEnd (
- IN VOID *Tls,
- IN BOOLEAN IsServer
- )
-{
- TLS_CONNECTION *TlsConn;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (!IsServer) {
- //
- // Set TLS to work in Client mode.
- //
- SSL_set_connect_state (TlsConn->Ssl);
- } else {
- //
- // Set TLS to work in Server mode.
- // It is unsupported for UEFI version currently.
- //
- //SSL_set_accept_state (TlsConn->Ssl);
- return EFI_UNSUPPORTED;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Set the ciphers list to be used by the TLS object.
-
- This function sets the ciphers for use by a specified TLS object.
-
- @param[in] Tls Pointer to a TLS object.
- @param[in] CipherId Pointer to a UINT16 cipher Id.
- @param[in] CipherNum The number of cipher in the list.
-
- @retval EFI_SUCCESS The ciphers list was set successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported TLS cipher in the list.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetCipherList (
- IN VOID *Tls,
- IN UINT16 *CipherId,
- IN UINTN CipherNum
- )
-{
- TLS_CONNECTION *TlsConn;
- UINTN Index;
- CONST CHAR8 *MappingName;
- CHAR8 CipherString[500];
-
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- MappingName = NULL;
-
- memset (CipherString, 0, sizeof (CipherString));
-
- for (Index = 0; Index < CipherNum; Index++) {
- //
- // Handling OpenSSL / RFC Cipher name mapping.
- //
- MappingName = TlsGetCipherString (*(CipherId + Index));
- if (MappingName == NULL) {
- return EFI_UNSUPPORTED;
- }
-
- if (Index != 0) {
- //
- // The ciphers were separated by a colon.
- //
- AsciiStrCatS (CipherString, sizeof (CipherString), ":");
- }
-
- AsciiStrCatS (CipherString, sizeof (CipherString), MappingName);
- }
-
- AsciiStrCatS (CipherString, sizeof (CipherString), ":@STRENGTH");
-
- //
- // Sets the ciphers for use by the Tls object.
- //
- if (SSL_set_cipher_list (TlsConn->Ssl, CipherString) <= 0) {
- return EFI_UNSUPPORTED;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Set the compression method for TLS/SSL operations.
-
- This function handles TLS/SSL integrated compression methods.
-
- @param[in] CompMethod The compression method ID.
-
- @retval EFI_SUCCESS The compression method for the communication was
- set successfully.
- @retval EFI_UNSUPPORTED Unsupported compression method.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetCompressionMethod (
- IN UINT8 CompMethod
- )
-{
- COMP_METHOD *Cm;
- INTN Ret;
-
- Cm = NULL;
- Ret = 0;
-
- if (CompMethod == 0) {
- //
- // TLS defines one standard compression method, CompressionMethod.null (0),
- // which specifies that data exchanged via the record protocol will not be compressed.
- // So, return EFI_SUCCESS directly (RFC 3749).
- //
- return EFI_SUCCESS;
- } else if (CompMethod == 1) {
- Cm = COMP_zlib();
- } else {
- return EFI_UNSUPPORTED;
- }
-
- //
- // Adds the compression method to the list of available
- // compression methods.
- //
- Ret = SSL_COMP_add_compression_method (CompMethod, Cm);
- if (Ret != 0) {
- return EFI_UNSUPPORTED;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Set peer certificate verification mode for the TLS connection.
-
- This function sets the verification mode flags for the TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] VerifyMode A set of logically or'ed verification mode flags.
-
-**/
-VOID
-EFIAPI
-TlsSetVerify (
- IN VOID *Tls,
- IN UINT32 VerifyMode
- )
-{
- TLS_CONNECTION *TlsConn;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {
- return;
- }
-
- //
- // Set peer certificate verification parameters with NULL callback.
- //
- SSL_set_verify (TlsConn->Ssl, VerifyMode, NULL);
-}
-
-/**
- Sets a TLS/SSL session ID to be used during TLS/SSL connect.
-
- This function sets a session ID to be used when the TLS/SSL connection is
- to be established.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] SessionId Session ID data used for session resumption.
- @param[in] SessionIdLen Length of Session ID in bytes.
-
- @retval EFI_SUCCESS Session ID was set successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED No available session for ID setting.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetSessionId (
- IN VOID *Tls,
- IN UINT8 *SessionId,
- IN UINT16 SessionIdLen
- )
-{
- TLS_CONNECTION *TlsConn;
- SSL_SESSION *Session;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- Session = NULL;
-
- if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- Session = SSL_get_session (TlsConn->Ssl);
- if (Session == NULL) {
- return EFI_UNSUPPORTED;
- }
-
- SSL_SESSION_set1_id (Session, (const unsigned char *)SessionId, SessionIdLen);
-
- return EFI_SUCCESS;
-}
-
-/**
- Adds the CA to the cert store when requesting Server or Client authentication.
-
- This function adds the CA certificate to the list of CAs when requesting
- Server or Client authentication for the chosen TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a DER-encoded binary
- X.509 certificate or PEM-encoded X.509 certificate.
- @param[in] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
- @retval EFI_ABORTED Invalid X.509 certificate.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetCaCertificate (
- IN VOID *Tls,
- IN VOID *Data,
- IN UINTN DataSize
- )
-{
- BIO *BioCert;
- X509 *Cert;
- X509_STORE *X509Store;
- EFI_STATUS Status;
- TLS_CONNECTION *TlsConn;
- SSL_CTX *SslCtx;
- INTN Ret;
- UINTN ErrorCode;
-
- BioCert = NULL;
- Cert = NULL;
- X509Store = NULL;
- Status = EFI_SUCCESS;
- TlsConn = (TLS_CONNECTION *) Tls;
- Ret = 0;
-
- if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize == 0) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.
- // Determine whether certificate is from DER encoding, if so, translate it to X509 structure.
- //
- Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);
- if (Cert == NULL) {
- //
- // Certificate is from PEM encoding.
- //
- BioCert = BIO_new (BIO_s_mem ());
- if (BioCert == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {
- Status = EFI_ABORTED;
- goto ON_EXIT;
- }
-
- Cert = PEM_read_bio_X509 (BioCert, NULL, NULL, NULL);
- if (Cert == NULL) {
- Status = EFI_ABORTED;
- goto ON_EXIT;
- }
- }
-
- SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);
- X509Store = SSL_CTX_get_cert_store (SslCtx);
- if (X509Store == NULL) {
- Status = EFI_ABORTED;
- goto ON_EXIT;
- }
-
- //
- // Add certificate to X509 store
- //
- Ret = X509_STORE_add_cert (X509Store, Cert);
- if (Ret != 1) {
- ErrorCode = ERR_peek_last_error ();
- //
- // Ignore "already in table" errors
- //
- if (!(ERR_GET_FUNC (ErrorCode) == X509_F_X509_STORE_ADD_CERT &&
- ERR_GET_REASON (ErrorCode) == X509_R_CERT_ALREADY_IN_HASH_TABLE)) {
- Status = EFI_ABORTED;
- goto ON_EXIT;
- }
- }
-
-ON_EXIT:
- if (BioCert != NULL) {
- BIO_free (BioCert);
- }
-
- if (Cert != NULL) {
- X509_free (Cert);
- }
-
- return Status;
-}
-
-/**
- Loads the local public certificate into the specified TLS object.
-
- This function loads the X.509 certificate into the specified TLS object
- for TLS negotiation.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a DER-encoded binary
- X.509 certificate or PEM-encoded X.509 certificate.
- @param[in] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
- @retval EFI_ABORTED Invalid X.509 certificate.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetHostPublicCert (
- IN VOID *Tls,
- IN VOID *Data,
- IN UINTN DataSize
- )
-{
- BIO *BioCert;
- X509 *Cert;
- EFI_STATUS Status;
- TLS_CONNECTION *TlsConn;
-
- BioCert = NULL;
- Cert = NULL;
- Status = EFI_SUCCESS;
- TlsConn = (TLS_CONNECTION *) Tls;
-
- if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize == 0) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.
- // Determine whether certificate is from DER encoding, if so, translate it to X509 structure.
- //
- Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);
- if (Cert == NULL) {
- //
- // Certificate is from PEM encoding.
- //
- BioCert = BIO_new (BIO_s_mem ());
- if (BioCert == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {
- Status = EFI_ABORTED;
- goto ON_EXIT;
- }
-
- Cert = PEM_read_bio_X509 (BioCert, NULL, NULL, NULL);
- if (Cert == NULL) {
- Status = EFI_ABORTED;
- goto ON_EXIT;
- }
- }
-
- if (SSL_use_certificate (TlsConn->Ssl, Cert) != 1) {
- Status = EFI_ABORTED;
- goto ON_EXIT;
- }
-
-ON_EXIT:
- if (BioCert != NULL) {
- BIO_free (BioCert);
- }
-
- if (Cert != NULL) {
- X509_free (Cert);
- }
-
- return Status;
-}
-
-/**
- Adds the local private key to the specified TLS object.
-
- This function adds the local private key (PEM-encoded RSA or PKCS#8 private
- key) into the specified TLS object for TLS negotiation.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
- or PKCS#8 private key.
- @param[in] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_ABORTED Invalid private key data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetHostPrivateKey (
- IN VOID *Tls,
- IN VOID *Data,
- IN UINTN DataSize
- )
-{
- return EFI_UNSUPPORTED;
-}
-
-/**
- Adds the CA-supplied certificate revocation list for certificate validation.
-
- This function adds the CA-supplied certificate revocation list data for
- certificate validity checking.
-
- @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
- @param[in] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_ABORTED Invalid CRL data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsSetCertRevocationList (
- IN VOID *Data,
- IN UINTN DataSize
- )
-{
- return EFI_UNSUPPORTED;
-}
-
-/**
- Gets the protocol version used by the specified TLS connection.
-
- This function returns the protocol version used by the specified TLS
- connection.
-
- @param[in] Tls Pointer to the TLS object.
-
- @return The protocol version of the specified TLS connection.
-
-**/
-UINT16
-EFIAPI
-TlsGetVersion (
- IN VOID *Tls
- )
-{
- TLS_CONNECTION *TlsConn;
-
- TlsConn = (TLS_CONNECTION *) Tls;
-
- ASSERT (TlsConn != NULL);
-
- return (UINT16)(SSL_version (TlsConn->Ssl));
-}
-
-/**
- Gets the connection end of the specified TLS connection.
-
- This function returns the connection end (as client or as server) used by
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
-
- @return The connection end used by the specified TLS connection.
-
-**/
-UINT8
-EFIAPI
-TlsGetConnectionEnd (
- IN VOID *Tls
- )
-{
- TLS_CONNECTION *TlsConn;
-
- TlsConn = (TLS_CONNECTION *) Tls;
-
- ASSERT (TlsConn != NULL);
-
- return (UINT8)SSL_is_server (TlsConn->Ssl);
-}
-
-/**
- Gets the cipher suite used by the specified TLS connection.
-
- This function returns current cipher suite used by the specified
- TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] CipherId The cipher suite used by the TLS object.
-
- @retval EFI_SUCCESS The cipher suite was returned successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Unsupported cipher suite.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetCurrentCipher (
- IN VOID *Tls,
- IN OUT UINT16 *CipherId
- )
-{
- TLS_CONNECTION *TlsConn;
- CONST SSL_CIPHER *Cipher;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- Cipher = NULL;
-
- if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- Cipher = SSL_get_current_cipher (TlsConn->Ssl);
- if (Cipher == NULL) {
- return EFI_UNSUPPORTED;
- }
-
- *CipherId = (SSL_CIPHER_get_id (Cipher)) & 0xFFFF;
-
- return EFI_SUCCESS;
-}
-
-/**
- Gets the compression methods used by the specified TLS connection.
-
- This function returns current integrated compression methods used by
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] CompressionId The current compression method used by
- the TLS object.
-
- @retval EFI_SUCCESS The compression method was returned successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_ABORTED Invalid Compression method.
- @retval EFI_UNSUPPORTED This function is not supported.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetCurrentCompressionId (
- IN VOID *Tls,
- IN OUT UINT8 *CompressionId
- )
-{
- return EFI_UNSUPPORTED;
-}
-
-/**
- Gets the verification mode currently set in the TLS connection.
-
- This function returns the peer verification mode currently set in the
- specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
-
- @return The verification mode set in the specified TLS connection.
-
-**/
-UINT32
-EFIAPI
-TlsGetVerify (
- IN VOID *Tls
- )
-{
- TLS_CONNECTION *TlsConn;
-
- TlsConn = (TLS_CONNECTION *) Tls;
-
- ASSERT (TlsConn != NULL);
-
- return SSL_get_verify_mode (TlsConn->Ssl);
-}
-
-/**
- Gets the session ID used by the specified TLS connection.
-
- This function returns the TLS/SSL session ID currently used by the
- specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] SessionId Buffer to contain the returned session ID.
- @param[in,out] SessionIdLen The length of Session ID in bytes.
-
- @retval EFI_SUCCESS The Session ID was returned successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetSessionId (
- IN VOID *Tls,
- IN OUT UINT8 *SessionId,
- IN OUT UINT16 *SessionIdLen
- )
-{
- TLS_CONNECTION *TlsConn;
- SSL_SESSION *Session;
- CONST UINT8 *SslSessionId;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- Session = NULL;
-
- if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL || SessionIdLen == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- Session = SSL_get_session (TlsConn->Ssl);
- if (Session == NULL) {
- return EFI_UNSUPPORTED;
- }
-
- SslSessionId = SSL_SESSION_get_id (Session, (unsigned int *)SessionIdLen);
- CopyMem (SessionId, SslSessionId, *SessionIdLen);
-
- return EFI_SUCCESS;
-}
-
-/**
- Gets the client random data used in the specified TLS connection.
-
- This function returns the TLS/SSL client random data currently used in
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] ClientRandom Buffer to contain the returned client
- random data (32 bytes).
-
-**/
-VOID
-EFIAPI
-TlsGetClientRandom (
- IN VOID *Tls,
- IN OUT UINT8 *ClientRandom
- )
-{
- TLS_CONNECTION *TlsConn;
-
- TlsConn = (TLS_CONNECTION *) Tls;
-
- if (TlsConn == NULL || TlsConn->Ssl == NULL || ClientRandom == NULL) {
- return;
- }
-
- SSL_get_client_random (TlsConn->Ssl, ClientRandom, SSL3_RANDOM_SIZE);
-}
-
-/**
- Gets the server random data used in the specified TLS connection.
-
- This function returns the TLS/SSL server random data currently used in
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] ServerRandom Buffer to contain the returned server
- random data (32 bytes).
-
-**/
-VOID
-EFIAPI
-TlsGetServerRandom (
- IN VOID *Tls,
- IN OUT UINT8 *ServerRandom
- )
-{
- TLS_CONNECTION *TlsConn;
-
- TlsConn = (TLS_CONNECTION *) Tls;
-
- if (TlsConn == NULL || TlsConn->Ssl == NULL || ServerRandom == NULL) {
- return;
- }
-
- SSL_get_server_random (TlsConn->Ssl, ServerRandom, SSL3_RANDOM_SIZE);
-}
-
-/**
- Gets the master key data used in the specified TLS connection.
-
- This function returns the TLS/SSL master key material currently used in
- the specified TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] KeyMaterial Buffer to contain the returned key material.
-
- @retval EFI_SUCCESS Key material was returned successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetKeyMaterial (
- IN VOID *Tls,
- IN OUT UINT8 *KeyMaterial
- )
-{
- TLS_CONNECTION *TlsConn;
- SSL_SESSION *Session;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- Session = NULL;
-
- if (TlsConn == NULL || TlsConn->Ssl == NULL || KeyMaterial == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- Session = SSL_get_session (TlsConn->Ssl);
-
- if (Session == NULL) {
- return EFI_UNSUPPORTED;
- }
-
- SSL_SESSION_get_master_key (Session, KeyMaterial, SSL3_MASTER_SECRET_SIZE);
-
- return EFI_SUCCESS;
-}
-
-/**
- Gets the CA Certificate from the cert store.
-
- This function returns the CA certificate for the chosen
- TLS connection.
-
- @param[in] Tls Pointer to the TLS object.
- @param[out] Data Pointer to the data buffer to receive the CA
- certificate data sent to the client.
- @param[in,out] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetCaCertificate (
- IN VOID *Tls,
- OUT VOID *Data,
- IN OUT UINTN *DataSize
- )
-{
- return EFI_UNSUPPORTED;
-}
-
-/**
- Gets the local public Certificate set in the specified TLS object.
-
- This function returns the local public certificate which was currently set
- in the specified TLS object.
-
- @param[in] Tls Pointer to the TLS object.
- @param[out] Data Pointer to the data buffer to receive the local
- public certificate.
- @param[in,out] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_NOT_FOUND The certificate is not found.
- @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetHostPublicCert (
- IN VOID *Tls,
- OUT VOID *Data,
- IN OUT UINTN *DataSize
- )
-{
- X509 *Cert;
- TLS_CONNECTION *TlsConn;
-
- Cert = NULL;
- TlsConn = (TLS_CONNECTION *) Tls;
-
- if (TlsConn == NULL || TlsConn->Ssl == NULL || DataSize == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- Cert = SSL_get_certificate(TlsConn->Ssl);
- if (Cert == NULL) {
- return EFI_NOT_FOUND;
- }
-
- //
- // Only DER encoding is supported currently.
- //
- if (*DataSize < (UINTN) i2d_X509 (Cert, NULL)) {
- *DataSize = (UINTN) i2d_X509 (Cert, NULL);
- return EFI_BUFFER_TOO_SMALL;
- }
-
- *DataSize = (UINTN) i2d_X509 (Cert, (unsigned char **) &Data);
-
- return EFI_SUCCESS;
-}
-
-/**
- Gets the local private key set in the specified TLS object.
-
- This function returns the local private key data which was currently set
- in the specified TLS object.
-
- @param[in] Tls Pointer to the TLS object.
- @param[out] Data Pointer to the data buffer to receive the local
- private key data.
- @param[in,out] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetHostPrivateKey (
- IN VOID *Tls,
- OUT VOID *Data,
- IN OUT UINTN *DataSize
- )
-{
- return EFI_UNSUPPORTED;
-}
-
-/**
- Gets the CA-supplied certificate revocation list data set in the specified
- TLS object.
-
- This function returns the CA-supplied certificate revocation list data which
- was currently set in the specified TLS object.
-
- @param[out] Data Pointer to the data buffer to receive the CRL data.
- @param[in,out] DataSize The size of data buffer in bytes.
-
- @retval EFI_SUCCESS The operation succeeded.
- @retval EFI_UNSUPPORTED This function is not supported.
- @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsGetCertRevocationList (
- OUT VOID *Data,
- IN OUT UINTN *DataSize
- )
-{
- return EFI_UNSUPPORTED;
-}
+/** @file
+ SSL/TLS Configuration Library Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalTlsLib.h"
+
+typedef struct {
+ //
+ // IANA/IETF defined Cipher Suite ID
+ //
+ UINT16 IanaCipher;
+ //
+ // OpenSSL-used Cipher Suite String
+ //
+ CONST CHAR8 *OpensslCipher;
+} TLS_CIPHER_PAIR;
+
+//
+// The mapping table between IANA/IETF Cipher Suite definitions and
+// OpenSSL-used Cipher Suite name.
+//
+STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
+ { 0x0001, "NULL-MD5" }, /// TLS_RSA_WITH_NULL_MD5
+ { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA
+ { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5
+ { 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA
+ { 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1
+ { 0x0016, "DHE-RSA-DES-CBC3-SHA" }, /// TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ { 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA, mandatory TLS 1.2
+ { 0x0030, "DH-DSS-AES128-SHA" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA
+ { 0x0031, "DH-RSA-AES128-SHA" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA
+ { 0x0033, "DHE-RSA-AES128-SHA" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ { 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA
+ { 0x0036, "DH-DSS-AES256-SHA" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA
+ { 0x0037, "DH-RSA-AES256-SHA" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA
+ { 0x0039, "DHE-RSA-AES256-SHA" }, /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ { 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256
+ { 0x003C, "AES128-SHA256" }, /// TLS_RSA_WITH_AES_128_CBC_SHA256
+ { 0x003D, "AES256-SHA256" }, /// TLS_RSA_WITH_AES_256_CBC_SHA256
+ { 0x003E, "DH-DSS-AES128-SHA256" }, /// TLS_DH_DSS_WITH_AES_128_CBC_SHA256
+ { 0x003F, "DH-RSA-AES128-SHA256" }, /// TLS_DH_RSA_WITH_AES_128_CBC_SHA256
+ { 0x0067, "DHE-RSA-AES128-SHA256" }, /// TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ { 0x0068, "DH-DSS-AES256-SHA256" }, /// TLS_DH_DSS_WITH_AES_256_CBC_SHA256
+ { 0x0069, "DH-RSA-AES256-SHA256" }, /// TLS_DH_RSA_WITH_AES_256_CBC_SHA256
+ { 0x006B, "DHE-RSA-AES256-SHA256" } /// TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+};
+
+/**
+ Gets the OpenSSL cipher suite string for the supplied IANA TLS cipher suite.
+
+ @param[in] CipherId The supplied IANA TLS cipher suite ID.
+
+ @return The corresponding OpenSSL cipher suite string if found,
+ NULL otherwise.
+
+**/
+STATIC
+CONST CHAR8 *
+TlsGetCipherString (
+ IN UINT16 CipherId
+ )
+{
+ CONST TLS_CIPHER_PAIR *CipherEntry;
+ UINTN TableSize;
+ UINTN Index;
+
+ CipherEntry = TlsCipherMappingTable;
+ TableSize = sizeof (TlsCipherMappingTable) / sizeof (TLS_CIPHER_PAIR);
+
+ //
+ // Search Cipher Mapping Table for IANA-OpenSSL Cipher Translation
+ //
+ for (Index = 0; Index < TableSize; Index++, CipherEntry++) {
+ //
+ // Translate IANA cipher suite name to OpenSSL name.
+ //
+ if (CipherEntry->IanaCipher == CipherId) {
+ return CipherEntry->OpensslCipher;
+ }
+ }
+
+ //
+ // No Cipher Mapping found, return NULL.
+ //
+ return NULL;
+}
+
+/**
+ Set a new TLS/SSL method for a particular TLS object.
+
+ This function sets a new TLS/SSL method for a particular TLS object.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] MajorVer Major Version of TLS/SSL Protocol.
+ @param[in] MinorVer Minor Version of TLS/SSL Protocol.
+
+ @retval EFI_SUCCESS The TLS/SSL method was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetVersion (
+ IN VOID *Tls,
+ IN UINT8 MajorVer,
+ IN UINT8 MinorVer
+ )
+{
+ TLS_CONNECTION *TlsConn;
+ UINT16 ProtoVersion;
+
+ TlsConn = (TLS_CONNECTION *)Tls;
+ if (TlsConn == NULL || TlsConn->Ssl == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ ProtoVersion = (MajorVer << 8) | MinorVer;
+
+ //
+ // Bound TLS method to the particular specified version.
+ //
+ switch (ProtoVersion) {
+ case TLS1_VERSION:
+ //
+ // TLS 1.0
+ //
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_VERSION);
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_VERSION);
+ break;
+ case TLS1_1_VERSION:
+ //
+ // TLS 1.1
+ //
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
+ break;
+ case TLS1_2_VERSION:
+ //
+ // TLS 1.2
+ //
+ SSL_set_min_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
+ SSL_set_max_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
+ break;
+ default:
+ //
+ // Unsupported Protocol Version
+ //
+ return EFI_UNSUPPORTED;
+ }
+
+ return EFI_SUCCESS;;
+}
+
+/**
+ Set TLS object to work in client or server mode.
+
+ This function prepares a TLS object to work in client or server mode.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] IsServer Work in server mode.
+
+ @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetConnectionEnd (
+ IN VOID *Tls,
+ IN BOOLEAN IsServer
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ if (TlsConn == NULL || TlsConn->Ssl == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (!IsServer) {
+ //
+ // Set TLS to work in Client mode.
+ //
+ SSL_set_connect_state (TlsConn->Ssl);
+ } else {
+ //
+ // Set TLS to work in Server mode.
+ // It is unsupported for UEFI version currently.
+ //
+ //SSL_set_accept_state (TlsConn->Ssl);
+ return EFI_UNSUPPORTED;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Set the ciphers list to be used by the TLS object.
+
+ This function sets the ciphers for use by a specified TLS object.
+
+ @param[in] Tls Pointer to a TLS object.
+ @param[in] CipherId Pointer to a UINT16 cipher Id.
+ @param[in] CipherNum The number of cipher in the list.
+
+ @retval EFI_SUCCESS The ciphers list was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Unsupported TLS cipher in the list.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCipherList (
+ IN VOID *Tls,
+ IN UINT16 *CipherId,
+ IN UINTN CipherNum
+ )
+{
+ TLS_CONNECTION *TlsConn;
+ UINTN Index;
+ CONST CHAR8 *MappingName;
+ CHAR8 CipherString[500];
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ MappingName = NULL;
+
+ memset (CipherString, 0, sizeof (CipherString));
+
+ for (Index = 0; Index < CipherNum; Index++) {
+ //
+ // Handling OpenSSL / RFC Cipher name mapping.
+ //
+ MappingName = TlsGetCipherString (*(CipherId + Index));
+ if (MappingName == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ if (Index != 0) {
+ //
+ // The ciphers were separated by a colon.
+ //
+ AsciiStrCatS (CipherString, sizeof (CipherString), ":");
+ }
+
+ AsciiStrCatS (CipherString, sizeof (CipherString), MappingName);
+ }
+
+ AsciiStrCatS (CipherString, sizeof (CipherString), ":@STRENGTH");
+
+ //
+ // Sets the ciphers for use by the Tls object.
+ //
+ if (SSL_set_cipher_list (TlsConn->Ssl, CipherString) <= 0) {
+ return EFI_UNSUPPORTED;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Set the compression method for TLS/SSL operations.
+
+ This function handles TLS/SSL integrated compression methods.
+
+ @param[in] CompMethod The compression method ID.
+
+ @retval EFI_SUCCESS The compression method for the communication was
+ set successfully.
+ @retval EFI_UNSUPPORTED Unsupported compression method.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCompressionMethod (
+ IN UINT8 CompMethod
+ )
+{
+ COMP_METHOD *Cm;
+ INTN Ret;
+
+ Cm = NULL;
+ Ret = 0;
+
+ if (CompMethod == 0) {
+ //
+ // TLS defines one standard compression method, CompressionMethod.null (0),
+ // which specifies that data exchanged via the record protocol will not be compressed.
+ // So, return EFI_SUCCESS directly (RFC 3749).
+ //
+ return EFI_SUCCESS;
+ } else if (CompMethod == 1) {
+ Cm = COMP_zlib();
+ } else {
+ return EFI_UNSUPPORTED;
+ }
+
+ //
+ // Adds the compression method to the list of available
+ // compression methods.
+ //
+ Ret = SSL_COMP_add_compression_method (CompMethod, Cm);
+ if (Ret != 0) {
+ return EFI_UNSUPPORTED;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Set peer certificate verification mode for the TLS connection.
+
+ This function sets the verification mode flags for the TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] VerifyMode A set of logically or'ed verification mode flags.
+
+**/
+VOID
+EFIAPI
+TlsSetVerify (
+ IN VOID *Tls,
+ IN UINT32 VerifyMode
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ if (TlsConn == NULL || TlsConn->Ssl == NULL) {
+ return;
+ }
+
+ //
+ // Set peer certificate verification parameters with NULL callback.
+ //
+ SSL_set_verify (TlsConn->Ssl, VerifyMode, NULL);
+}
+
+/**
+ Sets a TLS/SSL session ID to be used during TLS/SSL connect.
+
+ This function sets a session ID to be used when the TLS/SSL connection is
+ to be established.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] SessionId Session ID data used for session resumption.
+ @param[in] SessionIdLen Length of Session ID in bytes.
+
+ @retval EFI_SUCCESS Session ID was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED No available session for ID setting.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetSessionId (
+ IN VOID *Tls,
+ IN UINT8 *SessionId,
+ IN UINT16 SessionIdLen
+ )
+{
+ TLS_CONNECTION *TlsConn;
+ SSL_SESSION *Session;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ Session = NULL;
+
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Session = SSL_get_session (TlsConn->Ssl);
+ if (Session == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ SSL_SESSION_set1_id (Session, (const unsigned char *)SessionId, SessionIdLen);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Adds the CA to the cert store when requesting Server or Client authentication.
+
+ This function adds the CA certificate to the list of CAs when requesting
+ Server or Client authentication for the chosen TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a DER-encoded binary
+ X.509 certificate or PEM-encoded X.509 certificate.
+ @param[in] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
+ @retval EFI_ABORTED Invalid X.509 certificate.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCaCertificate (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ BIO *BioCert;
+ X509 *Cert;
+ X509_STORE *X509Store;
+ EFI_STATUS Status;
+ TLS_CONNECTION *TlsConn;
+ SSL_CTX *SslCtx;
+ INTN Ret;
+ UINTN ErrorCode;
+
+ BioCert = NULL;
+ Cert = NULL;
+ X509Store = NULL;
+ Status = EFI_SUCCESS;
+ TlsConn = (TLS_CONNECTION *) Tls;
+ Ret = 0;
+
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize == 0) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.
+ // Determine whether certificate is from DER encoding, if so, translate it to X509 structure.
+ //
+ Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);
+ if (Cert == NULL) {
+ //
+ // Certificate is from PEM encoding.
+ //
+ BioCert = BIO_new (BIO_s_mem ());
+ if (BioCert == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {
+ Status = EFI_ABORTED;
+ goto ON_EXIT;
+ }
+
+ Cert = PEM_read_bio_X509 (BioCert, NULL, NULL, NULL);
+ if (Cert == NULL) {
+ Status = EFI_ABORTED;
+ goto ON_EXIT;
+ }
+ }
+
+ SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);
+ X509Store = SSL_CTX_get_cert_store (SslCtx);
+ if (X509Store == NULL) {
+ Status = EFI_ABORTED;
+ goto ON_EXIT;
+ }
+
+ //
+ // Add certificate to X509 store
+ //
+ Ret = X509_STORE_add_cert (X509Store, Cert);
+ if (Ret != 1) {
+ ErrorCode = ERR_peek_last_error ();
+ //
+ // Ignore "already in table" errors
+ //
+ if (!(ERR_GET_FUNC (ErrorCode) == X509_F_X509_STORE_ADD_CERT &&
+ ERR_GET_REASON (ErrorCode) == X509_R_CERT_ALREADY_IN_HASH_TABLE)) {
+ Status = EFI_ABORTED;
+ goto ON_EXIT;
+ }
+ }
+
+ON_EXIT:
+ if (BioCert != NULL) {
+ BIO_free (BioCert);
+ }
+
+ if (Cert != NULL) {
+ X509_free (Cert);
+ }
+
+ return Status;
+}
+
+/**
+ Loads the local public certificate into the specified TLS object.
+
+ This function loads the X.509 certificate into the specified TLS object
+ for TLS negotiation.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a DER-encoded binary
+ X.509 certificate or PEM-encoded X.509 certificate.
+ @param[in] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_OUT_OF_RESOURCES Required resources could not be allocated.
+ @retval EFI_ABORTED Invalid X.509 certificate.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetHostPublicCert (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ BIO *BioCert;
+ X509 *Cert;
+ EFI_STATUS Status;
+ TLS_CONNECTION *TlsConn;
+
+ BioCert = NULL;
+ Cert = NULL;
+ Status = EFI_SUCCESS;
+ TlsConn = (TLS_CONNECTION *) Tls;
+
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize == 0) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.
+ // Determine whether certificate is from DER encoding, if so, translate it to X509 structure.
+ //
+ Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);
+ if (Cert == NULL) {
+ //
+ // Certificate is from PEM encoding.
+ //
+ BioCert = BIO_new (BIO_s_mem ());
+ if (BioCert == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {
+ Status = EFI_ABORTED;
+ goto ON_EXIT;
+ }
+
+ Cert = PEM_read_bio_X509 (BioCert, NULL, NULL, NULL);
+ if (Cert == NULL) {
+ Status = EFI_ABORTED;
+ goto ON_EXIT;
+ }
+ }
+
+ if (SSL_use_certificate (TlsConn->Ssl, Cert) != 1) {
+ Status = EFI_ABORTED;
+ goto ON_EXIT;
+ }
+
+ON_EXIT:
+ if (BioCert != NULL) {
+ BIO_free (BioCert);
+ }
+
+ if (Cert != NULL) {
+ X509_free (Cert);
+ }
+
+ return Status;
+}
+
+/**
+ Adds the local private key to the specified TLS object.
+
+ This function adds the local private key (PEM-encoded RSA or PKCS#8 private
+ key) into the specified TLS object for TLS negotiation.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
+ or PKCS#8 private key.
+ @param[in] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_ABORTED Invalid private key data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetHostPrivateKey (
+ IN VOID *Tls,
+ IN VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Adds the CA-supplied certificate revocation list for certificate validation.
+
+ This function adds the CA-supplied certificate revocation list data for
+ certificate validity checking.
+
+ @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
+ @param[in] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_ABORTED Invalid CRL data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCertRevocationList (
+ IN VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Gets the protocol version used by the specified TLS connection.
+
+ This function returns the protocol version used by the specified TLS
+ connection.
+
+ @param[in] Tls Pointer to the TLS object.
+
+ @return The protocol version of the specified TLS connection.
+
+**/
+UINT16
+EFIAPI
+TlsGetVersion (
+ IN VOID *Tls
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+
+ ASSERT (TlsConn != NULL);
+
+ return (UINT16)(SSL_version (TlsConn->Ssl));
+}
+
+/**
+ Gets the connection end of the specified TLS connection.
+
+ This function returns the connection end (as client or as server) used by
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+
+ @return The connection end used by the specified TLS connection.
+
+**/
+UINT8
+EFIAPI
+TlsGetConnectionEnd (
+ IN VOID *Tls
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+
+ ASSERT (TlsConn != NULL);
+
+ return (UINT8)SSL_is_server (TlsConn->Ssl);
+}
+
+/**
+ Gets the cipher suite used by the specified TLS connection.
+
+ This function returns current cipher suite used by the specified
+ TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] CipherId The cipher suite used by the TLS object.
+
+ @retval EFI_SUCCESS The cipher suite was returned successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Unsupported cipher suite.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCurrentCipher (
+ IN VOID *Tls,
+ IN OUT UINT16 *CipherId
+ )
+{
+ TLS_CONNECTION *TlsConn;
+ CONST SSL_CIPHER *Cipher;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ Cipher = NULL;
+
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Cipher = SSL_get_current_cipher (TlsConn->Ssl);
+ if (Cipher == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ *CipherId = (SSL_CIPHER_get_id (Cipher)) & 0xFFFF;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Gets the compression methods used by the specified TLS connection.
+
+ This function returns current integrated compression methods used by
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] CompressionId The current compression method used by
+ the TLS object.
+
+ @retval EFI_SUCCESS The compression method was returned successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_ABORTED Invalid Compression method.
+ @retval EFI_UNSUPPORTED This function is not supported.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCurrentCompressionId (
+ IN VOID *Tls,
+ IN OUT UINT8 *CompressionId
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Gets the verification mode currently set in the TLS connection.
+
+ This function returns the peer verification mode currently set in the
+ specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+
+ @return The verification mode set in the specified TLS connection.
+
+**/
+UINT32
+EFIAPI
+TlsGetVerify (
+ IN VOID *Tls
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+
+ ASSERT (TlsConn != NULL);
+
+ return SSL_get_verify_mode (TlsConn->Ssl);
+}
+
+/**
+ Gets the session ID used by the specified TLS connection.
+
+ This function returns the TLS/SSL session ID currently used by the
+ specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] SessionId Buffer to contain the returned session ID.
+ @param[in,out] SessionIdLen The length of Session ID in bytes.
+
+ @retval EFI_SUCCESS The Session ID was returned successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetSessionId (
+ IN VOID *Tls,
+ IN OUT UINT8 *SessionId,
+ IN OUT UINT16 *SessionIdLen
+ )
+{
+ TLS_CONNECTION *TlsConn;
+ SSL_SESSION *Session;
+ CONST UINT8 *SslSessionId;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ Session = NULL;
+
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL || SessionIdLen == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Session = SSL_get_session (TlsConn->Ssl);
+ if (Session == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ SslSessionId = SSL_SESSION_get_id (Session, (unsigned int *)SessionIdLen);
+ CopyMem (SessionId, SslSessionId, *SessionIdLen);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Gets the client random data used in the specified TLS connection.
+
+ This function returns the TLS/SSL client random data currently used in
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] ClientRandom Buffer to contain the returned client
+ random data (32 bytes).
+
+**/
+VOID
+EFIAPI
+TlsGetClientRandom (
+ IN VOID *Tls,
+ IN OUT UINT8 *ClientRandom
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || ClientRandom == NULL) {
+ return;
+ }
+
+ SSL_get_client_random (TlsConn->Ssl, ClientRandom, SSL3_RANDOM_SIZE);
+}
+
+/**
+ Gets the server random data used in the specified TLS connection.
+
+ This function returns the TLS/SSL server random data currently used in
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] ServerRandom Buffer to contain the returned server
+ random data (32 bytes).
+
+**/
+VOID
+EFIAPI
+TlsGetServerRandom (
+ IN VOID *Tls,
+ IN OUT UINT8 *ServerRandom
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || ServerRandom == NULL) {
+ return;
+ }
+
+ SSL_get_server_random (TlsConn->Ssl, ServerRandom, SSL3_RANDOM_SIZE);
+}
+
+/**
+ Gets the master key data used in the specified TLS connection.
+
+ This function returns the TLS/SSL master key material currently used in
+ the specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] KeyMaterial Buffer to contain the returned key material.
+
+ @retval EFI_SUCCESS Key material was returned successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetKeyMaterial (
+ IN VOID *Tls,
+ IN OUT UINT8 *KeyMaterial
+ )
+{
+ TLS_CONNECTION *TlsConn;
+ SSL_SESSION *Session;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ Session = NULL;
+
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || KeyMaterial == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Session = SSL_get_session (TlsConn->Ssl);
+
+ if (Session == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ SSL_SESSION_get_master_key (Session, KeyMaterial, SSL3_MASTER_SECRET_SIZE);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Gets the CA Certificate from the cert store.
+
+ This function returns the CA certificate for the chosen
+ TLS connection.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[out] Data Pointer to the data buffer to receive the CA
+ certificate data sent to the client.
+ @param[in,out] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCaCertificate (
+ IN VOID *Tls,
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Gets the local public Certificate set in the specified TLS object.
+
+ This function returns the local public certificate which was currently set
+ in the specified TLS object.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[out] Data Pointer to the data buffer to receive the local
+ public certificate.
+ @param[in,out] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_NOT_FOUND The certificate is not found.
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetHostPublicCert (
+ IN VOID *Tls,
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
+ )
+{
+ X509 *Cert;
+ TLS_CONNECTION *TlsConn;
+
+ Cert = NULL;
+ TlsConn = (TLS_CONNECTION *) Tls;
+
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || DataSize == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Cert = SSL_get_certificate(TlsConn->Ssl);
+ if (Cert == NULL) {
+ return EFI_NOT_FOUND;
+ }
+
+ //
+ // Only DER encoding is supported currently.
+ //
+ if (*DataSize < (UINTN) i2d_X509 (Cert, NULL)) {
+ *DataSize = (UINTN) i2d_X509 (Cert, NULL);
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ *DataSize = (UINTN) i2d_X509 (Cert, (unsigned char **) &Data);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Gets the local private key set in the specified TLS object.
+
+ This function returns the local private key data which was currently set
+ in the specified TLS object.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[out] Data Pointer to the data buffer to receive the local
+ private key data.
+ @param[in,out] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetHostPrivateKey (
+ IN VOID *Tls,
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Gets the CA-supplied certificate revocation list data set in the specified
+ TLS object.
+
+ This function returns the CA-supplied certificate revocation list data which
+ was currently set in the specified TLS object.
+
+ @param[out] Data Pointer to the data buffer to receive the CRL data.
+ @param[in,out] DataSize The size of data buffer in bytes.
+
+ @retval EFI_SUCCESS The operation succeeded.
+ @retval EFI_UNSUPPORTED This function is not supported.
+ @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCertRevocationList (
+ OUT VOID *Data,
+ IN OUT UINTN *DataSize
+ )
+{
+ return EFI_UNSUPPORTED;
+}
+
diff --git a/CryptoPkg/Library/TlsLib/TlsInit.c b/CryptoPkg/Library/TlsLib/TlsInit.c
index f32148ac9a..e2c9744a44 100644
--- a/CryptoPkg/Library/TlsLib/TlsInit.c
+++ b/CryptoPkg/Library/TlsLib/TlsInit.c
@@ -1,268 +1,269 @@
-/** @file
- SSL/TLS Initialization Library Wrapper Implementation over OpenSSL.
-
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "InternalTlsLib.h"
-
-/**
- Initializes the OpenSSL library.
-
- This function registers ciphers and digests used directly and indirectly
- by SSL/TLS, and initializes the readable error messages.
- This function must be called before any other action takes places.
-
-**/
-VOID
-EFIAPI
-TlsInitialize (
- VOID
- )
-{
- //
- // Performs initialization of crypto and ssl library, and loads required
- // algorithms.
- //
- OPENSSL_init_ssl (
- OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS,
- NULL
- );
-
- //
- // Initialize the pseudorandom number generator.
- //
- RandomSeed (NULL, 0);
-}
-
-/**
- Free an allocated SSL_CTX object.
-
- @param[in] TlsCtx Pointer to the SSL_CTX object to be released.
-
-**/
-VOID
-EFIAPI
-TlsCtxFree (
- IN VOID *TlsCtx
- )
-{
- if (TlsCtx == NULL) {
- return;
- }
-
- if (TlsCtx != NULL) {
- SSL_CTX_free ((SSL_CTX *) (TlsCtx));
- }
-}
-
-/**
- Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
- connections.
-
- @param[in] MajorVer Major Version of TLS/SSL Protocol.
- @param[in] MinorVer Minor Version of TLS/SSL Protocol.
-
- @return Pointer to an allocated SSL_CTX object.
- If the creation failed, TlsCtxNew() returns NULL.
-
-**/
-VOID *
-EFIAPI
-TlsCtxNew (
- IN UINT8 MajorVer,
- IN UINT8 MinorVer
- )
-{
- SSL_CTX *TlsCtx;
- UINT16 ProtoVersion;
-
- ProtoVersion = (MajorVer << 8) | MinorVer;
-
- TlsCtx = SSL_CTX_new (SSLv23_client_method ());
- if (TlsCtx == NULL) {
- return NULL;
- }
-
- //
- // Ensure SSLv3 is disabled
- //
- SSL_CTX_set_options (TlsCtx, SSL_OP_NO_SSLv3);
-
- //
- // Treat as minimum accepted versions by setting the minimal bound.
- // Client can use higher TLS version if server supports it
- //
- SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion);
-
- return (VOID *) TlsCtx;
-}
-
-/**
- Free an allocated TLS object.
-
- This function removes the TLS object pointed to by Tls and frees up the
- allocated memory. If Tls is NULL, nothing is done.
-
- @param[in] Tls Pointer to the TLS object to be freed.
-
-**/
-VOID
-EFIAPI
-TlsFree (
- IN VOID *Tls
- )
-{
- TLS_CONNECTION *TlsConn;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL) {
- return;
- }
-
- //
- // Free the internal TLS and BIO objects.
- //
- if (TlsConn->Ssl != NULL) {
- SSL_free (TlsConn->Ssl);
- }
-
- if (TlsConn->InBio != NULL) {
- BIO_free (TlsConn->InBio);
- }
-
- if (TlsConn->OutBio != NULL) {
- BIO_free (TlsConn->OutBio);
- }
-
- OPENSSL_free (Tls);
-}
-
-/**
- Create a new TLS object for a connection.
-
- This function creates a new TLS object for a connection. The new object
- inherits the setting of the underlying context TlsCtx: connection method,
- options, verification setting.
-
- @param[in] TlsCtx Pointer to the SSL_CTX object.
-
- @return Pointer to an allocated SSL object.
- If the creation failed, TlsNew() returns NULL.
-
-**/
-VOID *
-EFIAPI
-TlsNew (
- IN VOID *TlsCtx
- )
-{
- TLS_CONNECTION *TlsConn;
- SSL_CTX *SslCtx;
- X509_STORE *X509Store;
-
- TlsConn = NULL;
-
- //
- // Allocate one new TLS_CONNECTION object
- //
- TlsConn = (TLS_CONNECTION *) OPENSSL_malloc (sizeof (TLS_CONNECTION));
- if (TlsConn == NULL) {
- return NULL;
- }
-
- TlsConn->Ssl = NULL;
-
- //
- // Create a new SSL Object
- //
- TlsConn->Ssl = SSL_new ((SSL_CTX *) TlsCtx);
- if (TlsConn->Ssl == NULL) {
- TlsFree ((VOID *) TlsConn);
- return NULL;
- }
-
- //
- // This retains compatibility with previous version of OpenSSL.
- //
- SSL_set_security_level (TlsConn->Ssl, 0);
-
- //
- // Initialize the created SSL Object
- //
- SSL_set_info_callback (TlsConn->Ssl, NULL);
-
- TlsConn->InBio = NULL;
-
- //
- // Set up Reading BIO for TLS connection
- //
- TlsConn->InBio = BIO_new (BIO_s_mem ());
- if (TlsConn->InBio == NULL) {
- TlsFree ((VOID *) TlsConn);
- return NULL;
- }
-
- //
- // Sets the behaviour of memory BIO when it is empty. It will set the
- // read retry flag.
- //
- BIO_set_mem_eof_return (TlsConn->InBio, -1);
-
- TlsConn->OutBio = NULL;
-
- //
- // Set up Writing BIO for TLS connection
- //
- TlsConn->OutBio = BIO_new (BIO_s_mem ());
- if (TlsConn->OutBio == NULL) {
- TlsFree ((VOID *) TlsConn);
- return NULL;
- }
-
- //
- // Sets the behaviour of memory BIO when it is empty. It will set the
- // write retry flag.
- //
- BIO_set_mem_eof_return (TlsConn->OutBio, -1);
-
- ASSERT (TlsConn->Ssl != NULL && TlsConn->InBio != NULL && TlsConn->OutBio != NULL);
-
- //
- // Connects the InBio and OutBio for the read and write operations.
- //
- SSL_set_bio (TlsConn->Ssl, TlsConn->InBio, TlsConn->OutBio);
-
- //
- // Create new X509 store if needed
- //
- SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);
- X509Store = SSL_CTX_get_cert_store (SslCtx);
- if (X509Store == NULL) {
- X509Store = X509_STORE_new ();
- if (X509Store == NULL) {
- TlsFree ((VOID *) TlsConn);
- return NULL;
- }
- SSL_CTX_set1_verify_cert_store (SslCtx, X509Store);
- X509_STORE_free (X509Store);
- }
-
- //
- // Set X509_STORE flags used in certificate validation
- //
- X509_STORE_set_flags (
- X509Store,
- X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
- );
- return (VOID *) TlsConn;
-}
+/** @file
+ SSL/TLS Initialization Library Wrapper Implementation over OpenSSL.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalTlsLib.h"
+
+/**
+ Initializes the OpenSSL library.
+
+ This function registers ciphers and digests used directly and indirectly
+ by SSL/TLS, and initializes the readable error messages.
+ This function must be called before any other action takes places.
+
+**/
+VOID
+EFIAPI
+TlsInitialize (
+ VOID
+ )
+{
+ //
+ // Performs initialization of crypto and ssl library, and loads required
+ // algorithms.
+ //
+ OPENSSL_init_ssl (
+ OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS,
+ NULL
+ );
+
+ //
+ // Initialize the pseudorandom number generator.
+ //
+ RandomSeed (NULL, 0);
+}
+
+/**
+ Free an allocated SSL_CTX object.
+
+ @param[in] TlsCtx Pointer to the SSL_CTX object to be released.
+
+**/
+VOID
+EFIAPI
+TlsCtxFree (
+ IN VOID *TlsCtx
+ )
+{
+ if (TlsCtx == NULL) {
+ return;
+ }
+
+ if (TlsCtx != NULL) {
+ SSL_CTX_free ((SSL_CTX *) (TlsCtx));
+ }
+}
+
+/**
+ Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
+ connections.
+
+ @param[in] MajorVer Major Version of TLS/SSL Protocol.
+ @param[in] MinorVer Minor Version of TLS/SSL Protocol.
+
+ @return Pointer to an allocated SSL_CTX object.
+ If the creation failed, TlsCtxNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+TlsCtxNew (
+ IN UINT8 MajorVer,
+ IN UINT8 MinorVer
+ )
+{
+ SSL_CTX *TlsCtx;
+ UINT16 ProtoVersion;
+
+ ProtoVersion = (MajorVer << 8) | MinorVer;
+
+ TlsCtx = SSL_CTX_new (SSLv23_client_method ());
+ if (TlsCtx == NULL) {
+ return NULL;
+ }
+
+ //
+ // Ensure SSLv3 is disabled
+ //
+ SSL_CTX_set_options (TlsCtx, SSL_OP_NO_SSLv3);
+
+ //
+ // Treat as minimum accepted versions by setting the minimal bound.
+ // Client can use higher TLS version if server supports it
+ //
+ SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion);
+
+ return (VOID *) TlsCtx;
+}
+
+/**
+ Free an allocated TLS object.
+
+ This function removes the TLS object pointed to by Tls and frees up the
+ allocated memory. If Tls is NULL, nothing is done.
+
+ @param[in] Tls Pointer to the TLS object to be freed.
+
+**/
+VOID
+EFIAPI
+TlsFree (
+ IN VOID *Tls
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ if (TlsConn == NULL) {
+ return;
+ }
+
+ //
+ // Free the internal TLS and BIO objects.
+ //
+ if (TlsConn->Ssl != NULL) {
+ SSL_free (TlsConn->Ssl);
+ }
+
+ if (TlsConn->InBio != NULL) {
+ BIO_free (TlsConn->InBio);
+ }
+
+ if (TlsConn->OutBio != NULL) {
+ BIO_free (TlsConn->OutBio);
+ }
+
+ OPENSSL_free (Tls);
+}
+
+/**
+ Create a new TLS object for a connection.
+
+ This function creates a new TLS object for a connection. The new object
+ inherits the setting of the underlying context TlsCtx: connection method,
+ options, verification setting.
+
+ @param[in] TlsCtx Pointer to the SSL_CTX object.
+
+ @return Pointer to an allocated SSL object.
+ If the creation failed, TlsNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+TlsNew (
+ IN VOID *TlsCtx
+ )
+{
+ TLS_CONNECTION *TlsConn;
+ SSL_CTX *SslCtx;
+ X509_STORE *X509Store;
+
+ TlsConn = NULL;
+
+ //
+ // Allocate one new TLS_CONNECTION object
+ //
+ TlsConn = (TLS_CONNECTION *) OPENSSL_malloc (sizeof (TLS_CONNECTION));
+ if (TlsConn == NULL) {
+ return NULL;
+ }
+
+ TlsConn->Ssl = NULL;
+
+ //
+ // Create a new SSL Object
+ //
+ TlsConn->Ssl = SSL_new ((SSL_CTX *) TlsCtx);
+ if (TlsConn->Ssl == NULL) {
+ TlsFree ((VOID *) TlsConn);
+ return NULL;
+ }
+
+ //
+ // This retains compatibility with previous version of OpenSSL.
+ //
+ SSL_set_security_level (TlsConn->Ssl, 0);
+
+ //
+ // Initialize the created SSL Object
+ //
+ SSL_set_info_callback (TlsConn->Ssl, NULL);
+
+ TlsConn->InBio = NULL;
+
+ //
+ // Set up Reading BIO for TLS connection
+ //
+ TlsConn->InBio = BIO_new (BIO_s_mem ());
+ if (TlsConn->InBio == NULL) {
+ TlsFree ((VOID *) TlsConn);
+ return NULL;
+ }
+
+ //
+ // Sets the behaviour of memory BIO when it is empty. It will set the
+ // read retry flag.
+ //
+ BIO_set_mem_eof_return (TlsConn->InBio, -1);
+
+ TlsConn->OutBio = NULL;
+
+ //
+ // Set up Writing BIO for TLS connection
+ //
+ TlsConn->OutBio = BIO_new (BIO_s_mem ());
+ if (TlsConn->OutBio == NULL) {
+ TlsFree ((VOID *) TlsConn);
+ return NULL;
+ }
+
+ //
+ // Sets the behaviour of memory BIO when it is empty. It will set the
+ // write retry flag.
+ //
+ BIO_set_mem_eof_return (TlsConn->OutBio, -1);
+
+ ASSERT (TlsConn->Ssl != NULL && TlsConn->InBio != NULL && TlsConn->OutBio != NULL);
+
+ //
+ // Connects the InBio and OutBio for the read and write operations.
+ //
+ SSL_set_bio (TlsConn->Ssl, TlsConn->InBio, TlsConn->OutBio);
+
+ //
+ // Create new X509 store if needed
+ //
+ SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);
+ X509Store = SSL_CTX_get_cert_store (SslCtx);
+ if (X509Store == NULL) {
+ X509Store = X509_STORE_new ();
+ if (X509Store == NULL) {
+ TlsFree ((VOID *) TlsConn);
+ return NULL;
+ }
+ SSL_CTX_set1_verify_cert_store (SslCtx, X509Store);
+ X509_STORE_free (X509Store);
+ }
+
+ //
+ // Set X509_STORE flags used in certificate validation
+ //
+ X509_STORE_set_flags (
+ X509Store,
+ X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
+ );
+ return (VOID *) TlsConn;
+}
+
diff --git a/CryptoPkg/Library/TlsLib/TlsLib.inf b/CryptoPkg/Library/TlsLib/TlsLib.inf
index d4ce646591..a3f93e7165 100644
--- a/CryptoPkg/Library/TlsLib/TlsLib.inf
+++ b/CryptoPkg/Library/TlsLib/TlsLib.inf
@@ -1,56 +1,57 @@
-## @file
-# SSL/TLS Wrapper Library Instance based on OpenSSL.
-#
-# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-#
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = TlsLib
- MODULE_UNI_FILE = TlsLib.uni
- FILE_GUID = CC729DC5-4E21-0B36-1A00-3A8E1B86A155
- MODULE_TYPE = DXE_DRIVER
- VERSION_STRING = 1.0
- LIBRARY_CLASS = TlsLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
-
-#
-# The following information is for reference only and not required by the build tools.
-#
-# VALID_ARCHITECTURES = IA32 X64 IPF ARM AARCH64
-#
-
-[Sources]
- InternalTlsLib.h
- TlsInit.c
- TlsConfig.c
- TlsProcess.c
-
-[Packages]
- MdePkg/MdePkg.dec
- CryptoPkg/CryptoPkg.dec
-
-[LibraryClasses]
- BaseLib
- BaseMemoryLib
- MemoryAllocationLib
- UefiRuntimeServicesTableLib
- DebugLib
- OpensslLib
- IntrinsicLib
- PrintLib
-
-[BuildOptions]
- #
- # suppress the following warnings so we do not break the build with warnings-as-errors:
- # C4090: 'function' : different 'const' qualifiers
- #
- MSFT:*_*_*_CC_FLAGS = /wd4090
+## @file
+# SSL/TLS Wrapper Library Instance based on OpenSSL.
+#
+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TlsLib
+ MODULE_UNI_FILE = TlsLib.uni
+ FILE_GUID = CC729DC5-4E21-0B36-1A00-3A8E1B86A155
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TlsLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64 IPF ARM AARCH64
+#
+
+[Sources]
+ InternalTlsLib.h
+ TlsInit.c
+ TlsConfig.c
+ TlsProcess.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ UefiRuntimeServicesTableLib
+ DebugLib
+ OpensslLib
+ IntrinsicLib
+ PrintLib
+
+[BuildOptions]
+ #
+ # suppress the following warnings so we do not break the build with warnings-as-errors:
+ # C4090: 'function' : different 'const' qualifiers
+ #
+ MSFT:*_*_*_CC_FLAGS = /wd4090
+
diff --git a/CryptoPkg/Library/TlsLib/TlsLib.uni b/CryptoPkg/Library/TlsLib/TlsLib.uni
index 9b792872a5..e43a5df8e6 100644
--- a/CryptoPkg/Library/TlsLib/TlsLib.uni
+++ b/CryptoPkg/Library/TlsLib/TlsLib.uni
@@ -1,19 +1,19 @@
-// /** @file
-// SSL/TLS Wrapper Library Instance based on OpenSSL.
-//
-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-//
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "SSL/TLS Wrapper Library Instance"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module provides SSL/TLS Wrapper Library Instance."
\ No newline at end of file
+// /** @file
+// SSL/TLS Wrapper Library Instance based on OpenSSL.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+//
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "SSL/TLS Wrapper Library Instance"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides SSL/TLS Wrapper Library Instance."
diff --git a/CryptoPkg/Library/TlsLib/TlsProcess.c b/CryptoPkg/Library/TlsLib/TlsProcess.c
index 8532dab97a..38baac0e8b 100644
--- a/CryptoPkg/Library/TlsLib/TlsProcess.c
+++ b/CryptoPkg/Library/TlsLib/TlsProcess.c
@@ -1,462 +1,463 @@
-/** @file
- SSL/TLS Process Library Wrapper Implementation over OpenSSL.
- The process includes the TLS handshake and packet I/O.
-
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "InternalTlsLib.h"
-
-#define MAX_BUFFER_SIZE 32768
-
-/**
- Checks if the TLS handshake was done.
-
- This function will check if the specified TLS handshake was done.
-
- @param[in] Tls Pointer to the TLS object for handshake state checking.
-
- @retval TRUE The TLS handshake was done.
- @retval FALSE The TLS handshake was not done.
-
-**/
-BOOLEAN
-EFIAPI
-TlsInHandshake (
- IN VOID *Tls
- )
-{
- TLS_CONNECTION *TlsConn;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {
- return FALSE;
- }
-
- //
- // Return the status which indicates if the TLS handshake was done.
- //
- return !SSL_is_init_finished (TlsConn->Ssl);
-}
-
-/**
- Perform a TLS/SSL handshake.
-
- This function will perform a TLS/SSL handshake.
-
- @param[in] Tls Pointer to the TLS object for handshake operation.
- @param[in] BufferIn Pointer to the most recently received TLS Handshake packet.
- @param[in] BufferInSize Packet size in bytes for the most recently received TLS
- Handshake packet.
- @param[out] BufferOut Pointer to the buffer to hold the built packet.
- @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- Tls is NULL.
- BufferIn is NULL but BufferInSize is NOT 0.
- BufferInSize is 0 but BufferIn is NOT NULL.
- BufferOutSize is NULL.
- BufferOut is NULL if *BufferOutSize is not zero.
- @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
- @retval EFI_ABORTED Something wrong during handshake.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsDoHandshake (
- IN VOID *Tls,
- IN UINT8 *BufferIn, OPTIONAL
- IN UINTN BufferInSize, OPTIONAL
- OUT UINT8 *BufferOut, OPTIONAL
- IN OUT UINTN *BufferOutSize
- )
-{
- TLS_CONNECTION *TlsConn;
- UINTN PendingBufferSize;
- INTN Ret;
- UINTN ErrorCode;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- PendingBufferSize = 0;
- Ret = 1;
-
- if (TlsConn == NULL || \
- TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
- BufferOutSize == NULL || \
- (BufferIn == NULL && BufferInSize != 0) || \
- (BufferIn != NULL && BufferInSize == 0) || \
- (BufferOut == NULL && *BufferOutSize != 0)) {
- return EFI_INVALID_PARAMETER;
- }
-
- if(BufferIn == NULL && BufferInSize == 0) {
- //
- // If RequestBuffer is NULL and RequestSize is 0, and TLS session
- // status is EfiTlsSessionNotStarted, the TLS session will be initiated
- // and the response packet needs to be ClientHello.
- //
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
- if (PendingBufferSize == 0) {
- SSL_set_connect_state (TlsConn->Ssl);
- Ret = SSL_do_handshake (TlsConn->Ssl);
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
- }
- } else {
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
- if (PendingBufferSize == 0) {
- BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
- Ret = SSL_do_handshake (TlsConn->Ssl);
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
- }
- }
-
- if (Ret < 1) {
- Ret = SSL_get_error (TlsConn->Ssl, (int) Ret);
- if (Ret == SSL_ERROR_SSL ||
- Ret == SSL_ERROR_SYSCALL ||
- Ret == SSL_ERROR_ZERO_RETURN) {
- DEBUG ((
- DEBUG_ERROR,
- "%a SSL_HANDSHAKE_ERROR State=0x%x SSL_ERROR_%a\n",
- __FUNCTION__,
- SSL_get_state (TlsConn->Ssl),
- Ret == SSL_ERROR_SSL ? "SSL" : Ret == SSL_ERROR_SYSCALL ? "SYSCALL" : "ZERO_RETURN"
- ));
- DEBUG_CODE_BEGIN ();
- while (TRUE) {
- ErrorCode = ERR_get_error ();
- if (ErrorCode == 0) {
- break;
- }
- DEBUG ((
- DEBUG_ERROR,
- "%a ERROR 0x%x=L%x:F%x:R%x\n",
- __FUNCTION__,
- ErrorCode,
- ERR_GET_LIB (ErrorCode),
- ERR_GET_FUNC (ErrorCode),
- ERR_GET_REASON (ErrorCode)
- ));
- }
- DEBUG_CODE_END ();
- return EFI_ABORTED;
- }
- }
-
- if (PendingBufferSize > *BufferOutSize) {
- *BufferOutSize = PendingBufferSize;
- return EFI_BUFFER_TOO_SMALL;
- }
-
- if (PendingBufferSize > 0) {
- *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize);
- } else {
- *BufferOutSize = 0;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,
- TLS session has errors and the response packet needs to be Alert message based on error type.
-
- @param[in] Tls Pointer to the TLS object for state checking.
- @param[in] BufferIn Pointer to the most recently received TLS Alert packet.
- @param[in] BufferInSize Packet size in bytes for the most recently received TLS
- Alert packet.
- @param[out] BufferOut Pointer to the buffer to hold the built packet.
- @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- Tls is NULL.
- BufferIn is NULL but BufferInSize is NOT 0.
- BufferInSize is 0 but BufferIn is NOT NULL.
- BufferOutSize is NULL.
- BufferOut is NULL if *BufferOutSize is not zero.
- @retval EFI_ABORTED An error occurred.
- @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsHandleAlert (
- IN VOID *Tls,
- IN UINT8 *BufferIn, OPTIONAL
- IN UINTN BufferInSize, OPTIONAL
- OUT UINT8 *BufferOut, OPTIONAL
- IN OUT UINTN *BufferOutSize
- )
-{
- TLS_CONNECTION *TlsConn;
- UINTN PendingBufferSize;
- UINT8 *TempBuffer;
- INTN Ret;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- PendingBufferSize = 0;
- TempBuffer = NULL;
- Ret = 0;
-
- if (TlsConn == NULL || \
- TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
- BufferOutSize == NULL || \
- (BufferIn == NULL && BufferInSize != 0) || \
- (BufferIn != NULL && BufferInSize == 0) || \
- (BufferOut == NULL && *BufferOutSize != 0)) {
- return EFI_INVALID_PARAMETER;
- }
-
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
- if (PendingBufferSize == 0 && BufferIn != NULL && BufferInSize != 0) {
- Ret = BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
- if (Ret != (INTN) BufferInSize) {
- return EFI_ABORTED;
- }
-
- TempBuffer = (UINT8 *) OPENSSL_malloc (MAX_BUFFER_SIZE);
-
- //
- // ssl3_send_alert() will be called in ssl3_read_bytes() function.
- // TempBuffer is invalid since it's a Alert message, so just ignore it.
- //
- SSL_read (TlsConn->Ssl, TempBuffer, MAX_BUFFER_SIZE);
-
- OPENSSL_free (TempBuffer);
-
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
- }
-
- if (PendingBufferSize > *BufferOutSize) {
- *BufferOutSize = PendingBufferSize;
- return EFI_BUFFER_TOO_SMALL;
- }
-
- if (PendingBufferSize > 0) {
- *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize);
- } else {
- *BufferOutSize = 0;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Build the CloseNotify packet.
-
- @param[in] Tls Pointer to the TLS object for state checking.
- @param[in, out] Buffer Pointer to the buffer to hold the built packet.
- @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- Tls is NULL.
- BufferSize is NULL.
- Buffer is NULL if *BufferSize is not zero.
- @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCloseNotify (
- IN VOID *Tls,
- IN OUT UINT8 *Buffer,
- IN OUT UINTN *BufferSize
- )
-{
- TLS_CONNECTION *TlsConn;
- UINTN PendingBufferSize;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- PendingBufferSize = 0;
-
- if (TlsConn == NULL || \
- TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
- BufferSize == NULL || \
- (Buffer == NULL && *BufferSize != 0)) {
- return EFI_INVALID_PARAMETER;
- }
-
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
- if (PendingBufferSize == 0) {
- //
- // ssl3_send_alert() and ssl3_dispatch_alert() function will be called.
- //
- SSL_shutdown (TlsConn->Ssl);
- PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
- }
-
- if (PendingBufferSize > *BufferSize) {
- *BufferSize = PendingBufferSize;
- return EFI_BUFFER_TOO_SMALL;
- }
-
- if (PendingBufferSize > 0) {
- *BufferSize = BIO_read (TlsConn->OutBio, Buffer, (UINT32) PendingBufferSize);
- } else {
- *BufferSize = 0;
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Attempts to read bytes from one TLS object and places the data in Buffer.
-
- This function will attempt to read BufferSize bytes from the TLS object
- and places the data in Buffer.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in,out] Buffer Pointer to the buffer to store the data.
- @param[in] BufferSize The size of Buffer in bytes.
-
- @retval >0 The amount of data successfully read from the TLS object.
- @retval <=0 No data was successfully read.
-
-**/
-INTN
-EFIAPI
-TlsCtrlTrafficOut (
- IN VOID *Tls,
- IN OUT VOID *Buffer,
- IN UINTN BufferSize
- )
-{
- TLS_CONNECTION *TlsConn;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->OutBio == 0) {
- return -1;
- }
-
- //
- // Read and return the amount of data from the BIO.
- //
- return BIO_read (TlsConn->OutBio, Buffer, (UINT32) BufferSize);
-}
-
-/**
- Attempts to write data from the buffer to TLS object.
-
- This function will attempt to write BufferSize bytes data from the Buffer
- to the TLS object.
-
- @param[in] Tls Pointer to the TLS object.
- @param[in] Buffer Pointer to the data buffer.
- @param[in] BufferSize The size of Buffer in bytes.
-
- @retval >0 The amount of data successfully written to the TLS object.
- @retval <=0 No data was successfully written.
-
-**/
-INTN
-EFIAPI
-TlsCtrlTrafficIn (
- IN VOID *Tls,
- IN VOID *Buffer,
- IN UINTN BufferSize
- )
-{
- TLS_CONNECTION *TlsConn;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->InBio == 0) {
- return -1;
- }
-
- //
- // Write and return the amount of data to the BIO.
- //
- return BIO_write (TlsConn->InBio, Buffer, (UINT32) BufferSize);
-}
-/**
- Attempts to read bytes from the specified TLS connection into the buffer.
-
- This function tries to read BufferSize bytes data from the specified TLS
- connection into the Buffer.
-
- @param[in] Tls Pointer to the TLS connection for data reading.
- @param[in,out] Buffer Pointer to the data buffer.
- @param[in] BufferSize The size of Buffer in bytes.
-
- @retval >0 The read operation was successful, and return value is the
- number of bytes actually read from the TLS connection.
- @retval <=0 The read operation was not successful.
-
-**/
-INTN
-EFIAPI
-TlsRead (
- IN VOID *Tls,
- IN OUT VOID *Buffer,
- IN UINTN BufferSize
- )
-{
- TLS_CONNECTION *TlsConn;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {
- return -1;
- }
-
- //
- // Read bytes from the specified TLS connection.
- //
- return SSL_read (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
-}
-
-/**
- Attempts to write data to a TLS connection.
-
- This function tries to write BufferSize bytes data from the Buffer into the
- specified TLS connection.
-
- @param[in] Tls Pointer to the TLS connection for data writing.
- @param[in] Buffer Pointer to the data buffer.
- @param[in] BufferSize The size of Buffer in bytes.
-
- @retval >0 The write operation was successful, and return value is the
- number of bytes actually written to the TLS connection.
- @retval <=0 The write operation was not successful.
-
-**/
-INTN
-EFIAPI
-TlsWrite (
- IN VOID *Tls,
- IN VOID *Buffer,
- IN UINTN BufferSize
- )
-{
- TLS_CONNECTION *TlsConn;
-
- TlsConn = (TLS_CONNECTION *) Tls;
- if (TlsConn == NULL || TlsConn->Ssl == NULL) {
- return -1;
- }
-
- //
- // Write bytes to the specified TLS connection.
- //
- return SSL_write (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
-}
+/** @file
+ SSL/TLS Process Library Wrapper Implementation over OpenSSL.
+ The process includes the TLS handshake and packet I/O.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "InternalTlsLib.h"
+
+#define MAX_BUFFER_SIZE 32768
+
+/**
+ Checks if the TLS handshake was done.
+
+ This function will check if the specified TLS handshake was done.
+
+ @param[in] Tls Pointer to the TLS object for handshake state checking.
+
+ @retval TRUE The TLS handshake was done.
+ @retval FALSE The TLS handshake was not done.
+
+**/
+BOOLEAN
+EFIAPI
+TlsInHandshake (
+ IN VOID *Tls
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ if (TlsConn == NULL || TlsConn->Ssl == NULL) {
+ return FALSE;
+ }
+
+ //
+ // Return the status which indicates if the TLS handshake was done.
+ //
+ return !SSL_is_init_finished (TlsConn->Ssl);
+}
+
+/**
+ Perform a TLS/SSL handshake.
+
+ This function will perform a TLS/SSL handshake.
+
+ @param[in] Tls Pointer to the TLS object for handshake operation.
+ @param[in] BufferIn Pointer to the most recently received TLS Handshake packet.
+ @param[in] BufferInSize Packet size in bytes for the most recently received TLS
+ Handshake packet.
+ @param[out] BufferOut Pointer to the buffer to hold the built packet.
+ @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
+ the buffer size provided by the caller. On output, it
+ is the buffer size in fact needed to contain the
+ packet.
+
+ @retval EFI_SUCCESS The required TLS packet is built successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ Tls is NULL.
+ BufferIn is NULL but BufferInSize is NOT 0.
+ BufferInSize is 0 but BufferIn is NOT NULL.
+ BufferOutSize is NULL.
+ BufferOut is NULL if *BufferOutSize is not zero.
+ @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
+ @retval EFI_ABORTED Something wrong during handshake.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsDoHandshake (
+ IN VOID *Tls,
+ IN UINT8 *BufferIn, OPTIONAL
+ IN UINTN BufferInSize, OPTIONAL
+ OUT UINT8 *BufferOut, OPTIONAL
+ IN OUT UINTN *BufferOutSize
+ )
+{
+ TLS_CONNECTION *TlsConn;
+ UINTN PendingBufferSize;
+ INTN Ret;
+ UINTN ErrorCode;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ PendingBufferSize = 0;
+ Ret = 1;
+
+ if (TlsConn == NULL || \
+ TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
+ BufferOutSize == NULL || \
+ (BufferIn == NULL && BufferInSize != 0) || \
+ (BufferIn != NULL && BufferInSize == 0) || \
+ (BufferOut == NULL && *BufferOutSize != 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if(BufferIn == NULL && BufferInSize == 0) {
+ //
+ // If RequestBuffer is NULL and RequestSize is 0, and TLS session
+ // status is EfiTlsSessionNotStarted, the TLS session will be initiated
+ // and the response packet needs to be ClientHello.
+ //
+ PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ if (PendingBufferSize == 0) {
+ SSL_set_connect_state (TlsConn->Ssl);
+ Ret = SSL_do_handshake (TlsConn->Ssl);
+ PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ }
+ } else {
+ PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ if (PendingBufferSize == 0) {
+ BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
+ Ret = SSL_do_handshake (TlsConn->Ssl);
+ PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ }
+ }
+
+ if (Ret < 1) {
+ Ret = SSL_get_error (TlsConn->Ssl, (int) Ret);
+ if (Ret == SSL_ERROR_SSL ||
+ Ret == SSL_ERROR_SYSCALL ||
+ Ret == SSL_ERROR_ZERO_RETURN) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a SSL_HANDSHAKE_ERROR State=0x%x SSL_ERROR_%a\n",
+ __FUNCTION__,
+ SSL_get_state (TlsConn->Ssl),
+ Ret == SSL_ERROR_SSL ? "SSL" : Ret == SSL_ERROR_SYSCALL ? "SYSCALL" : "ZERO_RETURN"
+ ));
+ DEBUG_CODE_BEGIN ();
+ while (TRUE) {
+ ErrorCode = ERR_get_error ();
+ if (ErrorCode == 0) {
+ break;
+ }
+ DEBUG ((
+ DEBUG_ERROR,
+ "%a ERROR 0x%x=L%x:F%x:R%x\n",
+ __FUNCTION__,
+ ErrorCode,
+ ERR_GET_LIB (ErrorCode),
+ ERR_GET_FUNC (ErrorCode),
+ ERR_GET_REASON (ErrorCode)
+ ));
+ }
+ DEBUG_CODE_END ();
+ return EFI_ABORTED;
+ }
+ }
+
+ if (PendingBufferSize > *BufferOutSize) {
+ *BufferOutSize = PendingBufferSize;
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ if (PendingBufferSize > 0) {
+ *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize);
+ } else {
+ *BufferOutSize = 0;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,
+ TLS session has errors and the response packet needs to be Alert message based on error type.
+
+ @param[in] Tls Pointer to the TLS object for state checking.
+ @param[in] BufferIn Pointer to the most recently received TLS Alert packet.
+ @param[in] BufferInSize Packet size in bytes for the most recently received TLS
+ Alert packet.
+ @param[out] BufferOut Pointer to the buffer to hold the built packet.
+ @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
+ the buffer size provided by the caller. On output, it
+ is the buffer size in fact needed to contain the
+ packet.
+
+ @retval EFI_SUCCESS The required TLS packet is built successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ Tls is NULL.
+ BufferIn is NULL but BufferInSize is NOT 0.
+ BufferInSize is 0 but BufferIn is NOT NULL.
+ BufferOutSize is NULL.
+ BufferOut is NULL if *BufferOutSize is not zero.
+ @retval EFI_ABORTED An error occurred.
+ @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsHandleAlert (
+ IN VOID *Tls,
+ IN UINT8 *BufferIn, OPTIONAL
+ IN UINTN BufferInSize, OPTIONAL
+ OUT UINT8 *BufferOut, OPTIONAL
+ IN OUT UINTN *BufferOutSize
+ )
+{
+ TLS_CONNECTION *TlsConn;
+ UINTN PendingBufferSize;
+ UINT8 *TempBuffer;
+ INTN Ret;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ PendingBufferSize = 0;
+ TempBuffer = NULL;
+ Ret = 0;
+
+ if (TlsConn == NULL || \
+ TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
+ BufferOutSize == NULL || \
+ (BufferIn == NULL && BufferInSize != 0) || \
+ (BufferIn != NULL && BufferInSize == 0) || \
+ (BufferOut == NULL && *BufferOutSize != 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ if (PendingBufferSize == 0 && BufferIn != NULL && BufferInSize != 0) {
+ Ret = BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
+ if (Ret != (INTN) BufferInSize) {
+ return EFI_ABORTED;
+ }
+
+ TempBuffer = (UINT8 *) OPENSSL_malloc (MAX_BUFFER_SIZE);
+
+ //
+ // ssl3_send_alert() will be called in ssl3_read_bytes() function.
+ // TempBuffer is invalid since it's a Alert message, so just ignore it.
+ //
+ SSL_read (TlsConn->Ssl, TempBuffer, MAX_BUFFER_SIZE);
+
+ OPENSSL_free (TempBuffer);
+
+ PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ }
+
+ if (PendingBufferSize > *BufferOutSize) {
+ *BufferOutSize = PendingBufferSize;
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ if (PendingBufferSize > 0) {
+ *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize);
+ } else {
+ *BufferOutSize = 0;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Build the CloseNotify packet.
+
+ @param[in] Tls Pointer to the TLS object for state checking.
+ @param[in, out] Buffer Pointer to the buffer to hold the built packet.
+ @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
+ the buffer size provided by the caller. On output, it
+ is the buffer size in fact needed to contain the
+ packet.
+
+ @retval EFI_SUCCESS The required TLS packet is built successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ Tls is NULL.
+ BufferSize is NULL.
+ Buffer is NULL if *BufferSize is not zero.
+ @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsCloseNotify (
+ IN VOID *Tls,
+ IN OUT UINT8 *Buffer,
+ IN OUT UINTN *BufferSize
+ )
+{
+ TLS_CONNECTION *TlsConn;
+ UINTN PendingBufferSize;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ PendingBufferSize = 0;
+
+ if (TlsConn == NULL || \
+ TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
+ BufferSize == NULL || \
+ (Buffer == NULL && *BufferSize != 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ if (PendingBufferSize == 0) {
+ //
+ // ssl3_send_alert() and ssl3_dispatch_alert() function will be called.
+ //
+ SSL_shutdown (TlsConn->Ssl);
+ PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
+ }
+
+ if (PendingBufferSize > *BufferSize) {
+ *BufferSize = PendingBufferSize;
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ if (PendingBufferSize > 0) {
+ *BufferSize = BIO_read (TlsConn->OutBio, Buffer, (UINT32) PendingBufferSize);
+ } else {
+ *BufferSize = 0;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Attempts to read bytes from one TLS object and places the data in Buffer.
+
+ This function will attempt to read BufferSize bytes from the TLS object
+ and places the data in Buffer.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in,out] Buffer Pointer to the buffer to store the data.
+ @param[in] BufferSize The size of Buffer in bytes.
+
+ @retval >0 The amount of data successfully read from the TLS object.
+ @retval <=0 No data was successfully read.
+
+**/
+INTN
+EFIAPI
+TlsCtrlTrafficOut (
+ IN VOID *Tls,
+ IN OUT VOID *Buffer,
+ IN UINTN BufferSize
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ if (TlsConn == NULL || TlsConn->OutBio == 0) {
+ return -1;
+ }
+
+ //
+ // Read and return the amount of data from the BIO.
+ //
+ return BIO_read (TlsConn->OutBio, Buffer, (UINT32) BufferSize);
+}
+
+/**
+ Attempts to write data from the buffer to TLS object.
+
+ This function will attempt to write BufferSize bytes data from the Buffer
+ to the TLS object.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Buffer Pointer to the data buffer.
+ @param[in] BufferSize The size of Buffer in bytes.
+
+ @retval >0 The amount of data successfully written to the TLS object.
+ @retval <=0 No data was successfully written.
+
+**/
+INTN
+EFIAPI
+TlsCtrlTrafficIn (
+ IN VOID *Tls,
+ IN VOID *Buffer,
+ IN UINTN BufferSize
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ if (TlsConn == NULL || TlsConn->InBio == 0) {
+ return -1;
+ }
+
+ //
+ // Write and return the amount of data to the BIO.
+ //
+ return BIO_write (TlsConn->InBio, Buffer, (UINT32) BufferSize);
+}
+/**
+ Attempts to read bytes from the specified TLS connection into the buffer.
+
+ This function tries to read BufferSize bytes data from the specified TLS
+ connection into the Buffer.
+
+ @param[in] Tls Pointer to the TLS connection for data reading.
+ @param[in,out] Buffer Pointer to the data buffer.
+ @param[in] BufferSize The size of Buffer in bytes.
+
+ @retval >0 The read operation was successful, and return value is the
+ number of bytes actually read from the TLS connection.
+ @retval <=0 The read operation was not successful.
+
+**/
+INTN
+EFIAPI
+TlsRead (
+ IN VOID *Tls,
+ IN OUT VOID *Buffer,
+ IN UINTN BufferSize
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ if (TlsConn == NULL || TlsConn->Ssl == NULL) {
+ return -1;
+ }
+
+ //
+ // Read bytes from the specified TLS connection.
+ //
+ return SSL_read (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
+}
+
+/**
+ Attempts to write data to a TLS connection.
+
+ This function tries to write BufferSize bytes data from the Buffer into the
+ specified TLS connection.
+
+ @param[in] Tls Pointer to the TLS connection for data writing.
+ @param[in] Buffer Pointer to the data buffer.
+ @param[in] BufferSize The size of Buffer in bytes.
+
+ @retval >0 The write operation was successful, and return value is the
+ number of bytes actually written to the TLS connection.
+ @retval <=0 The write operation was not successful.
+
+**/
+INTN
+EFIAPI
+TlsWrite (
+ IN VOID *Tls,
+ IN VOID *Buffer,
+ IN UINTN BufferSize
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ if (TlsConn == NULL || TlsConn->Ssl == NULL) {
+ return -1;
+ }
+
+ //
+ // Write bytes to the specified TLS connection.
+ //
+ return SSL_write (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
+}
+
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 2/6] IntelFsp2Pkg: Convert files to CRLF line ending
2017-04-06 2:25 [PATCH 0/6] Convert files to CRLF line ending Hao Wu
2017-04-06 2:25 ` [PATCH 1/6] CryptoPkg: " Hao Wu
@ 2017-04-06 2:25 ` Hao Wu
2017-04-06 3:08 ` Yao, Jiewen
2017-04-06 2:25 ` [PATCH 3/6] IntelFsp2WrapperPkg: " Hao Wu
` (3 subsequent siblings)
5 siblings, 1 reply; 13+ messages in thread
From: Hao Wu @ 2017-04-06 2:25 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Jiewen Yao
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
IntelFsp2Pkg/Readme.md | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/IntelFsp2Pkg/Readme.md b/IntelFsp2Pkg/Readme.md
index 6e38e8ca61..719ce099e4 100644
--- a/IntelFsp2Pkg/Readme.md
+++ b/IntelFsp2Pkg/Readme.md
@@ -1,7 +1,7 @@
-# IntelFsp2Pkg
-
-This package provides the component to create an FSP binary.
-
-Source Repository: https://github.com/tianocore/edk2/tree/master/IntelFsp2Pkg
-
-A whitepaper to describe the IntelFsp2Pkg: https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Creating_the_Intel_Firmware_Support_Package_with_the_EFI_Developer_Kit_II_%28FSP2.0%29.pdf
\ No newline at end of file
+# IntelFsp2Pkg
+
+This package provides the component to create an FSP binary.
+
+Source Repository: https://github.com/tianocore/edk2/tree/master/IntelFsp2Pkg
+
+A whitepaper to describe the IntelFsp2Pkg: https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Creating_the_Intel_Firmware_Support_Package_with_the_EFI_Developer_Kit_II_%28FSP2.0%29.pdf
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 3/6] IntelFsp2WrapperPkg: Convert files to CRLF line ending
2017-04-06 2:25 [PATCH 0/6] Convert files to CRLF line ending Hao Wu
2017-04-06 2:25 ` [PATCH 1/6] CryptoPkg: " Hao Wu
2017-04-06 2:25 ` [PATCH 2/6] IntelFsp2Pkg: " Hao Wu
@ 2017-04-06 2:25 ` Hao Wu
2017-04-06 3:08 ` Yao, Jiewen
2017-04-06 2:25 ` [PATCH 4/6] SignedCapsulePkg: " Hao Wu
` (2 subsequent siblings)
5 siblings, 1 reply; 13+ messages in thread
From: Hao Wu @ 2017-04-06 2:25 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Jiewen Yao
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
IntelFsp2WrapperPkg/Readme.md | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/IntelFsp2WrapperPkg/Readme.md b/IntelFsp2WrapperPkg/Readme.md
index 0b0f81b033..dfcb4c1a2e 100644
--- a/IntelFsp2WrapperPkg/Readme.md
+++ b/IntelFsp2WrapperPkg/Readme.md
@@ -1,7 +1,7 @@
-# IntelFsp2WrapperPkg
-
-This package provides the component to use an FSP binary.
-
-Source Repository: https://github.com/tianocore/edk2/tree/master/IntelFsp2WrapperPkg
-
-A whitepaper to describe the IntelFsp2WrapperPkg: https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Using_the_Intel_Firmware_Support_Package_with_the_EFI_Developer_Kit_II_%28FSP2.0%29.pdf
\ No newline at end of file
+# IntelFsp2WrapperPkg
+
+This package provides the component to use an FSP binary.
+
+Source Repository: https://github.com/tianocore/edk2/tree/master/IntelFsp2WrapperPkg
+
+A whitepaper to describe the IntelFsp2WrapperPkg: https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Using_the_Intel_Firmware_Support_Package_with_the_EFI_Developer_Kit_II_%28FSP2.0%29.pdf
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 4/6] SignedCapsulePkg: Convert files to CRLF line ending
2017-04-06 2:25 [PATCH 0/6] Convert files to CRLF line ending Hao Wu
` (2 preceding siblings ...)
2017-04-06 2:25 ` [PATCH 3/6] IntelFsp2WrapperPkg: " Hao Wu
@ 2017-04-06 2:25 ` Hao Wu
2017-04-06 3:08 ` Yao, Jiewen
2017-04-06 2:25 ` [PATCH 5/6] MdePkg: " Hao Wu
2017-04-06 2:25 ` [PATCH 6/6] NetworkPkg: " Hao Wu
5 siblings, 1 reply; 13+ messages in thread
From: Hao Wu @ 2017-04-06 2:25 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Jiewen Yao
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
SignedCapsulePkg/Readme.md | 22 ++++++++++----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/SignedCapsulePkg/Readme.md b/SignedCapsulePkg/Readme.md
index 67c78edfb4..03358e93ee 100644
--- a/SignedCapsulePkg/Readme.md
+++ b/SignedCapsulePkg/Readme.md
@@ -1,11 +1,11 @@
-# SignedCapsulePkg
-
-This package provides a signed capsule solution in EDKII to support a secure capsule update and recovery solution.
-
-Source Repository: https://github.com/tianocore/edk2/tree/master/SignedCapsulePkg
-
-A whitepaper to describe the capsule design: https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_Capsule_Update_and_Recovery_in_EDK_II.pdf
-
-Wiki pages to provides more detail on how to enable: https://github.com/tianocore/tianocore.github.io/wiki/Capsule-Based-Firmware-Update-and-Firmware-Recovery
-
-
+# SignedCapsulePkg
+
+This package provides a signed capsule solution in EDKII to support a secure capsule update and recovery solution.
+
+Source Repository: https://github.com/tianocore/edk2/tree/master/SignedCapsulePkg
+
+A whitepaper to describe the capsule design: https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_Capsule_Update_and_Recovery_in_EDK_II.pdf
+
+Wiki pages to provides more detail on how to enable: https://github.com/tianocore/tianocore.github.io/wiki/Capsule-Based-Firmware-Update-and-Firmware-Recovery
+
+
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 5/6] MdePkg: Convert files to CRLF line ending
2017-04-06 2:25 [PATCH 0/6] Convert files to CRLF line ending Hao Wu
` (3 preceding siblings ...)
2017-04-06 2:25 ` [PATCH 4/6] SignedCapsulePkg: " Hao Wu
@ 2017-04-06 2:25 ` Hao Wu
2017-04-06 4:45 ` Gao, Liming
2017-04-06 2:25 ` [PATCH 6/6] NetworkPkg: " Hao Wu
5 siblings, 1 reply; 13+ messages in thread
From: Hao Wu @ 2017-04-06 2:25 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Michael Kinney, Liming Gao
Cc: Michael Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
MdePkg/Include/IndustryStandard/Tls1.h | 186 ++--
MdePkg/Include/Protocol/Tls.h | 921 ++++++++++----------
MdePkg/Include/Protocol/TlsConfig.h | 265 +++---
MdePkg/Library/BaseLib/SafeString.c | 39 +-
4 files changed, 707 insertions(+), 704 deletions(-)
diff --git a/MdePkg/Include/IndustryStandard/Tls1.h b/MdePkg/Include/IndustryStandard/Tls1.h
index 019ff617de..9009291ee3 100644
--- a/MdePkg/Include/IndustryStandard/Tls1.h
+++ b/MdePkg/Include/IndustryStandard/Tls1.h
@@ -1,93 +1,93 @@
-/** @file
- Transport Layer Security -- TLS 1.0/1.1/1.2 Standard definitions, from RFC 2246/4346/5246
-
- This file contains common TLS 1.0/1.1/1.2 definitions from RFC 2246/4346/5246
-
- Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-**/
-
-#ifndef __TLS_1_H__
-#define __TLS_1_H__
-
-#pragma pack(1)
-
-///
-/// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246.
-///
-#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01}
-#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02}
-#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04}
-#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05}
-#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07}
-#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09}
-#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A}
-#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C}
-#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D}
-#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F}
-#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10}
-#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12}
-#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13}
-#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15}
-#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16}
-#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F}
-#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30}
-#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31}
-#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32}
-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33}
-#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35}
-#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36}
-#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37}
-#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38}
-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39}
-#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B}
-#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C}
-#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D}
-#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E}
-#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F}
-#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40}
-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67}
-#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68}
-#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69}
-#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A}
-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B}
-
-///
-/// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
-///
-#define TLS10_PROTOCOL_VERSION_MAJOR 0x03
-#define TLS10_PROTOCOL_VERSION_MINOR 0x01
-#define TLS11_PROTOCOL_VERSION_MAJOR 0x03
-#define TLS11_PROTOCOL_VERSION_MINOR 0x02
-#define TLS12_PROTOCOL_VERSION_MAJOR 0x03
-#define TLS12_PROTOCOL_VERSION_MINOR 0x03
-
-///
-/// TLS Content Type, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
-///
-typedef enum {
- TlsContentTypeChangeCipherSpec = 20,
- TlsContentTypeAlert = 21,
- TlsContentTypeHandshake = 22,
- TlsContentTypeApplicationData = 23,
-} TLS_CONTENT_TYPE;
-
-///
-/// TLS Record Header, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
-///
-typedef struct {
- UINT8 ContentType;
- EFI_TLS_VERSION Version;
- UINT16 Length;
-} TLS_RECORD_HEADER;
-
-#pragma pack()
-
-#endif
-
+/** @file
+ Transport Layer Security -- TLS 1.0/1.1/1.2 Standard definitions, from RFC 2246/4346/5246
+
+ This file contains common TLS 1.0/1.1/1.2 definitions from RFC 2246/4346/5246
+
+ Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+**/
+
+#ifndef __TLS_1_H__
+#define __TLS_1_H__
+
+#pragma pack(1)
+
+///
+/// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246.
+///
+#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01}
+#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02}
+#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04}
+#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05}
+#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07}
+#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09}
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A}
+#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C}
+#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D}
+#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F}
+#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10}
+#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12}
+#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13}
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15}
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16}
+#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F}
+#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30}
+#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31}
+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32}
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33}
+#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35}
+#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36}
+#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37}
+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38}
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39}
+#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B}
+#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C}
+#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D}
+#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E}
+#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F}
+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40}
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67}
+#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68}
+#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69}
+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A}
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B}
+
+///
+/// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
+///
+#define TLS10_PROTOCOL_VERSION_MAJOR 0x03
+#define TLS10_PROTOCOL_VERSION_MINOR 0x01
+#define TLS11_PROTOCOL_VERSION_MAJOR 0x03
+#define TLS11_PROTOCOL_VERSION_MINOR 0x02
+#define TLS12_PROTOCOL_VERSION_MAJOR 0x03
+#define TLS12_PROTOCOL_VERSION_MINOR 0x03
+
+///
+/// TLS Content Type, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
+///
+typedef enum {
+ TlsContentTypeChangeCipherSpec = 20,
+ TlsContentTypeAlert = 21,
+ TlsContentTypeHandshake = 22,
+ TlsContentTypeApplicationData = 23,
+} TLS_CONTENT_TYPE;
+
+///
+/// TLS Record Header, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
+///
+typedef struct {
+ UINT8 ContentType;
+ EFI_TLS_VERSION Version;
+ UINT16 Length;
+} TLS_RECORD_HEADER;
+
+#pragma pack()
+
+#endif
+
diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.h
index f3cfccc953..2119f33c0f 100644
--- a/MdePkg/Include/Protocol/Tls.h
+++ b/MdePkg/Include/Protocol/Tls.h
@@ -1,460 +1,461 @@
-/** @file
- EFI TLS Protocols as defined in UEFI 2.5.
-
- The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers
- to create and destroy child of the driver to communicate with other host using
- TLS protocol.
- The EFI TLS Protocol provides the ability to manage TLS session.
-
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
- @par Revision Reference:
- This Protocol is introduced in UEFI Specification 2.5
-
-**/
-
-#ifndef __EFI_TLS_PROTOCOL_H__
-#define __EFI_TLS_PROTOCOL_H__
-
-///
-/// The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers to
-/// create and destroy child of the driver to communicate with other host using TLS
-/// protocol.
-///
-#define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \
- { \
- 0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab, 0x8d } \
- }
-
-///
-/// The EFI TLS protocol provides the ability to manage TLS session.
-///
-#define EFI_TLS_PROTOCOL_GUID \
- { \
- 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51, 0x43, 0x90 } \
- }
-
-typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL;
-
-///
-/// EFI_TLS_SESSION_DATA_TYPE
-///
-typedef enum {
- ///
- /// Session Configuration
- ///
-
- ///
- /// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION.
- ///
- EfiTlsVersion,
- ///
- /// TLS session as client or as server. The corresponding Data is of
- /// EFI_TLS_CONNECTION_END.
- ///
- EfiTlsConnectionEnd,
- ///
- /// A priority list of preferred algorithms for the TLS session.
- /// The corresponding Data is a list of EFI_TLS_CIPHER.
- ///
- EfiTlsCipherList,
- ///
- /// TLS session compression method.
- /// The corresponding Data is of type EFI_TLS_COMPRESSION.
- ///
- EfiTlsCompressionMethod,
- ///
- /// TLS session extension data.
- /// The corresponding Data is a list of type EFI_TLS_EXTENSION .
- ///
- EfiTlsExtensionData,
- ///
- /// TLS session verify method.
- /// The corresponding Data is of type EFI_TLS_VERIFY.
- ///
- EfiTlsVerifyMethod,
- ///
- /// TLS session data session ID.
- /// For SetSessionData(), it is TLS session ID used for session resumption.
- /// For GetSessionData(), it is the TLS session ID used for current session.
- /// The corresponding Data is of type EFI_TLS_SESSION_ID.
- ///
- EfiTlsSessionID,
- ///
- /// TLS session data session state.
- /// The corresponding Data is of type EFI_TLS_SESSION_STATE.
- ///
- EfiTlsSessionState,
-
- ///
- /// Session information
- ///
-
- ///
- /// TLS session data client random.
- /// The corresponding Data is of type EFI_TLS_RANDOM.
- ///
- EfiTlsClientRandom,
- ///
- /// TLS session data server random.
- /// The corresponding Data is of type EFI_TLS_RANDOM.
- ///
- EfiTlsServerRandom,
- ///
- /// TLS session data key material.
- /// The corresponding Data is of type EFI_TLS_MASTER_SECRET.
- ///
- EfiTlsKeyMaterial,
-
- EfiTlsSessionDataTypeMaximum
-
-} EFI_TLS_SESSION_DATA_TYPE;
-
-///
-/// EFI_TLS_VERSION
-/// Note: The TLS version definition is from SSL3.0 to the latest TLS (e.g. 1.2).
-/// SSL2.0 is obsolete and should not be used.
-///
-typedef struct {
- UINT8 Major;
- UINT8 Minor;
-} EFI_TLS_VERSION;
-
-///
-/// EFI_TLS_CONNECTION_END to define TLS session as client or server.
-///
-typedef enum {
- EfiTlsClient,
- EfiTlsServer,
-} EFI_TLS_CONNECTION_END;
-
-///
-/// EFI_TLS_CIPHER
-/// Note: The definition of EFI_TLS_CIPHER definition is from "RFC 5246, A.4.1.
-/// Hello Messages". The value of EFI_TLS_CIPHER is from TLS Cipher
-/// Suite Registry of IANA.
-///
-typedef struct {
- UINT8 Data1;
- UINT8 Data2;
-} EFI_TLS_CIPHER;
-
-///
-/// EFI_TLS_COMPRESSION
-/// Note: The value of EFI_TLS_COMPRESSION definition is from "RFC 3749".
-///
-typedef UINT8 EFI_TLS_COMPRESSION;
-
-///
-/// EFI_TLS_EXTENSION
-/// Note: The definition of EFI_TLS_EXTENSION if from "RFC 5246 A.4.1.
-/// Hello Messages".
-///
-typedef struct {
- UINT16 ExtensionType;
- UINT16 Length;
- UINT8 Data[1];
-} EFI_TLS_EXTENSION;
-
-///
-/// EFI_TLS_VERIFY
-/// Use either EFI_TLS_VERIFY_NONE or EFI_TLS_VERIFY_PEER, the last two options
-/// are 'ORed' with EFI_TLS_VERIFY_PEER if they are desired.
-///
-typedef UINT32 EFI_TLS_VERIFY;
-///
-/// No certificates will be sent or the TLS/SSL handshake will be continued regardless
-/// of the certificate verification result.
-///
-#define EFI_TLS_VERIFY_NONE 0x0
-///
-/// The TLS/SSL handshake is immediately terminated with an alert message containing
-/// the reason for the certificate verification failure.
-///
-#define EFI_TLS_VERIFY_PEER 0x1
-///
-/// TLS session will fail peer certificate is absent.
-///
-#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2
-///
-/// TLS session only verify client once, and doesn't request certificate during
-/// re-negotiation.
-///
-#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4
-
-///
-/// EFI_TLS_RANDOM
-/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1.
-/// Hello Messages".
-///
-typedef struct {
- UINT32 GmtUnixTime;
- UINT8 RandomBytes[28];
-} EFI_TLS_RANDOM;
-
-///
-/// EFI_TLS_MASTER_SECRET
-/// Note: The definition of EFI_TLS_MASTER_SECRET is from "RFC 5246 8.1.
-/// Computing the Master Secret".
-///
-typedef struct {
- UINT8 Data[48];
-} EFI_TLS_MASTER_SECRET;
-
-///
-/// EFI_TLS_SESSION_ID
-/// Note: The definition of EFI_TLS_SESSION_ID is from "RFC 5246 A.4.1. Hello Messages".
-///
-#define MAX_TLS_SESSION_ID_LENGTH 32
-typedef struct {
- UINT16 Length;
- UINT8 Data[MAX_TLS_SESSION_ID_LENGTH];
-} EFI_TLS_SESSION_ID;
-
-///
-/// EFI_TLS_SESSION_STATE
-///
-typedef enum {
- ///
- /// When a new child of TLS protocol is created, the initial state of TLS session
- /// is EfiTlsSessionNotStarted.
- ///
- EfiTlsSessionNotStarted,
- ///
- /// The consumer can call BuildResponsePacket() with NULL to get ClientHello to
- /// start the TLS session. Then the status is EfiTlsSessionHandShaking.
- ///
- EfiTlsSessionHandShaking,
- ///
- /// During handshake, the consumer need call BuildResponsePacket() with input
- /// data from peer, then get response packet and send to peer. After handshake
- /// finish, the TLS session status becomes EfiTlsSessionDataTransferring, and
- /// consumer can use ProcessPacket() for data transferring.
- ///
- EfiTlsSessionDataTransferring,
- ///
- /// Finally, if consumer wants to active close TLS session, consumer need
- /// call SetSessionData to set TLS session state to EfiTlsSessionClosing, and
- /// call BuildResponsePacket() with NULL to get CloseNotify alert message,
- /// and sent it out.
- ///
- EfiTlsSessionClosing,
- ///
- /// If any error happen during parsing ApplicationData content type, EFI_ABORT
- /// will be returned by ProcessPacket(), and TLS session state will become
- /// EfiTlsSessionError. Then consumer need call BuildResponsePacket() with
- /// NULL to get alert message and sent it out.
- ///
- EfiTlsSessionError,
-
- EfiTlsSessionStateMaximum
-
-} EFI_TLS_SESSION_STATE;
-
-///
-/// EFI_TLS_FRAGMENT_DATA
-///
-typedef struct {
- ///
- /// Length of data buffer in the fragment.
- ///
- UINT32 FragmentLength;
- ///
- /// Pointer to the data buffer in the fragment.
- ///
- VOID *FragmentBuffer;
-} EFI_TLS_FRAGMENT_DATA;
-
-///
-/// EFI_TLS_CRYPT_MODE
-///
-typedef enum {
- ///
- /// Encrypt data provided in the fragment buffers.
- ///
- EfiTlsEncrypt,
- ///
- /// Decrypt data provided in the fragment buffers.
- ///
- EfiTlsDecrypt,
-} EFI_TLS_CRYPT_MODE;
-
-/**
- Set TLS session data.
-
- The SetSessionData() function set data for a new TLS session. All session data should
- be set before BuildResponsePacket() invoked.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] DataType TLS session data type.
- @param[in] Data Pointer to session data.
- @param[in] DataSize Total size of session data.
-
- @retval EFI_SUCCESS The TLS session data is set successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- Data is NULL.
- DataSize is 0.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_ACCESS_DENIED If the DataType is one of below:
- EfiTlsClientRandom
- EfiTlsServerRandom
- EfiTlsKeyMaterial
- @retval EFI_NOT_READY Current TLS session state is NOT
- EfiTlsSessionStateNotStarted.
- @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_TLS_SET_SESSION_DATA) (
- IN EFI_TLS_PROTOCOL *This,
- IN EFI_TLS_SESSION_DATA_TYPE DataType,
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Get TLS session data.
-
- The GetSessionData() function return the TLS session information.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] DataType TLS session data type.
- @param[in, out] Data Pointer to session data.
- @param[in, out] DataSize Total size of session data. On input, it means
- the size of Data buffer. On output, it means the size
- of copied Data buffer if EFI_SUCCESS, and means the
- size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
-
- @retval EFI_SUCCESS The TLS session data is got successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- DataSize is NULL.
- Data is NULL if *DataSize is not zero.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_NOT_FOUND The TLS session data is not found.
- @retval EFI_NOT_READY The DataType is not ready in current session state.
- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_TLS_GET_SESSION_DATA) (
- IN EFI_TLS_PROTOCOL *This,
- IN EFI_TLS_SESSION_DATA_TYPE DataType,
- IN OUT VOID *Data, OPTIONAL
- IN OUT UINTN *DataSize
- );
-
-/**
- Build response packet according to TLS state machine. This function is only valid for
- alert, handshake and change_cipher_spec content type.
-
- The BuildResponsePacket() function builds TLS response packet in response to the TLS
- request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and
- RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session
- will be initiated and the response packet needs to be ClientHello. If RequestBuffer is
- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS
- session will be closed and response packet needs to be CloseNotify. If RequestBuffer is
- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS
- session has errors and the response packet needs to be Alert message based on error
- type.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL
- means TLS need initiate the TLS session and response
- packet need to be ClientHello.
- @param[in] RequestSize Packet size in bytes for the most recently received TLS
- packet. 0 is only valid when RequestBuffer is NULL.
- @param[out] Buffer Pointer to the buffer to hold the built packet.
- @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- RequestBuffer is NULL but RequestSize is NOT 0.
- RequestSize is 0 but RequestBuffer is NOT NULL.
- BufferSize is NULL.
- Buffer is NULL if *BufferSize is not zero.
- @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
- @retval EFI_NOT_READY Current TLS session state is NOT ready to build
- ResponsePacket.
- @retval EFI_ABORTED Something wrong build response packet.
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_TLS_BUILD_RESPONSE_PACKET) (
- IN EFI_TLS_PROTOCOL *This,
- IN UINT8 *RequestBuffer, OPTIONAL
- IN UINTN RequestSize, OPTIONAL
- OUT UINT8 *Buffer, OPTIONAL
- IN OUT UINTN *BufferSize
- );
-
-/**
- Decrypt or encrypt TLS packet during session. This function is only valid after
- session connected and for application_data content type.
-
- The ProcessPacket () function process each inbound or outbound TLS APP packet.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take
- responsible to handle the original FragmentTable while
- it may be reallocated in TLS driver. If CryptMode is
- EfiTlsEncrypt, on input these fragments contain the TLS
- header and plain text TLS APP payload; on output these
- fragments contain the TLS header and cipher text TLS
- APP payload. If CryptMode is EfiTlsDecrypt, on input
- these fragments contain the TLS header and cipher text
- TLS APP payload; on output these fragments contain the
- TLS header and plain text TLS APP payload.
- @param[in] FragmentCount Number of fragment.
- @param[in] CryptMode Crypt mode.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- FragmentTable is NULL.
- FragmentCount is NULL.
- CryptoMode is invalid.
- @retval EFI_NOT_READY Current TLS session state is NOT
- EfiTlsSessionDataTransferring.
- @retval EFI_ABORTED Something wrong decryption the message. TLS session
- status will become EfiTlsSessionError. The caller need
- call BuildResponsePacket() to generate Error Alert
- message and send it out.
- @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_TLS_PROCESS_PACKET) (
- IN EFI_TLS_PROTOCOL *This,
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount,
- IN EFI_TLS_CRYPT_MODE CryptMode
- );
-
-///
-/// The EFI_TLS_PROTOCOL is used to create, destroy and manage TLS session.
-/// For detail of TLS, please refer to TLS related RFC.
-///
-struct _EFI_TLS_PROTOCOL {
- EFI_TLS_SET_SESSION_DATA SetSessionData;
- EFI_TLS_GET_SESSION_DATA GetSessionData;
- EFI_TLS_BUILD_RESPONSE_PACKET BuildResponsePacket;
- EFI_TLS_PROCESS_PACKET ProcessPacket;
-};
-
-extern EFI_GUID gEfiTlsServiceBindingProtocolGuid;
-extern EFI_GUID gEfiTlsProtocolGuid;
-
-#endif // __EFI_TLS_PROTOCOL_H__
+/** @file
+ EFI TLS Protocols as defined in UEFI 2.5.
+
+ The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers
+ to create and destroy child of the driver to communicate with other host using
+ TLS protocol.
+ The EFI TLS Protocol provides the ability to manage TLS session.
+
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+ @par Revision Reference:
+ This Protocol is introduced in UEFI Specification 2.5
+
+**/
+
+#ifndef __EFI_TLS_PROTOCOL_H__
+#define __EFI_TLS_PROTOCOL_H__
+
+///
+/// The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers to
+/// create and destroy child of the driver to communicate with other host using TLS
+/// protocol.
+///
+#define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \
+ { \
+ 0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab, 0x8d } \
+ }
+
+///
+/// The EFI TLS protocol provides the ability to manage TLS session.
+///
+#define EFI_TLS_PROTOCOL_GUID \
+ { \
+ 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51, 0x43, 0x90 } \
+ }
+
+typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL;
+
+///
+/// EFI_TLS_SESSION_DATA_TYPE
+///
+typedef enum {
+ ///
+ /// Session Configuration
+ ///
+
+ ///
+ /// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION.
+ ///
+ EfiTlsVersion,
+ ///
+ /// TLS session as client or as server. The corresponding Data is of
+ /// EFI_TLS_CONNECTION_END.
+ ///
+ EfiTlsConnectionEnd,
+ ///
+ /// A priority list of preferred algorithms for the TLS session.
+ /// The corresponding Data is a list of EFI_TLS_CIPHER.
+ ///
+ EfiTlsCipherList,
+ ///
+ /// TLS session compression method.
+ /// The corresponding Data is of type EFI_TLS_COMPRESSION.
+ ///
+ EfiTlsCompressionMethod,
+ ///
+ /// TLS session extension data.
+ /// The corresponding Data is a list of type EFI_TLS_EXTENSION .
+ ///
+ EfiTlsExtensionData,
+ ///
+ /// TLS session verify method.
+ /// The corresponding Data is of type EFI_TLS_VERIFY.
+ ///
+ EfiTlsVerifyMethod,
+ ///
+ /// TLS session data session ID.
+ /// For SetSessionData(), it is TLS session ID used for session resumption.
+ /// For GetSessionData(), it is the TLS session ID used for current session.
+ /// The corresponding Data is of type EFI_TLS_SESSION_ID.
+ ///
+ EfiTlsSessionID,
+ ///
+ /// TLS session data session state.
+ /// The corresponding Data is of type EFI_TLS_SESSION_STATE.
+ ///
+ EfiTlsSessionState,
+
+ ///
+ /// Session information
+ ///
+
+ ///
+ /// TLS session data client random.
+ /// The corresponding Data is of type EFI_TLS_RANDOM.
+ ///
+ EfiTlsClientRandom,
+ ///
+ /// TLS session data server random.
+ /// The corresponding Data is of type EFI_TLS_RANDOM.
+ ///
+ EfiTlsServerRandom,
+ ///
+ /// TLS session data key material.
+ /// The corresponding Data is of type EFI_TLS_MASTER_SECRET.
+ ///
+ EfiTlsKeyMaterial,
+
+ EfiTlsSessionDataTypeMaximum
+
+} EFI_TLS_SESSION_DATA_TYPE;
+
+///
+/// EFI_TLS_VERSION
+/// Note: The TLS version definition is from SSL3.0 to the latest TLS (e.g. 1.2).
+/// SSL2.0 is obsolete and should not be used.
+///
+typedef struct {
+ UINT8 Major;
+ UINT8 Minor;
+} EFI_TLS_VERSION;
+
+///
+/// EFI_TLS_CONNECTION_END to define TLS session as client or server.
+///
+typedef enum {
+ EfiTlsClient,
+ EfiTlsServer,
+} EFI_TLS_CONNECTION_END;
+
+///
+/// EFI_TLS_CIPHER
+/// Note: The definition of EFI_TLS_CIPHER definition is from "RFC 5246, A.4.1.
+/// Hello Messages". The value of EFI_TLS_CIPHER is from TLS Cipher
+/// Suite Registry of IANA.
+///
+typedef struct {
+ UINT8 Data1;
+ UINT8 Data2;
+} EFI_TLS_CIPHER;
+
+///
+/// EFI_TLS_COMPRESSION
+/// Note: The value of EFI_TLS_COMPRESSION definition is from "RFC 3749".
+///
+typedef UINT8 EFI_TLS_COMPRESSION;
+
+///
+/// EFI_TLS_EXTENSION
+/// Note: The definition of EFI_TLS_EXTENSION if from "RFC 5246 A.4.1.
+/// Hello Messages".
+///
+typedef struct {
+ UINT16 ExtensionType;
+ UINT16 Length;
+ UINT8 Data[1];
+} EFI_TLS_EXTENSION;
+
+///
+/// EFI_TLS_VERIFY
+/// Use either EFI_TLS_VERIFY_NONE or EFI_TLS_VERIFY_PEER, the last two options
+/// are 'ORed' with EFI_TLS_VERIFY_PEER if they are desired.
+///
+typedef UINT32 EFI_TLS_VERIFY;
+///
+/// No certificates will be sent or the TLS/SSL handshake will be continued regardless
+/// of the certificate verification result.
+///
+#define EFI_TLS_VERIFY_NONE 0x0
+///
+/// The TLS/SSL handshake is immediately terminated with an alert message containing
+/// the reason for the certificate verification failure.
+///
+#define EFI_TLS_VERIFY_PEER 0x1
+///
+/// TLS session will fail peer certificate is absent.
+///
+#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2
+///
+/// TLS session only verify client once, and doesn't request certificate during
+/// re-negotiation.
+///
+#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4
+
+///
+/// EFI_TLS_RANDOM
+/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1.
+/// Hello Messages".
+///
+typedef struct {
+ UINT32 GmtUnixTime;
+ UINT8 RandomBytes[28];
+} EFI_TLS_RANDOM;
+
+///
+/// EFI_TLS_MASTER_SECRET
+/// Note: The definition of EFI_TLS_MASTER_SECRET is from "RFC 5246 8.1.
+/// Computing the Master Secret".
+///
+typedef struct {
+ UINT8 Data[48];
+} EFI_TLS_MASTER_SECRET;
+
+///
+/// EFI_TLS_SESSION_ID
+/// Note: The definition of EFI_TLS_SESSION_ID is from "RFC 5246 A.4.1. Hello Messages".
+///
+#define MAX_TLS_SESSION_ID_LENGTH 32
+typedef struct {
+ UINT16 Length;
+ UINT8 Data[MAX_TLS_SESSION_ID_LENGTH];
+} EFI_TLS_SESSION_ID;
+
+///
+/// EFI_TLS_SESSION_STATE
+///
+typedef enum {
+ ///
+ /// When a new child of TLS protocol is created, the initial state of TLS session
+ /// is EfiTlsSessionNotStarted.
+ ///
+ EfiTlsSessionNotStarted,
+ ///
+ /// The consumer can call BuildResponsePacket() with NULL to get ClientHello to
+ /// start the TLS session. Then the status is EfiTlsSessionHandShaking.
+ ///
+ EfiTlsSessionHandShaking,
+ ///
+ /// During handshake, the consumer need call BuildResponsePacket() with input
+ /// data from peer, then get response packet and send to peer. After handshake
+ /// finish, the TLS session status becomes EfiTlsSessionDataTransferring, and
+ /// consumer can use ProcessPacket() for data transferring.
+ ///
+ EfiTlsSessionDataTransferring,
+ ///
+ /// Finally, if consumer wants to active close TLS session, consumer need
+ /// call SetSessionData to set TLS session state to EfiTlsSessionClosing, and
+ /// call BuildResponsePacket() with NULL to get CloseNotify alert message,
+ /// and sent it out.
+ ///
+ EfiTlsSessionClosing,
+ ///
+ /// If any error happen during parsing ApplicationData content type, EFI_ABORT
+ /// will be returned by ProcessPacket(), and TLS session state will become
+ /// EfiTlsSessionError. Then consumer need call BuildResponsePacket() with
+ /// NULL to get alert message and sent it out.
+ ///
+ EfiTlsSessionError,
+
+ EfiTlsSessionStateMaximum
+
+} EFI_TLS_SESSION_STATE;
+
+///
+/// EFI_TLS_FRAGMENT_DATA
+///
+typedef struct {
+ ///
+ /// Length of data buffer in the fragment.
+ ///
+ UINT32 FragmentLength;
+ ///
+ /// Pointer to the data buffer in the fragment.
+ ///
+ VOID *FragmentBuffer;
+} EFI_TLS_FRAGMENT_DATA;
+
+///
+/// EFI_TLS_CRYPT_MODE
+///
+typedef enum {
+ ///
+ /// Encrypt data provided in the fragment buffers.
+ ///
+ EfiTlsEncrypt,
+ ///
+ /// Decrypt data provided in the fragment buffers.
+ ///
+ EfiTlsDecrypt,
+} EFI_TLS_CRYPT_MODE;
+
+/**
+ Set TLS session data.
+
+ The SetSessionData() function set data for a new TLS session. All session data should
+ be set before BuildResponsePacket() invoked.
+
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[in] DataType TLS session data type.
+ @param[in] Data Pointer to session data.
+ @param[in] DataSize Total size of session data.
+
+ @retval EFI_SUCCESS The TLS session data is set successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ Data is NULL.
+ DataSize is 0.
+ @retval EFI_UNSUPPORTED The DataType is unsupported.
+ @retval EFI_ACCESS_DENIED If the DataType is one of below:
+ EfiTlsClientRandom
+ EfiTlsServerRandom
+ EfiTlsKeyMaterial
+ @retval EFI_NOT_READY Current TLS session state is NOT
+ EfiTlsSessionStateNotStarted.
+ @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TLS_SET_SESSION_DATA) (
+ IN EFI_TLS_PROTOCOL *This,
+ IN EFI_TLS_SESSION_DATA_TYPE DataType,
+ IN VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Get TLS session data.
+
+ The GetSessionData() function return the TLS session information.
+
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[in] DataType TLS session data type.
+ @param[in, out] Data Pointer to session data.
+ @param[in, out] DataSize Total size of session data. On input, it means
+ the size of Data buffer. On output, it means the size
+ of copied Data buffer if EFI_SUCCESS, and means the
+ size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
+
+ @retval EFI_SUCCESS The TLS session data is got successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ DataSize is NULL.
+ Data is NULL if *DataSize is not zero.
+ @retval EFI_UNSUPPORTED The DataType is unsupported.
+ @retval EFI_NOT_FOUND The TLS session data is not found.
+ @retval EFI_NOT_READY The DataType is not ready in current session state.
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TLS_GET_SESSION_DATA) (
+ IN EFI_TLS_PROTOCOL *This,
+ IN EFI_TLS_SESSION_DATA_TYPE DataType,
+ IN OUT VOID *Data, OPTIONAL
+ IN OUT UINTN *DataSize
+ );
+
+/**
+ Build response packet according to TLS state machine. This function is only valid for
+ alert, handshake and change_cipher_spec content type.
+
+ The BuildResponsePacket() function builds TLS response packet in response to the TLS
+ request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and
+ RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session
+ will be initiated and the response packet needs to be ClientHello. If RequestBuffer is
+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS
+ session will be closed and response packet needs to be CloseNotify. If RequestBuffer is
+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS
+ session has errors and the response packet needs to be Alert message based on error
+ type.
+
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL
+ means TLS need initiate the TLS session and response
+ packet need to be ClientHello.
+ @param[in] RequestSize Packet size in bytes for the most recently received TLS
+ packet. 0 is only valid when RequestBuffer is NULL.
+ @param[out] Buffer Pointer to the buffer to hold the built packet.
+ @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
+ the buffer size provided by the caller. On output, it
+ is the buffer size in fact needed to contain the
+ packet.
+
+ @retval EFI_SUCCESS The required TLS packet is built successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ RequestBuffer is NULL but RequestSize is NOT 0.
+ RequestSize is 0 but RequestBuffer is NOT NULL.
+ BufferSize is NULL.
+ Buffer is NULL if *BufferSize is not zero.
+ @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
+ @retval EFI_NOT_READY Current TLS session state is NOT ready to build
+ ResponsePacket.
+ @retval EFI_ABORTED Something wrong build response packet.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TLS_BUILD_RESPONSE_PACKET) (
+ IN EFI_TLS_PROTOCOL *This,
+ IN UINT8 *RequestBuffer, OPTIONAL
+ IN UINTN RequestSize, OPTIONAL
+ OUT UINT8 *Buffer, OPTIONAL
+ IN OUT UINTN *BufferSize
+ );
+
+/**
+ Decrypt or encrypt TLS packet during session. This function is only valid after
+ session connected and for application_data content type.
+
+ The ProcessPacket () function process each inbound or outbound TLS APP packet.
+
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take
+ responsible to handle the original FragmentTable while
+ it may be reallocated in TLS driver. If CryptMode is
+ EfiTlsEncrypt, on input these fragments contain the TLS
+ header and plain text TLS APP payload; on output these
+ fragments contain the TLS header and cipher text TLS
+ APP payload. If CryptMode is EfiTlsDecrypt, on input
+ these fragments contain the TLS header and cipher text
+ TLS APP payload; on output these fragments contain the
+ TLS header and plain text TLS APP payload.
+ @param[in] FragmentCount Number of fragment.
+ @param[in] CryptMode Crypt mode.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ FragmentTable is NULL.
+ FragmentCount is NULL.
+ CryptoMode is invalid.
+ @retval EFI_NOT_READY Current TLS session state is NOT
+ EfiTlsSessionDataTransferring.
+ @retval EFI_ABORTED Something wrong decryption the message. TLS session
+ status will become EfiTlsSessionError. The caller need
+ call BuildResponsePacket() to generate Error Alert
+ message and send it out.
+ @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TLS_PROCESS_PACKET) (
+ IN EFI_TLS_PROTOCOL *This,
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
+ IN UINT32 *FragmentCount,
+ IN EFI_TLS_CRYPT_MODE CryptMode
+ );
+
+///
+/// The EFI_TLS_PROTOCOL is used to create, destroy and manage TLS session.
+/// For detail of TLS, please refer to TLS related RFC.
+///
+struct _EFI_TLS_PROTOCOL {
+ EFI_TLS_SET_SESSION_DATA SetSessionData;
+ EFI_TLS_GET_SESSION_DATA GetSessionData;
+ EFI_TLS_BUILD_RESPONSE_PACKET BuildResponsePacket;
+ EFI_TLS_PROCESS_PACKET ProcessPacket;
+};
+
+extern EFI_GUID gEfiTlsServiceBindingProtocolGuid;
+extern EFI_GUID gEfiTlsProtocolGuid;
+
+#endif // __EFI_TLS_PROTOCOL_H__
+
diff --git a/MdePkg/Include/Protocol/TlsConfig.h b/MdePkg/Include/Protocol/TlsConfig.h
index 012f4ce75e..3e5916cb9d 100644
--- a/MdePkg/Include/Protocol/TlsConfig.h
+++ b/MdePkg/Include/Protocol/TlsConfig.h
@@ -1,132 +1,133 @@
-/** @file
- EFI TLS Configuration Protocol as defined in UEFI 2.5.
- The EFI TLS Configuration Protocol provides a way to set and get TLS configuration.
-
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
- @par Revision Reference:
- This Protocol is introduced in UEFI Specification 2.5
-
-**/
-#ifndef __EFI_TLS_CONFIGURATION_PROTOCOL_H__
-#define __EFI_TLS_CONFIGURATION_PROTOCOL_H__
-
-///
-/// The EFI Configuration protocol provides a way to set and get TLS configuration.
-///
-#define EFI_TLS_CONFIGURATION_PROTOCOL_GUID \
- { \
- 0x1682fe44, 0xbd7a, 0x4407, { 0xb7, 0xc7, 0xdc, 0xa3, 0x7c, 0xa3, 0x92, 0x2d } \
- }
-
-typedef struct _EFI_TLS_CONFIGURATION_PROTOCOL EFI_TLS_CONFIGURATION_PROTOCOL;
-
-///
-/// EFI_TLS_CONFIG_DATA_TYPE
-///
-typedef enum {
- ///
- /// Local host configuration data: public certificate data.
- /// This data should be DER-encoded binary X.509 certificate
- /// or PEM-encoded X.509 certificate.
- ///
- EfiTlsConfigDataTypeHostPublicCert,
- ///
- /// Local host configuration data: private key data.
- ///
- EfiTlsConfigDataTypeHostPrivateKey,
- ///
- /// CA certificate to verify peer. This data should be PEM-encoded
- /// RSA or PKCS#8 private key.
- ///
- EfiTlsConfigDataTypeCACertificate,
- ///
- /// CA-supplied Certificate Revocation List data. This data should
- /// be DER-encoded CRL data.
- ///
- EfiTlsConfigDataTypeCertRevocationList,
-
- EfiTlsConfigDataTypeMaximum
-
-} EFI_TLS_CONFIG_DATA_TYPE;
-
-/**
- Set TLS configuration data.
-
- The SetData() function sets TLS configuration to non-volatile storage or volatile
- storage.
-
- @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
- @param[in] DataType Configuration data type.
- @param[in] Data Pointer to configuration data.
- @param[in] DataSize Total size of configuration data.
-
- @retval EFI_SUCCESS The TLS configuration data is set successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- Data is NULL.
- DataSize is 0.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_TLS_CONFIGURATION_SET_DATA)(
- IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
- IN EFI_TLS_CONFIG_DATA_TYPE DataType,
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Get TLS configuration data.
-
- The GetData() function gets TLS configuration.
-
- @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
- @param[in] DataType Configuration data type.
- @param[in, out] Data Pointer to configuration data.
- @param[in, out] DataSize Total size of configuration data. On input, it means
- the size of Data buffer. On output, it means the size
- of copied Data buffer if EFI_SUCCESS, and means the
- size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
-
- @retval EFI_SUCCESS The TLS configuration data is got successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- DataSize is NULL.
- Data is NULL if *DataSize is not zero.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_NOT_FOUND The TLS configuration data is not found.
- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
-
-**/
-typedef
-EFI_STATUS
-(EFIAPI *EFI_TLS_CONFIGURATION_GET_DATA)(
- IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
- IN EFI_TLS_CONFIG_DATA_TYPE DataType,
- IN OUT VOID *Data, OPTIONAL
- IN OUT UINTN *DataSize
- );
-
-///
-/// The EFI_TLS_CONFIGURATION_PROTOCOL is designed to provide a way to set and get
-/// TLS configuration, such as Certificate, private key data.
-///
-struct _EFI_TLS_CONFIGURATION_PROTOCOL {
- EFI_TLS_CONFIGURATION_SET_DATA SetData;
- EFI_TLS_CONFIGURATION_GET_DATA GetData;
-};
-
-extern EFI_GUID gEfiTlsConfigurationProtocolGuid;
-
-#endif //__EFI_TLS_CONFIGURATION_PROTOCOL_H__
+/** @file
+ EFI TLS Configuration Protocol as defined in UEFI 2.5.
+ The EFI TLS Configuration Protocol provides a way to set and get TLS configuration.
+
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+ @par Revision Reference:
+ This Protocol is introduced in UEFI Specification 2.5
+
+**/
+#ifndef __EFI_TLS_CONFIGURATION_PROTOCOL_H__
+#define __EFI_TLS_CONFIGURATION_PROTOCOL_H__
+
+///
+/// The EFI Configuration protocol provides a way to set and get TLS configuration.
+///
+#define EFI_TLS_CONFIGURATION_PROTOCOL_GUID \
+ { \
+ 0x1682fe44, 0xbd7a, 0x4407, { 0xb7, 0xc7, 0xdc, 0xa3, 0x7c, 0xa3, 0x92, 0x2d } \
+ }
+
+typedef struct _EFI_TLS_CONFIGURATION_PROTOCOL EFI_TLS_CONFIGURATION_PROTOCOL;
+
+///
+/// EFI_TLS_CONFIG_DATA_TYPE
+///
+typedef enum {
+ ///
+ /// Local host configuration data: public certificate data.
+ /// This data should be DER-encoded binary X.509 certificate
+ /// or PEM-encoded X.509 certificate.
+ ///
+ EfiTlsConfigDataTypeHostPublicCert,
+ ///
+ /// Local host configuration data: private key data.
+ ///
+ EfiTlsConfigDataTypeHostPrivateKey,
+ ///
+ /// CA certificate to verify peer. This data should be PEM-encoded
+ /// RSA or PKCS#8 private key.
+ ///
+ EfiTlsConfigDataTypeCACertificate,
+ ///
+ /// CA-supplied Certificate Revocation List data. This data should
+ /// be DER-encoded CRL data.
+ ///
+ EfiTlsConfigDataTypeCertRevocationList,
+
+ EfiTlsConfigDataTypeMaximum
+
+} EFI_TLS_CONFIG_DATA_TYPE;
+
+/**
+ Set TLS configuration data.
+
+ The SetData() function sets TLS configuration to non-volatile storage or volatile
+ storage.
+
+ @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+ @param[in] DataType Configuration data type.
+ @param[in] Data Pointer to configuration data.
+ @param[in] DataSize Total size of configuration data.
+
+ @retval EFI_SUCCESS The TLS configuration data is set successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ Data is NULL.
+ DataSize is 0.
+ @retval EFI_UNSUPPORTED The DataType is unsupported.
+ @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TLS_CONFIGURATION_SET_DATA)(
+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
+ IN EFI_TLS_CONFIG_DATA_TYPE DataType,
+ IN VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Get TLS configuration data.
+
+ The GetData() function gets TLS configuration.
+
+ @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+ @param[in] DataType Configuration data type.
+ @param[in, out] Data Pointer to configuration data.
+ @param[in, out] DataSize Total size of configuration data. On input, it means
+ the size of Data buffer. On output, it means the size
+ of copied Data buffer if EFI_SUCCESS, and means the
+ size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
+
+ @retval EFI_SUCCESS The TLS configuration data is got successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ DataSize is NULL.
+ Data is NULL if *DataSize is not zero.
+ @retval EFI_UNSUPPORTED The DataType is unsupported.
+ @retval EFI_NOT_FOUND The TLS configuration data is not found.
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TLS_CONFIGURATION_GET_DATA)(
+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
+ IN EFI_TLS_CONFIG_DATA_TYPE DataType,
+ IN OUT VOID *Data, OPTIONAL
+ IN OUT UINTN *DataSize
+ );
+
+///
+/// The EFI_TLS_CONFIGURATION_PROTOCOL is designed to provide a way to set and get
+/// TLS configuration, such as Certificate, private key data.
+///
+struct _EFI_TLS_CONFIGURATION_PROTOCOL {
+ EFI_TLS_CONFIGURATION_SET_DATA SetData;
+ EFI_TLS_CONFIGURATION_GET_DATA GetData;
+};
+
+extern EFI_GUID gEfiTlsConfigurationProtocolGuid;
+
+#endif //__EFI_TLS_CONFIGURATION_PROTOCOL_H__
+
diff --git a/MdePkg/Library/BaseLib/SafeString.c b/MdePkg/Library/BaseLib/SafeString.c
index 249fe477b4..68c33e9b7b 100644
--- a/MdePkg/Library/BaseLib/SafeString.c
+++ b/MdePkg/Library/BaseLib/SafeString.c
@@ -217,7 +217,7 @@ StrnSizeS (
@retval RETURN_INVALID_PARAMETER If Destination is NULL.
If Source is NULL.
If PcdMaximumUnicodeStringLength is not zero,
- and DestMax is greater than
+ and DestMax is greater than
PcdMaximumUnicodeStringLength.
If DestMax is 0.
@retval RETURN_ACCESS_DENIED If Source and Destination overlap.
@@ -231,7 +231,7 @@ StrCpyS (
)
{
UINTN SourceLen;
-
+
ASSERT (((UINTN) Destination & BIT0) == 0);
ASSERT (((UINTN) Source & BIT0) == 0);
@@ -296,12 +296,12 @@ StrCpyS (
@param Length The maximum number of Unicode characters to copy.
@retval RETURN_SUCCESS String is copied.
- @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
MIN(StrLen(Source), Length).
@retval RETURN_INVALID_PARAMETER If Destination is NULL.
If Source is NULL.
If PcdMaximumUnicodeStringLength is not zero,
- and DestMax is greater than
+ and DestMax is greater than
PcdMaximumUnicodeStringLength.
If DestMax is 0.
@retval RETURN_ACCESS_DENIED If Source and Destination overlap.
@@ -388,14 +388,14 @@ StrnCpyS (
@param Source A pointer to a Null-terminated Unicode string.
@retval RETURN_SUCCESS String is appended.
- @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
+ @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
StrLen(Destination).
@retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
greater than StrLen(Source).
@retval RETURN_INVALID_PARAMETER If Destination is NULL.
If Source is NULL.
If PcdMaximumUnicodeStringLength is not zero,
- and DestMax is greater than
+ and DestMax is greater than
PcdMaximumUnicodeStringLength.
If DestMax is 0.
@retval RETURN_ACCESS_DENIED If Source and Destination overlap.
@@ -411,7 +411,7 @@ StrCatS (
UINTN DestLen;
UINTN CopyLen;
UINTN SourceLen;
-
+
ASSERT (((UINTN) Destination & BIT0) == 0);
ASSERT (((UINTN) Source & BIT0) == 0);
@@ -497,7 +497,7 @@ StrCatS (
@retval RETURN_INVALID_PARAMETER If Destination is NULL.
If Source is NULL.
If PcdMaximumUnicodeStringLength is not zero,
- and DestMax is greater than
+ and DestMax is greater than
PcdMaximumUnicodeStringLength.
If DestMax is 0.
@retval RETURN_ACCESS_DENIED If Source and Destination overlap.
@@ -514,7 +514,7 @@ StrnCatS (
UINTN DestLen;
UINTN CopyLen;
UINTN SourceLen;
-
+
ASSERT (((UINTN) Destination & BIT0) == 0);
ASSERT (((UINTN) Source & BIT0) == 0);
@@ -1799,7 +1799,7 @@ AsciiStrnSizeS (
@retval RETURN_INVALID_PARAMETER If Destination is NULL.
If Source is NULL.
If PcdMaximumAsciiStringLength is not zero,
- and DestMax is greater than
+ and DestMax is greater than
PcdMaximumAsciiStringLength.
If DestMax is 0.
@retval RETURN_ACCESS_DENIED If Source and Destination overlap.
@@ -1813,7 +1813,7 @@ AsciiStrCpyS (
)
{
UINTN SourceLen;
-
+
//
// 1. Neither Destination nor Source shall be a null pointer.
//
@@ -1873,12 +1873,12 @@ AsciiStrCpyS (
@param Length The maximum number of Ascii characters to copy.
@retval RETURN_SUCCESS String is copied.
- @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
MIN(StrLen(Source), Length).
@retval RETURN_INVALID_PARAMETER If Destination is NULL.
If Source is NULL.
If PcdMaximumAsciiStringLength is not zero,
- and DestMax is greater than
+ and DestMax is greater than
PcdMaximumAsciiStringLength.
If DestMax is 0.
@retval RETURN_ACCESS_DENIED If Source and Destination overlap.
@@ -1960,14 +1960,14 @@ AsciiStrnCpyS (
@param Source A pointer to a Null-terminated Ascii string.
@retval RETURN_SUCCESS String is appended.
- @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
+ @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
StrLen(Destination).
@retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is NOT
greater than StrLen(Source).
@retval RETURN_INVALID_PARAMETER If Destination is NULL.
If Source is NULL.
If PcdMaximumAsciiStringLength is not zero,
- and DestMax is greater than
+ and DestMax is greater than
PcdMaximumAsciiStringLength.
If DestMax is 0.
@retval RETURN_ACCESS_DENIED If Source and Destination overlap.
@@ -1983,7 +1983,7 @@ AsciiStrCatS (
UINTN DestLen;
UINTN CopyLen;
UINTN SourceLen;
-
+
//
// Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrCatS.
//
@@ -2064,7 +2064,7 @@ AsciiStrCatS (
@retval RETURN_INVALID_PARAMETER If Destination is NULL.
If Source is NULL.
If PcdMaximumAsciiStringLength is not zero,
- and DestMax is greater than
+ and DestMax is greater than
PcdMaximumAsciiStringLength.
If DestMax is 0.
@retval RETURN_ACCESS_DENIED If Source and Destination overlap.
@@ -2081,7 +2081,7 @@ AsciiStrnCatS (
UINTN DestLen;
UINTN CopyLen;
UINTN SourceLen;
-
+
//
// Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination, DestMax) upon entry to AsciiStrnCatS.
//
@@ -3265,7 +3265,8 @@ AsciiStrToIpv6Address (
&Address->Addr[CompressStart + ARRAY_SIZE (Address->Addr) - AddressIndex],
&LocalAddress.Addr[CompressStart],
AddressIndex - CompressStart
- );
+ );
+
}
if (PrefixLength != NULL) {
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 6/6] NetworkPkg: Convert files to CRLF line ending
2017-04-06 2:25 [PATCH 0/6] Convert files to CRLF line ending Hao Wu
` (4 preceding siblings ...)
2017-04-06 2:25 ` [PATCH 5/6] MdePkg: " Hao Wu
@ 2017-04-06 2:25 ` Hao Wu
2017-04-06 5:29 ` Wu, Jiaxin
5 siblings, 1 reply; 13+ messages in thread
From: Hao Wu @ 2017-04-06 2:25 UTC (permalink / raw)
To: edk2-devel; +Cc: Hao Wu, Siyuan Fu, Jiaxin Wu
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
---
NetworkPkg/HttpDxe/HttpsSupport.c | 3439 ++++++++++----------
NetworkPkg/HttpDxe/HttpsSupport.h | 521 +--
NetworkPkg/Include/Guid/TlsAuthConfigHii.h | 51 +-
NetworkPkg/Include/Guid/TlsAuthentication.h | 59 +-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c | 270 +-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf | 147 +-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni | 42 +-
| 38 +-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni | 78 +-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 3377 +++++++++----------
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h | 564 ++--
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h | 99 +-
NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr | 305 +-
NetworkPkg/TlsDxe/TlsConfigProtocol.c | 305 +-
NetworkPkg/TlsDxe/TlsDriver.c | 993 +++---
NetworkPkg/TlsDxe/TlsDriver.h | 475 +--
NetworkPkg/TlsDxe/TlsDxe.inf | 131 +-
NetworkPkg/TlsDxe/TlsDxe.uni | 50 +-
| 37 +-
NetworkPkg/TlsDxe/TlsImpl.c | 653 ++--
NetworkPkg/TlsDxe/TlsImpl.h | 631 ++--
NetworkPkg/TlsDxe/TlsProtocol.c | 1265 +++----
22 files changed, 6773 insertions(+), 6757 deletions(-)
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index f0077dd4b8..e4d9a37bee 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -1,1719 +1,1720 @@
-/** @file
- Miscellaneous routines specific to Https for HttpDxe driver.
-
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "HttpDriver.h"
-
-/**
- Returns the first occurrence of a Null-terminated ASCII sub-string in a Null-terminated
- ASCII string and ignore case during the search process.
-
- This function scans the contents of the ASCII string specified by String
- and returns the first occurrence of SearchString and ignore case during the search process.
- If SearchString is not found in String, then NULL is returned. If the length of SearchString
- is zero, then String is returned.
-
- If String is NULL, then ASSERT().
- If SearchString is NULL, then ASSERT().
-
- @param[in] String A pointer to a Null-terminated ASCII string.
- @param[in] SearchString A pointer to a Null-terminated ASCII string to search for.
-
- @retval NULL If the SearchString does not appear in String.
- @retval others If there is a match return the first occurrence of SearchingString.
- If the length of SearchString is zero,return String.
-
-**/
-CHAR8 *
-AsciiStrCaseStr (
- IN CONST CHAR8 *String,
- IN CONST CHAR8 *SearchString
- )
-{
- CONST CHAR8 *FirstMatch;
- CONST CHAR8 *SearchStringTmp;
-
- CHAR8 Src;
- CHAR8 Dst;
-
- //
- // ASSERT both strings are less long than PcdMaximumAsciiStringLength
- //
- ASSERT (AsciiStrSize (String) != 0);
- ASSERT (AsciiStrSize (SearchString) != 0);
-
- if (*SearchString == '\0') {
- return (CHAR8 *) String;
- }
-
- while (*String != '\0') {
- SearchStringTmp = SearchString;
- FirstMatch = String;
-
- while ((*SearchStringTmp != '\0')
- && (*String != '\0')) {
- Src = *String;
- Dst = *SearchStringTmp;
-
- if ((Src >= 'A') && (Src <= 'Z')) {
- Src -= ('A' - 'a');
- }
-
- if ((Dst >= 'A') && (Dst <= 'Z')) {
- Dst -= ('A' - 'a');
- }
-
- if (Src != Dst) {
- break;
- }
-
- String++;
- SearchStringTmp++;
- }
-
- if (*SearchStringTmp == '\0') {
- return (CHAR8 *) FirstMatch;
- }
-
- String = FirstMatch + 1;
- }
-
- return NULL;
-}
-
-/**
- The callback function to free the net buffer list.
-
- @param[in] Arg The opaque parameter.
-
-**/
-VOID
-EFIAPI
-FreeNbufList (
- IN VOID *Arg
- )
-{
- ASSERT (Arg != NULL);
-
- NetbufFreeList ((LIST_ENTRY *) Arg);
- FreePool (Arg);
-}
-
-/**
- Check whether the Url is from Https.
-
- @param[in] Url The pointer to a HTTP or HTTPS URL string.
-
- @retval TRUE The Url is from HTTPS.
- @retval FALSE The Url is from HTTP.
-
-**/
-BOOLEAN
-IsHttpsUrl (
- IN CHAR8 *Url
- )
-{
- CHAR8 *Tmp;
-
- Tmp = NULL;
-
- Tmp = AsciiStrCaseStr (Url, HTTPS_FLAG);
- if (Tmp != NULL && Tmp == Url) {
- return TRUE;
- }
-
- return FALSE;
-}
-
-/**
- Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
-
- @param[in] ImageHandle The firmware allocated handle for the UEFI image.
- @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
- @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
-
- @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
-
-**/
-EFI_HANDLE
-EFIAPI
-TlsCreateChild (
- IN EFI_HANDLE ImageHandle,
- OUT EFI_TLS_PROTOCOL **TlsProto,
- OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
- )
-{
- EFI_STATUS Status;
- EFI_SERVICE_BINDING_PROTOCOL *TlsSb;
- EFI_HANDLE TlsChildHandle;
-
- TlsSb = NULL;
- TlsChildHandle = 0;
-
- //
- // Locate TlsServiceBinding protocol.
- //
- gBS->LocateProtocol (
- &gEfiTlsServiceBindingProtocolGuid,
- NULL,
- (VOID **) &TlsSb
- );
- if (TlsSb == NULL) {
- return NULL;
- }
-
- Status = TlsSb->CreateChild (TlsSb, &TlsChildHandle);
- if (EFI_ERROR (Status)) {
- return NULL;
- }
-
- Status = gBS->OpenProtocol (
- TlsChildHandle,
- &gEfiTlsProtocolGuid,
- (VOID **) TlsProto,
- ImageHandle,
- TlsChildHandle,
- EFI_OPEN_PROTOCOL_GET_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- TlsSb->DestroyChild (TlsSb, TlsChildHandle);
- return NULL;
- }
-
- Status = gBS->OpenProtocol (
- TlsChildHandle,
- &gEfiTlsConfigurationProtocolGuid,
- (VOID **) TlsConfiguration,
- ImageHandle,
- TlsChildHandle,
- EFI_OPEN_PROTOCOL_GET_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- TlsSb->DestroyChild (TlsSb, TlsChildHandle);
- return NULL;
- }
-
- return TlsChildHandle;
-}
-
-/**
- Create event for the TLS receive and transmit tokens which are used to receive and
- transmit TLS related messages.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
-
- @retval EFI_SUCCESS The events are created successfully.
- @retval others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCreateTxRxEvent (
- IN OUT HTTP_PROTOCOL *HttpInstance
- )
-{
- EFI_STATUS Status;
-
- if (!HttpInstance->LocalAddressIsIPv6) {
- //
- // For Tcp4TlsTxToken.
- //
- Status = gBS->CreateEvent (
- EVT_NOTIFY_SIGNAL,
- TPL_NOTIFY,
- HttpCommonNotify,
- &HttpInstance->TlsIsTxDone,
- &HttpInstance->Tcp4TlsTxToken.CompletionToken.Event
- );
- if (EFI_ERROR (Status)) {
- goto ERROR;
- }
-
- HttpInstance->Tcp4TlsTxData.Push = TRUE;
- HttpInstance->Tcp4TlsTxData.Urgent = FALSE;
- HttpInstance->Tcp4TlsTxData.DataLength = 0;
- HttpInstance->Tcp4TlsTxData.FragmentCount = 1;
- HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp4TlsTxData.DataLength;
- HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentBuffer = NULL;
- HttpInstance->Tcp4TlsTxToken.Packet.TxData = &HttpInstance->Tcp4TlsTxData;
- HttpInstance->Tcp4TlsTxToken.CompletionToken.Status = EFI_NOT_READY;
-
- //
- // For Tcp4TlsRxToken.
- //
- Status = gBS->CreateEvent (
- EVT_NOTIFY_SIGNAL,
- TPL_NOTIFY,
- HttpCommonNotify,
- &HttpInstance->TlsIsRxDone,
- &HttpInstance->Tcp4TlsRxToken.CompletionToken.Event
- );
- if (EFI_ERROR (Status)) {
- goto ERROR;
- }
-
- HttpInstance->Tcp4TlsRxData.DataLength = 0;
- HttpInstance->Tcp4TlsRxData.FragmentCount = 1;
- HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp4TlsRxData.DataLength ;
- HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentBuffer = NULL;
- HttpInstance->Tcp4TlsRxToken.Packet.RxData = &HttpInstance->Tcp4TlsRxData;
- HttpInstance->Tcp4TlsRxToken.CompletionToken.Status = EFI_NOT_READY;
- } else {
- //
- // For Tcp6TlsTxToken.
- //
- Status = gBS->CreateEvent (
- EVT_NOTIFY_SIGNAL,
- TPL_NOTIFY,
- HttpCommonNotify,
- &HttpInstance->TlsIsTxDone,
- &HttpInstance->Tcp6TlsTxToken.CompletionToken.Event
- );
- if (EFI_ERROR (Status)) {
- goto ERROR;
- }
-
- HttpInstance->Tcp6TlsTxData.Push = TRUE;
- HttpInstance->Tcp6TlsTxData.Urgent = FALSE;
- HttpInstance->Tcp6TlsTxData.DataLength = 0;
- HttpInstance->Tcp6TlsTxData.FragmentCount = 1;
- HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp6TlsTxData.DataLength;
- HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentBuffer = NULL;
- HttpInstance->Tcp6TlsTxToken.Packet.TxData = &HttpInstance->Tcp6TlsTxData;
- HttpInstance->Tcp6TlsTxToken.CompletionToken.Status = EFI_NOT_READY;
-
- //
- // For Tcp6TlsRxToken.
- //
- Status = gBS->CreateEvent (
- EVT_NOTIFY_SIGNAL,
- TPL_NOTIFY,
- HttpCommonNotify,
- &HttpInstance->TlsIsRxDone,
- &HttpInstance->Tcp6TlsRxToken.CompletionToken.Event
- );
- if (EFI_ERROR (Status)) {
- goto ERROR;
- }
-
- HttpInstance->Tcp6TlsRxData.DataLength = 0;
- HttpInstance->Tcp6TlsRxData.FragmentCount = 1;
- HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp6TlsRxData.DataLength ;
- HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentBuffer = NULL;
- HttpInstance->Tcp6TlsRxToken.Packet.RxData = &HttpInstance->Tcp6TlsRxData;
- HttpInstance->Tcp6TlsRxToken.CompletionToken.Status = EFI_NOT_READY;
- }
-
- return Status;
-
-ERROR:
- //
- // Error handling
- //
- TlsCloseTxRxEvent (HttpInstance);
-
- return Status;
-}
-
-/**
- Close events in the TlsTxToken and TlsRxToken.
-
- @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
-
-**/
-VOID
-EFIAPI
-TlsCloseTxRxEvent (
- IN HTTP_PROTOCOL *HttpInstance
- )
-{
- ASSERT (HttpInstance != NULL);
- if (!HttpInstance->LocalAddressIsIPv6) {
- if (NULL != HttpInstance->Tcp4TlsTxToken.CompletionToken.Event) {
- gBS->CloseEvent(HttpInstance->Tcp4TlsTxToken.CompletionToken.Event);
- HttpInstance->Tcp4TlsTxToken.CompletionToken.Event = NULL;
- }
-
- if (NULL != HttpInstance->Tcp4TlsRxToken.CompletionToken.Event) {
- gBS->CloseEvent (HttpInstance->Tcp4TlsRxToken.CompletionToken.Event);
- HttpInstance->Tcp4TlsRxToken.CompletionToken.Event = NULL;
- }
- } else {
- if (NULL != HttpInstance->Tcp6TlsTxToken.CompletionToken.Event) {
- gBS->CloseEvent(HttpInstance->Tcp6TlsTxToken.CompletionToken.Event);
- HttpInstance->Tcp6TlsTxToken.CompletionToken.Event = NULL;
- }
-
- if (NULL != HttpInstance->Tcp6TlsRxToken.CompletionToken.Event) {
- gBS->CloseEvent (HttpInstance->Tcp6TlsRxToken.CompletionToken.Event);
- HttpInstance->Tcp6TlsRxToken.CompletionToken.Event = NULL;
- }
- }
-}
-
-/**
- Read the TlsCaCertificate variable and configure it.
-
- @param[in, out] HttpInstance The HTTP instance private data.
-
- @retval EFI_SUCCESS TlsCaCertificate is configured.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_NOT_FOUND Fail to get 'TlsCaCertificate' variable.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-TlsConfigCertificate (
- IN OUT HTTP_PROTOCOL *HttpInstance
- )
-{
- EFI_STATUS Status;
- UINT8 *CACert;
- UINTN CACertSize;
- UINT32 Index;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_DATA *Cert;
- UINTN CertCount;
- UINT32 ItemDataSize;
-
- CACert = NULL;
- CACertSize = 0;
-
- //
- // Try to read the TlsCaCertificate variable.
- //
- Status = gRT->GetVariable (
- EFI_TLS_CA_CERTIFICATE_VARIABLE,
- &gEfiTlsCaCertificateGuid,
- NULL,
- &CACertSize,
- NULL
- );
-
- if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
- return Status;
- }
-
- //
- // Allocate buffer and read the config variable.
- //
- CACert = AllocatePool (CACertSize);
- if (CACert == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- Status = gRT->GetVariable (
- EFI_TLS_CA_CERTIFICATE_VARIABLE,
- &gEfiTlsCaCertificateGuid,
- NULL,
- &CACertSize,
- CACert
- );
- if (EFI_ERROR (Status)) {
- //
- // GetVariable still error or the variable is corrupted.
- // Fall back to the default value.
- //
- FreePool (CACert);
-
- return EFI_NOT_FOUND;
- }
-
- ASSERT (CACert != NULL);
-
- //
- // Enumerate all data and erasing the target item.
- //
- ItemDataSize = (UINT32) CACertSize;
- CertList = (EFI_SIGNATURE_LIST *) CACert;
- while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
- for (Index = 0; Index < CertCount; Index++) {
- //
- // EfiTlsConfigDataTypeCACertificate
- //
- Status = HttpInstance->TlsConfiguration->SetData (
- HttpInstance->TlsConfiguration,
- EfiTlsConfigDataTypeCACertificate,
- Cert->SignatureData,
- CertList->SignatureSize - sizeof (Cert->SignatureOwner)
- );
- if (EFI_ERROR (Status)) {
- FreePool (CACert);
- return Status;
- }
-
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
- }
-
- ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
- }
-
- FreePool (CACert);
- return Status;
-}
-
-/**
- Configure TLS session data.
-
- @param[in, out] HttpInstance The HTTP instance private data.
-
- @retval EFI_SUCCESS TLS session data is configured.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsConfigureSession (
- IN OUT HTTP_PROTOCOL *HttpInstance
- )
-{
- EFI_STATUS Status;
-
- //
- // TlsConfigData initialization
- //
- HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
- HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
- HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
-
- //
- // EfiTlsConnectionEnd,
- // EfiTlsVerifyMethod
- // EfiTlsSessionState
- //
- Status = HttpInstance->Tls->SetSessionData (
- HttpInstance->Tls,
- EfiTlsConnectionEnd,
- &(HttpInstance->TlsConfigData.ConnectionEnd),
- sizeof (EFI_TLS_CONNECTION_END)
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- Status = HttpInstance->Tls->SetSessionData (
- HttpInstance->Tls,
- EfiTlsVerifyMethod,
- &HttpInstance->TlsConfigData.VerifyMethod,
- sizeof (EFI_TLS_VERIFY)
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- Status = HttpInstance->Tls->SetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- &(HttpInstance->TlsConfigData.SessionState),
- sizeof (EFI_TLS_SESSION_STATE)
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- //
- // Tls Config Certificate
- //
- Status = TlsConfigCertificate (HttpInstance);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "TLS Certificate Config Error!\n"));
- return Status;
- }
-
- //
- // TlsCreateTxRxEvent
- //
- Status = TlsCreateTxRxEvent (HttpInstance);
- if (EFI_ERROR (Status)) {
- goto ERROR;
- }
-
- return Status;
-
-ERROR:
- TlsCloseTxRxEvent (HttpInstance);
-
- return Status;
-}
-
-/**
- Transmit the Packet by processing the associated HTTPS token.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in] Packet The packet to transmit.
-
- @retval EFI_SUCCESS The packet is transmitted.
- @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_DEVICE_ERROR An unexpected system or network error occurred.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCommonTransmit (
- IN OUT HTTP_PROTOCOL *HttpInstance,
- IN NET_BUF *Packet
- )
-{
- EFI_STATUS Status;
- VOID *Data;
- UINTN Size;
-
- if ((HttpInstance == NULL) || (Packet == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (!HttpInstance->LocalAddressIsIPv6) {
- Size = sizeof (EFI_TCP4_TRANSMIT_DATA) +
- (Packet->BlockOpNum - 1) * sizeof (EFI_TCP4_FRAGMENT_DATA);
- } else {
- Size = sizeof (EFI_TCP6_TRANSMIT_DATA) +
- (Packet->BlockOpNum - 1) * sizeof (EFI_TCP6_FRAGMENT_DATA);
- }
-
- Data = AllocatePool (Size);
- if (Data == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- if (!HttpInstance->LocalAddressIsIPv6) {
- ((EFI_TCP4_TRANSMIT_DATA *) Data)->Push = TRUE;
- ((EFI_TCP4_TRANSMIT_DATA *) Data)->Urgent = FALSE;
- ((EFI_TCP4_TRANSMIT_DATA *) Data)->DataLength = Packet->TotalSize;
-
- //
- // Build the fragment table.
- //
- ((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount = Packet->BlockOpNum;
-
- NetbufBuildExt (
- Packet,
- (NET_FRAGMENT *) &((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentTable[0],
- &((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount
- );
-
- HttpInstance->Tcp4TlsTxToken.Packet.TxData = (EFI_TCP4_TRANSMIT_DATA *) Data;
-
- Status = EFI_DEVICE_ERROR;
-
- //
- // Transmit the packet.
- //
- Status = HttpInstance->Tcp4->Transmit (HttpInstance->Tcp4, &HttpInstance->Tcp4TlsTxToken);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- while (!HttpInstance->TlsIsTxDone) {
- HttpInstance->Tcp4->Poll (HttpInstance->Tcp4);
- }
-
- HttpInstance->TlsIsTxDone = FALSE;
- Status = HttpInstance->Tcp4TlsTxToken.CompletionToken.Status;
- } else {
- ((EFI_TCP6_TRANSMIT_DATA *) Data)->Push = TRUE;
- ((EFI_TCP6_TRANSMIT_DATA *) Data)->Urgent = FALSE;
- ((EFI_TCP6_TRANSMIT_DATA *) Data)->DataLength = Packet->TotalSize;
-
- //
- // Build the fragment table.
- //
- ((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount = Packet->BlockOpNum;
-
- NetbufBuildExt (
- Packet,
- (NET_FRAGMENT *) &((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentTable[0],
- &((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount
- );
-
- HttpInstance->Tcp6TlsTxToken.Packet.TxData = (EFI_TCP6_TRANSMIT_DATA *) Data;
-
- Status = EFI_DEVICE_ERROR;
-
- //
- // Transmit the packet.
- //
- Status = HttpInstance->Tcp6->Transmit (HttpInstance->Tcp6, &HttpInstance->Tcp6TlsTxToken);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- while (!HttpInstance->TlsIsTxDone) {
- HttpInstance->Tcp6->Poll (HttpInstance->Tcp6);
- }
-
- HttpInstance->TlsIsTxDone = FALSE;
- Status = HttpInstance->Tcp6TlsTxToken.CompletionToken.Status;
- }
-
-ON_EXIT:
- FreePool (Data);
-
- return Status;
-}
-
-/**
- Receive the Packet by processing the associated HTTPS token.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in] Packet The packet to transmit.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS The Packet is received.
- @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_TIMEOUT The operation is time out.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCommonReceive (
- IN OUT HTTP_PROTOCOL *HttpInstance,
- IN NET_BUF *Packet,
- IN EFI_EVENT Timeout
- )
-{
- EFI_TCP4_RECEIVE_DATA *Tcp4RxData;
- EFI_TCP6_RECEIVE_DATA *Tcp6RxData;
- EFI_STATUS Status;
- NET_FRAGMENT *Fragment;
- UINT32 FragmentCount;
- UINT32 CurrentFragment;
-
- Tcp4RxData = NULL;
- Tcp6RxData = NULL;
-
- if ((HttpInstance == NULL) || (Packet == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- FragmentCount = Packet->BlockOpNum;
- Fragment = AllocatePool (FragmentCount * sizeof (NET_FRAGMENT));
- if (Fragment == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Build the fragment table.
- //
- NetbufBuildExt (Packet, Fragment, &FragmentCount);
-
- if (!HttpInstance->LocalAddressIsIPv6) {
- Tcp4RxData = HttpInstance->Tcp4TlsRxToken.Packet.RxData;
- if (Tcp4RxData == NULL) {
- return EFI_INVALID_PARAMETER;
- }
- Tcp4RxData->FragmentCount = 1;
- } else {
- Tcp6RxData = HttpInstance->Tcp6TlsRxToken.Packet.RxData;
- if (Tcp6RxData == NULL) {
- return EFI_INVALID_PARAMETER;
- }
- Tcp6RxData->FragmentCount = 1;
- }
-
- CurrentFragment = 0;
- Status = EFI_SUCCESS;
-
- while (CurrentFragment < FragmentCount) {
- if (!HttpInstance->LocalAddressIsIPv6) {
- Tcp4RxData->DataLength = Fragment[CurrentFragment].Len;
- Tcp4RxData->FragmentTable[0].FragmentLength = Fragment[CurrentFragment].Len;
- Tcp4RxData->FragmentTable[0].FragmentBuffer = Fragment[CurrentFragment].Bulk;
- Status = HttpInstance->Tcp4->Receive (HttpInstance->Tcp4, &HttpInstance->Tcp4TlsRxToken);
- } else {
- Tcp6RxData->DataLength = Fragment[CurrentFragment].Len;
- Tcp6RxData->FragmentTable[0].FragmentLength = Fragment[CurrentFragment].Len;
- Tcp6RxData->FragmentTable[0].FragmentBuffer = Fragment[CurrentFragment].Bulk;
- Status = HttpInstance->Tcp6->Receive (HttpInstance->Tcp6, &HttpInstance->Tcp6TlsRxToken);
- }
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- while (!HttpInstance->TlsIsRxDone && ((Timeout == NULL) || EFI_ERROR (gBS->CheckEvent (Timeout)))) {
- //
- // Poll until some data is received or an error occurs.
- //
- if (!HttpInstance->LocalAddressIsIPv6) {
- HttpInstance->Tcp4->Poll (HttpInstance->Tcp4);
- } else {
- HttpInstance->Tcp6->Poll (HttpInstance->Tcp6);
- }
- }
-
- if (!HttpInstance->TlsIsRxDone) {
- //
- // Timeout occurs, cancel the receive request.
- //
- if (!HttpInstance->LocalAddressIsIPv6) {
- HttpInstance->Tcp4->Cancel (HttpInstance->Tcp4, &HttpInstance->Tcp4TlsRxToken.CompletionToken);
- } else {
- HttpInstance->Tcp6->Cancel (HttpInstance->Tcp6, &HttpInstance->Tcp6TlsRxToken.CompletionToken);
- }
-
- Status = EFI_TIMEOUT;
- goto ON_EXIT;
- } else {
- HttpInstance->TlsIsRxDone = FALSE;
- }
-
- if (!HttpInstance->LocalAddressIsIPv6) {
- Status = HttpInstance->Tcp4TlsRxToken.CompletionToken.Status;
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- Fragment[CurrentFragment].Len -= Tcp4RxData->FragmentTable[0].FragmentLength;
- if (Fragment[CurrentFragment].Len == 0) {
- CurrentFragment++;
- } else {
- Fragment[CurrentFragment].Bulk += Tcp4RxData->FragmentTable[0].FragmentLength;
- }
- } else {
- Status = HttpInstance->Tcp6TlsRxToken.CompletionToken.Status;
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- Fragment[CurrentFragment].Len -= Tcp6RxData->FragmentTable[0].FragmentLength;
- if (Fragment[CurrentFragment].Len == 0) {
- CurrentFragment++;
- } else {
- Fragment[CurrentFragment].Bulk += Tcp6RxData->FragmentTable[0].FragmentLength;
- }
- }
- }
-
-ON_EXIT:
-
- if (Fragment != NULL) {
- FreePool (Fragment);
- }
-
- return Status;
-}
-
-/**
- Receive one TLS PDU. An TLS PDU contains an TLS record header and it's
- corresponding record data. These two parts will be put into two blocks of buffers in the
- net buffer.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[out] Pdu The received TLS PDU.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS An TLS PDU is received.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsReceiveOnePdu (
- IN OUT HTTP_PROTOCOL *HttpInstance,
- OUT NET_BUF **Pdu,
- IN EFI_EVENT Timeout
- )
-{
- EFI_STATUS Status;
-
- LIST_ENTRY *NbufList;
-
- UINT32 Len;
-
- NET_BUF *PduHdr;
- UINT8 *Header;
- TLS_RECORD_HEADER RecordHeader;
-
- NET_BUF *DataSeg;
-
- NbufList = NULL;
- PduHdr = NULL;
- Header = NULL;
- DataSeg = NULL;
-
- NbufList = AllocatePool (sizeof (LIST_ENTRY));
- if (NbufList == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- InitializeListHead (NbufList);
-
- //
- // Allocate buffer to receive one TLS header.
- //
- Len = sizeof (TLS_RECORD_HEADER);
- PduHdr = NetbufAlloc (Len);
- if (PduHdr == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- Header = NetbufAllocSpace (PduHdr, Len, NET_BUF_TAIL);
- if (Header == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // First step, receive one TLS header.
- //
- Status = TlsCommonReceive (HttpInstance, PduHdr, Timeout);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- RecordHeader = *(TLS_RECORD_HEADER *) Header;
- if ((RecordHeader.ContentType == TlsContentTypeHandshake ||
- RecordHeader.ContentType == TlsContentTypeAlert ||
- RecordHeader.ContentType == TlsContentTypeChangeCipherSpec ||
- RecordHeader.ContentType == TlsContentTypeApplicationData) &&
- (RecordHeader.Version.Major == 0x03) && /// Major versions are same.
- (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
- RecordHeader.Version.Minor ==TLS11_PROTOCOL_VERSION_MINOR ||
- RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
- ) {
- InsertTailList (NbufList, &PduHdr->List);
- } else {
- Status = EFI_PROTOCOL_ERROR;
- goto ON_EXIT;
- }
-
- Len = SwapBytes16(RecordHeader.Length);
- if (Len == 0) {
- //
- // No TLS payload.
- //
- goto FORM_PDU;
- }
-
- //
- // Allocate buffer to receive one TLS payload.
- //
- DataSeg = NetbufAlloc (Len);
- if (DataSeg == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- NetbufAllocSpace (DataSeg, Len, NET_BUF_TAIL);
-
- //
- // Second step, receive one TLS payload.
- //
- Status = TlsCommonReceive (HttpInstance, DataSeg, Timeout);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- InsertTailList (NbufList, &DataSeg->List);
-
-FORM_PDU:
- //
- // Form the PDU from a list of PDU.
- //
- *Pdu = NetbufFromBufList (NbufList, 0, 0, FreeNbufList, NbufList);
- if (*Pdu == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- }
-
-ON_EXIT:
-
- if (EFI_ERROR (Status)) {
- //
- // Free the Nbufs in this NbufList and the NbufList itself.
- //
- FreeNbufList (NbufList);
- }
-
- return Status;
-}
-
-/**
- Connect one TLS session by finishing the TLS handshake process.
-
- @param[in] HttpInstance The HTTP instance private data.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS The TLS session is established.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED TLS session state is incorrect.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsConnectSession (
- IN HTTP_PROTOCOL *HttpInstance,
- IN EFI_EVENT Timeout
- )
-{
- EFI_STATUS Status;
- UINT8 *BufferOut;
- UINTN BufferOutSize;
- NET_BUF *PacketOut;
- UINT8 *DataOut;
- NET_BUF *Pdu;
- UINT8 *BufferIn;
- UINTN BufferInSize;
- UINT8 *GetSessionDataBuffer;
- UINTN GetSessionDataBufferSize;
-
- BufferOut = NULL;
- PacketOut = NULL;
- DataOut = NULL;
- Pdu = NULL;
- BufferIn = NULL;
-
- //
- // Initialize TLS state.
- //
- HttpInstance->TlsSessionState = EfiTlsSessionNotStarted;
- Status = HttpInstance->Tls->SetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- &(HttpInstance->TlsSessionState),
- sizeof (EFI_TLS_SESSION_STATE)
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- //
- // Create ClientHello
- //
- BufferOutSize = DEF_BUF_LEN;
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- NULL,
- 0,
- BufferOut,
- &BufferOutSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (BufferOut);
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- NULL,
- 0,
- BufferOut,
- &BufferOutSize
- );
- }
- if (EFI_ERROR (Status)) {
- FreePool (BufferOut);
- return Status;
- }
-
- //
- // Transmit ClientHello
- //
- PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
- DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
- if (DataOut == NULL) {
- FreePool (BufferOut);
- return EFI_OUT_OF_RESOURCES;
- }
-
- CopyMem (DataOut, BufferOut, BufferOutSize);
- Status = TlsCommonTransmit (HttpInstance, PacketOut);
-
- FreePool (BufferOut);
- NetbufFree (PacketOut);
-
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- while(HttpInstance->TlsSessionState != EfiTlsSessionDataTransferring && \
- ((Timeout == NULL) || EFI_ERROR (gBS->CheckEvent (Timeout)))) {
- //
- // Receive one TLS record.
- //
- Status = TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- BufferInSize = Pdu->TotalSize;
- BufferIn = AllocateZeroPool (BufferInSize);
- if (BufferIn == NULL) {
- NetbufFree (Pdu);
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- NetbufCopy (Pdu, 0, (UINT32)BufferInSize, BufferIn);
-
- NetbufFree (Pdu);
-
- //
- // Handle Receive data.
- //
- BufferOutSize = DEF_BUF_LEN;
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- BufferIn,
- BufferInSize,
- BufferOut,
- &BufferOutSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (BufferOut);
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- FreePool (BufferIn);
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- BufferIn,
- BufferInSize,
- BufferOut,
- &BufferOutSize
- );
- }
-
- FreePool (BufferIn);
-
- if (EFI_ERROR (Status)) {
- FreePool (BufferOut);
- return Status;
- }
-
- if (BufferOutSize != 0) {
- //
- // Transmit the response packet.
- //
- PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
- DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
- if (DataOut == NULL) {
- FreePool (BufferOut);
- return EFI_OUT_OF_RESOURCES;
- }
-
- CopyMem (DataOut, BufferOut, BufferOutSize);
-
- Status = TlsCommonTransmit (HttpInstance, PacketOut);
-
- NetbufFree (PacketOut);
-
- if (EFI_ERROR (Status)) {
- FreePool (BufferOut);
- return Status;
- }
- }
-
- FreePool (BufferOut);
-
- //
- // Get the session state, then decide whether need to continue handle received packet.
- //
- GetSessionDataBufferSize = DEF_BUF_LEN;
- GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
- if (GetSessionDataBuffer == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->GetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- GetSessionDataBuffer,
- &GetSessionDataBufferSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (GetSessionDataBuffer);
- GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
- if (GetSessionDataBuffer == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->GetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- GetSessionDataBuffer,
- &GetSessionDataBufferSize
- );
- }
- if (EFI_ERROR (Status)) {
- FreePool(GetSessionDataBuffer);
- return Status;
- }
-
- ASSERT(GetSessionDataBufferSize == sizeof (EFI_TLS_SESSION_STATE));
- HttpInstance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) GetSessionDataBuffer;
-
- FreePool (GetSessionDataBuffer);
-
- if(HttpInstance->TlsSessionState == EfiTlsSessionError) {
- return EFI_ABORTED;
- }
- }
-
- if (HttpInstance->TlsSessionState != EfiTlsSessionDataTransferring) {
- Status = EFI_ABORTED;
- }
-
- return Status;
-}
-
-/**
- Close the TLS session and send out the close notification message.
-
- @param[in] HttpInstance The HTTP instance private data.
-
- @retval EFI_SUCCESS The TLS session is closed.
- @retval EFI_INVALID_PARAMETER HttpInstance is NULL.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCloseSession (
- IN HTTP_PROTOCOL *HttpInstance
- )
-{
- EFI_STATUS Status;
-
- UINT8 *BufferOut;
- UINTN BufferOutSize;
-
- NET_BUF *PacketOut;
- UINT8 *DataOut;
-
- Status = EFI_SUCCESS;
- BufferOut = NULL;
- PacketOut = NULL;
- DataOut = NULL;
-
- if (HttpInstance == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- HttpInstance->TlsSessionState = EfiTlsSessionClosing;
-
- Status = HttpInstance->Tls->SetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- &(HttpInstance->TlsSessionState),
- sizeof (EFI_TLS_SESSION_STATE)
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- BufferOutSize = DEF_BUF_LEN;
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- NULL,
- 0,
- BufferOut,
- &BufferOutSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (BufferOut);
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- NULL,
- 0,
- BufferOut,
- &BufferOutSize
- );
- }
-
- if (EFI_ERROR (Status)) {
- FreePool (BufferOut);
- return Status;
- }
-
- PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
- DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
- if (DataOut == NULL) {
- FreePool (BufferOut);
- return EFI_OUT_OF_RESOURCES;
- }
-
- CopyMem (DataOut, BufferOut, BufferOutSize);
-
- Status = TlsCommonTransmit (HttpInstance, PacketOut);
-
- FreePool (BufferOut);
- NetbufFree (PacketOut);
-
- return Status;
-}
-
-/**
- Process one message according to the CryptMode.
-
- @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in] Message Pointer to the message buffer needed to processed.
- @param[in] MessageSize Pointer to the message buffer size.
- @param[in] ProcessMode Process mode.
- @param[in, out] Fragment Only one Fragment returned after the Message is
- processed successfully.
-
- @retval EFI_SUCCESS Message is processed successfully.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsProcessMessage (
- IN HTTP_PROTOCOL *HttpInstance,
- IN UINT8 *Message,
- IN UINTN MessageSize,
- IN EFI_TLS_CRYPT_MODE ProcessMode,
- IN OUT NET_FRAGMENT *Fragment
- )
-{
- EFI_STATUS Status;
- UINT8 *Buffer;
- UINT32 BufferSize;
- UINT32 BytesCopied;
- EFI_TLS_FRAGMENT_DATA *FragmentTable;
- UINT32 FragmentCount;
- EFI_TLS_FRAGMENT_DATA *OriginalFragmentTable;
- UINTN Index;
-
- Status = EFI_SUCCESS;
- Buffer = NULL;
- BufferSize = 0;
- BytesCopied = 0;
- FragmentTable = NULL;
- OriginalFragmentTable = NULL;
-
- //
- // Rebuild fragment table from BufferIn.
- //
- FragmentCount = 1;
- FragmentTable = AllocateZeroPool (FragmentCount * sizeof (EFI_TLS_FRAGMENT_DATA));
- if (FragmentTable == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- FragmentTable->FragmentLength = (UINT32) MessageSize;
- FragmentTable->FragmentBuffer = Message;
-
- //
- // Record the original FragmentTable.
- //
- OriginalFragmentTable = FragmentTable;
-
- //
- // Process the Message.
- //
- Status = HttpInstance->Tls->ProcessPacket (
- HttpInstance->Tls,
- &FragmentTable,
- &FragmentCount,
- ProcessMode
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- //
- // Calculate the size according to FragmentTable.
- //
- for (Index = 0; Index < FragmentCount; Index++) {
- BufferSize += FragmentTable[Index].FragmentLength;
- }
-
- //
- // Allocate buffer for processed data.
- //
- Buffer = AllocateZeroPool (BufferSize);
- if (Buffer == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Copy the new FragmentTable buffer into Buffer.
- //
- for (Index = 0; Index < FragmentCount; Index++) {
- CopyMem (
- (Buffer + BytesCopied),
- FragmentTable[Index].FragmentBuffer,
- FragmentTable[Index].FragmentLength
- );
- BytesCopied += FragmentTable[Index].FragmentLength;
-
- //
- // Free the FragmentBuffer since it has been copied.
- //
- FreePool (FragmentTable[Index].FragmentBuffer);
- }
-
- Fragment->Len = BufferSize;
- Fragment->Bulk = Buffer;
-
-ON_EXIT:
-
- if (OriginalFragmentTable != NULL) {
- FreePool (OriginalFragmentTable);
- OriginalFragmentTable = NULL;
- }
-
- //
- // Caller has the responsibility to free the FragmentTable.
- //
- if (FragmentTable != NULL) {
- FreePool (FragmentTable);
- FragmentTable = NULL;
- }
-
- return Status;
-}
-
-/**
- Receive one fragment decrypted from one TLS record.
-
- @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in, out] Fragment The received Fragment.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS One fragment is received.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED Something wrong decryption the message.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-HttpsReceive (
- IN HTTP_PROTOCOL *HttpInstance,
- IN OUT NET_FRAGMENT *Fragment,
- IN EFI_EVENT Timeout
- )
-{
- EFI_STATUS Status;
- NET_BUF *Pdu;
- TLS_RECORD_HEADER RecordHeader;
- UINT8 *BufferIn;
- UINTN BufferInSize;
- NET_FRAGMENT TempFragment;
- UINT8 *BufferOut;
- UINTN BufferOutSize;
- NET_BUF *PacketOut;
- UINT8 *DataOut;
- UINT8 *GetSessionDataBuffer;
- UINTN GetSessionDataBufferSize;
-
- Status = EFI_SUCCESS;
- Pdu = NULL;
- BufferIn = NULL;
- BufferInSize = 0;
- BufferOut = NULL;
- BufferOutSize = 0;
- PacketOut = NULL;
- DataOut = NULL;
- GetSessionDataBuffer = NULL;
- GetSessionDataBufferSize = 0;
-
- //
- // Receive only one TLS record
- //
- Status = TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- BufferInSize = Pdu->TotalSize;
- BufferIn = AllocateZeroPool (BufferInSize);
- if (BufferIn == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- NetbufFree (Pdu);
- return Status;
- }
-
- NetbufCopy (Pdu, 0, (UINT32) BufferInSize, BufferIn);
-
- NetbufFree (Pdu);
-
- //
- // Handle Receive data.
- //
- RecordHeader = *(TLS_RECORD_HEADER *) BufferIn;
-
- if ((RecordHeader.ContentType == TlsContentTypeApplicationData) &&
- (RecordHeader.Version.Major == 0x03) &&
- (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
- RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||
- RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
- ) {
- //
- // Decrypt Packet.
- //
- Status = TlsProcessMessage (
- HttpInstance,
- BufferIn,
- BufferInSize,
- EfiTlsDecrypt,
- &TempFragment
- );
-
- FreePool (BufferIn);
-
- if (EFI_ERROR (Status)) {
- if (Status == EFI_ABORTED) {
- //
- // Something wrong decryption the message.
- // BuildResponsePacket() will be called to generate Error Alert message and send it out.
- //
- BufferOutSize = DEF_BUF_LEN;
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- NULL,
- 0,
- BufferOut,
- &BufferOutSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (BufferOut);
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- NULL,
- 0,
- BufferOut,
- &BufferOutSize
- );
- }
- if (EFI_ERROR (Status)) {
- FreePool(BufferOut);
- return Status;
- }
-
- if (BufferOutSize != 0) {
- PacketOut = NetbufAlloc ((UINT32)BufferOutSize);
- DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
- if (DataOut == NULL) {
- FreePool (BufferOut);
- return EFI_OUT_OF_RESOURCES;
- }
-
- CopyMem (DataOut, BufferOut, BufferOutSize);
-
- Status = TlsCommonTransmit (HttpInstance, PacketOut);
-
- NetbufFree (PacketOut);
- }
-
- FreePool(BufferOut);
-
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- return EFI_ABORTED;
- }
-
- return Status;
- }
-
- //
- // Parsing buffer.
- //
- ASSERT (((TLS_RECORD_HEADER *) (TempFragment.Bulk))->ContentType == TlsContentTypeApplicationData);
-
- BufferInSize = ((TLS_RECORD_HEADER *) (TempFragment.Bulk))->Length;
- BufferIn = AllocateZeroPool (BufferInSize);
- if (BufferIn == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER), BufferInSize);
-
- //
- // Free the buffer in TempFragment.
- //
- FreePool (TempFragment.Bulk);
-
- } else if ((RecordHeader.ContentType == TlsContentTypeAlert) &&
- (RecordHeader.Version.Major == 0x03) &&
- (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
- RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||
- RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
- ) {
- BufferOutSize = DEF_BUF_LEN;
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- FreePool (BufferIn);
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- BufferIn,
- BufferInSize,
- BufferOut,
- &BufferOutSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (BufferOut);
- BufferOut = AllocateZeroPool (BufferOutSize);
- if (BufferOut == NULL) {
- FreePool (BufferIn);
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->BuildResponsePacket (
- HttpInstance->Tls,
- BufferIn,
- BufferInSize,
- BufferOut,
- &BufferOutSize
- );
- }
-
- FreePool (BufferIn);
-
- if (EFI_ERROR (Status)) {
- FreePool (BufferOut);
- return Status;
- }
-
- if (BufferOutSize != 0) {
- PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
- DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
- if (DataOut == NULL) {
- FreePool (BufferOut);
- return EFI_OUT_OF_RESOURCES;
- }
-
- CopyMem (DataOut, BufferOut, BufferOutSize);
-
- Status = TlsCommonTransmit (HttpInstance, PacketOut);
-
- NetbufFree (PacketOut);
- }
-
- FreePool (BufferOut);
-
- //
- // Get the session state.
- //
- GetSessionDataBufferSize = DEF_BUF_LEN;
- GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
- if (GetSessionDataBuffer == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->GetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- GetSessionDataBuffer,
- &GetSessionDataBufferSize
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- FreePool (GetSessionDataBuffer);
- GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
- if (GetSessionDataBuffer == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- return Status;
- }
-
- Status = HttpInstance->Tls->GetSessionData (
- HttpInstance->Tls,
- EfiTlsSessionState,
- GetSessionDataBuffer,
- &GetSessionDataBufferSize
- );
- }
- if (EFI_ERROR (Status)) {
- FreePool (GetSessionDataBuffer);
- return Status;
- }
-
- ASSERT(GetSessionDataBufferSize == sizeof (EFI_TLS_SESSION_STATE));
- HttpInstance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) GetSessionDataBuffer;
-
- FreePool (GetSessionDataBuffer);
-
- if(HttpInstance->TlsSessionState == EfiTlsSessionError) {
- DEBUG ((EFI_D_ERROR, "TLS Session State Error!\n"));
- return EFI_ABORTED;
- }
-
- BufferIn = NULL;
- BufferInSize = 0;
- }
-
- Fragment->Bulk = BufferIn;
- Fragment->Len = (UINT32) BufferInSize;
-
- return Status;
-}
+/** @file
+ Miscellaneous routines specific to Https for HttpDxe driver.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "HttpDriver.h"
+
+/**
+ Returns the first occurrence of a Null-terminated ASCII sub-string in a Null-terminated
+ ASCII string and ignore case during the search process.
+
+ This function scans the contents of the ASCII string specified by String
+ and returns the first occurrence of SearchString and ignore case during the search process.
+ If SearchString is not found in String, then NULL is returned. If the length of SearchString
+ is zero, then String is returned.
+
+ If String is NULL, then ASSERT().
+ If SearchString is NULL, then ASSERT().
+
+ @param[in] String A pointer to a Null-terminated ASCII string.
+ @param[in] SearchString A pointer to a Null-terminated ASCII string to search for.
+
+ @retval NULL If the SearchString does not appear in String.
+ @retval others If there is a match return the first occurrence of SearchingString.
+ If the length of SearchString is zero,return String.
+
+**/
+CHAR8 *
+AsciiStrCaseStr (
+ IN CONST CHAR8 *String,
+ IN CONST CHAR8 *SearchString
+ )
+{
+ CONST CHAR8 *FirstMatch;
+ CONST CHAR8 *SearchStringTmp;
+
+ CHAR8 Src;
+ CHAR8 Dst;
+
+ //
+ // ASSERT both strings are less long than PcdMaximumAsciiStringLength
+ //
+ ASSERT (AsciiStrSize (String) != 0);
+ ASSERT (AsciiStrSize (SearchString) != 0);
+
+ if (*SearchString == '\0') {
+ return (CHAR8 *) String;
+ }
+
+ while (*String != '\0') {
+ SearchStringTmp = SearchString;
+ FirstMatch = String;
+
+ while ((*SearchStringTmp != '\0')
+ && (*String != '\0')) {
+ Src = *String;
+ Dst = *SearchStringTmp;
+
+ if ((Src >= 'A') && (Src <= 'Z')) {
+ Src -= ('A' - 'a');
+ }
+
+ if ((Dst >= 'A') && (Dst <= 'Z')) {
+ Dst -= ('A' - 'a');
+ }
+
+ if (Src != Dst) {
+ break;
+ }
+
+ String++;
+ SearchStringTmp++;
+ }
+
+ if (*SearchStringTmp == '\0') {
+ return (CHAR8 *) FirstMatch;
+ }
+
+ String = FirstMatch + 1;
+ }
+
+ return NULL;
+}
+
+/**
+ The callback function to free the net buffer list.
+
+ @param[in] Arg The opaque parameter.
+
+**/
+VOID
+EFIAPI
+FreeNbufList (
+ IN VOID *Arg
+ )
+{
+ ASSERT (Arg != NULL);
+
+ NetbufFreeList ((LIST_ENTRY *) Arg);
+ FreePool (Arg);
+}
+
+/**
+ Check whether the Url is from Https.
+
+ @param[in] Url The pointer to a HTTP or HTTPS URL string.
+
+ @retval TRUE The Url is from HTTPS.
+ @retval FALSE The Url is from HTTP.
+
+**/
+BOOLEAN
+IsHttpsUrl (
+ IN CHAR8 *Url
+ )
+{
+ CHAR8 *Tmp;
+
+ Tmp = NULL;
+
+ Tmp = AsciiStrCaseStr (Url, HTTPS_FLAG);
+ if (Tmp != NULL && Tmp == Url) {
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+/**
+ Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+
+ @param[in] ImageHandle The firmware allocated handle for the UEFI image.
+ @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+
+ @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+
+**/
+EFI_HANDLE
+EFIAPI
+TlsCreateChild (
+ IN EFI_HANDLE ImageHandle,
+ OUT EFI_TLS_PROTOCOL **TlsProto,
+ OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
+ )
+{
+ EFI_STATUS Status;
+ EFI_SERVICE_BINDING_PROTOCOL *TlsSb;
+ EFI_HANDLE TlsChildHandle;
+
+ TlsSb = NULL;
+ TlsChildHandle = 0;
+
+ //
+ // Locate TlsServiceBinding protocol.
+ //
+ gBS->LocateProtocol (
+ &gEfiTlsServiceBindingProtocolGuid,
+ NULL,
+ (VOID **) &TlsSb
+ );
+ if (TlsSb == NULL) {
+ return NULL;
+ }
+
+ Status = TlsSb->CreateChild (TlsSb, &TlsChildHandle);
+ if (EFI_ERROR (Status)) {
+ return NULL;
+ }
+
+ Status = gBS->OpenProtocol (
+ TlsChildHandle,
+ &gEfiTlsProtocolGuid,
+ (VOID **) TlsProto,
+ ImageHandle,
+ TlsChildHandle,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL
+ );
+ if (EFI_ERROR (Status)) {
+ TlsSb->DestroyChild (TlsSb, TlsChildHandle);
+ return NULL;
+ }
+
+ Status = gBS->OpenProtocol (
+ TlsChildHandle,
+ &gEfiTlsConfigurationProtocolGuid,
+ (VOID **) TlsConfiguration,
+ ImageHandle,
+ TlsChildHandle,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL
+ );
+ if (EFI_ERROR (Status)) {
+ TlsSb->DestroyChild (TlsSb, TlsChildHandle);
+ return NULL;
+ }
+
+ return TlsChildHandle;
+}
+
+/**
+ Create event for the TLS receive and transmit tokens which are used to receive and
+ transmit TLS related messages.
+
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
+
+ @retval EFI_SUCCESS The events are created successfully.
+ @retval others Other error as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsCreateTxRxEvent (
+ IN OUT HTTP_PROTOCOL *HttpInstance
+ )
+{
+ EFI_STATUS Status;
+
+ if (!HttpInstance->LocalAddressIsIPv6) {
+ //
+ // For Tcp4TlsTxToken.
+ //
+ Status = gBS->CreateEvent (
+ EVT_NOTIFY_SIGNAL,
+ TPL_NOTIFY,
+ HttpCommonNotify,
+ &HttpInstance->TlsIsTxDone,
+ &HttpInstance->Tcp4TlsTxToken.CompletionToken.Event
+ );
+ if (EFI_ERROR (Status)) {
+ goto ERROR;
+ }
+
+ HttpInstance->Tcp4TlsTxData.Push = TRUE;
+ HttpInstance->Tcp4TlsTxData.Urgent = FALSE;
+ HttpInstance->Tcp4TlsTxData.DataLength = 0;
+ HttpInstance->Tcp4TlsTxData.FragmentCount = 1;
+ HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp4TlsTxData.DataLength;
+ HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentBuffer = NULL;
+ HttpInstance->Tcp4TlsTxToken.Packet.TxData = &HttpInstance->Tcp4TlsTxData;
+ HttpInstance->Tcp4TlsTxToken.CompletionToken.Status = EFI_NOT_READY;
+
+ //
+ // For Tcp4TlsRxToken.
+ //
+ Status = gBS->CreateEvent (
+ EVT_NOTIFY_SIGNAL,
+ TPL_NOTIFY,
+ HttpCommonNotify,
+ &HttpInstance->TlsIsRxDone,
+ &HttpInstance->Tcp4TlsRxToken.CompletionToken.Event
+ );
+ if (EFI_ERROR (Status)) {
+ goto ERROR;
+ }
+
+ HttpInstance->Tcp4TlsRxData.DataLength = 0;
+ HttpInstance->Tcp4TlsRxData.FragmentCount = 1;
+ HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp4TlsRxData.DataLength ;
+ HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentBuffer = NULL;
+ HttpInstance->Tcp4TlsRxToken.Packet.RxData = &HttpInstance->Tcp4TlsRxData;
+ HttpInstance->Tcp4TlsRxToken.CompletionToken.Status = EFI_NOT_READY;
+ } else {
+ //
+ // For Tcp6TlsTxToken.
+ //
+ Status = gBS->CreateEvent (
+ EVT_NOTIFY_SIGNAL,
+ TPL_NOTIFY,
+ HttpCommonNotify,
+ &HttpInstance->TlsIsTxDone,
+ &HttpInstance->Tcp6TlsTxToken.CompletionToken.Event
+ );
+ if (EFI_ERROR (Status)) {
+ goto ERROR;
+ }
+
+ HttpInstance->Tcp6TlsTxData.Push = TRUE;
+ HttpInstance->Tcp6TlsTxData.Urgent = FALSE;
+ HttpInstance->Tcp6TlsTxData.DataLength = 0;
+ HttpInstance->Tcp6TlsTxData.FragmentCount = 1;
+ HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp6TlsTxData.DataLength;
+ HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentBuffer = NULL;
+ HttpInstance->Tcp6TlsTxToken.Packet.TxData = &HttpInstance->Tcp6TlsTxData;
+ HttpInstance->Tcp6TlsTxToken.CompletionToken.Status = EFI_NOT_READY;
+
+ //
+ // For Tcp6TlsRxToken.
+ //
+ Status = gBS->CreateEvent (
+ EVT_NOTIFY_SIGNAL,
+ TPL_NOTIFY,
+ HttpCommonNotify,
+ &HttpInstance->TlsIsRxDone,
+ &HttpInstance->Tcp6TlsRxToken.CompletionToken.Event
+ );
+ if (EFI_ERROR (Status)) {
+ goto ERROR;
+ }
+
+ HttpInstance->Tcp6TlsRxData.DataLength = 0;
+ HttpInstance->Tcp6TlsRxData.FragmentCount = 1;
+ HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentLength = HttpInstance->Tcp6TlsRxData.DataLength ;
+ HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentBuffer = NULL;
+ HttpInstance->Tcp6TlsRxToken.Packet.RxData = &HttpInstance->Tcp6TlsRxData;
+ HttpInstance->Tcp6TlsRxToken.CompletionToken.Status = EFI_NOT_READY;
+ }
+
+ return Status;
+
+ERROR:
+ //
+ // Error handling
+ //
+ TlsCloseTxRxEvent (HttpInstance);
+
+ return Status;
+}
+
+/**
+ Close events in the TlsTxToken and TlsRxToken.
+
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
+
+**/
+VOID
+EFIAPI
+TlsCloseTxRxEvent (
+ IN HTTP_PROTOCOL *HttpInstance
+ )
+{
+ ASSERT (HttpInstance != NULL);
+ if (!HttpInstance->LocalAddressIsIPv6) {
+ if (NULL != HttpInstance->Tcp4TlsTxToken.CompletionToken.Event) {
+ gBS->CloseEvent(HttpInstance->Tcp4TlsTxToken.CompletionToken.Event);
+ HttpInstance->Tcp4TlsTxToken.CompletionToken.Event = NULL;
+ }
+
+ if (NULL != HttpInstance->Tcp4TlsRxToken.CompletionToken.Event) {
+ gBS->CloseEvent (HttpInstance->Tcp4TlsRxToken.CompletionToken.Event);
+ HttpInstance->Tcp4TlsRxToken.CompletionToken.Event = NULL;
+ }
+ } else {
+ if (NULL != HttpInstance->Tcp6TlsTxToken.CompletionToken.Event) {
+ gBS->CloseEvent(HttpInstance->Tcp6TlsTxToken.CompletionToken.Event);
+ HttpInstance->Tcp6TlsTxToken.CompletionToken.Event = NULL;
+ }
+
+ if (NULL != HttpInstance->Tcp6TlsRxToken.CompletionToken.Event) {
+ gBS->CloseEvent (HttpInstance->Tcp6TlsRxToken.CompletionToken.Event);
+ HttpInstance->Tcp6TlsRxToken.CompletionToken.Event = NULL;
+ }
+ }
+}
+
+/**
+ Read the TlsCaCertificate variable and configure it.
+
+ @param[in, out] HttpInstance The HTTP instance private data.
+
+ @retval EFI_SUCCESS TlsCaCertificate is configured.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_NOT_FOUND Fail to get 'TlsCaCertificate' variable.
+ @retval Others Other error as indicated.
+
+**/
+EFI_STATUS
+TlsConfigCertificate (
+ IN OUT HTTP_PROTOCOL *HttpInstance
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *CACert;
+ UINTN CACertSize;
+ UINT32 Index;
+ EFI_SIGNATURE_LIST *CertList;
+ EFI_SIGNATURE_DATA *Cert;
+ UINTN CertCount;
+ UINT32 ItemDataSize;
+
+ CACert = NULL;
+ CACertSize = 0;
+
+ //
+ // Try to read the TlsCaCertificate variable.
+ //
+ Status = gRT->GetVariable (
+ EFI_TLS_CA_CERTIFICATE_VARIABLE,
+ &gEfiTlsCaCertificateGuid,
+ NULL,
+ &CACertSize,
+ NULL
+ );
+
+ if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
+ return Status;
+ }
+
+ //
+ // Allocate buffer and read the config variable.
+ //
+ CACert = AllocatePool (CACertSize);
+ if (CACert == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ Status = gRT->GetVariable (
+ EFI_TLS_CA_CERTIFICATE_VARIABLE,
+ &gEfiTlsCaCertificateGuid,
+ NULL,
+ &CACertSize,
+ CACert
+ );
+ if (EFI_ERROR (Status)) {
+ //
+ // GetVariable still error or the variable is corrupted.
+ // Fall back to the default value.
+ //
+ FreePool (CACert);
+
+ return EFI_NOT_FOUND;
+ }
+
+ ASSERT (CACert != NULL);
+
+ //
+ // Enumerate all data and erasing the target item.
+ //
+ ItemDataSize = (UINT32) CACertSize;
+ CertList = (EFI_SIGNATURE_LIST *) CACert;
+ while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ for (Index = 0; Index < CertCount; Index++) {
+ //
+ // EfiTlsConfigDataTypeCACertificate
+ //
+ Status = HttpInstance->TlsConfiguration->SetData (
+ HttpInstance->TlsConfiguration,
+ EfiTlsConfigDataTypeCACertificate,
+ Cert->SignatureData,
+ CertList->SignatureSize - sizeof (Cert->SignatureOwner)
+ );
+ if (EFI_ERROR (Status)) {
+ FreePool (CACert);
+ return Status;
+ }
+
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
+ }
+
+ ItemDataSize -= CertList->SignatureListSize;
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ }
+
+ FreePool (CACert);
+ return Status;
+}
+
+/**
+ Configure TLS session data.
+
+ @param[in, out] HttpInstance The HTTP instance private data.
+
+ @retval EFI_SUCCESS TLS session data is configured.
+ @retval Others Other error as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsConfigureSession (
+ IN OUT HTTP_PROTOCOL *HttpInstance
+ )
+{
+ EFI_STATUS Status;
+
+ //
+ // TlsConfigData initialization
+ //
+ HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
+ HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
+ HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
+
+ //
+ // EfiTlsConnectionEnd,
+ // EfiTlsVerifyMethod
+ // EfiTlsSessionState
+ //
+ Status = HttpInstance->Tls->SetSessionData (
+ HttpInstance->Tls,
+ EfiTlsConnectionEnd,
+ &(HttpInstance->TlsConfigData.ConnectionEnd),
+ sizeof (EFI_TLS_CONNECTION_END)
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->SetSessionData (
+ HttpInstance->Tls,
+ EfiTlsVerifyMethod,
+ &HttpInstance->TlsConfigData.VerifyMethod,
+ sizeof (EFI_TLS_VERIFY)
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->SetSessionData (
+ HttpInstance->Tls,
+ EfiTlsSessionState,
+ &(HttpInstance->TlsConfigData.SessionState),
+ sizeof (EFI_TLS_SESSION_STATE)
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Tls Config Certificate
+ //
+ Status = TlsConfigCertificate (HttpInstance);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "TLS Certificate Config Error!\n"));
+ return Status;
+ }
+
+ //
+ // TlsCreateTxRxEvent
+ //
+ Status = TlsCreateTxRxEvent (HttpInstance);
+ if (EFI_ERROR (Status)) {
+ goto ERROR;
+ }
+
+ return Status;
+
+ERROR:
+ TlsCloseTxRxEvent (HttpInstance);
+
+ return Status;
+}
+
+/**
+ Transmit the Packet by processing the associated HTTPS token.
+
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
+ @param[in] Packet The packet to transmit.
+
+ @retval EFI_SUCCESS The packet is transmitted.
+ @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_DEVICE_ERROR An unexpected system or network error occurred.
+ @retval Others Other errors as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsCommonTransmit (
+ IN OUT HTTP_PROTOCOL *HttpInstance,
+ IN NET_BUF *Packet
+ )
+{
+ EFI_STATUS Status;
+ VOID *Data;
+ UINTN Size;
+
+ if ((HttpInstance == NULL) || (Packet == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (!HttpInstance->LocalAddressIsIPv6) {
+ Size = sizeof (EFI_TCP4_TRANSMIT_DATA) +
+ (Packet->BlockOpNum - 1) * sizeof (EFI_TCP4_FRAGMENT_DATA);
+ } else {
+ Size = sizeof (EFI_TCP6_TRANSMIT_DATA) +
+ (Packet->BlockOpNum - 1) * sizeof (EFI_TCP6_FRAGMENT_DATA);
+ }
+
+ Data = AllocatePool (Size);
+ if (Data == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ if (!HttpInstance->LocalAddressIsIPv6) {
+ ((EFI_TCP4_TRANSMIT_DATA *) Data)->Push = TRUE;
+ ((EFI_TCP4_TRANSMIT_DATA *) Data)->Urgent = FALSE;
+ ((EFI_TCP4_TRANSMIT_DATA *) Data)->DataLength = Packet->TotalSize;
+
+ //
+ // Build the fragment table.
+ //
+ ((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount = Packet->BlockOpNum;
+
+ NetbufBuildExt (
+ Packet,
+ (NET_FRAGMENT *) &((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentTable[0],
+ &((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount
+ );
+
+ HttpInstance->Tcp4TlsTxToken.Packet.TxData = (EFI_TCP4_TRANSMIT_DATA *) Data;
+
+ Status = EFI_DEVICE_ERROR;
+
+ //
+ // Transmit the packet.
+ //
+ Status = HttpInstance->Tcp4->Transmit (HttpInstance->Tcp4, &HttpInstance->Tcp4TlsTxToken);
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ while (!HttpInstance->TlsIsTxDone) {
+ HttpInstance->Tcp4->Poll (HttpInstance->Tcp4);
+ }
+
+ HttpInstance->TlsIsTxDone = FALSE;
+ Status = HttpInstance->Tcp4TlsTxToken.CompletionToken.Status;
+ } else {
+ ((EFI_TCP6_TRANSMIT_DATA *) Data)->Push = TRUE;
+ ((EFI_TCP6_TRANSMIT_DATA *) Data)->Urgent = FALSE;
+ ((EFI_TCP6_TRANSMIT_DATA *) Data)->DataLength = Packet->TotalSize;
+
+ //
+ // Build the fragment table.
+ //
+ ((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount = Packet->BlockOpNum;
+
+ NetbufBuildExt (
+ Packet,
+ (NET_FRAGMENT *) &((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentTable[0],
+ &((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount
+ );
+
+ HttpInstance->Tcp6TlsTxToken.Packet.TxData = (EFI_TCP6_TRANSMIT_DATA *) Data;
+
+ Status = EFI_DEVICE_ERROR;
+
+ //
+ // Transmit the packet.
+ //
+ Status = HttpInstance->Tcp6->Transmit (HttpInstance->Tcp6, &HttpInstance->Tcp6TlsTxToken);
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ while (!HttpInstance->TlsIsTxDone) {
+ HttpInstance->Tcp6->Poll (HttpInstance->Tcp6);
+ }
+
+ HttpInstance->TlsIsTxDone = FALSE;
+ Status = HttpInstance->Tcp6TlsTxToken.CompletionToken.Status;
+ }
+
+ON_EXIT:
+ FreePool (Data);
+
+ return Status;
+}
+
+/**
+ Receive the Packet by processing the associated HTTPS token.
+
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
+ @param[in] Packet The packet to transmit.
+ @param[in] Timeout The time to wait for connection done.
+
+ @retval EFI_SUCCESS The Packet is received.
+ @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_TIMEOUT The operation is time out.
+ @retval Others Other error as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsCommonReceive (
+ IN OUT HTTP_PROTOCOL *HttpInstance,
+ IN NET_BUF *Packet,
+ IN EFI_EVENT Timeout
+ )
+{
+ EFI_TCP4_RECEIVE_DATA *Tcp4RxData;
+ EFI_TCP6_RECEIVE_DATA *Tcp6RxData;
+ EFI_STATUS Status;
+ NET_FRAGMENT *Fragment;
+ UINT32 FragmentCount;
+ UINT32 CurrentFragment;
+
+ Tcp4RxData = NULL;
+ Tcp6RxData = NULL;
+
+ if ((HttpInstance == NULL) || (Packet == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ FragmentCount = Packet->BlockOpNum;
+ Fragment = AllocatePool (FragmentCount * sizeof (NET_FRAGMENT));
+ if (Fragment == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ //
+ // Build the fragment table.
+ //
+ NetbufBuildExt (Packet, Fragment, &FragmentCount);
+
+ if (!HttpInstance->LocalAddressIsIPv6) {
+ Tcp4RxData = HttpInstance->Tcp4TlsRxToken.Packet.RxData;
+ if (Tcp4RxData == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+ Tcp4RxData->FragmentCount = 1;
+ } else {
+ Tcp6RxData = HttpInstance->Tcp6TlsRxToken.Packet.RxData;
+ if (Tcp6RxData == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+ Tcp6RxData->FragmentCount = 1;
+ }
+
+ CurrentFragment = 0;
+ Status = EFI_SUCCESS;
+
+ while (CurrentFragment < FragmentCount) {
+ if (!HttpInstance->LocalAddressIsIPv6) {
+ Tcp4RxData->DataLength = Fragment[CurrentFragment].Len;
+ Tcp4RxData->FragmentTable[0].FragmentLength = Fragment[CurrentFragment].Len;
+ Tcp4RxData->FragmentTable[0].FragmentBuffer = Fragment[CurrentFragment].Bulk;
+ Status = HttpInstance->Tcp4->Receive (HttpInstance->Tcp4, &HttpInstance->Tcp4TlsRxToken);
+ } else {
+ Tcp6RxData->DataLength = Fragment[CurrentFragment].Len;
+ Tcp6RxData->FragmentTable[0].FragmentLength = Fragment[CurrentFragment].Len;
+ Tcp6RxData->FragmentTable[0].FragmentBuffer = Fragment[CurrentFragment].Bulk;
+ Status = HttpInstance->Tcp6->Receive (HttpInstance->Tcp6, &HttpInstance->Tcp6TlsRxToken);
+ }
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ while (!HttpInstance->TlsIsRxDone && ((Timeout == NULL) || EFI_ERROR (gBS->CheckEvent (Timeout)))) {
+ //
+ // Poll until some data is received or an error occurs.
+ //
+ if (!HttpInstance->LocalAddressIsIPv6) {
+ HttpInstance->Tcp4->Poll (HttpInstance->Tcp4);
+ } else {
+ HttpInstance->Tcp6->Poll (HttpInstance->Tcp6);
+ }
+ }
+
+ if (!HttpInstance->TlsIsRxDone) {
+ //
+ // Timeout occurs, cancel the receive request.
+ //
+ if (!HttpInstance->LocalAddressIsIPv6) {
+ HttpInstance->Tcp4->Cancel (HttpInstance->Tcp4, &HttpInstance->Tcp4TlsRxToken.CompletionToken);
+ } else {
+ HttpInstance->Tcp6->Cancel (HttpInstance->Tcp6, &HttpInstance->Tcp6TlsRxToken.CompletionToken);
+ }
+
+ Status = EFI_TIMEOUT;
+ goto ON_EXIT;
+ } else {
+ HttpInstance->TlsIsRxDone = FALSE;
+ }
+
+ if (!HttpInstance->LocalAddressIsIPv6) {
+ Status = HttpInstance->Tcp4TlsRxToken.CompletionToken.Status;
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ Fragment[CurrentFragment].Len -= Tcp4RxData->FragmentTable[0].FragmentLength;
+ if (Fragment[CurrentFragment].Len == 0) {
+ CurrentFragment++;
+ } else {
+ Fragment[CurrentFragment].Bulk += Tcp4RxData->FragmentTable[0].FragmentLength;
+ }
+ } else {
+ Status = HttpInstance->Tcp6TlsRxToken.CompletionToken.Status;
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ Fragment[CurrentFragment].Len -= Tcp6RxData->FragmentTable[0].FragmentLength;
+ if (Fragment[CurrentFragment].Len == 0) {
+ CurrentFragment++;
+ } else {
+ Fragment[CurrentFragment].Bulk += Tcp6RxData->FragmentTable[0].FragmentLength;
+ }
+ }
+ }
+
+ON_EXIT:
+
+ if (Fragment != NULL) {
+ FreePool (Fragment);
+ }
+
+ return Status;
+}
+
+/**
+ Receive one TLS PDU. An TLS PDU contains an TLS record header and it's
+ corresponding record data. These two parts will be put into two blocks of buffers in the
+ net buffer.
+
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
+ @param[out] Pdu The received TLS PDU.
+ @param[in] Timeout The time to wait for connection done.
+
+ @retval EFI_SUCCESS An TLS PDU is received.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.
+ @retval Others Other errors as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsReceiveOnePdu (
+ IN OUT HTTP_PROTOCOL *HttpInstance,
+ OUT NET_BUF **Pdu,
+ IN EFI_EVENT Timeout
+ )
+{
+ EFI_STATUS Status;
+
+ LIST_ENTRY *NbufList;
+
+ UINT32 Len;
+
+ NET_BUF *PduHdr;
+ UINT8 *Header;
+ TLS_RECORD_HEADER RecordHeader;
+
+ NET_BUF *DataSeg;
+
+ NbufList = NULL;
+ PduHdr = NULL;
+ Header = NULL;
+ DataSeg = NULL;
+
+ NbufList = AllocatePool (sizeof (LIST_ENTRY));
+ if (NbufList == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ InitializeListHead (NbufList);
+
+ //
+ // Allocate buffer to receive one TLS header.
+ //
+ Len = sizeof (TLS_RECORD_HEADER);
+ PduHdr = NetbufAlloc (Len);
+ if (PduHdr == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ Header = NetbufAllocSpace (PduHdr, Len, NET_BUF_TAIL);
+ if (Header == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ //
+ // First step, receive one TLS header.
+ //
+ Status = TlsCommonReceive (HttpInstance, PduHdr, Timeout);
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ RecordHeader = *(TLS_RECORD_HEADER *) Header;
+ if ((RecordHeader.ContentType == TlsContentTypeHandshake ||
+ RecordHeader.ContentType == TlsContentTypeAlert ||
+ RecordHeader.ContentType == TlsContentTypeChangeCipherSpec ||
+ RecordHeader.ContentType == TlsContentTypeApplicationData) &&
+ (RecordHeader.Version.Major == 0x03) && /// Major versions are same.
+ (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
+ RecordHeader.Version.Minor ==TLS11_PROTOCOL_VERSION_MINOR ||
+ RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
+ ) {
+ InsertTailList (NbufList, &PduHdr->List);
+ } else {
+ Status = EFI_PROTOCOL_ERROR;
+ goto ON_EXIT;
+ }
+
+ Len = SwapBytes16(RecordHeader.Length);
+ if (Len == 0) {
+ //
+ // No TLS payload.
+ //
+ goto FORM_PDU;
+ }
+
+ //
+ // Allocate buffer to receive one TLS payload.
+ //
+ DataSeg = NetbufAlloc (Len);
+ if (DataSeg == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ NetbufAllocSpace (DataSeg, Len, NET_BUF_TAIL);
+
+ //
+ // Second step, receive one TLS payload.
+ //
+ Status = TlsCommonReceive (HttpInstance, DataSeg, Timeout);
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ InsertTailList (NbufList, &DataSeg->List);
+
+FORM_PDU:
+ //
+ // Form the PDU from a list of PDU.
+ //
+ *Pdu = NetbufFromBufList (NbufList, 0, 0, FreeNbufList, NbufList);
+ if (*Pdu == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ }
+
+ON_EXIT:
+
+ if (EFI_ERROR (Status)) {
+ //
+ // Free the Nbufs in this NbufList and the NbufList itself.
+ //
+ FreeNbufList (NbufList);
+ }
+
+ return Status;
+}
+
+/**
+ Connect one TLS session by finishing the TLS handshake process.
+
+ @param[in] HttpInstance The HTTP instance private data.
+ @param[in] Timeout The time to wait for connection done.
+
+ @retval EFI_SUCCESS The TLS session is established.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_ABORTED TLS session state is incorrect.
+ @retval Others Other error as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsConnectSession (
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN EFI_EVENT Timeout
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *BufferOut;
+ UINTN BufferOutSize;
+ NET_BUF *PacketOut;
+ UINT8 *DataOut;
+ NET_BUF *Pdu;
+ UINT8 *BufferIn;
+ UINTN BufferInSize;
+ UINT8 *GetSessionDataBuffer;
+ UINTN GetSessionDataBufferSize;
+
+ BufferOut = NULL;
+ PacketOut = NULL;
+ DataOut = NULL;
+ Pdu = NULL;
+ BufferIn = NULL;
+
+ //
+ // Initialize TLS state.
+ //
+ HttpInstance->TlsSessionState = EfiTlsSessionNotStarted;
+ Status = HttpInstance->Tls->SetSessionData (
+ HttpInstance->Tls,
+ EfiTlsSessionState,
+ &(HttpInstance->TlsSessionState),
+ sizeof (EFI_TLS_SESSION_STATE)
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Create ClientHello
+ //
+ BufferOutSize = DEF_BUF_LEN;
+ BufferOut = AllocateZeroPool (BufferOutSize);
+ if (BufferOut == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->BuildResponsePacket (
+ HttpInstance->Tls,
+ NULL,
+ 0,
+ BufferOut,
+ &BufferOutSize
+ );
+ if (Status == EFI_BUFFER_TOO_SMALL) {
+ FreePool (BufferOut);
+ BufferOut = AllocateZeroPool (BufferOutSize);
+ if (BufferOut == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->BuildResponsePacket (
+ HttpInstance->Tls,
+ NULL,
+ 0,
+ BufferOut,
+ &BufferOutSize
+ );
+ }
+ if (EFI_ERROR (Status)) {
+ FreePool (BufferOut);
+ return Status;
+ }
+
+ //
+ // Transmit ClientHello
+ //
+ PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
+ DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
+ if (DataOut == NULL) {
+ FreePool (BufferOut);
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ CopyMem (DataOut, BufferOut, BufferOutSize);
+ Status = TlsCommonTransmit (HttpInstance, PacketOut);
+
+ FreePool (BufferOut);
+ NetbufFree (PacketOut);
+
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ while(HttpInstance->TlsSessionState != EfiTlsSessionDataTransferring && \
+ ((Timeout == NULL) || EFI_ERROR (gBS->CheckEvent (Timeout)))) {
+ //
+ // Receive one TLS record.
+ //
+ Status = TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ BufferInSize = Pdu->TotalSize;
+ BufferIn = AllocateZeroPool (BufferInSize);
+ if (BufferIn == NULL) {
+ NetbufFree (Pdu);
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ NetbufCopy (Pdu, 0, (UINT32)BufferInSize, BufferIn);
+
+ NetbufFree (Pdu);
+
+ //
+ // Handle Receive data.
+ //
+ BufferOutSize = DEF_BUF_LEN;
+ BufferOut = AllocateZeroPool (BufferOutSize);
+ if (BufferOut == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->BuildResponsePacket (
+ HttpInstance->Tls,
+ BufferIn,
+ BufferInSize,
+ BufferOut,
+ &BufferOutSize
+ );
+ if (Status == EFI_BUFFER_TOO_SMALL) {
+ FreePool (BufferOut);
+ BufferOut = AllocateZeroPool (BufferOutSize);
+ if (BufferOut == NULL) {
+ FreePool (BufferIn);
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->BuildResponsePacket (
+ HttpInstance->Tls,
+ BufferIn,
+ BufferInSize,
+ BufferOut,
+ &BufferOutSize
+ );
+ }
+
+ FreePool (BufferIn);
+
+ if (EFI_ERROR (Status)) {
+ FreePool (BufferOut);
+ return Status;
+ }
+
+ if (BufferOutSize != 0) {
+ //
+ // Transmit the response packet.
+ //
+ PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
+ DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
+ if (DataOut == NULL) {
+ FreePool (BufferOut);
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ CopyMem (DataOut, BufferOut, BufferOutSize);
+
+ Status = TlsCommonTransmit (HttpInstance, PacketOut);
+
+ NetbufFree (PacketOut);
+
+ if (EFI_ERROR (Status)) {
+ FreePool (BufferOut);
+ return Status;
+ }
+ }
+
+ FreePool (BufferOut);
+
+ //
+ // Get the session state, then decide whether need to continue handle received packet.
+ //
+ GetSessionDataBufferSize = DEF_BUF_LEN;
+ GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
+ if (GetSessionDataBuffer == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->GetSessionData (
+ HttpInstance->Tls,
+ EfiTlsSessionState,
+ GetSessionDataBuffer,
+ &GetSessionDataBufferSize
+ );
+ if (Status == EFI_BUFFER_TOO_SMALL) {
+ FreePool (GetSessionDataBuffer);
+ GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
+ if (GetSessionDataBuffer == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->GetSessionData (
+ HttpInstance->Tls,
+ EfiTlsSessionState,
+ GetSessionDataBuffer,
+ &GetSessionDataBufferSize
+ );
+ }
+ if (EFI_ERROR (Status)) {
+ FreePool(GetSessionDataBuffer);
+ return Status;
+ }
+
+ ASSERT(GetSessionDataBufferSize == sizeof (EFI_TLS_SESSION_STATE));
+ HttpInstance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) GetSessionDataBuffer;
+
+ FreePool (GetSessionDataBuffer);
+
+ if(HttpInstance->TlsSessionState == EfiTlsSessionError) {
+ return EFI_ABORTED;
+ }
+ }
+
+ if (HttpInstance->TlsSessionState != EfiTlsSessionDataTransferring) {
+ Status = EFI_ABORTED;
+ }
+
+ return Status;
+}
+
+/**
+ Close the TLS session and send out the close notification message.
+
+ @param[in] HttpInstance The HTTP instance private data.
+
+ @retval EFI_SUCCESS The TLS session is closed.
+ @retval EFI_INVALID_PARAMETER HttpInstance is NULL.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval Others Other error as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsCloseSession (
+ IN HTTP_PROTOCOL *HttpInstance
+ )
+{
+ EFI_STATUS Status;
+
+ UINT8 *BufferOut;
+ UINTN BufferOutSize;
+
+ NET_BUF *PacketOut;
+ UINT8 *DataOut;
+
+ Status = EFI_SUCCESS;
+ BufferOut = NULL;
+ PacketOut = NULL;
+ DataOut = NULL;
+
+ if (HttpInstance == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ HttpInstance->TlsSessionState = EfiTlsSessionClosing;
+
+ Status = HttpInstance->Tls->SetSessionData (
+ HttpInstance->Tls,
+ EfiTlsSessionState,
+ &(HttpInstance->TlsSessionState),
+ sizeof (EFI_TLS_SESSION_STATE)
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ BufferOutSize = DEF_BUF_LEN;
+ BufferOut = AllocateZeroPool (BufferOutSize);
+ if (BufferOut == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->BuildResponsePacket (
+ HttpInstance->Tls,
+ NULL,
+ 0,
+ BufferOut,
+ &BufferOutSize
+ );
+ if (Status == EFI_BUFFER_TOO_SMALL) {
+ FreePool (BufferOut);
+ BufferOut = AllocateZeroPool (BufferOutSize);
+ if (BufferOut == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->BuildResponsePacket (
+ HttpInstance->Tls,
+ NULL,
+ 0,
+ BufferOut,
+ &BufferOutSize
+ );
+ }
+
+ if (EFI_ERROR (Status)) {
+ FreePool (BufferOut);
+ return Status;
+ }
+
+ PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
+ DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
+ if (DataOut == NULL) {
+ FreePool (BufferOut);
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ CopyMem (DataOut, BufferOut, BufferOutSize);
+
+ Status = TlsCommonTransmit (HttpInstance, PacketOut);
+
+ FreePool (BufferOut);
+ NetbufFree (PacketOut);
+
+ return Status;
+}
+
+/**
+ Process one message according to the CryptMode.
+
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
+ @param[in] Message Pointer to the message buffer needed to processed.
+ @param[in] MessageSize Pointer to the message buffer size.
+ @param[in] ProcessMode Process mode.
+ @param[in, out] Fragment Only one Fragment returned after the Message is
+ processed successfully.
+
+ @retval EFI_SUCCESS Message is processed successfully.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval Others Other errors as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsProcessMessage (
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN UINT8 *Message,
+ IN UINTN MessageSize,
+ IN EFI_TLS_CRYPT_MODE ProcessMode,
+ IN OUT NET_FRAGMENT *Fragment
+ )
+{
+ EFI_STATUS Status;
+ UINT8 *Buffer;
+ UINT32 BufferSize;
+ UINT32 BytesCopied;
+ EFI_TLS_FRAGMENT_DATA *FragmentTable;
+ UINT32 FragmentCount;
+ EFI_TLS_FRAGMENT_DATA *OriginalFragmentTable;
+ UINTN Index;
+
+ Status = EFI_SUCCESS;
+ Buffer = NULL;
+ BufferSize = 0;
+ BytesCopied = 0;
+ FragmentTable = NULL;
+ OriginalFragmentTable = NULL;
+
+ //
+ // Rebuild fragment table from BufferIn.
+ //
+ FragmentCount = 1;
+ FragmentTable = AllocateZeroPool (FragmentCount * sizeof (EFI_TLS_FRAGMENT_DATA));
+ if (FragmentTable == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ FragmentTable->FragmentLength = (UINT32) MessageSize;
+ FragmentTable->FragmentBuffer = Message;
+
+ //
+ // Record the original FragmentTable.
+ //
+ OriginalFragmentTable = FragmentTable;
+
+ //
+ // Process the Message.
+ //
+ Status = HttpInstance->Tls->ProcessPacket (
+ HttpInstance->Tls,
+ &FragmentTable,
+ &FragmentCount,
+ ProcessMode
+ );
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ //
+ // Calculate the size according to FragmentTable.
+ //
+ for (Index = 0; Index < FragmentCount; Index++) {
+ BufferSize += FragmentTable[Index].FragmentLength;
+ }
+
+ //
+ // Allocate buffer for processed data.
+ //
+ Buffer = AllocateZeroPool (BufferSize);
+ if (Buffer == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ //
+ // Copy the new FragmentTable buffer into Buffer.
+ //
+ for (Index = 0; Index < FragmentCount; Index++) {
+ CopyMem (
+ (Buffer + BytesCopied),
+ FragmentTable[Index].FragmentBuffer,
+ FragmentTable[Index].FragmentLength
+ );
+ BytesCopied += FragmentTable[Index].FragmentLength;
+
+ //
+ // Free the FragmentBuffer since it has been copied.
+ //
+ FreePool (FragmentTable[Index].FragmentBuffer);
+ }
+
+ Fragment->Len = BufferSize;
+ Fragment->Bulk = Buffer;
+
+ON_EXIT:
+
+ if (OriginalFragmentTable != NULL) {
+ FreePool (OriginalFragmentTable);
+ OriginalFragmentTable = NULL;
+ }
+
+ //
+ // Caller has the responsibility to free the FragmentTable.
+ //
+ if (FragmentTable != NULL) {
+ FreePool (FragmentTable);
+ FragmentTable = NULL;
+ }
+
+ return Status;
+}
+
+/**
+ Receive one fragment decrypted from one TLS record.
+
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
+ @param[in, out] Fragment The received Fragment.
+ @param[in] Timeout The time to wait for connection done.
+
+ @retval EFI_SUCCESS One fragment is received.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_ABORTED Something wrong decryption the message.
+ @retval Others Other errors as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+HttpsReceive (
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN OUT NET_FRAGMENT *Fragment,
+ IN EFI_EVENT Timeout
+ )
+{
+ EFI_STATUS Status;
+ NET_BUF *Pdu;
+ TLS_RECORD_HEADER RecordHeader;
+ UINT8 *BufferIn;
+ UINTN BufferInSize;
+ NET_FRAGMENT TempFragment;
+ UINT8 *BufferOut;
+ UINTN BufferOutSize;
+ NET_BUF *PacketOut;
+ UINT8 *DataOut;
+ UINT8 *GetSessionDataBuffer;
+ UINTN GetSessionDataBufferSize;
+
+ Status = EFI_SUCCESS;
+ Pdu = NULL;
+ BufferIn = NULL;
+ BufferInSize = 0;
+ BufferOut = NULL;
+ BufferOutSize = 0;
+ PacketOut = NULL;
+ DataOut = NULL;
+ GetSessionDataBuffer = NULL;
+ GetSessionDataBufferSize = 0;
+
+ //
+ // Receive only one TLS record
+ //
+ Status = TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ BufferInSize = Pdu->TotalSize;
+ BufferIn = AllocateZeroPool (BufferInSize);
+ if (BufferIn == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ NetbufFree (Pdu);
+ return Status;
+ }
+
+ NetbufCopy (Pdu, 0, (UINT32) BufferInSize, BufferIn);
+
+ NetbufFree (Pdu);
+
+ //
+ // Handle Receive data.
+ //
+ RecordHeader = *(TLS_RECORD_HEADER *) BufferIn;
+
+ if ((RecordHeader.ContentType == TlsContentTypeApplicationData) &&
+ (RecordHeader.Version.Major == 0x03) &&
+ (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
+ RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||
+ RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
+ ) {
+ //
+ // Decrypt Packet.
+ //
+ Status = TlsProcessMessage (
+ HttpInstance,
+ BufferIn,
+ BufferInSize,
+ EfiTlsDecrypt,
+ &TempFragment
+ );
+
+ FreePool (BufferIn);
+
+ if (EFI_ERROR (Status)) {
+ if (Status == EFI_ABORTED) {
+ //
+ // Something wrong decryption the message.
+ // BuildResponsePacket() will be called to generate Error Alert message and send it out.
+ //
+ BufferOutSize = DEF_BUF_LEN;
+ BufferOut = AllocateZeroPool (BufferOutSize);
+ if (BufferOut == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->BuildResponsePacket (
+ HttpInstance->Tls,
+ NULL,
+ 0,
+ BufferOut,
+ &BufferOutSize
+ );
+ if (Status == EFI_BUFFER_TOO_SMALL) {
+ FreePool (BufferOut);
+ BufferOut = AllocateZeroPool (BufferOutSize);
+ if (BufferOut == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->BuildResponsePacket (
+ HttpInstance->Tls,
+ NULL,
+ 0,
+ BufferOut,
+ &BufferOutSize
+ );
+ }
+ if (EFI_ERROR (Status)) {
+ FreePool(BufferOut);
+ return Status;
+ }
+
+ if (BufferOutSize != 0) {
+ PacketOut = NetbufAlloc ((UINT32)BufferOutSize);
+ DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
+ if (DataOut == NULL) {
+ FreePool (BufferOut);
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ CopyMem (DataOut, BufferOut, BufferOutSize);
+
+ Status = TlsCommonTransmit (HttpInstance, PacketOut);
+
+ NetbufFree (PacketOut);
+ }
+
+ FreePool(BufferOut);
+
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ return EFI_ABORTED;
+ }
+
+ return Status;
+ }
+
+ //
+ // Parsing buffer.
+ //
+ ASSERT (((TLS_RECORD_HEADER *) (TempFragment.Bulk))->ContentType == TlsContentTypeApplicationData);
+
+ BufferInSize = ((TLS_RECORD_HEADER *) (TempFragment.Bulk))->Length;
+ BufferIn = AllocateZeroPool (BufferInSize);
+ if (BufferIn == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER), BufferInSize);
+
+ //
+ // Free the buffer in TempFragment.
+ //
+ FreePool (TempFragment.Bulk);
+
+ } else if ((RecordHeader.ContentType == TlsContentTypeAlert) &&
+ (RecordHeader.Version.Major == 0x03) &&
+ (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
+ RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||
+ RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
+ ) {
+ BufferOutSize = DEF_BUF_LEN;
+ BufferOut = AllocateZeroPool (BufferOutSize);
+ if (BufferOut == NULL) {
+ FreePool (BufferIn);
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->BuildResponsePacket (
+ HttpInstance->Tls,
+ BufferIn,
+ BufferInSize,
+ BufferOut,
+ &BufferOutSize
+ );
+ if (Status == EFI_BUFFER_TOO_SMALL) {
+ FreePool (BufferOut);
+ BufferOut = AllocateZeroPool (BufferOutSize);
+ if (BufferOut == NULL) {
+ FreePool (BufferIn);
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->BuildResponsePacket (
+ HttpInstance->Tls,
+ BufferIn,
+ BufferInSize,
+ BufferOut,
+ &BufferOutSize
+ );
+ }
+
+ FreePool (BufferIn);
+
+ if (EFI_ERROR (Status)) {
+ FreePool (BufferOut);
+ return Status;
+ }
+
+ if (BufferOutSize != 0) {
+ PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
+ DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize, NET_BUF_TAIL);
+ if (DataOut == NULL) {
+ FreePool (BufferOut);
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ CopyMem (DataOut, BufferOut, BufferOutSize);
+
+ Status = TlsCommonTransmit (HttpInstance, PacketOut);
+
+ NetbufFree (PacketOut);
+ }
+
+ FreePool (BufferOut);
+
+ //
+ // Get the session state.
+ //
+ GetSessionDataBufferSize = DEF_BUF_LEN;
+ GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
+ if (GetSessionDataBuffer == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->GetSessionData (
+ HttpInstance->Tls,
+ EfiTlsSessionState,
+ GetSessionDataBuffer,
+ &GetSessionDataBufferSize
+ );
+ if (Status == EFI_BUFFER_TOO_SMALL) {
+ FreePool (GetSessionDataBuffer);
+ GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
+ if (GetSessionDataBuffer == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->GetSessionData (
+ HttpInstance->Tls,
+ EfiTlsSessionState,
+ GetSessionDataBuffer,
+ &GetSessionDataBufferSize
+ );
+ }
+ if (EFI_ERROR (Status)) {
+ FreePool (GetSessionDataBuffer);
+ return Status;
+ }
+
+ ASSERT(GetSessionDataBufferSize == sizeof (EFI_TLS_SESSION_STATE));
+ HttpInstance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) GetSessionDataBuffer;
+
+ FreePool (GetSessionDataBuffer);
+
+ if(HttpInstance->TlsSessionState == EfiTlsSessionError) {
+ DEBUG ((EFI_D_ERROR, "TLS Session State Error!\n"));
+ return EFI_ABORTED;
+ }
+
+ BufferIn = NULL;
+ BufferInSize = 0;
+ }
+
+ Fragment->Bulk = BufferIn;
+ Fragment->Len = (UINT32) BufferInSize;
+
+ return Status;
+}
+
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h b/NetworkPkg/HttpDxe/HttpsSupport.h
index fcb3aa05c1..68a6073ceb 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.h
+++ b/NetworkPkg/HttpDxe/HttpsSupport.h
@@ -1,260 +1,261 @@
-/** @file
- The header files of miscellaneous routines specific to Https for HttpDxe driver.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __EFI_HTTPS_SUPPORT_H__
-#define __EFI_HTTPS_SUPPORT_H__
-
-#define HTTPS_DEFAULT_PORT 443
-
-#define HTTPS_FLAG "https://"
-
-/**
- Check whether the Url is from Https.
-
- @param[in] Url The pointer to a HTTP or HTTPS URL string.
-
- @retval TRUE The Url is from HTTPS.
- @retval FALSE The Url is from HTTP.
-
-**/
-BOOLEAN
-IsHttpsUrl (
- IN CHAR8 *Url
- );
-
-/**
- Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
-
- @param[in] ImageHandle The firmware allocated handle for the UEFI image.
- @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
- @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
-
- @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
-
-**/
-EFI_HANDLE
-EFIAPI
-TlsCreateChild (
- IN EFI_HANDLE ImageHandle,
- OUT EFI_TLS_PROTOCOL **TlsProto,
- OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
- );
-
-/**
- Create event for the TLS receive and transmit tokens which are used to receive and
- transmit TLS related messages.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
-
- @retval EFI_SUCCESS The events are created successfully.
- @retval others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCreateTxRxEvent (
- IN OUT HTTP_PROTOCOL *HttpInstance
- );
-
-/**
- Close events in the TlsTxToken and TlsRxToken.
-
- @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
-
-**/
-VOID
-EFIAPI
-TlsCloseTxRxEvent (
- IN HTTP_PROTOCOL *HttpInstance
- );
-
-/**
- Read the TlsCaCertificate variable and configure it.
-
- @param[in, out] HttpInstance The HTTP instance private data.
-
- @retval EFI_SUCCESS TlsCaCertificate is configured.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_NOT_FOUND Fail to get "TlsCaCertificate" variable.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-TlsConfigCertificate (
- IN OUT HTTP_PROTOCOL *HttpInstance
- );
-
-/**
- Configure TLS session data.
-
- @param[in, out] HttpInstance The HTTP instance private data.
-
- @retval EFI_SUCCESS TLS session data is configured.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsConfigureSession (
- IN OUT HTTP_PROTOCOL *HttpInstance
- );
-
-/**
- Transmit the Packet by processing the associated HTTPS token.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in] Packet The packet to transmit.
-
- @retval EFI_SUCCESS The packet is transmitted.
- @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_DEVICE_ERROR An unexpected system or network error occurred.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCommonTransmit (
- IN OUT HTTP_PROTOCOL *HttpInstance,
- IN NET_BUF *Packet
- );
-
-/**
- Receive the Packet by processing the associated HTTPS token.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in] Packet The packet to transmit.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS The Packet is received.
- @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_TIMEOUT The operation is time out.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCommonReceive (
- IN OUT HTTP_PROTOCOL *HttpInstance,
- IN NET_BUF *Packet,
- IN EFI_EVENT Timeout
- );
-
-/**
- Receive one TLS PDU. An TLS PDU contains an TLS record header and it's
- corresponding record data. These two parts will be put into two blocks of buffers in the
- net buffer.
-
- @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[out] Pdu The received TLS PDU.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS An TLS PDU is received.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsReceiveOnePdu (
- IN OUT HTTP_PROTOCOL *HttpInstance,
- OUT NET_BUF **Pdu,
- IN EFI_EVENT Timeout
- );
-
-/**
- Connect one TLS session by finishing the TLS handshake process.
-
- @param[in] HttpInstance The HTTP instance private data.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS The TLS session is established.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED TLS session state is incorrect.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsConnectSession (
- IN HTTP_PROTOCOL *HttpInstance,
- IN EFI_EVENT Timeout
- );
-
-/**
- Close the TLS session and send out the close notification message.
-
- @param[in] HttpInstance The HTTP instance private data.
-
- @retval EFI_SUCCESS The TLS session is closed.
- @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval Others Other error as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsCloseSession (
- IN HTTP_PROTOCOL *HttpInstance
- );
-
-/**
- Process one message according to the CryptMode.
-
- @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in] Message Pointer to the message buffer needed to processed.
- @param[in] MessageSize Pointer to the message buffer size.
- @param[in] ProcessMode Process mode.
- @param[in, out] Fragment Only one Fragment returned after the Message is
- processed successfully.
-
- @retval EFI_SUCCESS Message is processed successfully.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsProcessMessage (
- IN HTTP_PROTOCOL *HttpInstance,
- IN UINT8 *Message,
- IN UINTN MessageSize,
- IN EFI_TLS_CRYPT_MODE ProcessMode,
- IN OUT NET_FRAGMENT *Fragment
- );
-
-/**
- Receive one fragment decrypted from one TLS record.
-
- @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @param[in, out] Fragment The received Fragment.
- @param[in] Timeout The time to wait for connection done.
-
- @retval EFI_SUCCESS One fragment is received.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED Something wrong decryption the message.
- @retval Others Other errors as indicated.
-
-**/
-EFI_STATUS
-EFIAPI
-HttpsReceive (
- IN HTTP_PROTOCOL *HttpInstance,
- IN OUT NET_FRAGMENT *Fragment,
- IN EFI_EVENT Timeout
- );
-
-#endif
+/** @file
+ The header files of miscellaneous routines specific to Https for HttpDxe driver.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __EFI_HTTPS_SUPPORT_H__
+#define __EFI_HTTPS_SUPPORT_H__
+
+#define HTTPS_DEFAULT_PORT 443
+
+#define HTTPS_FLAG "https://"
+
+/**
+ Check whether the Url is from Https.
+
+ @param[in] Url The pointer to a HTTP or HTTPS URL string.
+
+ @retval TRUE The Url is from HTTPS.
+ @retval FALSE The Url is from HTTP.
+
+**/
+BOOLEAN
+IsHttpsUrl (
+ IN CHAR8 *Url
+ );
+
+/**
+ Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+
+ @param[in] ImageHandle The firmware allocated handle for the UEFI image.
+ @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+
+ @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+
+**/
+EFI_HANDLE
+EFIAPI
+TlsCreateChild (
+ IN EFI_HANDLE ImageHandle,
+ OUT EFI_TLS_PROTOCOL **TlsProto,
+ OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
+ );
+
+/**
+ Create event for the TLS receive and transmit tokens which are used to receive and
+ transmit TLS related messages.
+
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
+
+ @retval EFI_SUCCESS The events are created successfully.
+ @retval others Other error as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsCreateTxRxEvent (
+ IN OUT HTTP_PROTOCOL *HttpInstance
+ );
+
+/**
+ Close events in the TlsTxToken and TlsRxToken.
+
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
+
+**/
+VOID
+EFIAPI
+TlsCloseTxRxEvent (
+ IN HTTP_PROTOCOL *HttpInstance
+ );
+
+/**
+ Read the TlsCaCertificate variable and configure it.
+
+ @param[in, out] HttpInstance The HTTP instance private data.
+
+ @retval EFI_SUCCESS TlsCaCertificate is configured.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_NOT_FOUND Fail to get "TlsCaCertificate" variable.
+ @retval Others Other error as indicated.
+
+**/
+EFI_STATUS
+TlsConfigCertificate (
+ IN OUT HTTP_PROTOCOL *HttpInstance
+ );
+
+/**
+ Configure TLS session data.
+
+ @param[in, out] HttpInstance The HTTP instance private data.
+
+ @retval EFI_SUCCESS TLS session data is configured.
+ @retval Others Other error as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsConfigureSession (
+ IN OUT HTTP_PROTOCOL *HttpInstance
+ );
+
+/**
+ Transmit the Packet by processing the associated HTTPS token.
+
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
+ @param[in] Packet The packet to transmit.
+
+ @retval EFI_SUCCESS The packet is transmitted.
+ @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_DEVICE_ERROR An unexpected system or network error occurred.
+ @retval Others Other errors as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsCommonTransmit (
+ IN OUT HTTP_PROTOCOL *HttpInstance,
+ IN NET_BUF *Packet
+ );
+
+/**
+ Receive the Packet by processing the associated HTTPS token.
+
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
+ @param[in] Packet The packet to transmit.
+ @param[in] Timeout The time to wait for connection done.
+
+ @retval EFI_SUCCESS The Packet is received.
+ @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_TIMEOUT The operation is time out.
+ @retval Others Other error as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsCommonReceive (
+ IN OUT HTTP_PROTOCOL *HttpInstance,
+ IN NET_BUF *Packet,
+ IN EFI_EVENT Timeout
+ );
+
+/**
+ Receive one TLS PDU. An TLS PDU contains an TLS record header and it's
+ corresponding record data. These two parts will be put into two blocks of buffers in the
+ net buffer.
+
+ @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
+ @param[out] Pdu The received TLS PDU.
+ @param[in] Timeout The time to wait for connection done.
+
+ @retval EFI_SUCCESS An TLS PDU is received.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.
+ @retval Others Other errors as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsReceiveOnePdu (
+ IN OUT HTTP_PROTOCOL *HttpInstance,
+ OUT NET_BUF **Pdu,
+ IN EFI_EVENT Timeout
+ );
+
+/**
+ Connect one TLS session by finishing the TLS handshake process.
+
+ @param[in] HttpInstance The HTTP instance private data.
+ @param[in] Timeout The time to wait for connection done.
+
+ @retval EFI_SUCCESS The TLS session is established.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_ABORTED TLS session state is incorrect.
+ @retval Others Other error as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsConnectSession (
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN EFI_EVENT Timeout
+ );
+
+/**
+ Close the TLS session and send out the close notification message.
+
+ @param[in] HttpInstance The HTTP instance private data.
+
+ @retval EFI_SUCCESS The TLS session is closed.
+ @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval Others Other error as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsCloseSession (
+ IN HTTP_PROTOCOL *HttpInstance
+ );
+
+/**
+ Process one message according to the CryptMode.
+
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
+ @param[in] Message Pointer to the message buffer needed to processed.
+ @param[in] MessageSize Pointer to the message buffer size.
+ @param[in] ProcessMode Process mode.
+ @param[in, out] Fragment Only one Fragment returned after the Message is
+ processed successfully.
+
+ @retval EFI_SUCCESS Message is processed successfully.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval Others Other errors as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsProcessMessage (
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN UINT8 *Message,
+ IN UINTN MessageSize,
+ IN EFI_TLS_CRYPT_MODE ProcessMode,
+ IN OUT NET_FRAGMENT *Fragment
+ );
+
+/**
+ Receive one fragment decrypted from one TLS record.
+
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
+ @param[in, out] Fragment The received Fragment.
+ @param[in] Timeout The time to wait for connection done.
+
+ @retval EFI_SUCCESS One fragment is received.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_ABORTED Something wrong decryption the message.
+ @retval Others Other errors as indicated.
+
+**/
+EFI_STATUS
+EFIAPI
+HttpsReceive (
+ IN HTTP_PROTOCOL *HttpInstance,
+ IN OUT NET_FRAGMENT *Fragment,
+ IN EFI_EVENT Timeout
+ );
+
+#endif
+
diff --git a/NetworkPkg/Include/Guid/TlsAuthConfigHii.h b/NetworkPkg/Include/Guid/TlsAuthConfigHii.h
index 9d21426f9f..5e5637c4c6 100644
--- a/NetworkPkg/Include/Guid/TlsAuthConfigHii.h
+++ b/NetworkPkg/Include/Guid/TlsAuthConfigHii.h
@@ -1,25 +1,26 @@
-/** @file
- GUIDs used as HII FormSet and HII Package list GUID in TlsAuthConfigDxe driver.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials are licensed and made available under
-the terms and conditions of the BSD License that accompanies this distribution.
-The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php.
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TLS_AUTH_CONFIG_HII_GUID_H__
-#define __TLS_AUTH_CONFIG_HII_GUID_H__
-
-#define TLS_AUTH_CONFIG_GUID \
- { \
- 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf } \
- }
-
-extern EFI_GUID gTlsAuthConfigGuid;
-
-#endif
+/** @file
+ GUIDs used as HII FormSet and HII Package list GUID in TlsAuthConfigDxe driver.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials are licensed and made available under
+the terms and conditions of the BSD License that accompanies this distribution.
+The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __TLS_AUTH_CONFIG_HII_GUID_H__
+#define __TLS_AUTH_CONFIG_HII_GUID_H__
+
+#define TLS_AUTH_CONFIG_GUID \
+ { \
+ 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf } \
+ }
+
+extern EFI_GUID gTlsAuthConfigGuid;
+
+#endif
+
diff --git a/NetworkPkg/Include/Guid/TlsAuthentication.h b/NetworkPkg/Include/Guid/TlsAuthentication.h
index 2e800dce12..e8497be68b 100644
--- a/NetworkPkg/Include/Guid/TlsAuthentication.h
+++ b/NetworkPkg/Include/Guid/TlsAuthentication.h
@@ -1,29 +1,30 @@
-/** @file
- This file defines TlsCaCertificate variable.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials are licensed and made available under
-the terms and conditions of the BSD License that accompanies this distribution.
-The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php.
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TLS_AUTHENTICATION_H__
-#define __TLS_AUTHENTICATION_H__
-
-// Private variable for CA Certificate configuration
-//
-#define EFI_TLS_CA_CERTIFICATE_GUID \
- { \
- 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \
- }
-
-#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate"
-
-extern EFI_GUID gEfiTlsCaCertificateGuid;
-
-#endif
+/** @file
+ This file defines TlsCaCertificate variable.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials are licensed and made available under
+the terms and conditions of the BSD License that accompanies this distribution.
+The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php.
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __TLS_AUTHENTICATION_H__
+#define __TLS_AUTHENTICATION_H__
+
+// Private variable for CA Certificate configuration
+//
+#define EFI_TLS_CA_CERTIFICATE_GUID \
+ { \
+ 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \
+ }
+
+#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate"
+
+extern EFI_GUID gEfiTlsCaCertificateGuid;
+
+#endif
+
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c
index 647bc2f01b..351656ff0c 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c
@@ -1,135 +1,135 @@
-/** @file
- The DriverEntryPoint for TlsAuthConfigDxe driver.
-
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php.
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsAuthConfigImpl.h"
-
-/**
- Unloads an image.
-
- @param ImageHandle Handle that identifies the image to be unloaded.
-
- @retval EFI_SUCCESS The image has been unloaded.
- @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigDxeUnload (
- IN EFI_HANDLE ImageHandle
- )
-{
- EFI_STATUS Status;
- TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
-
- Status = gBS->HandleProtocol (
- ImageHandle,
- &gEfiCallerIdGuid,
- (VOID **) &PrivateData
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- ASSERT (PrivateData->Signature == TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE);
-
- gBS->UninstallMultipleProtocolInterfaces (
- &ImageHandle,
- &gEfiCallerIdGuid,
- PrivateData,
- NULL
- );
-
- TlsAuthConfigFormUnload (PrivateData);
-
- return EFI_SUCCESS;
-}
-
-/**
- This is the declaration of an EFI image entry point. This entry point is
- the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
- both device drivers and bus drivers.
-
- @param ImageHandle The firmware allocated handle for the UEFI image.
- @param SystemTable A pointer to the EFI System Table.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval Others An unexpected error occurred.
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigDxeDriverEntryPoint (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- EFI_STATUS Status;
-
- TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
-
- PrivateData = NULL;
-
- //
- // If already started, return.
- //
- Status = gBS->OpenProtocol (
- ImageHandle,
- &gEfiCallerIdGuid,
- NULL,
- ImageHandle,
- ImageHandle,
- EFI_OPEN_PROTOCOL_TEST_PROTOCOL
- );
- if (!EFI_ERROR (Status)) {
- return EFI_ALREADY_STARTED;
- }
-
- //
- // Initialize the private data structure.
- //
- PrivateData = AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_PRIVATE_DATA));
- if (PrivateData == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- //
- // Initialize the HII configuration form.
- //
- Status = TlsAuthConfigFormInit (PrivateData);
- if (EFI_ERROR (Status)) {
- goto ON_ERROR;
- }
-
- //
- // Install private GUID.
- //
- Status = gBS->InstallMultipleProtocolInterfaces (
- &ImageHandle,
- &gEfiCallerIdGuid,
- PrivateData,
- NULL
- );
- if (EFI_ERROR (Status)) {
- goto ON_ERROR;
- }
-
- return EFI_SUCCESS;
-
-ON_ERROR:
- TlsAuthConfigFormUnload (PrivateData);
- FreePool (PrivateData);
-
- return Status;
-}
-
+/** @file
+ The DriverEntryPoint for TlsAuthConfigDxe driver.
+
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "TlsAuthConfigImpl.h"
+
+/**
+ Unloads an image.
+
+ @param ImageHandle Handle that identifies the image to be unloaded.
+
+ @retval EFI_SUCCESS The image has been unloaded.
+ @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsAuthConfigDxeUnload (
+ IN EFI_HANDLE ImageHandle
+ )
+{
+ EFI_STATUS Status;
+ TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
+
+ Status = gBS->HandleProtocol (
+ ImageHandle,
+ &gEfiCallerIdGuid,
+ (VOID **) &PrivateData
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ ASSERT (PrivateData->Signature == TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE);
+
+ gBS->UninstallMultipleProtocolInterfaces (
+ &ImageHandle,
+ &gEfiCallerIdGuid,
+ PrivateData,
+ NULL
+ );
+
+ TlsAuthConfigFormUnload (PrivateData);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This is the declaration of an EFI image entry point. This entry point is
+ the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
+ both device drivers and bus drivers.
+
+ @param ImageHandle The firmware allocated handle for the UEFI image.
+ @param SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval Others An unexpected error occurred.
+**/
+EFI_STATUS
+EFIAPI
+TlsAuthConfigDxeDriverEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+
+ TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
+
+ PrivateData = NULL;
+
+ //
+ // If already started, return.
+ //
+ Status = gBS->OpenProtocol (
+ ImageHandle,
+ &gEfiCallerIdGuid,
+ NULL,
+ ImageHandle,
+ ImageHandle,
+ EFI_OPEN_PROTOCOL_TEST_PROTOCOL
+ );
+ if (!EFI_ERROR (Status)) {
+ return EFI_ALREADY_STARTED;
+ }
+
+ //
+ // Initialize the private data structure.
+ //
+ PrivateData = AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_PRIVATE_DATA));
+ if (PrivateData == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Initialize the HII configuration form.
+ //
+ Status = TlsAuthConfigFormInit (PrivateData);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
+
+ //
+ // Install private GUID.
+ //
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &ImageHandle,
+ &gEfiCallerIdGuid,
+ PrivateData,
+ NULL
+ );
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
+
+ return EFI_SUCCESS;
+
+ON_ERROR:
+ TlsAuthConfigFormUnload (PrivateData);
+ FreePool (PrivateData);
+
+ return Status;
+}
+
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
index 19f095e89d..2a893689bb 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
@@ -1,73 +1,74 @@
-## @file
-# Provides the capability to configure Tls Authentication in a setup browser
-# By this module, user may change the content of TlsCaCertificate.
-#
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = TlsAuthConfigDxe
- MODULE_UNI_FILE = TlsAuthConfigDxe.uni
- FILE_GUID = 7ca1024f-eb17-11e5-9dba-28d2447c4829
- MODULE_TYPE = DXE_DRIVER
- VERSION_STRING = 1.0
- ENTRY_POINT = TlsAuthConfigDxeDriverEntryPoint
- UNLOAD_IMAGE = TlsAuthConfigDxeUnload
-
-#
-# VALID_ARCHITECTURES = IA32 X64
-#
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- NetworkPkg/NetworkPkg.dec
-
-[Sources]
- TlsAuthConfigImpl.c
- TlsAuthConfigImpl.h
- TlsAuthConfigNvData.h
- TlsAuthConfigDxe.c
- TlsAuthConfigDxeStrings.uni
- TlsAuthConfigVfr.vfr
-
-[LibraryClasses]
- BaseLib
- BaseMemoryLib
- MemoryAllocationLib
- UefiLib
- UefiBootServicesTableLib
- UefiRuntimeServicesTableLib
- UefiDriverEntryPoint
- DebugLib
- HiiLib
- DevicePathLib
- UefiHiiServicesLib
- FileExplorerLib
- PrintLib
-
-[Protocols]
- gEfiDevicePathProtocolGuid ## PRODUCES
- gEfiHiiConfigAccessProtocolGuid ## PRODUCES
- gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES
-
-[Guids]
- gTlsAuthConfigGuid ## PRODUCES ## GUID
- gEfiCertX509Guid ## CONSUMES ## GUID # Indicate the cert type
- gEfiIfrTianoGuid ## CONSUMES ## HII
- gEfiTlsCaCertificateGuid ## PRODUCES ## GUID
-
-[Depex]
- gEfiHiiConfigRoutingProtocolGuid AND
- gEfiHiiDatabaseProtocolGuid
-
-[UserExtensions.TianoCore."ExtraFiles"]
- TlsAuthConfigDxeExtra.uni
+## @file
+# Provides the capability to configure Tls Authentication in a setup browser
+# By this module, user may change the content of TlsCaCertificate.
+#
+# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TlsAuthConfigDxe
+ MODULE_UNI_FILE = TlsAuthConfigDxe.uni
+ FILE_GUID = 7ca1024f-eb17-11e5-9dba-28d2447c4829
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = TlsAuthConfigDxeDriverEntryPoint
+ UNLOAD_IMAGE = TlsAuthConfigDxeUnload
+
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ NetworkPkg/NetworkPkg.dec
+
+[Sources]
+ TlsAuthConfigImpl.c
+ TlsAuthConfigImpl.h
+ TlsAuthConfigNvData.h
+ TlsAuthConfigDxe.c
+ TlsAuthConfigDxeStrings.uni
+ TlsAuthConfigVfr.vfr
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ MemoryAllocationLib
+ UefiLib
+ UefiBootServicesTableLib
+ UefiRuntimeServicesTableLib
+ UefiDriverEntryPoint
+ DebugLib
+ HiiLib
+ DevicePathLib
+ UefiHiiServicesLib
+ FileExplorerLib
+ PrintLib
+
+[Protocols]
+ gEfiDevicePathProtocolGuid ## PRODUCES
+ gEfiHiiConfigAccessProtocolGuid ## PRODUCES
+ gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES
+
+[Guids]
+ gTlsAuthConfigGuid ## PRODUCES ## GUID
+ gEfiCertX509Guid ## CONSUMES ## GUID # Indicate the cert type
+ gEfiIfrTianoGuid ## CONSUMES ## HII
+ gEfiTlsCaCertificateGuid ## PRODUCES ## GUID
+
+[Depex]
+ gEfiHiiConfigRoutingProtocolGuid AND
+ gEfiHiiDatabaseProtocolGuid
+
+[UserExtensions.TianoCore."ExtraFiles"]
+ TlsAuthConfigDxeExtra.uni
+
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni
index f99a14f575..dcd308fda0 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni
@@ -1,21 +1,21 @@
-// /** @file
-// Provides the capability to configure Tls Authentication in a setup browser
-//
-// By this module, user may change the content of TlsCaCertificate.
-//
-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "Provides the capability to configure Tls Authentication in a setup browser"
-
-#string STR_MODULE_DESCRIPTION #language en-US "By this module, user may change the content of TlsCaCertificate."
-
+// /** @file
+// Provides the capability to configure Tls Authentication in a setup browser
+//
+// By this module, user may change the content of TlsCaCertificate.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides the capability to configure Tls Authentication in a setup browser"
+
+#string STR_MODULE_DESCRIPTION #language en-US "By this module, user may change the content of TlsCaCertificate."
+
--git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni
index ee4c49f15b..d284537303 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni
@@ -1,19 +1,19 @@
-// /** @file
-// TlsAuthConfigDxe Localized Strings and Content
-//
-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-#string STR_PROPERTIES_MODULE_NAME
-#language en-US
-"TLS Auth Config DXE"
-
-
+// /** @file
+// TlsAuthConfigDxe Localized Strings and Content
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"TLS Auth Config DXE"
+
+
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni
index a8f7e434c3..6ffa52df62 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni
@@ -1,39 +1,39 @@
-/** @file
- String definitions for Tls Authentication Configuration form.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#langdef en-US "English"
-
-#string STR_TLS_AUTH_CONFIG_TITLE #language en-US "Tls Auth Configuration"
-#string STR_TLS_AUTH_CONFIG_HELP #language en-US "Press <Enter> to select Tls Auth Configuration."
-
-#string STR_TLS_AUTH_CONFIG_SERVER_CA #language en-US "Server CA Configuration"
-#string STR_TLS_AUTH_CONFIG_SERVER_CA_HELP #language en-US "Press <Enter> to configure Server CA."
-#string STR_TLS_AUTH_CONFIG_CLIENT_CERT #language en-US "Client Cert Configuration"
-#string STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP #language en-US "Client cert configuration is unsupported currently."
-
-#string STR_TLS_AUTH_CONFIG_ENROLL_CERT #language en-US "Enroll Cert"
-#string STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP #language en-US "Press <Enter> to enroll cert."
-#string STR_TLS_AUTH_CONFIG_DELETE_CERT #language en-US "Delete Cert"
-#string STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP #language en-US "Press <Enter> to delete cert."
-
-#string STR_TLS_AUTH_CONFIG_ADD_CERT_FILE #language en-US "Enroll Cert Using File"
-
-#string STR_TLS_AUTH_CONFIG_CERT_GUID #language en-US "Cert GUID"
-#string STR_TLS_AUTH_CONFIG_CERT_GUID_HELP #language en-US "Input digit character in 11111111-2222-3333-4444-1234567890ab format."
-#string STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT #language en-US "Commit Changes and Exit"
-#string STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT #language en-US "Discard Changes and Exit"
-
-#string STR_CERT_TYPE_PCKS_GUID #language en-US "GUID for CERT"
-
-#string STR_NULL #language en-US ""
\ No newline at end of file
+/** @file
+ String definitions for Tls Authentication Configuration form.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#langdef en-US "English"
+
+#string STR_TLS_AUTH_CONFIG_TITLE #language en-US "Tls Auth Configuration"
+#string STR_TLS_AUTH_CONFIG_HELP #language en-US "Press <Enter> to select Tls Auth Configuration."
+
+#string STR_TLS_AUTH_CONFIG_SERVER_CA #language en-US "Server CA Configuration"
+#string STR_TLS_AUTH_CONFIG_SERVER_CA_HELP #language en-US "Press <Enter> to configure Server CA."
+#string STR_TLS_AUTH_CONFIG_CLIENT_CERT #language en-US "Client Cert Configuration"
+#string STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP #language en-US "Client cert configuration is unsupported currently."
+
+#string STR_TLS_AUTH_CONFIG_ENROLL_CERT #language en-US "Enroll Cert"
+#string STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP #language en-US "Press <Enter> to enroll cert."
+#string STR_TLS_AUTH_CONFIG_DELETE_CERT #language en-US "Delete Cert"
+#string STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP #language en-US "Press <Enter> to delete cert."
+
+#string STR_TLS_AUTH_CONFIG_ADD_CERT_FILE #language en-US "Enroll Cert Using File"
+
+#string STR_TLS_AUTH_CONFIG_CERT_GUID #language en-US "Cert GUID"
+#string STR_TLS_AUTH_CONFIG_CERT_GUID_HELP #language en-US "Input digit character in 11111111-2222-3333-4444-1234567890ab format."
+#string STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT #language en-US "Commit Changes and Exit"
+#string STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT #language en-US "Discard Changes and Exit"
+
+#string STR_CERT_TYPE_PCKS_GUID #language en-US "GUID for CERT"
+
+#string STR_NULL #language en-US ""
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
index 5b4756f16b..81f7e7d0f4 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
@@ -1,1688 +1,1689 @@
-/** @file
- The Miscellaneous Routines for TlsAuthConfigDxe driver.
-
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsAuthConfigImpl.h"
-
-VOID *mStartOpCodeHandle = NULL;
-VOID *mEndOpCodeHandle = NULL;
-EFI_IFR_GUID_LABEL *mStartLabel = NULL;
-EFI_IFR_GUID_LABEL *mEndLabel = NULL;
-
-
-CHAR16 mTlsAuthConfigStorageName[] = L"TLS_AUTH_CONFIG_IFR_NVDATA";
-
-TLS_AUTH_CONFIG_PRIVATE_DATA *mTlsAuthPrivateData = NULL;
-
-HII_VENDOR_DEVICE_PATH mTlsAuthConfigHiiVendorDevicePath = {
- {
- {
- HARDWARE_DEVICE_PATH,
- HW_VENDOR_DP,
- {
- (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
- (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
- }
- },
- TLS_AUTH_CONFIG_GUID
- },
- {
- END_DEVICE_PATH_TYPE,
- END_ENTIRE_DEVICE_PATH_SUBTYPE,
- {
- (UINT8) (END_DEVICE_PATH_LENGTH),
- (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
- }
- }
-};
-
-//
-// Possible DER-encoded certificate file suffixes, end with NULL pointer.
-//
-CHAR16* mDerPemEncodedSuffix[] = {
- L".cer",
- L".der",
- L".crt",
- L".pem",
- NULL
-};
-
-/**
- This code checks if the FileSuffix is one of the possible DER/PEM-encoded certificate suffix.
-
- @param[in] FileSuffix The suffix of the input certificate file
-
- @retval TRUE It's a DER/PEM-encoded certificate.
- @retval FALSE It's NOT a DER/PEM-encoded certificate.
-
-**/
-BOOLEAN
-IsDerPemEncodeCertificate (
- IN CONST CHAR16 *FileSuffix
-)
-{
- UINTN Index;
- for (Index = 0; mDerPemEncodedSuffix[Index] != NULL; Index++) {
- if (StrCmp (FileSuffix, mDerPemEncodedSuffix[Index]) == 0) {
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- Worker function that prints an EFI_GUID into specified Buffer.
-
- @param[in] Guid Pointer to GUID to print.
- @param[in] Buffer Buffer to print Guid into.
- @param[in] BufferSize Size of Buffer.
-
- @retval Number of characters printed.
-
-**/
-UINTN
-GuidToString (
- IN EFI_GUID *Guid,
- IN CHAR16 *Buffer,
- IN UINTN BufferSize
- )
-{
- return UnicodeSPrint (
- Buffer,
- BufferSize,
- L"%g",
- Guid
- );
-}
-
-/**
- List all cert in specified database by GUID in the page
- for user to select and delete as needed.
-
- @param[in] PrivateData Module's private data.
- @param[in] VariableName The variable name of the vendor's signature database.
- @param[in] VendorGuid A unique identifier for the vendor.
- @param[in] LabelNumber Label number to insert opcodes.
- @param[in] FormId Form ID of current page.
- @param[in] QuestionIdBase Base question id of the signature list.
-
- @retval EFI_SUCCESS Success to update the signature list page
- @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources.
-
-**/
-EFI_STATUS
-UpdateDeletePage (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT16 LabelNumber,
- IN EFI_FORM_ID FormId,
- IN EFI_QUESTION_ID QuestionIdBase
- )
-{
- EFI_STATUS Status;
- UINT32 Index;
- UINTN CertCount;
- UINTN GuidIndex;
- VOID *StartOpCodeHandle;
- VOID *EndOpCodeHandle;
- EFI_IFR_GUID_LABEL *StartLabel;
- EFI_IFR_GUID_LABEL *EndLabel;
- UINTN DataSize;
- UINT8 *Data;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_DATA *Cert;
- UINT32 ItemDataSize;
- CHAR16 *GuidStr;
- EFI_STRING_ID GuidID;
- EFI_STRING_ID Help;
-
- Data = NULL;
- CertList = NULL;
- Cert = NULL;
- GuidStr = NULL;
- StartOpCodeHandle = NULL;
- EndOpCodeHandle = NULL;
-
- //
- // Initialize the container for dynamic opcodes.
- //
- StartOpCodeHandle = HiiAllocateOpCodeHandle ();
- if (StartOpCodeHandle == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- EndOpCodeHandle = HiiAllocateOpCodeHandle ();
- if (EndOpCodeHandle == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Create Hii Extend Label OpCode.
- //
- StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- StartOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- StartLabel->Number = LabelNumber;
-
- EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- EndOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- EndLabel->Number = LABEL_END;
-
- //
- // Read Variable.
- //
- DataSize = 0;
- Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);
- if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
- goto ON_EXIT;
- }
-
- Data = (UINT8 *) AllocateZeroPool (DataSize);
- if (Data == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- GuidStr = AllocateZeroPool (100);
- if (GuidStr == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Enumerate all data.
- //
- ItemDataSize = (UINT32) DataSize;
- CertList = (EFI_SIGNATURE_LIST *) Data;
- GuidIndex = 0;
-
- while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
-
- if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
- Help = STRING_TOKEN (STR_CERT_TYPE_PCKS_GUID);
- } else {
- //
- // The signature type is not supported in current implementation.
- //
- ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
- continue;
- }
-
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
- for (Index = 0; Index < CertCount; Index++) {
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList
- + sizeof (EFI_SIGNATURE_LIST)
- + CertList->SignatureHeaderSize
- + Index * CertList->SignatureSize);
- //
- // Display GUID and help
- //
- GuidToString (&Cert->SignatureOwner, GuidStr, 100);
- GuidID = HiiSetString (Private->RegisteredHandle, 0, GuidStr, NULL);
- HiiCreateCheckBoxOpCode (
- StartOpCodeHandle,
- (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++),
- 0,
- 0,
- GuidID,
- Help,
- EFI_IFR_FLAG_CALLBACK,
- 0,
- NULL
- );
- }
-
- ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
- }
-
-ON_EXIT:
- HiiUpdateForm (
- Private->RegisteredHandle,
- &gTlsAuthConfigGuid,
- FormId,
- StartOpCodeHandle,
- EndOpCodeHandle
- );
-
- if (StartOpCodeHandle != NULL) {
- HiiFreeOpCodeHandle (StartOpCodeHandle);
- }
-
- if (EndOpCodeHandle != NULL) {
- HiiFreeOpCodeHandle (EndOpCodeHandle);
- }
-
- if (Data != NULL) {
- FreePool (Data);
- }
-
- if (GuidStr != NULL) {
- FreePool (GuidStr);
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- Delete one entry from cert database.
-
- @param[in] PrivateData Module's private data.
- @param[in] VariableName The variable name of the database.
- @param[in] VendorGuid A unique identifier for the vendor.
- @param[in] LabelNumber Label number to insert opcodes.
- @param[in] FormId Form ID of current page.
- @param[in] QuestionIdBase Base question id of the cert list.
- @param[in] DeleteIndex Cert index to delete.
-
- @retval EFI_SUCCESS Delete siganture successfully.
- @retval EFI_NOT_FOUND Can't find the signature item,
- @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
-**/
-EFI_STATUS
-DeleteCert (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT16 LabelNumber,
- IN EFI_FORM_ID FormId,
- IN EFI_QUESTION_ID QuestionIdBase,
- IN UINTN DeleteIndex
- )
-{
- EFI_STATUS Status;
- UINTN DataSize;
- UINT8 *Data;
- UINT8 *OldData;
- UINT32 Attr;
- UINT32 Index;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_LIST *NewCertList;
- EFI_SIGNATURE_DATA *Cert;
- UINTN CertCount;
- UINT32 Offset;
- BOOLEAN IsItemFound;
- UINT32 ItemDataSize;
- UINTN GuidIndex;
-
- Data = NULL;
- OldData = NULL;
- CertList = NULL;
- Cert = NULL;
- Attr = 0;
-
- //
- // Get original signature list data.
- //
- DataSize = 0;
- Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL);
- if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
- goto ON_EXIT;
- }
-
- OldData = (UINT8 *) AllocateZeroPool (DataSize);
- if (OldData == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- Status = gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSize, OldData);
- if (EFI_ERROR(Status)) {
- goto ON_EXIT;
- }
-
- //
- // Allocate space for new variable.
- //
- Data = (UINT8*) AllocateZeroPool (DataSize);
- if (Data == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Enumerate all data and erasing the target item.
- //
- IsItemFound = FALSE;
- ItemDataSize = (UINT32) DataSize;
- CertList = (EFI_SIGNATURE_LIST *) OldData;
- Offset = 0;
- GuidIndex = 0;
- while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
- if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
- //
- // Copy EFI_SIGNATURE_LIST header then calculate the signature count in this list.
- //
- CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize));
- NewCertList = (EFI_SIGNATURE_LIST*) (Data + Offset);
- Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
- for (Index = 0; Index < CertCount; Index++) {
- if (GuidIndex == DeleteIndex) {
- //
- // Find it! Skip it!
- //
- NewCertList->SignatureListSize -= CertList->SignatureSize;
- IsItemFound = TRUE;
- } else {
- //
- // This item doesn't match. Copy it to the Data buffer.
- //
- CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSize);
- Offset += CertList->SignatureSize;
- }
- GuidIndex++;
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
- }
- } else {
- //
- // This List doesn't match. Just copy it to the Data buffer.
- //
- CopyMem (Data + Offset, (UINT8*)(CertList), CertList->SignatureListSize);
- Offset += CertList->SignatureListSize;
- }
-
- ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
- }
-
- if (!IsItemFound) {
- //
- // Doesn't find the signature Item!
- //
- Status = EFI_NOT_FOUND;
- goto ON_EXIT;
- }
-
- //
- // Delete the EFI_SIGNATURE_LIST header if there is no signature in the list.
- //
- ItemDataSize = Offset;
- CertList = (EFI_SIGNATURE_LIST *) Data;
- Offset = 0;
- ZeroMem (OldData, ItemDataSize);
- while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
- CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
- DEBUG ((DEBUG_INFO, " CertCount = %x\n", CertCount));
- if (CertCount != 0) {
- CopyMem (OldData + Offset, (UINT8*)(CertList), CertList->SignatureListSize);
- Offset += CertList->SignatureListSize;
- }
- ItemDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
- }
-
- DataSize = Offset;
-
- Status = gRT->SetVariable(
- VariableName,
- VendorGuid,
- Attr,
- DataSize,
- OldData
- );
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r\n", Status));
- goto ON_EXIT;
- }
-
-ON_EXIT:
- if (Data != NULL) {
- FreePool(Data);
- }
-
- if (OldData != NULL) {
- FreePool(OldData);
- }
-
- return UpdateDeletePage (
- Private,
- VariableName,
- VendorGuid,
- LabelNumber,
- FormId,
- QuestionIdBase
- );
-}
-
-
-/**
- Close an open file handle.
-
- @param[in] FileHandle The file handle to close.
-
-**/
-VOID
-CloseFile (
- IN EFI_FILE_HANDLE FileHandle
- )
-{
- if (FileHandle != NULL) {
- FileHandle->Close (FileHandle);
- }
-}
-
-/**
- Read file content into BufferPtr, the size of the allocate buffer
- is *FileSize plus AddtionAllocateSize.
-
- @param[in] FileHandle The file to be read.
- @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
- @param[out] FileSize Size of input file
- @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
- In case the buffer need to contain others besides the file content.
-
- @retval EFI_SUCCESS The file was read into the buffer.
- @retval EFI_INVALID_PARAMETER A parameter was invalid.
- @retval EFI_OUT_OF_RESOURCES A memory allocation failed.
- @retval others Unexpected error.
-
-**/
-EFI_STATUS
-ReadFileContent (
- IN EFI_FILE_HANDLE FileHandle,
- IN OUT VOID **BufferPtr,
- OUT UINTN *FileSize,
- IN UINTN AddtionAllocateSize
- )
-
-{
- UINTN BufferSize;
- UINT64 SourceFileSize;
- VOID *Buffer;
- EFI_STATUS Status;
-
- if ((FileHandle == NULL) || (FileSize == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- Buffer = NULL;
-
- //
- // Get the file size
- //
- Status = FileHandle->SetPosition (FileHandle, (UINT64) -1);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- Status = FileHandle->GetPosition (FileHandle, &SourceFileSize);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- Status = FileHandle->SetPosition (FileHandle, 0);
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- BufferSize = (UINTN) SourceFileSize + AddtionAllocateSize;
- Buffer = AllocateZeroPool(BufferSize);
- if (Buffer == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- BufferSize = (UINTN) SourceFileSize;
- *FileSize = BufferSize;
-
- Status = FileHandle->Read (FileHandle, &BufferSize, Buffer);
- if (EFI_ERROR (Status) || BufferSize != *FileSize) {
- FreePool (Buffer);
- Buffer = NULL;
- Status = EFI_BAD_BUFFER_SIZE;
- goto ON_EXIT;
- }
-
-ON_EXIT:
-
- *BufferPtr = Buffer;
- return Status;
-}
-
-/**
- This function will open a file or directory referenced by DevicePath.
-
- This function opens a file with the open mode according to the file path. The
- Attributes is valid only for EFI_FILE_MODE_CREATE.
-
- @param[in, out] FilePath On input, the device path to the file.
- On output, the remaining device path.
- @param[out] FileHandle Pointer to the file handle.
- @param[in] OpenMode The mode to open the file with.
- @param[in] Attributes The file's file attributes.
-
- @retval EFI_SUCCESS The information was set.
- @retval EFI_INVALID_PARAMETER One of the parameters has an invalid value.
- @retval EFI_UNSUPPORTED Could not open the file path.
- @retval EFI_NOT_FOUND The specified file could not be found on the
- device or the file system could not be found on
- the device.
- @retval EFI_NO_MEDIA The device has no medium.
- @retval EFI_MEDIA_CHANGED The device has a different medium in it or the
- medium is no longer supported.
- @retval EFI_DEVICE_ERROR The device reported an error.
- @retval EFI_VOLUME_CORRUPTED The file system structures are corrupted.
- @retval EFI_WRITE_PROTECTED The file or medium is write protected.
- @retval EFI_ACCESS_DENIED The file was opened read only.
- @retval EFI_OUT_OF_RESOURCES Not enough resources were available to open the
- file.
- @retval EFI_VOLUME_FULL The volume is full.
-**/
-EFI_STATUS
-EFIAPI
-OpenFileByDevicePath (
- IN OUT EFI_DEVICE_PATH_PROTOCOL **FilePath,
- OUT EFI_FILE_HANDLE *FileHandle,
- IN UINT64 OpenMode,
- IN UINT64 Attributes
- )
-{
- EFI_STATUS Status;
- EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol;
- EFI_FILE_PROTOCOL *Handle1;
- EFI_FILE_PROTOCOL *Handle2;
- EFI_HANDLE DeviceHandle;
-
- if ((FilePath == NULL || FileHandle == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- Status = gBS->LocateDevicePath (
- &gEfiSimpleFileSystemProtocolGuid,
- FilePath,
- &DeviceHandle
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- Status = gBS->OpenProtocol(
- DeviceHandle,
- &gEfiSimpleFileSystemProtocolGuid,
- (VOID**)&EfiSimpleFileSystemProtocol,
- gImageHandle,
- NULL,
- EFI_OPEN_PROTOCOL_GET_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- Status = EfiSimpleFileSystemProtocol->OpenVolume(EfiSimpleFileSystemProtocol, &Handle1);
- if (EFI_ERROR (Status)) {
- FileHandle = NULL;
- return Status;
- }
-
- //
- // go down directories one node at a time.
- //
- while (!IsDevicePathEnd (*FilePath)) {
- //
- // For file system access each node should be a file path component
- //
- if (DevicePathType (*FilePath) != MEDIA_DEVICE_PATH ||
- DevicePathSubType (*FilePath) != MEDIA_FILEPATH_DP
- ) {
- FileHandle = NULL;
- return (EFI_INVALID_PARAMETER);
- }
- //
- // Open this file path node
- //
- Handle2 = Handle1;
- Handle1 = NULL;
-
- //
- // Try to test opening an existing file
- //
- Status = Handle2->Open (
- Handle2,
- &Handle1,
- ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
- OpenMode &~EFI_FILE_MODE_CREATE,
- 0
- );
-
- //
- // see if the error was that it needs to be created
- //
- if ((EFI_ERROR (Status)) && (OpenMode != (OpenMode &~EFI_FILE_MODE_CREATE))) {
- Status = Handle2->Open (
- Handle2,
- &Handle1,
- ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
- OpenMode,
- Attributes
- );
- }
- //
- // Close the last node
- //
- Handle2->Close (Handle2);
-
- if (EFI_ERROR(Status)) {
- return (Status);
- }
-
- //
- // Get the next node
- //
- *FilePath = NextDevicePathNode (*FilePath);
- }
-
- //
- // This is a weak spot since if the undefined SHELL_FILE_HANDLE format changes this must change also!
- //
- *FileHandle = (VOID*)Handle1;
- return EFI_SUCCESS;
-}
-
-/**
- This function converts an input device structure to a Unicode string.
-
- @param[in] DevPath A pointer to the device path structure.
-
- @return A new allocated Unicode string that represents the device path.
-
-**/
-CHAR16 *
-EFIAPI
-DevicePathToStr (
- IN EFI_DEVICE_PATH_PROTOCOL *DevPath
- )
-{
- return ConvertDevicePathToText (
- DevPath,
- FALSE,
- TRUE
- );
-}
-
-
-/**
- Extract filename from device path. The returned buffer is allocated using AllocateCopyPool.
- The caller is responsible for freeing the allocated buffer using FreePool(). If return NULL
- means not enough memory resource.
-
- @param DevicePath Device path.
-
- @retval NULL Not enough memory resourece for AllocateCopyPool.
- @retval Other A new allocated string that represents the file name.
-
-**/
-CHAR16 *
-ExtractFileNameFromDevicePath (
- IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
- )
-{
- CHAR16 *String;
- CHAR16 *MatchString;
- CHAR16 *LastMatch;
- CHAR16 *FileName;
- UINTN Length;
-
- ASSERT(DevicePath != NULL);
-
- String = DevicePathToStr(DevicePath);
- MatchString = String;
- LastMatch = String;
- FileName = NULL;
-
- while(MatchString != NULL){
- LastMatch = MatchString + 1;
- MatchString = StrStr(LastMatch,L"\\");
- }
-
- Length = StrLen(LastMatch);
- FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch);
- if (FileName != NULL) {
- *(FileName + Length) = 0;
- }
-
- FreePool(String);
-
- return FileName;
-}
-
-/**
- Enroll a new X509 certificate into Variable.
-
- @param[in] PrivateData The module's private data.
- @param[in] VariableName Variable name of CA database.
-
- @retval EFI_SUCCESS New X509 is enrolled successfully.
- @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
-
-**/
-EFI_STATUS
-EnrollX509toVariable (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName
- )
-{
- EFI_STATUS Status;
- UINTN X509DataSize;
- VOID *X509Data;
- EFI_SIGNATURE_LIST *CACert;
- EFI_SIGNATURE_DATA *CACertData;
- VOID *Data;
- UINTN DataSize;
- UINTN SigDataSize;
- UINT32 Attr;
-
- X509DataSize = 0;
- SigDataSize = 0;
- DataSize = 0;
- X509Data = NULL;
- CACert = NULL;
- CACertData = NULL;
- Data = NULL;
-
- Status = ReadFileContent (
- Private->FileContext->FHandle,
- &X509Data,
- &X509DataSize,
- 0
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
- ASSERT (X509Data != NULL);
-
- SigDataSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize;
-
- Data = AllocateZeroPool (SigDataSize);
- if (Data == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- //
- // Fill Certificate Database parameters.
- //
- CACert = (EFI_SIGNATURE_LIST*) Data;
- CACert->SignatureListSize = (UINT32) SigDataSize;
- CACert->SignatureHeaderSize = 0;
- CACert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize);
- CopyGuid (&CACert->SignatureType, &gEfiCertX509Guid);
-
- CACertData = (EFI_SIGNATURE_DATA*) ((UINT8* ) CACert + sizeof (EFI_SIGNATURE_LIST));
- CopyGuid (&CACertData->SignatureOwner, Private->CertGuid);
- CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, X509DataSize);
-
- //
- // Check if signature database entry has been already existed.
- // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
- // new signature data to original variable
- //
- Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
-
- Status = gRT->GetVariable(
- VariableName,
- &gEfiTlsCaCertificateGuid,
- NULL,
- &DataSize,
- NULL
- );
- if (Status == EFI_BUFFER_TOO_SMALL) {
- Attr |= EFI_VARIABLE_APPEND_WRITE;
- } else if (Status != EFI_NOT_FOUND) {
- goto ON_EXIT;
- }
-
- Status = gRT->SetVariable(
- VariableName,
- &gEfiTlsCaCertificateGuid,
- Attr,
- SigDataSize,
- Data
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
-ON_EXIT:
-
- CloseFile (Private->FileContext->FHandle);
- if (Private->FileContext->FileName != NULL) {
- FreePool(Private->FileContext->FileName);
- Private->FileContext->FileName = NULL;
- }
-
- Private->FileContext->FHandle = NULL;
-
- if (Private->CertGuid != NULL) {
- FreePool (Private->CertGuid);
- Private->CertGuid = NULL;
- }
-
- if (Data != NULL) {
- FreePool (Data);
- }
-
- if (X509Data != NULL) {
- FreePool (X509Data);
- }
-
- return Status;
-}
-
-/**
- Enroll Cert into TlsCaCertificate. The GUID will be Private->CertGuid.
-
- @param[in] PrivateData The module's private data.
- @param[in] VariableName Variable name of signature database.
-
- @retval EFI_SUCCESS New Cert enrolled successfully.
- @retval EFI_INVALID_PARAMETER The parameter is invalid.
- @retval EFI_UNSUPPORTED The Cert file is unsupported type.
- @retval others Fail to enroll Cert data.
-
-**/
-EFI_STATUS
-EnrollCertDatabase (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
- IN CHAR16 *VariableName
- )
-{
- UINT16* FilePostFix;
- UINTN NameLength;
-
- if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->CertGuid == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // Parse the file's postfix.
- //
- NameLength = StrLen (Private->FileContext->FileName);
- if (NameLength <= 4) {
- return EFI_INVALID_PARAMETER;
- }
- FilePostFix = Private->FileContext->FileName + NameLength - 4;
-
- if (IsDerPemEncodeCertificate (FilePostFix)) {
- //
- // Supports DER-encoded X509 certificate.
- //
- return EnrollX509toVariable (Private, VariableName);
- }
-
- return EFI_UNSUPPORTED;
-}
-
-/**
- Refresh the global UpdateData structure.
-
-**/
-VOID
-RefreshUpdateData (
- VOID
- )
-{
- //
- // Free current updated date
- //
- if (mStartOpCodeHandle != NULL) {
- HiiFreeOpCodeHandle (mStartOpCodeHandle);
- }
-
- //
- // Create new OpCode Handle
- //
- mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
-
- //
- // Create Hii Extend Label OpCode as the start opcode
- //
- mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- mStartOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
-}
-
-/**
- Clean up the dynamic opcode at label and form specified by both LabelId.
-
- @param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
- @param[in] PrivateData Module private data.
-
-**/
-VOID
-CleanUpPage (
- IN UINT16 LabelId,
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData
- )
-{
- RefreshUpdateData ();
-
- //
- // Remove all op-codes from dynamic page
- //
- mStartLabel->Number = LabelId;
- HiiUpdateForm (
- PrivateData->RegisteredHandle,
- &gTlsAuthConfigGuid,
- LabelId,
- mStartOpCodeHandle, // Label LabelId
- mEndOpCodeHandle // LABEL_END
- );
-}
-
-/**
- Update the form base on the selected file.
-
- @param FilePath Point to the file path.
- @param FormId The form need to display.
-
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
-
-**/
-BOOLEAN
-UpdatePage(
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath,
- IN EFI_FORM_ID FormId
- )
-{
- CHAR16 *FileName;
- EFI_STRING_ID StringToken;
-
- FileName = NULL;
-
- if (FilePath != NULL) {
- FileName = ExtractFileNameFromDevicePath(FilePath);
- }
- if (FileName == NULL) {
- //
- // FileName = NULL has two case:
- // 1. FilePath == NULL, not select file.
- // 2. FilePath != NULL, but ExtractFileNameFromDevicePath return NULL not enough memory resource.
- // In these two case, no need to update the form, and exit the caller function.
- //
- return TRUE;
- }
- StringToken = HiiSetString (mTlsAuthPrivateData->RegisteredHandle, 0, FileName, NULL);
-
- mTlsAuthPrivateData->FileContext->FileName = FileName;
-
- OpenFileByDevicePath (
- &FilePath,
- &mTlsAuthPrivateData->FileContext->FHandle,
- EFI_FILE_MODE_READ,
- 0
- );
- //
- // Create Subtitle op-code for the display string of the option.
- //
- RefreshUpdateData ();
- mStartLabel->Number = FormId;
-
- HiiCreateSubTitleOpCode (
- mStartOpCodeHandle,
- StringToken,
- 0,
- 0,
- 0
- );
-
- HiiUpdateForm (
- mTlsAuthPrivateData->RegisteredHandle,
- &gTlsAuthConfigGuid,
- FormId,
- mStartOpCodeHandle, /// Label FormId
- mEndOpCodeHandle /// LABEL_END
- );
-
- return TRUE;
-}
-
-/**
- Update the form base on the input file path info.
-
- @param FilePath Point to the file path.
-
- @retval TRUE Exit caller function.
- @retval FALSE Not exit caller function.
-**/
-BOOLEAN
-EFIAPI
-UpdateCAFromFile (
- IN EFI_DEVICE_PATH_PROTOCOL *FilePath
- )
-{
- return UpdatePage(FilePath, TLS_AUTH_CONFIG_FORMID4_FORM);
-}
-
-/**
- Unload the configuration form, this includes: delete all the configuration
- entries, uninstall the form callback protocol, and free the resources used.
-
- @param[in] Private Pointer to the driver private data.
-
- @retval EFI_SUCCESS The configuration form is unloaded.
- @retval Others Failed to unload the form.
-
-**/
-EFI_STATUS
-TlsAuthConfigFormUnload (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
- )
-{
- if (Private->DriverHandle != NULL) {
- //
- // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL
- //
- gBS->UninstallMultipleProtocolInterfaces (
- Private->DriverHandle,
- &gEfiDevicePathProtocolGuid,
- &mTlsAuthConfigHiiVendorDevicePath,
- &gEfiHiiConfigAccessProtocolGuid,
- &Private->ConfigAccess,
- NULL
- );
- Private->DriverHandle = NULL;
- }
-
- if (Private->RegisteredHandle != NULL) {
- //
- // Remove HII package list
- //
- HiiRemovePackages (Private->RegisteredHandle);
- Private->RegisteredHandle = NULL;
- }
-
- if (Private->CertGuid != NULL) {
- FreePool (Private->CertGuid);
- }
-
- if (Private->FileContext != NULL) {
- FreePool (Private->FileContext);
- }
-
- FreePool (Private);
-
- if (mStartOpCodeHandle != NULL) {
- HiiFreeOpCodeHandle (mStartOpCodeHandle);
- }
-
- if (mEndOpCodeHandle != NULL) {
- HiiFreeOpCodeHandle (mEndOpCodeHandle);
- }
-
- return EFI_SUCCESS;
-}
-
-
-/**
- Initialize the configuration form.
-
- @param[in] Private Pointer to the driver private data.
-
- @retval EFI_SUCCESS The configuration form is initialized.
- @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
-
-**/
-EFI_STATUS
-TlsAuthConfigFormInit (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
- )
-{
- EFI_STATUS Status;
-
- Private->Signature = TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE;
-
- Private->ConfigAccess.ExtractConfig = TlsAuthConfigAccessExtractConfig;
- Private->ConfigAccess.RouteConfig = TlsAuthConfigAccessRouteConfig;
- Private->ConfigAccess.Callback = TlsAuthConfigAccessCallback;
-
- //
- // Install Device Path Protocol and Config Access protocol to driver handle.
- //
- Status = gBS->InstallMultipleProtocolInterfaces (
- &Private->DriverHandle,
- &gEfiDevicePathProtocolGuid,
- &mTlsAuthConfigHiiVendorDevicePath,
- &gEfiHiiConfigAccessProtocolGuid,
- &Private->ConfigAccess,
- NULL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- //
- // Publish our HII data.
- //
- Private->RegisteredHandle = HiiAddPackages (
- &gTlsAuthConfigGuid,
- Private->DriverHandle,
- TlsAuthConfigDxeStrings,
- TlsAuthConfigVfrBin,
- NULL
- );
- if (Private->RegisteredHandle == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Error;
- }
-
- Private->FileContext = AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_FILE_CONTEXT));
- if (Private->FileContext == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Error;
- }
-
- //
- // Init OpCode Handle and Allocate space for creation of Buffer
- //
- mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
- if (mStartOpCodeHandle == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Error;
- }
-
- mEndOpCodeHandle = HiiAllocateOpCodeHandle ();
- if (mEndOpCodeHandle == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto Error;
- }
-
- //
- // Create Hii Extend Label OpCode as the start opcode
- //
- mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- mStartOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
-
- //
- // Create Hii Extend Label OpCode as the end opcode
- //
- mEndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
- mEndOpCodeHandle,
- &gEfiIfrTianoGuid,
- NULL,
- sizeof (EFI_IFR_GUID_LABEL)
- );
- mEndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
- mEndLabel->Number = LABEL_END;
-
- return EFI_SUCCESS;
-
-Error:
- TlsAuthConfigFormUnload (Private);
- return Status;
-}
-
-/**
-
- This function allows the caller to request the current
- configuration for one or more named elements. The resulting
- string is in <ConfigAltResp> format. Any and all alternative
- configuration strings shall also be appended to the end of the
- current configuration string. If they are, they must appear
- after the current configuration. They must contain the same
- routing (GUID, NAME, PATH) as the current configuration string.
- They must have an additional description indicating the type of
- alternative configuration the string represents,
- "ALTCFG=<StringToken>". That <StringToken> (when
- converted from Hex UNICODE to binary) is a reference to a
- string in the associated string pack.
-
- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
-
- @param Request A null-terminated Unicode string in
- <ConfigRequest> format. Note that this
- includes the routing information as well as
- the configurable name / value pairs. It is
- invalid for this string to be in
- <MultiConfigRequest> format.
- If a NULL is passed in for the Request field,
- all of the settings being abstracted by this function
- will be returned in the Results field. In addition,
- if a ConfigHdr is passed in with no request elements,
- all of the settings being abstracted for that particular
- ConfigHdr reference will be returned in the Results Field.
-
- @param Progress On return, points to a character in the
- Request string. Points to the string's null
- terminator if request was successful. Points
- to the most recent "&" before the first
- failing name / value pair (or the beginning
- of the string if the failure is in the first
- name / value pair) if the request was not
- successful.
-
- @param Results A null-terminated Unicode string in
- <MultiConfigAltResp> format which has all values
- filled in for the names in the Request string.
- String to be allocated by the called function.
-
- @retval EFI_SUCCESS The Results string is filled with the
- values corresponding to all requested
- names.
-
- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
- parts of the results that must be
- stored awaiting possible future
- protocols.
-
- @retval EFI_NOT_FOUND Routing data doesn't match any
- known driver. Progress set to the
- first character in the routing header.
- Note: There is no requirement that the
- driver validate the routing data. It
- must skip the <ConfigHdr> in order to
- process the names.
-
- @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
- to most recent "&" before the
- error or the beginning of the
- string.
-
- @retval EFI_INVALID_PARAMETER Unknown name. Progress points
- to the & before the name in
- question.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessExtractConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Request,
- OUT EFI_STRING *Progress,
- OUT EFI_STRING *Results
- )
-{
- EFI_STATUS Status;
- UINTN BufferSize;
- UINTN Size;
- EFI_STRING ConfigRequest;
- EFI_STRING ConfigRequestHdr;
- TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
- BOOLEAN AllocatedRequest;
-
- if (Progress == NULL || Results == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- AllocatedRequest = FALSE;
- ConfigRequestHdr = NULL;
- ConfigRequest = NULL;
- Size = 0;
-
- Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
-
- BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
- ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);
-
- *Progress = Request;
-
- if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {
- return EFI_NOT_FOUND;
- }
-
- ConfigRequest = Request;
- if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {
- //
- // Request is set to NULL or OFFSET is NULL, construct full request string.
- //
- // Allocate and fill a buffer large enough to hold the <ConfigHdr> template
- // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator
- //
- ConfigRequestHdr = HiiConstructConfigHdr (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, Private->DriverHandle);
- Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
- ConfigRequest = AllocateZeroPool (Size);
- ASSERT (ConfigRequest != NULL);
- AllocatedRequest = TRUE;
- UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
- FreePool (ConfigRequestHdr);
- ConfigRequestHdr = NULL;
- }
-
- Status = gHiiConfigRouting->BlockToConfig (
- gHiiConfigRouting,
- ConfigRequest,
- (UINT8 *) &Private->TlsAuthConfigNvData,
- BufferSize,
- Results,
- Progress
- );
-
- //
- // Free the allocated config request string.
- //
- if (AllocatedRequest) {
- FreePool (ConfigRequest);
- }
-
- //
- // Set Progress string to the original request string.
- //
- if (Request == NULL) {
- *Progress = NULL;
- } else if (StrStr (Request, L"OFFSET") == NULL) {
- *Progress = Request + StrLen (Request);
- }
-
- return Status;
-}
-
-/**
-
- This function applies changes in a driver's configuration.
- Input is a Configuration, which has the routing data for this
- driver followed by name / value configuration pairs. The driver
- must apply those pairs to its configurable storage. If the
- driver's configuration is stored in a linear block of data
- and the driver's name / value pairs are in <BlockConfig>
- format, it may use the ConfigToBlock helper function (above) to
- simplify the job.
-
- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
-
- @param Configuration A null-terminated Unicode string in
- <ConfigString> format.
-
- @param Progress A pointer to a string filled in with the
- offset of the most recent '&' before the
- first failing name / value pair (or the
- beginn ing of the string if the failure
- is in the first name / value pair) or
- the terminating NULL if all was
- successful.
-
- @retval EFI_SUCCESS The results have been distributed or are
- awaiting distribution.
-
- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
- parts of the results that must be
- stored awaiting possible future
- protocols.
-
- @retval EFI_INVALID_PARAMETERS Passing in a NULL for the
- Results parameter would result
- in this type of error.
-
- @retval EFI_NOT_FOUND Target for the specified routing data
- was not found
-
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessRouteConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Configuration,
- OUT EFI_STRING *Progress
- )
-{
- EFI_STATUS Status;
- UINTN BufferSize;
- TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
-
- if (Progress == NULL) {
- return EFI_INVALID_PARAMETER;
- }
- *Progress = Configuration;
-
- if (Configuration == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- //
- // Check routing data in <ConfigHdr>.
- // Note: there is no name for Name/Value storage, only GUID will be checked
- //
- if (!HiiIsConfigHdrMatch (Configuration, &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {
- return EFI_NOT_FOUND;
- }
-
- Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
-
- BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
- ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);
-
- Status = gHiiConfigRouting->ConfigToBlock (
- gHiiConfigRouting,
- Configuration,
- (UINT8 *) &Private->TlsAuthConfigNvData,
- &BufferSize,
- Progress
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- return Status;
-}
-
-/**
-
- This function is called to provide results data to the driver.
- This data consists of a unique key that is used to identify
- which data is either being passed back or being asked for.
-
- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
- @param Action Specifies the type of action taken by the browser.
- @param QuestionId A unique value which is sent to the original
- exporting driver so that it can identify the type
- of data to expect. The format of the data tends to
- vary based on the opcode that generated the callback.
- @param Type The type of value for the question.
- @param Value A pointer to the data being sent to the original
- exporting driver.
- @param ActionRequest On return, points to the action requested by the
- callback function.
-
- @retval EFI_SUCCESS The callback successfully handled the action.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
- variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved.
- @retval EFI_UNSUPPORTED The specified Action is not supported by the
- callback.
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessCallback (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN EFI_BROWSER_ACTION Action,
- IN EFI_QUESTION_ID QuestionId,
- IN UINT8 Type,
- IN OUT EFI_IFR_TYPE_VALUE *Value,
- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
- )
-{
- EFI_INPUT_KEY Key;
- EFI_STATUS Status;
- RETURN_STATUS RStatus;
- TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
- UINTN BufferSize;
- TLS_AUTH_CONFIG_IFR_NVDATA *IfrNvData;
- UINT16 LabelId;
- EFI_DEVICE_PATH_PROTOCOL *File;
-
- Status = EFI_SUCCESS;
- File = NULL;
-
- if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
-
- mTlsAuthPrivateData = Private;
-
- //
- // Retrieve uncommitted data from Browser
- //
- BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
- IfrNvData = AllocateZeroPool (BufferSize);
- if (IfrNvData == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- HiiGetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, BufferSize, (UINT8 *) IfrNvData);
-
- if ((Action != EFI_BROWSER_ACTION_CHANGED) &&
- (Action != EFI_BROWSER_ACTION_CHANGING)) {
- Status = EFI_UNSUPPORTED;
- goto EXIT;
- }
-
- if (Action == EFI_BROWSER_ACTION_CHANGING) {
- switch (QuestionId) {
- case KEY_TLS_AUTH_CONFIG_CLIENT_CERT:
- case KEY_TLS_AUTH_CONFIG_SERVER_CA:
- //
- // Clear Cert GUID.
- //
- ZeroMem (IfrNvData->CertGuid, sizeof (IfrNvData->CertGuid));
- if (Private->CertGuid == NULL) {
- Private->CertGuid = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID));
- if (Private->CertGuid == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
- }
- if (QuestionId == KEY_TLS_AUTH_CONFIG_CLIENT_CERT) {
- LabelId = TLS_AUTH_CONFIG_FORMID3_FORM;
- } else {
- LabelId = TLS_AUTH_CONFIG_FORMID4_FORM;
- }
-
- //
- // Refresh selected file.
- //
- CleanUpPage (LabelId, Private);
- break;
- case KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE:
- ChooseFile( NULL, NULL, UpdateCAFromFile, &File);
- break;
-
- case KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT:
- Status = EnrollCertDatabase (Private, EFI_TLS_CA_CERTIFICATE_VARIABLE);
- if (EFI_ERROR (Status)) {
- CreatePopUp (
- EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
- &Key,
- L"ERROR: Enroll Cert Failure!",
- NULL
- );
- }
- break;
-
- case KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT:
- if (Private->FileContext->FHandle != NULL) {
- CloseFile (Private->FileContext->FHandle);
- Private->FileContext->FHandle = NULL;
- if (Private->FileContext->FileName!= NULL){
- FreePool(Private->FileContext->FileName);
- Private->FileContext->FileName = NULL;
- }
- }
-
- if (Private->CertGuid!= NULL) {
- FreePool (Private->CertGuid);
- Private->CertGuid = NULL;
- }
- break;
-
- case KEY_TLS_AUTH_CONFIG_DELETE_CERT:
- UpdateDeletePage (
- Private,
- EFI_TLS_CA_CERTIFICATE_VARIABLE,
- &gEfiTlsCaCertificateGuid,
- LABEL_CA_DELETE,
- TLS_AUTH_CONFIG_FORMID5_FORM,
- OPTION_DEL_CA_ESTION_ID
- );
- break;
-
- default:
- if ((QuestionId >= OPTION_DEL_CA_ESTION_ID) &&
- (QuestionId < (OPTION_DEL_CA_ESTION_ID + OPTION_CONFIG_RANGE))) {
- DeleteCert (
- Private,
- EFI_TLS_CA_CERTIFICATE_VARIABLE,
- &gEfiTlsCaCertificateGuid,
- LABEL_CA_DELETE,
- TLS_AUTH_CONFIG_FORMID5_FORM,
- OPTION_DEL_CA_ESTION_ID,
- QuestionId - OPTION_DEL_CA_ESTION_ID
- );
- }
- break;
- }
- } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
- switch (QuestionId) {
- case KEY_TLS_AUTH_CONFIG_CERT_GUID:
- ASSERT (Private->CertGuid != NULL);
- RStatus = StrToGuid (
- IfrNvData->CertGuid,
- Private->CertGuid
- );
- if (RETURN_ERROR (RStatus) || (IfrNvData->CertGuid[GUID_STRING_LENGTH] != L'\0')) {
- Status = EFI_INVALID_PARAMETER;
- break;
- }
-
- *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
- break;
- default:
- break;
- }
- }
-
-EXIT:
-
- if (!EFI_ERROR (Status)) {
- BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
- HiiSetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, BufferSize, (UINT8*) IfrNvData, NULL);
- }
-
- FreePool (IfrNvData);
-
- if (File != NULL){
- FreePool(File);
- File = NULL;
- }
-
- return EFI_SUCCESS;
-
-}
+/** @file
+ The Miscellaneous Routines for TlsAuthConfigDxe driver.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "TlsAuthConfigImpl.h"
+
+VOID *mStartOpCodeHandle = NULL;
+VOID *mEndOpCodeHandle = NULL;
+EFI_IFR_GUID_LABEL *mStartLabel = NULL;
+EFI_IFR_GUID_LABEL *mEndLabel = NULL;
+
+
+CHAR16 mTlsAuthConfigStorageName[] = L"TLS_AUTH_CONFIG_IFR_NVDATA";
+
+TLS_AUTH_CONFIG_PRIVATE_DATA *mTlsAuthPrivateData = NULL;
+
+HII_VENDOR_DEVICE_PATH mTlsAuthConfigHiiVendorDevicePath = {
+ {
+ {
+ HARDWARE_DEVICE_PATH,
+ HW_VENDOR_DP,
+ {
+ (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
+ (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
+ }
+ },
+ TLS_AUTH_CONFIG_GUID
+ },
+ {
+ END_DEVICE_PATH_TYPE,
+ END_ENTIRE_DEVICE_PATH_SUBTYPE,
+ {
+ (UINT8) (END_DEVICE_PATH_LENGTH),
+ (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
+ }
+ }
+};
+
+//
+// Possible DER-encoded certificate file suffixes, end with NULL pointer.
+//
+CHAR16* mDerPemEncodedSuffix[] = {
+ L".cer",
+ L".der",
+ L".crt",
+ L".pem",
+ NULL
+};
+
+/**
+ This code checks if the FileSuffix is one of the possible DER/PEM-encoded certificate suffix.
+
+ @param[in] FileSuffix The suffix of the input certificate file
+
+ @retval TRUE It's a DER/PEM-encoded certificate.
+ @retval FALSE It's NOT a DER/PEM-encoded certificate.
+
+**/
+BOOLEAN
+IsDerPemEncodeCertificate (
+ IN CONST CHAR16 *FileSuffix
+)
+{
+ UINTN Index;
+ for (Index = 0; mDerPemEncodedSuffix[Index] != NULL; Index++) {
+ if (StrCmp (FileSuffix, mDerPemEncodedSuffix[Index]) == 0) {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+/**
+ Worker function that prints an EFI_GUID into specified Buffer.
+
+ @param[in] Guid Pointer to GUID to print.
+ @param[in] Buffer Buffer to print Guid into.
+ @param[in] BufferSize Size of Buffer.
+
+ @retval Number of characters printed.
+
+**/
+UINTN
+GuidToString (
+ IN EFI_GUID *Guid,
+ IN CHAR16 *Buffer,
+ IN UINTN BufferSize
+ )
+{
+ return UnicodeSPrint (
+ Buffer,
+ BufferSize,
+ L"%g",
+ Guid
+ );
+}
+
+/**
+ List all cert in specified database by GUID in the page
+ for user to select and delete as needed.
+
+ @param[in] PrivateData Module's private data.
+ @param[in] VariableName The variable name of the vendor's signature database.
+ @param[in] VendorGuid A unique identifier for the vendor.
+ @param[in] LabelNumber Label number to insert opcodes.
+ @param[in] FormId Form ID of current page.
+ @param[in] QuestionIdBase Base question id of the signature list.
+
+ @retval EFI_SUCCESS Success to update the signature list page
+ @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources.
+
+**/
+EFI_STATUS
+UpdateDeletePage (
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT16 LabelNumber,
+ IN EFI_FORM_ID FormId,
+ IN EFI_QUESTION_ID QuestionIdBase
+ )
+{
+ EFI_STATUS Status;
+ UINT32 Index;
+ UINTN CertCount;
+ UINTN GuidIndex;
+ VOID *StartOpCodeHandle;
+ VOID *EndOpCodeHandle;
+ EFI_IFR_GUID_LABEL *StartLabel;
+ EFI_IFR_GUID_LABEL *EndLabel;
+ UINTN DataSize;
+ UINT8 *Data;
+ EFI_SIGNATURE_LIST *CertList;
+ EFI_SIGNATURE_DATA *Cert;
+ UINT32 ItemDataSize;
+ CHAR16 *GuidStr;
+ EFI_STRING_ID GuidID;
+ EFI_STRING_ID Help;
+
+ Data = NULL;
+ CertList = NULL;
+ Cert = NULL;
+ GuidStr = NULL;
+ StartOpCodeHandle = NULL;
+ EndOpCodeHandle = NULL;
+
+ //
+ // Initialize the container for dynamic opcodes.
+ //
+ StartOpCodeHandle = HiiAllocateOpCodeHandle ();
+ if (StartOpCodeHandle == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ EndOpCodeHandle = HiiAllocateOpCodeHandle ();
+ if (EndOpCodeHandle == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ //
+ // Create Hii Extend Label OpCode.
+ //
+ StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
+ StartOpCodeHandle,
+ &gEfiIfrTianoGuid,
+ NULL,
+ sizeof (EFI_IFR_GUID_LABEL)
+ );
+ StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
+ StartLabel->Number = LabelNumber;
+
+ EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
+ EndOpCodeHandle,
+ &gEfiIfrTianoGuid,
+ NULL,
+ sizeof (EFI_IFR_GUID_LABEL)
+ );
+ EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
+ EndLabel->Number = LABEL_END;
+
+ //
+ // Read Variable.
+ //
+ DataSize = 0;
+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);
+ if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
+ goto ON_EXIT;
+ }
+
+ Data = (UINT8 *) AllocateZeroPool (DataSize);
+ if (Data == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data);
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ GuidStr = AllocateZeroPool (100);
+ if (GuidStr == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ //
+ // Enumerate all data.
+ //
+ ItemDataSize = (UINT32) DataSize;
+ CertList = (EFI_SIGNATURE_LIST *) Data;
+ GuidIndex = 0;
+
+ while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
+
+ if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
+ Help = STRING_TOKEN (STR_CERT_TYPE_PCKS_GUID);
+ } else {
+ //
+ // The signature type is not supported in current implementation.
+ //
+ ItemDataSize -= CertList->SignatureListSize;
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ continue;
+ }
+
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ for (Index = 0; Index < CertCount; Index++) {
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList
+ + sizeof (EFI_SIGNATURE_LIST)
+ + CertList->SignatureHeaderSize
+ + Index * CertList->SignatureSize);
+ //
+ // Display GUID and help
+ //
+ GuidToString (&Cert->SignatureOwner, GuidStr, 100);
+ GuidID = HiiSetString (Private->RegisteredHandle, 0, GuidStr, NULL);
+ HiiCreateCheckBoxOpCode (
+ StartOpCodeHandle,
+ (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++),
+ 0,
+ 0,
+ GuidID,
+ Help,
+ EFI_IFR_FLAG_CALLBACK,
+ 0,
+ NULL
+ );
+ }
+
+ ItemDataSize -= CertList->SignatureListSize;
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ }
+
+ON_EXIT:
+ HiiUpdateForm (
+ Private->RegisteredHandle,
+ &gTlsAuthConfigGuid,
+ FormId,
+ StartOpCodeHandle,
+ EndOpCodeHandle
+ );
+
+ if (StartOpCodeHandle != NULL) {
+ HiiFreeOpCodeHandle (StartOpCodeHandle);
+ }
+
+ if (EndOpCodeHandle != NULL) {
+ HiiFreeOpCodeHandle (EndOpCodeHandle);
+ }
+
+ if (Data != NULL) {
+ FreePool (Data);
+ }
+
+ if (GuidStr != NULL) {
+ FreePool (GuidStr);
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Delete one entry from cert database.
+
+ @param[in] PrivateData Module's private data.
+ @param[in] VariableName The variable name of the database.
+ @param[in] VendorGuid A unique identifier for the vendor.
+ @param[in] LabelNumber Label number to insert opcodes.
+ @param[in] FormId Form ID of current page.
+ @param[in] QuestionIdBase Base question id of the cert list.
+ @param[in] DeleteIndex Cert index to delete.
+
+ @retval EFI_SUCCESS Delete siganture successfully.
+ @retval EFI_NOT_FOUND Can't find the signature item,
+ @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
+**/
+EFI_STATUS
+DeleteCert (
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT16 LabelNumber,
+ IN EFI_FORM_ID FormId,
+ IN EFI_QUESTION_ID QuestionIdBase,
+ IN UINTN DeleteIndex
+ )
+{
+ EFI_STATUS Status;
+ UINTN DataSize;
+ UINT8 *Data;
+ UINT8 *OldData;
+ UINT32 Attr;
+ UINT32 Index;
+ EFI_SIGNATURE_LIST *CertList;
+ EFI_SIGNATURE_LIST *NewCertList;
+ EFI_SIGNATURE_DATA *Cert;
+ UINTN CertCount;
+ UINT32 Offset;
+ BOOLEAN IsItemFound;
+ UINT32 ItemDataSize;
+ UINTN GuidIndex;
+
+ Data = NULL;
+ OldData = NULL;
+ CertList = NULL;
+ Cert = NULL;
+ Attr = 0;
+
+ //
+ // Get original signature list data.
+ //
+ DataSize = 0;
+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL);
+ if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
+ goto ON_EXIT;
+ }
+
+ OldData = (UINT8 *) AllocateZeroPool (DataSize);
+ if (OldData == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ Status = gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSize, OldData);
+ if (EFI_ERROR(Status)) {
+ goto ON_EXIT;
+ }
+
+ //
+ // Allocate space for new variable.
+ //
+ Data = (UINT8*) AllocateZeroPool (DataSize);
+ if (Data == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ //
+ // Enumerate all data and erasing the target item.
+ //
+ IsItemFound = FALSE;
+ ItemDataSize = (UINT32) DataSize;
+ CertList = (EFI_SIGNATURE_LIST *) OldData;
+ Offset = 0;
+ GuidIndex = 0;
+ while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
+ if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
+ //
+ // Copy EFI_SIGNATURE_LIST header then calculate the signature count in this list.
+ //
+ CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize));
+ NewCertList = (EFI_SIGNATURE_LIST*) (Data + Offset);
+ Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ for (Index = 0; Index < CertCount; Index++) {
+ if (GuidIndex == DeleteIndex) {
+ //
+ // Find it! Skip it!
+ //
+ NewCertList->SignatureListSize -= CertList->SignatureSize;
+ IsItemFound = TRUE;
+ } else {
+ //
+ // This item doesn't match. Copy it to the Data buffer.
+ //
+ CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSize);
+ Offset += CertList->SignatureSize;
+ }
+ GuidIndex++;
+ Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
+ }
+ } else {
+ //
+ // This List doesn't match. Just copy it to the Data buffer.
+ //
+ CopyMem (Data + Offset, (UINT8*)(CertList), CertList->SignatureListSize);
+ Offset += CertList->SignatureListSize;
+ }
+
+ ItemDataSize -= CertList->SignatureListSize;
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ }
+
+ if (!IsItemFound) {
+ //
+ // Doesn't find the signature Item!
+ //
+ Status = EFI_NOT_FOUND;
+ goto ON_EXIT;
+ }
+
+ //
+ // Delete the EFI_SIGNATURE_LIST header if there is no signature in the list.
+ //
+ ItemDataSize = Offset;
+ CertList = (EFI_SIGNATURE_LIST *) Data;
+ Offset = 0;
+ ZeroMem (OldData, ItemDataSize);
+ while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) {
+ CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
+ DEBUG ((DEBUG_INFO, " CertCount = %x\n", CertCount));
+ if (CertCount != 0) {
+ CopyMem (OldData + Offset, (UINT8*)(CertList), CertList->SignatureListSize);
+ Offset += CertList->SignatureListSize;
+ }
+ ItemDataSize -= CertList->SignatureListSize;
+ CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ }
+
+ DataSize = Offset;
+
+ Status = gRT->SetVariable(
+ VariableName,
+ VendorGuid,
+ Attr,
+ DataSize,
+ OldData
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r\n", Status));
+ goto ON_EXIT;
+ }
+
+ON_EXIT:
+ if (Data != NULL) {
+ FreePool(Data);
+ }
+
+ if (OldData != NULL) {
+ FreePool(OldData);
+ }
+
+ return UpdateDeletePage (
+ Private,
+ VariableName,
+ VendorGuid,
+ LabelNumber,
+ FormId,
+ QuestionIdBase
+ );
+}
+
+
+/**
+ Close an open file handle.
+
+ @param[in] FileHandle The file handle to close.
+
+**/
+VOID
+CloseFile (
+ IN EFI_FILE_HANDLE FileHandle
+ )
+{
+ if (FileHandle != NULL) {
+ FileHandle->Close (FileHandle);
+ }
+}
+
+/**
+ Read file content into BufferPtr, the size of the allocate buffer
+ is *FileSize plus AddtionAllocateSize.
+
+ @param[in] FileHandle The file to be read.
+ @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
+ @param[out] FileSize Size of input file
+ @param[in] AddtionAllocateSize Addtion size the buffer need to be allocated.
+ In case the buffer need to contain others besides the file content.
+
+ @retval EFI_SUCCESS The file was read into the buffer.
+ @retval EFI_INVALID_PARAMETER A parameter was invalid.
+ @retval EFI_OUT_OF_RESOURCES A memory allocation failed.
+ @retval others Unexpected error.
+
+**/
+EFI_STATUS
+ReadFileContent (
+ IN EFI_FILE_HANDLE FileHandle,
+ IN OUT VOID **BufferPtr,
+ OUT UINTN *FileSize,
+ IN UINTN AddtionAllocateSize
+ )
+
+{
+ UINTN BufferSize;
+ UINT64 SourceFileSize;
+ VOID *Buffer;
+ EFI_STATUS Status;
+
+ if ((FileHandle == NULL) || (FileSize == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Buffer = NULL;
+
+ //
+ // Get the file size
+ //
+ Status = FileHandle->SetPosition (FileHandle, (UINT64) -1);
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ Status = FileHandle->GetPosition (FileHandle, &SourceFileSize);
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ Status = FileHandle->SetPosition (FileHandle, 0);
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ BufferSize = (UINTN) SourceFileSize + AddtionAllocateSize;
+ Buffer = AllocateZeroPool(BufferSize);
+ if (Buffer == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ BufferSize = (UINTN) SourceFileSize;
+ *FileSize = BufferSize;
+
+ Status = FileHandle->Read (FileHandle, &BufferSize, Buffer);
+ if (EFI_ERROR (Status) || BufferSize != *FileSize) {
+ FreePool (Buffer);
+ Buffer = NULL;
+ Status = EFI_BAD_BUFFER_SIZE;
+ goto ON_EXIT;
+ }
+
+ON_EXIT:
+
+ *BufferPtr = Buffer;
+ return Status;
+}
+
+/**
+ This function will open a file or directory referenced by DevicePath.
+
+ This function opens a file with the open mode according to the file path. The
+ Attributes is valid only for EFI_FILE_MODE_CREATE.
+
+ @param[in, out] FilePath On input, the device path to the file.
+ On output, the remaining device path.
+ @param[out] FileHandle Pointer to the file handle.
+ @param[in] OpenMode The mode to open the file with.
+ @param[in] Attributes The file's file attributes.
+
+ @retval EFI_SUCCESS The information was set.
+ @retval EFI_INVALID_PARAMETER One of the parameters has an invalid value.
+ @retval EFI_UNSUPPORTED Could not open the file path.
+ @retval EFI_NOT_FOUND The specified file could not be found on the
+ device or the file system could not be found on
+ the device.
+ @retval EFI_NO_MEDIA The device has no medium.
+ @retval EFI_MEDIA_CHANGED The device has a different medium in it or the
+ medium is no longer supported.
+ @retval EFI_DEVICE_ERROR The device reported an error.
+ @retval EFI_VOLUME_CORRUPTED The file system structures are corrupted.
+ @retval EFI_WRITE_PROTECTED The file or medium is write protected.
+ @retval EFI_ACCESS_DENIED The file was opened read only.
+ @retval EFI_OUT_OF_RESOURCES Not enough resources were available to open the
+ file.
+ @retval EFI_VOLUME_FULL The volume is full.
+**/
+EFI_STATUS
+EFIAPI
+OpenFileByDevicePath (
+ IN OUT EFI_DEVICE_PATH_PROTOCOL **FilePath,
+ OUT EFI_FILE_HANDLE *FileHandle,
+ IN UINT64 OpenMode,
+ IN UINT64 Attributes
+ )
+{
+ EFI_STATUS Status;
+ EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol;
+ EFI_FILE_PROTOCOL *Handle1;
+ EFI_FILE_PROTOCOL *Handle2;
+ EFI_HANDLE DeviceHandle;
+
+ if ((FilePath == NULL || FileHandle == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Status = gBS->LocateDevicePath (
+ &gEfiSimpleFileSystemProtocolGuid,
+ FilePath,
+ &DeviceHandle
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = gBS->OpenProtocol(
+ DeviceHandle,
+ &gEfiSimpleFileSystemProtocolGuid,
+ (VOID**)&EfiSimpleFileSystemProtocol,
+ gImageHandle,
+ NULL,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = EfiSimpleFileSystemProtocol->OpenVolume(EfiSimpleFileSystemProtocol, &Handle1);
+ if (EFI_ERROR (Status)) {
+ FileHandle = NULL;
+ return Status;
+ }
+
+ //
+ // go down directories one node at a time.
+ //
+ while (!IsDevicePathEnd (*FilePath)) {
+ //
+ // For file system access each node should be a file path component
+ //
+ if (DevicePathType (*FilePath) != MEDIA_DEVICE_PATH ||
+ DevicePathSubType (*FilePath) != MEDIA_FILEPATH_DP
+ ) {
+ FileHandle = NULL;
+ return (EFI_INVALID_PARAMETER);
+ }
+ //
+ // Open this file path node
+ //
+ Handle2 = Handle1;
+ Handle1 = NULL;
+
+ //
+ // Try to test opening an existing file
+ //
+ Status = Handle2->Open (
+ Handle2,
+ &Handle1,
+ ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
+ OpenMode &~EFI_FILE_MODE_CREATE,
+ 0
+ );
+
+ //
+ // see if the error was that it needs to be created
+ //
+ if ((EFI_ERROR (Status)) && (OpenMode != (OpenMode &~EFI_FILE_MODE_CREATE))) {
+ Status = Handle2->Open (
+ Handle2,
+ &Handle1,
+ ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
+ OpenMode,
+ Attributes
+ );
+ }
+ //
+ // Close the last node
+ //
+ Handle2->Close (Handle2);
+
+ if (EFI_ERROR(Status)) {
+ return (Status);
+ }
+
+ //
+ // Get the next node
+ //
+ *FilePath = NextDevicePathNode (*FilePath);
+ }
+
+ //
+ // This is a weak spot since if the undefined SHELL_FILE_HANDLE format changes this must change also!
+ //
+ *FileHandle = (VOID*)Handle1;
+ return EFI_SUCCESS;
+}
+
+/**
+ This function converts an input device structure to a Unicode string.
+
+ @param[in] DevPath A pointer to the device path structure.
+
+ @return A new allocated Unicode string that represents the device path.
+
+**/
+CHAR16 *
+EFIAPI
+DevicePathToStr (
+ IN EFI_DEVICE_PATH_PROTOCOL *DevPath
+ )
+{
+ return ConvertDevicePathToText (
+ DevPath,
+ FALSE,
+ TRUE
+ );
+}
+
+
+/**
+ Extract filename from device path. The returned buffer is allocated using AllocateCopyPool.
+ The caller is responsible for freeing the allocated buffer using FreePool(). If return NULL
+ means not enough memory resource.
+
+ @param DevicePath Device path.
+
+ @retval NULL Not enough memory resourece for AllocateCopyPool.
+ @retval Other A new allocated string that represents the file name.
+
+**/
+CHAR16 *
+ExtractFileNameFromDevicePath (
+ IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
+ )
+{
+ CHAR16 *String;
+ CHAR16 *MatchString;
+ CHAR16 *LastMatch;
+ CHAR16 *FileName;
+ UINTN Length;
+
+ ASSERT(DevicePath != NULL);
+
+ String = DevicePathToStr(DevicePath);
+ MatchString = String;
+ LastMatch = String;
+ FileName = NULL;
+
+ while(MatchString != NULL){
+ LastMatch = MatchString + 1;
+ MatchString = StrStr(LastMatch,L"\\");
+ }
+
+ Length = StrLen(LastMatch);
+ FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch);
+ if (FileName != NULL) {
+ *(FileName + Length) = 0;
+ }
+
+ FreePool(String);
+
+ return FileName;
+}
+
+/**
+ Enroll a new X509 certificate into Variable.
+
+ @param[in] PrivateData The module's private data.
+ @param[in] VariableName Variable name of CA database.
+
+ @retval EFI_SUCCESS New X509 is enrolled successfully.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
+
+**/
+EFI_STATUS
+EnrollX509toVariable (
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
+ IN CHAR16 *VariableName
+ )
+{
+ EFI_STATUS Status;
+ UINTN X509DataSize;
+ VOID *X509Data;
+ EFI_SIGNATURE_LIST *CACert;
+ EFI_SIGNATURE_DATA *CACertData;
+ VOID *Data;
+ UINTN DataSize;
+ UINTN SigDataSize;
+ UINT32 Attr;
+
+ X509DataSize = 0;
+ SigDataSize = 0;
+ DataSize = 0;
+ X509Data = NULL;
+ CACert = NULL;
+ CACertData = NULL;
+ Data = NULL;
+
+ Status = ReadFileContent (
+ Private->FileContext->FHandle,
+ &X509Data,
+ &X509DataSize,
+ 0
+ );
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+ ASSERT (X509Data != NULL);
+
+ SigDataSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize;
+
+ Data = AllocateZeroPool (SigDataSize);
+ if (Data == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ //
+ // Fill Certificate Database parameters.
+ //
+ CACert = (EFI_SIGNATURE_LIST*) Data;
+ CACert->SignatureListSize = (UINT32) SigDataSize;
+ CACert->SignatureHeaderSize = 0;
+ CACert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize);
+ CopyGuid (&CACert->SignatureType, &gEfiCertX509Guid);
+
+ CACertData = (EFI_SIGNATURE_DATA*) ((UINT8* ) CACert + sizeof (EFI_SIGNATURE_LIST));
+ CopyGuid (&CACertData->SignatureOwner, Private->CertGuid);
+ CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, X509DataSize);
+
+ //
+ // Check if signature database entry has been already existed.
+ // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
+ // new signature data to original variable
+ //
+ Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
+
+ Status = gRT->GetVariable(
+ VariableName,
+ &gEfiTlsCaCertificateGuid,
+ NULL,
+ &DataSize,
+ NULL
+ );
+ if (Status == EFI_BUFFER_TOO_SMALL) {
+ Attr |= EFI_VARIABLE_APPEND_WRITE;
+ } else if (Status != EFI_NOT_FOUND) {
+ goto ON_EXIT;
+ }
+
+ Status = gRT->SetVariable(
+ VariableName,
+ &gEfiTlsCaCertificateGuid,
+ Attr,
+ SigDataSize,
+ Data
+ );
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ON_EXIT:
+
+ CloseFile (Private->FileContext->FHandle);
+ if (Private->FileContext->FileName != NULL) {
+ FreePool(Private->FileContext->FileName);
+ Private->FileContext->FileName = NULL;
+ }
+
+ Private->FileContext->FHandle = NULL;
+
+ if (Private->CertGuid != NULL) {
+ FreePool (Private->CertGuid);
+ Private->CertGuid = NULL;
+ }
+
+ if (Data != NULL) {
+ FreePool (Data);
+ }
+
+ if (X509Data != NULL) {
+ FreePool (X509Data);
+ }
+
+ return Status;
+}
+
+/**
+ Enroll Cert into TlsCaCertificate. The GUID will be Private->CertGuid.
+
+ @param[in] PrivateData The module's private data.
+ @param[in] VariableName Variable name of signature database.
+
+ @retval EFI_SUCCESS New Cert enrolled successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_UNSUPPORTED The Cert file is unsupported type.
+ @retval others Fail to enroll Cert data.
+
+**/
+EFI_STATUS
+EnrollCertDatabase (
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
+ IN CHAR16 *VariableName
+ )
+{
+ UINT16* FilePostFix;
+ UINTN NameLength;
+
+ if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->CertGuid == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Parse the file's postfix.
+ //
+ NameLength = StrLen (Private->FileContext->FileName);
+ if (NameLength <= 4) {
+ return EFI_INVALID_PARAMETER;
+ }
+ FilePostFix = Private->FileContext->FileName + NameLength - 4;
+
+ if (IsDerPemEncodeCertificate (FilePostFix)) {
+ //
+ // Supports DER-encoded X509 certificate.
+ //
+ return EnrollX509toVariable (Private, VariableName);
+ }
+
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Refresh the global UpdateData structure.
+
+**/
+VOID
+RefreshUpdateData (
+ VOID
+ )
+{
+ //
+ // Free current updated date
+ //
+ if (mStartOpCodeHandle != NULL) {
+ HiiFreeOpCodeHandle (mStartOpCodeHandle);
+ }
+
+ //
+ // Create new OpCode Handle
+ //
+ mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
+
+ //
+ // Create Hii Extend Label OpCode as the start opcode
+ //
+ mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
+ mStartOpCodeHandle,
+ &gEfiIfrTianoGuid,
+ NULL,
+ sizeof (EFI_IFR_GUID_LABEL)
+ );
+ mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
+}
+
+/**
+ Clean up the dynamic opcode at label and form specified by both LabelId.
+
+ @param[in] LabelId It is both the Form ID and Label ID for opcode deletion.
+ @param[in] PrivateData Module private data.
+
+**/
+VOID
+CleanUpPage (
+ IN UINT16 LabelId,
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData
+ )
+{
+ RefreshUpdateData ();
+
+ //
+ // Remove all op-codes from dynamic page
+ //
+ mStartLabel->Number = LabelId;
+ HiiUpdateForm (
+ PrivateData->RegisteredHandle,
+ &gTlsAuthConfigGuid,
+ LabelId,
+ mStartOpCodeHandle, // Label LabelId
+ mEndOpCodeHandle // LABEL_END
+ );
+}
+
+/**
+ Update the form base on the selected file.
+
+ @param FilePath Point to the file path.
+ @param FormId The form need to display.
+
+ @retval TRUE Exit caller function.
+ @retval FALSE Not exit caller function.
+
+**/
+BOOLEAN
+UpdatePage(
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath,
+ IN EFI_FORM_ID FormId
+ )
+{
+ CHAR16 *FileName;
+ EFI_STRING_ID StringToken;
+
+ FileName = NULL;
+
+ if (FilePath != NULL) {
+ FileName = ExtractFileNameFromDevicePath(FilePath);
+ }
+ if (FileName == NULL) {
+ //
+ // FileName = NULL has two case:
+ // 1. FilePath == NULL, not select file.
+ // 2. FilePath != NULL, but ExtractFileNameFromDevicePath return NULL not enough memory resource.
+ // In these two case, no need to update the form, and exit the caller function.
+ //
+ return TRUE;
+ }
+ StringToken = HiiSetString (mTlsAuthPrivateData->RegisteredHandle, 0, FileName, NULL);
+
+ mTlsAuthPrivateData->FileContext->FileName = FileName;
+
+ OpenFileByDevicePath (
+ &FilePath,
+ &mTlsAuthPrivateData->FileContext->FHandle,
+ EFI_FILE_MODE_READ,
+ 0
+ );
+ //
+ // Create Subtitle op-code for the display string of the option.
+ //
+ RefreshUpdateData ();
+ mStartLabel->Number = FormId;
+
+ HiiCreateSubTitleOpCode (
+ mStartOpCodeHandle,
+ StringToken,
+ 0,
+ 0,
+ 0
+ );
+
+ HiiUpdateForm (
+ mTlsAuthPrivateData->RegisteredHandle,
+ &gTlsAuthConfigGuid,
+ FormId,
+ mStartOpCodeHandle, /// Label FormId
+ mEndOpCodeHandle /// LABEL_END
+ );
+
+ return TRUE;
+}
+
+/**
+ Update the form base on the input file path info.
+
+ @param FilePath Point to the file path.
+
+ @retval TRUE Exit caller function.
+ @retval FALSE Not exit caller function.
+**/
+BOOLEAN
+EFIAPI
+UpdateCAFromFile (
+ IN EFI_DEVICE_PATH_PROTOCOL *FilePath
+ )
+{
+ return UpdatePage(FilePath, TLS_AUTH_CONFIG_FORMID4_FORM);
+}
+
+/**
+ Unload the configuration form, this includes: delete all the configuration
+ entries, uninstall the form callback protocol, and free the resources used.
+
+ @param[in] Private Pointer to the driver private data.
+
+ @retval EFI_SUCCESS The configuration form is unloaded.
+ @retval Others Failed to unload the form.
+
+**/
+EFI_STATUS
+TlsAuthConfigFormUnload (
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
+ )
+{
+ if (Private->DriverHandle != NULL) {
+ //
+ // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL
+ //
+ gBS->UninstallMultipleProtocolInterfaces (
+ Private->DriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mTlsAuthConfigHiiVendorDevicePath,
+ &gEfiHiiConfigAccessProtocolGuid,
+ &Private->ConfigAccess,
+ NULL
+ );
+ Private->DriverHandle = NULL;
+ }
+
+ if (Private->RegisteredHandle != NULL) {
+ //
+ // Remove HII package list
+ //
+ HiiRemovePackages (Private->RegisteredHandle);
+ Private->RegisteredHandle = NULL;
+ }
+
+ if (Private->CertGuid != NULL) {
+ FreePool (Private->CertGuid);
+ }
+
+ if (Private->FileContext != NULL) {
+ FreePool (Private->FileContext);
+ }
+
+ FreePool (Private);
+
+ if (mStartOpCodeHandle != NULL) {
+ HiiFreeOpCodeHandle (mStartOpCodeHandle);
+ }
+
+ if (mEndOpCodeHandle != NULL) {
+ HiiFreeOpCodeHandle (mEndOpCodeHandle);
+ }
+
+ return EFI_SUCCESS;
+}
+
+
+/**
+ Initialize the configuration form.
+
+ @param[in] Private Pointer to the driver private data.
+
+ @retval EFI_SUCCESS The configuration form is initialized.
+ @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
+
+**/
+EFI_STATUS
+TlsAuthConfigFormInit (
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
+ )
+{
+ EFI_STATUS Status;
+
+ Private->Signature = TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE;
+
+ Private->ConfigAccess.ExtractConfig = TlsAuthConfigAccessExtractConfig;
+ Private->ConfigAccess.RouteConfig = TlsAuthConfigAccessRouteConfig;
+ Private->ConfigAccess.Callback = TlsAuthConfigAccessCallback;
+
+ //
+ // Install Device Path Protocol and Config Access protocol to driver handle.
+ //
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &Private->DriverHandle,
+ &gEfiDevicePathProtocolGuid,
+ &mTlsAuthConfigHiiVendorDevicePath,
+ &gEfiHiiConfigAccessProtocolGuid,
+ &Private->ConfigAccess,
+ NULL
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Publish our HII data.
+ //
+ Private->RegisteredHandle = HiiAddPackages (
+ &gTlsAuthConfigGuid,
+ Private->DriverHandle,
+ TlsAuthConfigDxeStrings,
+ TlsAuthConfigVfrBin,
+ NULL
+ );
+ if (Private->RegisteredHandle == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Error;
+ }
+
+ Private->FileContext = AllocateZeroPool (sizeof (TLS_AUTH_CONFIG_FILE_CONTEXT));
+ if (Private->FileContext == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Error;
+ }
+
+ //
+ // Init OpCode Handle and Allocate space for creation of Buffer
+ //
+ mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
+ if (mStartOpCodeHandle == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Error;
+ }
+
+ mEndOpCodeHandle = HiiAllocateOpCodeHandle ();
+ if (mEndOpCodeHandle == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto Error;
+ }
+
+ //
+ // Create Hii Extend Label OpCode as the start opcode
+ //
+ mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
+ mStartOpCodeHandle,
+ &gEfiIfrTianoGuid,
+ NULL,
+ sizeof (EFI_IFR_GUID_LABEL)
+ );
+ mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
+
+ //
+ // Create Hii Extend Label OpCode as the end opcode
+ //
+ mEndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
+ mEndOpCodeHandle,
+ &gEfiIfrTianoGuid,
+ NULL,
+ sizeof (EFI_IFR_GUID_LABEL)
+ );
+ mEndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
+ mEndLabel->Number = LABEL_END;
+
+ return EFI_SUCCESS;
+
+Error:
+ TlsAuthConfigFormUnload (Private);
+ return Status;
+}
+
+/**
+
+ This function allows the caller to request the current
+ configuration for one or more named elements. The resulting
+ string is in <ConfigAltResp> format. Any and all alternative
+ configuration strings shall also be appended to the end of the
+ current configuration string. If they are, they must appear
+ after the current configuration. They must contain the same
+ routing (GUID, NAME, PATH) as the current configuration string.
+ They must have an additional description indicating the type of
+ alternative configuration the string represents,
+ "ALTCFG=<StringToken>". That <StringToken> (when
+ converted from Hex UNICODE to binary) is a reference to a
+ string in the associated string pack.
+
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
+
+ @param Request A null-terminated Unicode string in
+ <ConfigRequest> format. Note that this
+ includes the routing information as well as
+ the configurable name / value pairs. It is
+ invalid for this string to be in
+ <MultiConfigRequest> format.
+ If a NULL is passed in for the Request field,
+ all of the settings being abstracted by this function
+ will be returned in the Results field. In addition,
+ if a ConfigHdr is passed in with no request elements,
+ all of the settings being abstracted for that particular
+ ConfigHdr reference will be returned in the Results Field.
+
+ @param Progress On return, points to a character in the
+ Request string. Points to the string's null
+ terminator if request was successful. Points
+ to the most recent "&" before the first
+ failing name / value pair (or the beginning
+ of the string if the failure is in the first
+ name / value pair) if the request was not
+ successful.
+
+ @param Results A null-terminated Unicode string in
+ <MultiConfigAltResp> format which has all values
+ filled in for the names in the Request string.
+ String to be allocated by the called function.
+
+ @retval EFI_SUCCESS The Results string is filled with the
+ values corresponding to all requested
+ names.
+
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
+ parts of the results that must be
+ stored awaiting possible future
+ protocols.
+
+ @retval EFI_NOT_FOUND Routing data doesn't match any
+ known driver. Progress set to the
+ first character in the routing header.
+ Note: There is no requirement that the
+ driver validate the routing data. It
+ must skip the <ConfigHdr> in order to
+ process the names.
+
+ @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
+ to most recent "&" before the
+ error or the beginning of the
+ string.
+
+ @retval EFI_INVALID_PARAMETER Unknown name. Progress points
+ to the & before the name in
+ question.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsAuthConfigAccessExtractConfig (
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN CONST EFI_STRING Request,
+ OUT EFI_STRING *Progress,
+ OUT EFI_STRING *Results
+ )
+{
+ EFI_STATUS Status;
+ UINTN BufferSize;
+ UINTN Size;
+ EFI_STRING ConfigRequest;
+ EFI_STRING ConfigRequestHdr;
+ TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
+ BOOLEAN AllocatedRequest;
+
+ if (Progress == NULL || Results == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ AllocatedRequest = FALSE;
+ ConfigRequestHdr = NULL;
+ ConfigRequest = NULL;
+ Size = 0;
+
+ Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
+
+ BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
+ ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);
+
+ *Progress = Request;
+
+ if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {
+ return EFI_NOT_FOUND;
+ }
+
+ ConfigRequest = Request;
+ if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {
+ //
+ // Request is set to NULL or OFFSET is NULL, construct full request string.
+ //
+ // Allocate and fill a buffer large enough to hold the <ConfigHdr> template
+ // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator
+ //
+ ConfigRequestHdr = HiiConstructConfigHdr (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, Private->DriverHandle);
+ Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
+ ConfigRequest = AllocateZeroPool (Size);
+ ASSERT (ConfigRequest != NULL);
+ AllocatedRequest = TRUE;
+ UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize);
+ FreePool (ConfigRequestHdr);
+ ConfigRequestHdr = NULL;
+ }
+
+ Status = gHiiConfigRouting->BlockToConfig (
+ gHiiConfigRouting,
+ ConfigRequest,
+ (UINT8 *) &Private->TlsAuthConfigNvData,
+ BufferSize,
+ Results,
+ Progress
+ );
+
+ //
+ // Free the allocated config request string.
+ //
+ if (AllocatedRequest) {
+ FreePool (ConfigRequest);
+ }
+
+ //
+ // Set Progress string to the original request string.
+ //
+ if (Request == NULL) {
+ *Progress = NULL;
+ } else if (StrStr (Request, L"OFFSET") == NULL) {
+ *Progress = Request + StrLen (Request);
+ }
+
+ return Status;
+}
+
+/**
+
+ This function applies changes in a driver's configuration.
+ Input is a Configuration, which has the routing data for this
+ driver followed by name / value configuration pairs. The driver
+ must apply those pairs to its configurable storage. If the
+ driver's configuration is stored in a linear block of data
+ and the driver's name / value pairs are in <BlockConfig>
+ format, it may use the ConfigToBlock helper function (above) to
+ simplify the job.
+
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
+
+ @param Configuration A null-terminated Unicode string in
+ <ConfigString> format.
+
+ @param Progress A pointer to a string filled in with the
+ offset of the most recent '&' before the
+ first failing name / value pair (or the
+ beginn ing of the string if the failure
+ is in the first name / value pair) or
+ the terminating NULL if all was
+ successful.
+
+ @retval EFI_SUCCESS The results have been distributed or are
+ awaiting distribution.
+
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
+ parts of the results that must be
+ stored awaiting possible future
+ protocols.
+
+ @retval EFI_INVALID_PARAMETERS Passing in a NULL for the
+ Results parameter would result
+ in this type of error.
+
+ @retval EFI_NOT_FOUND Target for the specified routing data
+ was not found
+
+**/
+EFI_STATUS
+EFIAPI
+TlsAuthConfigAccessRouteConfig (
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN CONST EFI_STRING Configuration,
+ OUT EFI_STRING *Progress
+ )
+{
+ EFI_STATUS Status;
+ UINTN BufferSize;
+ TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
+
+ if (Progress == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+ *Progress = Configuration;
+
+ if (Configuration == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // Check routing data in <ConfigHdr>.
+ // Note: there is no name for Name/Value storage, only GUID will be checked
+ //
+ if (!HiiIsConfigHdrMatch (Configuration, &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {
+ return EFI_NOT_FOUND;
+ }
+
+ Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
+
+ BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
+ ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);
+
+ Status = gHiiConfigRouting->ConfigToBlock (
+ gHiiConfigRouting,
+ Configuration,
+ (UINT8 *) &Private->TlsAuthConfigNvData,
+ &BufferSize,
+ Progress
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ return Status;
+}
+
+/**
+
+ This function is called to provide results data to the driver.
+ This data consists of a unique key that is used to identify
+ which data is either being passed back or being asked for.
+
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
+ @param Action Specifies the type of action taken by the browser.
+ @param QuestionId A unique value which is sent to the original
+ exporting driver so that it can identify the type
+ of data to expect. The format of the data tends to
+ vary based on the opcode that generated the callback.
+ @param Type The type of value for the question.
+ @param Value A pointer to the data being sent to the original
+ exporting driver.
+ @param ActionRequest On return, points to the action requested by the
+ callback function.
+
+ @retval EFI_SUCCESS The callback successfully handled the action.
+ @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
+ variable and its data.
+ @retval EFI_DEVICE_ERROR The variable could not be saved.
+ @retval EFI_UNSUPPORTED The specified Action is not supported by the
+ callback.
+**/
+EFI_STATUS
+EFIAPI
+TlsAuthConfigAccessCallback (
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN EFI_BROWSER_ACTION Action,
+ IN EFI_QUESTION_ID QuestionId,
+ IN UINT8 Type,
+ IN OUT EFI_IFR_TYPE_VALUE *Value,
+ OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
+ )
+{
+ EFI_INPUT_KEY Key;
+ EFI_STATUS Status;
+ RETURN_STATUS RStatus;
+ TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
+ UINTN BufferSize;
+ TLS_AUTH_CONFIG_IFR_NVDATA *IfrNvData;
+ UINT16 LabelId;
+ EFI_DEVICE_PATH_PROTOCOL *File;
+
+ Status = EFI_SUCCESS;
+ File = NULL;
+
+ if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
+
+ mTlsAuthPrivateData = Private;
+
+ //
+ // Retrieve uncommitted data from Browser
+ //
+ BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
+ IfrNvData = AllocateZeroPool (BufferSize);
+ if (IfrNvData == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ HiiGetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, BufferSize, (UINT8 *) IfrNvData);
+
+ if ((Action != EFI_BROWSER_ACTION_CHANGED) &&
+ (Action != EFI_BROWSER_ACTION_CHANGING)) {
+ Status = EFI_UNSUPPORTED;
+ goto EXIT;
+ }
+
+ if (Action == EFI_BROWSER_ACTION_CHANGING) {
+ switch (QuestionId) {
+ case KEY_TLS_AUTH_CONFIG_CLIENT_CERT:
+ case KEY_TLS_AUTH_CONFIG_SERVER_CA:
+ //
+ // Clear Cert GUID.
+ //
+ ZeroMem (IfrNvData->CertGuid, sizeof (IfrNvData->CertGuid));
+ if (Private->CertGuid == NULL) {
+ Private->CertGuid = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID));
+ if (Private->CertGuid == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+ }
+ if (QuestionId == KEY_TLS_AUTH_CONFIG_CLIENT_CERT) {
+ LabelId = TLS_AUTH_CONFIG_FORMID3_FORM;
+ } else {
+ LabelId = TLS_AUTH_CONFIG_FORMID4_FORM;
+ }
+
+ //
+ // Refresh selected file.
+ //
+ CleanUpPage (LabelId, Private);
+ break;
+ case KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE:
+ ChooseFile( NULL, NULL, UpdateCAFromFile, &File);
+ break;
+
+ case KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT:
+ Status = EnrollCertDatabase (Private, EFI_TLS_CA_CERTIFICATE_VARIABLE);
+ if (EFI_ERROR (Status)) {
+ CreatePopUp (
+ EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
+ &Key,
+ L"ERROR: Enroll Cert Failure!",
+ NULL
+ );
+ }
+ break;
+
+ case KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT:
+ if (Private->FileContext->FHandle != NULL) {
+ CloseFile (Private->FileContext->FHandle);
+ Private->FileContext->FHandle = NULL;
+ if (Private->FileContext->FileName!= NULL){
+ FreePool(Private->FileContext->FileName);
+ Private->FileContext->FileName = NULL;
+ }
+ }
+
+ if (Private->CertGuid!= NULL) {
+ FreePool (Private->CertGuid);
+ Private->CertGuid = NULL;
+ }
+ break;
+
+ case KEY_TLS_AUTH_CONFIG_DELETE_CERT:
+ UpdateDeletePage (
+ Private,
+ EFI_TLS_CA_CERTIFICATE_VARIABLE,
+ &gEfiTlsCaCertificateGuid,
+ LABEL_CA_DELETE,
+ TLS_AUTH_CONFIG_FORMID5_FORM,
+ OPTION_DEL_CA_ESTION_ID
+ );
+ break;
+
+ default:
+ if ((QuestionId >= OPTION_DEL_CA_ESTION_ID) &&
+ (QuestionId < (OPTION_DEL_CA_ESTION_ID + OPTION_CONFIG_RANGE))) {
+ DeleteCert (
+ Private,
+ EFI_TLS_CA_CERTIFICATE_VARIABLE,
+ &gEfiTlsCaCertificateGuid,
+ LABEL_CA_DELETE,
+ TLS_AUTH_CONFIG_FORMID5_FORM,
+ OPTION_DEL_CA_ESTION_ID,
+ QuestionId - OPTION_DEL_CA_ESTION_ID
+ );
+ }
+ break;
+ }
+ } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
+ switch (QuestionId) {
+ case KEY_TLS_AUTH_CONFIG_CERT_GUID:
+ ASSERT (Private->CertGuid != NULL);
+ RStatus = StrToGuid (
+ IfrNvData->CertGuid,
+ Private->CertGuid
+ );
+ if (RETURN_ERROR (RStatus) || (IfrNvData->CertGuid[GUID_STRING_LENGTH] != L'\0')) {
+ Status = EFI_INVALID_PARAMETER;
+ break;
+ }
+
+ *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
+ break;
+ default:
+ break;
+ }
+ }
+
+EXIT:
+
+ if (!EFI_ERROR (Status)) {
+ BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
+ HiiSetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName, BufferSize, (UINT8*) IfrNvData, NULL);
+ }
+
+ FreePool (IfrNvData);
+
+ if (File != NULL){
+ FreePool(File);
+ File = NULL;
+ }
+
+ return EFI_SUCCESS;
+
+}
+
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h
index 398f7b6eea..f50d60d269 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h
@@ -1,282 +1,282 @@
-/** @file
- Header file of Miscellaneous Routines for TlsAuthConfigDxe driver.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TLS_AUTH_CONFIG_IMPL_H__
-#define __TLS_AUTH_CONFIG_IMPL_H__
-
-#include <Uefi.h>
-
-#include <Protocol/HiiConfigAccess.h>
-#include <Protocol/SimpleFileSystem.h>
-
-//
-// Libraries
-//
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/BaseLib.h>
-#include <Library/UefiLib.h>
-#include <Library/DebugLib.h>
-#include <Library/DevicePathLib.h>
-#include <Library/HiiLib.h>
-#include <Library/UefiHiiServicesLib.h>
-#include <Library/FileExplorerLib.h>
-#include <Library/PrintLib.h>
-
-#include <Guid/MdeModuleHii.h>
-#include <Guid/ImageAuthentication.h>
-#include <Guid/TlsAuthentication.h>
-
-
-//
-// Include files with function prototypes
-//
-#include "TlsAuthConfigNvData.h"
-
-extern UINT8 TlsAuthConfigDxeStrings[];
-extern UINT8 TlsAuthConfigVfrBin[];
-
-#define TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'A', 'C', 'D')
-#define TLS_AUTH_CONFIG_PRIVATE_FROM_THIS(a) CR (a, TLS_AUTH_CONFIG_PRIVATE_DATA, ConfigAccess, TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE)
-
-#define TLS_AUTH_CONFIG_VAR_BASE_ATTR (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
-
-typedef struct _TLS_AUTH_CONFIG_PRIVATE_DATA TLS_AUTH_CONFIG_PRIVATE_DATA;
-typedef struct _TLS_AUTH_CONFIG_FILE_CONTEXT TLS_AUTH_CONFIG_FILE_CONTEXT;
-
-///
-/// HII specific Vendor Device Path definition.
-///
-typedef struct {
- VENDOR_DEVICE_PATH VendorDevicePath;
- EFI_DEVICE_PATH_PROTOCOL End;
-} HII_VENDOR_DEVICE_PATH;
-
-struct _TLS_AUTH_CONFIG_FILE_CONTEXT {
- EFI_FILE_HANDLE FHandle;
- UINT16 *FileName;
-};
-
-struct _TLS_AUTH_CONFIG_PRIVATE_DATA {
- UINTN Signature;
-
- EFI_HANDLE DriverHandle;
- EFI_HII_HANDLE RegisteredHandle;
- EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
- TLS_AUTH_CONFIG_IFR_NVDATA TlsAuthConfigNvData;
-
- TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext;
-
- EFI_GUID *CertGuid;
-};
-
-/**
- Unload the configuration form, this includes: delete all the configuration
- entries, uninstall the form callback protocol, and free the resources used.
- The form will only be unload completely when both IP4 and IP6 stack are stopped.
-
- @param[in] Private Pointer to the driver private data.
-
- @retval EFI_SUCCESS The configuration form is unloaded.
- @retval Others Failed to unload the form.
-
-**/
-EFI_STATUS
-TlsAuthConfigFormUnload (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
- );
-
-/**
- Initialize the configuration form.
-
- @param[in] Private Pointer to the driver private data.
-
- @retval EFI_SUCCESS The configuration form is initialized.
- @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
-
-**/
-EFI_STATUS
-TlsAuthConfigFormInit (
- IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
- );
-
-/**
-
- This function allows the caller to request the current
- configuration for one or more named elements. The resulting
- string is in <ConfigAltResp> format. Any and all alternative
- configuration strings shall also be appended to the end of the
- current configuration string. If they are, they must appear
- after the current configuration. They must contain the same
- routing (GUID, NAME, PATH) as the current configuration string.
- They must have an additional description indicating the type of
- alternative configuration the string represents,
- "ALTCFG=<StringToken>". That <StringToken> (when
- converted from Hex UNICODE to binary) is a reference to a
- string in the associated string pack.
-
- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
-
- @param Request A null-terminated Unicode string in
- <ConfigRequest> format. Note that this
- includes the routing information as well as
- the configurable name / value pairs. It is
- invalid for this string to be in
- <MultiConfigRequest> format.
- If a NULL is passed in for the Request field,
- all of the settings being abstracted by this function
- will be returned in the Results field. In addition,
- if a ConfigHdr is passed in with no request elements,
- all of the settings being abstracted for that particular
- ConfigHdr reference will be returned in the Results Field.
-
- @param Progress On return, points to a character in the
- Request string. Points to the string's null
- terminator if request was successful. Points
- to the most recent "&" before the first
- failing name / value pair (or the beginning
- of the string if the failure is in the first
- name / value pair) if the request was not
- successful.
-
- @param Results A null-terminated Unicode string in
- <MultiConfigAltResp> format which has all values
- filled in for the names in the Request string.
- String to be allocated by the called function.
-
- @retval EFI_SUCCESS The Results string is filled with the
- values corresponding to all requested
- names.
-
- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
- parts of the results that must be
- stored awaiting possible future
- protocols.
-
- @retval EFI_NOT_FOUND Routing data doesn't match any
- known driver. Progress set to the
- first character in the routing header.
- Note: There is no requirement that the
- driver validate the routing data. It
- must skip the <ConfigHdr> in order to
- process the names.
-
- @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
- to most recent "&" before the
- error or the beginning of the
- string.
-
- @retval EFI_INVALID_PARAMETER Unknown name. Progress points
- to the & before the name in
- question.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessExtractConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Request,
- OUT EFI_STRING *Progress,
- OUT EFI_STRING *Results
- );
-
-/**
-
- This function applies changes in a driver's configuration.
- Input is a Configuration, which has the routing data for this
- driver followed by name / value configuration pairs. The driver
- must apply those pairs to its configurable storage. If the
- driver's configuration is stored in a linear block of data
- and the driver's name / value pairs are in <BlockConfig>
- format, it may use the ConfigToBlock helper function (above) to
- simplify the job.
-
- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
-
- @param Configuration A null-terminated Unicode string in
- <ConfigString> format.
-
- @param Progress A pointer to a string filled in with the
- offset of the most recent '&' before the
- first failing name / value pair (or the
- beginn ing of the string if the failure
- is in the first name / value pair) or
- the terminating NULL if all was
- successful.
-
- @retval EFI_SUCCESS The results have been distributed or are
- awaiting distribution.
-
- @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
- parts of the results that must be
- stored awaiting possible future
- protocols.
-
- @retval EFI_INVALID_PARAMETERS Passing in a NULL for the
- Results parameter would result
- in this type of error.
-
- @retval EFI_NOT_FOUND Target for the specified routing data
- was not found
-
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessRouteConfig (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN CONST EFI_STRING Configuration,
- OUT EFI_STRING *Progress
- );
-
-/**
-
- This function is called to provide results data to the driver.
- This data consists of a unique key that is used to identify
- which data is either being passed back or being asked for.
-
- @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
- @param Action Specifies the type of action taken by the browser.
- @param QuestionId A unique value which is sent to the original
- exporting driver so that it can identify the type
- of data to expect. The format of the data tends to
- vary based on the opcode that generated the callback.
- @param Type The type of value for the question.
- @param Value A pointer to the data being sent to the original
- exporting driver.
- @param ActionRequest On return, points to the action requested by the
- callback function.
-
- @retval EFI_SUCCESS The callback successfully handled the action.
- @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
- variable and its data.
- @retval EFI_DEVICE_ERROR The variable could not be saved.
- @retval EFI_UNSUPPORTED The specified Action is not supported by the
- callback.
-**/
-EFI_STATUS
-EFIAPI
-TlsAuthConfigAccessCallback (
- IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
- IN EFI_BROWSER_ACTION Action,
- IN EFI_QUESTION_ID QuestionId,
- IN UINT8 Type,
- IN OUT EFI_IFR_TYPE_VALUE *Value,
- OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
- );
-
-#endif
-
+/** @file
+ Header file of Miscellaneous Routines for TlsAuthConfigDxe driver.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __TLS_AUTH_CONFIG_IMPL_H__
+#define __TLS_AUTH_CONFIG_IMPL_H__
+
+#include <Uefi.h>
+
+#include <Protocol/HiiConfigAccess.h>
+#include <Protocol/SimpleFileSystem.h>
+
+//
+// Libraries
+//
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiRuntimeServicesTableLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/UefiLib.h>
+#include <Library/DebugLib.h>
+#include <Library/DevicePathLib.h>
+#include <Library/HiiLib.h>
+#include <Library/UefiHiiServicesLib.h>
+#include <Library/FileExplorerLib.h>
+#include <Library/PrintLib.h>
+
+#include <Guid/MdeModuleHii.h>
+#include <Guid/ImageAuthentication.h>
+#include <Guid/TlsAuthentication.h>
+
+
+//
+// Include files with function prototypes
+//
+#include "TlsAuthConfigNvData.h"
+
+extern UINT8 TlsAuthConfigDxeStrings[];
+extern UINT8 TlsAuthConfigVfrBin[];
+
+#define TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'A', 'C', 'D')
+#define TLS_AUTH_CONFIG_PRIVATE_FROM_THIS(a) CR (a, TLS_AUTH_CONFIG_PRIVATE_DATA, ConfigAccess, TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE)
+
+#define TLS_AUTH_CONFIG_VAR_BASE_ATTR (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
+
+typedef struct _TLS_AUTH_CONFIG_PRIVATE_DATA TLS_AUTH_CONFIG_PRIVATE_DATA;
+typedef struct _TLS_AUTH_CONFIG_FILE_CONTEXT TLS_AUTH_CONFIG_FILE_CONTEXT;
+
+///
+/// HII specific Vendor Device Path definition.
+///
+typedef struct {
+ VENDOR_DEVICE_PATH VendorDevicePath;
+ EFI_DEVICE_PATH_PROTOCOL End;
+} HII_VENDOR_DEVICE_PATH;
+
+struct _TLS_AUTH_CONFIG_FILE_CONTEXT {
+ EFI_FILE_HANDLE FHandle;
+ UINT16 *FileName;
+};
+
+struct _TLS_AUTH_CONFIG_PRIVATE_DATA {
+ UINTN Signature;
+
+ EFI_HANDLE DriverHandle;
+ EFI_HII_HANDLE RegisteredHandle;
+ EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
+ TLS_AUTH_CONFIG_IFR_NVDATA TlsAuthConfigNvData;
+
+ TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext;
+
+ EFI_GUID *CertGuid;
+};
+
+/**
+ Unload the configuration form, this includes: delete all the configuration
+ entries, uninstall the form callback protocol, and free the resources used.
+ The form will only be unload completely when both IP4 and IP6 stack are stopped.
+
+ @param[in] Private Pointer to the driver private data.
+
+ @retval EFI_SUCCESS The configuration form is unloaded.
+ @retval Others Failed to unload the form.
+
+**/
+EFI_STATUS
+TlsAuthConfigFormUnload (
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
+ );
+
+/**
+ Initialize the configuration form.
+
+ @param[in] Private Pointer to the driver private data.
+
+ @retval EFI_SUCCESS The configuration form is initialized.
+ @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
+
+**/
+EFI_STATUS
+TlsAuthConfigFormInit (
+ IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
+ );
+
+/**
+
+ This function allows the caller to request the current
+ configuration for one or more named elements. The resulting
+ string is in <ConfigAltResp> format. Any and all alternative
+ configuration strings shall also be appended to the end of the
+ current configuration string. If they are, they must appear
+ after the current configuration. They must contain the same
+ routing (GUID, NAME, PATH) as the current configuration string.
+ They must have an additional description indicating the type of
+ alternative configuration the string represents,
+ "ALTCFG=<StringToken>". That <StringToken> (when
+ converted from Hex UNICODE to binary) is a reference to a
+ string in the associated string pack.
+
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
+
+ @param Request A null-terminated Unicode string in
+ <ConfigRequest> format. Note that this
+ includes the routing information as well as
+ the configurable name / value pairs. It is
+ invalid for this string to be in
+ <MultiConfigRequest> format.
+ If a NULL is passed in for the Request field,
+ all of the settings being abstracted by this function
+ will be returned in the Results field. In addition,
+ if a ConfigHdr is passed in with no request elements,
+ all of the settings being abstracted for that particular
+ ConfigHdr reference will be returned in the Results Field.
+
+ @param Progress On return, points to a character in the
+ Request string. Points to the string's null
+ terminator if request was successful. Points
+ to the most recent "&" before the first
+ failing name / value pair (or the beginning
+ of the string if the failure is in the first
+ name / value pair) if the request was not
+ successful.
+
+ @param Results A null-terminated Unicode string in
+ <MultiConfigAltResp> format which has all values
+ filled in for the names in the Request string.
+ String to be allocated by the called function.
+
+ @retval EFI_SUCCESS The Results string is filled with the
+ values corresponding to all requested
+ names.
+
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
+ parts of the results that must be
+ stored awaiting possible future
+ protocols.
+
+ @retval EFI_NOT_FOUND Routing data doesn't match any
+ known driver. Progress set to the
+ first character in the routing header.
+ Note: There is no requirement that the
+ driver validate the routing data. It
+ must skip the <ConfigHdr> in order to
+ process the names.
+
+ @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
+ to most recent "&" before the
+ error or the beginning of the
+ string.
+
+ @retval EFI_INVALID_PARAMETER Unknown name. Progress points
+ to the & before the name in
+ question.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsAuthConfigAccessExtractConfig (
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN CONST EFI_STRING Request,
+ OUT EFI_STRING *Progress,
+ OUT EFI_STRING *Results
+ );
+
+/**
+
+ This function applies changes in a driver's configuration.
+ Input is a Configuration, which has the routing data for this
+ driver followed by name / value configuration pairs. The driver
+ must apply those pairs to its configurable storage. If the
+ driver's configuration is stored in a linear block of data
+ and the driver's name / value pairs are in <BlockConfig>
+ format, it may use the ConfigToBlock helper function (above) to
+ simplify the job.
+
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
+
+ @param Configuration A null-terminated Unicode string in
+ <ConfigString> format.
+
+ @param Progress A pointer to a string filled in with the
+ offset of the most recent '&' before the
+ first failing name / value pair (or the
+ beginn ing of the string if the failure
+ is in the first name / value pair) or
+ the terminating NULL if all was
+ successful.
+
+ @retval EFI_SUCCESS The results have been distributed or are
+ awaiting distribution.
+
+ @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
+ parts of the results that must be
+ stored awaiting possible future
+ protocols.
+
+ @retval EFI_INVALID_PARAMETERS Passing in a NULL for the
+ Results parameter would result
+ in this type of error.
+
+ @retval EFI_NOT_FOUND Target for the specified routing data
+ was not found
+
+**/
+EFI_STATUS
+EFIAPI
+TlsAuthConfigAccessRouteConfig (
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN CONST EFI_STRING Configuration,
+ OUT EFI_STRING *Progress
+ );
+
+/**
+
+ This function is called to provide results data to the driver.
+ This data consists of a unique key that is used to identify
+ which data is either being passed back or being asked for.
+
+ @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
+ @param Action Specifies the type of action taken by the browser.
+ @param QuestionId A unique value which is sent to the original
+ exporting driver so that it can identify the type
+ of data to expect. The format of the data tends to
+ vary based on the opcode that generated the callback.
+ @param Type The type of value for the question.
+ @param Value A pointer to the data being sent to the original
+ exporting driver.
+ @param ActionRequest On return, points to the action requested by the
+ callback function.
+
+ @retval EFI_SUCCESS The callback successfully handled the action.
+ @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the
+ variable and its data.
+ @retval EFI_DEVICE_ERROR The variable could not be saved.
+ @retval EFI_UNSUPPORTED The specified Action is not supported by the
+ callback.
+**/
+EFI_STATUS
+EFIAPI
+TlsAuthConfigAccessCallback (
+ IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
+ IN EFI_BROWSER_ACTION Action,
+ IN EFI_QUESTION_ID QuestionId,
+ IN UINT8 Type,
+ IN OUT EFI_IFR_TYPE_VALUE *Value,
+ OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
+ );
+
+#endif
+
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h
index f453201cb7..80baa3836f 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h
@@ -1,49 +1,50 @@
-/** @file
- Header file for NV data structure definition.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __TLS_AUTH_CONFIG_NV_DATA_H__
-#define __TLS_AUTH_CONFIG_NV_DATA_H__
-
-#include <Guid/TlsAuthConfigHii.h>
-
-#define TLS_AUTH_CONFIG_GUID_SIZE 36
-#define TLS_AUTH_CONFIG_GUID_STORAGE_SIZE 37
-
-#define TLS_AUTH_CONFIG_FORMID1_FORM 1
-#define TLS_AUTH_CONFIG_FORMID2_FORM 2
-#define TLS_AUTH_CONFIG_FORMID3_FORM 3
-#define TLS_AUTH_CONFIG_FORMID4_FORM 4
-#define TLS_AUTH_CONFIG_FORMID5_FORM 5
-
-
-#define KEY_TLS_AUTH_CONFIG_SERVER_CA 0x1000
-#define KEY_TLS_AUTH_CONFIG_CLIENT_CERT 0x1001
-#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT 0x1002
-#define KEY_TLS_AUTH_CONFIG_DELETE_CERT 0x1003
-#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE 0x1004
-#define KEY_TLS_AUTH_CONFIG_CERT_GUID 0x1005
-#define KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT 0x1006
-#define KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT 0x1007
-
-#define OPTION_DEL_CA_ESTION_ID 0x2000
-#define OPTION_CONFIG_RANGE 0x1000
-
-#define LABEL_CA_DELETE 0x1101
-#define LABEL_END 0xffff
-
-typedef struct {
- CHAR16 CertGuid[TLS_AUTH_CONFIG_GUID_STORAGE_SIZE];
-} TLS_AUTH_CONFIG_IFR_NVDATA;
-
-#endif
+/** @file
+ Header file for NV data structure definition.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __TLS_AUTH_CONFIG_NV_DATA_H__
+#define __TLS_AUTH_CONFIG_NV_DATA_H__
+
+#include <Guid/TlsAuthConfigHii.h>
+
+#define TLS_AUTH_CONFIG_GUID_SIZE 36
+#define TLS_AUTH_CONFIG_GUID_STORAGE_SIZE 37
+
+#define TLS_AUTH_CONFIG_FORMID1_FORM 1
+#define TLS_AUTH_CONFIG_FORMID2_FORM 2
+#define TLS_AUTH_CONFIG_FORMID3_FORM 3
+#define TLS_AUTH_CONFIG_FORMID4_FORM 4
+#define TLS_AUTH_CONFIG_FORMID5_FORM 5
+
+
+#define KEY_TLS_AUTH_CONFIG_SERVER_CA 0x1000
+#define KEY_TLS_AUTH_CONFIG_CLIENT_CERT 0x1001
+#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT 0x1002
+#define KEY_TLS_AUTH_CONFIG_DELETE_CERT 0x1003
+#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE 0x1004
+#define KEY_TLS_AUTH_CONFIG_CERT_GUID 0x1005
+#define KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT 0x1006
+#define KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT 0x1007
+
+#define OPTION_DEL_CA_ESTION_ID 0x2000
+#define OPTION_CONFIG_RANGE 0x1000
+
+#define LABEL_CA_DELETE 0x1101
+#define LABEL_END 0xffff
+
+typedef struct {
+ CHAR16 CertGuid[TLS_AUTH_CONFIG_GUID_STORAGE_SIZE];
+} TLS_AUTH_CONFIG_IFR_NVDATA;
+
+#endif
+
diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr
index fb130d9d9d..9bca2c119f 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr
@@ -1,152 +1,153 @@
-/** @file
- VFR file used by TlsAuthConfigDxe driver.
-
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php.
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsAuthConfigNvData.h"
-
-formset
- guid = TLS_AUTH_CONFIG_GUID,
- title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_HELP),
-
- varstore TLS_AUTH_CONFIG_IFR_NVDATA,
- name = TLS_AUTH_CONFIG_IFR_NVDATA,
- guid = TLS_AUTH_CONFIG_GUID;
-
- //
- // ##1 Form1: Main form for Tls Auth configration
- //
- form formid = TLS_AUTH_CONFIG_FORMID1_FORM,
- title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- //
- // Display Server CA configration
- //
- goto TLS_AUTH_CONFIG_FORMID2_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA_HELP),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_SERVER_CA;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- //
- // Display Client cert configration
- //
- grayoutif TRUE; /// Current unsupported.
- goto TLS_AUTH_CONFIG_FORMID3_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_CLIENT_CERT;
- endif;
- endform;
-
- //
- // ##2 Form2: CA configuration
- //
- form formid = TLS_AUTH_CONFIG_FORMID2_FORM,
- title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto TLS_AUTH_CONFIG_FORMID4_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto TLS_AUTH_CONFIG_FORMID5_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_DELETE_CERT;
- endform;
-
- //
- // ##3 Form3 : Client cert configuration
- //
- form formid = TLS_AUTH_CONFIG_FORMID3_FORM,
- title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- //
- // TODO...
- //
- endform;
-
- //
- // ##4 Form4: Enroll cert for CA
- //
- form formid = TLS_AUTH_CONFIG_FORMID4_FORM,
- title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT);
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto TLS_AUTH_CONFIG_FORMID4_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE;
-
- subtitle text = STRING_TOKEN(STR_NULL);
- label TLS_AUTH_CONFIG_FORMID4_FORM;
- label LABEL_END;
- subtitle text = STRING_TOKEN(STR_NULL);
-
- string varid = TLS_AUTH_CONFIG_IFR_NVDATA.CertGuid,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID_HELP),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_CERT_GUID,
- minsize = TLS_AUTH_CONFIG_GUID_SIZE,
- maxsize = TLS_AUTH_CONFIG_GUID_SIZE,
- endstring;
-
- subtitle text = STRING_TOKEN(STR_NULL);
- subtitle text = STRING_TOKEN(STR_NULL);
-
- goto TLS_AUTH_CONFIG_FORMID1_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT;
-
- goto TLS_AUTH_CONFIG_FORMID1_FORM,
- prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
- help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
- flags = INTERACTIVE,
- key = KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT;
-
- endform;
-
- //
- // ##5 Form5: Delete cert for CA
- //
- form formid = TLS_AUTH_CONFIG_FORMID5_FORM,
- title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT);
-
- label LABEL_CA_DELETE;
- label LABEL_END;
-
- subtitle text = STRING_TOKEN(STR_NULL);
-
- endform;
-
-endformset;
+/** @file
+ VFR file used by TlsAuthConfigDxe driver.
+
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "TlsAuthConfigNvData.h"
+
+formset
+ guid = TLS_AUTH_CONFIG_GUID,
+ title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE),
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_HELP),
+
+ varstore TLS_AUTH_CONFIG_IFR_NVDATA,
+ name = TLS_AUTH_CONFIG_IFR_NVDATA,
+ guid = TLS_AUTH_CONFIG_GUID;
+
+ //
+ // ##1 Form1: Main form for Tls Auth configration
+ //
+ form formid = TLS_AUTH_CONFIG_FORMID1_FORM,
+ title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ //
+ // Display Server CA configration
+ //
+ goto TLS_AUTH_CONFIG_FORMID2_FORM,
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA),
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA_HELP),
+ flags = INTERACTIVE,
+ key = KEY_TLS_AUTH_CONFIG_SERVER_CA;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ //
+ // Display Client cert configration
+ //
+ grayoutif TRUE; /// Current unsupported.
+ goto TLS_AUTH_CONFIG_FORMID3_FORM,
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT),
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP),
+ flags = INTERACTIVE,
+ key = KEY_TLS_AUTH_CONFIG_CLIENT_CERT;
+ endif;
+ endform;
+
+ //
+ // ##2 Form2: CA configuration
+ //
+ form formid = TLS_AUTH_CONFIG_FORMID2_FORM,
+ title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto TLS_AUTH_CONFIG_FORMID4_FORM,
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT),
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP),
+ flags = INTERACTIVE,
+ key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto TLS_AUTH_CONFIG_FORMID5_FORM,
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT),
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP),
+ flags = INTERACTIVE,
+ key = KEY_TLS_AUTH_CONFIG_DELETE_CERT;
+ endform;
+
+ //
+ // ##3 Form3 : Client cert configuration
+ //
+ form formid = TLS_AUTH_CONFIG_FORMID3_FORM,
+ title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ //
+ // TODO...
+ //
+ endform;
+
+ //
+ // ##4 Form4: Enroll cert for CA
+ //
+ form formid = TLS_AUTH_CONFIG_FORMID4_FORM,
+ title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT);
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto TLS_AUTH_CONFIG_FORMID4_FORM,
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
+ flags = INTERACTIVE,
+ key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+ label TLS_AUTH_CONFIG_FORMID4_FORM;
+ label LABEL_END;
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ string varid = TLS_AUTH_CONFIG_IFR_NVDATA.CertGuid,
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID),
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID_HELP),
+ flags = INTERACTIVE,
+ key = KEY_TLS_AUTH_CONFIG_CERT_GUID,
+ minsize = TLS_AUTH_CONFIG_GUID_SIZE,
+ maxsize = TLS_AUTH_CONFIG_GUID_SIZE,
+ endstring;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ goto TLS_AUTH_CONFIG_FORMID1_FORM,
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
+ flags = INTERACTIVE,
+ key = KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT;
+
+ goto TLS_AUTH_CONFIG_FORMID1_FORM,
+ prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
+ help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
+ flags = INTERACTIVE,
+ key = KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT;
+
+ endform;
+
+ //
+ // ##5 Form5: Delete cert for CA
+ //
+ form formid = TLS_AUTH_CONFIG_FORMID5_FORM,
+ title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT);
+
+ label LABEL_CA_DELETE;
+ label LABEL_END;
+
+ subtitle text = STRING_TOKEN(STR_NULL);
+
+ endform;
+
+endformset;
+
diff --git a/NetworkPkg/TlsDxe/TlsConfigProtocol.c b/NetworkPkg/TlsDxe/TlsConfigProtocol.c
index 5292433da3..15a865e386 100644
--- a/NetworkPkg/TlsDxe/TlsConfigProtocol.c
+++ b/NetworkPkg/TlsDxe/TlsConfigProtocol.c
@@ -1,152 +1,153 @@
-/** @file
- Implementation of EFI TLS Configuration Protocol Interfaces.
-
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php.
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsImpl.h"
-
-EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol = {
- TlsConfigurationSetData,
- TlsConfigurationGetData
-};
-
-/**
- Set TLS configuration data.
-
- The SetData() function sets TLS configuration to non-volatile storage or volatile
- storage.
-
- @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
- @param[in] DataType Configuration data type.
- @param[in] Data Pointer to configuration data.
- @param[in] DataSize Total size of configuration data.
-
- @retval EFI_SUCCESS The TLS configuration data is set successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- Data is NULL.
- DataSize is 0.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsConfigurationSetData (
- IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
- IN EFI_TLS_CONFIG_DATA_TYPE DataType,
- IN VOID *Data,
- IN UINTN DataSize
- )
-{
- EFI_STATUS Status;
- TLS_INSTANCE *Instance;
- EFI_TPL OldTpl;
-
- Status = EFI_SUCCESS;
-
- if (This == NULL || Data == NULL || DataSize == 0) {
- return EFI_INVALID_PARAMETER;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
-
- switch (DataType) {
- case EfiTlsConfigDataTypeCACertificate:
- Status = TlsSetCaCertificate (Instance->TlsConn, Data, DataSize);
- break;
- case EfiTlsConfigDataTypeHostPublicCert:
- Status = TlsSetHostPublicCert (Instance->TlsConn, Data, DataSize);
- break;
- case EfiTlsConfigDataTypeHostPrivateKey:
- Status = TlsSetHostPrivateKey (Instance->TlsConn, Data, DataSize);
- break;
- case EfiTlsConfigDataTypeCertRevocationList:
- Status = TlsSetCertRevocationList (Data, DataSize);
- break;
- default:
- Status = EFI_UNSUPPORTED;
- }
-
- gBS->RestoreTPL (OldTpl);
- return Status;
-}
-
-/**
- Get TLS configuration data.
-
- The GetData() function gets TLS configuration.
-
- @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
- @param[in] DataType Configuration data type.
- @param[in, out] Data Pointer to configuration data.
- @param[in, out] DataSize Total size of configuration data. On input, it means
- the size of Data buffer. On output, it means the size
- of copied Data buffer if EFI_SUCCESS, and means the
- size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
-
- @retval EFI_SUCCESS The TLS configuration data is got successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- DataSize is NULL.
- Data is NULL if *DataSize is not zero.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_NOT_FOUND The TLS configuration data is not found.
- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
-**/
-EFI_STATUS
-EFIAPI
-TlsConfigurationGetData (
- IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
- IN EFI_TLS_CONFIG_DATA_TYPE DataType,
- IN OUT VOID *Data, OPTIONAL
- IN OUT UINTN *DataSize
- )
-{
- EFI_STATUS Status;
- TLS_INSTANCE *Instance;
-
- EFI_TPL OldTpl;
-
- Status = EFI_SUCCESS;
-
- if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {
- return EFI_INVALID_PARAMETER;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
-
- switch (DataType) {
- case EfiTlsConfigDataTypeCACertificate:
- Status = TlsGetCaCertificate (Instance->TlsConn, Data, DataSize);
- break;
- case EfiTlsConfigDataTypeHostPublicCert:
- Status = TlsGetHostPublicCert (Instance->TlsConn, Data, DataSize);
- break;
- case EfiTlsConfigDataTypeHostPrivateKey:
- Status = TlsGetHostPrivateKey (Instance->TlsConn, Data, DataSize);
- break;
- case EfiTlsConfigDataTypeCertRevocationList:
- Status = TlsGetCertRevocationList (Data, DataSize);
- break;
- default:
- Status = EFI_UNSUPPORTED;
- }
-
- gBS->RestoreTPL (OldTpl);
- return Status;
-}
+/** @file
+ Implementation of EFI TLS Configuration Protocol Interfaces.
+
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "TlsImpl.h"
+
+EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol = {
+ TlsConfigurationSetData,
+ TlsConfigurationGetData
+};
+
+/**
+ Set TLS configuration data.
+
+ The SetData() function sets TLS configuration to non-volatile storage or volatile
+ storage.
+
+ @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+ @param[in] DataType Configuration data type.
+ @param[in] Data Pointer to configuration data.
+ @param[in] DataSize Total size of configuration data.
+
+ @retval EFI_SUCCESS The TLS configuration data is set successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ Data is NULL.
+ DataSize is 0.
+ @retval EFI_UNSUPPORTED The DataType is unsupported.
+ @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsConfigurationSetData (
+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
+ IN EFI_TLS_CONFIG_DATA_TYPE DataType,
+ IN VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ EFI_STATUS Status;
+ TLS_INSTANCE *Instance;
+ EFI_TPL OldTpl;
+
+ Status = EFI_SUCCESS;
+
+ if (This == NULL || Data == NULL || DataSize == 0) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
+
+ Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
+
+ switch (DataType) {
+ case EfiTlsConfigDataTypeCACertificate:
+ Status = TlsSetCaCertificate (Instance->TlsConn, Data, DataSize);
+ break;
+ case EfiTlsConfigDataTypeHostPublicCert:
+ Status = TlsSetHostPublicCert (Instance->TlsConn, Data, DataSize);
+ break;
+ case EfiTlsConfigDataTypeHostPrivateKey:
+ Status = TlsSetHostPrivateKey (Instance->TlsConn, Data, DataSize);
+ break;
+ case EfiTlsConfigDataTypeCertRevocationList:
+ Status = TlsSetCertRevocationList (Data, DataSize);
+ break;
+ default:
+ Status = EFI_UNSUPPORTED;
+ }
+
+ gBS->RestoreTPL (OldTpl);
+ return Status;
+}
+
+/**
+ Get TLS configuration data.
+
+ The GetData() function gets TLS configuration.
+
+ @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+ @param[in] DataType Configuration data type.
+ @param[in, out] Data Pointer to configuration data.
+ @param[in, out] DataSize Total size of configuration data. On input, it means
+ the size of Data buffer. On output, it means the size
+ of copied Data buffer if EFI_SUCCESS, and means the
+ size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
+
+ @retval EFI_SUCCESS The TLS configuration data is got successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ DataSize is NULL.
+ Data is NULL if *DataSize is not zero.
+ @retval EFI_UNSUPPORTED The DataType is unsupported.
+ @retval EFI_NOT_FOUND The TLS configuration data is not found.
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
+**/
+EFI_STATUS
+EFIAPI
+TlsConfigurationGetData (
+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
+ IN EFI_TLS_CONFIG_DATA_TYPE DataType,
+ IN OUT VOID *Data, OPTIONAL
+ IN OUT UINTN *DataSize
+ )
+{
+ EFI_STATUS Status;
+ TLS_INSTANCE *Instance;
+
+ EFI_TPL OldTpl;
+
+ Status = EFI_SUCCESS;
+
+ if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
+
+ Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
+
+ switch (DataType) {
+ case EfiTlsConfigDataTypeCACertificate:
+ Status = TlsGetCaCertificate (Instance->TlsConn, Data, DataSize);
+ break;
+ case EfiTlsConfigDataTypeHostPublicCert:
+ Status = TlsGetHostPublicCert (Instance->TlsConn, Data, DataSize);
+ break;
+ case EfiTlsConfigDataTypeHostPrivateKey:
+ Status = TlsGetHostPrivateKey (Instance->TlsConn, Data, DataSize);
+ break;
+ case EfiTlsConfigDataTypeCertRevocationList:
+ Status = TlsGetCertRevocationList (Data, DataSize);
+ break;
+ default:
+ Status = EFI_UNSUPPORTED;
+ }
+
+ gBS->RestoreTPL (OldTpl);
+ return Status;
+}
+
diff --git a/NetworkPkg/TlsDxe/TlsDriver.c b/NetworkPkg/TlsDxe/TlsDriver.c
index 38bf5993ce..29bc966c3e 100644
--- a/NetworkPkg/TlsDxe/TlsDriver.c
+++ b/NetworkPkg/TlsDxe/TlsDriver.c
@@ -1,496 +1,497 @@
-/** @file
- The Driver Binding and Service Binding Protocol for TlsDxe driver.
-
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php.
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsImpl.h"
-
-EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding = {
- TlsServiceBindingCreateChild,
- TlsServiceBindingDestroyChild
-};
-
-/**
- Release all the resources used by the TLS instance.
-
- @param[in] Instance The TLS instance data.
-
-**/
-VOID
-TlsCleanInstance (
- IN TLS_INSTANCE *Instance
- )
-{
- if (Instance != NULL) {
- if (Instance->TlsConn != NULL) {
- TlsFree (Instance->TlsConn);
- }
-
- FreePool (Instance);
- }
-}
-
-/**
- Create the TLS instance and initialize it.
-
- @param[in] Service The pointer to the TLS service.
- @param[out] Instance The pointer to the TLS instance.
-
- @retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
- @retval EFI_SUCCESS The TLS instance is created.
-
-**/
-EFI_STATUS
-TlsCreateInstance (
- IN TLS_SERVICE *Service,
- OUT TLS_INSTANCE **Instance
- )
-{
- TLS_INSTANCE *TlsInstance;
-
- *Instance = NULL;
-
- TlsInstance = AllocateZeroPool (sizeof (TLS_INSTANCE));
- if (TlsInstance == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- TlsInstance->Signature = TLS_INSTANCE_SIGNATURE;
- InitializeListHead (&TlsInstance->Link);
- TlsInstance->InDestroy = FALSE;
- TlsInstance->Service = Service;
-
- CopyMem (&TlsInstance->Tls, &mTlsProtocol, sizeof (TlsInstance->Tls));
- CopyMem (&TlsInstance->TlsConfig, &mTlsConfigurationProtocol, sizeof (TlsInstance->TlsConfig));
-
- TlsInstance->TlsSessionState = EfiTlsSessionNotStarted;
-
- *Instance = TlsInstance;
-
- return EFI_SUCCESS;
-}
-
-/**
- Release all the resources used by the TLS service binding instance.
-
- @param[in] Service The TLS service data.
-
-**/
-VOID
-TlsCleanService (
- IN TLS_SERVICE *Service
- )
-{
- if (Service != NULL) {
- if (Service->TlsCtx != NULL) {
- TlsCtxFree (Service->TlsCtx);
- }
-
- FreePool (Service);
- }
-}
-
-/**
- Create then initialize a TLS service.
-
- @param[in] Image ImageHandle of the TLS driver
- @param[out] Service The service for TLS driver
-
- @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the service.
- @retval EFI_SUCCESS The service is created for the driver.
-
-**/
-EFI_STATUS
-TlsCreateService (
- IN EFI_HANDLE Image,
- OUT TLS_SERVICE **Service
- )
-{
- TLS_SERVICE *TlsService;
-
- ASSERT (Service != NULL);
-
- *Service = NULL;
-
- //
- // Allocate a TLS Service Data
- //
- TlsService = AllocateZeroPool (sizeof (TLS_SERVICE));
- if (TlsService == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- //
- // Initialize TLS Service Data
- //
- TlsService->Signature = TLS_SERVICE_SIGNATURE;
- CopyMem (&TlsService->ServiceBinding, &mTlsServiceBinding, sizeof (TlsService->ServiceBinding));
- TlsService->TlsChildrenNum = 0;
- InitializeListHead (&TlsService->TlsChildrenList);
- TlsService->ImageHandle = Image;
-
- *Service = TlsService;
-
- return EFI_SUCCESS;
-}
-
-/**
- Unloads an image.
-
- @param[in] ImageHandle Handle that identifies the image to be unloaded.
-
- @retval EFI_SUCCESS The image has been unloaded.
- @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsUnload (
- IN EFI_HANDLE ImageHandle
- )
-{
- EFI_STATUS Status;
- UINTN HandleNum;
- EFI_HANDLE *HandleBuffer;
- UINT32 Index;
- EFI_SERVICE_BINDING_PROTOCOL *ServiceBinding;
- TLS_SERVICE *TlsService;
-
- HandleBuffer = NULL;
- ServiceBinding = NULL;
- TlsService = NULL;
-
- //
- // Locate all the handles with Tls service binding protocol.
- //
- Status = gBS->LocateHandleBuffer (
- ByProtocol,
- &gEfiTlsServiceBindingProtocolGuid,
- NULL,
- &HandleNum,
- &HandleBuffer
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- for (Index = 0; Index < HandleNum; Index++) {
- //
- // Firstly, find ServiceBinding interface
- //
- Status = gBS->OpenProtocol (
- HandleBuffer[Index],
- &gEfiTlsServiceBindingProtocolGuid,
- (VOID **) &ServiceBinding,
- ImageHandle,
- NULL,
- EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- TlsService = TLS_SERVICE_FROM_THIS (ServiceBinding);
-
- //
- // Then, uninstall ServiceBinding interface
- //
- Status = gBS->UninstallMultipleProtocolInterfaces (
- HandleBuffer[Index],
- &gEfiTlsServiceBindingProtocolGuid, ServiceBinding,
- NULL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- TlsCleanService (TlsService);
- }
-
- if (HandleBuffer != NULL) {
- FreePool (HandleBuffer);
- }
-
- return EFI_SUCCESS;
-}
-
-/**
- This is the declaration of an EFI image entry point. This entry point is
- the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
- both device drivers and bus drivers.
-
- @param ImageHandle The firmware allocated handle for the UEFI image.
- @param SystemTable A pointer to the EFI System Table.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval Others An unexpected error occurred.
-**/
-EFI_STATUS
-EFIAPI
-TlsDriverEntryPoint (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- )
-{
- EFI_STATUS Status;
-
- TLS_SERVICE *TlsService;
-
- //
- // Create TLS Service
- //
- Status = TlsCreateService (ImageHandle, &TlsService);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- ASSERT (TlsService != NULL);
-
- //
- // Initializes the OpenSSL library.
- //
- TlsInitialize ();
-
- //
- // Create a new SSL_CTX object as framework to establish TLS/SSL enabled
- // connections. TLS 1.0 is used as the default version.
- //
- TlsService->TlsCtx = TlsCtxNew (TLS10_PROTOCOL_VERSION_MAJOR, TLS10_PROTOCOL_VERSION_MINOR);
- if (TlsService->TlsCtx == NULL) {
- FreePool (TlsService);
- return EFI_ABORTED;
- }
-
- //
- // Install the TlsServiceBinding Protocol onto Handle
- //
- Status = gBS->InstallMultipleProtocolInterfaces (
- &TlsService->Handle,
- &gEfiTlsServiceBindingProtocolGuid,
- &TlsService->ServiceBinding,
- NULL
- );
- if (EFI_ERROR (Status)) {
- goto ON_CLEAN_SERVICE;
- }
-
- return Status;
-
-ON_CLEAN_SERVICE:
- TlsCleanService (TlsService);
-
- return Status;
-}
-
-/**
- Creates a child handle and installs a protocol.
-
- The CreateChild() function installs a protocol on ChildHandle.
- If ChildHandle is a pointer to NULL, then a new handle is created and returned in ChildHandle.
- If ChildHandle is not a pointer to NULL, then the protocol installs on the existing ChildHandle.
-
- @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
- @param[in] ChildHandle Pointer to the handle of the child to create. If it is NULL,
- then a new handle is created. If it is a pointer to an existing UEFI handle,
- then the protocol is added to the existing UEFI handle.
-
- @retval EFI_SUCCES The protocol was added to ChildHandle.
- @retval EFI_INVALID_PARAMETER ChildHandle is NULL.
- @retval EFI_OUT_OF_RESOURCES There are not enough resources available to create
- the child.
- @retval other The child handle was not created.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsServiceBindingCreateChild (
- IN EFI_SERVICE_BINDING_PROTOCOL *This,
- IN EFI_HANDLE *ChildHandle
- )
-{
- TLS_SERVICE *TlsService;
- TLS_INSTANCE *TlsInstance;
- EFI_STATUS Status;
- EFI_TPL OldTpl;
-
- if ((This == NULL) || (ChildHandle == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- TlsService = TLS_SERVICE_FROM_THIS (This);
-
- Status = TlsCreateInstance (TlsService, &TlsInstance);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- ASSERT (TlsInstance != NULL);
-
- //
- // Create a new TLS connection object.
- //
- TlsInstance->TlsConn = TlsNew (TlsService->TlsCtx);
- if (TlsInstance->TlsConn == NULL) {
- Status = EFI_ABORTED;
- goto ON_ERROR;
- }
-
- //
- // Set default ConnectionEnd to EfiTlsClient
- //
- Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient);
- if (EFI_ERROR (Status)) {
- goto ON_ERROR;
- }
-
- //
- // Install TLS protocol and configuration protocol onto ChildHandle
- //
- Status = gBS->InstallMultipleProtocolInterfaces (
- ChildHandle,
- &gEfiTlsProtocolGuid,
- &TlsInstance->Tls,
- &gEfiTlsConfigurationProtocolGuid,
- &TlsInstance->TlsConfig,
- NULL
- );
- if (EFI_ERROR (Status)) {
- goto ON_ERROR;
- }
-
- TlsInstance->ChildHandle = *ChildHandle;
-
- //
- // Add it to the TLS service's child list.
- //
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- InsertTailList (&TlsService->TlsChildrenList, &TlsInstance->Link);
- TlsService->TlsChildrenNum++;
-
- gBS->RestoreTPL (OldTpl);
-
- return EFI_SUCCESS;
-
-ON_ERROR:
- TlsCleanInstance (TlsInstance);
- return Status;
-}
-
-/**
- Destroys a child handle with a protocol installed on it.
-
- The DestroyChild() function does the opposite of CreateChild(). It removes a protocol
- that was installed by CreateChild() from ChildHandle. If the removed protocol is the
- last protocol on ChildHandle, then ChildHandle is destroyed.
-
- @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
- @param ChildHandle Handle of the child to destroy.
-
- @retval EFI_SUCCES The protocol was removed from ChildHandle.
- @retval EFI_UNSUPPORTED ChildHandle does not support the protocol that is being removed.
- @retval EFI_INVALID_PARAMETER Child handle is NULL.
- @retval EFI_ACCESS_DENIED The protocol could not be removed from the ChildHandle
- because its services are being used.
- @retval other The child handle was not destroyed.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsServiceBindingDestroyChild (
- IN EFI_SERVICE_BINDING_PROTOCOL *This,
- IN EFI_HANDLE ChildHandle
- )
-{
- TLS_SERVICE *TlsService;
- TLS_INSTANCE *TlsInstance;
-
- EFI_TLS_PROTOCOL *Tls;
- EFI_TLS_CONFIGURATION_PROTOCOL *TlsConfig;
- EFI_STATUS Status;
- EFI_TPL OldTpl;
-
- if ((This == NULL) || (ChildHandle == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- TlsService = TLS_SERVICE_FROM_THIS (This);
-
- //
- // Find TLS protocol interface installed in ChildHandle
- //
- Status = gBS->OpenProtocol (
- ChildHandle,
- &gEfiTlsProtocolGuid,
- (VOID **) &Tls,
- TlsService->ImageHandle,
- NULL,
- EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- //
- // Find TLS configuration protocol interface installed in ChildHandle
- //
- Status = gBS->OpenProtocol (
- ChildHandle,
- &gEfiTlsConfigurationProtocolGuid,
- (VOID **) &TlsConfig,
- TlsService->ImageHandle,
- NULL,
- EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- TlsInstance = TLS_INSTANCE_FROM_PROTOCOL (Tls);
-
- if (TlsInstance->Service != TlsService) {
- return EFI_INVALID_PARAMETER;
- }
-
- if (TlsInstance->InDestroy) {
- return EFI_SUCCESS;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- TlsInstance->InDestroy = TRUE;
-
- //
- // Uninstall the TLS protocol and TLS Configuration Protocol interface installed in ChildHandle.
- //
- Status = gBS->UninstallMultipleProtocolInterfaces (
- ChildHandle,
- &gEfiTlsProtocolGuid,
- Tls,
- &gEfiTlsConfigurationProtocolGuid,
- TlsConfig,
- NULL
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- RemoveEntryList (&TlsInstance->Link);
- TlsService->TlsChildrenNum--;
-
- gBS->RestoreTPL (OldTpl);
-
- TlsCleanInstance (TlsInstance);
-
- return EFI_SUCCESS;
-}
+/** @file
+ The Driver Binding and Service Binding Protocol for TlsDxe driver.
+
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "TlsImpl.h"
+
+EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding = {
+ TlsServiceBindingCreateChild,
+ TlsServiceBindingDestroyChild
+};
+
+/**
+ Release all the resources used by the TLS instance.
+
+ @param[in] Instance The TLS instance data.
+
+**/
+VOID
+TlsCleanInstance (
+ IN TLS_INSTANCE *Instance
+ )
+{
+ if (Instance != NULL) {
+ if (Instance->TlsConn != NULL) {
+ TlsFree (Instance->TlsConn);
+ }
+
+ FreePool (Instance);
+ }
+}
+
+/**
+ Create the TLS instance and initialize it.
+
+ @param[in] Service The pointer to the TLS service.
+ @param[out] Instance The pointer to the TLS instance.
+
+ @retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
+ @retval EFI_SUCCESS The TLS instance is created.
+
+**/
+EFI_STATUS
+TlsCreateInstance (
+ IN TLS_SERVICE *Service,
+ OUT TLS_INSTANCE **Instance
+ )
+{
+ TLS_INSTANCE *TlsInstance;
+
+ *Instance = NULL;
+
+ TlsInstance = AllocateZeroPool (sizeof (TLS_INSTANCE));
+ if (TlsInstance == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ TlsInstance->Signature = TLS_INSTANCE_SIGNATURE;
+ InitializeListHead (&TlsInstance->Link);
+ TlsInstance->InDestroy = FALSE;
+ TlsInstance->Service = Service;
+
+ CopyMem (&TlsInstance->Tls, &mTlsProtocol, sizeof (TlsInstance->Tls));
+ CopyMem (&TlsInstance->TlsConfig, &mTlsConfigurationProtocol, sizeof (TlsInstance->TlsConfig));
+
+ TlsInstance->TlsSessionState = EfiTlsSessionNotStarted;
+
+ *Instance = TlsInstance;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Release all the resources used by the TLS service binding instance.
+
+ @param[in] Service The TLS service data.
+
+**/
+VOID
+TlsCleanService (
+ IN TLS_SERVICE *Service
+ )
+{
+ if (Service != NULL) {
+ if (Service->TlsCtx != NULL) {
+ TlsCtxFree (Service->TlsCtx);
+ }
+
+ FreePool (Service);
+ }
+}
+
+/**
+ Create then initialize a TLS service.
+
+ @param[in] Image ImageHandle of the TLS driver
+ @param[out] Service The service for TLS driver
+
+ @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the service.
+ @retval EFI_SUCCESS The service is created for the driver.
+
+**/
+EFI_STATUS
+TlsCreateService (
+ IN EFI_HANDLE Image,
+ OUT TLS_SERVICE **Service
+ )
+{
+ TLS_SERVICE *TlsService;
+
+ ASSERT (Service != NULL);
+
+ *Service = NULL;
+
+ //
+ // Allocate a TLS Service Data
+ //
+ TlsService = AllocateZeroPool (sizeof (TLS_SERVICE));
+ if (TlsService == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ //
+ // Initialize TLS Service Data
+ //
+ TlsService->Signature = TLS_SERVICE_SIGNATURE;
+ CopyMem (&TlsService->ServiceBinding, &mTlsServiceBinding, sizeof (TlsService->ServiceBinding));
+ TlsService->TlsChildrenNum = 0;
+ InitializeListHead (&TlsService->TlsChildrenList);
+ TlsService->ImageHandle = Image;
+
+ *Service = TlsService;
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Unloads an image.
+
+ @param[in] ImageHandle Handle that identifies the image to be unloaded.
+
+ @retval EFI_SUCCESS The image has been unloaded.
+ @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsUnload (
+ IN EFI_HANDLE ImageHandle
+ )
+{
+ EFI_STATUS Status;
+ UINTN HandleNum;
+ EFI_HANDLE *HandleBuffer;
+ UINT32 Index;
+ EFI_SERVICE_BINDING_PROTOCOL *ServiceBinding;
+ TLS_SERVICE *TlsService;
+
+ HandleBuffer = NULL;
+ ServiceBinding = NULL;
+ TlsService = NULL;
+
+ //
+ // Locate all the handles with Tls service binding protocol.
+ //
+ Status = gBS->LocateHandleBuffer (
+ ByProtocol,
+ &gEfiTlsServiceBindingProtocolGuid,
+ NULL,
+ &HandleNum,
+ &HandleBuffer
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ for (Index = 0; Index < HandleNum; Index++) {
+ //
+ // Firstly, find ServiceBinding interface
+ //
+ Status = gBS->OpenProtocol (
+ HandleBuffer[Index],
+ &gEfiTlsServiceBindingProtocolGuid,
+ (VOID **) &ServiceBinding,
+ ImageHandle,
+ NULL,
+ EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ TlsService = TLS_SERVICE_FROM_THIS (ServiceBinding);
+
+ //
+ // Then, uninstall ServiceBinding interface
+ //
+ Status = gBS->UninstallMultipleProtocolInterfaces (
+ HandleBuffer[Index],
+ &gEfiTlsServiceBindingProtocolGuid, ServiceBinding,
+ NULL
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ TlsCleanService (TlsService);
+ }
+
+ if (HandleBuffer != NULL) {
+ FreePool (HandleBuffer);
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This is the declaration of an EFI image entry point. This entry point is
+ the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
+ both device drivers and bus drivers.
+
+ @param ImageHandle The firmware allocated handle for the UEFI image.
+ @param SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval Others An unexpected error occurred.
+**/
+EFI_STATUS
+EFIAPI
+TlsDriverEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ )
+{
+ EFI_STATUS Status;
+
+ TLS_SERVICE *TlsService;
+
+ //
+ // Create TLS Service
+ //
+ Status = TlsCreateService (ImageHandle, &TlsService);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ ASSERT (TlsService != NULL);
+
+ //
+ // Initializes the OpenSSL library.
+ //
+ TlsInitialize ();
+
+ //
+ // Create a new SSL_CTX object as framework to establish TLS/SSL enabled
+ // connections. TLS 1.0 is used as the default version.
+ //
+ TlsService->TlsCtx = TlsCtxNew (TLS10_PROTOCOL_VERSION_MAJOR, TLS10_PROTOCOL_VERSION_MINOR);
+ if (TlsService->TlsCtx == NULL) {
+ FreePool (TlsService);
+ return EFI_ABORTED;
+ }
+
+ //
+ // Install the TlsServiceBinding Protocol onto Handle
+ //
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ &TlsService->Handle,
+ &gEfiTlsServiceBindingProtocolGuid,
+ &TlsService->ServiceBinding,
+ NULL
+ );
+ if (EFI_ERROR (Status)) {
+ goto ON_CLEAN_SERVICE;
+ }
+
+ return Status;
+
+ON_CLEAN_SERVICE:
+ TlsCleanService (TlsService);
+
+ return Status;
+}
+
+/**
+ Creates a child handle and installs a protocol.
+
+ The CreateChild() function installs a protocol on ChildHandle.
+ If ChildHandle is a pointer to NULL, then a new handle is created and returned in ChildHandle.
+ If ChildHandle is not a pointer to NULL, then the protocol installs on the existing ChildHandle.
+
+ @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
+ @param[in] ChildHandle Pointer to the handle of the child to create. If it is NULL,
+ then a new handle is created. If it is a pointer to an existing UEFI handle,
+ then the protocol is added to the existing UEFI handle.
+
+ @retval EFI_SUCCES The protocol was added to ChildHandle.
+ @retval EFI_INVALID_PARAMETER ChildHandle is NULL.
+ @retval EFI_OUT_OF_RESOURCES There are not enough resources available to create
+ the child.
+ @retval other The child handle was not created.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsServiceBindingCreateChild (
+ IN EFI_SERVICE_BINDING_PROTOCOL *This,
+ IN EFI_HANDLE *ChildHandle
+ )
+{
+ TLS_SERVICE *TlsService;
+ TLS_INSTANCE *TlsInstance;
+ EFI_STATUS Status;
+ EFI_TPL OldTpl;
+
+ if ((This == NULL) || (ChildHandle == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ TlsService = TLS_SERVICE_FROM_THIS (This);
+
+ Status = TlsCreateInstance (TlsService, &TlsInstance);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ ASSERT (TlsInstance != NULL);
+
+ //
+ // Create a new TLS connection object.
+ //
+ TlsInstance->TlsConn = TlsNew (TlsService->TlsCtx);
+ if (TlsInstance->TlsConn == NULL) {
+ Status = EFI_ABORTED;
+ goto ON_ERROR;
+ }
+
+ //
+ // Set default ConnectionEnd to EfiTlsClient
+ //
+ Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient);
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
+
+ //
+ // Install TLS protocol and configuration protocol onto ChildHandle
+ //
+ Status = gBS->InstallMultipleProtocolInterfaces (
+ ChildHandle,
+ &gEfiTlsProtocolGuid,
+ &TlsInstance->Tls,
+ &gEfiTlsConfigurationProtocolGuid,
+ &TlsInstance->TlsConfig,
+ NULL
+ );
+ if (EFI_ERROR (Status)) {
+ goto ON_ERROR;
+ }
+
+ TlsInstance->ChildHandle = *ChildHandle;
+
+ //
+ // Add it to the TLS service's child list.
+ //
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
+
+ InsertTailList (&TlsService->TlsChildrenList, &TlsInstance->Link);
+ TlsService->TlsChildrenNum++;
+
+ gBS->RestoreTPL (OldTpl);
+
+ return EFI_SUCCESS;
+
+ON_ERROR:
+ TlsCleanInstance (TlsInstance);
+ return Status;
+}
+
+/**
+ Destroys a child handle with a protocol installed on it.
+
+ The DestroyChild() function does the opposite of CreateChild(). It removes a protocol
+ that was installed by CreateChild() from ChildHandle. If the removed protocol is the
+ last protocol on ChildHandle, then ChildHandle is destroyed.
+
+ @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
+ @param ChildHandle Handle of the child to destroy.
+
+ @retval EFI_SUCCES The protocol was removed from ChildHandle.
+ @retval EFI_UNSUPPORTED ChildHandle does not support the protocol that is being removed.
+ @retval EFI_INVALID_PARAMETER Child handle is NULL.
+ @retval EFI_ACCESS_DENIED The protocol could not be removed from the ChildHandle
+ because its services are being used.
+ @retval other The child handle was not destroyed.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsServiceBindingDestroyChild (
+ IN EFI_SERVICE_BINDING_PROTOCOL *This,
+ IN EFI_HANDLE ChildHandle
+ )
+{
+ TLS_SERVICE *TlsService;
+ TLS_INSTANCE *TlsInstance;
+
+ EFI_TLS_PROTOCOL *Tls;
+ EFI_TLS_CONFIGURATION_PROTOCOL *TlsConfig;
+ EFI_STATUS Status;
+ EFI_TPL OldTpl;
+
+ if ((This == NULL) || (ChildHandle == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ TlsService = TLS_SERVICE_FROM_THIS (This);
+
+ //
+ // Find TLS protocol interface installed in ChildHandle
+ //
+ Status = gBS->OpenProtocol (
+ ChildHandle,
+ &gEfiTlsProtocolGuid,
+ (VOID **) &Tls,
+ TlsService->ImageHandle,
+ NULL,
+ EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ //
+ // Find TLS configuration protocol interface installed in ChildHandle
+ //
+ Status = gBS->OpenProtocol (
+ ChildHandle,
+ &gEfiTlsConfigurationProtocolGuid,
+ (VOID **) &TlsConfig,
+ TlsService->ImageHandle,
+ NULL,
+ EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ TlsInstance = TLS_INSTANCE_FROM_PROTOCOL (Tls);
+
+ if (TlsInstance->Service != TlsService) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (TlsInstance->InDestroy) {
+ return EFI_SUCCESS;
+ }
+
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
+
+ TlsInstance->InDestroy = TRUE;
+
+ //
+ // Uninstall the TLS protocol and TLS Configuration Protocol interface installed in ChildHandle.
+ //
+ Status = gBS->UninstallMultipleProtocolInterfaces (
+ ChildHandle,
+ &gEfiTlsProtocolGuid,
+ Tls,
+ &gEfiTlsConfigurationProtocolGuid,
+ TlsConfig,
+ NULL
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ RemoveEntryList (&TlsInstance->Link);
+ TlsService->TlsChildrenNum--;
+
+ gBS->RestoreTPL (OldTpl);
+
+ TlsCleanInstance (TlsInstance);
+
+ return EFI_SUCCESS;
+}
+
diff --git a/NetworkPkg/TlsDxe/TlsDriver.h b/NetworkPkg/TlsDxe/TlsDriver.h
index a9e55ba752..950429af8f 100644
--- a/NetworkPkg/TlsDxe/TlsDriver.h
+++ b/NetworkPkg/TlsDxe/TlsDriver.h
@@ -1,237 +1,238 @@
-/** @file
- Header file of the Driver Binding and Service Binding Protocol for TlsDxe driver.
-
- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php.
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __EFI_TLS_DRIVER_H__
-#define __EFI_TLS_DRIVER_H__
-
-#include <Uefi.h>
-
-//
-// Driver Protocols
-//
-#include <Protocol/ServiceBinding.h>
-
-//
-// Driver Version
-//
-#define TLS_VERSION 0x00000000
-
-#define TLS_SERVICE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'S')
-
-#define TLS_INSTANCE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'I')
-
-///
-/// TLS Service Data
-///
-typedef struct _TLS_SERVICE TLS_SERVICE;
-
-///
-/// TLS Instance Data
-///
-typedef struct _TLS_INSTANCE TLS_INSTANCE;
-
-
-struct _TLS_SERVICE {
- UINT32 Signature;
- EFI_SERVICE_BINDING_PROTOCOL ServiceBinding;
-
- UINT16 TlsChildrenNum;
- LIST_ENTRY TlsChildrenList;
-
- //
- // Handle to install TlsServiceBinding protocol.
- //
- EFI_HANDLE Handle;
- EFI_HANDLE ImageHandle;
-
- //
- // Main SSL Context object which is created by a server or client once per program
- // life-time and which holds mainly default values for the SSL object which are later
- // created for the connections.
- //
- VOID *TlsCtx;
-};
-
-struct _TLS_INSTANCE {
- UINT32 Signature;
- LIST_ENTRY Link;
-
- BOOLEAN InDestroy;
-
- TLS_SERVICE *Service;
- EFI_HANDLE ChildHandle;
-
- EFI_TLS_PROTOCOL Tls;
- EFI_TLS_CONFIGURATION_PROTOCOL TlsConfig;
-
- EFI_TLS_SESSION_STATE TlsSessionState;
-
- //
- // Main SSL Connection which is created by a server or a client
- // per established connection.
- //
- VOID *TlsConn;
-};
-
-
-#define TLS_SERVICE_FROM_THIS(a) \
- CR (a, TLS_SERVICE, ServiceBinding, TLS_SERVICE_SIGNATURE)
-
-#define TLS_INSTANCE_FROM_PROTOCOL(a) \
- CR (a, TLS_INSTANCE, Tls, TLS_INSTANCE_SIGNATURE)
-
-#define TLS_INSTANCE_FROM_CONFIGURATION(a) \
- CR (a, TLS_INSTANCE, TlsConfig, TLS_INSTANCE_SIGNATURE)
-
-
-/**
- Release all the resources used by the TLS instance.
-
- @param[in] Instance The TLS instance data.
-
-**/
-VOID
-TlsCleanInstance (
- IN TLS_INSTANCE *Instance
- );
-
-/**
- Create the TLS instance and initialize it.
-
- @param[in] Service The pointer to the TLS service.
- @param[out] Instance The pointer to the TLS instance.
-
- @retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
- @retval EFI_SUCCESS The TLS instance is created.
-
-**/
-EFI_STATUS
-TlsCreateInstance (
- IN TLS_SERVICE *Service,
- OUT TLS_INSTANCE **Instance
- );
-
-/**
- Release all the resources used by the TLS service binding instance.
-
- @param[in] Service The TLS service data.
-
-**/
-VOID
-TlsCleanService (
- IN TLS_SERVICE *Service
- );
-
-/**
- Create then initialize a TLS service.
-
- @param[in] Image ImageHandle of the TLS driver
- @param[out] Service The service for TLS driver
-
- @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the service.
- @retval EFI_SUCCESS The service is created for the driver.
-
-**/
-EFI_STATUS
-TlsCreateService (
- IN EFI_HANDLE Image,
- OUT TLS_SERVICE **Service
- );
-
-/**
- Unloads an image.
-
- @param[in] ImageHandle Handle that identifies the image to be unloaded.
-
- @retval EFI_SUCCESS The image has been unloaded.
- @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsUnload (
- IN EFI_HANDLE ImageHandle
- );
-
-/**
- This is the declaration of an EFI image entry point. This entry point is
- the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
- both device drivers and bus drivers.
-
- @param ImageHandle The firmware allocated handle for the UEFI image.
- @param SystemTable A pointer to the EFI System Table.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval Others An unexpected error occurred.
-**/
-EFI_STATUS
-EFIAPI
-TlsDriverEntryPoint (
- IN EFI_HANDLE ImageHandle,
- IN EFI_SYSTEM_TABLE *SystemTable
- );
-
-/**
- Creates a child handle and installs a protocol.
-
- The CreateChild() function installs a protocol on ChildHandle.
- If ChildHandle is a pointer to NULL, then a new handle is created and returned in ChildHandle.
- If ChildHandle is not a pointer to NULL, then the protocol installs on the existing ChildHandle.
-
- @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
- @param[in] ChildHandle Pointer to the handle of the child to create. If it is NULL,
- then a new handle is created. If it is a pointer to an existing UEFI handle,
- then the protocol is added to the existing UEFI handle.
-
- @retval EFI_SUCCES The protocol was added to ChildHandle.
- @retval EFI_INVALID_PARAMETER ChildHandle is NULL.
- @retval EFI_OUT_OF_RESOURCES There are not enough resources available to create
- the child.
- @retval other The child handle was not created.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsServiceBindingCreateChild (
- IN EFI_SERVICE_BINDING_PROTOCOL *This,
- IN EFI_HANDLE *ChildHandle
- );
-
-/**
- Destroys a child handle with a protocol installed on it.
-
- The DestroyChild() function does the opposite of CreateChild(). It removes a protocol
- that was installed by CreateChild() from ChildHandle. If the removed protocol is the
- last protocol on ChildHandle, then ChildHandle is destroyed.
-
- @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
- @param ChildHandle Handle of the child to destroy.
-
- @retval EFI_SUCCES The protocol was removed from ChildHandle.
- @retval EFI_UNSUPPORTED ChildHandle does not support the protocol that is being removed.
- @retval EFI_INVALID_PARAMETER Child handle is NULL.
- @retval EFI_ACCESS_DENIED The protocol could not be removed from the ChildHandle
- because its services are being used.
- @retval other The child handle was not destroyed.
-
-**/
-EFI_STATUS
-EFIAPI
-TlsServiceBindingDestroyChild (
- IN EFI_SERVICE_BINDING_PROTOCOL *This,
- IN EFI_HANDLE ChildHandle
- );
-
-#endif
+/** @file
+ Header file of the Driver Binding and Service Binding Protocol for TlsDxe driver.
+
+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __EFI_TLS_DRIVER_H__
+#define __EFI_TLS_DRIVER_H__
+
+#include <Uefi.h>
+
+//
+// Driver Protocols
+//
+#include <Protocol/ServiceBinding.h>
+
+//
+// Driver Version
+//
+#define TLS_VERSION 0x00000000
+
+#define TLS_SERVICE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'S')
+
+#define TLS_INSTANCE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'I')
+
+///
+/// TLS Service Data
+///
+typedef struct _TLS_SERVICE TLS_SERVICE;
+
+///
+/// TLS Instance Data
+///
+typedef struct _TLS_INSTANCE TLS_INSTANCE;
+
+
+struct _TLS_SERVICE {
+ UINT32 Signature;
+ EFI_SERVICE_BINDING_PROTOCOL ServiceBinding;
+
+ UINT16 TlsChildrenNum;
+ LIST_ENTRY TlsChildrenList;
+
+ //
+ // Handle to install TlsServiceBinding protocol.
+ //
+ EFI_HANDLE Handle;
+ EFI_HANDLE ImageHandle;
+
+ //
+ // Main SSL Context object which is created by a server or client once per program
+ // life-time and which holds mainly default values for the SSL object which are later
+ // created for the connections.
+ //
+ VOID *TlsCtx;
+};
+
+struct _TLS_INSTANCE {
+ UINT32 Signature;
+ LIST_ENTRY Link;
+
+ BOOLEAN InDestroy;
+
+ TLS_SERVICE *Service;
+ EFI_HANDLE ChildHandle;
+
+ EFI_TLS_PROTOCOL Tls;
+ EFI_TLS_CONFIGURATION_PROTOCOL TlsConfig;
+
+ EFI_TLS_SESSION_STATE TlsSessionState;
+
+ //
+ // Main SSL Connection which is created by a server or a client
+ // per established connection.
+ //
+ VOID *TlsConn;
+};
+
+
+#define TLS_SERVICE_FROM_THIS(a) \
+ CR (a, TLS_SERVICE, ServiceBinding, TLS_SERVICE_SIGNATURE)
+
+#define TLS_INSTANCE_FROM_PROTOCOL(a) \
+ CR (a, TLS_INSTANCE, Tls, TLS_INSTANCE_SIGNATURE)
+
+#define TLS_INSTANCE_FROM_CONFIGURATION(a) \
+ CR (a, TLS_INSTANCE, TlsConfig, TLS_INSTANCE_SIGNATURE)
+
+
+/**
+ Release all the resources used by the TLS instance.
+
+ @param[in] Instance The TLS instance data.
+
+**/
+VOID
+TlsCleanInstance (
+ IN TLS_INSTANCE *Instance
+ );
+
+/**
+ Create the TLS instance and initialize it.
+
+ @param[in] Service The pointer to the TLS service.
+ @param[out] Instance The pointer to the TLS instance.
+
+ @retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
+ @retval EFI_SUCCESS The TLS instance is created.
+
+**/
+EFI_STATUS
+TlsCreateInstance (
+ IN TLS_SERVICE *Service,
+ OUT TLS_INSTANCE **Instance
+ );
+
+/**
+ Release all the resources used by the TLS service binding instance.
+
+ @param[in] Service The TLS service data.
+
+**/
+VOID
+TlsCleanService (
+ IN TLS_SERVICE *Service
+ );
+
+/**
+ Create then initialize a TLS service.
+
+ @param[in] Image ImageHandle of the TLS driver
+ @param[out] Service The service for TLS driver
+
+ @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the service.
+ @retval EFI_SUCCESS The service is created for the driver.
+
+**/
+EFI_STATUS
+TlsCreateService (
+ IN EFI_HANDLE Image,
+ OUT TLS_SERVICE **Service
+ );
+
+/**
+ Unloads an image.
+
+ @param[in] ImageHandle Handle that identifies the image to be unloaded.
+
+ @retval EFI_SUCCESS The image has been unloaded.
+ @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsUnload (
+ IN EFI_HANDLE ImageHandle
+ );
+
+/**
+ This is the declaration of an EFI image entry point. This entry point is
+ the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
+ both device drivers and bus drivers.
+
+ @param ImageHandle The firmware allocated handle for the UEFI image.
+ @param SystemTable A pointer to the EFI System Table.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval Others An unexpected error occurred.
+**/
+EFI_STATUS
+EFIAPI
+TlsDriverEntryPoint (
+ IN EFI_HANDLE ImageHandle,
+ IN EFI_SYSTEM_TABLE *SystemTable
+ );
+
+/**
+ Creates a child handle and installs a protocol.
+
+ The CreateChild() function installs a protocol on ChildHandle.
+ If ChildHandle is a pointer to NULL, then a new handle is created and returned in ChildHandle.
+ If ChildHandle is not a pointer to NULL, then the protocol installs on the existing ChildHandle.
+
+ @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
+ @param[in] ChildHandle Pointer to the handle of the child to create. If it is NULL,
+ then a new handle is created. If it is a pointer to an existing UEFI handle,
+ then the protocol is added to the existing UEFI handle.
+
+ @retval EFI_SUCCES The protocol was added to ChildHandle.
+ @retval EFI_INVALID_PARAMETER ChildHandle is NULL.
+ @retval EFI_OUT_OF_RESOURCES There are not enough resources available to create
+ the child.
+ @retval other The child handle was not created.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsServiceBindingCreateChild (
+ IN EFI_SERVICE_BINDING_PROTOCOL *This,
+ IN EFI_HANDLE *ChildHandle
+ );
+
+/**
+ Destroys a child handle with a protocol installed on it.
+
+ The DestroyChild() function does the opposite of CreateChild(). It removes a protocol
+ that was installed by CreateChild() from ChildHandle. If the removed protocol is the
+ last protocol on ChildHandle, then ChildHandle is destroyed.
+
+ @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL instance.
+ @param ChildHandle Handle of the child to destroy.
+
+ @retval EFI_SUCCES The protocol was removed from ChildHandle.
+ @retval EFI_UNSUPPORTED ChildHandle does not support the protocol that is being removed.
+ @retval EFI_INVALID_PARAMETER Child handle is NULL.
+ @retval EFI_ACCESS_DENIED The protocol could not be removed from the ChildHandle
+ because its services are being used.
+ @retval other The child handle was not destroyed.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsServiceBindingDestroyChild (
+ IN EFI_SERVICE_BINDING_PROTOCOL *This,
+ IN EFI_HANDLE ChildHandle
+ );
+
+#endif
+
diff --git a/NetworkPkg/TlsDxe/TlsDxe.inf b/NetworkPkg/TlsDxe/TlsDxe.inf
index dba3257203..907feb735b 100644
--- a/NetworkPkg/TlsDxe/TlsDxe.inf
+++ b/NetworkPkg/TlsDxe/TlsDxe.inf
@@ -1,65 +1,66 @@
-## @file
-# This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and
-# EFI TLS Configuration Protocol.
-#
-# This module produces EFI TLS (Transport Layer Security) Protocol and EFI TLS
-# Service Binding Protocol, to provide TLS services.
-#
-# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-#
-# This program and the accompanying materials
-# are licensed and made available under the terms and conditions of the BSD License
-# which accompanies this distribution. The full text of the license may be found at
-# http://opensource.org/licenses/bsd-license.php.
-# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-#
-#
-##
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = TlsDxe
- FILE_GUID = 3aceb0c0-3c72-11e4-9a56-74d435052646
- MODULE_TYPE = UEFI_DRIVER
- VERSION_STRING = 1.0
- ENTRY_POINT = TlsDriverEntryPoint
- UNLOAD_IMAGE = TlsUnload
- MODULE_UNI_FILE = TlsDxe.uni
-
-#
-# VALID_ARCHITECTURES = IA32 X64
-#
-
-[Packages]
- MdePkg/MdePkg.dec
- MdeModulePkg/MdeModulePkg.dec
- CryptoPkg/CryptoPkg.dec
-
-[Sources]
- TlsDriver.h
- TlsDriver.c
- TlsProtocol.c
- TlsConfigProtocol.c
- TlsImpl.h
- TlsImpl.c
-
-[LibraryClasses]
- UefiDriverEntryPoint
- UefiBootServicesTableLib
- MemoryAllocationLib
- BaseMemoryLib
- BaseLib
- UefiLib
- DebugLib
- NetLib
- BaseCryptLib
- TlsLib
-
-[Protocols]
- gEfiTlsServiceBindingProtocolGuid ## PRODUCES
- gEfiTlsProtocolGuid ## PRODUCES
- gEfiTlsConfigurationProtocolGuid ## PRODUCES
-
-[UserExtensions.TianoCore."ExtraFiles"]
- TlsDxeExtra.uni
+## @file
+# This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and
+# EFI TLS Configuration Protocol.
+#
+# This module produces EFI TLS (Transport Layer Security) Protocol and EFI TLS
+# Service Binding Protocol, to provide TLS services.
+#
+# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+#
+# This program and the accompanying materials
+# are licensed and made available under the terms and conditions of the BSD License
+# which accompanies this distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php.
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+#
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TlsDxe
+ FILE_GUID = 3aceb0c0-3c72-11e4-9a56-74d435052646
+ MODULE_TYPE = UEFI_DRIVER
+ VERSION_STRING = 1.0
+ ENTRY_POINT = TlsDriverEntryPoint
+ UNLOAD_IMAGE = TlsUnload
+ MODULE_UNI_FILE = TlsDxe.uni
+
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[Sources]
+ TlsDriver.h
+ TlsDriver.c
+ TlsProtocol.c
+ TlsConfigProtocol.c
+ TlsImpl.h
+ TlsImpl.c
+
+[LibraryClasses]
+ UefiDriverEntryPoint
+ UefiBootServicesTableLib
+ MemoryAllocationLib
+ BaseMemoryLib
+ BaseLib
+ UefiLib
+ DebugLib
+ NetLib
+ BaseCryptLib
+ TlsLib
+
+[Protocols]
+ gEfiTlsServiceBindingProtocolGuid ## PRODUCES
+ gEfiTlsProtocolGuid ## PRODUCES
+ gEfiTlsConfigurationProtocolGuid ## PRODUCES
+
+[UserExtensions.TianoCore."ExtraFiles"]
+ TlsDxeExtra.uni
+
diff --git a/NetworkPkg/TlsDxe/TlsDxe.uni b/NetworkPkg/TlsDxe/TlsDxe.uni
index 98c41ca7c5..e2b1f5cd0b 100644
--- a/NetworkPkg/TlsDxe/TlsDxe.uni
+++ b/NetworkPkg/TlsDxe/TlsDxe.uni
@@ -1,25 +1,25 @@
-// /** @file
-// This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and
-// EFI TLS Configuration Protocol.
-//
-// This module produces EFI TLS (Transport Layer Security) Protocol, EFI TLS
-// Service Binding Protocol, and EFI TLS Configuration Protocol to provide TLS
-// services.
-//
-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php
-//
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT #language en-US "UEFI TLS service"
-
-#string STR_MODULE_DESCRIPTION #language en-US "This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and EFI TLS Configuration Protocol to provide EFI TLS services."
-
+// /** @file
+// This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and
+// EFI TLS Configuration Protocol.
+//
+// This module produces EFI TLS (Transport Layer Security) Protocol, EFI TLS
+// Service Binding Protocol, and EFI TLS Configuration Protocol to provide TLS
+// services.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php
+//
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "UEFI TLS service"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol and EFI TLS Configuration Protocol to provide EFI TLS services."
+
--git a/NetworkPkg/TlsDxe/TlsDxeExtra.uni b/NetworkPkg/TlsDxe/TlsDxeExtra.uni
index a38582a887..a5663c3279 100644
--- a/NetworkPkg/TlsDxe/TlsDxeExtra.uni
+++ b/NetworkPkg/TlsDxe/TlsDxeExtra.uni
@@ -1,18 +1,19 @@
-// /** @file
-// TlsDxe Localized Strings and Content
-//
-// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-//
-// This program and the accompanying materials
-// are licensed and made available under the terms and conditions of the BSD License
-// which accompanies this distribution. The full text of the license may be found at
-// http://opensource.org/licenses/bsd-license.php.
-//
-// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-//
-// **/
-
-#string STR_PROPERTIES_MODULE_NAME
-#language en-US
-"EFI TLS DXE Driver"
+// /** @file
+// TlsDxe Localized Strings and Content
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// This program and the accompanying materials
+// are licensed and made available under the terms and conditions of the BSD License
+// which accompanies this distribution. The full text of the license may be found at
+// http://opensource.org/licenses/bsd-license.php.
+//
+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"EFI TLS DXE Driver"
+
diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c
index efdec2d92d..8e1238216b 100644
--- a/NetworkPkg/TlsDxe/TlsImpl.c
+++ b/NetworkPkg/TlsDxe/TlsImpl.c
@@ -1,326 +1,327 @@
-/** @file
- The Miscellaneous Routines for TlsDxe driver.
-
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsImpl.h"
-
-/**
- Encrypt the message listed in fragment.
-
- @param[in] TlsInstance The pointer to the TLS instance.
- @param[in, out] FragmentTable Pointer to a list of fragment.
- On input these fragments contain the TLS header and
- plain text TLS payload;
- On output these fragments contain the TLS header and
- cipher text TLS payload.
- @param[in] FragmentCount Number of fragment.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED TLS session state is incorrect.
- @retval Others Other errors as indicated.
-**/
-EFI_STATUS
-TlsEncryptPacket (
- IN TLS_INSTANCE *TlsInstance,
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount
- )
-{
- EFI_STATUS Status;
- UINTN Index;
- UINT32 BytesCopied;
- UINT32 BufferInSize;
- UINT8 *BufferIn;
- UINT8 *BufferInPtr;
- TLS_RECORD_HEADER *RecordHeaderIn;
- UINT16 ThisPlainMessageSize;
- TLS_RECORD_HEADER *TempRecordHeader;
- UINT16 ThisMessageSize;
- UINT32 BufferOutSize;
- UINT8 *BufferOut;
- INTN Ret;
-
- Status = EFI_SUCCESS;
- BytesCopied = 0;
- BufferInSize = 0;
- BufferIn = NULL;
- BufferInPtr = NULL;
- RecordHeaderIn = NULL;
- TempRecordHeader = NULL;
- BufferOutSize = 0;
- BufferOut = NULL;
- Ret = 0;
-
- //
- // Calculate the size according to the fragment table.
- //
- for (Index = 0; Index < *FragmentCount; Index++) {
- BufferInSize += (*FragmentTable)[Index].FragmentLength;
- }
-
- //
- // Allocate buffer for processing data.
- //
- BufferIn = AllocateZeroPool (BufferInSize);
- if (BufferIn == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ERROR;
- }
-
- //
- // Copy all TLS plain record header and payload into BufferIn.
- //
- for (Index = 0; Index < *FragmentCount; Index++) {
- CopyMem (
- (BufferIn + BytesCopied),
- (*FragmentTable)[Index].FragmentBuffer,
- (*FragmentTable)[Index].FragmentLength
- );
- BytesCopied += (*FragmentTable)[Index].FragmentLength;
- }
-
- BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ERROR;
- }
-
- //
- // Parsing buffer.
- //
- BufferInPtr = BufferIn;
- TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
- while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
- RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
-
- if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
- Status = EFI_INVALID_PARAMETER;
- goto ERROR;
- }
-
- ThisPlainMessageSize = RecordHeaderIn->Length;
-
- TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize);
-
- Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
-
- if (Ret > 0) {
- ThisMessageSize = (UINT16) Ret;
- } else {
- //
- // No data was successfully encrypted, continue to encrypt other messages.
- //
- DEBUG ((EFI_D_WARN, "TlsEncryptPacket: No data read from TLS object.\n"));
-
- ThisMessageSize = 0;
- }
-
- BufferOutSize += ThisMessageSize;
-
- BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
- TempRecordHeader += ThisMessageSize;
- }
-
- FreePool (BufferIn);
- BufferIn = NULL;
-
- //
- // The caller will be responsible to handle the original fragment table.
- //
- *FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
- if (*FragmentTable == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ERROR;
- }
-
- (*FragmentTable)[0].FragmentBuffer = BufferOut;
- (*FragmentTable)[0].FragmentLength = BufferOutSize;
- *FragmentCount = 1;
-
- return Status;
-
-ERROR:
-
- if (BufferIn != NULL) {
- FreePool (BufferIn);
- BufferIn = NULL;
- }
-
- if (BufferOut != NULL) {
- FreePool (BufferOut);
- BufferOut = NULL;
- }
-
- return Status;
-}
-
-/**
- Decrypt the message listed in fragment.
-
- @param[in] TlsInstance The pointer to the TLS instance.
- @param[in, out] FragmentTable Pointer to a list of fragment.
- On input these fragments contain the TLS header and
- cipher text TLS payload;
- On output these fragments contain the TLS header and
- plain text TLS payload.
- @param[in] FragmentCount Number of fragment.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED TLS session state is incorrect.
- @retval Others Other errors as indicated.
-**/
-EFI_STATUS
-TlsDecryptPacket (
- IN TLS_INSTANCE *TlsInstance,
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount
- )
-{
- EFI_STATUS Status;
- UINTN Index;
- UINT32 BytesCopied;
- UINT8 *BufferIn;
- UINT32 BufferInSize;
- UINT8 *BufferInPtr;
- TLS_RECORD_HEADER *RecordHeaderIn;
- UINT16 ThisCipherMessageSize;
- TLS_RECORD_HEADER *TempRecordHeader;
- UINT16 ThisPlainMessageSize;
- UINT8 *BufferOut;
- UINT32 BufferOutSize;
- INTN Ret;
-
- Status = EFI_SUCCESS;
- BytesCopied = 0;
- BufferIn = NULL;
- BufferInSize = 0;
- BufferInPtr = NULL;
- RecordHeaderIn = NULL;
- TempRecordHeader = NULL;
- BufferOut = NULL;
- BufferOutSize = 0;
- Ret = 0;
-
- //
- // Calculate the size according to the fragment table.
- //
- for (Index = 0; Index < *FragmentCount; Index++) {
- BufferInSize += (*FragmentTable)[Index].FragmentLength;
- }
-
- //
- // Allocate buffer for processing data
- //
- BufferIn = AllocateZeroPool (BufferInSize);
- if (BufferIn == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ERROR;
- }
-
- //
- // Copy all TLS plain record header and payload to BufferIn
- //
- for (Index = 0; Index < *FragmentCount; Index++) {
- CopyMem (
- (BufferIn + BytesCopied),
- (*FragmentTable)[Index].FragmentBuffer,
- (*FragmentTable)[Index].FragmentLength
- );
- BytesCopied += (*FragmentTable)[Index].FragmentLength;
- }
-
- BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
- if (BufferOut == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ERROR;
- }
-
- //
- // Parsing buffer. Received packet may have multiple TLS record messages.
- //
- BufferInPtr = BufferIn;
- TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
- while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
- RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
-
- if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
- Status = EFI_INVALID_PARAMETER;
- goto ERROR;
- }
-
- ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
-
- Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), RECORD_HEADER_LEN + ThisCipherMessageSize);
- if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {
- TlsInstance->TlsSessionState = EfiTlsSessionError;
- Status = EFI_ABORTED;
- goto ERROR;
- }
-
- Ret = 0;
- Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), MAX_BUFFER_SIZE - BufferOutSize);
-
- if (Ret > 0) {
- ThisPlainMessageSize = (UINT16) Ret;
- } else {
- //
- // No data was successfully decrypted, continue to decrypt other messages.
- //
- DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS object.\n"));
-
- ThisPlainMessageSize = 0;
- }
-
- CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN);
- TempRecordHeader->Length = ThisPlainMessageSize;
- BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;
-
- BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;
- TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;
- }
-
- FreePool (BufferIn);
- BufferIn = NULL;
-
- //
- // The caller will be responsible to handle the original fragment table
- //
- *FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
- if (*FragmentTable == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ERROR;
- }
-
- (*FragmentTable)[0].FragmentBuffer = BufferOut;
- (*FragmentTable)[0].FragmentLength = BufferOutSize;
- *FragmentCount = 1;
-
- return Status;
-
-ERROR:
-
- if (BufferIn != NULL) {
- FreePool (BufferIn);
- BufferIn = NULL;
- }
-
- if (BufferOut != NULL) {
- FreePool (BufferOut);
- BufferOut = NULL;
- }
-
- return Status;
-}
+/** @file
+ The Miscellaneous Routines for TlsDxe driver.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "TlsImpl.h"
+
+/**
+ Encrypt the message listed in fragment.
+
+ @param[in] TlsInstance The pointer to the TLS instance.
+ @param[in, out] FragmentTable Pointer to a list of fragment.
+ On input these fragments contain the TLS header and
+ plain text TLS payload;
+ On output these fragments contain the TLS header and
+ cipher text TLS payload.
+ @param[in] FragmentCount Number of fragment.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_ABORTED TLS session state is incorrect.
+ @retval Others Other errors as indicated.
+**/
+EFI_STATUS
+TlsEncryptPacket (
+ IN TLS_INSTANCE *TlsInstance,
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
+ IN UINT32 *FragmentCount
+ )
+{
+ EFI_STATUS Status;
+ UINTN Index;
+ UINT32 BytesCopied;
+ UINT32 BufferInSize;
+ UINT8 *BufferIn;
+ UINT8 *BufferInPtr;
+ TLS_RECORD_HEADER *RecordHeaderIn;
+ UINT16 ThisPlainMessageSize;
+ TLS_RECORD_HEADER *TempRecordHeader;
+ UINT16 ThisMessageSize;
+ UINT32 BufferOutSize;
+ UINT8 *BufferOut;
+ INTN Ret;
+
+ Status = EFI_SUCCESS;
+ BytesCopied = 0;
+ BufferInSize = 0;
+ BufferIn = NULL;
+ BufferInPtr = NULL;
+ RecordHeaderIn = NULL;
+ TempRecordHeader = NULL;
+ BufferOutSize = 0;
+ BufferOut = NULL;
+ Ret = 0;
+
+ //
+ // Calculate the size according to the fragment table.
+ //
+ for (Index = 0; Index < *FragmentCount; Index++) {
+ BufferInSize += (*FragmentTable)[Index].FragmentLength;
+ }
+
+ //
+ // Allocate buffer for processing data.
+ //
+ BufferIn = AllocateZeroPool (BufferInSize);
+ if (BufferIn == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ERROR;
+ }
+
+ //
+ // Copy all TLS plain record header and payload into BufferIn.
+ //
+ for (Index = 0; Index < *FragmentCount; Index++) {
+ CopyMem (
+ (BufferIn + BytesCopied),
+ (*FragmentTable)[Index].FragmentBuffer,
+ (*FragmentTable)[Index].FragmentLength
+ );
+ BytesCopied += (*FragmentTable)[Index].FragmentLength;
+ }
+
+ BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
+ if (BufferOut == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ERROR;
+ }
+
+ //
+ // Parsing buffer.
+ //
+ BufferInPtr = BufferIn;
+ TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
+ while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
+ RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
+
+ if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
+ Status = EFI_INVALID_PARAMETER;
+ goto ERROR;
+ }
+
+ ThisPlainMessageSize = RecordHeaderIn->Length;
+
+ TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1), ThisPlainMessageSize);
+
+ Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8 *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
+
+ if (Ret > 0) {
+ ThisMessageSize = (UINT16) Ret;
+ } else {
+ //
+ // No data was successfully encrypted, continue to encrypt other messages.
+ //
+ DEBUG ((EFI_D_WARN, "TlsEncryptPacket: No data read from TLS object.\n"));
+
+ ThisMessageSize = 0;
+ }
+
+ BufferOutSize += ThisMessageSize;
+
+ BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
+ TempRecordHeader += ThisMessageSize;
+ }
+
+ FreePool (BufferIn);
+ BufferIn = NULL;
+
+ //
+ // The caller will be responsible to handle the original fragment table.
+ //
+ *FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
+ if (*FragmentTable == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ERROR;
+ }
+
+ (*FragmentTable)[0].FragmentBuffer = BufferOut;
+ (*FragmentTable)[0].FragmentLength = BufferOutSize;
+ *FragmentCount = 1;
+
+ return Status;
+
+ERROR:
+
+ if (BufferIn != NULL) {
+ FreePool (BufferIn);
+ BufferIn = NULL;
+ }
+
+ if (BufferOut != NULL) {
+ FreePool (BufferOut);
+ BufferOut = NULL;
+ }
+
+ return Status;
+}
+
+/**
+ Decrypt the message listed in fragment.
+
+ @param[in] TlsInstance The pointer to the TLS instance.
+ @param[in, out] FragmentTable Pointer to a list of fragment.
+ On input these fragments contain the TLS header and
+ cipher text TLS payload;
+ On output these fragments contain the TLS header and
+ plain text TLS payload.
+ @param[in] FragmentCount Number of fragment.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_ABORTED TLS session state is incorrect.
+ @retval Others Other errors as indicated.
+**/
+EFI_STATUS
+TlsDecryptPacket (
+ IN TLS_INSTANCE *TlsInstance,
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
+ IN UINT32 *FragmentCount
+ )
+{
+ EFI_STATUS Status;
+ UINTN Index;
+ UINT32 BytesCopied;
+ UINT8 *BufferIn;
+ UINT32 BufferInSize;
+ UINT8 *BufferInPtr;
+ TLS_RECORD_HEADER *RecordHeaderIn;
+ UINT16 ThisCipherMessageSize;
+ TLS_RECORD_HEADER *TempRecordHeader;
+ UINT16 ThisPlainMessageSize;
+ UINT8 *BufferOut;
+ UINT32 BufferOutSize;
+ INTN Ret;
+
+ Status = EFI_SUCCESS;
+ BytesCopied = 0;
+ BufferIn = NULL;
+ BufferInSize = 0;
+ BufferInPtr = NULL;
+ RecordHeaderIn = NULL;
+ TempRecordHeader = NULL;
+ BufferOut = NULL;
+ BufferOutSize = 0;
+ Ret = 0;
+
+ //
+ // Calculate the size according to the fragment table.
+ //
+ for (Index = 0; Index < *FragmentCount; Index++) {
+ BufferInSize += (*FragmentTable)[Index].FragmentLength;
+ }
+
+ //
+ // Allocate buffer for processing data
+ //
+ BufferIn = AllocateZeroPool (BufferInSize);
+ if (BufferIn == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ERROR;
+ }
+
+ //
+ // Copy all TLS plain record header and payload to BufferIn
+ //
+ for (Index = 0; Index < *FragmentCount; Index++) {
+ CopyMem (
+ (BufferIn + BytesCopied),
+ (*FragmentTable)[Index].FragmentBuffer,
+ (*FragmentTable)[Index].FragmentLength
+ );
+ BytesCopied += (*FragmentTable)[Index].FragmentLength;
+ }
+
+ BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
+ if (BufferOut == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ERROR;
+ }
+
+ //
+ // Parsing buffer. Received packet may have multiple TLS record messages.
+ //
+ BufferInPtr = BufferIn;
+ TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
+ while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
+ RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
+
+ if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
+ Status = EFI_INVALID_PARAMETER;
+ goto ERROR;
+ }
+
+ ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
+
+ Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn), RECORD_HEADER_LEN + ThisCipherMessageSize);
+ if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {
+ TlsInstance->TlsSessionState = EfiTlsSessionError;
+ Status = EFI_ABORTED;
+ goto ERROR;
+ }
+
+ Ret = 0;
+ Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1), MAX_BUFFER_SIZE - BufferOutSize);
+
+ if (Ret > 0) {
+ ThisPlainMessageSize = (UINT16) Ret;
+ } else {
+ //
+ // No data was successfully decrypted, continue to decrypt other messages.
+ //
+ DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS object.\n"));
+
+ ThisPlainMessageSize = 0;
+ }
+
+ CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN);
+ TempRecordHeader->Length = ThisPlainMessageSize;
+ BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;
+
+ BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;
+ TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;
+ }
+
+ FreePool (BufferIn);
+ BufferIn = NULL;
+
+ //
+ // The caller will be responsible to handle the original fragment table
+ //
+ *FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
+ if (*FragmentTable == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ERROR;
+ }
+
+ (*FragmentTable)[0].FragmentBuffer = BufferOut;
+ (*FragmentTable)[0].FragmentLength = BufferOutSize;
+ *FragmentCount = 1;
+
+ return Status;
+
+ERROR:
+
+ if (BufferIn != NULL) {
+ FreePool (BufferIn);
+ BufferIn = NULL;
+ }
+
+ if (BufferOut != NULL) {
+ FreePool (BufferOut);
+ BufferOut = NULL;
+ }
+
+ return Status;
+}
+
diff --git a/NetworkPkg/TlsDxe/TlsImpl.h b/NetworkPkg/TlsDxe/TlsImpl.h
index 71b1bdb7dc..3ae9d0d546 100644
--- a/NetworkPkg/TlsDxe/TlsImpl.h
+++ b/NetworkPkg/TlsDxe/TlsImpl.h
@@ -1,315 +1,316 @@
-/** @file
- Header file of Miscellaneous Routines for TlsDxe driver.
-
-Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __EFI_TLS_IMPL_H__
-#define __EFI_TLS_IMPL_H__
-
-//
-// Libraries
-//
-#include <Library/UefiBootServicesTableLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/BaseLib.h>
-#include <Library/UefiLib.h>
-#include <Library/DebugLib.h>
-#include <Library/NetLib.h>
-#include <Library/BaseCryptLib.h>
-#include <Library/TlsLib.h>
-
-//
-// Consumed Protocols
-//
-#include <Protocol/Tls.h>
-#include <Protocol/TlsConfig.h>
-
-#include <IndustryStandard/Tls1.h>
-
-#include "TlsDriver.h"
-
-//
-// Protocol instances
-//
-extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding;
-extern EFI_TLS_PROTOCOL mTlsProtocol;
-extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol;
-
-#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2)
-
-#define MAX_BUFFER_SIZE 32768
-
-/**
- Encrypt the message listed in fragment.
-
- @param[in] TlsInstance The pointer to the TLS instance.
- @param[in, out] FragmentTable Pointer to a list of fragment.
- On input these fragments contain the TLS header and
- plain text TLS payload;
- On output these fragments contain the TLS header and
- cipher text TLS payload.
- @param[in] FragmentCount Number of fragment.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED TLS session state is incorrect.
- @retval Others Other errors as indicated.
-**/
-EFI_STATUS
-TlsEncryptPacket (
- IN TLS_INSTANCE *TlsInstance,
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount
- );
-
-/**
- Decrypt the message listed in fragment.
-
- @param[in] TlsInstance The pointer to the TLS instance.
- @param[in, out] FragmentTable Pointer to a list of fragment.
- On input these fragments contain the TLS header and
- cipher text TLS payload;
- On output these fragments contain the TLS header and
- plain text TLS payload.
- @param[in] FragmentCount Number of fragment.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
- @retval EFI_ABORTED TLS session state is incorrect.
- @retval Others Other errors as indicated.
-**/
-EFI_STATUS
-TlsDecryptPacket (
- IN TLS_INSTANCE *TlsInstance,
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount
- );
-
-/**
- Set TLS session data.
-
- The SetSessionData() function set data for a new TLS session. All session data should
- be set before BuildResponsePacket() invoked.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] DataType TLS session data type.
- @param[in] Data Pointer to session data.
- @param[in] DataSize Total size of session data.
-
- @retval EFI_SUCCESS The TLS session data is set successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- Data is NULL.
- DataSize is 0.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_ACCESS_DENIED If the DataType is one of below:
- EfiTlsClientRandom
- EfiTlsServerRandom
- EfiTlsKeyMaterial
- @retval EFI_NOT_READY Current TLS session state is NOT
- EfiTlsSessionStateNotStarted.
- @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
-**/
-EFI_STATUS
-EFIAPI
-TlsSetSessionData (
- IN EFI_TLS_PROTOCOL *This,
- IN EFI_TLS_SESSION_DATA_TYPE DataType,
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Get TLS session data.
-
- The GetSessionData() function return the TLS session information.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] DataType TLS session data type.
- @param[in, out] Data Pointer to session data.
- @param[in, out] DataSize Total size of session data. On input, it means
- the size of Data buffer. On output, it means the size
- of copied Data buffer if EFI_SUCCESS, and means the
- size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
-
- @retval EFI_SUCCESS The TLS session data is got successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- DataSize is NULL.
- Data is NULL if *DataSize is not zero.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_NOT_FOUND The TLS session data is not found.
- @retval EFI_NOT_READY The DataType is not ready in current session state.
- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
-**/
-EFI_STATUS
-EFIAPI
-TlsGetSessionData (
- IN EFI_TLS_PROTOCOL *This,
- IN EFI_TLS_SESSION_DATA_TYPE DataType,
- IN OUT VOID *Data, OPTIONAL
- IN OUT UINTN *DataSize
- );
-
-/**
- Build response packet according to TLS state machine. This function is only valid for
- alert, handshake and change_cipher_spec content type.
-
- The BuildResponsePacket() function builds TLS response packet in response to the TLS
- request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and
- RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session
- will be initiated and the response packet needs to be ClientHello. If RequestBuffer is
- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS
- session will be closed and response packet needs to be CloseNotify. If RequestBuffer is
- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS
- session has errors and the response packet needs to be Alert message based on error
- type.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL
- means TLS need initiate the TLS session and response
- packet need to be ClientHello.
- @param[in] RequestSize Packet size in bytes for the most recently received TLS
- packet. 0 is only valid when RequestBuffer is NULL.
- @param[out] Buffer Pointer to the buffer to hold the built packet.
- @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- RequestBuffer is NULL but RequestSize is NOT 0.
- RequestSize is 0 but RequestBuffer is NOT NULL.
- BufferSize is NULL.
- Buffer is NULL if *BufferSize is not zero.
- @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
- @retval EFI_NOT_READY Current TLS session state is NOT ready to build
- ResponsePacket.
- @retval EFI_ABORTED Something wrong build response packet.
-**/
-EFI_STATUS
-EFIAPI
-TlsBuildResponsePacket (
- IN EFI_TLS_PROTOCOL *This,
- IN UINT8 *RequestBuffer, OPTIONAL
- IN UINTN RequestSize, OPTIONAL
- OUT UINT8 *Buffer, OPTIONAL
- IN OUT UINTN *BufferSize
- );
-
-/**
- Decrypt or encrypt TLS packet during session. This function is only valid after
- session connected and for application_data content type.
-
- The ProcessPacket () function process each inbound or outbound TLS APP packet.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take
- responsible to handle the original FragmentTable while
- it may be reallocated in TLS driver. If CryptMode is
- EfiTlsEncrypt, on input these fragments contain the TLS
- header and plain text TLS APP payload; on output these
- fragments contain the TLS header and cipher text TLS
- APP payload. If CryptMode is EfiTlsDecrypt, on input
- these fragments contain the TLS header and cipher text
- TLS APP payload; on output these fragments contain the
- TLS header and plain text TLS APP payload.
- @param[in] FragmentCount Number of fragment.
- @param[in] CryptMode Crypt mode.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- FragmentTable is NULL.
- FragmentCount is NULL.
- CryptoMode is invalid.
- @retval EFI_NOT_READY Current TLS session state is NOT
- EfiTlsSessionDataTransferring.
- @retval EFI_ABORTED Something wrong decryption the message. TLS session
- status will become EfiTlsSessionError. The caller need
- call BuildResponsePacket() to generate Error Alert
- message and send it out.
- @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.
-**/
-EFI_STATUS
-EFIAPI
-TlsProcessPacket (
- IN EFI_TLS_PROTOCOL *This,
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount,
- IN EFI_TLS_CRYPT_MODE CryptMode
- );
-
-/**
- Set TLS configuration data.
-
- The SetData() function sets TLS configuration to non-volatile storage or volatile
- storage.
-
- @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
- @param[in] DataType Configuration data type.
- @param[in] Data Pointer to configuration data.
- @param[in] DataSize Total size of configuration data.
-
- @retval EFI_SUCCESS The TLS configuration data is set successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- Data is NULL.
- DataSize is 0.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
-**/
-EFI_STATUS
-EFIAPI
-TlsConfigurationSetData (
- IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
- IN EFI_TLS_CONFIG_DATA_TYPE DataType,
- IN VOID *Data,
- IN UINTN DataSize
- );
-
-/**
- Get TLS configuration data.
-
- The GetData() function gets TLS configuration.
-
- @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
- @param[in] DataType Configuration data type.
- @param[in, out] Data Pointer to configuration data.
- @param[in, out] DataSize Total size of configuration data. On input, it means
- the size of Data buffer. On output, it means the size
- of copied Data buffer if EFI_SUCCESS, and means the
- size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
-
- @retval EFI_SUCCESS The TLS configuration data is got successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- DataSize is NULL.
- Data is NULL if *DataSize is not zero.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_NOT_FOUND The TLS configuration data is not found.
- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
-**/
-EFI_STATUS
-EFIAPI
-TlsConfigurationGetData (
- IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
- IN EFI_TLS_CONFIG_DATA_TYPE DataType,
- IN OUT VOID *Data, OPTIONAL
- IN OUT UINTN *DataSize
- );
-
-#endif
+/** @file
+ Header file of Miscellaneous Routines for TlsDxe driver.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __EFI_TLS_IMPL_H__
+#define __EFI_TLS_IMPL_H__
+
+//
+// Libraries
+//
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/UefiLib.h>
+#include <Library/DebugLib.h>
+#include <Library/NetLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/TlsLib.h>
+
+//
+// Consumed Protocols
+//
+#include <Protocol/Tls.h>
+#include <Protocol/TlsConfig.h>
+
+#include <IndustryStandard/Tls1.h>
+
+#include "TlsDriver.h"
+
+//
+// Protocol instances
+//
+extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding;
+extern EFI_TLS_PROTOCOL mTlsProtocol;
+extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol;
+
+#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) + Length(2)
+
+#define MAX_BUFFER_SIZE 32768
+
+/**
+ Encrypt the message listed in fragment.
+
+ @param[in] TlsInstance The pointer to the TLS instance.
+ @param[in, out] FragmentTable Pointer to a list of fragment.
+ On input these fragments contain the TLS header and
+ plain text TLS payload;
+ On output these fragments contain the TLS header and
+ cipher text TLS payload.
+ @param[in] FragmentCount Number of fragment.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_ABORTED TLS session state is incorrect.
+ @retval Others Other errors as indicated.
+**/
+EFI_STATUS
+TlsEncryptPacket (
+ IN TLS_INSTANCE *TlsInstance,
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
+ IN UINT32 *FragmentCount
+ );
+
+/**
+ Decrypt the message listed in fragment.
+
+ @param[in] TlsInstance The pointer to the TLS instance.
+ @param[in, out] FragmentTable Pointer to a list of fragment.
+ On input these fragments contain the TLS header and
+ cipher text TLS payload;
+ On output these fragments contain the TLS header and
+ plain text TLS payload.
+ @param[in] FragmentCount Number of fragment.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
+ @retval EFI_ABORTED TLS session state is incorrect.
+ @retval Others Other errors as indicated.
+**/
+EFI_STATUS
+TlsDecryptPacket (
+ IN TLS_INSTANCE *TlsInstance,
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
+ IN UINT32 *FragmentCount
+ );
+
+/**
+ Set TLS session data.
+
+ The SetSessionData() function set data for a new TLS session. All session data should
+ be set before BuildResponsePacket() invoked.
+
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[in] DataType TLS session data type.
+ @param[in] Data Pointer to session data.
+ @param[in] DataSize Total size of session data.
+
+ @retval EFI_SUCCESS The TLS session data is set successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ Data is NULL.
+ DataSize is 0.
+ @retval EFI_UNSUPPORTED The DataType is unsupported.
+ @retval EFI_ACCESS_DENIED If the DataType is one of below:
+ EfiTlsClientRandom
+ EfiTlsServerRandom
+ EfiTlsKeyMaterial
+ @retval EFI_NOT_READY Current TLS session state is NOT
+ EfiTlsSessionStateNotStarted.
+ @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
+**/
+EFI_STATUS
+EFIAPI
+TlsSetSessionData (
+ IN EFI_TLS_PROTOCOL *This,
+ IN EFI_TLS_SESSION_DATA_TYPE DataType,
+ IN VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Get TLS session data.
+
+ The GetSessionData() function return the TLS session information.
+
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[in] DataType TLS session data type.
+ @param[in, out] Data Pointer to session data.
+ @param[in, out] DataSize Total size of session data. On input, it means
+ the size of Data buffer. On output, it means the size
+ of copied Data buffer if EFI_SUCCESS, and means the
+ size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
+
+ @retval EFI_SUCCESS The TLS session data is got successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ DataSize is NULL.
+ Data is NULL if *DataSize is not zero.
+ @retval EFI_UNSUPPORTED The DataType is unsupported.
+ @retval EFI_NOT_FOUND The TLS session data is not found.
+ @retval EFI_NOT_READY The DataType is not ready in current session state.
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
+**/
+EFI_STATUS
+EFIAPI
+TlsGetSessionData (
+ IN EFI_TLS_PROTOCOL *This,
+ IN EFI_TLS_SESSION_DATA_TYPE DataType,
+ IN OUT VOID *Data, OPTIONAL
+ IN OUT UINTN *DataSize
+ );
+
+/**
+ Build response packet according to TLS state machine. This function is only valid for
+ alert, handshake and change_cipher_spec content type.
+
+ The BuildResponsePacket() function builds TLS response packet in response to the TLS
+ request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and
+ RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session
+ will be initiated and the response packet needs to be ClientHello. If RequestBuffer is
+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS
+ session will be closed and response packet needs to be CloseNotify. If RequestBuffer is
+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS
+ session has errors and the response packet needs to be Alert message based on error
+ type.
+
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL
+ means TLS need initiate the TLS session and response
+ packet need to be ClientHello.
+ @param[in] RequestSize Packet size in bytes for the most recently received TLS
+ packet. 0 is only valid when RequestBuffer is NULL.
+ @param[out] Buffer Pointer to the buffer to hold the built packet.
+ @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
+ the buffer size provided by the caller. On output, it
+ is the buffer size in fact needed to contain the
+ packet.
+
+ @retval EFI_SUCCESS The required TLS packet is built successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ RequestBuffer is NULL but RequestSize is NOT 0.
+ RequestSize is 0 but RequestBuffer is NOT NULL.
+ BufferSize is NULL.
+ Buffer is NULL if *BufferSize is not zero.
+ @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
+ @retval EFI_NOT_READY Current TLS session state is NOT ready to build
+ ResponsePacket.
+ @retval EFI_ABORTED Something wrong build response packet.
+**/
+EFI_STATUS
+EFIAPI
+TlsBuildResponsePacket (
+ IN EFI_TLS_PROTOCOL *This,
+ IN UINT8 *RequestBuffer, OPTIONAL
+ IN UINTN RequestSize, OPTIONAL
+ OUT UINT8 *Buffer, OPTIONAL
+ IN OUT UINTN *BufferSize
+ );
+
+/**
+ Decrypt or encrypt TLS packet during session. This function is only valid after
+ session connected and for application_data content type.
+
+ The ProcessPacket () function process each inbound or outbound TLS APP packet.
+
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take
+ responsible to handle the original FragmentTable while
+ it may be reallocated in TLS driver. If CryptMode is
+ EfiTlsEncrypt, on input these fragments contain the TLS
+ header and plain text TLS APP payload; on output these
+ fragments contain the TLS header and cipher text TLS
+ APP payload. If CryptMode is EfiTlsDecrypt, on input
+ these fragments contain the TLS header and cipher text
+ TLS APP payload; on output these fragments contain the
+ TLS header and plain text TLS APP payload.
+ @param[in] FragmentCount Number of fragment.
+ @param[in] CryptMode Crypt mode.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ FragmentTable is NULL.
+ FragmentCount is NULL.
+ CryptoMode is invalid.
+ @retval EFI_NOT_READY Current TLS session state is NOT
+ EfiTlsSessionDataTransferring.
+ @retval EFI_ABORTED Something wrong decryption the message. TLS session
+ status will become EfiTlsSessionError. The caller need
+ call BuildResponsePacket() to generate Error Alert
+ message and send it out.
+ @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.
+**/
+EFI_STATUS
+EFIAPI
+TlsProcessPacket (
+ IN EFI_TLS_PROTOCOL *This,
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
+ IN UINT32 *FragmentCount,
+ IN EFI_TLS_CRYPT_MODE CryptMode
+ );
+
+/**
+ Set TLS configuration data.
+
+ The SetData() function sets TLS configuration to non-volatile storage or volatile
+ storage.
+
+ @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+ @param[in] DataType Configuration data type.
+ @param[in] Data Pointer to configuration data.
+ @param[in] DataSize Total size of configuration data.
+
+ @retval EFI_SUCCESS The TLS configuration data is set successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ Data is NULL.
+ DataSize is 0.
+ @retval EFI_UNSUPPORTED The DataType is unsupported.
+ @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
+**/
+EFI_STATUS
+EFIAPI
+TlsConfigurationSetData (
+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
+ IN EFI_TLS_CONFIG_DATA_TYPE DataType,
+ IN VOID *Data,
+ IN UINTN DataSize
+ );
+
+/**
+ Get TLS configuration data.
+
+ The GetData() function gets TLS configuration.
+
+ @param[in] This Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+ @param[in] DataType Configuration data type.
+ @param[in, out] Data Pointer to configuration data.
+ @param[in, out] DataSize Total size of configuration data. On input, it means
+ the size of Data buffer. On output, it means the size
+ of copied Data buffer if EFI_SUCCESS, and means the
+ size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
+
+ @retval EFI_SUCCESS The TLS configuration data is got successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ DataSize is NULL.
+ Data is NULL if *DataSize is not zero.
+ @retval EFI_UNSUPPORTED The DataType is unsupported.
+ @retval EFI_NOT_FOUND The TLS configuration data is not found.
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
+**/
+EFI_STATUS
+EFIAPI
+TlsConfigurationGetData (
+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
+ IN EFI_TLS_CONFIG_DATA_TYPE DataType,
+ IN OUT VOID *Data, OPTIONAL
+ IN OUT UINTN *DataSize
+ );
+
+#endif
+
diff --git a/NetworkPkg/TlsDxe/TlsProtocol.c b/NetworkPkg/TlsDxe/TlsProtocol.c
index 58a83c3ab7..ad4c922c60 100644
--- a/NetworkPkg/TlsDxe/TlsProtocol.c
+++ b/NetworkPkg/TlsDxe/TlsProtocol.c
@@ -1,632 +1,633 @@
-/** @file
- Implementation of EFI TLS Protocol Interfaces.
-
- Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
- http://opensource.org/licenses/bsd-license.php.
-
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include "TlsImpl.h"
-
-EFI_TLS_PROTOCOL mTlsProtocol = {
- TlsSetSessionData,
- TlsGetSessionData,
- TlsBuildResponsePacket,
- TlsProcessPacket
-};
-
-/**
- Set TLS session data.
-
- The SetSessionData() function set data for a new TLS session. All session data should
- be set before BuildResponsePacket() invoked.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] DataType TLS session data type.
- @param[in] Data Pointer to session data.
- @param[in] DataSize Total size of session data.
-
- @retval EFI_SUCCESS The TLS session data is set successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- Data is NULL.
- DataSize is 0.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_ACCESS_DENIED If the DataType is one of below:
- EfiTlsClientRandom
- EfiTlsServerRandom
- EfiTlsKeyMaterial
- @retval EFI_NOT_READY Current TLS session state is NOT
- EfiTlsSessionStateNotStarted.
- @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
-**/
-EFI_STATUS
-EFIAPI
-TlsSetSessionData (
- IN EFI_TLS_PROTOCOL *This,
- IN EFI_TLS_SESSION_DATA_TYPE DataType,
- IN VOID *Data,
- IN UINTN DataSize
- )
-{
- EFI_STATUS Status;
- TLS_INSTANCE *Instance;
- UINT16 *CipherId;
- UINTN Index;
-
- EFI_TPL OldTpl;
-
- Status = EFI_SUCCESS;
- CipherId = NULL;
-
- if (This == NULL || Data == NULL || DataSize == 0) {
- return EFI_INVALID_PARAMETER;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
-
- if (DataType != EfiTlsSessionState && Instance->TlsSessionState != EfiTlsSessionNotStarted){
- Status = EFI_NOT_READY;
- goto ON_EXIT;
- }
-
- switch (DataType) {
- //
- // Session Configuration
- //
- case EfiTlsVersion:
- if (DataSize != sizeof (EFI_TLS_VERSION)) {
- Status = EFI_INVALID_PARAMETER;
- goto ON_EXIT;
- }
-
- Status = TlsSetVersion (Instance->TlsConn, ((EFI_TLS_VERSION *) Data)->Major, ((EFI_TLS_VERSION *) Data)->Minor);
- break;
- case EfiTlsConnectionEnd:
- if (DataSize != sizeof (EFI_TLS_CONNECTION_END)) {
- Status = EFI_INVALID_PARAMETER;
- goto ON_EXIT;
- }
-
- Status = TlsSetConnectionEnd (Instance->TlsConn, *((EFI_TLS_CONNECTION_END *) Data));
- break;
- case EfiTlsCipherList:
- CipherId = AllocatePool (DataSize);
- if (CipherId == NULL) {
- Status = EFI_OUT_OF_RESOURCES;
- goto ON_EXIT;
- }
-
- for (Index = 0; Index < DataSize / sizeof (EFI_TLS_CIPHER); Index++) {
- *(CipherId +Index) = HTONS (*(((UINT16 *) Data) + Index));
- }
-
- Status = TlsSetCipherList (Instance->TlsConn, CipherId, DataSize / sizeof (EFI_TLS_CIPHER));
-
- FreePool (CipherId);
- break;
- case EfiTlsCompressionMethod:
- //
- // TLS seems only define one CompressionMethod.null, which specifies that data exchanged via the
- // record protocol will not be compressed.
- // More information from OpenSSL: http://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compression_method.html
- // The TLS RFC does however not specify compression methods or their corresponding identifiers,
- // so there is currently no compatible way to integrate compression with unknown peers.
- // It is therefore currently not recommended to integrate compression into applications.
- // Applications for non-public use may agree on certain compression methods.
- // Using different compression methods with the same identifier will lead to connection failure.
- //
- for (Index = 0; Index < DataSize / sizeof (EFI_TLS_COMPRESSION); Index++) {
- Status = TlsSetCompressionMethod (*((UINT8 *) Data + Index));
- if (EFI_ERROR (Status)) {
- break;
- }
- }
-
- break;
- case EfiTlsExtensionData:
- Status = EFI_UNSUPPORTED;
- goto ON_EXIT;
- case EfiTlsVerifyMethod:
- if (DataSize != sizeof (EFI_TLS_VERIFY)) {
- Status = EFI_INVALID_PARAMETER;
- goto ON_EXIT;
- }
-
- TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));
- break;
- case EfiTlsSessionID:
- if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {
- Status = EFI_INVALID_PARAMETER;
- goto ON_EXIT;
- }
-
- Status = TlsSetSessionId (
- Instance->TlsConn,
- ((EFI_TLS_SESSION_ID *) Data)->Data,
- ((EFI_TLS_SESSION_ID *) Data)->Length
- );
- break;
- case EfiTlsSessionState:
- if (DataSize != sizeof (EFI_TLS_SESSION_STATE)) {
- Status = EFI_INVALID_PARAMETER;
- goto ON_EXIT;
- }
-
- Instance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) Data;
- break;
- //
- // Session information
- //
- case EfiTlsClientRandom:
- Status = EFI_ACCESS_DENIED;
- break;
- case EfiTlsServerRandom:
- Status = EFI_ACCESS_DENIED;
- break;
- case EfiTlsKeyMaterial:
- Status = EFI_ACCESS_DENIED;
- break;
- //
- // Unsupported type.
- //
- default:
- Status = EFI_UNSUPPORTED;
- }
-
-ON_EXIT:
- gBS->RestoreTPL (OldTpl);
- return Status;
-}
-
-/**
- Get TLS session data.
-
- The GetSessionData() function return the TLS session information.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] DataType TLS session data type.
- @param[in, out] Data Pointer to session data.
- @param[in, out] DataSize Total size of session data. On input, it means
- the size of Data buffer. On output, it means the size
- of copied Data buffer if EFI_SUCCESS, and means the
- size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
-
- @retval EFI_SUCCESS The TLS session data is got successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- DataSize is NULL.
- Data is NULL if *DataSize is not zero.
- @retval EFI_UNSUPPORTED The DataType is unsupported.
- @retval EFI_NOT_FOUND The TLS session data is not found.
- @retval EFI_NOT_READY The DataType is not ready in current session state.
- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
-**/
-EFI_STATUS
-EFIAPI
-TlsGetSessionData (
- IN EFI_TLS_PROTOCOL *This,
- IN EFI_TLS_SESSION_DATA_TYPE DataType,
- IN OUT VOID *Data, OPTIONAL
- IN OUT UINTN *DataSize
- )
-{
- EFI_STATUS Status;
- TLS_INSTANCE *Instance;
-
- EFI_TPL OldTpl;
-
- Status = EFI_SUCCESS;
-
- if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {
- return EFI_INVALID_PARAMETER;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
-
- if (Instance->TlsSessionState == EfiTlsSessionNotStarted &&
- (DataType == EfiTlsSessionID || DataType == EfiTlsClientRandom ||
- DataType == EfiTlsServerRandom || DataType == EfiTlsKeyMaterial)) {
- Status = EFI_NOT_READY;
- goto ON_EXIT;
- }
-
- switch (DataType) {
- case EfiTlsVersion:
- if (*DataSize < sizeof (EFI_TLS_VERSION)) {
- *DataSize = sizeof (EFI_TLS_VERSION);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_VERSION);
- *((UINT16 *) Data) = HTONS (TlsGetVersion (Instance->TlsConn));
- break;
- case EfiTlsConnectionEnd:
- if (*DataSize < sizeof (EFI_TLS_CONNECTION_END)) {
- *DataSize = sizeof (EFI_TLS_CONNECTION_END);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_CONNECTION_END);
- *((UINT8 *) Data) = TlsGetConnectionEnd (Instance->TlsConn);
- break;
- case EfiTlsCipherList:
- //
- // Get the current session cipher suite.
- //
- if (*DataSize < sizeof (EFI_TLS_CIPHER)) {
- *DataSize = sizeof (EFI_TLS_CIPHER);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof(EFI_TLS_CIPHER);
- Status = TlsGetCurrentCipher (Instance->TlsConn, (UINT16 *) Data);
- *((UINT16 *) Data) = HTONS (*((UINT16 *) Data));
- break;
- case EfiTlsCompressionMethod:
- //
- // Get the current session compression method.
- //
- if (*DataSize < sizeof (EFI_TLS_COMPRESSION)) {
- *DataSize = sizeof (EFI_TLS_COMPRESSION);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_COMPRESSION);
- Status = TlsGetCurrentCompressionId (Instance->TlsConn, (UINT8 *) Data);
- break;
- case EfiTlsExtensionData:
- Status = EFI_UNSUPPORTED;
- goto ON_EXIT;
- case EfiTlsVerifyMethod:
- if (*DataSize < sizeof (EFI_TLS_VERIFY)) {
- *DataSize = sizeof (EFI_TLS_VERIFY);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_VERIFY);
- *((UINT32 *) Data) = TlsGetVerify (Instance->TlsConn);
- break;
- case EfiTlsSessionID:
- if (*DataSize < sizeof (EFI_TLS_SESSION_ID)) {
- *DataSize = sizeof (EFI_TLS_SESSION_ID);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_SESSION_ID);
- Status = TlsGetSessionId (
- Instance->TlsConn,
- ((EFI_TLS_SESSION_ID *) Data)->Data,
- &(((EFI_TLS_SESSION_ID *) Data)->Length)
- );
- break;
- case EfiTlsSessionState:
- if (*DataSize < sizeof (EFI_TLS_SESSION_STATE)) {
- *DataSize = sizeof (EFI_TLS_SESSION_STATE);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_SESSION_STATE);
- CopyMem (Data, &Instance->TlsSessionState, *DataSize);
- break;
- case EfiTlsClientRandom:
- if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
- *DataSize = sizeof (EFI_TLS_RANDOM);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_RANDOM);
- TlsGetClientRandom (Instance->TlsConn, (UINT8 *) Data);
- break;
- case EfiTlsServerRandom:
- if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
- *DataSize = sizeof (EFI_TLS_RANDOM);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_RANDOM);
- TlsGetServerRandom (Instance->TlsConn, (UINT8 *) Data);
- break;
- case EfiTlsKeyMaterial:
- if (*DataSize < sizeof (EFI_TLS_MASTER_SECRET)) {
- *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
- Status = EFI_BUFFER_TOO_SMALL;
- goto ON_EXIT;
- }
- *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
- Status = TlsGetKeyMaterial (Instance->TlsConn, (UINT8 *) Data);
- break;
- //
- // Unsupported type.
- //
- default:
- Status = EFI_UNSUPPORTED;
- }
-
-ON_EXIT:
- gBS->RestoreTPL (OldTpl);
- return Status;
-}
-
-/**
- Build response packet according to TLS state machine. This function is only valid for
- alert, handshake and change_cipher_spec content type.
-
- The BuildResponsePacket() function builds TLS response packet in response to the TLS
- request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and
- RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session
- will be initiated and the response packet needs to be ClientHello. If RequestBuffer is
- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS
- session will be closed and response packet needs to be CloseNotify. If RequestBuffer is
- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS
- session has errors and the response packet needs to be Alert message based on error
- type.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL
- means TLS need initiate the TLS session and response
- packet need to be ClientHello.
- @param[in] RequestSize Packet size in bytes for the most recently received TLS
- packet. 0 is only valid when RequestBuffer is NULL.
- @param[out] Buffer Pointer to the buffer to hold the built packet.
- @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
- the buffer size provided by the caller. On output, it
- is the buffer size in fact needed to contain the
- packet.
-
- @retval EFI_SUCCESS The required TLS packet is built successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- RequestBuffer is NULL but RequestSize is NOT 0.
- RequestSize is 0 but RequestBuffer is NOT NULL.
- BufferSize is NULL.
- Buffer is NULL if *BufferSize is not zero.
- @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
- @retval EFI_NOT_READY Current TLS session state is NOT ready to build
- ResponsePacket.
- @retval EFI_ABORTED Something wrong build response packet.
-**/
-EFI_STATUS
-EFIAPI
-TlsBuildResponsePacket (
- IN EFI_TLS_PROTOCOL *This,
- IN UINT8 *RequestBuffer, OPTIONAL
- IN UINTN RequestSize, OPTIONAL
- OUT UINT8 *Buffer, OPTIONAL
- IN OUT UINTN *BufferSize
- )
-{
- EFI_STATUS Status;
- TLS_INSTANCE *Instance;
- EFI_TPL OldTpl;
-
- Status = EFI_SUCCESS;
-
- if ((This == NULL) || (BufferSize == NULL) ||
- (RequestBuffer == NULL && RequestSize != 0) ||
- (RequestBuffer != NULL && RequestSize == 0) ||
- (Buffer == NULL && *BufferSize !=0)) {
- return EFI_INVALID_PARAMETER;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
-
- if(RequestBuffer == NULL && RequestSize == 0) {
- switch (Instance->TlsSessionState) {
- case EfiTlsSessionNotStarted:
- //
- // ClientHello.
- //
- Status = TlsDoHandshake (
- Instance->TlsConn,
- NULL,
- 0,
- Buffer,
- BufferSize
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- //
- // *BufferSize should not be zero when ClientHello.
- //
- if (*BufferSize == 0) {
- Status = EFI_ABORTED;
- goto ON_EXIT;
- }
-
- Instance->TlsSessionState = EfiTlsSessionHandShaking;
-
- break;
- case EfiTlsSessionClosing:
- //
- // TLS session will be closed and response packet needs to be CloseNotify.
- //
- Status = TlsCloseNotify (
- Instance->TlsConn,
- Buffer,
- BufferSize
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- //
- // *BufferSize should not be zero when build CloseNotify message.
- //
- if (*BufferSize == 0) {
- Status = EFI_ABORTED;
- goto ON_EXIT;
- }
-
- break;
- case EfiTlsSessionError:
- //
- // TLS session has errors and the response packet needs to be Alert
- // message based on error type.
- //
- Status = TlsHandleAlert (
- Instance->TlsConn,
- NULL,
- 0,
- Buffer,
- BufferSize
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- break;
- default:
- //
- // Current TLS session state is NOT ready to build ResponsePacket.
- //
- Status = EFI_NOT_READY;
- }
- } else {
- //
- // 1. Received packet may have multiple TLS record messages.
- // 2. One TLS record message may have multiple handshake protocol.
- // 3. Some errors may be happened in handshake.
- // TlsDoHandshake() can handle all of those cases.
- //
- if (TlsInHandshake (Instance->TlsConn)) {
- Status = TlsDoHandshake (
- Instance->TlsConn,
- RequestBuffer,
- RequestSize,
- Buffer,
- BufferSize
- );
- if (EFI_ERROR (Status)) {
- goto ON_EXIT;
- }
-
- if (!TlsInHandshake (Instance->TlsConn)) {
- Instance->TlsSessionState = EfiTlsSessionDataTransferring;
- }
- } else {
- //
- // Must be alert message, Decrypt it and build the ResponsePacket.
- //
- ASSERT (((TLS_RECORD_HEADER *) RequestBuffer)->ContentType == TlsContentTypeAlert);
-
- Status = TlsHandleAlert (
- Instance->TlsConn,
- RequestBuffer,
- RequestSize,
- Buffer,
- BufferSize
- );
- if (EFI_ERROR (Status)) {
- if (Status != EFI_BUFFER_TOO_SMALL) {
- Instance->TlsSessionState = EfiTlsSessionError;
- }
-
- goto ON_EXIT;
- }
- }
- }
-
-ON_EXIT:
- gBS->RestoreTPL (OldTpl);
- return Status;
-}
-
-/**
- Decrypt or encrypt TLS packet during session. This function is only valid after
- session connected and for application_data content type.
-
- The ProcessPacket () function process each inbound or outbound TLS APP packet.
-
- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
- @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take
- responsible to handle the original FragmentTable while
- it may be reallocated in TLS driver. If CryptMode is
- EfiTlsEncrypt, on input these fragments contain the TLS
- header and plain text TLS APP payload; on output these
- fragments contain the TLS header and cipher text TLS
- APP payload. If CryptMode is EfiTlsDecrypt, on input
- these fragments contain the TLS header and cipher text
- TLS APP payload; on output these fragments contain the
- TLS header and plain text TLS APP payload.
- @param[in] FragmentCount Number of fragment.
- @param[in] CryptMode Crypt mode.
-
- @retval EFI_SUCCESS The operation completed successfully.
- @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
- This is NULL.
- FragmentTable is NULL.
- FragmentCount is NULL.
- CryptoMode is invalid.
- @retval EFI_NOT_READY Current TLS session state is NOT
- EfiTlsSessionDataTransferring.
- @retval EFI_ABORTED Something wrong decryption the message. TLS session
- status will become EfiTlsSessionError. The caller need
- call BuildResponsePacket() to generate Error Alert
- message and send it out.
- @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.
-**/
-EFI_STATUS
-EFIAPI
-TlsProcessPacket (
- IN EFI_TLS_PROTOCOL *This,
- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
- IN UINT32 *FragmentCount,
- IN EFI_TLS_CRYPT_MODE CryptMode
- )
-{
- EFI_STATUS Status;
- TLS_INSTANCE *Instance;
-
- EFI_TPL OldTpl;
-
- Status = EFI_SUCCESS;
-
- if (This == NULL || FragmentTable == NULL || FragmentCount == NULL) {
- return EFI_INVALID_PARAMETER;
- }
-
- OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-
- Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
-
- if (Instance->TlsSessionState != EfiTlsSessionDataTransferring) {
- Status = EFI_NOT_READY;
- goto ON_EXIT;
- }
-
- //
- // Packet sent or received may have multiple TLS record messages (Application data type).
- // So,on input these fragments contain the TLS header and TLS APP payload;
- // on output these fragments also contain the TLS header and TLS APP payload.
- //
- switch (CryptMode) {
- case EfiTlsEncrypt:
- Status = TlsEncryptPacket (Instance, FragmentTable, FragmentCount);
- break;
- case EfiTlsDecrypt:
- Status = TlsDecryptPacket (Instance, FragmentTable, FragmentCount);
- break;
- default:
- return EFI_INVALID_PARAMETER;
- }
-
-ON_EXIT:
- gBS->RestoreTPL (OldTpl);
- return Status;
-}
+/** @file
+ Implementation of EFI TLS Protocol Interfaces.
+
+ Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+
+ This program and the accompanying materials
+ are licensed and made available under the terms and conditions of the BSD License
+ which accompanies this distribution. The full text of the license may be found at
+ http://opensource.org/licenses/bsd-license.php.
+
+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "TlsImpl.h"
+
+EFI_TLS_PROTOCOL mTlsProtocol = {
+ TlsSetSessionData,
+ TlsGetSessionData,
+ TlsBuildResponsePacket,
+ TlsProcessPacket
+};
+
+/**
+ Set TLS session data.
+
+ The SetSessionData() function set data for a new TLS session. All session data should
+ be set before BuildResponsePacket() invoked.
+
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[in] DataType TLS session data type.
+ @param[in] Data Pointer to session data.
+ @param[in] DataSize Total size of session data.
+
+ @retval EFI_SUCCESS The TLS session data is set successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ Data is NULL.
+ DataSize is 0.
+ @retval EFI_UNSUPPORTED The DataType is unsupported.
+ @retval EFI_ACCESS_DENIED If the DataType is one of below:
+ EfiTlsClientRandom
+ EfiTlsServerRandom
+ EfiTlsKeyMaterial
+ @retval EFI_NOT_READY Current TLS session state is NOT
+ EfiTlsSessionStateNotStarted.
+ @retval EFI_OUT_OF_RESOURCES Required system resources could not be allocated.
+**/
+EFI_STATUS
+EFIAPI
+TlsSetSessionData (
+ IN EFI_TLS_PROTOCOL *This,
+ IN EFI_TLS_SESSION_DATA_TYPE DataType,
+ IN VOID *Data,
+ IN UINTN DataSize
+ )
+{
+ EFI_STATUS Status;
+ TLS_INSTANCE *Instance;
+ UINT16 *CipherId;
+ UINTN Index;
+
+ EFI_TPL OldTpl;
+
+ Status = EFI_SUCCESS;
+ CipherId = NULL;
+
+ if (This == NULL || Data == NULL || DataSize == 0) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
+
+ Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
+
+ if (DataType != EfiTlsSessionState && Instance->TlsSessionState != EfiTlsSessionNotStarted){
+ Status = EFI_NOT_READY;
+ goto ON_EXIT;
+ }
+
+ switch (DataType) {
+ //
+ // Session Configuration
+ //
+ case EfiTlsVersion:
+ if (DataSize != sizeof (EFI_TLS_VERSION)) {
+ Status = EFI_INVALID_PARAMETER;
+ goto ON_EXIT;
+ }
+
+ Status = TlsSetVersion (Instance->TlsConn, ((EFI_TLS_VERSION *) Data)->Major, ((EFI_TLS_VERSION *) Data)->Minor);
+ break;
+ case EfiTlsConnectionEnd:
+ if (DataSize != sizeof (EFI_TLS_CONNECTION_END)) {
+ Status = EFI_INVALID_PARAMETER;
+ goto ON_EXIT;
+ }
+
+ Status = TlsSetConnectionEnd (Instance->TlsConn, *((EFI_TLS_CONNECTION_END *) Data));
+ break;
+ case EfiTlsCipherList:
+ CipherId = AllocatePool (DataSize);
+ if (CipherId == NULL) {
+ Status = EFI_OUT_OF_RESOURCES;
+ goto ON_EXIT;
+ }
+
+ for (Index = 0; Index < DataSize / sizeof (EFI_TLS_CIPHER); Index++) {
+ *(CipherId +Index) = HTONS (*(((UINT16 *) Data) + Index));
+ }
+
+ Status = TlsSetCipherList (Instance->TlsConn, CipherId, DataSize / sizeof (EFI_TLS_CIPHER));
+
+ FreePool (CipherId);
+ break;
+ case EfiTlsCompressionMethod:
+ //
+ // TLS seems only define one CompressionMethod.null, which specifies that data exchanged via the
+ // record protocol will not be compressed.
+ // More information from OpenSSL: http://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compression_method.html
+ // The TLS RFC does however not specify compression methods or their corresponding identifiers,
+ // so there is currently no compatible way to integrate compression with unknown peers.
+ // It is therefore currently not recommended to integrate compression into applications.
+ // Applications for non-public use may agree on certain compression methods.
+ // Using different compression methods with the same identifier will lead to connection failure.
+ //
+ for (Index = 0; Index < DataSize / sizeof (EFI_TLS_COMPRESSION); Index++) {
+ Status = TlsSetCompressionMethod (*((UINT8 *) Data + Index));
+ if (EFI_ERROR (Status)) {
+ break;
+ }
+ }
+
+ break;
+ case EfiTlsExtensionData:
+ Status = EFI_UNSUPPORTED;
+ goto ON_EXIT;
+ case EfiTlsVerifyMethod:
+ if (DataSize != sizeof (EFI_TLS_VERIFY)) {
+ Status = EFI_INVALID_PARAMETER;
+ goto ON_EXIT;
+ }
+
+ TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));
+ break;
+ case EfiTlsSessionID:
+ if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {
+ Status = EFI_INVALID_PARAMETER;
+ goto ON_EXIT;
+ }
+
+ Status = TlsSetSessionId (
+ Instance->TlsConn,
+ ((EFI_TLS_SESSION_ID *) Data)->Data,
+ ((EFI_TLS_SESSION_ID *) Data)->Length
+ );
+ break;
+ case EfiTlsSessionState:
+ if (DataSize != sizeof (EFI_TLS_SESSION_STATE)) {
+ Status = EFI_INVALID_PARAMETER;
+ goto ON_EXIT;
+ }
+
+ Instance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) Data;
+ break;
+ //
+ // Session information
+ //
+ case EfiTlsClientRandom:
+ Status = EFI_ACCESS_DENIED;
+ break;
+ case EfiTlsServerRandom:
+ Status = EFI_ACCESS_DENIED;
+ break;
+ case EfiTlsKeyMaterial:
+ Status = EFI_ACCESS_DENIED;
+ break;
+ //
+ // Unsupported type.
+ //
+ default:
+ Status = EFI_UNSUPPORTED;
+ }
+
+ON_EXIT:
+ gBS->RestoreTPL (OldTpl);
+ return Status;
+}
+
+/**
+ Get TLS session data.
+
+ The GetSessionData() function return the TLS session information.
+
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[in] DataType TLS session data type.
+ @param[in, out] Data Pointer to session data.
+ @param[in, out] DataSize Total size of session data. On input, it means
+ the size of Data buffer. On output, it means the size
+ of copied Data buffer if EFI_SUCCESS, and means the
+ size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
+
+ @retval EFI_SUCCESS The TLS session data is got successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ DataSize is NULL.
+ Data is NULL if *DataSize is not zero.
+ @retval EFI_UNSUPPORTED The DataType is unsupported.
+ @retval EFI_NOT_FOUND The TLS session data is not found.
+ @retval EFI_NOT_READY The DataType is not ready in current session state.
+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
+**/
+EFI_STATUS
+EFIAPI
+TlsGetSessionData (
+ IN EFI_TLS_PROTOCOL *This,
+ IN EFI_TLS_SESSION_DATA_TYPE DataType,
+ IN OUT VOID *Data, OPTIONAL
+ IN OUT UINTN *DataSize
+ )
+{
+ EFI_STATUS Status;
+ TLS_INSTANCE *Instance;
+
+ EFI_TPL OldTpl;
+
+ Status = EFI_SUCCESS;
+
+ if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
+
+ Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
+
+ if (Instance->TlsSessionState == EfiTlsSessionNotStarted &&
+ (DataType == EfiTlsSessionID || DataType == EfiTlsClientRandom ||
+ DataType == EfiTlsServerRandom || DataType == EfiTlsKeyMaterial)) {
+ Status = EFI_NOT_READY;
+ goto ON_EXIT;
+ }
+
+ switch (DataType) {
+ case EfiTlsVersion:
+ if (*DataSize < sizeof (EFI_TLS_VERSION)) {
+ *DataSize = sizeof (EFI_TLS_VERSION);
+ Status = EFI_BUFFER_TOO_SMALL;
+ goto ON_EXIT;
+ }
+ *DataSize = sizeof (EFI_TLS_VERSION);
+ *((UINT16 *) Data) = HTONS (TlsGetVersion (Instance->TlsConn));
+ break;
+ case EfiTlsConnectionEnd:
+ if (*DataSize < sizeof (EFI_TLS_CONNECTION_END)) {
+ *DataSize = sizeof (EFI_TLS_CONNECTION_END);
+ Status = EFI_BUFFER_TOO_SMALL;
+ goto ON_EXIT;
+ }
+ *DataSize = sizeof (EFI_TLS_CONNECTION_END);
+ *((UINT8 *) Data) = TlsGetConnectionEnd (Instance->TlsConn);
+ break;
+ case EfiTlsCipherList:
+ //
+ // Get the current session cipher suite.
+ //
+ if (*DataSize < sizeof (EFI_TLS_CIPHER)) {
+ *DataSize = sizeof (EFI_TLS_CIPHER);
+ Status = EFI_BUFFER_TOO_SMALL;
+ goto ON_EXIT;
+ }
+ *DataSize = sizeof(EFI_TLS_CIPHER);
+ Status = TlsGetCurrentCipher (Instance->TlsConn, (UINT16 *) Data);
+ *((UINT16 *) Data) = HTONS (*((UINT16 *) Data));
+ break;
+ case EfiTlsCompressionMethod:
+ //
+ // Get the current session compression method.
+ //
+ if (*DataSize < sizeof (EFI_TLS_COMPRESSION)) {
+ *DataSize = sizeof (EFI_TLS_COMPRESSION);
+ Status = EFI_BUFFER_TOO_SMALL;
+ goto ON_EXIT;
+ }
+ *DataSize = sizeof (EFI_TLS_COMPRESSION);
+ Status = TlsGetCurrentCompressionId (Instance->TlsConn, (UINT8 *) Data);
+ break;
+ case EfiTlsExtensionData:
+ Status = EFI_UNSUPPORTED;
+ goto ON_EXIT;
+ case EfiTlsVerifyMethod:
+ if (*DataSize < sizeof (EFI_TLS_VERIFY)) {
+ *DataSize = sizeof (EFI_TLS_VERIFY);
+ Status = EFI_BUFFER_TOO_SMALL;
+ goto ON_EXIT;
+ }
+ *DataSize = sizeof (EFI_TLS_VERIFY);
+ *((UINT32 *) Data) = TlsGetVerify (Instance->TlsConn);
+ break;
+ case EfiTlsSessionID:
+ if (*DataSize < sizeof (EFI_TLS_SESSION_ID)) {
+ *DataSize = sizeof (EFI_TLS_SESSION_ID);
+ Status = EFI_BUFFER_TOO_SMALL;
+ goto ON_EXIT;
+ }
+ *DataSize = sizeof (EFI_TLS_SESSION_ID);
+ Status = TlsGetSessionId (
+ Instance->TlsConn,
+ ((EFI_TLS_SESSION_ID *) Data)->Data,
+ &(((EFI_TLS_SESSION_ID *) Data)->Length)
+ );
+ break;
+ case EfiTlsSessionState:
+ if (*DataSize < sizeof (EFI_TLS_SESSION_STATE)) {
+ *DataSize = sizeof (EFI_TLS_SESSION_STATE);
+ Status = EFI_BUFFER_TOO_SMALL;
+ goto ON_EXIT;
+ }
+ *DataSize = sizeof (EFI_TLS_SESSION_STATE);
+ CopyMem (Data, &Instance->TlsSessionState, *DataSize);
+ break;
+ case EfiTlsClientRandom:
+ if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
+ *DataSize = sizeof (EFI_TLS_RANDOM);
+ Status = EFI_BUFFER_TOO_SMALL;
+ goto ON_EXIT;
+ }
+ *DataSize = sizeof (EFI_TLS_RANDOM);
+ TlsGetClientRandom (Instance->TlsConn, (UINT8 *) Data);
+ break;
+ case EfiTlsServerRandom:
+ if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
+ *DataSize = sizeof (EFI_TLS_RANDOM);
+ Status = EFI_BUFFER_TOO_SMALL;
+ goto ON_EXIT;
+ }
+ *DataSize = sizeof (EFI_TLS_RANDOM);
+ TlsGetServerRandom (Instance->TlsConn, (UINT8 *) Data);
+ break;
+ case EfiTlsKeyMaterial:
+ if (*DataSize < sizeof (EFI_TLS_MASTER_SECRET)) {
+ *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
+ Status = EFI_BUFFER_TOO_SMALL;
+ goto ON_EXIT;
+ }
+ *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
+ Status = TlsGetKeyMaterial (Instance->TlsConn, (UINT8 *) Data);
+ break;
+ //
+ // Unsupported type.
+ //
+ default:
+ Status = EFI_UNSUPPORTED;
+ }
+
+ON_EXIT:
+ gBS->RestoreTPL (OldTpl);
+ return Status;
+}
+
+/**
+ Build response packet according to TLS state machine. This function is only valid for
+ alert, handshake and change_cipher_spec content type.
+
+ The BuildResponsePacket() function builds TLS response packet in response to the TLS
+ request packet specified by RequestBuffer and RequestSize. If RequestBuffer is NULL and
+ RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS session
+ will be initiated and the response packet needs to be ClientHello. If RequestBuffer is
+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the TLS
+ session will be closed and response packet needs to be CloseNotify. If RequestBuffer is
+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the TLS
+ session has errors and the response packet needs to be Alert message based on error
+ type.
+
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[in] RequestBuffer Pointer to the most recently received TLS packet. NULL
+ means TLS need initiate the TLS session and response
+ packet need to be ClientHello.
+ @param[in] RequestSize Packet size in bytes for the most recently received TLS
+ packet. 0 is only valid when RequestBuffer is NULL.
+ @param[out] Buffer Pointer to the buffer to hold the built packet.
+ @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
+ the buffer size provided by the caller. On output, it
+ is the buffer size in fact needed to contain the
+ packet.
+
+ @retval EFI_SUCCESS The required TLS packet is built successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ RequestBuffer is NULL but RequestSize is NOT 0.
+ RequestSize is 0 but RequestBuffer is NOT NULL.
+ BufferSize is NULL.
+ Buffer is NULL if *BufferSize is not zero.
+ @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
+ @retval EFI_NOT_READY Current TLS session state is NOT ready to build
+ ResponsePacket.
+ @retval EFI_ABORTED Something wrong build response packet.
+**/
+EFI_STATUS
+EFIAPI
+TlsBuildResponsePacket (
+ IN EFI_TLS_PROTOCOL *This,
+ IN UINT8 *RequestBuffer, OPTIONAL
+ IN UINTN RequestSize, OPTIONAL
+ OUT UINT8 *Buffer, OPTIONAL
+ IN OUT UINTN *BufferSize
+ )
+{
+ EFI_STATUS Status;
+ TLS_INSTANCE *Instance;
+ EFI_TPL OldTpl;
+
+ Status = EFI_SUCCESS;
+
+ if ((This == NULL) || (BufferSize == NULL) ||
+ (RequestBuffer == NULL && RequestSize != 0) ||
+ (RequestBuffer != NULL && RequestSize == 0) ||
+ (Buffer == NULL && *BufferSize !=0)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
+
+ Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
+
+ if(RequestBuffer == NULL && RequestSize == 0) {
+ switch (Instance->TlsSessionState) {
+ case EfiTlsSessionNotStarted:
+ //
+ // ClientHello.
+ //
+ Status = TlsDoHandshake (
+ Instance->TlsConn,
+ NULL,
+ 0,
+ Buffer,
+ BufferSize
+ );
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ //
+ // *BufferSize should not be zero when ClientHello.
+ //
+ if (*BufferSize == 0) {
+ Status = EFI_ABORTED;
+ goto ON_EXIT;
+ }
+
+ Instance->TlsSessionState = EfiTlsSessionHandShaking;
+
+ break;
+ case EfiTlsSessionClosing:
+ //
+ // TLS session will be closed and response packet needs to be CloseNotify.
+ //
+ Status = TlsCloseNotify (
+ Instance->TlsConn,
+ Buffer,
+ BufferSize
+ );
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ //
+ // *BufferSize should not be zero when build CloseNotify message.
+ //
+ if (*BufferSize == 0) {
+ Status = EFI_ABORTED;
+ goto ON_EXIT;
+ }
+
+ break;
+ case EfiTlsSessionError:
+ //
+ // TLS session has errors and the response packet needs to be Alert
+ // message based on error type.
+ //
+ Status = TlsHandleAlert (
+ Instance->TlsConn,
+ NULL,
+ 0,
+ Buffer,
+ BufferSize
+ );
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ break;
+ default:
+ //
+ // Current TLS session state is NOT ready to build ResponsePacket.
+ //
+ Status = EFI_NOT_READY;
+ }
+ } else {
+ //
+ // 1. Received packet may have multiple TLS record messages.
+ // 2. One TLS record message may have multiple handshake protocol.
+ // 3. Some errors may be happened in handshake.
+ // TlsDoHandshake() can handle all of those cases.
+ //
+ if (TlsInHandshake (Instance->TlsConn)) {
+ Status = TlsDoHandshake (
+ Instance->TlsConn,
+ RequestBuffer,
+ RequestSize,
+ Buffer,
+ BufferSize
+ );
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ if (!TlsInHandshake (Instance->TlsConn)) {
+ Instance->TlsSessionState = EfiTlsSessionDataTransferring;
+ }
+ } else {
+ //
+ // Must be alert message, Decrypt it and build the ResponsePacket.
+ //
+ ASSERT (((TLS_RECORD_HEADER *) RequestBuffer)->ContentType == TlsContentTypeAlert);
+
+ Status = TlsHandleAlert (
+ Instance->TlsConn,
+ RequestBuffer,
+ RequestSize,
+ Buffer,
+ BufferSize
+ );
+ if (EFI_ERROR (Status)) {
+ if (Status != EFI_BUFFER_TOO_SMALL) {
+ Instance->TlsSessionState = EfiTlsSessionError;
+ }
+
+ goto ON_EXIT;
+ }
+ }
+ }
+
+ON_EXIT:
+ gBS->RestoreTPL (OldTpl);
+ return Status;
+}
+
+/**
+ Decrypt or encrypt TLS packet during session. This function is only valid after
+ session connected and for application_data content type.
+
+ The ProcessPacket () function process each inbound or outbound TLS APP packet.
+
+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
+ @param[in, out] FragmentTable Pointer to a list of fragment. The caller will take
+ responsible to handle the original FragmentTable while
+ it may be reallocated in TLS driver. If CryptMode is
+ EfiTlsEncrypt, on input these fragments contain the TLS
+ header and plain text TLS APP payload; on output these
+ fragments contain the TLS header and cipher text TLS
+ APP payload. If CryptMode is EfiTlsDecrypt, on input
+ these fragments contain the TLS header and cipher text
+ TLS APP payload; on output these fragments contain the
+ TLS header and plain text TLS APP payload.
+ @param[in] FragmentCount Number of fragment.
+ @param[in] CryptMode Crypt mode.
+
+ @retval EFI_SUCCESS The operation completed successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
+ This is NULL.
+ FragmentTable is NULL.
+ FragmentCount is NULL.
+ CryptoMode is invalid.
+ @retval EFI_NOT_READY Current TLS session state is NOT
+ EfiTlsSessionDataTransferring.
+ @retval EFI_ABORTED Something wrong decryption the message. TLS session
+ status will become EfiTlsSessionError. The caller need
+ call BuildResponsePacket() to generate Error Alert
+ message and send it out.
+ @retval EFI_OUT_OF_RESOURCES No enough resource to finish the operation.
+**/
+EFI_STATUS
+EFIAPI
+TlsProcessPacket (
+ IN EFI_TLS_PROTOCOL *This,
+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
+ IN UINT32 *FragmentCount,
+ IN EFI_TLS_CRYPT_MODE CryptMode
+ )
+{
+ EFI_STATUS Status;
+ TLS_INSTANCE *Instance;
+
+ EFI_TPL OldTpl;
+
+ Status = EFI_SUCCESS;
+
+ if (This == NULL || FragmentTable == NULL || FragmentCount == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
+
+ Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
+
+ if (Instance->TlsSessionState != EfiTlsSessionDataTransferring) {
+ Status = EFI_NOT_READY;
+ goto ON_EXIT;
+ }
+
+ //
+ // Packet sent or received may have multiple TLS record messages (Application data type).
+ // So,on input these fragments contain the TLS header and TLS APP payload;
+ // on output these fragments also contain the TLS header and TLS APP payload.
+ //
+ switch (CryptMode) {
+ case EfiTlsEncrypt:
+ Status = TlsEncryptPacket (Instance, FragmentTable, FragmentCount);
+ break;
+ case EfiTlsDecrypt:
+ Status = TlsDecryptPacket (Instance, FragmentTable, FragmentCount);
+ break;
+ default:
+ return EFI_INVALID_PARAMETER;
+ }
+
+ON_EXIT:
+ gBS->RestoreTPL (OldTpl);
+ return Status;
+}
+
--
2.12.0.windows.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH 1/6] CryptoPkg: Convert files to CRLF line ending
2017-04-06 2:25 ` [PATCH 1/6] CryptoPkg: " Hao Wu
@ 2017-04-06 2:56 ` Long, Qin
0 siblings, 0 replies; 13+ messages in thread
From: Long, Qin @ 2017-04-06 2:56 UTC (permalink / raw)
To: Wu, Hao A, edk2-devel@lists.01.org; +Cc: Ye, Ting
Reviewed-by: Long Qin <qin.long@intel.com>
Best Regards & Thanks,
LONG, Qin
> -----Original Message-----
> From: Wu, Hao A
> Sent: Thursday, April 06, 2017 10:25 AM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A; Long, Qin; Ye, Ting
> Subject: [PATCH 1/6] CryptoPkg: Convert files to CRLF line ending
>
> Cc: Qin Long <qin.long@intel.com>
> Cc: Ting Ye <ting.ye@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Hao Wu <hao.a.wu@intel.com>
> ---
> CryptoPkg/Include/Library/TlsLib.h | 1575 +++++++--------
> CryptoPkg/Library/OpensslLib/process_files.pl | 447 +++--
> CryptoPkg/Library/TlsLib/InternalTlsLib.h | 85 +-
> CryptoPkg/Library/TlsLib/TlsConfig.c | 2119 ++++++++++----------
> CryptoPkg/Library/TlsLib/TlsInit.c | 537 ++---
> CryptoPkg/Library/TlsLib/TlsLib.inf | 113 +-
> CryptoPkg/Library/TlsLib/TlsLib.uni | 38 +-
> CryptoPkg/Library/TlsLib/TlsProcess.c | 925 ++++-----
> 8 files changed, 2923 insertions(+), 2916 deletions(-)
>
> diff --git a/CryptoPkg/Include/Library/TlsLib.h
> b/CryptoPkg/Include/Library/TlsLib.h
> index 45564f159e..fa6cb99d78 100644
> --- a/CryptoPkg/Include/Library/TlsLib.h
> +++ b/CryptoPkg/Include/Library/TlsLib.h
> @@ -1,787 +1,788 @@
> -/** @file
> - Defines TLS Library APIs.
> -
> -Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -This program and the accompanying materials
> -are licensed and made available under the terms and conditions of the BSD
> License
> -which accompanies this distribution. The full text of the license may be
> found at
> -http://opensource.org/licenses/bsd-license.php
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#ifndef __TLS_LIB_H__
> -#define __TLS_LIB_H__
> -
> -/**
> - Initializes the OpenSSL library.
> -
> - This function registers ciphers and digests used directly and indirectly
> - by SSL/TLS, and initializes the readable error messages.
> - This function must be called before any other action takes places.
> -
> -**/
> -VOID
> -EFIAPI
> -TlsInitialize (
> - VOID
> - );
> -
> -/**
> - Free an allocated SSL_CTX object.
> -
> - @param[in] TlsCtx Pointer to the SSL_CTX object to be released.
> -
> -**/
> -VOID
> -EFIAPI
> -TlsCtxFree (
> - IN VOID *TlsCtx
> - );
> -
> -/**
> - Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
> - connections.
> -
> - @param[in] MajorVer Major Version of TLS/SSL Protocol.
> - @param[in] MinorVer Minor Version of TLS/SSL Protocol.
> -
> - @return Pointer to an allocated SSL_CTX object.
> - If the creation failed, TlsCtxNew() returns NULL.
> -
> -**/
> -VOID *
> -EFIAPI
> -TlsCtxNew (
> - IN UINT8 MajorVer,
> - IN UINT8 MinorVer
> - );
> -
> -/**
> - Free an allocated TLS object.
> -
> - This function removes the TLS object pointed to by Tls and frees up the
> - allocated memory. If Tls is NULL, nothing is done.
> -
> - @param[in] Tls Pointer to the TLS object to be freed.
> -
> -**/
> -VOID
> -EFIAPI
> -TlsFree (
> - IN VOID *Tls
> - );
> -
> -/**
> - Create a new TLS object for a connection.
> -
> - This function creates a new TLS object for a connection. The new object
> - inherits the setting of the underlying context TlsCtx: connection method,
> - options, verification setting.
> -
> - @param[in] TlsCtx Pointer to the SSL_CTX object.
> -
> - @return Pointer to an allocated SSL object.
> - If the creation failed, TlsNew() returns NULL.
> -
> -**/
> -VOID *
> -EFIAPI
> -TlsNew (
> - IN VOID *TlsCtx
> - );
> -
> -/**
> - Checks if the TLS handshake was done.
> -
> - This function will check if the specified TLS handshake was done.
> -
> - @param[in] Tls Pointer to the TLS object for handshake state checking.
> -
> - @retval TRUE The TLS handshake was done.
> - @retval FALSE The TLS handshake was not done.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -TlsInHandshake (
> - IN VOID *Tls
> - );
> -
> -/**
> - Perform a TLS/SSL handshake.
> -
> - This function will perform a TLS/SSL handshake.
> -
> - @param[in] Tls Pointer to the TLS object for handshake operation.
> - @param[in] BufferIn Pointer to the most recently received TLS
> Handshake packet.
> - @param[in] BufferInSize Packet size in bytes for the most recently
> received TLS
> - Handshake packet.
> - @param[out] BufferOut Pointer to the buffer to hold the built packet.
> - @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On
> input, it is
> - the buffer size provided by the caller. On output, it
> - is the buffer size in fact needed to contain the
> - packet.
> -
> - @retval EFI_SUCCESS The required TLS packet is built successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - Tls is NULL.
> - BufferIn is NULL but BufferInSize is NOT 0.
> - BufferInSize is 0 but BufferIn is NOT NULL.
> - BufferOutSize is NULL.
> - BufferOut is NULL if *BufferOutSize is not zero.
> - @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the
> response packet.
> - @retval EFI_ABORTED Something wrong during handshake.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsDoHandshake (
> - IN VOID *Tls,
> - IN UINT8 *BufferIn, OPTIONAL
> - IN UINTN BufferInSize, OPTIONAL
> - OUT UINT8 *BufferOut, OPTIONAL
> - IN OUT UINTN *BufferOutSize
> - );
> -
> -/**
> - Handle Alert message recorded in BufferIn. If BufferIn is NULL and
> BufferInSize is zero,
> - TLS session has errors and the response packet needs to be Alert message
> based on error type.
> -
> - @param[in] Tls Pointer to the TLS object for state checking.
> - @param[in] BufferIn Pointer to the most recently received TLS Alert
> packet.
> - @param[in] BufferInSize Packet size in bytes for the most recently
> received TLS
> - Alert packet.
> - @param[out] BufferOut Pointer to the buffer to hold the built packet.
> - @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On
> input, it is
> - the buffer size provided by the caller. On output, it
> - is the buffer size in fact needed to contain the
> - packet.
> -
> - @retval EFI_SUCCESS The required TLS packet is built successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - Tls is NULL.
> - BufferIn is NULL but BufferInSize is NOT 0.
> - BufferInSize is 0 but BufferIn is NOT NULL.
> - BufferOutSize is NULL.
> - BufferOut is NULL if *BufferOutSize is not zero.
> - @retval EFI_ABORTED An error occurred.
> - @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the
> response packet.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsHandleAlert (
> - IN VOID *Tls,
> - IN UINT8 *BufferIn, OPTIONAL
> - IN UINTN BufferInSize, OPTIONAL
> - OUT UINT8 *BufferOut, OPTIONAL
> - IN OUT UINTN *BufferOutSize
> - );
> -
> -/**
> - Build the CloseNotify packet.
> -
> - @param[in] Tls Pointer to the TLS object for state checking.
> - @param[in, out] Buffer Pointer to the buffer to hold the built packet.
> - @param[in, out] BufferSize Pointer to the buffer size in bytes. On input,
> it is
> - the buffer size provided by the caller. On output, it
> - is the buffer size in fact needed to contain the
> - packet.
> -
> - @retval EFI_SUCCESS The required TLS packet is built successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - Tls is NULL.
> - BufferSize is NULL.
> - Buffer is NULL if *BufferSize is not zero.
> - @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the
> response packet.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsCloseNotify (
> - IN VOID *Tls,
> - IN OUT UINT8 *Buffer,
> - IN OUT UINTN *BufferSize
> - );
> -
> -/**
> - Attempts to read bytes from one TLS object and places the data in Buffer.
> -
> - This function will attempt to read BufferSize bytes from the TLS object
> - and places the data in Buffer.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] Buffer Pointer to the buffer to store the data.
> - @param[in] BufferSize The size of Buffer in bytes.
> -
> - @retval >0 The amount of data successfully read from the TLS object.
> - @retval <=0 No data was successfully read.
> -
> -**/
> -INTN
> -EFIAPI
> -TlsCtrlTrafficOut (
> - IN VOID *Tls,
> - IN OUT VOID *Buffer,
> - IN UINTN BufferSize
> - );
> -
> -/**
> - Attempts to write data from the buffer to TLS object.
> -
> - This function will attempt to write BufferSize bytes data from the Buffer
> - to the TLS object.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in] Buffer Pointer to the data buffer.
> - @param[in] BufferSize The size of Buffer in bytes.
> -
> - @retval >0 The amount of data successfully written to the TLS object.
> - @retval <=0 No data was successfully written.
> -
> -**/
> -INTN
> -EFIAPI
> -TlsCtrlTrafficIn (
> - IN VOID *Tls,
> - IN VOID *Buffer,
> - IN UINTN BufferSize
> - );
> -
> -/**
> - Attempts to read bytes from the specified TLS connection into the buffer.
> -
> - This function tries to read BufferSize bytes data from the specified TLS
> - connection into the Buffer.
> -
> - @param[in] Tls Pointer to the TLS connection for data reading.
> - @param[in,out] Buffer Pointer to the data buffer.
> - @param[in] BufferSize The size of Buffer in bytes.
> -
> - @retval >0 The read operation was successful, and return value is the
> - number of bytes actually read from the TLS connection.
> - @retval <=0 The read operation was not successful.
> -
> -**/
> -INTN
> -EFIAPI
> -TlsRead (
> - IN VOID *Tls,
> - IN OUT VOID *Buffer,
> - IN UINTN BufferSize
> - );
> -
> -/**
> - Attempts to write data to a TLS connection.
> -
> - This function tries to write BufferSize bytes data from the Buffer into the
> - specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS connection for data writing.
> - @param[in] Buffer Pointer to the data buffer.
> - @param[in] BufferSize The size of Buffer in bytes.
> -
> - @retval >0 The write operation was successful, and return value is the
> - number of bytes actually written to the TLS connection.
> - @retval <=0 The write operation was not successful.
> -
> -**/
> -INTN
> -EFIAPI
> -TlsWrite (
> - IN VOID *Tls,
> - IN VOID *Buffer,
> - IN UINTN BufferSize
> - );
> -
> -/**
> - Set a new TLS/SSL method for a particular TLS object.
> -
> - This function sets a new TLS/SSL method for a particular TLS object.
> -
> - @param[in] Tls Pointer to a TLS object.
> - @param[in] MajorVer Major Version of TLS/SSL Protocol.
> - @param[in] MinorVer Minor Version of TLS/SSL Protocol.
> -
> - @retval EFI_SUCCESS The TLS/SSL method was set successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetVersion (
> - IN VOID *Tls,
> - IN UINT8 MajorVer,
> - IN UINT8 MinorVer
> - );
> -
> -/**
> - Set TLS object to work in client or server mode.
> -
> - This function prepares a TLS object to work in client or server mode.
> -
> - @param[in] Tls Pointer to a TLS object.
> - @param[in] IsServer Work in server mode.
> -
> - @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetConnectionEnd (
> - IN VOID *Tls,
> - IN BOOLEAN IsServer
> - );
> -
> -/**
> - Set the ciphers list to be used by the TLS object.
> -
> - This function sets the ciphers for use by a specified TLS object.
> -
> - @param[in] Tls Pointer to a TLS object.
> - @param[in] CipherId Pointer to a string that contains one or more
> - ciphers separated by a colon.
> - @param[in] CipherNum The number of cipher in the list.
> -
> - @retval EFI_SUCCESS The ciphers list was set successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED Unsupported TLS cipher in the list.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetCipherList (
> - IN VOID *Tls,
> - IN UINT16 *CipherId,
> - IN UINTN CipherNum
> - );
> -
> -/**
> - Set the compression method for TLS/SSL operations.
> -
> - This function handles TLS/SSL integrated compression methods.
> -
> - @param[in] CompMethod The compression method ID.
> -
> - @retval EFI_SUCCESS The compression method for the communication
> was
> - set successfully.
> - @retval EFI_UNSUPPORTED Unsupported compression method.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetCompressionMethod (
> - IN UINT8 CompMethod
> - );
> -
> -/**
> - Set peer certificate verification mode for the TLS connection.
> -
> - This function sets the verification mode flags for the TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in] VerifyMode A set of logically or'ed verification mode flags.
> -
> -**/
> -VOID
> -EFIAPI
> -TlsSetVerify (
> - IN VOID *Tls,
> - IN UINT32 VerifyMode
> - );
> -
> -/**
> - Sets a TLS/SSL session ID to be used during TLS/SSL connect.
> -
> - This function sets a session ID to be used when the TLS/SSL connection is
> - to be established.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in] SessionId Session ID data used for session resumption.
> - @param[in] SessionIdLen Length of Session ID in bytes.
> -
> - @retval EFI_SUCCESS Session ID was set successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED No available session for ID setting.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetSessionId (
> - IN VOID *Tls,
> - IN UINT8 *SessionId,
> - IN UINT16 SessionIdLen
> - );
> -
> -/**
> - Adds the CA to the cert store when requesting Server or Client
> authentication.
> -
> - This function adds the CA certificate to the list of CAs when requesting
> - Server or Client authentication for the chosen TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in] Data Pointer to the data buffer of a DER-encoded binary
> - X.509 certificate or PEM-encoded X.509 certificate.
> - @param[in] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_OUT_OF_RESOURCES Required resources could not be
> allocated.
> - @retval EFI_ABORTED Invalid X.509 certificate.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetCaCertificate (
> - IN VOID *Tls,
> - IN VOID *Data,
> - IN UINTN DataSize
> - );
> -
> -/**
> - Loads the local public certificate into the specified TLS object.
> -
> - This function loads the X.509 certificate into the specified TLS object
> - for TLS negotiation.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in] Data Pointer to the data buffer of a DER-encoded binary
> - X.509 certificate or PEM-encoded X.509 certificate.
> - @param[in] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_OUT_OF_RESOURCES Required resources could not be
> allocated.
> - @retval EFI_ABORTED Invalid X.509 certificate.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetHostPublicCert (
> - IN VOID *Tls,
> - IN VOID *Data,
> - IN UINTN DataSize
> - );
> -
> -/**
> - Adds the local private key to the specified TLS object.
> -
> - This function adds the local private key (PEM-encoded RSA or PKCS#8
> private
> - key) into the specified TLS object for TLS negotiation.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
> - or PKCS#8 private key.
> - @param[in] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_UNSUPPORTED This function is not supported.
> - @retval EFI_ABORTED Invalid private key data.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetHostPrivateKey (
> - IN VOID *Tls,
> - IN VOID *Data,
> - IN UINTN DataSize
> - );
> -
> -/**
> - Adds the CA-supplied certificate revocation list for certificate validation.
> -
> - This function adds the CA-supplied certificate revocation list data for
> - certificate validity checking.
> -
> - @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
> - @param[in] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_UNSUPPORTED This function is not supported.
> - @retval EFI_ABORTED Invalid CRL data.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetCertRevocationList (
> - IN VOID *Data,
> - IN UINTN DataSize
> - );
> -
> -/**
> - Gets the protocol version used by the specified TLS connection.
> -
> - This function returns the protocol version used by the specified TLS
> - connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> -
> - @return The protocol version of the specified TLS connection.
> -
> -**/
> -UINT16
> -EFIAPI
> -TlsGetVersion (
> - IN VOID *Tls
> - );
> -
> -/**
> - Gets the connection end of the specified TLS connection.
> -
> - This function returns the connection end (as client or as server) used by
> - the specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> -
> - @return The connection end used by the specified TLS connection.
> -
> -**/
> -UINT8
> -EFIAPI
> -TlsGetConnectionEnd (
> - IN VOID *Tls
> - );
> -
> -/**
> - Gets the cipher suite used by the specified TLS connection.
> -
> - This function returns current cipher suite used by the specified
> - TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] CipherId The cipher suite used by the TLS object.
> -
> - @retval EFI_SUCCESS The cipher suite was returned successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED Unsupported cipher suite.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetCurrentCipher (
> - IN VOID *Tls,
> - IN OUT UINT16 *CipherId
> - );
> -
> -/**
> - Gets the compression methods used by the specified TLS connection.
> -
> - This function returns current integrated compression methods used by
> - the specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] CompressionId The current compression method used
> by
> - the TLS object.
> -
> - @retval EFI_SUCCESS The compression method was returned
> successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_ABORTED Invalid Compression method.
> - @retval EFI_UNSUPPORTED This function is not supported.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetCurrentCompressionId (
> - IN VOID *Tls,
> - IN OUT UINT8 *CompressionId
> - );
> -
> -/**
> - Gets the verification mode currently set in the TLS connection.
> -
> - This function returns the peer verification mode currently set in the
> - specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> -
> - @return The verification mode set in the specified TLS connection.
> -
> -**/
> -UINT32
> -EFIAPI
> -TlsGetVerify (
> - IN VOID *Tls
> - );
> -
> -/**
> - Gets the session ID used by the specified TLS connection.
> -
> - This function returns the TLS/SSL session ID currently used by the
> - specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] SessionId Buffer to contain the returned session ID.
> - @param[in,out] SessionIdLen The length of Session ID in bytes.
> -
> - @retval EFI_SUCCESS The Session ID was returned successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetSessionId (
> - IN VOID *Tls,
> - IN OUT UINT8 *SessionId,
> - IN OUT UINT16 *SessionIdLen
> - );
> -
> -/**
> - Gets the client random data used in the specified TLS connection.
> -
> - This function returns the TLS/SSL client random data currently used in
> - the specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] ClientRandom Buffer to contain the returned client
> - random data (32 bytes).
> -
> -**/
> -VOID
> -EFIAPI
> -TlsGetClientRandom (
> - IN VOID *Tls,
> - IN OUT UINT8 *ClientRandom
> - );
> -
> -/**
> - Gets the server random data used in the specified TLS connection.
> -
> - This function returns the TLS/SSL server random data currently used in
> - the specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] ServerRandom Buffer to contain the returned server
> - random data (32 bytes).
> -
> -**/
> -VOID
> -EFIAPI
> -TlsGetServerRandom (
> - IN VOID *Tls,
> - IN OUT UINT8 *ServerRandom
> - );
> -
> -/**
> - Gets the master key data used in the specified TLS connection.
> -
> - This function returns the TLS/SSL master key material currently used in
> - the specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] KeyMaterial Buffer to contain the returned key material.
> -
> - @retval EFI_SUCCESS Key material was returned successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetKeyMaterial (
> - IN VOID *Tls,
> - IN OUT UINT8 *KeyMaterial
> - );
> -
> -/**
> - Gets the CA Certificate from the cert store.
> -
> - This function returns the CA certificate for the chosen
> - TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[out] Data Pointer to the data buffer to receive the CA
> - certificate data sent to the client.
> - @param[in,out] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_UNSUPPORTED This function is not supported.
> - @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetCaCertificate (
> - IN VOID *Tls,
> - OUT VOID *Data,
> - IN OUT UINTN *DataSize
> - );
> -
> -/**
> - Gets the local public Certificate set in the specified TLS object.
> -
> - This function returns the local public certificate which was currently set
> - in the specified TLS object.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[out] Data Pointer to the data buffer to receive the local
> - public certificate.
> - @param[in,out] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_NOT_FOUND The certificate is not found.
> - @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetHostPublicCert (
> - IN VOID *Tls,
> - OUT VOID *Data,
> - IN OUT UINTN *DataSize
> - );
> -
> -/**
> - Gets the local private key set in the specified TLS object.
> -
> - This function returns the local private key data which was currently set
> - in the specified TLS object.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[out] Data Pointer to the data buffer to receive the local
> - private key data.
> - @param[in,out] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_UNSUPPORTED This function is not supported.
> - @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetHostPrivateKey (
> - IN VOID *Tls,
> - OUT VOID *Data,
> - IN OUT UINTN *DataSize
> - );
> -
> -/**
> - Gets the CA-supplied certificate revocation list data set in the specified
> - TLS object.
> -
> - This function returns the CA-supplied certificate revocation list data which
> - was currently set in the specified TLS object.
> -
> - @param[out] Data Pointer to the data buffer to receive the CRL data.
> - @param[in,out] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_UNSUPPORTED This function is not supported.
> - @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetCertRevocationList (
> - OUT VOID *Data,
> - IN OUT UINTN *DataSize
> - );
> -
> -#endif // __TLS_LIB_H__
> +/** @file
> + Defines TLS Library APIs.
> +
> +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution. The full text of the license may be
> found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#ifndef __TLS_LIB_H__
> +#define __TLS_LIB_H__
> +
> +/**
> + Initializes the OpenSSL library.
> +
> + This function registers ciphers and digests used directly and indirectly
> + by SSL/TLS, and initializes the readable error messages.
> + This function must be called before any other action takes places.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsInitialize (
> + VOID
> + );
> +
> +/**
> + Free an allocated SSL_CTX object.
> +
> + @param[in] TlsCtx Pointer to the SSL_CTX object to be released.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsCtxFree (
> + IN VOID *TlsCtx
> + );
> +
> +/**
> + Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
> + connections.
> +
> + @param[in] MajorVer Major Version of TLS/SSL Protocol.
> + @param[in] MinorVer Minor Version of TLS/SSL Protocol.
> +
> + @return Pointer to an allocated SSL_CTX object.
> + If the creation failed, TlsCtxNew() returns NULL.
> +
> +**/
> +VOID *
> +EFIAPI
> +TlsCtxNew (
> + IN UINT8 MajorVer,
> + IN UINT8 MinorVer
> + );
> +
> +/**
> + Free an allocated TLS object.
> +
> + This function removes the TLS object pointed to by Tls and frees up the
> + allocated memory. If Tls is NULL, nothing is done.
> +
> + @param[in] Tls Pointer to the TLS object to be freed.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsFree (
> + IN VOID *Tls
> + );
> +
> +/**
> + Create a new TLS object for a connection.
> +
> + This function creates a new TLS object for a connection. The new object
> + inherits the setting of the underlying context TlsCtx: connection method,
> + options, verification setting.
> +
> + @param[in] TlsCtx Pointer to the SSL_CTX object.
> +
> + @return Pointer to an allocated SSL object.
> + If the creation failed, TlsNew() returns NULL.
> +
> +**/
> +VOID *
> +EFIAPI
> +TlsNew (
> + IN VOID *TlsCtx
> + );
> +
> +/**
> + Checks if the TLS handshake was done.
> +
> + This function will check if the specified TLS handshake was done.
> +
> + @param[in] Tls Pointer to the TLS object for handshake state checking.
> +
> + @retval TRUE The TLS handshake was done.
> + @retval FALSE The TLS handshake was not done.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +TlsInHandshake (
> + IN VOID *Tls
> + );
> +
> +/**
> + Perform a TLS/SSL handshake.
> +
> + This function will perform a TLS/SSL handshake.
> +
> + @param[in] Tls Pointer to the TLS object for handshake operation.
> + @param[in] BufferIn Pointer to the most recently received TLS
> Handshake packet.
> + @param[in] BufferInSize Packet size in bytes for the most recently
> received TLS
> + Handshake packet.
> + @param[out] BufferOut Pointer to the buffer to hold the built packet.
> + @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On
> input, it is
> + the buffer size provided by the caller. On output, it
> + is the buffer size in fact needed to contain the
> + packet.
> +
> + @retval EFI_SUCCESS The required TLS packet is built successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + Tls is NULL.
> + BufferIn is NULL but BufferInSize is NOT 0.
> + BufferInSize is 0 but BufferIn is NOT NULL.
> + BufferOutSize is NULL.
> + BufferOut is NULL if *BufferOutSize is not zero.
> + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the
> response packet.
> + @retval EFI_ABORTED Something wrong during handshake.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsDoHandshake (
> + IN VOID *Tls,
> + IN UINT8 *BufferIn, OPTIONAL
> + IN UINTN BufferInSize, OPTIONAL
> + OUT UINT8 *BufferOut, OPTIONAL
> + IN OUT UINTN *BufferOutSize
> + );
> +
> +/**
> + Handle Alert message recorded in BufferIn. If BufferIn is NULL and
> BufferInSize is zero,
> + TLS session has errors and the response packet needs to be Alert message
> based on error type.
> +
> + @param[in] Tls Pointer to the TLS object for state checking.
> + @param[in] BufferIn Pointer to the most recently received TLS Alert
> packet.
> + @param[in] BufferInSize Packet size in bytes for the most recently
> received TLS
> + Alert packet.
> + @param[out] BufferOut Pointer to the buffer to hold the built packet.
> + @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On
> input, it is
> + the buffer size provided by the caller. On output, it
> + is the buffer size in fact needed to contain the
> + packet.
> +
> + @retval EFI_SUCCESS The required TLS packet is built successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + Tls is NULL.
> + BufferIn is NULL but BufferInSize is NOT 0.
> + BufferInSize is 0 but BufferIn is NOT NULL.
> + BufferOutSize is NULL.
> + BufferOut is NULL if *BufferOutSize is not zero.
> + @retval EFI_ABORTED An error occurred.
> + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the
> response packet.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsHandleAlert (
> + IN VOID *Tls,
> + IN UINT8 *BufferIn, OPTIONAL
> + IN UINTN BufferInSize, OPTIONAL
> + OUT UINT8 *BufferOut, OPTIONAL
> + IN OUT UINTN *BufferOutSize
> + );
> +
> +/**
> + Build the CloseNotify packet.
> +
> + @param[in] Tls Pointer to the TLS object for state checking.
> + @param[in, out] Buffer Pointer to the buffer to hold the built packet.
> + @param[in, out] BufferSize Pointer to the buffer size in bytes. On input,
> it is
> + the buffer size provided by the caller. On output, it
> + is the buffer size in fact needed to contain the
> + packet.
> +
> + @retval EFI_SUCCESS The required TLS packet is built successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + Tls is NULL.
> + BufferSize is NULL.
> + Buffer is NULL if *BufferSize is not zero.
> + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the
> response packet.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsCloseNotify (
> + IN VOID *Tls,
> + IN OUT UINT8 *Buffer,
> + IN OUT UINTN *BufferSize
> + );
> +
> +/**
> + Attempts to read bytes from one TLS object and places the data in Buffer.
> +
> + This function will attempt to read BufferSize bytes from the TLS object
> + and places the data in Buffer.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] Buffer Pointer to the buffer to store the data.
> + @param[in] BufferSize The size of Buffer in bytes.
> +
> + @retval >0 The amount of data successfully read from the TLS object.
> + @retval <=0 No data was successfully read.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsCtrlTrafficOut (
> + IN VOID *Tls,
> + IN OUT VOID *Buffer,
> + IN UINTN BufferSize
> + );
> +
> +/**
> + Attempts to write data from the buffer to TLS object.
> +
> + This function will attempt to write BufferSize bytes data from the Buffer
> + to the TLS object.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] Buffer Pointer to the data buffer.
> + @param[in] BufferSize The size of Buffer in bytes.
> +
> + @retval >0 The amount of data successfully written to the TLS object.
> + @retval <=0 No data was successfully written.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsCtrlTrafficIn (
> + IN VOID *Tls,
> + IN VOID *Buffer,
> + IN UINTN BufferSize
> + );
> +
> +/**
> + Attempts to read bytes from the specified TLS connection into the buffer.
> +
> + This function tries to read BufferSize bytes data from the specified TLS
> + connection into the Buffer.
> +
> + @param[in] Tls Pointer to the TLS connection for data reading.
> + @param[in,out] Buffer Pointer to the data buffer.
> + @param[in] BufferSize The size of Buffer in bytes.
> +
> + @retval >0 The read operation was successful, and return value is the
> + number of bytes actually read from the TLS connection.
> + @retval <=0 The read operation was not successful.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsRead (
> + IN VOID *Tls,
> + IN OUT VOID *Buffer,
> + IN UINTN BufferSize
> + );
> +
> +/**
> + Attempts to write data to a TLS connection.
> +
> + This function tries to write BufferSize bytes data from the Buffer into the
> + specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS connection for data writing.
> + @param[in] Buffer Pointer to the data buffer.
> + @param[in] BufferSize The size of Buffer in bytes.
> +
> + @retval >0 The write operation was successful, and return value is the
> + number of bytes actually written to the TLS connection.
> + @retval <=0 The write operation was not successful.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsWrite (
> + IN VOID *Tls,
> + IN VOID *Buffer,
> + IN UINTN BufferSize
> + );
> +
> +/**
> + Set a new TLS/SSL method for a particular TLS object.
> +
> + This function sets a new TLS/SSL method for a particular TLS object.
> +
> + @param[in] Tls Pointer to a TLS object.
> + @param[in] MajorVer Major Version of TLS/SSL Protocol.
> + @param[in] MinorVer Minor Version of TLS/SSL Protocol.
> +
> + @retval EFI_SUCCESS The TLS/SSL method was set successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetVersion (
> + IN VOID *Tls,
> + IN UINT8 MajorVer,
> + IN UINT8 MinorVer
> + );
> +
> +/**
> + Set TLS object to work in client or server mode.
> +
> + This function prepares a TLS object to work in client or server mode.
> +
> + @param[in] Tls Pointer to a TLS object.
> + @param[in] IsServer Work in server mode.
> +
> + @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetConnectionEnd (
> + IN VOID *Tls,
> + IN BOOLEAN IsServer
> + );
> +
> +/**
> + Set the ciphers list to be used by the TLS object.
> +
> + This function sets the ciphers for use by a specified TLS object.
> +
> + @param[in] Tls Pointer to a TLS object.
> + @param[in] CipherId Pointer to a string that contains one or more
> + ciphers separated by a colon.
> + @param[in] CipherNum The number of cipher in the list.
> +
> + @retval EFI_SUCCESS The ciphers list was set successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Unsupported TLS cipher in the list.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCipherList (
> + IN VOID *Tls,
> + IN UINT16 *CipherId,
> + IN UINTN CipherNum
> + );
> +
> +/**
> + Set the compression method for TLS/SSL operations.
> +
> + This function handles TLS/SSL integrated compression methods.
> +
> + @param[in] CompMethod The compression method ID.
> +
> + @retval EFI_SUCCESS The compression method for the communication
> was
> + set successfully.
> + @retval EFI_UNSUPPORTED Unsupported compression method.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCompressionMethod (
> + IN UINT8 CompMethod
> + );
> +
> +/**
> + Set peer certificate verification mode for the TLS connection.
> +
> + This function sets the verification mode flags for the TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] VerifyMode A set of logically or'ed verification mode flags.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsSetVerify (
> + IN VOID *Tls,
> + IN UINT32 VerifyMode
> + );
> +
> +/**
> + Sets a TLS/SSL session ID to be used during TLS/SSL connect.
> +
> + This function sets a session ID to be used when the TLS/SSL connection is
> + to be established.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] SessionId Session ID data used for session resumption.
> + @param[in] SessionIdLen Length of Session ID in bytes.
> +
> + @retval EFI_SUCCESS Session ID was set successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED No available session for ID setting.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetSessionId (
> + IN VOID *Tls,
> + IN UINT8 *SessionId,
> + IN UINT16 SessionIdLen
> + );
> +
> +/**
> + Adds the CA to the cert store when requesting Server or Client
> authentication.
> +
> + This function adds the CA certificate to the list of CAs when requesting
> + Server or Client authentication for the chosen TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] Data Pointer to the data buffer of a DER-encoded binary
> + X.509 certificate or PEM-encoded X.509 certificate.
> + @param[in] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_OUT_OF_RESOURCES Required resources could not be
> allocated.
> + @retval EFI_ABORTED Invalid X.509 certificate.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCaCertificate (
> + IN VOID *Tls,
> + IN VOID *Data,
> + IN UINTN DataSize
> + );
> +
> +/**
> + Loads the local public certificate into the specified TLS object.
> +
> + This function loads the X.509 certificate into the specified TLS object
> + for TLS negotiation.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] Data Pointer to the data buffer of a DER-encoded binary
> + X.509 certificate or PEM-encoded X.509 certificate.
> + @param[in] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_OUT_OF_RESOURCES Required resources could not be
> allocated.
> + @retval EFI_ABORTED Invalid X.509 certificate.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetHostPublicCert (
> + IN VOID *Tls,
> + IN VOID *Data,
> + IN UINTN DataSize
> + );
> +
> +/**
> + Adds the local private key to the specified TLS object.
> +
> + This function adds the local private key (PEM-encoded RSA or PKCS#8
> private
> + key) into the specified TLS object for TLS negotiation.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
> + or PKCS#8 private key.
> + @param[in] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_ABORTED Invalid private key data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetHostPrivateKey (
> + IN VOID *Tls,
> + IN VOID *Data,
> + IN UINTN DataSize
> + );
> +
> +/**
> + Adds the CA-supplied certificate revocation list for certificate validation.
> +
> + This function adds the CA-supplied certificate revocation list data for
> + certificate validity checking.
> +
> + @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
> + @param[in] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_ABORTED Invalid CRL data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCertRevocationList (
> + IN VOID *Data,
> + IN UINTN DataSize
> + );
> +
> +/**
> + Gets the protocol version used by the specified TLS connection.
> +
> + This function returns the protocol version used by the specified TLS
> + connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> +
> + @return The protocol version of the specified TLS connection.
> +
> +**/
> +UINT16
> +EFIAPI
> +TlsGetVersion (
> + IN VOID *Tls
> + );
> +
> +/**
> + Gets the connection end of the specified TLS connection.
> +
> + This function returns the connection end (as client or as server) used by
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> +
> + @return The connection end used by the specified TLS connection.
> +
> +**/
> +UINT8
> +EFIAPI
> +TlsGetConnectionEnd (
> + IN VOID *Tls
> + );
> +
> +/**
> + Gets the cipher suite used by the specified TLS connection.
> +
> + This function returns current cipher suite used by the specified
> + TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] CipherId The cipher suite used by the TLS object.
> +
> + @retval EFI_SUCCESS The cipher suite was returned successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Unsupported cipher suite.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCurrentCipher (
> + IN VOID *Tls,
> + IN OUT UINT16 *CipherId
> + );
> +
> +/**
> + Gets the compression methods used by the specified TLS connection.
> +
> + This function returns current integrated compression methods used by
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] CompressionId The current compression method used
> by
> + the TLS object.
> +
> + @retval EFI_SUCCESS The compression method was returned
> successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_ABORTED Invalid Compression method.
> + @retval EFI_UNSUPPORTED This function is not supported.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCurrentCompressionId (
> + IN VOID *Tls,
> + IN OUT UINT8 *CompressionId
> + );
> +
> +/**
> + Gets the verification mode currently set in the TLS connection.
> +
> + This function returns the peer verification mode currently set in the
> + specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> +
> + @return The verification mode set in the specified TLS connection.
> +
> +**/
> +UINT32
> +EFIAPI
> +TlsGetVerify (
> + IN VOID *Tls
> + );
> +
> +/**
> + Gets the session ID used by the specified TLS connection.
> +
> + This function returns the TLS/SSL session ID currently used by the
> + specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] SessionId Buffer to contain the returned session ID.
> + @param[in,out] SessionIdLen The length of Session ID in bytes.
> +
> + @retval EFI_SUCCESS The Session ID was returned successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetSessionId (
> + IN VOID *Tls,
> + IN OUT UINT8 *SessionId,
> + IN OUT UINT16 *SessionIdLen
> + );
> +
> +/**
> + Gets the client random data used in the specified TLS connection.
> +
> + This function returns the TLS/SSL client random data currently used in
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] ClientRandom Buffer to contain the returned client
> + random data (32 bytes).
> +
> +**/
> +VOID
> +EFIAPI
> +TlsGetClientRandom (
> + IN VOID *Tls,
> + IN OUT UINT8 *ClientRandom
> + );
> +
> +/**
> + Gets the server random data used in the specified TLS connection.
> +
> + This function returns the TLS/SSL server random data currently used in
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] ServerRandom Buffer to contain the returned server
> + random data (32 bytes).
> +
> +**/
> +VOID
> +EFIAPI
> +TlsGetServerRandom (
> + IN VOID *Tls,
> + IN OUT UINT8 *ServerRandom
> + );
> +
> +/**
> + Gets the master key data used in the specified TLS connection.
> +
> + This function returns the TLS/SSL master key material currently used in
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] KeyMaterial Buffer to contain the returned key material.
> +
> + @retval EFI_SUCCESS Key material was returned successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetKeyMaterial (
> + IN VOID *Tls,
> + IN OUT UINT8 *KeyMaterial
> + );
> +
> +/**
> + Gets the CA Certificate from the cert store.
> +
> + This function returns the CA certificate for the chosen
> + TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[out] Data Pointer to the data buffer to receive the CA
> + certificate data sent to the client.
> + @param[in,out] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCaCertificate (
> + IN VOID *Tls,
> + OUT VOID *Data,
> + IN OUT UINTN *DataSize
> + );
> +
> +/**
> + Gets the local public Certificate set in the specified TLS object.
> +
> + This function returns the local public certificate which was currently set
> + in the specified TLS object.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[out] Data Pointer to the data buffer to receive the local
> + public certificate.
> + @param[in,out] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_NOT_FOUND The certificate is not found.
> + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetHostPublicCert (
> + IN VOID *Tls,
> + OUT VOID *Data,
> + IN OUT UINTN *DataSize
> + );
> +
> +/**
> + Gets the local private key set in the specified TLS object.
> +
> + This function returns the local private key data which was currently set
> + in the specified TLS object.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[out] Data Pointer to the data buffer to receive the local
> + private key data.
> + @param[in,out] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetHostPrivateKey (
> + IN VOID *Tls,
> + OUT VOID *Data,
> + IN OUT UINTN *DataSize
> + );
> +
> +/**
> + Gets the CA-supplied certificate revocation list data set in the specified
> + TLS object.
> +
> + This function returns the CA-supplied certificate revocation list data which
> + was currently set in the specified TLS object.
> +
> + @param[out] Data Pointer to the data buffer to receive the CRL data.
> + @param[in,out] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCertRevocationList (
> + OUT VOID *Data,
> + IN OUT UINTN *DataSize
> + );
> +
> +#endif // __TLS_LIB_H__
> +
> diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl
> b/CryptoPkg/Library/OpensslLib/process_files.pl
> index 210811b9ed..4a60073485 100644
> --- a/CryptoPkg/Library/OpensslLib/process_files.pl
> +++ b/CryptoPkg/Library/OpensslLib/process_files.pl
> @@ -1,223 +1,224 @@
> -#!/usr/bin/perl -w
> -#
> -# This script runs the OpenSSL Configure script, then processes the
> -# resulting file list into our local OpensslLib[Crypto].inf and also
> -# takes a copy of opensslconf.h.
> -#
> -# This only needs to be done once by a developer when updating to a
> -# new version of OpenSSL (or changing options, etc.). Normal users
> -# do not need to do this, since the results are stored in the EDK2
> -# git repository for them.
> -#
> -use strict;
> -use Cwd;
> -use File::Copy;
> -
> -#
> -# Find the openssl directory name for use lib. We have to do this
> -# inside of BEGIN. The variables we create here, however, don't seem
> -# to be available to the main script, so we have to repeat the
> -# exercise.
> -#
> -my $inf_file;
> -my $OPENSSL_PATH;
> -my @inf;
> -
> -BEGIN {
> - $inf_file = "OpensslLib.inf";
> -
> - # Read the contents of the inf file
> - open( FD, "<" . $inf_file ) ||
> - die "Cannot open \"" . $inf_file . "\"!";
> - @inf = (<FD>);
> - close(FD) ||
> - die "Cannot close \"" . $inf_file . "\"!";
> -
> - foreach (@inf) {
> - if (/DEFINE\s+OPENSSL_PATH\s*=\s*([a-z]+)/) {
> -
> - # We need to run Configure before we can include its result...
> - $OPENSSL_PATH = $1;
> -
> - my $basedir = getcwd();
> -
> - chdir($OPENSSL_PATH) ||
> - die "Cannot change to OpenSSL directory \"" . $OPENSSL_PATH .
> "\"";
> -
> - # Configure UEFI
> - system(
> - "./Configure",
> - "UEFI",
> - "no-afalgeng",
> - "no-asm",
> - "no-async",
> - "no-autoalginit",
> - "no-autoerrinit",
> - "no-bf",
> - "no-blake2",
> - "no-camellia",
> - "no-capieng",
> - "no-cast",
> - "no-chacha",
> - "no-cms",
> - "no-ct",
> - "no-deprecated",
> - "no-dgram",
> - "no-dsa",
> - "no-dynamic-engine",
> - "no-ec",
> - "no-ec2m",
> - "no-engine",
> - "no-err",
> - "no-filenames",
> - "no-gost",
> - "no-hw",
> - "no-idea",
> - "no-mdc2",
> - "no-pic",
> - "no-ocb",
> - "no-poly1305",
> - "no-posix-io",
> - "no-rc2",
> - "no-rfc3779",
> - "no-rmd160",
> - "no-scrypt",
> - "no-seed",
> - "no-sock",
> - "no-srp",
> - "no-ssl",
> - "no-stdio",
> - "no-threads",
> - "no-ts",
> - "no-ui",
> - "no-whirlpool"
> - ) == 0 ||
> - die "OpenSSL Configure failed!\n";
> -
> - # Generate opensslconf.h per config data
> - system(
> - "perl -I. -Mconfigdata util/dofile.pl " .
> - "include/openssl/opensslconf.h.in " .
> - "> include/openssl/opensslconf.h"
> - ) == 0 ||
> - die "Failed to generate opensslconf.h!\n";
> -
> - chdir($basedir) ||
> - die "Cannot change to base directory \"" . $basedir . "\"";
> -
> - push @INC, $1;
> - last;
> - }
> - }
> -}
> -
> -#
> -# Retrieve file lists from OpenSSL configdata
> -#
> -use configdata qw/%unified_info/;
> -
> -my @cryptofilelist = ();
> -my @sslfilelist = ();
> -foreach my $product ((@{$unified_info{libraries}},
> - @{$unified_info{engines}})) {
> - foreach my $o (@{$unified_info{sources}->{$product}}) {
> - foreach my $s (@{$unified_info{sources}->{$o}}) {
> - next if ($unified_info{generate}->{$s});
> - next if $s =~ "crypto/bio/b_print.c";
> - if ($product =~ "libssl") {
> - push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
> - next;
> - }
> - push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
> - }
> - }
> -}
> -
> -#
> -# Update OpensslLib.inf with autogenerated file list
> -#
> -my @new_inf = ();
> -my $subbing = 0;
> -print "\n--> Updating OpensslLib.inf ... ";
> -foreach (@inf) {
> - if ( $_ =~ "# Autogenerated files list starts here" ) {
> - push @new_inf, $_, @cryptofilelist, @sslfilelist;
> - $subbing = 1;
> - next;
> - }
> - if ( $_ =~ "# Autogenerated files list ends here" ) {
> - push @new_inf, $_;
> - $subbing = 0;
> - next;
> - }
> -
> - push @new_inf, $_
> - unless ($subbing);
> -}
> -
> -my $new_inf_file = $inf_file . ".new";
> -open( FD, ">" . $new_inf_file ) ||
> - die $new_inf_file;
> -print( FD @new_inf ) ||
> - die $new_inf_file;
> -close(FD) ||
> - die $new_inf_file;
> -rename( $new_inf_file, $inf_file ) ||
> - die "rename $inf_file";
> -print "Done!";
> -
> -#
> -# Update OpensslLibCrypto.inf with auto-generated file list (no libssl)
> -#
> -$inf_file = "OpensslLibCrypto.inf";
> -
> -# Read the contents of the inf file
> -@inf = ();
> -@new_inf = ();
> -open( FD, "<" . $inf_file ) ||
> - die "Cannot open \"" . $inf_file . "\"!";
> -@inf = (<FD>);
> -close(FD) ||
> - die "Cannot close \"" . $inf_file . "\"!";
> -
> -$subbing = 0;
> -print "\n--> Updating OpensslLibCrypto.inf ... ";
> -foreach (@inf) {
> - if ( $_ =~ "# Autogenerated files list starts here" ) {
> - push @new_inf, $_, @cryptofilelist;
> - $subbing = 1;
> - next;
> - }
> - if ( $_ =~ "# Autogenerated files list ends here" ) {
> - push @new_inf, $_;
> - $subbing = 0;
> - next;
> - }
> -
> - push @new_inf, $_
> - unless ($subbing);
> -}
> -
> -$new_inf_file = $inf_file . ".new";
> -open( FD, ">" . $new_inf_file ) ||
> - die $new_inf_file;
> -print( FD @new_inf ) ||
> - die $new_inf_file;
> -close(FD) ||
> - die $new_inf_file;
> -rename( $new_inf_file, $inf_file ) ||
> - die "rename $inf_file";
> -print "Done!";
> -
> -#
> -# Copy opensslconf.h generated from OpenSSL Configuration
> -#
> -print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
> -copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
> - $OPENSSL_PATH . "/../../../Include/openssl/") ||
> - die "Cannot copy opensslconf.h!";
> -print "Done!\n";
> -
> -print "\nProcessing Files Done!\n";
> -
> -exit(0);
> +#!/usr/bin/perl -w
> +#
> +# This script runs the OpenSSL Configure script, then processes the
> +# resulting file list into our local OpensslLib[Crypto].inf and also
> +# takes a copy of opensslconf.h.
> +#
> +# This only needs to be done once by a developer when updating to a
> +# new version of OpenSSL (or changing options, etc.). Normal users
> +# do not need to do this, since the results are stored in the EDK2
> +# git repository for them.
> +#
> +use strict;
> +use Cwd;
> +use File::Copy;
> +
> +#
> +# Find the openssl directory name for use lib. We have to do this
> +# inside of BEGIN. The variables we create here, however, don't seem
> +# to be available to the main script, so we have to repeat the
> +# exercise.
> +#
> +my $inf_file;
> +my $OPENSSL_PATH;
> +my @inf;
> +
> +BEGIN {
> + $inf_file = "OpensslLib.inf";
> +
> + # Read the contents of the inf file
> + open( FD, "<" . $inf_file ) ||
> + die "Cannot open \"" . $inf_file . "\"!";
> + @inf = (<FD>);
> + close(FD) ||
> + die "Cannot close \"" . $inf_file . "\"!";
> +
> + foreach (@inf) {
> + if (/DEFINE\s+OPENSSL_PATH\s*=\s*([a-z]+)/) {
> +
> + # We need to run Configure before we can include its result...
> + $OPENSSL_PATH = $1;
> +
> + my $basedir = getcwd();
> +
> + chdir($OPENSSL_PATH) ||
> + die "Cannot change to OpenSSL directory \"" . $OPENSSL_PATH .
> "\"";
> +
> + # Configure UEFI
> + system(
> + "./Configure",
> + "UEFI",
> + "no-afalgeng",
> + "no-asm",
> + "no-async",
> + "no-autoalginit",
> + "no-autoerrinit",
> + "no-bf",
> + "no-blake2",
> + "no-camellia",
> + "no-capieng",
> + "no-cast",
> + "no-chacha",
> + "no-cms",
> + "no-ct",
> + "no-deprecated",
> + "no-dgram",
> + "no-dsa",
> + "no-dynamic-engine",
> + "no-ec",
> + "no-ec2m",
> + "no-engine",
> + "no-err",
> + "no-filenames",
> + "no-gost",
> + "no-hw",
> + "no-idea",
> + "no-mdc2",
> + "no-pic",
> + "no-ocb",
> + "no-poly1305",
> + "no-posix-io",
> + "no-rc2",
> + "no-rfc3779",
> + "no-rmd160",
> + "no-scrypt",
> + "no-seed",
> + "no-sock",
> + "no-srp",
> + "no-ssl",
> + "no-stdio",
> + "no-threads",
> + "no-ts",
> + "no-ui",
> + "no-whirlpool"
> + ) == 0 ||
> + die "OpenSSL Configure failed!\n";
> +
> + # Generate opensslconf.h per config data
> + system(
> + "perl -I. -Mconfigdata util/dofile.pl " .
> + "include/openssl/opensslconf.h.in " .
> + "> include/openssl/opensslconf.h"
> + ) == 0 ||
> + die "Failed to generate opensslconf.h!\n";
> +
> + chdir($basedir) ||
> + die "Cannot change to base directory \"" . $basedir . "\"";
> +
> + push @INC, $1;
> + last;
> + }
> + }
> +}
> +
> +#
> +# Retrieve file lists from OpenSSL configdata
> +#
> +use configdata qw/%unified_info/;
> +
> +my @cryptofilelist = ();
> +my @sslfilelist = ();
> +foreach my $product ((@{$unified_info{libraries}},
> + @{$unified_info{engines}})) {
> + foreach my $o (@{$unified_info{sources}->{$product}}) {
> + foreach my $s (@{$unified_info{sources}->{$o}}) {
> + next if ($unified_info{generate}->{$s});
> + next if $s =~ "crypto/bio/b_print.c";
> + if ($product =~ "libssl") {
> + push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
> + next;
> + }
> + push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
> + }
> + }
> +}
> +
> +#
> +# Update OpensslLib.inf with autogenerated file list
> +#
> +my @new_inf = ();
> +my $subbing = 0;
> +print "\n--> Updating OpensslLib.inf ... ";
> +foreach (@inf) {
> + if ( $_ =~ "# Autogenerated files list starts here" ) {
> + push @new_inf, $_, @cryptofilelist, @sslfilelist;
> + $subbing = 1;
> + next;
> + }
> + if ( $_ =~ "# Autogenerated files list ends here" ) {
> + push @new_inf, $_;
> + $subbing = 0;
> + next;
> + }
> +
> + push @new_inf, $_
> + unless ($subbing);
> +}
> +
> +my $new_inf_file = $inf_file . ".new";
> +open( FD, ">" . $new_inf_file ) ||
> + die $new_inf_file;
> +print( FD @new_inf ) ||
> + die $new_inf_file;
> +close(FD) ||
> + die $new_inf_file;
> +rename( $new_inf_file, $inf_file ) ||
> + die "rename $inf_file";
> +print "Done!";
> +
> +#
> +# Update OpensslLibCrypto.inf with auto-generated file list (no libssl)
> +#
> +$inf_file = "OpensslLibCrypto.inf";
> +
> +# Read the contents of the inf file
> +@inf = ();
> +@new_inf = ();
> +open( FD, "<" . $inf_file ) ||
> + die "Cannot open \"" . $inf_file . "\"!";
> +@inf = (<FD>);
> +close(FD) ||
> + die "Cannot close \"" . $inf_file . "\"!";
> +
> +$subbing = 0;
> +print "\n--> Updating OpensslLibCrypto.inf ... ";
> +foreach (@inf) {
> + if ( $_ =~ "# Autogenerated files list starts here" ) {
> + push @new_inf, $_, @cryptofilelist;
> + $subbing = 1;
> + next;
> + }
> + if ( $_ =~ "# Autogenerated files list ends here" ) {
> + push @new_inf, $_;
> + $subbing = 0;
> + next;
> + }
> +
> + push @new_inf, $_
> + unless ($subbing);
> +}
> +
> +$new_inf_file = $inf_file . ".new";
> +open( FD, ">" . $new_inf_file ) ||
> + die $new_inf_file;
> +print( FD @new_inf ) ||
> + die $new_inf_file;
> +close(FD) ||
> + die $new_inf_file;
> +rename( $new_inf_file, $inf_file ) ||
> + die "rename $inf_file";
> +print "Done!";
> +
> +#
> +# Copy opensslconf.h generated from OpenSSL Configuration
> +#
> +print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
> +copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
> + $OPENSSL_PATH . "/../../../Include/openssl/") ||
> + die "Cannot copy opensslconf.h!";
> +print "Done!\n";
> +
> +print "\nProcessing Files Done!\n";
> +
> +exit(0);
> +
> diff --git a/CryptoPkg/Library/TlsLib/InternalTlsLib.h
> b/CryptoPkg/Library/TlsLib/InternalTlsLib.h
> index 97727361e8..88c4e3b38e 100644
> --- a/CryptoPkg/Library/TlsLib/InternalTlsLib.h
> +++ b/CryptoPkg/Library/TlsLib/InternalTlsLib.h
> @@ -1,42 +1,43 @@
> -/** @file
> - Internal include file for TlsLib.
> -
> -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> -This program and the accompanying materials
> -are licensed and made available under the terms and conditions of the BSD
> License
> -which accompanies this distribution. The full text of the license may be
> found at
> -http://opensource.org/licenses/bsd-license.php
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#ifndef __INTERNAL_TLS_LIB_H__
> -#define __INTERNAL_TLS_LIB_H__
> -
> -#undef _WIN32
> -#undef _WIN64
> -
> -#include <Library/BaseCryptLib.h>
> -#include <openssl/ssl.h>
> -#include <openssl/bio.h>
> -#include <openssl/err.h>
> -
> -typedef struct {
> - //
> - // Main SSL Connection which is created by a server or a client
> - // per established connection.
> - //
> - SSL *Ssl;
> - //
> - // Memory BIO for the TLS/SSL Reading operations.
> - //
> - BIO *InBio;
> - //
> - // Memory BIO for the TLS/SSL Writing operations.
> - //
> - BIO *OutBio;
> -} TLS_CONNECTION;
> -
> -#endif
> +/** @file
> + Internal include file for TlsLib.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution. The full text of the license may be
> found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#ifndef __INTERNAL_TLS_LIB_H__
> +#define __INTERNAL_TLS_LIB_H__
> +
> +#undef _WIN32
> +#undef _WIN64
> +
> +#include <Library/BaseCryptLib.h>
> +#include <openssl/ssl.h>
> +#include <openssl/bio.h>
> +#include <openssl/err.h>
> +
> +typedef struct {
> + //
> + // Main SSL Connection which is created by a server or a client
> + // per established connection.
> + //
> + SSL *Ssl;
> + //
> + // Memory BIO for the TLS/SSL Reading operations.
> + //
> + BIO *InBio;
> + //
> + // Memory BIO for the TLS/SSL Writing operations.
> + //
> + BIO *OutBio;
> +} TLS_CONNECTION;
> +
> +#endif
> +
> diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c
> b/CryptoPkg/Library/TlsLib/TlsConfig.c
> index 43e275d400..4c88229b89 100644
> --- a/CryptoPkg/Library/TlsLib/TlsConfig.c
> +++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
> @@ -1,1059 +1,1060 @@
> -/** @file
> - SSL/TLS Configuration Library Wrapper Implementation over OpenSSL.
> -
> -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> -(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> -This program and the accompanying materials
> -are licensed and made available under the terms and conditions of the BSD
> License
> -which accompanies this distribution. The full text of the license may be
> found at
> -http://opensource.org/licenses/bsd-license.php
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#include "InternalTlsLib.h"
> -
> -typedef struct {
> - //
> - // IANA/IETF defined Cipher Suite ID
> - //
> - UINT16 IanaCipher;
> - //
> - // OpenSSL-used Cipher Suite String
> - //
> - CONST CHAR8 *OpensslCipher;
> -} TLS_CIPHER_PAIR;
> -
> -//
> -// The mapping table between IANA/IETF Cipher Suite definitions and
> -// OpenSSL-used Cipher Suite name.
> -//
> -STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
> - { 0x0001, "NULL-MD5" }, /// TLS_RSA_WITH_NULL_MD5
> - { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA
> - { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5
> - { 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA
> - { 0x000A, "DES-CBC3-SHA" }, /// TLS_RSA_WITH_3DES_EDE_CBC_SHA,
> mandatory TLS 1.1
> - { 0x0016, "DHE-RSA-DES-CBC3-SHA" }, ///
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> - { 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA,
> mandatory TLS 1.2
> - { 0x0030, "DH-DSS-AES128-SHA" }, ///
> TLS_DH_DSS_WITH_AES_128_CBC_SHA
> - { 0x0031, "DH-RSA-AES128-SHA" }, ///
> TLS_DH_RSA_WITH_AES_128_CBC_SHA
> - { 0x0033, "DHE-RSA-AES128-SHA" }, ///
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA
> - { 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA
> - { 0x0036, "DH-DSS-AES256-SHA" }, ///
> TLS_DH_DSS_WITH_AES_256_CBC_SHA
> - { 0x0037, "DH-RSA-AES256-SHA" }, ///
> TLS_DH_RSA_WITH_AES_256_CBC_SHA
> - { 0x0039, "DHE-RSA-AES256-SHA" }, ///
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> - { 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256
> - { 0x003C, "AES128-SHA256" }, ///
> TLS_RSA_WITH_AES_128_CBC_SHA256
> - { 0x003D, "AES256-SHA256" }, ///
> TLS_RSA_WITH_AES_256_CBC_SHA256
> - { 0x003E, "DH-DSS-AES128-SHA256" }, ///
> TLS_DH_DSS_WITH_AES_128_CBC_SHA256
> - { 0x003F, "DH-RSA-AES128-SHA256" }, ///
> TLS_DH_RSA_WITH_AES_128_CBC_SHA256
> - { 0x0067, "DHE-RSA-AES128-SHA256" }, ///
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> - { 0x0068, "DH-DSS-AES256-SHA256" }, ///
> TLS_DH_DSS_WITH_AES_256_CBC_SHA256
> - { 0x0069, "DH-RSA-AES256-SHA256" }, ///
> TLS_DH_RSA_WITH_AES_256_CBC_SHA256
> - { 0x006B, "DHE-RSA-AES256-SHA256" } ///
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> -};
> -
> -/**
> - Gets the OpenSSL cipher suite string for the supplied IANA TLS cipher suite.
> -
> - @param[in] CipherId The supplied IANA TLS cipher suite ID.
> -
> - @return The corresponding OpenSSL cipher suite string if found,
> - NULL otherwise.
> -
> -**/
> -STATIC
> -CONST CHAR8 *
> -TlsGetCipherString (
> - IN UINT16 CipherId
> - )
> -{
> - CONST TLS_CIPHER_PAIR *CipherEntry;
> - UINTN TableSize;
> - UINTN Index;
> -
> - CipherEntry = TlsCipherMappingTable;
> - TableSize = sizeof (TlsCipherMappingTable) / sizeof (TLS_CIPHER_PAIR);
> -
> - //
> - // Search Cipher Mapping Table for IANA-OpenSSL Cipher Translation
> - //
> - for (Index = 0; Index < TableSize; Index++, CipherEntry++) {
> - //
> - // Translate IANA cipher suite name to OpenSSL name.
> - //
> - if (CipherEntry->IanaCipher == CipherId) {
> - return CipherEntry->OpensslCipher;
> - }
> - }
> -
> - //
> - // No Cipher Mapping found, return NULL.
> - //
> - return NULL;
> -}
> -
> -/**
> - Set a new TLS/SSL method for a particular TLS object.
> -
> - This function sets a new TLS/SSL method for a particular TLS object.
> -
> - @param[in] Tls Pointer to a TLS object.
> - @param[in] MajorVer Major Version of TLS/SSL Protocol.
> - @param[in] MinorVer Minor Version of TLS/SSL Protocol.
> -
> - @retval EFI_SUCCESS The TLS/SSL method was set successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetVersion (
> - IN VOID *Tls,
> - IN UINT8 MajorVer,
> - IN UINT8 MinorVer
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> - UINT16 ProtoVersion;
> -
> - TlsConn = (TLS_CONNECTION *)Tls;
> - if (TlsConn == NULL || TlsConn->Ssl == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - ProtoVersion = (MajorVer << 8) | MinorVer;
> -
> - //
> - // Bound TLS method to the particular specified version.
> - //
> - switch (ProtoVersion) {
> - case TLS1_VERSION:
> - //
> - // TLS 1.0
> - //
> - SSL_set_min_proto_version (TlsConn->Ssl, TLS1_VERSION);
> - SSL_set_max_proto_version (TlsConn->Ssl, TLS1_VERSION);
> - break;
> - case TLS1_1_VERSION:
> - //
> - // TLS 1.1
> - //
> - SSL_set_min_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
> - SSL_set_max_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
> - break;
> - case TLS1_2_VERSION:
> - //
> - // TLS 1.2
> - //
> - SSL_set_min_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
> - SSL_set_max_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
> - break;
> - default:
> - //
> - // Unsupported Protocol Version
> - //
> - return EFI_UNSUPPORTED;
> - }
> -
> - return EFI_SUCCESS;;
> -}
> -
> -/**
> - Set TLS object to work in client or server mode.
> -
> - This function prepares a TLS object to work in client or server mode.
> -
> - @param[in] Tls Pointer to a TLS object.
> - @param[in] IsServer Work in server mode.
> -
> - @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetConnectionEnd (
> - IN VOID *Tls,
> - IN BOOLEAN IsServer
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - if (TlsConn == NULL || TlsConn->Ssl == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - if (!IsServer) {
> - //
> - // Set TLS to work in Client mode.
> - //
> - SSL_set_connect_state (TlsConn->Ssl);
> - } else {
> - //
> - // Set TLS to work in Server mode.
> - // It is unsupported for UEFI version currently.
> - //
> - //SSL_set_accept_state (TlsConn->Ssl);
> - return EFI_UNSUPPORTED;
> - }
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Set the ciphers list to be used by the TLS object.
> -
> - This function sets the ciphers for use by a specified TLS object.
> -
> - @param[in] Tls Pointer to a TLS object.
> - @param[in] CipherId Pointer to a UINT16 cipher Id.
> - @param[in] CipherNum The number of cipher in the list.
> -
> - @retval EFI_SUCCESS The ciphers list was set successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED Unsupported TLS cipher in the list.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetCipherList (
> - IN VOID *Tls,
> - IN UINT16 *CipherId,
> - IN UINTN CipherNum
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> - UINTN Index;
> - CONST CHAR8 *MappingName;
> - CHAR8 CipherString[500];
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - MappingName = NULL;
> -
> - memset (CipherString, 0, sizeof (CipherString));
> -
> - for (Index = 0; Index < CipherNum; Index++) {
> - //
> - // Handling OpenSSL / RFC Cipher name mapping.
> - //
> - MappingName = TlsGetCipherString (*(CipherId + Index));
> - if (MappingName == NULL) {
> - return EFI_UNSUPPORTED;
> - }
> -
> - if (Index != 0) {
> - //
> - // The ciphers were separated by a colon.
> - //
> - AsciiStrCatS (CipherString, sizeof (CipherString), ":");
> - }
> -
> - AsciiStrCatS (CipherString, sizeof (CipherString), MappingName);
> - }
> -
> - AsciiStrCatS (CipherString, sizeof (CipherString), ":@STRENGTH");
> -
> - //
> - // Sets the ciphers for use by the Tls object.
> - //
> - if (SSL_set_cipher_list (TlsConn->Ssl, CipherString) <= 0) {
> - return EFI_UNSUPPORTED;
> - }
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Set the compression method for TLS/SSL operations.
> -
> - This function handles TLS/SSL integrated compression methods.
> -
> - @param[in] CompMethod The compression method ID.
> -
> - @retval EFI_SUCCESS The compression method for the communication
> was
> - set successfully.
> - @retval EFI_UNSUPPORTED Unsupported compression method.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetCompressionMethod (
> - IN UINT8 CompMethod
> - )
> -{
> - COMP_METHOD *Cm;
> - INTN Ret;
> -
> - Cm = NULL;
> - Ret = 0;
> -
> - if (CompMethod == 0) {
> - //
> - // TLS defines one standard compression method,
> CompressionMethod.null (0),
> - // which specifies that data exchanged via the record protocol will not be
> compressed.
> - // So, return EFI_SUCCESS directly (RFC 3749).
> - //
> - return EFI_SUCCESS;
> - } else if (CompMethod == 1) {
> - Cm = COMP_zlib();
> - } else {
> - return EFI_UNSUPPORTED;
> - }
> -
> - //
> - // Adds the compression method to the list of available
> - // compression methods.
> - //
> - Ret = SSL_COMP_add_compression_method (CompMethod, Cm);
> - if (Ret != 0) {
> - return EFI_UNSUPPORTED;
> - }
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Set peer certificate verification mode for the TLS connection.
> -
> - This function sets the verification mode flags for the TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in] VerifyMode A set of logically or'ed verification mode flags.
> -
> -**/
> -VOID
> -EFIAPI
> -TlsSetVerify (
> - IN VOID *Tls,
> - IN UINT32 VerifyMode
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - if (TlsConn == NULL || TlsConn->Ssl == NULL) {
> - return;
> - }
> -
> - //
> - // Set peer certificate verification parameters with NULL callback.
> - //
> - SSL_set_verify (TlsConn->Ssl, VerifyMode, NULL);
> -}
> -
> -/**
> - Sets a TLS/SSL session ID to be used during TLS/SSL connect.
> -
> - This function sets a session ID to be used when the TLS/SSL connection is
> - to be established.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in] SessionId Session ID data used for session resumption.
> - @param[in] SessionIdLen Length of Session ID in bytes.
> -
> - @retval EFI_SUCCESS Session ID was set successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED No available session for ID setting.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetSessionId (
> - IN VOID *Tls,
> - IN UINT8 *SessionId,
> - IN UINT16 SessionIdLen
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> - SSL_SESSION *Session;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - Session = NULL;
> -
> - if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - Session = SSL_get_session (TlsConn->Ssl);
> - if (Session == NULL) {
> - return EFI_UNSUPPORTED;
> - }
> -
> - SSL_SESSION_set1_id (Session, (const unsigned char *)SessionId,
> SessionIdLen);
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Adds the CA to the cert store when requesting Server or Client
> authentication.
> -
> - This function adds the CA certificate to the list of CAs when requesting
> - Server or Client authentication for the chosen TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in] Data Pointer to the data buffer of a DER-encoded binary
> - X.509 certificate or PEM-encoded X.509 certificate.
> - @param[in] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_OUT_OF_RESOURCES Required resources could not be
> allocated.
> - @retval EFI_ABORTED Invalid X.509 certificate.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetCaCertificate (
> - IN VOID *Tls,
> - IN VOID *Data,
> - IN UINTN DataSize
> - )
> -{
> - BIO *BioCert;
> - X509 *Cert;
> - X509_STORE *X509Store;
> - EFI_STATUS Status;
> - TLS_CONNECTION *TlsConn;
> - SSL_CTX *SslCtx;
> - INTN Ret;
> - UINTN ErrorCode;
> -
> - BioCert = NULL;
> - Cert = NULL;
> - X509Store = NULL;
> - Status = EFI_SUCCESS;
> - TlsConn = (TLS_CONNECTION *) Tls;
> - Ret = 0;
> -
> - if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize
> == 0) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - //
> - // DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.
> - // Determine whether certificate is from DER encoding, if so, translate it to
> X509 structure.
> - //
> - Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);
> - if (Cert == NULL) {
> - //
> - // Certificate is from PEM encoding.
> - //
> - BioCert = BIO_new (BIO_s_mem ());
> - if (BioCert == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {
> - Status = EFI_ABORTED;
> - goto ON_EXIT;
> - }
> -
> - Cert = PEM_read_bio_X509 (BioCert, NULL, NULL, NULL);
> - if (Cert == NULL) {
> - Status = EFI_ABORTED;
> - goto ON_EXIT;
> - }
> - }
> -
> - SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);
> - X509Store = SSL_CTX_get_cert_store (SslCtx);
> - if (X509Store == NULL) {
> - Status = EFI_ABORTED;
> - goto ON_EXIT;
> - }
> -
> - //
> - // Add certificate to X509 store
> - //
> - Ret = X509_STORE_add_cert (X509Store, Cert);
> - if (Ret != 1) {
> - ErrorCode = ERR_peek_last_error ();
> - //
> - // Ignore "already in table" errors
> - //
> - if (!(ERR_GET_FUNC (ErrorCode) == X509_F_X509_STORE_ADD_CERT &&
> - ERR_GET_REASON (ErrorCode) ==
> X509_R_CERT_ALREADY_IN_HASH_TABLE)) {
> - Status = EFI_ABORTED;
> - goto ON_EXIT;
> - }
> - }
> -
> -ON_EXIT:
> - if (BioCert != NULL) {
> - BIO_free (BioCert);
> - }
> -
> - if (Cert != NULL) {
> - X509_free (Cert);
> - }
> -
> - return Status;
> -}
> -
> -/**
> - Loads the local public certificate into the specified TLS object.
> -
> - This function loads the X.509 certificate into the specified TLS object
> - for TLS negotiation.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in] Data Pointer to the data buffer of a DER-encoded binary
> - X.509 certificate or PEM-encoded X.509 certificate.
> - @param[in] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_OUT_OF_RESOURCES Required resources could not be
> allocated.
> - @retval EFI_ABORTED Invalid X.509 certificate.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetHostPublicCert (
> - IN VOID *Tls,
> - IN VOID *Data,
> - IN UINTN DataSize
> - )
> -{
> - BIO *BioCert;
> - X509 *Cert;
> - EFI_STATUS Status;
> - TLS_CONNECTION *TlsConn;
> -
> - BioCert = NULL;
> - Cert = NULL;
> - Status = EFI_SUCCESS;
> - TlsConn = (TLS_CONNECTION *) Tls;
> -
> - if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize
> == 0) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - //
> - // DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.
> - // Determine whether certificate is from DER encoding, if so, translate it to
> X509 structure.
> - //
> - Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);
> - if (Cert == NULL) {
> - //
> - // Certificate is from PEM encoding.
> - //
> - BioCert = BIO_new (BIO_s_mem ());
> - if (BioCert == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {
> - Status = EFI_ABORTED;
> - goto ON_EXIT;
> - }
> -
> - Cert = PEM_read_bio_X509 (BioCert, NULL, NULL, NULL);
> - if (Cert == NULL) {
> - Status = EFI_ABORTED;
> - goto ON_EXIT;
> - }
> - }
> -
> - if (SSL_use_certificate (TlsConn->Ssl, Cert) != 1) {
> - Status = EFI_ABORTED;
> - goto ON_EXIT;
> - }
> -
> -ON_EXIT:
> - if (BioCert != NULL) {
> - BIO_free (BioCert);
> - }
> -
> - if (Cert != NULL) {
> - X509_free (Cert);
> - }
> -
> - return Status;
> -}
> -
> -/**
> - Adds the local private key to the specified TLS object.
> -
> - This function adds the local private key (PEM-encoded RSA or PKCS#8
> private
> - key) into the specified TLS object for TLS negotiation.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
> - or PKCS#8 private key.
> - @param[in] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_UNSUPPORTED This function is not supported.
> - @retval EFI_ABORTED Invalid private key data.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetHostPrivateKey (
> - IN VOID *Tls,
> - IN VOID *Data,
> - IN UINTN DataSize
> - )
> -{
> - return EFI_UNSUPPORTED;
> -}
> -
> -/**
> - Adds the CA-supplied certificate revocation list for certificate validation.
> -
> - This function adds the CA-supplied certificate revocation list data for
> - certificate validity checking.
> -
> - @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
> - @param[in] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_UNSUPPORTED This function is not supported.
> - @retval EFI_ABORTED Invalid CRL data.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetCertRevocationList (
> - IN VOID *Data,
> - IN UINTN DataSize
> - )
> -{
> - return EFI_UNSUPPORTED;
> -}
> -
> -/**
> - Gets the protocol version used by the specified TLS connection.
> -
> - This function returns the protocol version used by the specified TLS
> - connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> -
> - @return The protocol version of the specified TLS connection.
> -
> -**/
> -UINT16
> -EFIAPI
> -TlsGetVersion (
> - IN VOID *Tls
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> -
> - ASSERT (TlsConn != NULL);
> -
> - return (UINT16)(SSL_version (TlsConn->Ssl));
> -}
> -
> -/**
> - Gets the connection end of the specified TLS connection.
> -
> - This function returns the connection end (as client or as server) used by
> - the specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> -
> - @return The connection end used by the specified TLS connection.
> -
> -**/
> -UINT8
> -EFIAPI
> -TlsGetConnectionEnd (
> - IN VOID *Tls
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> -
> - ASSERT (TlsConn != NULL);
> -
> - return (UINT8)SSL_is_server (TlsConn->Ssl);
> -}
> -
> -/**
> - Gets the cipher suite used by the specified TLS connection.
> -
> - This function returns current cipher suite used by the specified
> - TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] CipherId The cipher suite used by the TLS object.
> -
> - @retval EFI_SUCCESS The cipher suite was returned successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED Unsupported cipher suite.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetCurrentCipher (
> - IN VOID *Tls,
> - IN OUT UINT16 *CipherId
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> - CONST SSL_CIPHER *Cipher;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - Cipher = NULL;
> -
> - if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - Cipher = SSL_get_current_cipher (TlsConn->Ssl);
> - if (Cipher == NULL) {
> - return EFI_UNSUPPORTED;
> - }
> -
> - *CipherId = (SSL_CIPHER_get_id (Cipher)) & 0xFFFF;
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Gets the compression methods used by the specified TLS connection.
> -
> - This function returns current integrated compression methods used by
> - the specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] CompressionId The current compression method used
> by
> - the TLS object.
> -
> - @retval EFI_SUCCESS The compression method was returned
> successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_ABORTED Invalid Compression method.
> - @retval EFI_UNSUPPORTED This function is not supported.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetCurrentCompressionId (
> - IN VOID *Tls,
> - IN OUT UINT8 *CompressionId
> - )
> -{
> - return EFI_UNSUPPORTED;
> -}
> -
> -/**
> - Gets the verification mode currently set in the TLS connection.
> -
> - This function returns the peer verification mode currently set in the
> - specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> -
> - @return The verification mode set in the specified TLS connection.
> -
> -**/
> -UINT32
> -EFIAPI
> -TlsGetVerify (
> - IN VOID *Tls
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> -
> - ASSERT (TlsConn != NULL);
> -
> - return SSL_get_verify_mode (TlsConn->Ssl);
> -}
> -
> -/**
> - Gets the session ID used by the specified TLS connection.
> -
> - This function returns the TLS/SSL session ID currently used by the
> - specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] SessionId Buffer to contain the returned session ID.
> - @param[in,out] SessionIdLen The length of Session ID in bytes.
> -
> - @retval EFI_SUCCESS The Session ID was returned successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetSessionId (
> - IN VOID *Tls,
> - IN OUT UINT8 *SessionId,
> - IN OUT UINT16 *SessionIdLen
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> - SSL_SESSION *Session;
> - CONST UINT8 *SslSessionId;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - Session = NULL;
> -
> - if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL ||
> SessionIdLen == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - Session = SSL_get_session (TlsConn->Ssl);
> - if (Session == NULL) {
> - return EFI_UNSUPPORTED;
> - }
> -
> - SslSessionId = SSL_SESSION_get_id (Session, (unsigned int *)SessionIdLen);
> - CopyMem (SessionId, SslSessionId, *SessionIdLen);
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Gets the client random data used in the specified TLS connection.
> -
> - This function returns the TLS/SSL client random data currently used in
> - the specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] ClientRandom Buffer to contain the returned client
> - random data (32 bytes).
> -
> -**/
> -VOID
> -EFIAPI
> -TlsGetClientRandom (
> - IN VOID *Tls,
> - IN OUT UINT8 *ClientRandom
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> -
> - if (TlsConn == NULL || TlsConn->Ssl == NULL || ClientRandom == NULL) {
> - return;
> - }
> -
> - SSL_get_client_random (TlsConn->Ssl, ClientRandom,
> SSL3_RANDOM_SIZE);
> -}
> -
> -/**
> - Gets the server random data used in the specified TLS connection.
> -
> - This function returns the TLS/SSL server random data currently used in
> - the specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] ServerRandom Buffer to contain the returned server
> - random data (32 bytes).
> -
> -**/
> -VOID
> -EFIAPI
> -TlsGetServerRandom (
> - IN VOID *Tls,
> - IN OUT UINT8 *ServerRandom
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> -
> - if (TlsConn == NULL || TlsConn->Ssl == NULL || ServerRandom == NULL) {
> - return;
> - }
> -
> - SSL_get_server_random (TlsConn->Ssl, ServerRandom,
> SSL3_RANDOM_SIZE);
> -}
> -
> -/**
> - Gets the master key data used in the specified TLS connection.
> -
> - This function returns the TLS/SSL master key material currently used in
> - the specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] KeyMaterial Buffer to contain the returned key material.
> -
> - @retval EFI_SUCCESS Key material was returned successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetKeyMaterial (
> - IN VOID *Tls,
> - IN OUT UINT8 *KeyMaterial
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> - SSL_SESSION *Session;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - Session = NULL;
> -
> - if (TlsConn == NULL || TlsConn->Ssl == NULL || KeyMaterial == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - Session = SSL_get_session (TlsConn->Ssl);
> -
> - if (Session == NULL) {
> - return EFI_UNSUPPORTED;
> - }
> -
> - SSL_SESSION_get_master_key (Session, KeyMaterial,
> SSL3_MASTER_SECRET_SIZE);
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Gets the CA Certificate from the cert store.
> -
> - This function returns the CA certificate for the chosen
> - TLS connection.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[out] Data Pointer to the data buffer to receive the CA
> - certificate data sent to the client.
> - @param[in,out] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_UNSUPPORTED This function is not supported.
> - @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetCaCertificate (
> - IN VOID *Tls,
> - OUT VOID *Data,
> - IN OUT UINTN *DataSize
> - )
> -{
> - return EFI_UNSUPPORTED;
> -}
> -
> -/**
> - Gets the local public Certificate set in the specified TLS object.
> -
> - This function returns the local public certificate which was currently set
> - in the specified TLS object.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[out] Data Pointer to the data buffer to receive the local
> - public certificate.
> - @param[in,out] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_NOT_FOUND The certificate is not found.
> - @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetHostPublicCert (
> - IN VOID *Tls,
> - OUT VOID *Data,
> - IN OUT UINTN *DataSize
> - )
> -{
> - X509 *Cert;
> - TLS_CONNECTION *TlsConn;
> -
> - Cert = NULL;
> - TlsConn = (TLS_CONNECTION *) Tls;
> -
> - if (TlsConn == NULL || TlsConn->Ssl == NULL || DataSize == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - Cert = SSL_get_certificate(TlsConn->Ssl);
> - if (Cert == NULL) {
> - return EFI_NOT_FOUND;
> - }
> -
> - //
> - // Only DER encoding is supported currently.
> - //
> - if (*DataSize < (UINTN) i2d_X509 (Cert, NULL)) {
> - *DataSize = (UINTN) i2d_X509 (Cert, NULL);
> - return EFI_BUFFER_TOO_SMALL;
> - }
> -
> - *DataSize = (UINTN) i2d_X509 (Cert, (unsigned char **) &Data);
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Gets the local private key set in the specified TLS object.
> -
> - This function returns the local private key data which was currently set
> - in the specified TLS object.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[out] Data Pointer to the data buffer to receive the local
> - private key data.
> - @param[in,out] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_UNSUPPORTED This function is not supported.
> - @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetHostPrivateKey (
> - IN VOID *Tls,
> - OUT VOID *Data,
> - IN OUT UINTN *DataSize
> - )
> -{
> - return EFI_UNSUPPORTED;
> -}
> -
> -/**
> - Gets the CA-supplied certificate revocation list data set in the specified
> - TLS object.
> -
> - This function returns the CA-supplied certificate revocation list data which
> - was currently set in the specified TLS object.
> -
> - @param[out] Data Pointer to the data buffer to receive the CRL data.
> - @param[in,out] DataSize The size of data buffer in bytes.
> -
> - @retval EFI_SUCCESS The operation succeeded.
> - @retval EFI_UNSUPPORTED This function is not supported.
> - @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetCertRevocationList (
> - OUT VOID *Data,
> - IN OUT UINTN *DataSize
> - )
> -{
> - return EFI_UNSUPPORTED;
> -}
> +/** @file
> + SSL/TLS Configuration Library Wrapper Implementation over OpenSSL.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution. The full text of the license may be
> found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include "InternalTlsLib.h"
> +
> +typedef struct {
> + //
> + // IANA/IETF defined Cipher Suite ID
> + //
> + UINT16 IanaCipher;
> + //
> + // OpenSSL-used Cipher Suite String
> + //
> + CONST CHAR8 *OpensslCipher;
> +} TLS_CIPHER_PAIR;
> +
> +//
> +// The mapping table between IANA/IETF Cipher Suite definitions and
> +// OpenSSL-used Cipher Suite name.
> +//
> +STATIC CONST TLS_CIPHER_PAIR TlsCipherMappingTable[] = {
> + { 0x0001, "NULL-MD5" }, /// TLS_RSA_WITH_NULL_MD5
> + { 0x0002, "NULL-SHA" }, /// TLS_RSA_WITH_NULL_SHA
> + { 0x0004, "RC4-MD5" }, /// TLS_RSA_WITH_RC4_128_MD5
> + { 0x0005, "RC4-SHA" }, /// TLS_RSA_WITH_RC4_128_SHA
> + { 0x000A, "DES-CBC3-SHA" }, ///
> TLS_RSA_WITH_3DES_EDE_CBC_SHA, mandatory TLS 1.1
> + { 0x0016, "DHE-RSA-DES-CBC3-SHA" }, ///
> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> + { 0x002F, "AES128-SHA" }, /// TLS_RSA_WITH_AES_128_CBC_SHA,
> mandatory TLS 1.2
> + { 0x0030, "DH-DSS-AES128-SHA" }, ///
> TLS_DH_DSS_WITH_AES_128_CBC_SHA
> + { 0x0031, "DH-RSA-AES128-SHA" }, ///
> TLS_DH_RSA_WITH_AES_128_CBC_SHA
> + { 0x0033, "DHE-RSA-AES128-SHA" }, ///
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA
> + { 0x0035, "AES256-SHA" }, /// TLS_RSA_WITH_AES_256_CBC_SHA
> + { 0x0036, "DH-DSS-AES256-SHA" }, ///
> TLS_DH_DSS_WITH_AES_256_CBC_SHA
> + { 0x0037, "DH-RSA-AES256-SHA" }, ///
> TLS_DH_RSA_WITH_AES_256_CBC_SHA
> + { 0x0039, "DHE-RSA-AES256-SHA" }, ///
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> + { 0x003B, "NULL-SHA256" }, /// TLS_RSA_WITH_NULL_SHA256
> + { 0x003C, "AES128-SHA256" }, ///
> TLS_RSA_WITH_AES_128_CBC_SHA256
> + { 0x003D, "AES256-SHA256" }, ///
> TLS_RSA_WITH_AES_256_CBC_SHA256
> + { 0x003E, "DH-DSS-AES128-SHA256" }, ///
> TLS_DH_DSS_WITH_AES_128_CBC_SHA256
> + { 0x003F, "DH-RSA-AES128-SHA256" }, ///
> TLS_DH_RSA_WITH_AES_128_CBC_SHA256
> + { 0x0067, "DHE-RSA-AES128-SHA256" }, ///
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
> + { 0x0068, "DH-DSS-AES256-SHA256" }, ///
> TLS_DH_DSS_WITH_AES_256_CBC_SHA256
> + { 0x0069, "DH-RSA-AES256-SHA256" }, ///
> TLS_DH_RSA_WITH_AES_256_CBC_SHA256
> + { 0x006B, "DHE-RSA-AES256-SHA256" } ///
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
> +};
> +
> +/**
> + Gets the OpenSSL cipher suite string for the supplied IANA TLS cipher suite.
> +
> + @param[in] CipherId The supplied IANA TLS cipher suite ID.
> +
> + @return The corresponding OpenSSL cipher suite string if found,
> + NULL otherwise.
> +
> +**/
> +STATIC
> +CONST CHAR8 *
> +TlsGetCipherString (
> + IN UINT16 CipherId
> + )
> +{
> + CONST TLS_CIPHER_PAIR *CipherEntry;
> + UINTN TableSize;
> + UINTN Index;
> +
> + CipherEntry = TlsCipherMappingTable;
> + TableSize = sizeof (TlsCipherMappingTable) / sizeof (TLS_CIPHER_PAIR);
> +
> + //
> + // Search Cipher Mapping Table for IANA-OpenSSL Cipher Translation
> + //
> + for (Index = 0; Index < TableSize; Index++, CipherEntry++) {
> + //
> + // Translate IANA cipher suite name to OpenSSL name.
> + //
> + if (CipherEntry->IanaCipher == CipherId) {
> + return CipherEntry->OpensslCipher;
> + }
> + }
> +
> + //
> + // No Cipher Mapping found, return NULL.
> + //
> + return NULL;
> +}
> +
> +/**
> + Set a new TLS/SSL method for a particular TLS object.
> +
> + This function sets a new TLS/SSL method for a particular TLS object.
> +
> + @param[in] Tls Pointer to a TLS object.
> + @param[in] MajorVer Major Version of TLS/SSL Protocol.
> + @param[in] MinorVer Minor Version of TLS/SSL Protocol.
> +
> + @retval EFI_SUCCESS The TLS/SSL method was set successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetVersion (
> + IN VOID *Tls,
> + IN UINT8 MajorVer,
> + IN UINT8 MinorVer
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> + UINT16 ProtoVersion;
> +
> + TlsConn = (TLS_CONNECTION *)Tls;
> + if (TlsConn == NULL || TlsConn->Ssl == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + ProtoVersion = (MajorVer << 8) | MinorVer;
> +
> + //
> + // Bound TLS method to the particular specified version.
> + //
> + switch (ProtoVersion) {
> + case TLS1_VERSION:
> + //
> + // TLS 1.0
> + //
> + SSL_set_min_proto_version (TlsConn->Ssl, TLS1_VERSION);
> + SSL_set_max_proto_version (TlsConn->Ssl, TLS1_VERSION);
> + break;
> + case TLS1_1_VERSION:
> + //
> + // TLS 1.1
> + //
> + SSL_set_min_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
> + SSL_set_max_proto_version (TlsConn->Ssl, TLS1_1_VERSION);
> + break;
> + case TLS1_2_VERSION:
> + //
> + // TLS 1.2
> + //
> + SSL_set_min_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
> + SSL_set_max_proto_version (TlsConn->Ssl, TLS1_2_VERSION);
> + break;
> + default:
> + //
> + // Unsupported Protocol Version
> + //
> + return EFI_UNSUPPORTED;
> + }
> +
> + return EFI_SUCCESS;;
> +}
> +
> +/**
> + Set TLS object to work in client or server mode.
> +
> + This function prepares a TLS object to work in client or server mode.
> +
> + @param[in] Tls Pointer to a TLS object.
> + @param[in] IsServer Work in server mode.
> +
> + @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetConnectionEnd (
> + IN VOID *Tls,
> + IN BOOLEAN IsServer
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + if (TlsConn == NULL || TlsConn->Ssl == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + if (!IsServer) {
> + //
> + // Set TLS to work in Client mode.
> + //
> + SSL_set_connect_state (TlsConn->Ssl);
> + } else {
> + //
> + // Set TLS to work in Server mode.
> + // It is unsupported for UEFI version currently.
> + //
> + //SSL_set_accept_state (TlsConn->Ssl);
> + return EFI_UNSUPPORTED;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Set the ciphers list to be used by the TLS object.
> +
> + This function sets the ciphers for use by a specified TLS object.
> +
> + @param[in] Tls Pointer to a TLS object.
> + @param[in] CipherId Pointer to a UINT16 cipher Id.
> + @param[in] CipherNum The number of cipher in the list.
> +
> + @retval EFI_SUCCESS The ciphers list was set successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Unsupported TLS cipher in the list.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCipherList (
> + IN VOID *Tls,
> + IN UINT16 *CipherId,
> + IN UINTN CipherNum
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> + UINTN Index;
> + CONST CHAR8 *MappingName;
> + CHAR8 CipherString[500];
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + MappingName = NULL;
> +
> + memset (CipherString, 0, sizeof (CipherString));
> +
> + for (Index = 0; Index < CipherNum; Index++) {
> + //
> + // Handling OpenSSL / RFC Cipher name mapping.
> + //
> + MappingName = TlsGetCipherString (*(CipherId + Index));
> + if (MappingName == NULL) {
> + return EFI_UNSUPPORTED;
> + }
> +
> + if (Index != 0) {
> + //
> + // The ciphers were separated by a colon.
> + //
> + AsciiStrCatS (CipherString, sizeof (CipherString), ":");
> + }
> +
> + AsciiStrCatS (CipherString, sizeof (CipherString), MappingName);
> + }
> +
> + AsciiStrCatS (CipherString, sizeof (CipherString), ":@STRENGTH");
> +
> + //
> + // Sets the ciphers for use by the Tls object.
> + //
> + if (SSL_set_cipher_list (TlsConn->Ssl, CipherString) <= 0) {
> + return EFI_UNSUPPORTED;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Set the compression method for TLS/SSL operations.
> +
> + This function handles TLS/SSL integrated compression methods.
> +
> + @param[in] CompMethod The compression method ID.
> +
> + @retval EFI_SUCCESS The compression method for the communication
> was
> + set successfully.
> + @retval EFI_UNSUPPORTED Unsupported compression method.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCompressionMethod (
> + IN UINT8 CompMethod
> + )
> +{
> + COMP_METHOD *Cm;
> + INTN Ret;
> +
> + Cm = NULL;
> + Ret = 0;
> +
> + if (CompMethod == 0) {
> + //
> + // TLS defines one standard compression method,
> CompressionMethod.null (0),
> + // which specifies that data exchanged via the record protocol will not be
> compressed.
> + // So, return EFI_SUCCESS directly (RFC 3749).
> + //
> + return EFI_SUCCESS;
> + } else if (CompMethod == 1) {
> + Cm = COMP_zlib();
> + } else {
> + return EFI_UNSUPPORTED;
> + }
> +
> + //
> + // Adds the compression method to the list of available
> + // compression methods.
> + //
> + Ret = SSL_COMP_add_compression_method (CompMethod, Cm);
> + if (Ret != 0) {
> + return EFI_UNSUPPORTED;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Set peer certificate verification mode for the TLS connection.
> +
> + This function sets the verification mode flags for the TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] VerifyMode A set of logically or'ed verification mode flags.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsSetVerify (
> + IN VOID *Tls,
> + IN UINT32 VerifyMode
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + if (TlsConn == NULL || TlsConn->Ssl == NULL) {
> + return;
> + }
> +
> + //
> + // Set peer certificate verification parameters with NULL callback.
> + //
> + SSL_set_verify (TlsConn->Ssl, VerifyMode, NULL);
> +}
> +
> +/**
> + Sets a TLS/SSL session ID to be used during TLS/SSL connect.
> +
> + This function sets a session ID to be used when the TLS/SSL connection is
> + to be established.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] SessionId Session ID data used for session resumption.
> + @param[in] SessionIdLen Length of Session ID in bytes.
> +
> + @retval EFI_SUCCESS Session ID was set successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED No available session for ID setting.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetSessionId (
> + IN VOID *Tls,
> + IN UINT8 *SessionId,
> + IN UINT16 SessionIdLen
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> + SSL_SESSION *Session;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + Session = NULL;
> +
> + if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Session = SSL_get_session (TlsConn->Ssl);
> + if (Session == NULL) {
> + return EFI_UNSUPPORTED;
> + }
> +
> + SSL_SESSION_set1_id (Session, (const unsigned char *)SessionId,
> SessionIdLen);
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Adds the CA to the cert store when requesting Server or Client
> authentication.
> +
> + This function adds the CA certificate to the list of CAs when requesting
> + Server or Client authentication for the chosen TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] Data Pointer to the data buffer of a DER-encoded binary
> + X.509 certificate or PEM-encoded X.509 certificate.
> + @param[in] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_OUT_OF_RESOURCES Required resources could not be
> allocated.
> + @retval EFI_ABORTED Invalid X.509 certificate.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCaCertificate (
> + IN VOID *Tls,
> + IN VOID *Data,
> + IN UINTN DataSize
> + )
> +{
> + BIO *BioCert;
> + X509 *Cert;
> + X509_STORE *X509Store;
> + EFI_STATUS Status;
> + TLS_CONNECTION *TlsConn;
> + SSL_CTX *SslCtx;
> + INTN Ret;
> + UINTN ErrorCode;
> +
> + BioCert = NULL;
> + Cert = NULL;
> + X509Store = NULL;
> + Status = EFI_SUCCESS;
> + TlsConn = (TLS_CONNECTION *) Tls;
> + Ret = 0;
> +
> + if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize
> == 0) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + //
> + // DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.
> + // Determine whether certificate is from DER encoding, if so, translate it to
> X509 structure.
> + //
> + Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);
> + if (Cert == NULL) {
> + //
> + // Certificate is from PEM encoding.
> + //
> + BioCert = BIO_new (BIO_s_mem ());
> + if (BioCert == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {
> + Status = EFI_ABORTED;
> + goto ON_EXIT;
> + }
> +
> + Cert = PEM_read_bio_X509 (BioCert, NULL, NULL, NULL);
> + if (Cert == NULL) {
> + Status = EFI_ABORTED;
> + goto ON_EXIT;
> + }
> + }
> +
> + SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);
> + X509Store = SSL_CTX_get_cert_store (SslCtx);
> + if (X509Store == NULL) {
> + Status = EFI_ABORTED;
> + goto ON_EXIT;
> + }
> +
> + //
> + // Add certificate to X509 store
> + //
> + Ret = X509_STORE_add_cert (X509Store, Cert);
> + if (Ret != 1) {
> + ErrorCode = ERR_peek_last_error ();
> + //
> + // Ignore "already in table" errors
> + //
> + if (!(ERR_GET_FUNC (ErrorCode) == X509_F_X509_STORE_ADD_CERT &&
> + ERR_GET_REASON (ErrorCode) ==
> X509_R_CERT_ALREADY_IN_HASH_TABLE)) {
> + Status = EFI_ABORTED;
> + goto ON_EXIT;
> + }
> + }
> +
> +ON_EXIT:
> + if (BioCert != NULL) {
> + BIO_free (BioCert);
> + }
> +
> + if (Cert != NULL) {
> + X509_free (Cert);
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Loads the local public certificate into the specified TLS object.
> +
> + This function loads the X.509 certificate into the specified TLS object
> + for TLS negotiation.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] Data Pointer to the data buffer of a DER-encoded binary
> + X.509 certificate or PEM-encoded X.509 certificate.
> + @param[in] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_OUT_OF_RESOURCES Required resources could not be
> allocated.
> + @retval EFI_ABORTED Invalid X.509 certificate.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetHostPublicCert (
> + IN VOID *Tls,
> + IN VOID *Data,
> + IN UINTN DataSize
> + )
> +{
> + BIO *BioCert;
> + X509 *Cert;
> + EFI_STATUS Status;
> + TLS_CONNECTION *TlsConn;
> +
> + BioCert = NULL;
> + Cert = NULL;
> + Status = EFI_SUCCESS;
> + TlsConn = (TLS_CONNECTION *) Tls;
> +
> + if (TlsConn == NULL || TlsConn->Ssl == NULL || Data == NULL || DataSize
> == 0) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + //
> + // DER-encoded binary X.509 certificate or PEM-encoded X.509 certificate.
> + // Determine whether certificate is from DER encoding, if so, translate it to
> X509 structure.
> + //
> + Cert = d2i_X509 (NULL, (const unsigned char ** )&Data, (long) DataSize);
> + if (Cert == NULL) {
> + //
> + // Certificate is from PEM encoding.
> + //
> + BioCert = BIO_new (BIO_s_mem ());
> + if (BioCert == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + if (BIO_write (BioCert, Data, (UINT32) DataSize) <= 0) {
> + Status = EFI_ABORTED;
> + goto ON_EXIT;
> + }
> +
> + Cert = PEM_read_bio_X509 (BioCert, NULL, NULL, NULL);
> + if (Cert == NULL) {
> + Status = EFI_ABORTED;
> + goto ON_EXIT;
> + }
> + }
> +
> + if (SSL_use_certificate (TlsConn->Ssl, Cert) != 1) {
> + Status = EFI_ABORTED;
> + goto ON_EXIT;
> + }
> +
> +ON_EXIT:
> + if (BioCert != NULL) {
> + BIO_free (BioCert);
> + }
> +
> + if (Cert != NULL) {
> + X509_free (Cert);
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Adds the local private key to the specified TLS object.
> +
> + This function adds the local private key (PEM-encoded RSA or PKCS#8
> private
> + key) into the specified TLS object for TLS negotiation.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
> + or PKCS#8 private key.
> + @param[in] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_ABORTED Invalid private key data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetHostPrivateKey (
> + IN VOID *Tls,
> + IN VOID *Data,
> + IN UINTN DataSize
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Adds the CA-supplied certificate revocation list for certificate validation.
> +
> + This function adds the CA-supplied certificate revocation list data for
> + certificate validity checking.
> +
> + @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
> + @param[in] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_ABORTED Invalid CRL data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCertRevocationList (
> + IN VOID *Data,
> + IN UINTN DataSize
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Gets the protocol version used by the specified TLS connection.
> +
> + This function returns the protocol version used by the specified TLS
> + connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> +
> + @return The protocol version of the specified TLS connection.
> +
> +**/
> +UINT16
> +EFIAPI
> +TlsGetVersion (
> + IN VOID *Tls
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> +
> + ASSERT (TlsConn != NULL);
> +
> + return (UINT16)(SSL_version (TlsConn->Ssl));
> +}
> +
> +/**
> + Gets the connection end of the specified TLS connection.
> +
> + This function returns the connection end (as client or as server) used by
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> +
> + @return The connection end used by the specified TLS connection.
> +
> +**/
> +UINT8
> +EFIAPI
> +TlsGetConnectionEnd (
> + IN VOID *Tls
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> +
> + ASSERT (TlsConn != NULL);
> +
> + return (UINT8)SSL_is_server (TlsConn->Ssl);
> +}
> +
> +/**
> + Gets the cipher suite used by the specified TLS connection.
> +
> + This function returns current cipher suite used by the specified
> + TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] CipherId The cipher suite used by the TLS object.
> +
> + @retval EFI_SUCCESS The cipher suite was returned successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Unsupported cipher suite.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCurrentCipher (
> + IN VOID *Tls,
> + IN OUT UINT16 *CipherId
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> + CONST SSL_CIPHER *Cipher;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + Cipher = NULL;
> +
> + if (TlsConn == NULL || TlsConn->Ssl == NULL || CipherId == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Cipher = SSL_get_current_cipher (TlsConn->Ssl);
> + if (Cipher == NULL) {
> + return EFI_UNSUPPORTED;
> + }
> +
> + *CipherId = (SSL_CIPHER_get_id (Cipher)) & 0xFFFF;
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Gets the compression methods used by the specified TLS connection.
> +
> + This function returns current integrated compression methods used by
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] CompressionId The current compression method used
> by
> + the TLS object.
> +
> + @retval EFI_SUCCESS The compression method was returned
> successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_ABORTED Invalid Compression method.
> + @retval EFI_UNSUPPORTED This function is not supported.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCurrentCompressionId (
> + IN VOID *Tls,
> + IN OUT UINT8 *CompressionId
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Gets the verification mode currently set in the TLS connection.
> +
> + This function returns the peer verification mode currently set in the
> + specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> +
> + @return The verification mode set in the specified TLS connection.
> +
> +**/
> +UINT32
> +EFIAPI
> +TlsGetVerify (
> + IN VOID *Tls
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> +
> + ASSERT (TlsConn != NULL);
> +
> + return SSL_get_verify_mode (TlsConn->Ssl);
> +}
> +
> +/**
> + Gets the session ID used by the specified TLS connection.
> +
> + This function returns the TLS/SSL session ID currently used by the
> + specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] SessionId Buffer to contain the returned session ID.
> + @param[in,out] SessionIdLen The length of Session ID in bytes.
> +
> + @retval EFI_SUCCESS The Session ID was returned successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetSessionId (
> + IN VOID *Tls,
> + IN OUT UINT8 *SessionId,
> + IN OUT UINT16 *SessionIdLen
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> + SSL_SESSION *Session;
> + CONST UINT8 *SslSessionId;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + Session = NULL;
> +
> + if (TlsConn == NULL || TlsConn->Ssl == NULL || SessionId == NULL ||
> SessionIdLen == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Session = SSL_get_session (TlsConn->Ssl);
> + if (Session == NULL) {
> + return EFI_UNSUPPORTED;
> + }
> +
> + SslSessionId = SSL_SESSION_get_id (Session, (unsigned int
> *)SessionIdLen);
> + CopyMem (SessionId, SslSessionId, *SessionIdLen);
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Gets the client random data used in the specified TLS connection.
> +
> + This function returns the TLS/SSL client random data currently used in
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] ClientRandom Buffer to contain the returned client
> + random data (32 bytes).
> +
> +**/
> +VOID
> +EFIAPI
> +TlsGetClientRandom (
> + IN VOID *Tls,
> + IN OUT UINT8 *ClientRandom
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> +
> + if (TlsConn == NULL || TlsConn->Ssl == NULL || ClientRandom == NULL) {
> + return;
> + }
> +
> + SSL_get_client_random (TlsConn->Ssl, ClientRandom,
> SSL3_RANDOM_SIZE);
> +}
> +
> +/**
> + Gets the server random data used in the specified TLS connection.
> +
> + This function returns the TLS/SSL server random data currently used in
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] ServerRandom Buffer to contain the returned server
> + random data (32 bytes).
> +
> +**/
> +VOID
> +EFIAPI
> +TlsGetServerRandom (
> + IN VOID *Tls,
> + IN OUT UINT8 *ServerRandom
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> +
> + if (TlsConn == NULL || TlsConn->Ssl == NULL || ServerRandom == NULL) {
> + return;
> + }
> +
> + SSL_get_server_random (TlsConn->Ssl, ServerRandom,
> SSL3_RANDOM_SIZE);
> +}
> +
> +/**
> + Gets the master key data used in the specified TLS connection.
> +
> + This function returns the TLS/SSL master key material currently used in
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] KeyMaterial Buffer to contain the returned key material.
> +
> + @retval EFI_SUCCESS Key material was returned successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetKeyMaterial (
> + IN VOID *Tls,
> + IN OUT UINT8 *KeyMaterial
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> + SSL_SESSION *Session;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + Session = NULL;
> +
> + if (TlsConn == NULL || TlsConn->Ssl == NULL || KeyMaterial == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Session = SSL_get_session (TlsConn->Ssl);
> +
> + if (Session == NULL) {
> + return EFI_UNSUPPORTED;
> + }
> +
> + SSL_SESSION_get_master_key (Session, KeyMaterial,
> SSL3_MASTER_SECRET_SIZE);
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Gets the CA Certificate from the cert store.
> +
> + This function returns the CA certificate for the chosen
> + TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[out] Data Pointer to the data buffer to receive the CA
> + certificate data sent to the client.
> + @param[in,out] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCaCertificate (
> + IN VOID *Tls,
> + OUT VOID *Data,
> + IN OUT UINTN *DataSize
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Gets the local public Certificate set in the specified TLS object.
> +
> + This function returns the local public certificate which was currently set
> + in the specified TLS object.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[out] Data Pointer to the data buffer to receive the local
> + public certificate.
> + @param[in,out] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_NOT_FOUND The certificate is not found.
> + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetHostPublicCert (
> + IN VOID *Tls,
> + OUT VOID *Data,
> + IN OUT UINTN *DataSize
> + )
> +{
> + X509 *Cert;
> + TLS_CONNECTION *TlsConn;
> +
> + Cert = NULL;
> + TlsConn = (TLS_CONNECTION *) Tls;
> +
> + if (TlsConn == NULL || TlsConn->Ssl == NULL || DataSize == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Cert = SSL_get_certificate(TlsConn->Ssl);
> + if (Cert == NULL) {
> + return EFI_NOT_FOUND;
> + }
> +
> + //
> + // Only DER encoding is supported currently.
> + //
> + if (*DataSize < (UINTN) i2d_X509 (Cert, NULL)) {
> + *DataSize = (UINTN) i2d_X509 (Cert, NULL);
> + return EFI_BUFFER_TOO_SMALL;
> + }
> +
> + *DataSize = (UINTN) i2d_X509 (Cert, (unsigned char **) &Data);
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Gets the local private key set in the specified TLS object.
> +
> + This function returns the local private key data which was currently set
> + in the specified TLS object.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[out] Data Pointer to the data buffer to receive the local
> + private key data.
> + @param[in,out] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetHostPrivateKey (
> + IN VOID *Tls,
> + OUT VOID *Data,
> + IN OUT UINTN *DataSize
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Gets the CA-supplied certificate revocation list data set in the specified
> + TLS object.
> +
> + This function returns the CA-supplied certificate revocation list data which
> + was currently set in the specified TLS object.
> +
> + @param[out] Data Pointer to the data buffer to receive the CRL data.
> + @param[in,out] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCertRevocationList (
> + OUT VOID *Data,
> + IN OUT UINTN *DataSize
> + )
> +{
> + return EFI_UNSUPPORTED;
> +}
> +
> diff --git a/CryptoPkg/Library/TlsLib/TlsInit.c
> b/CryptoPkg/Library/TlsLib/TlsInit.c
> index f32148ac9a..e2c9744a44 100644
> --- a/CryptoPkg/Library/TlsLib/TlsInit.c
> +++ b/CryptoPkg/Library/TlsLib/TlsInit.c
> @@ -1,268 +1,269 @@
> -/** @file
> - SSL/TLS Initialization Library Wrapper Implementation over OpenSSL.
> -
> -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> -(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> -This program and the accompanying materials
> -are licensed and made available under the terms and conditions of the BSD
> License
> -which accompanies this distribution. The full text of the license may be
> found at
> -http://opensource.org/licenses/bsd-license.php
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#include "InternalTlsLib.h"
> -
> -/**
> - Initializes the OpenSSL library.
> -
> - This function registers ciphers and digests used directly and indirectly
> - by SSL/TLS, and initializes the readable error messages.
> - This function must be called before any other action takes places.
> -
> -**/
> -VOID
> -EFIAPI
> -TlsInitialize (
> - VOID
> - )
> -{
> - //
> - // Performs initialization of crypto and ssl library, and loads required
> - // algorithms.
> - //
> - OPENSSL_init_ssl (
> - OPENSSL_INIT_LOAD_SSL_STRINGS |
> OPENSSL_INIT_LOAD_CRYPTO_STRINGS,
> - NULL
> - );
> -
> - //
> - // Initialize the pseudorandom number generator.
> - //
> - RandomSeed (NULL, 0);
> -}
> -
> -/**
> - Free an allocated SSL_CTX object.
> -
> - @param[in] TlsCtx Pointer to the SSL_CTX object to be released.
> -
> -**/
> -VOID
> -EFIAPI
> -TlsCtxFree (
> - IN VOID *TlsCtx
> - )
> -{
> - if (TlsCtx == NULL) {
> - return;
> - }
> -
> - if (TlsCtx != NULL) {
> - SSL_CTX_free ((SSL_CTX *) (TlsCtx));
> - }
> -}
> -
> -/**
> - Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
> - connections.
> -
> - @param[in] MajorVer Major Version of TLS/SSL Protocol.
> - @param[in] MinorVer Minor Version of TLS/SSL Protocol.
> -
> - @return Pointer to an allocated SSL_CTX object.
> - If the creation failed, TlsCtxNew() returns NULL.
> -
> -**/
> -VOID *
> -EFIAPI
> -TlsCtxNew (
> - IN UINT8 MajorVer,
> - IN UINT8 MinorVer
> - )
> -{
> - SSL_CTX *TlsCtx;
> - UINT16 ProtoVersion;
> -
> - ProtoVersion = (MajorVer << 8) | MinorVer;
> -
> - TlsCtx = SSL_CTX_new (SSLv23_client_method ());
> - if (TlsCtx == NULL) {
> - return NULL;
> - }
> -
> - //
> - // Ensure SSLv3 is disabled
> - //
> - SSL_CTX_set_options (TlsCtx, SSL_OP_NO_SSLv3);
> -
> - //
> - // Treat as minimum accepted versions by setting the minimal bound.
> - // Client can use higher TLS version if server supports it
> - //
> - SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion);
> -
> - return (VOID *) TlsCtx;
> -}
> -
> -/**
> - Free an allocated TLS object.
> -
> - This function removes the TLS object pointed to by Tls and frees up the
> - allocated memory. If Tls is NULL, nothing is done.
> -
> - @param[in] Tls Pointer to the TLS object to be freed.
> -
> -**/
> -VOID
> -EFIAPI
> -TlsFree (
> - IN VOID *Tls
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - if (TlsConn == NULL) {
> - return;
> - }
> -
> - //
> - // Free the internal TLS and BIO objects.
> - //
> - if (TlsConn->Ssl != NULL) {
> - SSL_free (TlsConn->Ssl);
> - }
> -
> - if (TlsConn->InBio != NULL) {
> - BIO_free (TlsConn->InBio);
> - }
> -
> - if (TlsConn->OutBio != NULL) {
> - BIO_free (TlsConn->OutBio);
> - }
> -
> - OPENSSL_free (Tls);
> -}
> -
> -/**
> - Create a new TLS object for a connection.
> -
> - This function creates a new TLS object for a connection. The new object
> - inherits the setting of the underlying context TlsCtx: connection method,
> - options, verification setting.
> -
> - @param[in] TlsCtx Pointer to the SSL_CTX object.
> -
> - @return Pointer to an allocated SSL object.
> - If the creation failed, TlsNew() returns NULL.
> -
> -**/
> -VOID *
> -EFIAPI
> -TlsNew (
> - IN VOID *TlsCtx
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> - SSL_CTX *SslCtx;
> - X509_STORE *X509Store;
> -
> - TlsConn = NULL;
> -
> - //
> - // Allocate one new TLS_CONNECTION object
> - //
> - TlsConn = (TLS_CONNECTION *) OPENSSL_malloc (sizeof
> (TLS_CONNECTION));
> - if (TlsConn == NULL) {
> - return NULL;
> - }
> -
> - TlsConn->Ssl = NULL;
> -
> - //
> - // Create a new SSL Object
> - //
> - TlsConn->Ssl = SSL_new ((SSL_CTX *) TlsCtx);
> - if (TlsConn->Ssl == NULL) {
> - TlsFree ((VOID *) TlsConn);
> - return NULL;
> - }
> -
> - //
> - // This retains compatibility with previous version of OpenSSL.
> - //
> - SSL_set_security_level (TlsConn->Ssl, 0);
> -
> - //
> - // Initialize the created SSL Object
> - //
> - SSL_set_info_callback (TlsConn->Ssl, NULL);
> -
> - TlsConn->InBio = NULL;
> -
> - //
> - // Set up Reading BIO for TLS connection
> - //
> - TlsConn->InBio = BIO_new (BIO_s_mem ());
> - if (TlsConn->InBio == NULL) {
> - TlsFree ((VOID *) TlsConn);
> - return NULL;
> - }
> -
> - //
> - // Sets the behaviour of memory BIO when it is empty. It will set the
> - // read retry flag.
> - //
> - BIO_set_mem_eof_return (TlsConn->InBio, -1);
> -
> - TlsConn->OutBio = NULL;
> -
> - //
> - // Set up Writing BIO for TLS connection
> - //
> - TlsConn->OutBio = BIO_new (BIO_s_mem ());
> - if (TlsConn->OutBio == NULL) {
> - TlsFree ((VOID *) TlsConn);
> - return NULL;
> - }
> -
> - //
> - // Sets the behaviour of memory BIO when it is empty. It will set the
> - // write retry flag.
> - //
> - BIO_set_mem_eof_return (TlsConn->OutBio, -1);
> -
> - ASSERT (TlsConn->Ssl != NULL && TlsConn->InBio != NULL && TlsConn-
> >OutBio != NULL);
> -
> - //
> - // Connects the InBio and OutBio for the read and write operations.
> - //
> - SSL_set_bio (TlsConn->Ssl, TlsConn->InBio, TlsConn->OutBio);
> -
> - //
> - // Create new X509 store if needed
> - //
> - SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);
> - X509Store = SSL_CTX_get_cert_store (SslCtx);
> - if (X509Store == NULL) {
> - X509Store = X509_STORE_new ();
> - if (X509Store == NULL) {
> - TlsFree ((VOID *) TlsConn);
> - return NULL;
> - }
> - SSL_CTX_set1_verify_cert_store (SslCtx, X509Store);
> - X509_STORE_free (X509Store);
> - }
> -
> - //
> - // Set X509_STORE flags used in certificate validation
> - //
> - X509_STORE_set_flags (
> - X509Store,
> - X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
> - );
> - return (VOID *) TlsConn;
> -}
> +/** @file
> + SSL/TLS Initialization Library Wrapper Implementation over OpenSSL.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution. The full text of the license may be
> found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include "InternalTlsLib.h"
> +
> +/**
> + Initializes the OpenSSL library.
> +
> + This function registers ciphers and digests used directly and indirectly
> + by SSL/TLS, and initializes the readable error messages.
> + This function must be called before any other action takes places.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsInitialize (
> + VOID
> + )
> +{
> + //
> + // Performs initialization of crypto and ssl library, and loads required
> + // algorithms.
> + //
> + OPENSSL_init_ssl (
> + OPENSSL_INIT_LOAD_SSL_STRINGS |
> OPENSSL_INIT_LOAD_CRYPTO_STRINGS,
> + NULL
> + );
> +
> + //
> + // Initialize the pseudorandom number generator.
> + //
> + RandomSeed (NULL, 0);
> +}
> +
> +/**
> + Free an allocated SSL_CTX object.
> +
> + @param[in] TlsCtx Pointer to the SSL_CTX object to be released.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsCtxFree (
> + IN VOID *TlsCtx
> + )
> +{
> + if (TlsCtx == NULL) {
> + return;
> + }
> +
> + if (TlsCtx != NULL) {
> + SSL_CTX_free ((SSL_CTX *) (TlsCtx));
> + }
> +}
> +
> +/**
> + Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
> + connections.
> +
> + @param[in] MajorVer Major Version of TLS/SSL Protocol.
> + @param[in] MinorVer Minor Version of TLS/SSL Protocol.
> +
> + @return Pointer to an allocated SSL_CTX object.
> + If the creation failed, TlsCtxNew() returns NULL.
> +
> +**/
> +VOID *
> +EFIAPI
> +TlsCtxNew (
> + IN UINT8 MajorVer,
> + IN UINT8 MinorVer
> + )
> +{
> + SSL_CTX *TlsCtx;
> + UINT16 ProtoVersion;
> +
> + ProtoVersion = (MajorVer << 8) | MinorVer;
> +
> + TlsCtx = SSL_CTX_new (SSLv23_client_method ());
> + if (TlsCtx == NULL) {
> + return NULL;
> + }
> +
> + //
> + // Ensure SSLv3 is disabled
> + //
> + SSL_CTX_set_options (TlsCtx, SSL_OP_NO_SSLv3);
> +
> + //
> + // Treat as minimum accepted versions by setting the minimal bound.
> + // Client can use higher TLS version if server supports it
> + //
> + SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion);
> +
> + return (VOID *) TlsCtx;
> +}
> +
> +/**
> + Free an allocated TLS object.
> +
> + This function removes the TLS object pointed to by Tls and frees up the
> + allocated memory. If Tls is NULL, nothing is done.
> +
> + @param[in] Tls Pointer to the TLS object to be freed.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsFree (
> + IN VOID *Tls
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + if (TlsConn == NULL) {
> + return;
> + }
> +
> + //
> + // Free the internal TLS and BIO objects.
> + //
> + if (TlsConn->Ssl != NULL) {
> + SSL_free (TlsConn->Ssl);
> + }
> +
> + if (TlsConn->InBio != NULL) {
> + BIO_free (TlsConn->InBio);
> + }
> +
> + if (TlsConn->OutBio != NULL) {
> + BIO_free (TlsConn->OutBio);
> + }
> +
> + OPENSSL_free (Tls);
> +}
> +
> +/**
> + Create a new TLS object for a connection.
> +
> + This function creates a new TLS object for a connection. The new object
> + inherits the setting of the underlying context TlsCtx: connection method,
> + options, verification setting.
> +
> + @param[in] TlsCtx Pointer to the SSL_CTX object.
> +
> + @return Pointer to an allocated SSL object.
> + If the creation failed, TlsNew() returns NULL.
> +
> +**/
> +VOID *
> +EFIAPI
> +TlsNew (
> + IN VOID *TlsCtx
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> + SSL_CTX *SslCtx;
> + X509_STORE *X509Store;
> +
> + TlsConn = NULL;
> +
> + //
> + // Allocate one new TLS_CONNECTION object
> + //
> + TlsConn = (TLS_CONNECTION *) OPENSSL_malloc (sizeof
> (TLS_CONNECTION));
> + if (TlsConn == NULL) {
> + return NULL;
> + }
> +
> + TlsConn->Ssl = NULL;
> +
> + //
> + // Create a new SSL Object
> + //
> + TlsConn->Ssl = SSL_new ((SSL_CTX *) TlsCtx);
> + if (TlsConn->Ssl == NULL) {
> + TlsFree ((VOID *) TlsConn);
> + return NULL;
> + }
> +
> + //
> + // This retains compatibility with previous version of OpenSSL.
> + //
> + SSL_set_security_level (TlsConn->Ssl, 0);
> +
> + //
> + // Initialize the created SSL Object
> + //
> + SSL_set_info_callback (TlsConn->Ssl, NULL);
> +
> + TlsConn->InBio = NULL;
> +
> + //
> + // Set up Reading BIO for TLS connection
> + //
> + TlsConn->InBio = BIO_new (BIO_s_mem ());
> + if (TlsConn->InBio == NULL) {
> + TlsFree ((VOID *) TlsConn);
> + return NULL;
> + }
> +
> + //
> + // Sets the behaviour of memory BIO when it is empty. It will set the
> + // read retry flag.
> + //
> + BIO_set_mem_eof_return (TlsConn->InBio, -1);
> +
> + TlsConn->OutBio = NULL;
> +
> + //
> + // Set up Writing BIO for TLS connection
> + //
> + TlsConn->OutBio = BIO_new (BIO_s_mem ());
> + if (TlsConn->OutBio == NULL) {
> + TlsFree ((VOID *) TlsConn);
> + return NULL;
> + }
> +
> + //
> + // Sets the behaviour of memory BIO when it is empty. It will set the
> + // write retry flag.
> + //
> + BIO_set_mem_eof_return (TlsConn->OutBio, -1);
> +
> + ASSERT (TlsConn->Ssl != NULL && TlsConn->InBio != NULL && TlsConn-
> >OutBio != NULL);
> +
> + //
> + // Connects the InBio and OutBio for the read and write operations.
> + //
> + SSL_set_bio (TlsConn->Ssl, TlsConn->InBio, TlsConn->OutBio);
> +
> + //
> + // Create new X509 store if needed
> + //
> + SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);
> + X509Store = SSL_CTX_get_cert_store (SslCtx);
> + if (X509Store == NULL) {
> + X509Store = X509_STORE_new ();
> + if (X509Store == NULL) {
> + TlsFree ((VOID *) TlsConn);
> + return NULL;
> + }
> + SSL_CTX_set1_verify_cert_store (SslCtx, X509Store);
> + X509_STORE_free (X509Store);
> + }
> +
> + //
> + // Set X509_STORE flags used in certificate validation
> + //
> + X509_STORE_set_flags (
> + X509Store,
> + X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
> + );
> + return (VOID *) TlsConn;
> +}
> +
> diff --git a/CryptoPkg/Library/TlsLib/TlsLib.inf
> b/CryptoPkg/Library/TlsLib/TlsLib.inf
> index d4ce646591..a3f93e7165 100644
> --- a/CryptoPkg/Library/TlsLib/TlsLib.inf
> +++ b/CryptoPkg/Library/TlsLib/TlsLib.inf
> @@ -1,56 +1,57 @@
> -## @file
> -# SSL/TLS Wrapper Library Instance based on OpenSSL.
> -#
> -# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> -# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> -# This program and the accompanying materials
> -# are licensed and made available under the terms and conditions of the
> BSD License
> -# which accompanies this distribution. The full text of the license may be
> found at
> -# http://opensource.org/licenses/bsd-license.php
> -#
> -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -#
> -##
> -
> -[Defines]
> - INF_VERSION = 0x00010005
> - BASE_NAME = TlsLib
> - MODULE_UNI_FILE = TlsLib.uni
> - FILE_GUID = CC729DC5-4E21-0B36-1A00-3A8E1B86A155
> - MODULE_TYPE = DXE_DRIVER
> - VERSION_STRING = 1.0
> - LIBRARY_CLASS = TlsLib|DXE_DRIVER DXE_CORE
> UEFI_APPLICATION UEFI_DRIVER
> -
> -#
> -# The following information is for reference only and not required by the
> build tools.
> -#
> -# VALID_ARCHITECTURES = IA32 X64 IPF ARM AARCH64
> -#
> -
> -[Sources]
> - InternalTlsLib.h
> - TlsInit.c
> - TlsConfig.c
> - TlsProcess.c
> -
> -[Packages]
> - MdePkg/MdePkg.dec
> - CryptoPkg/CryptoPkg.dec
> -
> -[LibraryClasses]
> - BaseLib
> - BaseMemoryLib
> - MemoryAllocationLib
> - UefiRuntimeServicesTableLib
> - DebugLib
> - OpensslLib
> - IntrinsicLib
> - PrintLib
> -
> -[BuildOptions]
> - #
> - # suppress the following warnings so we do not break the build with
> warnings-as-errors:
> - # C4090: 'function' : different 'const' qualifiers
> - #
> - MSFT:*_*_*_CC_FLAGS = /wd4090
> +## @file
> +# SSL/TLS Wrapper Library Instance based on OpenSSL.
> +#
> +# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +# This program and the accompanying materials
> +# are licensed and made available under the terms and conditions of the
> BSD License
> +# which accompanies this distribution. The full text of the license may be
> found at
> +# http://opensource.org/licenses/bsd-license.php
> +#
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = TlsLib
> + MODULE_UNI_FILE = TlsLib.uni
> + FILE_GUID = CC729DC5-4E21-0B36-1A00-3A8E1B86A155
> + MODULE_TYPE = DXE_DRIVER
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = TlsLib|DXE_DRIVER DXE_CORE
> UEFI_APPLICATION UEFI_DRIVER
> +
> +#
> +# The following information is for reference only and not required by the
> build tools.
> +#
> +# VALID_ARCHITECTURES = IA32 X64 IPF ARM AARCH64
> +#
> +
> +[Sources]
> + InternalTlsLib.h
> + TlsInit.c
> + TlsConfig.c
> + TlsProcess.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + MemoryAllocationLib
> + UefiRuntimeServicesTableLib
> + DebugLib
> + OpensslLib
> + IntrinsicLib
> + PrintLib
> +
> +[BuildOptions]
> + #
> + # suppress the following warnings so we do not break the build with
> warnings-as-errors:
> + # C4090: 'function' : different 'const' qualifiers
> + #
> + MSFT:*_*_*_CC_FLAGS = /wd4090
> +
> diff --git a/CryptoPkg/Library/TlsLib/TlsLib.uni
> b/CryptoPkg/Library/TlsLib/TlsLib.uni
> index 9b792872a5..e43a5df8e6 100644
> --- a/CryptoPkg/Library/TlsLib/TlsLib.uni
> +++ b/CryptoPkg/Library/TlsLib/TlsLib.uni
> @@ -1,19 +1,19 @@
> -// /** @file
> -// SSL/TLS Wrapper Library Instance based on OpenSSL.
> -//
> -// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -//
> -// This program and the accompanying materials
> -// are licensed and made available under the terms and conditions of the
> BSD License
> -// which accompanies this distribution. The full text of the license may be
> found at
> -// http://opensource.org/licenses/bsd-license.php
> -//
> -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -//
> -// **/
> -
> -
> -#string STR_MODULE_ABSTRACT #language en-US "SSL/TLS Wrapper
> Library Instance"
> -
> -#string STR_MODULE_DESCRIPTION #language en-US "This module
> provides SSL/TLS Wrapper Library Instance."
> \ No newline at end of file
> +// /** @file
> +// SSL/TLS Wrapper Library Instance based on OpenSSL.
> +//
> +// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +//
> +// This program and the accompanying materials
> +// are licensed and made available under the terms and conditions of the
> BSD License
> +// which accompanies this distribution. The full text of the license may be
> found at
> +// http://opensource.org/licenses/bsd-license.php
> +//
> +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT #language en-US "SSL/TLS Wrapper
> Library Instance"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "This module
> provides SSL/TLS Wrapper Library Instance."
> diff --git a/CryptoPkg/Library/TlsLib/TlsProcess.c
> b/CryptoPkg/Library/TlsLib/TlsProcess.c
> index 8532dab97a..38baac0e8b 100644
> --- a/CryptoPkg/Library/TlsLib/TlsProcess.c
> +++ b/CryptoPkg/Library/TlsLib/TlsProcess.c
> @@ -1,462 +1,463 @@
> -/** @file
> - SSL/TLS Process Library Wrapper Implementation over OpenSSL.
> - The process includes the TLS handshake and packet I/O.
> -
> -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> -(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> -This program and the accompanying materials
> -are licensed and made available under the terms and conditions of the BSD
> License
> -which accompanies this distribution. The full text of the license may be
> found at
> -http://opensource.org/licenses/bsd-license.php
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#include "InternalTlsLib.h"
> -
> -#define MAX_BUFFER_SIZE 32768
> -
> -/**
> - Checks if the TLS handshake was done.
> -
> - This function will check if the specified TLS handshake was done.
> -
> - @param[in] Tls Pointer to the TLS object for handshake state checking.
> -
> - @retval TRUE The TLS handshake was done.
> - @retval FALSE The TLS handshake was not done.
> -
> -**/
> -BOOLEAN
> -EFIAPI
> -TlsInHandshake (
> - IN VOID *Tls
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - if (TlsConn == NULL || TlsConn->Ssl == NULL) {
> - return FALSE;
> - }
> -
> - //
> - // Return the status which indicates if the TLS handshake was done.
> - //
> - return !SSL_is_init_finished (TlsConn->Ssl);
> -}
> -
> -/**
> - Perform a TLS/SSL handshake.
> -
> - This function will perform a TLS/SSL handshake.
> -
> - @param[in] Tls Pointer to the TLS object for handshake operation.
> - @param[in] BufferIn Pointer to the most recently received TLS
> Handshake packet.
> - @param[in] BufferInSize Packet size in bytes for the most recently
> received TLS
> - Handshake packet.
> - @param[out] BufferOut Pointer to the buffer to hold the built packet.
> - @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On
> input, it is
> - the buffer size provided by the caller. On output, it
> - is the buffer size in fact needed to contain the
> - packet.
> -
> - @retval EFI_SUCCESS The required TLS packet is built successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - Tls is NULL.
> - BufferIn is NULL but BufferInSize is NOT 0.
> - BufferInSize is 0 but BufferIn is NOT NULL.
> - BufferOutSize is NULL.
> - BufferOut is NULL if *BufferOutSize is not zero.
> - @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the
> response packet.
> - @retval EFI_ABORTED Something wrong during handshake.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsDoHandshake (
> - IN VOID *Tls,
> - IN UINT8 *BufferIn, OPTIONAL
> - IN UINTN BufferInSize, OPTIONAL
> - OUT UINT8 *BufferOut, OPTIONAL
> - IN OUT UINTN *BufferOutSize
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> - UINTN PendingBufferSize;
> - INTN Ret;
> - UINTN ErrorCode;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - PendingBufferSize = 0;
> - Ret = 1;
> -
> - if (TlsConn == NULL || \
> - TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio ==
> NULL || \
> - BufferOutSize == NULL || \
> - (BufferIn == NULL && BufferInSize != 0) || \
> - (BufferIn != NULL && BufferInSize == 0) || \
> - (BufferOut == NULL && *BufferOutSize != 0)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - if(BufferIn == NULL && BufferInSize == 0) {
> - //
> - // If RequestBuffer is NULL and RequestSize is 0, and TLS session
> - // status is EfiTlsSessionNotStarted, the TLS session will be initiated
> - // and the response packet needs to be ClientHello.
> - //
> - PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> - if (PendingBufferSize == 0) {
> - SSL_set_connect_state (TlsConn->Ssl);
> - Ret = SSL_do_handshake (TlsConn->Ssl);
> - PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> - }
> - } else {
> - PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> - if (PendingBufferSize == 0) {
> - BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
> - Ret = SSL_do_handshake (TlsConn->Ssl);
> - PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> - }
> - }
> -
> - if (Ret < 1) {
> - Ret = SSL_get_error (TlsConn->Ssl, (int) Ret);
> - if (Ret == SSL_ERROR_SSL ||
> - Ret == SSL_ERROR_SYSCALL ||
> - Ret == SSL_ERROR_ZERO_RETURN) {
> - DEBUG ((
> - DEBUG_ERROR,
> - "%a SSL_HANDSHAKE_ERROR State=0x%x SSL_ERROR_%a\n",
> - __FUNCTION__,
> - SSL_get_state (TlsConn->Ssl),
> - Ret == SSL_ERROR_SSL ? "SSL" : Ret == SSL_ERROR_SYSCALL ?
> "SYSCALL" : "ZERO_RETURN"
> - ));
> - DEBUG_CODE_BEGIN ();
> - while (TRUE) {
> - ErrorCode = ERR_get_error ();
> - if (ErrorCode == 0) {
> - break;
> - }
> - DEBUG ((
> - DEBUG_ERROR,
> - "%a ERROR 0x%x=L%x:F%x:R%x\n",
> - __FUNCTION__,
> - ErrorCode,
> - ERR_GET_LIB (ErrorCode),
> - ERR_GET_FUNC (ErrorCode),
> - ERR_GET_REASON (ErrorCode)
> - ));
> - }
> - DEBUG_CODE_END ();
> - return EFI_ABORTED;
> - }
> - }
> -
> - if (PendingBufferSize > *BufferOutSize) {
> - *BufferOutSize = PendingBufferSize;
> - return EFI_BUFFER_TOO_SMALL;
> - }
> -
> - if (PendingBufferSize > 0) {
> - *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32)
> PendingBufferSize);
> - } else {
> - *BufferOutSize = 0;
> - }
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Handle Alert message recorded in BufferIn. If BufferIn is NULL and
> BufferInSize is zero,
> - TLS session has errors and the response packet needs to be Alert message
> based on error type.
> -
> - @param[in] Tls Pointer to the TLS object for state checking.
> - @param[in] BufferIn Pointer to the most recently received TLS Alert
> packet.
> - @param[in] BufferInSize Packet size in bytes for the most recently
> received TLS
> - Alert packet.
> - @param[out] BufferOut Pointer to the buffer to hold the built packet.
> - @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On
> input, it is
> - the buffer size provided by the caller. On output, it
> - is the buffer size in fact needed to contain the
> - packet.
> -
> - @retval EFI_SUCCESS The required TLS packet is built successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - Tls is NULL.
> - BufferIn is NULL but BufferInSize is NOT 0.
> - BufferInSize is 0 but BufferIn is NOT NULL.
> - BufferOutSize is NULL.
> - BufferOut is NULL if *BufferOutSize is not zero.
> - @retval EFI_ABORTED An error occurred.
> - @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the
> response packet.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsHandleAlert (
> - IN VOID *Tls,
> - IN UINT8 *BufferIn, OPTIONAL
> - IN UINTN BufferInSize, OPTIONAL
> - OUT UINT8 *BufferOut, OPTIONAL
> - IN OUT UINTN *BufferOutSize
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> - UINTN PendingBufferSize;
> - UINT8 *TempBuffer;
> - INTN Ret;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - PendingBufferSize = 0;
> - TempBuffer = NULL;
> - Ret = 0;
> -
> - if (TlsConn == NULL || \
> - TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio ==
> NULL || \
> - BufferOutSize == NULL || \
> - (BufferIn == NULL && BufferInSize != 0) || \
> - (BufferIn != NULL && BufferInSize == 0) || \
> - (BufferOut == NULL && *BufferOutSize != 0)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> - if (PendingBufferSize == 0 && BufferIn != NULL && BufferInSize != 0) {
> - Ret = BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
> - if (Ret != (INTN) BufferInSize) {
> - return EFI_ABORTED;
> - }
> -
> - TempBuffer = (UINT8 *) OPENSSL_malloc (MAX_BUFFER_SIZE);
> -
> - //
> - // ssl3_send_alert() will be called in ssl3_read_bytes() function.
> - // TempBuffer is invalid since it's a Alert message, so just ignore it.
> - //
> - SSL_read (TlsConn->Ssl, TempBuffer, MAX_BUFFER_SIZE);
> -
> - OPENSSL_free (TempBuffer);
> -
> - PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> - }
> -
> - if (PendingBufferSize > *BufferOutSize) {
> - *BufferOutSize = PendingBufferSize;
> - return EFI_BUFFER_TOO_SMALL;
> - }
> -
> - if (PendingBufferSize > 0) {
> - *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32)
> PendingBufferSize);
> - } else {
> - *BufferOutSize = 0;
> - }
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Build the CloseNotify packet.
> -
> - @param[in] Tls Pointer to the TLS object for state checking.
> - @param[in, out] Buffer Pointer to the buffer to hold the built packet.
> - @param[in, out] BufferSize Pointer to the buffer size in bytes. On input,
> it is
> - the buffer size provided by the caller. On output, it
> - is the buffer size in fact needed to contain the
> - packet.
> -
> - @retval EFI_SUCCESS The required TLS packet is built successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - Tls is NULL.
> - BufferSize is NULL.
> - Buffer is NULL if *BufferSize is not zero.
> - @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the
> response packet.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsCloseNotify (
> - IN VOID *Tls,
> - IN OUT UINT8 *Buffer,
> - IN OUT UINTN *BufferSize
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> - UINTN PendingBufferSize;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - PendingBufferSize = 0;
> -
> - if (TlsConn == NULL || \
> - TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio ==
> NULL || \
> - BufferSize == NULL || \
> - (Buffer == NULL && *BufferSize != 0)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> - if (PendingBufferSize == 0) {
> - //
> - // ssl3_send_alert() and ssl3_dispatch_alert() function will be called.
> - //
> - SSL_shutdown (TlsConn->Ssl);
> - PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> - }
> -
> - if (PendingBufferSize > *BufferSize) {
> - *BufferSize = PendingBufferSize;
> - return EFI_BUFFER_TOO_SMALL;
> - }
> -
> - if (PendingBufferSize > 0) {
> - *BufferSize = BIO_read (TlsConn->OutBio, Buffer, (UINT32)
> PendingBufferSize);
> - } else {
> - *BufferSize = 0;
> - }
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Attempts to read bytes from one TLS object and places the data in Buffer.
> -
> - This function will attempt to read BufferSize bytes from the TLS object
> - and places the data in Buffer.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in,out] Buffer Pointer to the buffer to store the data.
> - @param[in] BufferSize The size of Buffer in bytes.
> -
> - @retval >0 The amount of data successfully read from the TLS object.
> - @retval <=0 No data was successfully read.
> -
> -**/
> -INTN
> -EFIAPI
> -TlsCtrlTrafficOut (
> - IN VOID *Tls,
> - IN OUT VOID *Buffer,
> - IN UINTN BufferSize
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - if (TlsConn == NULL || TlsConn->OutBio == 0) {
> - return -1;
> - }
> -
> - //
> - // Read and return the amount of data from the BIO.
> - //
> - return BIO_read (TlsConn->OutBio, Buffer, (UINT32) BufferSize);
> -}
> -
> -/**
> - Attempts to write data from the buffer to TLS object.
> -
> - This function will attempt to write BufferSize bytes data from the Buffer
> - to the TLS object.
> -
> - @param[in] Tls Pointer to the TLS object.
> - @param[in] Buffer Pointer to the data buffer.
> - @param[in] BufferSize The size of Buffer in bytes.
> -
> - @retval >0 The amount of data successfully written to the TLS object.
> - @retval <=0 No data was successfully written.
> -
> -**/
> -INTN
> -EFIAPI
> -TlsCtrlTrafficIn (
> - IN VOID *Tls,
> - IN VOID *Buffer,
> - IN UINTN BufferSize
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - if (TlsConn == NULL || TlsConn->InBio == 0) {
> - return -1;
> - }
> -
> - //
> - // Write and return the amount of data to the BIO.
> - //
> - return BIO_write (TlsConn->InBio, Buffer, (UINT32) BufferSize);
> -}
> -/**
> - Attempts to read bytes from the specified TLS connection into the buffer.
> -
> - This function tries to read BufferSize bytes data from the specified TLS
> - connection into the Buffer.
> -
> - @param[in] Tls Pointer to the TLS connection for data reading.
> - @param[in,out] Buffer Pointer to the data buffer.
> - @param[in] BufferSize The size of Buffer in bytes.
> -
> - @retval >0 The read operation was successful, and return value is the
> - number of bytes actually read from the TLS connection.
> - @retval <=0 The read operation was not successful.
> -
> -**/
> -INTN
> -EFIAPI
> -TlsRead (
> - IN VOID *Tls,
> - IN OUT VOID *Buffer,
> - IN UINTN BufferSize
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - if (TlsConn == NULL || TlsConn->Ssl == NULL) {
> - return -1;
> - }
> -
> - //
> - // Read bytes from the specified TLS connection.
> - //
> - return SSL_read (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
> -}
> -
> -/**
> - Attempts to write data to a TLS connection.
> -
> - This function tries to write BufferSize bytes data from the Buffer into the
> - specified TLS connection.
> -
> - @param[in] Tls Pointer to the TLS connection for data writing.
> - @param[in] Buffer Pointer to the data buffer.
> - @param[in] BufferSize The size of Buffer in bytes.
> -
> - @retval >0 The write operation was successful, and return value is the
> - number of bytes actually written to the TLS connection.
> - @retval <=0 The write operation was not successful.
> -
> -**/
> -INTN
> -EFIAPI
> -TlsWrite (
> - IN VOID *Tls,
> - IN VOID *Buffer,
> - IN UINTN BufferSize
> - )
> -{
> - TLS_CONNECTION *TlsConn;
> -
> - TlsConn = (TLS_CONNECTION *) Tls;
> - if (TlsConn == NULL || TlsConn->Ssl == NULL) {
> - return -1;
> - }
> -
> - //
> - // Write bytes to the specified TLS connection.
> - //
> - return SSL_write (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
> -}
> +/** @file
> + SSL/TLS Process Library Wrapper Implementation over OpenSSL.
> + The process includes the TLS handshake and packet I/O.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution. The full text of the license may be
> found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include "InternalTlsLib.h"
> +
> +#define MAX_BUFFER_SIZE 32768
> +
> +/**
> + Checks if the TLS handshake was done.
> +
> + This function will check if the specified TLS handshake was done.
> +
> + @param[in] Tls Pointer to the TLS object for handshake state checking.
> +
> + @retval TRUE The TLS handshake was done.
> + @retval FALSE The TLS handshake was not done.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +TlsInHandshake (
> + IN VOID *Tls
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + if (TlsConn == NULL || TlsConn->Ssl == NULL) {
> + return FALSE;
> + }
> +
> + //
> + // Return the status which indicates if the TLS handshake was done.
> + //
> + return !SSL_is_init_finished (TlsConn->Ssl);
> +}
> +
> +/**
> + Perform a TLS/SSL handshake.
> +
> + This function will perform a TLS/SSL handshake.
> +
> + @param[in] Tls Pointer to the TLS object for handshake operation.
> + @param[in] BufferIn Pointer to the most recently received TLS
> Handshake packet.
> + @param[in] BufferInSize Packet size in bytes for the most recently
> received TLS
> + Handshake packet.
> + @param[out] BufferOut Pointer to the buffer to hold the built packet.
> + @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On
> input, it is
> + the buffer size provided by the caller. On output, it
> + is the buffer size in fact needed to contain the
> + packet.
> +
> + @retval EFI_SUCCESS The required TLS packet is built successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + Tls is NULL.
> + BufferIn is NULL but BufferInSize is NOT 0.
> + BufferInSize is 0 but BufferIn is NOT NULL.
> + BufferOutSize is NULL.
> + BufferOut is NULL if *BufferOutSize is not zero.
> + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the
> response packet.
> + @retval EFI_ABORTED Something wrong during handshake.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsDoHandshake (
> + IN VOID *Tls,
> + IN UINT8 *BufferIn, OPTIONAL
> + IN UINTN BufferInSize, OPTIONAL
> + OUT UINT8 *BufferOut, OPTIONAL
> + IN OUT UINTN *BufferOutSize
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> + UINTN PendingBufferSize;
> + INTN Ret;
> + UINTN ErrorCode;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + PendingBufferSize = 0;
> + Ret = 1;
> +
> + if (TlsConn == NULL || \
> + TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio ==
> NULL || \
> + BufferOutSize == NULL || \
> + (BufferIn == NULL && BufferInSize != 0) || \
> + (BufferIn != NULL && BufferInSize == 0) || \
> + (BufferOut == NULL && *BufferOutSize != 0)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + if(BufferIn == NULL && BufferInSize == 0) {
> + //
> + // If RequestBuffer is NULL and RequestSize is 0, and TLS session
> + // status is EfiTlsSessionNotStarted, the TLS session will be initiated
> + // and the response packet needs to be ClientHello.
> + //
> + PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> + if (PendingBufferSize == 0) {
> + SSL_set_connect_state (TlsConn->Ssl);
> + Ret = SSL_do_handshake (TlsConn->Ssl);
> + PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> + }
> + } else {
> + PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> + if (PendingBufferSize == 0) {
> + BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
> + Ret = SSL_do_handshake (TlsConn->Ssl);
> + PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> + }
> + }
> +
> + if (Ret < 1) {
> + Ret = SSL_get_error (TlsConn->Ssl, (int) Ret);
> + if (Ret == SSL_ERROR_SSL ||
> + Ret == SSL_ERROR_SYSCALL ||
> + Ret == SSL_ERROR_ZERO_RETURN) {
> + DEBUG ((
> + DEBUG_ERROR,
> + "%a SSL_HANDSHAKE_ERROR State=0x%x SSL_ERROR_%a\n",
> + __FUNCTION__,
> + SSL_get_state (TlsConn->Ssl),
> + Ret == SSL_ERROR_SSL ? "SSL" : Ret == SSL_ERROR_SYSCALL ?
> "SYSCALL" : "ZERO_RETURN"
> + ));
> + DEBUG_CODE_BEGIN ();
> + while (TRUE) {
> + ErrorCode = ERR_get_error ();
> + if (ErrorCode == 0) {
> + break;
> + }
> + DEBUG ((
> + DEBUG_ERROR,
> + "%a ERROR 0x%x=L%x:F%x:R%x\n",
> + __FUNCTION__,
> + ErrorCode,
> + ERR_GET_LIB (ErrorCode),
> + ERR_GET_FUNC (ErrorCode),
> + ERR_GET_REASON (ErrorCode)
> + ));
> + }
> + DEBUG_CODE_END ();
> + return EFI_ABORTED;
> + }
> + }
> +
> + if (PendingBufferSize > *BufferOutSize) {
> + *BufferOutSize = PendingBufferSize;
> + return EFI_BUFFER_TOO_SMALL;
> + }
> +
> + if (PendingBufferSize > 0) {
> + *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32)
> PendingBufferSize);
> + } else {
> + *BufferOutSize = 0;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Handle Alert message recorded in BufferIn. If BufferIn is NULL and
> BufferInSize is zero,
> + TLS session has errors and the response packet needs to be Alert message
> based on error type.
> +
> + @param[in] Tls Pointer to the TLS object for state checking.
> + @param[in] BufferIn Pointer to the most recently received TLS Alert
> packet.
> + @param[in] BufferInSize Packet size in bytes for the most recently
> received TLS
> + Alert packet.
> + @param[out] BufferOut Pointer to the buffer to hold the built packet.
> + @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On
> input, it is
> + the buffer size provided by the caller. On output, it
> + is the buffer size in fact needed to contain the
> + packet.
> +
> + @retval EFI_SUCCESS The required TLS packet is built successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + Tls is NULL.
> + BufferIn is NULL but BufferInSize is NOT 0.
> + BufferInSize is 0 but BufferIn is NOT NULL.
> + BufferOutSize is NULL.
> + BufferOut is NULL if *BufferOutSize is not zero.
> + @retval EFI_ABORTED An error occurred.
> + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the
> response packet.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsHandleAlert (
> + IN VOID *Tls,
> + IN UINT8 *BufferIn, OPTIONAL
> + IN UINTN BufferInSize, OPTIONAL
> + OUT UINT8 *BufferOut, OPTIONAL
> + IN OUT UINTN *BufferOutSize
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> + UINTN PendingBufferSize;
> + UINT8 *TempBuffer;
> + INTN Ret;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + PendingBufferSize = 0;
> + TempBuffer = NULL;
> + Ret = 0;
> +
> + if (TlsConn == NULL || \
> + TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio ==
> NULL || \
> + BufferOutSize == NULL || \
> + (BufferIn == NULL && BufferInSize != 0) || \
> + (BufferIn != NULL && BufferInSize == 0) || \
> + (BufferOut == NULL && *BufferOutSize != 0)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> + if (PendingBufferSize == 0 && BufferIn != NULL && BufferInSize != 0) {
> + Ret = BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
> + if (Ret != (INTN) BufferInSize) {
> + return EFI_ABORTED;
> + }
> +
> + TempBuffer = (UINT8 *) OPENSSL_malloc (MAX_BUFFER_SIZE);
> +
> + //
> + // ssl3_send_alert() will be called in ssl3_read_bytes() function.
> + // TempBuffer is invalid since it's a Alert message, so just ignore it.
> + //
> + SSL_read (TlsConn->Ssl, TempBuffer, MAX_BUFFER_SIZE);
> +
> + OPENSSL_free (TempBuffer);
> +
> + PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> + }
> +
> + if (PendingBufferSize > *BufferOutSize) {
> + *BufferOutSize = PendingBufferSize;
> + return EFI_BUFFER_TOO_SMALL;
> + }
> +
> + if (PendingBufferSize > 0) {
> + *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32)
> PendingBufferSize);
> + } else {
> + *BufferOutSize = 0;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Build the CloseNotify packet.
> +
> + @param[in] Tls Pointer to the TLS object for state checking.
> + @param[in, out] Buffer Pointer to the buffer to hold the built packet.
> + @param[in, out] BufferSize Pointer to the buffer size in bytes. On input,
> it is
> + the buffer size provided by the caller. On output, it
> + is the buffer size in fact needed to contain the
> + packet.
> +
> + @retval EFI_SUCCESS The required TLS packet is built successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + Tls is NULL.
> + BufferSize is NULL.
> + Buffer is NULL if *BufferSize is not zero.
> + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the
> response packet.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsCloseNotify (
> + IN VOID *Tls,
> + IN OUT UINT8 *Buffer,
> + IN OUT UINTN *BufferSize
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> + UINTN PendingBufferSize;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + PendingBufferSize = 0;
> +
> + if (TlsConn == NULL || \
> + TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio ==
> NULL || \
> + BufferSize == NULL || \
> + (Buffer == NULL && *BufferSize != 0)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> + if (PendingBufferSize == 0) {
> + //
> + // ssl3_send_alert() and ssl3_dispatch_alert() function will be called.
> + //
> + SSL_shutdown (TlsConn->Ssl);
> + PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
> + }
> +
> + if (PendingBufferSize > *BufferSize) {
> + *BufferSize = PendingBufferSize;
> + return EFI_BUFFER_TOO_SMALL;
> + }
> +
> + if (PendingBufferSize > 0) {
> + *BufferSize = BIO_read (TlsConn->OutBio, Buffer, (UINT32)
> PendingBufferSize);
> + } else {
> + *BufferSize = 0;
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Attempts to read bytes from one TLS object and places the data in Buffer.
> +
> + This function will attempt to read BufferSize bytes from the TLS object
> + and places the data in Buffer.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] Buffer Pointer to the buffer to store the data.
> + @param[in] BufferSize The size of Buffer in bytes.
> +
> + @retval >0 The amount of data successfully read from the TLS object.
> + @retval <=0 No data was successfully read.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsCtrlTrafficOut (
> + IN VOID *Tls,
> + IN OUT VOID *Buffer,
> + IN UINTN BufferSize
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + if (TlsConn == NULL || TlsConn->OutBio == 0) {
> + return -1;
> + }
> +
> + //
> + // Read and return the amount of data from the BIO.
> + //
> + return BIO_read (TlsConn->OutBio, Buffer, (UINT32) BufferSize);
> +}
> +
> +/**
> + Attempts to write data from the buffer to TLS object.
> +
> + This function will attempt to write BufferSize bytes data from the Buffer
> + to the TLS object.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] Buffer Pointer to the data buffer.
> + @param[in] BufferSize The size of Buffer in bytes.
> +
> + @retval >0 The amount of data successfully written to the TLS object.
> + @retval <=0 No data was successfully written.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsCtrlTrafficIn (
> + IN VOID *Tls,
> + IN VOID *Buffer,
> + IN UINTN BufferSize
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + if (TlsConn == NULL || TlsConn->InBio == 0) {
> + return -1;
> + }
> +
> + //
> + // Write and return the amount of data to the BIO.
> + //
> + return BIO_write (TlsConn->InBio, Buffer, (UINT32) BufferSize);
> +}
> +/**
> + Attempts to read bytes from the specified TLS connection into the buffer.
> +
> + This function tries to read BufferSize bytes data from the specified TLS
> + connection into the Buffer.
> +
> + @param[in] Tls Pointer to the TLS connection for data reading.
> + @param[in,out] Buffer Pointer to the data buffer.
> + @param[in] BufferSize The size of Buffer in bytes.
> +
> + @retval >0 The read operation was successful, and return value is the
> + number of bytes actually read from the TLS connection.
> + @retval <=0 The read operation was not successful.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsRead (
> + IN VOID *Tls,
> + IN OUT VOID *Buffer,
> + IN UINTN BufferSize
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + if (TlsConn == NULL || TlsConn->Ssl == NULL) {
> + return -1;
> + }
> +
> + //
> + // Read bytes from the specified TLS connection.
> + //
> + return SSL_read (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
> +}
> +
> +/**
> + Attempts to write data to a TLS connection.
> +
> + This function tries to write BufferSize bytes data from the Buffer into the
> + specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS connection for data writing.
> + @param[in] Buffer Pointer to the data buffer.
> + @param[in] BufferSize The size of Buffer in bytes.
> +
> + @retval >0 The write operation was successful, and return value is the
> + number of bytes actually written to the TLS connection.
> + @retval <=0 The write operation was not successful.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsWrite (
> + IN VOID *Tls,
> + IN VOID *Buffer,
> + IN UINTN BufferSize
> + )
> +{
> + TLS_CONNECTION *TlsConn;
> +
> + TlsConn = (TLS_CONNECTION *) Tls;
> + if (TlsConn == NULL || TlsConn->Ssl == NULL) {
> + return -1;
> + }
> +
> + //
> + // Write bytes to the specified TLS connection.
> + //
> + return SSL_write (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
> +}
> +
> --
> 2.12.0.windows.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 4/6] SignedCapsulePkg: Convert files to CRLF line ending
2017-04-06 2:25 ` [PATCH 4/6] SignedCapsulePkg: " Hao Wu
@ 2017-04-06 3:08 ` Yao, Jiewen
0 siblings, 0 replies; 13+ messages in thread
From: Yao, Jiewen @ 2017-04-06 3:08 UTC (permalink / raw)
To: Wu, Hao A, edk2-devel@lists.01.org
Reviewed-by: jiewen.yao@intel.com
> -----Original Message-----
> From: Wu, Hao A
> Sent: Thursday, April 6, 2017 10:25 AM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A <hao.a.wu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [PATCH 4/6] SignedCapsulePkg: Convert files to CRLF line ending
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Hao Wu <hao.a.wu@intel.com>
> ---
> SignedCapsulePkg/Readme.md | 22 ++++++++++----------
> 1 file changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/SignedCapsulePkg/Readme.md b/SignedCapsulePkg/Readme.md
> index 67c78edfb4..03358e93ee 100644
> --- a/SignedCapsulePkg/Readme.md
> +++ b/SignedCapsulePkg/Readme.md
> @@ -1,11 +1,11 @@
> -# SignedCapsulePkg
> -
> -This package provides a signed capsule solution in EDKII to support a secure
> capsule update and recovery solution.
> -
> -Source Repository:
> https://github.com/tianocore/edk2/tree/master/SignedCapsulePkg
> -
> -A whitepaper to describe the capsule design:
> https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Be
> yond_BIOS_Capsule_Update_and_Recovery_in_EDK_II.pdf
> -
> -Wiki pages to provides more detail on how to enable:
> https://github.com/tianocore/tianocore.github.io/wiki/Capsule-Based-Firmware
> -Update-and-Firmware-Recovery
> -
> -
> +# SignedCapsulePkg
> +
> +This package provides a signed capsule solution in EDKII to support a secure
> capsule update and recovery solution.
> +
> +Source Repository:
> https://github.com/tianocore/edk2/tree/master/SignedCapsulePkg
> +
> +A whitepaper to describe the capsule design:
> https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Be
> yond_BIOS_Capsule_Update_and_Recovery_in_EDK_II.pdf
> +
> +Wiki pages to provides more detail on how to enable:
> https://github.com/tianocore/tianocore.github.io/wiki/Capsule-Based-Firmware
> -Update-and-Firmware-Recovery
> +
> +
> --
> 2.12.0.windows.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 3/6] IntelFsp2WrapperPkg: Convert files to CRLF line ending
2017-04-06 2:25 ` [PATCH 3/6] IntelFsp2WrapperPkg: " Hao Wu
@ 2017-04-06 3:08 ` Yao, Jiewen
0 siblings, 0 replies; 13+ messages in thread
From: Yao, Jiewen @ 2017-04-06 3:08 UTC (permalink / raw)
To: Wu, Hao A, edk2-devel@lists.01.org
Reviewed-by: jiewen.yao@intel.com
> -----Original Message-----
> From: Wu, Hao A
> Sent: Thursday, April 6, 2017 10:25 AM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A <hao.a.wu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [PATCH 3/6] IntelFsp2WrapperPkg: Convert files to CRLF line ending
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Hao Wu <hao.a.wu@intel.com>
> ---
> IntelFsp2WrapperPkg/Readme.md | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/IntelFsp2WrapperPkg/Readme.md
> b/IntelFsp2WrapperPkg/Readme.md
> index 0b0f81b033..dfcb4c1a2e 100644
> --- a/IntelFsp2WrapperPkg/Readme.md
> +++ b/IntelFsp2WrapperPkg/Readme.md
> @@ -1,7 +1,7 @@
> -# IntelFsp2WrapperPkg
> -
> -This package provides the component to use an FSP binary.
> -
> -Source Repository:
> https://github.com/tianocore/edk2/tree/master/IntelFsp2WrapperPkg
> -
> -A whitepaper to describe the IntelFsp2WrapperPkg:
> https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Using_the
> _Intel_Firmware_Support_Package_with_the_EFI_Developer_Kit_II_%28FSP2.0
> %29.pdf
> \ No newline at end of file
> +# IntelFsp2WrapperPkg
> +
> +This package provides the component to use an FSP binary.
> +
> +Source Repository:
> https://github.com/tianocore/edk2/tree/master/IntelFsp2WrapperPkg
> +
> +A whitepaper to describe the IntelFsp2WrapperPkg:
> https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Using_the
> _Intel_Firmware_Support_Package_with_the_EFI_Developer_Kit_II_%28FSP2.0
> %29.pdf
> --
> 2.12.0.windows.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 2/6] IntelFsp2Pkg: Convert files to CRLF line ending
2017-04-06 2:25 ` [PATCH 2/6] IntelFsp2Pkg: " Hao Wu
@ 2017-04-06 3:08 ` Yao, Jiewen
0 siblings, 0 replies; 13+ messages in thread
From: Yao, Jiewen @ 2017-04-06 3:08 UTC (permalink / raw)
To: Wu, Hao A, edk2-devel@lists.01.org
Reviewed-by: jiewen.yao@intel.com
> -----Original Message-----
> From: Wu, Hao A
> Sent: Thursday, April 6, 2017 10:25 AM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A <hao.a.wu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [PATCH 2/6] IntelFsp2Pkg: Convert files to CRLF line ending
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Hao Wu <hao.a.wu@intel.com>
> ---
> IntelFsp2Pkg/Readme.md | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/IntelFsp2Pkg/Readme.md b/IntelFsp2Pkg/Readme.md
> index 6e38e8ca61..719ce099e4 100644
> --- a/IntelFsp2Pkg/Readme.md
> +++ b/IntelFsp2Pkg/Readme.md
> @@ -1,7 +1,7 @@
> -# IntelFsp2Pkg
> -
> -This package provides the component to create an FSP binary.
> -
> -Source Repository:
> https://github.com/tianocore/edk2/tree/master/IntelFsp2Pkg
> -
> -A whitepaper to describe the IntelFsp2Pkg:
> https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Creating_t
> he_Intel_Firmware_Support_Package_with_the_EFI_Developer_Kit_II_%28FSP
> 2.0%29.pdf
> \ No newline at end of file
> +# IntelFsp2Pkg
> +
> +This package provides the component to create an FSP binary.
> +
> +Source Repository:
> https://github.com/tianocore/edk2/tree/master/IntelFsp2Pkg
> +
> +A whitepaper to describe the IntelFsp2Pkg:
> https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Creating_t
> he_Intel_Firmware_Support_Package_with_the_EFI_Developer_Kit_II_%28FSP
> 2.0%29.pdf
> --
> 2.12.0.windows.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 5/6] MdePkg: Convert files to CRLF line ending
2017-04-06 2:25 ` [PATCH 5/6] MdePkg: " Hao Wu
@ 2017-04-06 4:45 ` Gao, Liming
0 siblings, 0 replies; 13+ messages in thread
From: Gao, Liming @ 2017-04-06 4:45 UTC (permalink / raw)
To: Wu, Hao A, edk2-devel@lists.01.org; +Cc: Kinney, Michael D
Reviewed-by: Liming Gao <liming.gao@intel.com>
>-----Original Message-----
>From: Wu, Hao A
>Sent: Thursday, April 06, 2017 10:25 AM
>To: edk2-devel@lists.01.org
>Cc: Wu, Hao A <hao.a.wu@intel.com>; Kinney, Michael D
><michael.d.kinney@intel.com>; Gao, Liming <liming.gao@intel.com>
>Subject: [PATCH 5/6] MdePkg: Convert files to CRLF line ending
>
>Cc: Michael Kinney <michael.d.kinney@intel.com>
>Cc: Liming Gao <liming.gao@intel.com>
>Contributed-under: TianoCore Contribution Agreement 1.0
>Signed-off-by: Hao Wu <hao.a.wu@intel.com>
>---
> MdePkg/Include/IndustryStandard/Tls1.h | 186 ++--
> MdePkg/Include/Protocol/Tls.h | 921 ++++++++++----------
> MdePkg/Include/Protocol/TlsConfig.h | 265 +++---
> MdePkg/Library/BaseLib/SafeString.c | 39 +-
> 4 files changed, 707 insertions(+), 704 deletions(-)
>
>diff --git a/MdePkg/Include/IndustryStandard/Tls1.h
>b/MdePkg/Include/IndustryStandard/Tls1.h
>index 019ff617de..9009291ee3 100644
>--- a/MdePkg/Include/IndustryStandard/Tls1.h
>+++ b/MdePkg/Include/IndustryStandard/Tls1.h
>@@ -1,93 +1,93 @@
>-/** @file
>- Transport Layer Security -- TLS 1.0/1.1/1.2 Standard definitions, from RFC
>2246/4346/5246
>-
>- This file contains common TLS 1.0/1.1/1.2 definitions from RFC
>2246/4346/5246
>-
>- Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
>- This program and the accompanying materials
>- are licensed and made available under the terms and conditions of the BSD
>License
>- which accompanies this distribution. The full text of the license may be
>found at
>- http://opensource.org/licenses/bsd-license.php
>-
>- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
>BASIS,
>- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
>EXPRESS OR IMPLIED.
>-**/
>-
>-#ifndef __TLS_1_H__
>-#define __TLS_1_H__
>-
>-#pragma pack(1)
>-
>-///
>-/// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246.
>-///
>-#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01}
>-#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02}
>-#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04}
>-#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05}
>-#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07}
>-#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09}
>-#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A}
>-#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C}
>-#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D}
>-#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F}
>-#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10}
>-#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12}
>-#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13}
>-#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15}
>-#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16}
>-#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F}
>-#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30}
>-#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31}
>-#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32}
>-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33}
>-#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35}
>-#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36}
>-#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37}
>-#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38}
>-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39}
>-#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B}
>-#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C}
>-#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D}
>-#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E}
>-#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F}
>-#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40}
>-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67}
>-#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68}
>-#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69}
>-#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A}
>-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B}
>-
>-///
>-/// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
>-///
>-#define TLS10_PROTOCOL_VERSION_MAJOR 0x03
>-#define TLS10_PROTOCOL_VERSION_MINOR 0x01
>-#define TLS11_PROTOCOL_VERSION_MAJOR 0x03
>-#define TLS11_PROTOCOL_VERSION_MINOR 0x02
>-#define TLS12_PROTOCOL_VERSION_MAJOR 0x03
>-#define TLS12_PROTOCOL_VERSION_MINOR 0x03
>-
>-///
>-/// TLS Content Type, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
>-///
>-typedef enum {
>- TlsContentTypeChangeCipherSpec = 20,
>- TlsContentTypeAlert = 21,
>- TlsContentTypeHandshake = 22,
>- TlsContentTypeApplicationData = 23,
>-} TLS_CONTENT_TYPE;
>-
>-///
>-/// TLS Record Header, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
>-///
>-typedef struct {
>- UINT8 ContentType;
>- EFI_TLS_VERSION Version;
>- UINT16 Length;
>-} TLS_RECORD_HEADER;
>-
>-#pragma pack()
>-
>-#endif
>-
>+/** @file
>+ Transport Layer Security -- TLS 1.0/1.1/1.2 Standard definitions, from RFC
>2246/4346/5246
>+
>+ This file contains common TLS 1.0/1.1/1.2 definitions from RFC
>2246/4346/5246
>+
>+ Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
>+ This program and the accompanying materials
>+ are licensed and made available under the terms and conditions of the BSD
>License
>+ which accompanies this distribution. The full text of the license may be
>found at
>+ http://opensource.org/licenses/bsd-license.php
>+
>+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
>BASIS,
>+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
>EXPRESS OR IMPLIED.
>+**/
>+
>+#ifndef __TLS_1_H__
>+#define __TLS_1_H__
>+
>+#pragma pack(1)
>+
>+///
>+/// TLS Cipher Suite, refers to A.5 of rfc-2246, rfc-4346 and rfc-5246.
>+///
>+#define TLS_RSA_WITH_NULL_MD5 {0x00, 0x01}
>+#define TLS_RSA_WITH_NULL_SHA {0x00, 0x02}
>+#define TLS_RSA_WITH_RC4_128_MD5 {0x00, 0x04}
>+#define TLS_RSA_WITH_RC4_128_SHA {0x00, 0x05}
>+#define TLS_RSA_WITH_IDEA_CBC_SHA {0x00, 0x07}
>+#define TLS_RSA_WITH_DES_CBC_SHA {0x00, 0x09}
>+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x0A}
>+#define TLS_DH_DSS_WITH_DES_CBC_SHA {0x00, 0x0C}
>+#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x0D}
>+#define TLS_DH_RSA_WITH_DES_CBC_SHA {0x00, 0x0F}
>+#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x10}
>+#define TLS_DHE_DSS_WITH_DES_CBC_SHA {0x00, 0x12}
>+#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA {0x00, 0x13}
>+#define TLS_DHE_RSA_WITH_DES_CBC_SHA {0x00, 0x15}
>+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA {0x00, 0x16}
>+#define TLS_RSA_WITH_AES_128_CBC_SHA {0x00, 0x2F}
>+#define TLS_DH_DSS_WITH_AES_128_CBC_SHA {0x00, 0x30}
>+#define TLS_DH_RSA_WITH_AES_128_CBC_SHA {0x00, 0x31}
>+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA {0x00, 0x32}
>+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA {0x00, 0x33}
>+#define TLS_RSA_WITH_AES_256_CBC_SHA {0x00, 0x35}
>+#define TLS_DH_DSS_WITH_AES_256_CBC_SHA {0x00, 0x36}
>+#define TLS_DH_RSA_WITH_AES_256_CBC_SHA {0x00, 0x37}
>+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA {0x00, 0x38}
>+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA {0x00, 0x39}
>+#define TLS_RSA_WITH_NULL_SHA256 {0x00, 0x3B}
>+#define TLS_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3C}
>+#define TLS_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x3D}
>+#define TLS_DH_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x3E}
>+#define TLS_DH_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x3F}
>+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 {0x00, 0x40}
>+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 {0x00, 0x67}
>+#define TLS_DH_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x68}
>+#define TLS_DH_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x69}
>+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 {0x00, 0x6A}
>+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 {0x00, 0x6B}
>+
>+///
>+/// TLS Version, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
>+///
>+#define TLS10_PROTOCOL_VERSION_MAJOR 0x03
>+#define TLS10_PROTOCOL_VERSION_MINOR 0x01
>+#define TLS11_PROTOCOL_VERSION_MAJOR 0x03
>+#define TLS11_PROTOCOL_VERSION_MINOR 0x02
>+#define TLS12_PROTOCOL_VERSION_MAJOR 0x03
>+#define TLS12_PROTOCOL_VERSION_MINOR 0x03
>+
>+///
>+/// TLS Content Type, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
>+///
>+typedef enum {
>+ TlsContentTypeChangeCipherSpec = 20,
>+ TlsContentTypeAlert = 21,
>+ TlsContentTypeHandshake = 22,
>+ TlsContentTypeApplicationData = 23,
>+} TLS_CONTENT_TYPE;
>+
>+///
>+/// TLS Record Header, refers to A.1 of rfc-2246, rfc-4346 and rfc-5246.
>+///
>+typedef struct {
>+ UINT8 ContentType;
>+ EFI_TLS_VERSION Version;
>+ UINT16 Length;
>+} TLS_RECORD_HEADER;
>+
>+#pragma pack()
>+
>+#endif
>+
>diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.h
>index f3cfccc953..2119f33c0f 100644
>--- a/MdePkg/Include/Protocol/Tls.h
>+++ b/MdePkg/Include/Protocol/Tls.h
>@@ -1,460 +1,461 @@
>-/** @file
>- EFI TLS Protocols as defined in UEFI 2.5.
>-
>- The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers
>- to create and destroy child of the driver to communicate with other host
>using
>- TLS protocol.
>- The EFI TLS Protocol provides the ability to manage TLS session.
>-
>- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
>- This program and the accompanying materials
>- are licensed and made available under the terms and conditions of the BSD
>License
>- which accompanies this distribution. The full text of the license may be
>found at
>- http://opensource.org/licenses/bsd-license.php
>-
>- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
>BASIS,
>- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
>EXPRESS OR IMPLIED.
>-
>- @par Revision Reference:
>- This Protocol is introduced in UEFI Specification 2.5
>-
>-**/
>-
>-#ifndef __EFI_TLS_PROTOCOL_H__
>-#define __EFI_TLS_PROTOCOL_H__
>-
>-///
>-/// The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol
>drivers to
>-/// create and destroy child of the driver to communicate with other host
>using TLS
>-/// protocol.
>-///
>-#define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \
>- { \
>- 0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab, 0x8d }
>\
>- }
>-
>-///
>-/// The EFI TLS protocol provides the ability to manage TLS session.
>-///
>-#define EFI_TLS_PROTOCOL_GUID \
>- { \
>- 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51, 0x43, 0x90 } \
>- }
>-
>-typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL;
>-
>-///
>-/// EFI_TLS_SESSION_DATA_TYPE
>-///
>-typedef enum {
>- ///
>- /// Session Configuration
>- ///
>-
>- ///
>- /// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION.
>- ///
>- EfiTlsVersion,
>- ///
>- /// TLS session as client or as server. The corresponding Data is of
>- /// EFI_TLS_CONNECTION_END.
>- ///
>- EfiTlsConnectionEnd,
>- ///
>- /// A priority list of preferred algorithms for the TLS session.
>- /// The corresponding Data is a list of EFI_TLS_CIPHER.
>- ///
>- EfiTlsCipherList,
>- ///
>- /// TLS session compression method.
>- /// The corresponding Data is of type EFI_TLS_COMPRESSION.
>- ///
>- EfiTlsCompressionMethod,
>- ///
>- /// TLS session extension data.
>- /// The corresponding Data is a list of type EFI_TLS_EXTENSION .
>- ///
>- EfiTlsExtensionData,
>- ///
>- /// TLS session verify method.
>- /// The corresponding Data is of type EFI_TLS_VERIFY.
>- ///
>- EfiTlsVerifyMethod,
>- ///
>- /// TLS session data session ID.
>- /// For SetSessionData(), it is TLS session ID used for session resumption.
>- /// For GetSessionData(), it is the TLS session ID used for current session.
>- /// The corresponding Data is of type EFI_TLS_SESSION_ID.
>- ///
>- EfiTlsSessionID,
>- ///
>- /// TLS session data session state.
>- /// The corresponding Data is of type EFI_TLS_SESSION_STATE.
>- ///
>- EfiTlsSessionState,
>-
>- ///
>- /// Session information
>- ///
>-
>- ///
>- /// TLS session data client random.
>- /// The corresponding Data is of type EFI_TLS_RANDOM.
>- ///
>- EfiTlsClientRandom,
>- ///
>- /// TLS session data server random.
>- /// The corresponding Data is of type EFI_TLS_RANDOM.
>- ///
>- EfiTlsServerRandom,
>- ///
>- /// TLS session data key material.
>- /// The corresponding Data is of type EFI_TLS_MASTER_SECRET.
>- ///
>- EfiTlsKeyMaterial,
>-
>- EfiTlsSessionDataTypeMaximum
>-
>-} EFI_TLS_SESSION_DATA_TYPE;
>-
>-///
>-/// EFI_TLS_VERSION
>-/// Note: The TLS version definition is from SSL3.0 to the latest TLS (e.g. 1.2).
>-/// SSL2.0 is obsolete and should not be used.
>-///
>-typedef struct {
>- UINT8 Major;
>- UINT8 Minor;
>-} EFI_TLS_VERSION;
>-
>-///
>-/// EFI_TLS_CONNECTION_END to define TLS session as client or server.
>-///
>-typedef enum {
>- EfiTlsClient,
>- EfiTlsServer,
>-} EFI_TLS_CONNECTION_END;
>-
>-///
>-/// EFI_TLS_CIPHER
>-/// Note: The definition of EFI_TLS_CIPHER definition is from "RFC 5246, A.4.1.
>-/// Hello Messages". The value of EFI_TLS_CIPHER is from TLS Cipher
>-/// Suite Registry of IANA.
>-///
>-typedef struct {
>- UINT8 Data1;
>- UINT8 Data2;
>-} EFI_TLS_CIPHER;
>-
>-///
>-/// EFI_TLS_COMPRESSION
>-/// Note: The value of EFI_TLS_COMPRESSION definition is from "RFC 3749".
>-///
>-typedef UINT8 EFI_TLS_COMPRESSION;
>-
>-///
>-/// EFI_TLS_EXTENSION
>-/// Note: The definition of EFI_TLS_EXTENSION if from "RFC 5246 A.4.1.
>-/// Hello Messages".
>-///
>-typedef struct {
>- UINT16 ExtensionType;
>- UINT16 Length;
>- UINT8 Data[1];
>-} EFI_TLS_EXTENSION;
>-
>-///
>-/// EFI_TLS_VERIFY
>-/// Use either EFI_TLS_VERIFY_NONE or EFI_TLS_VERIFY_PEER, the last two
>options
>-/// are 'ORed' with EFI_TLS_VERIFY_PEER if they are desired.
>-///
>-typedef UINT32 EFI_TLS_VERIFY;
>-///
>-/// No certificates will be sent or the TLS/SSL handshake will be continued
>regardless
>-/// of the certificate verification result.
>-///
>-#define EFI_TLS_VERIFY_NONE 0x0
>-///
>-/// The TLS/SSL handshake is immediately terminated with an alert message
>containing
>-/// the reason for the certificate verification failure.
>-///
>-#define EFI_TLS_VERIFY_PEER 0x1
>-///
>-/// TLS session will fail peer certificate is absent.
>-///
>-#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2
>-///
>-/// TLS session only verify client once, and doesn't request certificate during
>-/// re-negotiation.
>-///
>-#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4
>-
>-///
>-/// EFI_TLS_RANDOM
>-/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1.
>-/// Hello Messages".
>-///
>-typedef struct {
>- UINT32 GmtUnixTime;
>- UINT8 RandomBytes[28];
>-} EFI_TLS_RANDOM;
>-
>-///
>-/// EFI_TLS_MASTER_SECRET
>-/// Note: The definition of EFI_TLS_MASTER_SECRET is from "RFC 5246 8.1.
>-/// Computing the Master Secret".
>-///
>-typedef struct {
>- UINT8 Data[48];
>-} EFI_TLS_MASTER_SECRET;
>-
>-///
>-/// EFI_TLS_SESSION_ID
>-/// Note: The definition of EFI_TLS_SESSION_ID is from "RFC 5246 A.4.1. Hello
>Messages".
>-///
>-#define MAX_TLS_SESSION_ID_LENGTH 32
>-typedef struct {
>- UINT16 Length;
>- UINT8 Data[MAX_TLS_SESSION_ID_LENGTH];
>-} EFI_TLS_SESSION_ID;
>-
>-///
>-/// EFI_TLS_SESSION_STATE
>-///
>-typedef enum {
>- ///
>- /// When a new child of TLS protocol is created, the initial state of TLS
>session
>- /// is EfiTlsSessionNotStarted.
>- ///
>- EfiTlsSessionNotStarted,
>- ///
>- /// The consumer can call BuildResponsePacket() with NULL to get
>ClientHello to
>- /// start the TLS session. Then the status is EfiTlsSessionHandShaking.
>- ///
>- EfiTlsSessionHandShaking,
>- ///
>- /// During handshake, the consumer need call BuildResponsePacket() with
>input
>- /// data from peer, then get response packet and send to peer. After
>handshake
>- /// finish, the TLS session status becomes EfiTlsSessionDataTransferring, and
>- /// consumer can use ProcessPacket() for data transferring.
>- ///
>- EfiTlsSessionDataTransferring,
>- ///
>- /// Finally, if consumer wants to active close TLS session, consumer need
>- /// call SetSessionData to set TLS session state to EfiTlsSessionClosing, and
>- /// call BuildResponsePacket() with NULL to get CloseNotify alert message,
>- /// and sent it out.
>- ///
>- EfiTlsSessionClosing,
>- ///
>- /// If any error happen during parsing ApplicationData content type,
>EFI_ABORT
>- /// will be returned by ProcessPacket(), and TLS session state will become
>- /// EfiTlsSessionError. Then consumer need call BuildResponsePacket() with
>- /// NULL to get alert message and sent it out.
>- ///
>- EfiTlsSessionError,
>-
>- EfiTlsSessionStateMaximum
>-
>-} EFI_TLS_SESSION_STATE;
>-
>-///
>-/// EFI_TLS_FRAGMENT_DATA
>-///
>-typedef struct {
>- ///
>- /// Length of data buffer in the fragment.
>- ///
>- UINT32 FragmentLength;
>- ///
>- /// Pointer to the data buffer in the fragment.
>- ///
>- VOID *FragmentBuffer;
>-} EFI_TLS_FRAGMENT_DATA;
>-
>-///
>-/// EFI_TLS_CRYPT_MODE
>-///
>-typedef enum {
>- ///
>- /// Encrypt data provided in the fragment buffers.
>- ///
>- EfiTlsEncrypt,
>- ///
>- /// Decrypt data provided in the fragment buffers.
>- ///
>- EfiTlsDecrypt,
>-} EFI_TLS_CRYPT_MODE;
>-
>-/**
>- Set TLS session data.
>-
>- The SetSessionData() function set data for a new TLS session. All session
>data should
>- be set before BuildResponsePacket() invoked.
>-
>- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
>- @param[in] DataType TLS session data type.
>- @param[in] Data Pointer to session data.
>- @param[in] DataSize Total size of session data.
>-
>- @retval EFI_SUCCESS The TLS session data is set successfully.
>- @retval EFI_INVALID_PARAMETER One or more of the following conditions
>is TRUE:
>- This is NULL.
>- Data is NULL.
>- DataSize is 0.
>- @retval EFI_UNSUPPORTED The DataType is unsupported.
>- @retval EFI_ACCESS_DENIED If the DataType is one of below:
>- EfiTlsClientRandom
>- EfiTlsServerRandom
>- EfiTlsKeyMaterial
>- @retval EFI_NOT_READY Current TLS session state is NOT
>- EfiTlsSessionStateNotStarted.
>- @retval EFI_OUT_OF_RESOURCES Required system resources could not
>be allocated.
>-**/
>-typedef
>-EFI_STATUS
>-(EFIAPI *EFI_TLS_SET_SESSION_DATA) (
>- IN EFI_TLS_PROTOCOL *This,
>- IN EFI_TLS_SESSION_DATA_TYPE DataType,
>- IN VOID *Data,
>- IN UINTN DataSize
>- );
>-
>-/**
>- Get TLS session data.
>-
>- The GetSessionData() function return the TLS session information.
>-
>- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
>- @param[in] DataType TLS session data type.
>- @param[in, out] Data Pointer to session data.
>- @param[in, out] DataSize Total size of session data. On input, it means
>- the size of Data buffer. On output, it means the size
>- of copied Data buffer if EFI_SUCCESS, and means the
>- size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
>-
>- @retval EFI_SUCCESS The TLS session data is got successfully.
>- @retval EFI_INVALID_PARAMETER One or more of the following conditions
>is TRUE:
>- This is NULL.
>- DataSize is NULL.
>- Data is NULL if *DataSize is not zero.
>- @retval EFI_UNSUPPORTED The DataType is unsupported.
>- @retval EFI_NOT_FOUND The TLS session data is not found.
>- @retval EFI_NOT_READY The DataType is not ready in current session
>state.
>- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
>-**/
>-typedef
>-EFI_STATUS
>-(EFIAPI *EFI_TLS_GET_SESSION_DATA) (
>- IN EFI_TLS_PROTOCOL *This,
>- IN EFI_TLS_SESSION_DATA_TYPE DataType,
>- IN OUT VOID *Data, OPTIONAL
>- IN OUT UINTN *DataSize
>- );
>-
>-/**
>- Build response packet according to TLS state machine. This function is only
>valid for
>- alert, handshake and change_cipher_spec content type.
>-
>- The BuildResponsePacket() function builds TLS response packet in response
>to the TLS
>- request packet specified by RequestBuffer and RequestSize. If
>RequestBuffer is NULL and
>- RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS
>session
>- will be initiated and the response packet needs to be ClientHello. If
>RequestBuffer is
>- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the
>TLS
>- session will be closed and response packet needs to be CloseNotify. If
>RequestBuffer is
>- NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the
>TLS
>- session has errors and the response packet needs to be Alert message
>based on error
>- type.
>-
>- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
>- @param[in] RequestBuffer Pointer to the most recently received TLS
>packet. NULL
>- means TLS need initiate the TLS session and response
>- packet need to be ClientHello.
>- @param[in] RequestSize Packet size in bytes for the most recently
>received TLS
>- packet. 0 is only valid when RequestBuffer is NULL.
>- @param[out] Buffer Pointer to the buffer to hold the built packet.
>- @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it
>is
>- the buffer size provided by the caller. On output, it
>- is the buffer size in fact needed to contain the
>- packet.
>-
>- @retval EFI_SUCCESS The required TLS packet is built successfully.
>- @retval EFI_INVALID_PARAMETER One or more of the following conditions
>is TRUE:
>- This is NULL.
>- RequestBuffer is NULL but RequestSize is NOT 0.
>- RequestSize is 0 but RequestBuffer is NOT NULL.
>- BufferSize is NULL.
>- Buffer is NULL if *BufferSize is not zero.
>- @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the
>response packet.
>- @retval EFI_NOT_READY Current TLS session state is NOT ready to
>build
>- ResponsePacket.
>- @retval EFI_ABORTED Something wrong build response packet.
>-**/
>-typedef
>-EFI_STATUS
>-(EFIAPI *EFI_TLS_BUILD_RESPONSE_PACKET) (
>- IN EFI_TLS_PROTOCOL *This,
>- IN UINT8 *RequestBuffer, OPTIONAL
>- IN UINTN RequestSize, OPTIONAL
>- OUT UINT8 *Buffer, OPTIONAL
>- IN OUT UINTN *BufferSize
>- );
>-
>-/**
>- Decrypt or encrypt TLS packet during session. This function is only valid after
>- session connected and for application_data content type.
>-
>- The ProcessPacket () function process each inbound or outbound TLS APP
>packet.
>-
>- @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
>- @param[in, out] FragmentTable Pointer to a list of fragment. The caller will
>take
>- responsible to handle the original FragmentTable while
>- it may be reallocated in TLS driver. If CryptMode is
>- EfiTlsEncrypt, on input these fragments contain the TLS
>- header and plain text TLS APP payload; on output these
>- fragments contain the TLS header and cipher text TLS
>- APP payload. If CryptMode is EfiTlsDecrypt, on input
>- these fragments contain the TLS header and cipher text
>- TLS APP payload; on output these fragments contain the
>- TLS header and plain text TLS APP payload.
>- @param[in] FragmentCount Number of fragment.
>- @param[in] CryptMode Crypt mode.
>-
>- @retval EFI_SUCCESS The operation completed successfully.
>- @retval EFI_INVALID_PARAMETER One or more of the following conditions
>is TRUE:
>- This is NULL.
>- FragmentTable is NULL.
>- FragmentCount is NULL.
>- CryptoMode is invalid.
>- @retval EFI_NOT_READY Current TLS session state is NOT
>- EfiTlsSessionDataTransferring.
>- @retval EFI_ABORTED Something wrong decryption the message. TLS
>session
>- status will become EfiTlsSessionError. The caller need
>- call BuildResponsePacket() to generate Error Alert
>- message and send it out.
>- @retval EFI_OUT_OF_RESOURCES No enough resource to finish the
>operation.
>-**/
>-typedef
>-EFI_STATUS
>-(EFIAPI *EFI_TLS_PROCESS_PACKET) (
>- IN EFI_TLS_PROTOCOL *This,
>- IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
>- IN UINT32 *FragmentCount,
>- IN EFI_TLS_CRYPT_MODE CryptMode
>- );
>-
>-///
>-/// The EFI_TLS_PROTOCOL is used to create, destroy and manage TLS
>session.
>-/// For detail of TLS, please refer to TLS related RFC.
>-///
>-struct _EFI_TLS_PROTOCOL {
>- EFI_TLS_SET_SESSION_DATA SetSessionData;
>- EFI_TLS_GET_SESSION_DATA GetSessionData;
>- EFI_TLS_BUILD_RESPONSE_PACKET BuildResponsePacket;
>- EFI_TLS_PROCESS_PACKET ProcessPacket;
>-};
>-
>-extern EFI_GUID gEfiTlsServiceBindingProtocolGuid;
>-extern EFI_GUID gEfiTlsProtocolGuid;
>-
>-#endif // __EFI_TLS_PROTOCOL_H__
>+/** @file
>+ EFI TLS Protocols as defined in UEFI 2.5.
>+
>+ The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol drivers
>+ to create and destroy child of the driver to communicate with other host
>using
>+ TLS protocol.
>+ The EFI TLS Protocol provides the ability to manage TLS session.
>+
>+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
>+ This program and the accompanying materials
>+ are licensed and made available under the terms and conditions of the BSD
>License
>+ which accompanies this distribution. The full text of the license may be
>found at
>+ http://opensource.org/licenses/bsd-license.php
>+
>+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
>BASIS,
>+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
>EXPRESS OR IMPLIED.
>+
>+ @par Revision Reference:
>+ This Protocol is introduced in UEFI Specification 2.5
>+
>+**/
>+
>+#ifndef __EFI_TLS_PROTOCOL_H__
>+#define __EFI_TLS_PROTOCOL_H__
>+
>+///
>+/// The EFI TLS Service Binding Protocol is used to locate EFI TLS Protocol
>drivers to
>+/// create and destroy child of the driver to communicate with other host
>using TLS
>+/// protocol.
>+///
>+#define EFI_TLS_SERVICE_BINDING_PROTOCOL_GUID \
>+ { \
>+ 0x952cb795, 0xff36, 0x48cf, {0xa2, 0x49, 0x4d, 0xf4, 0x86, 0xd6, 0xab, 0x8d }
>\
>+ }
>+
>+///
>+/// The EFI TLS protocol provides the ability to manage TLS session.
>+///
>+#define EFI_TLS_PROTOCOL_GUID \
>+ { \
>+ 0xca959f, 0x6cfa, 0x4db1, {0x95, 0xbc, 0xe4, 0x6c, 0x47, 0x51, 0x43, 0x90 } \
>+ }
>+
>+typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL;
>+
>+///
>+/// EFI_TLS_SESSION_DATA_TYPE
>+///
>+typedef enum {
>+ ///
>+ /// Session Configuration
>+ ///
>+
>+ ///
>+ /// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION.
>+ ///
>+ EfiTlsVersion,
>+ ///
>+ /// TLS session as client or as server. The corresponding Data is of
>+ /// EFI_TLS_CONNECTION_END.
>+ ///
>+ EfiTlsConnectionEnd,
>+ ///
>+ /// A priority list of preferred algorithms for the TLS session.
>+ /// The corresponding Data is a list of EFI_TLS_CIPHER.
>+ ///
>+ EfiTlsCipherList,
>+ ///
>+ /// TLS session compression method.
>+ /// The corresponding Data is of type EFI_TLS_COMPRESSION.
>+ ///
>+ EfiTlsCompressionMethod,
>+ ///
>+ /// TLS session extension data.
>+ /// The corresponding Data is a list of type EFI_TLS_EXTENSION .
>+ ///
>+ EfiTlsExtensionData,
>+ ///
>+ /// TLS session verify method.
>+ /// The corresponding Data is of type EFI_TLS_VERIFY.
>+ ///
>+ EfiTlsVerifyMethod,
>+ ///
>+ /// TLS session data session ID.
>+ /// For SetSessionData(), it is TLS session ID used for session resumption.
>+ /// For GetSessionData(), it is the TLS session ID used for current session.
>+ /// The corresponding Data is of type EFI_TLS_SESSION_ID.
>+ ///
>+ EfiTlsSessionID,
>+ ///
>+ /// TLS session data session state.
>+ /// The corresponding Data is of type EFI_TLS_SESSION_STATE.
>+ ///
>+ EfiTlsSessionState,
>+
>+ ///
>+ /// Session information
>+ ///
>+
>+ ///
>+ /// TLS session data client random.
>+ /// The corresponding Data is of type EFI_TLS_RANDOM.
>+ ///
>+ EfiTlsClientRandom,
>+ ///
>+ /// TLS session data server random.
>+ /// The corresponding Data is of type EFI_TLS_RANDOM.
>+ ///
>+ EfiTlsServerRandom,
>+ ///
>+ /// TLS session data key material.
>+ /// The corresponding Data is of type EFI_TLS_MASTER_SECRET.
>+ ///
>+ EfiTlsKeyMaterial,
>+
>+ EfiTlsSessionDataTypeMaximum
>+
>+} EFI_TLS_SESSION_DATA_TYPE;
>+
>+///
>+/// EFI_TLS_VERSION
>+/// Note: The TLS version definition is from SSL3.0 to the latest TLS (e.g. 1.2).
>+/// SSL2.0 is obsolete and should not be used.
>+///
>+typedef struct {
>+ UINT8 Major;
>+ UINT8 Minor;
>+} EFI_TLS_VERSION;
>+
>+///
>+/// EFI_TLS_CONNECTION_END to define TLS session as client or server.
>+///
>+typedef enum {
>+ EfiTlsClient,
>+ EfiTlsServer,
>+} EFI_TLS_CONNECTION_END;
>+
>+///
>+/// EFI_TLS_CIPHER
>+/// Note: The definition of EFI_TLS_CIPHER definition is from "RFC 5246,
>A.4.1.
>+/// Hello Messages". The value of EFI_TLS_CIPHER is from TLS Cipher
>+/// Suite Registry of IANA.
>+///
>+typedef struct {
>+ UINT8 Data1;
>+ UINT8 Data2;
>+} EFI_TLS_CIPHER;
>+
>+///
>+/// EFI_TLS_COMPRESSION
>+/// Note: The value of EFI_TLS_COMPRESSION definition is from "RFC 3749".
>+///
>+typedef UINT8 EFI_TLS_COMPRESSION;
>+
>+///
>+/// EFI_TLS_EXTENSION
>+/// Note: The definition of EFI_TLS_EXTENSION if from "RFC 5246 A.4.1.
>+/// Hello Messages".
>+///
>+typedef struct {
>+ UINT16 ExtensionType;
>+ UINT16 Length;
>+ UINT8 Data[1];
>+} EFI_TLS_EXTENSION;
>+
>+///
>+/// EFI_TLS_VERIFY
>+/// Use either EFI_TLS_VERIFY_NONE or EFI_TLS_VERIFY_PEER, the last two
>options
>+/// are 'ORed' with EFI_TLS_VERIFY_PEER if they are desired.
>+///
>+typedef UINT32 EFI_TLS_VERIFY;
>+///
>+/// No certificates will be sent or the TLS/SSL handshake will be continued
>regardless
>+/// of the certificate verification result.
>+///
>+#define EFI_TLS_VERIFY_NONE 0x0
>+///
>+/// The TLS/SSL handshake is immediately terminated with an alert message
>containing
>+/// the reason for the certificate verification failure.
>+///
>+#define EFI_TLS_VERIFY_PEER 0x1
>+///
>+/// TLS session will fail peer certificate is absent.
>+///
>+#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2
>+///
>+/// TLS session only verify client once, and doesn't request certificate during
>+/// re-negotiation.
>+///
>+#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4
>+
>+///
>+/// EFI_TLS_RANDOM
>+/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1.
>+/// Hello Messages".
>+///
>+typedef struct {
>+ UINT32 GmtUnixTime;
>+ UINT8 RandomBytes[28];
>+} EFI_TLS_RANDOM;
>+
>+///
>+/// EFI_TLS_MASTER_SECRET
>+/// Note: The definition of EFI_TLS_MASTER_SECRET is from "RFC 5246 8.1.
>+/// Computing the Master Secret".
>+///
>+typedef struct {
>+ UINT8 Data[48];
>+} EFI_TLS_MASTER_SECRET;
>+
>+///
>+/// EFI_TLS_SESSION_ID
>+/// Note: The definition of EFI_TLS_SESSION_ID is from "RFC 5246 A.4.1.
>Hello Messages".
>+///
>+#define MAX_TLS_SESSION_ID_LENGTH 32
>+typedef struct {
>+ UINT16 Length;
>+ UINT8 Data[MAX_TLS_SESSION_ID_LENGTH];
>+} EFI_TLS_SESSION_ID;
>+
>+///
>+/// EFI_TLS_SESSION_STATE
>+///
>+typedef enum {
>+ ///
>+ /// When a new child of TLS protocol is created, the initial state of TLS
>session
>+ /// is EfiTlsSessionNotStarted.
>+ ///
>+ EfiTlsSessionNotStarted,
>+ ///
>+ /// The consumer can call BuildResponsePacket() with NULL to get
>ClientHello to
>+ /// start the TLS session. Then the status is EfiTlsSessionHandShaking.
>+ ///
>+ EfiTlsSessionHandShaking,
>+ ///
>+ /// During handshake, the consumer need call BuildResponsePacket() with
>input
>+ /// data from peer, then get response packet and send to peer. After
>handshake
>+ /// finish, the TLS session status becomes EfiTlsSessionDataTransferring,
>and
>+ /// consumer can use ProcessPacket() for data transferring.
>+ ///
>+ EfiTlsSessionDataTransferring,
>+ ///
>+ /// Finally, if consumer wants to active close TLS session, consumer need
>+ /// call SetSessionData to set TLS session state to EfiTlsSessionClosing, and
>+ /// call BuildResponsePacket() with NULL to get CloseNotify alert message,
>+ /// and sent it out.
>+ ///
>+ EfiTlsSessionClosing,
>+ ///
>+ /// If any error happen during parsing ApplicationData content type,
>EFI_ABORT
>+ /// will be returned by ProcessPacket(), and TLS session state will become
>+ /// EfiTlsSessionError. Then consumer need call BuildResponsePacket() with
>+ /// NULL to get alert message and sent it out.
>+ ///
>+ EfiTlsSessionError,
>+
>+ EfiTlsSessionStateMaximum
>+
>+} EFI_TLS_SESSION_STATE;
>+
>+///
>+/// EFI_TLS_FRAGMENT_DATA
>+///
>+typedef struct {
>+ ///
>+ /// Length of data buffer in the fragment.
>+ ///
>+ UINT32 FragmentLength;
>+ ///
>+ /// Pointer to the data buffer in the fragment.
>+ ///
>+ VOID *FragmentBuffer;
>+} EFI_TLS_FRAGMENT_DATA;
>+
>+///
>+/// EFI_TLS_CRYPT_MODE
>+///
>+typedef enum {
>+ ///
>+ /// Encrypt data provided in the fragment buffers.
>+ ///
>+ EfiTlsEncrypt,
>+ ///
>+ /// Decrypt data provided in the fragment buffers.
>+ ///
>+ EfiTlsDecrypt,
>+} EFI_TLS_CRYPT_MODE;
>+
>+/**
>+ Set TLS session data.
>+
>+ The SetSessionData() function set data for a new TLS session. All session
>data should
>+ be set before BuildResponsePacket() invoked.
>+
>+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
>+ @param[in] DataType TLS session data type.
>+ @param[in] Data Pointer to session data.
>+ @param[in] DataSize Total size of session data.
>+
>+ @retval EFI_SUCCESS The TLS session data is set successfully.
>+ @retval EFI_INVALID_PARAMETER One or more of the following
>conditions is TRUE:
>+ This is NULL.
>+ Data is NULL.
>+ DataSize is 0.
>+ @retval EFI_UNSUPPORTED The DataType is unsupported.
>+ @retval EFI_ACCESS_DENIED If the DataType is one of below:
>+ EfiTlsClientRandom
>+ EfiTlsServerRandom
>+ EfiTlsKeyMaterial
>+ @retval EFI_NOT_READY Current TLS session state is NOT
>+ EfiTlsSessionStateNotStarted.
>+ @retval EFI_OUT_OF_RESOURCES Required system resources could not
>be allocated.
>+**/
>+typedef
>+EFI_STATUS
>+(EFIAPI *EFI_TLS_SET_SESSION_DATA) (
>+ IN EFI_TLS_PROTOCOL *This,
>+ IN EFI_TLS_SESSION_DATA_TYPE DataType,
>+ IN VOID *Data,
>+ IN UINTN DataSize
>+ );
>+
>+/**
>+ Get TLS session data.
>+
>+ The GetSessionData() function return the TLS session information.
>+
>+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
>+ @param[in] DataType TLS session data type.
>+ @param[in, out] Data Pointer to session data.
>+ @param[in, out] DataSize Total size of session data. On input, it means
>+ the size of Data buffer. On output, it means the size
>+ of copied Data buffer if EFI_SUCCESS, and means the
>+ size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
>+
>+ @retval EFI_SUCCESS The TLS session data is got successfully.
>+ @retval EFI_INVALID_PARAMETER One or more of the following
>conditions is TRUE:
>+ This is NULL.
>+ DataSize is NULL.
>+ Data is NULL if *DataSize is not zero.
>+ @retval EFI_UNSUPPORTED The DataType is unsupported.
>+ @retval EFI_NOT_FOUND The TLS session data is not found.
>+ @retval EFI_NOT_READY The DataType is not ready in current session
>state.
>+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
>+**/
>+typedef
>+EFI_STATUS
>+(EFIAPI *EFI_TLS_GET_SESSION_DATA) (
>+ IN EFI_TLS_PROTOCOL *This,
>+ IN EFI_TLS_SESSION_DATA_TYPE DataType,
>+ IN OUT VOID *Data, OPTIONAL
>+ IN OUT UINTN *DataSize
>+ );
>+
>+/**
>+ Build response packet according to TLS state machine. This function is only
>valid for
>+ alert, handshake and change_cipher_spec content type.
>+
>+ The BuildResponsePacket() function builds TLS response packet in response
>to the TLS
>+ request packet specified by RequestBuffer and RequestSize. If
>RequestBuffer is NULL and
>+ RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS
>session
>+ will be initiated and the response packet needs to be ClientHello. If
>RequestBuffer is
>+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing, the
>TLS
>+ session will be closed and response packet needs to be CloseNotify. If
>RequestBuffer is
>+ NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the
>TLS
>+ session has errors and the response packet needs to be Alert message
>based on error
>+ type.
>+
>+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
>+ @param[in] RequestBuffer Pointer to the most recently received TLS
>packet. NULL
>+ means TLS need initiate the TLS session and response
>+ packet need to be ClientHello.
>+ @param[in] RequestSize Packet size in bytes for the most recently
>received TLS
>+ packet. 0 is only valid when RequestBuffer is NULL.
>+ @param[out] Buffer Pointer to the buffer to hold the built packet.
>+ @param[in, out] BufferSize Pointer to the buffer size in bytes. On input,
>it is
>+ the buffer size provided by the caller. On output, it
>+ is the buffer size in fact needed to contain the
>+ packet.
>+
>+ @retval EFI_SUCCESS The required TLS packet is built successfully.
>+ @retval EFI_INVALID_PARAMETER One or more of the following
>conditions is TRUE:
>+ This is NULL.
>+ RequestBuffer is NULL but RequestSize is NOT 0.
>+ RequestSize is 0 but RequestBuffer is NOT NULL.
>+ BufferSize is NULL.
>+ Buffer is NULL if *BufferSize is not zero.
>+ @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the
>response packet.
>+ @retval EFI_NOT_READY Current TLS session state is NOT ready to
>build
>+ ResponsePacket.
>+ @retval EFI_ABORTED Something wrong build response packet.
>+**/
>+typedef
>+EFI_STATUS
>+(EFIAPI *EFI_TLS_BUILD_RESPONSE_PACKET) (
>+ IN EFI_TLS_PROTOCOL *This,
>+ IN UINT8 *RequestBuffer, OPTIONAL
>+ IN UINTN RequestSize, OPTIONAL
>+ OUT UINT8 *Buffer, OPTIONAL
>+ IN OUT UINTN *BufferSize
>+ );
>+
>+/**
>+ Decrypt or encrypt TLS packet during session. This function is only valid after
>+ session connected and for application_data content type.
>+
>+ The ProcessPacket () function process each inbound or outbound TLS APP
>packet.
>+
>+ @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
>+ @param[in, out] FragmentTable Pointer to a list of fragment. The caller will
>take
>+ responsible to handle the original FragmentTable while
>+ it may be reallocated in TLS driver. If CryptMode is
>+ EfiTlsEncrypt, on input these fragments contain the TLS
>+ header and plain text TLS APP payload; on output these
>+ fragments contain the TLS header and cipher text TLS
>+ APP payload. If CryptMode is EfiTlsDecrypt, on input
>+ these fragments contain the TLS header and cipher text
>+ TLS APP payload; on output these fragments contain the
>+ TLS header and plain text TLS APP payload.
>+ @param[in] FragmentCount Number of fragment.
>+ @param[in] CryptMode Crypt mode.
>+
>+ @retval EFI_SUCCESS The operation completed successfully.
>+ @retval EFI_INVALID_PARAMETER One or more of the following
>conditions is TRUE:
>+ This is NULL.
>+ FragmentTable is NULL.
>+ FragmentCount is NULL.
>+ CryptoMode is invalid.
>+ @retval EFI_NOT_READY Current TLS session state is NOT
>+ EfiTlsSessionDataTransferring.
>+ @retval EFI_ABORTED Something wrong decryption the message. TLS
>session
>+ status will become EfiTlsSessionError. The caller need
>+ call BuildResponsePacket() to generate Error Alert
>+ message and send it out.
>+ @retval EFI_OUT_OF_RESOURCES No enough resource to finish the
>operation.
>+**/
>+typedef
>+EFI_STATUS
>+(EFIAPI *EFI_TLS_PROCESS_PACKET) (
>+ IN EFI_TLS_PROTOCOL *This,
>+ IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
>+ IN UINT32 *FragmentCount,
>+ IN EFI_TLS_CRYPT_MODE CryptMode
>+ );
>+
>+///
>+/// The EFI_TLS_PROTOCOL is used to create, destroy and manage TLS
>session.
>+/// For detail of TLS, please refer to TLS related RFC.
>+///
>+struct _EFI_TLS_PROTOCOL {
>+ EFI_TLS_SET_SESSION_DATA SetSessionData;
>+ EFI_TLS_GET_SESSION_DATA GetSessionData;
>+ EFI_TLS_BUILD_RESPONSE_PACKET BuildResponsePacket;
>+ EFI_TLS_PROCESS_PACKET ProcessPacket;
>+};
>+
>+extern EFI_GUID gEfiTlsServiceBindingProtocolGuid;
>+extern EFI_GUID gEfiTlsProtocolGuid;
>+
>+#endif // __EFI_TLS_PROTOCOL_H__
>+
>diff --git a/MdePkg/Include/Protocol/TlsConfig.h
>b/MdePkg/Include/Protocol/TlsConfig.h
>index 012f4ce75e..3e5916cb9d 100644
>--- a/MdePkg/Include/Protocol/TlsConfig.h
>+++ b/MdePkg/Include/Protocol/TlsConfig.h
>@@ -1,132 +1,133 @@
>-/** @file
>- EFI TLS Configuration Protocol as defined in UEFI 2.5.
>- The EFI TLS Configuration Protocol provides a way to set and get TLS
>configuration.
>-
>- Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
>- This program and the accompanying materials
>- are licensed and made available under the terms and conditions of the BSD
>License
>- which accompanies this distribution. The full text of the license may be
>found at
>- http://opensource.org/licenses/bsd-license.php
>-
>- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
>BASIS,
>- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
>EXPRESS OR IMPLIED.
>-
>- @par Revision Reference:
>- This Protocol is introduced in UEFI Specification 2.5
>-
>-**/
>-#ifndef __EFI_TLS_CONFIGURATION_PROTOCOL_H__
>-#define __EFI_TLS_CONFIGURATION_PROTOCOL_H__
>-
>-///
>-/// The EFI Configuration protocol provides a way to set and get TLS
>configuration.
>-///
>-#define EFI_TLS_CONFIGURATION_PROTOCOL_GUID \
>- { \
>- 0x1682fe44, 0xbd7a, 0x4407, { 0xb7, 0xc7, 0xdc, 0xa3, 0x7c, 0xa3, 0x92,
>0x2d } \
>- }
>-
>-typedef struct _EFI_TLS_CONFIGURATION_PROTOCOL
>EFI_TLS_CONFIGURATION_PROTOCOL;
>-
>-///
>-/// EFI_TLS_CONFIG_DATA_TYPE
>-///
>-typedef enum {
>- ///
>- /// Local host configuration data: public certificate data.
>- /// This data should be DER-encoded binary X.509 certificate
>- /// or PEM-encoded X.509 certificate.
>- ///
>- EfiTlsConfigDataTypeHostPublicCert,
>- ///
>- /// Local host configuration data: private key data.
>- ///
>- EfiTlsConfigDataTypeHostPrivateKey,
>- ///
>- /// CA certificate to verify peer. This data should be PEM-encoded
>- /// RSA or PKCS#8 private key.
>- ///
>- EfiTlsConfigDataTypeCACertificate,
>- ///
>- /// CA-supplied Certificate Revocation List data. This data should
>- /// be DER-encoded CRL data.
>- ///
>- EfiTlsConfigDataTypeCertRevocationList,
>-
>- EfiTlsConfigDataTypeMaximum
>-
>-} EFI_TLS_CONFIG_DATA_TYPE;
>-
>-/**
>- Set TLS configuration data.
>-
>- The SetData() function sets TLS configuration to non-volatile storage or
>volatile
>- storage.
>-
>- @param[in] This Pointer to the
>EFI_TLS_CONFIGURATION_PROTOCOL instance.
>- @param[in] DataType Configuration data type.
>- @param[in] Data Pointer to configuration data.
>- @param[in] DataSize Total size of configuration data.
>-
>- @retval EFI_SUCCESS The TLS configuration data is set successfully.
>- @retval EFI_INVALID_PARAMETER One or more of the following conditions
>is TRUE:
>- This is NULL.
>- Data is NULL.
>- DataSize is 0.
>- @retval EFI_UNSUPPORTED The DataType is unsupported.
>- @retval EFI_OUT_OF_RESOURCES Required system resources could not
>be allocated.
>-
>-**/
>-typedef
>-EFI_STATUS
>-(EFIAPI *EFI_TLS_CONFIGURATION_SET_DATA)(
>- IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
>- IN EFI_TLS_CONFIG_DATA_TYPE DataType,
>- IN VOID *Data,
>- IN UINTN DataSize
>- );
>-
>-/**
>- Get TLS configuration data.
>-
>- The GetData() function gets TLS configuration.
>-
>- @param[in] This Pointer to the
>EFI_TLS_CONFIGURATION_PROTOCOL instance.
>- @param[in] DataType Configuration data type.
>- @param[in, out] Data Pointer to configuration data.
>- @param[in, out] DataSize Total size of configuration data. On input, it
>means
>- the size of Data buffer. On output, it means the size
>- of copied Data buffer if EFI_SUCCESS, and means the
>- size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
>-
>- @retval EFI_SUCCESS The TLS configuration data is got successfully.
>- @retval EFI_INVALID_PARAMETER One or more of the following conditions
>is TRUE:
>- This is NULL.
>- DataSize is NULL.
>- Data is NULL if *DataSize is not zero.
>- @retval EFI_UNSUPPORTED The DataType is unsupported.
>- @retval EFI_NOT_FOUND The TLS configuration data is not found.
>- @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
>-
>-**/
>-typedef
>-EFI_STATUS
>-(EFIAPI *EFI_TLS_CONFIGURATION_GET_DATA)(
>- IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
>- IN EFI_TLS_CONFIG_DATA_TYPE DataType,
>- IN OUT VOID *Data, OPTIONAL
>- IN OUT UINTN *DataSize
>- );
>-
>-///
>-/// The EFI_TLS_CONFIGURATION_PROTOCOL is designed to provide a way
>to set and get
>-/// TLS configuration, such as Certificate, private key data.
>-///
>-struct _EFI_TLS_CONFIGURATION_PROTOCOL {
>- EFI_TLS_CONFIGURATION_SET_DATA SetData;
>- EFI_TLS_CONFIGURATION_GET_DATA GetData;
>-};
>-
>-extern EFI_GUID gEfiTlsConfigurationProtocolGuid;
>-
>-#endif //__EFI_TLS_CONFIGURATION_PROTOCOL_H__
>+/** @file
>+ EFI TLS Configuration Protocol as defined in UEFI 2.5.
>+ The EFI TLS Configuration Protocol provides a way to set and get TLS
>configuration.
>+
>+ Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
>+ This program and the accompanying materials
>+ are licensed and made available under the terms and conditions of the BSD
>License
>+ which accompanies this distribution. The full text of the license may be
>found at
>+ http://opensource.org/licenses/bsd-license.php
>+
>+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
>BASIS,
>+ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
>EXPRESS OR IMPLIED.
>+
>+ @par Revision Reference:
>+ This Protocol is introduced in UEFI Specification 2.5
>+
>+**/
>+#ifndef __EFI_TLS_CONFIGURATION_PROTOCOL_H__
>+#define __EFI_TLS_CONFIGURATION_PROTOCOL_H__
>+
>+///
>+/// The EFI Configuration protocol provides a way to set and get TLS
>configuration.
>+///
>+#define EFI_TLS_CONFIGURATION_PROTOCOL_GUID \
>+ { \
>+ 0x1682fe44, 0xbd7a, 0x4407, { 0xb7, 0xc7, 0xdc, 0xa3, 0x7c, 0xa3, 0x92,
>0x2d } \
>+ }
>+
>+typedef struct _EFI_TLS_CONFIGURATION_PROTOCOL
>EFI_TLS_CONFIGURATION_PROTOCOL;
>+
>+///
>+/// EFI_TLS_CONFIG_DATA_TYPE
>+///
>+typedef enum {
>+ ///
>+ /// Local host configuration data: public certificate data.
>+ /// This data should be DER-encoded binary X.509 certificate
>+ /// or PEM-encoded X.509 certificate.
>+ ///
>+ EfiTlsConfigDataTypeHostPublicCert,
>+ ///
>+ /// Local host configuration data: private key data.
>+ ///
>+ EfiTlsConfigDataTypeHostPrivateKey,
>+ ///
>+ /// CA certificate to verify peer. This data should be PEM-encoded
>+ /// RSA or PKCS#8 private key.
>+ ///
>+ EfiTlsConfigDataTypeCACertificate,
>+ ///
>+ /// CA-supplied Certificate Revocation List data. This data should
>+ /// be DER-encoded CRL data.
>+ ///
>+ EfiTlsConfigDataTypeCertRevocationList,
>+
>+ EfiTlsConfigDataTypeMaximum
>+
>+} EFI_TLS_CONFIG_DATA_TYPE;
>+
>+/**
>+ Set TLS configuration data.
>+
>+ The SetData() function sets TLS configuration to non-volatile storage or
>volatile
>+ storage.
>+
>+ @param[in] This Pointer to the
>EFI_TLS_CONFIGURATION_PROTOCOL instance.
>+ @param[in] DataType Configuration data type.
>+ @param[in] Data Pointer to configuration data.
>+ @param[in] DataSize Total size of configuration data.
>+
>+ @retval EFI_SUCCESS The TLS configuration data is set successfully.
>+ @retval EFI_INVALID_PARAMETER One or more of the following
>conditions is TRUE:
>+ This is NULL.
>+ Data is NULL.
>+ DataSize is 0.
>+ @retval EFI_UNSUPPORTED The DataType is unsupported.
>+ @retval EFI_OUT_OF_RESOURCES Required system resources could not
>be allocated.
>+
>+**/
>+typedef
>+EFI_STATUS
>+(EFIAPI *EFI_TLS_CONFIGURATION_SET_DATA)(
>+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
>+ IN EFI_TLS_CONFIG_DATA_TYPE DataType,
>+ IN VOID *Data,
>+ IN UINTN DataSize
>+ );
>+
>+/**
>+ Get TLS configuration data.
>+
>+ The GetData() function gets TLS configuration.
>+
>+ @param[in] This Pointer to the
>EFI_TLS_CONFIGURATION_PROTOCOL instance.
>+ @param[in] DataType Configuration data type.
>+ @param[in, out] Data Pointer to configuration data.
>+ @param[in, out] DataSize Total size of configuration data. On input, it
>means
>+ the size of Data buffer. On output, it means the size
>+ of copied Data buffer if EFI_SUCCESS, and means the
>+ size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
>+
>+ @retval EFI_SUCCESS The TLS configuration data is got successfully.
>+ @retval EFI_INVALID_PARAMETER One or more of the following
>conditions is TRUE:
>+ This is NULL.
>+ DataSize is NULL.
>+ Data is NULL if *DataSize is not zero.
>+ @retval EFI_UNSUPPORTED The DataType is unsupported.
>+ @retval EFI_NOT_FOUND The TLS configuration data is not found.
>+ @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
>+
>+**/
>+typedef
>+EFI_STATUS
>+(EFIAPI *EFI_TLS_CONFIGURATION_GET_DATA)(
>+ IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
>+ IN EFI_TLS_CONFIG_DATA_TYPE DataType,
>+ IN OUT VOID *Data, OPTIONAL
>+ IN OUT UINTN *DataSize
>+ );
>+
>+///
>+/// The EFI_TLS_CONFIGURATION_PROTOCOL is designed to provide a way
>to set and get
>+/// TLS configuration, such as Certificate, private key data.
>+///
>+struct _EFI_TLS_CONFIGURATION_PROTOCOL {
>+ EFI_TLS_CONFIGURATION_SET_DATA SetData;
>+ EFI_TLS_CONFIGURATION_GET_DATA GetData;
>+};
>+
>+extern EFI_GUID gEfiTlsConfigurationProtocolGuid;
>+
>+#endif //__EFI_TLS_CONFIGURATION_PROTOCOL_H__
>+
>diff --git a/MdePkg/Library/BaseLib/SafeString.c
>b/MdePkg/Library/BaseLib/SafeString.c
>index 249fe477b4..68c33e9b7b 100644
>--- a/MdePkg/Library/BaseLib/SafeString.c
>+++ b/MdePkg/Library/BaseLib/SafeString.c
>@@ -217,7 +217,7 @@ StrnSizeS (
> @retval RETURN_INVALID_PARAMETER If Destination is NULL.
> If Source is NULL.
> If PcdMaximumUnicodeStringLength is not zero,
>- and DestMax is greater than
>+ and DestMax is greater than
> PcdMaximumUnicodeStringLength.
> If DestMax is 0.
> @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
>@@ -231,7 +231,7 @@ StrCpyS (
> )
> {
> UINTN SourceLen;
>-
>+
> ASSERT (((UINTN) Destination & BIT0) == 0);
> ASSERT (((UINTN) Source & BIT0) == 0);
>
>@@ -296,12 +296,12 @@ StrCpyS (
> @param Length The maximum number of Unicode characters to
>copy.
>
> @retval RETURN_SUCCESS String is copied.
>- @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
>+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
> MIN(StrLen(Source), Length).
> @retval RETURN_INVALID_PARAMETER If Destination is NULL.
> If Source is NULL.
> If PcdMaximumUnicodeStringLength is not zero,
>- and DestMax is greater than
>+ and DestMax is greater than
> PcdMaximumUnicodeStringLength.
> If DestMax is 0.
> @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
>@@ -388,14 +388,14 @@ StrnCpyS (
> @param Source A pointer to a Null-terminated Unicode string.
>
> @retval RETURN_SUCCESS String is appended.
>- @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
>+ @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
> StrLen(Destination).
> @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is
>NOT
> greater than StrLen(Source).
> @retval RETURN_INVALID_PARAMETER If Destination is NULL.
> If Source is NULL.
> If PcdMaximumUnicodeStringLength is not zero,
>- and DestMax is greater than
>+ and DestMax is greater than
> PcdMaximumUnicodeStringLength.
> If DestMax is 0.
> @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
>@@ -411,7 +411,7 @@ StrCatS (
> UINTN DestLen;
> UINTN CopyLen;
> UINTN SourceLen;
>-
>+
> ASSERT (((UINTN) Destination & BIT0) == 0);
> ASSERT (((UINTN) Source & BIT0) == 0);
>
>@@ -497,7 +497,7 @@ StrCatS (
> @retval RETURN_INVALID_PARAMETER If Destination is NULL.
> If Source is NULL.
> If PcdMaximumUnicodeStringLength is not zero,
>- and DestMax is greater than
>+ and DestMax is greater than
> PcdMaximumUnicodeStringLength.
> If DestMax is 0.
> @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
>@@ -514,7 +514,7 @@ StrnCatS (
> UINTN DestLen;
> UINTN CopyLen;
> UINTN SourceLen;
>-
>+
> ASSERT (((UINTN) Destination & BIT0) == 0);
> ASSERT (((UINTN) Source & BIT0) == 0);
>
>@@ -1799,7 +1799,7 @@ AsciiStrnSizeS (
> @retval RETURN_INVALID_PARAMETER If Destination is NULL.
> If Source is NULL.
> If PcdMaximumAsciiStringLength is not zero,
>- and DestMax is greater than
>+ and DestMax is greater than
> PcdMaximumAsciiStringLength.
> If DestMax is 0.
> @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
>@@ -1813,7 +1813,7 @@ AsciiStrCpyS (
> )
> {
> UINTN SourceLen;
>-
>+
> //
> // 1. Neither Destination nor Source shall be a null pointer.
> //
>@@ -1873,12 +1873,12 @@ AsciiStrCpyS (
> @param Length The maximum number of Ascii characters to copy.
>
> @retval RETURN_SUCCESS String is copied.
>- @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
>+ @retval RETURN_BUFFER_TOO_SMALL If DestMax is NOT greater than
> MIN(StrLen(Source), Length).
> @retval RETURN_INVALID_PARAMETER If Destination is NULL.
> If Source is NULL.
> If PcdMaximumAsciiStringLength is not zero,
>- and DestMax is greater than
>+ and DestMax is greater than
> PcdMaximumAsciiStringLength.
> If DestMax is 0.
> @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
>@@ -1960,14 +1960,14 @@ AsciiStrnCpyS (
> @param Source A pointer to a Null-terminated Ascii string.
>
> @retval RETURN_SUCCESS String is appended.
>- @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
>+ @retval RETURN_BAD_BUFFER_SIZE If DestMax is NOT greater than
> StrLen(Destination).
> @retval RETURN_BUFFER_TOO_SMALL If (DestMax - StrLen(Destination)) is
>NOT
> greater than StrLen(Source).
> @retval RETURN_INVALID_PARAMETER If Destination is NULL.
> If Source is NULL.
> If PcdMaximumAsciiStringLength is not zero,
>- and DestMax is greater than
>+ and DestMax is greater than
> PcdMaximumAsciiStringLength.
> If DestMax is 0.
> @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
>@@ -1983,7 +1983,7 @@ AsciiStrCatS (
> UINTN DestLen;
> UINTN CopyLen;
> UINTN SourceLen;
>-
>+
> //
> // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination,
>DestMax) upon entry to AsciiStrCatS.
> //
>@@ -2064,7 +2064,7 @@ AsciiStrCatS (
> @retval RETURN_INVALID_PARAMETER If Destination is NULL.
> If Source is NULL.
> If PcdMaximumAsciiStringLength is not zero,
>- and DestMax is greater than
>+ and DestMax is greater than
> PcdMaximumAsciiStringLength.
> If DestMax is 0.
> @retval RETURN_ACCESS_DENIED If Source and Destination overlap.
>@@ -2081,7 +2081,7 @@ AsciiStrnCatS (
> UINTN DestLen;
> UINTN CopyLen;
> UINTN SourceLen;
>-
>+
> //
> // Let CopyLen denote the value DestMax - AsciiStrnLenS(Destination,
>DestMax) upon entry to AsciiStrnCatS.
> //
>@@ -3265,7 +3265,8 @@ AsciiStrToIpv6Address (
> &Address->Addr[CompressStart + ARRAY_SIZE (Address->Addr) -
>AddressIndex],
> &LocalAddress.Addr[CompressStart],
> AddressIndex - CompressStart
>- );
>
>+ );
>+
> }
>
> if (PrefixLength != NULL) {
>--
>2.12.0.windows.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 6/6] NetworkPkg: Convert files to CRLF line ending
2017-04-06 2:25 ` [PATCH 6/6] NetworkPkg: " Hao Wu
@ 2017-04-06 5:29 ` Wu, Jiaxin
0 siblings, 0 replies; 13+ messages in thread
From: Wu, Jiaxin @ 2017-04-06 5:29 UTC (permalink / raw)
To: Wu, Hao A, edk2-devel@lists.01.org; +Cc: Fu, Siyuan
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Thanks,
Jiaxin
> -----Original Message-----
> From: Wu, Hao A
> Sent: Thursday, April 6, 2017 10:25 AM
> To: edk2-devel@lists.01.org
> Cc: Wu, Hao A <hao.a.wu@intel.com>; Fu, Siyuan <siyuan.fu@intel.com>;
> Wu, Jiaxin <jiaxin.wu@intel.com>
> Subject: [PATCH 6/6] NetworkPkg: Convert files to CRLF line ending
>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Hao Wu <hao.a.wu@intel.com>
> ---
> NetworkPkg/HttpDxe/HttpsSupport.c | 3439 ++++++++++---------
> -
> NetworkPkg/HttpDxe/HttpsSupport.h | 521 +--
> NetworkPkg/Include/Guid/TlsAuthConfigHii.h | 51 +-
> NetworkPkg/Include/Guid/TlsAuthentication.h | 59 +-
> NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c | 270 +-
> NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf | 147 +-
> NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni | 42 +-
> NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni | 38 +-
> NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni | 78 +-
> NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 3377 +++++++++-
> ---------
> NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h | 564 ++--
> NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h | 99 +-
> NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr | 305 +-
> NetworkPkg/TlsDxe/TlsConfigProtocol.c | 305 +-
> NetworkPkg/TlsDxe/TlsDriver.c | 993 +++---
> NetworkPkg/TlsDxe/TlsDriver.h | 475 +--
> NetworkPkg/TlsDxe/TlsDxe.inf | 131 +-
> NetworkPkg/TlsDxe/TlsDxe.uni | 50 +-
> NetworkPkg/TlsDxe/TlsDxeExtra.uni | 37 +-
> NetworkPkg/TlsDxe/TlsImpl.c | 653 ++--
> NetworkPkg/TlsDxe/TlsImpl.h | 631 ++--
> NetworkPkg/TlsDxe/TlsProtocol.c | 1265 +++----
> 22 files changed, 6773 insertions(+), 6757 deletions(-)
>
> diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c
> b/NetworkPkg/HttpDxe/HttpsSupport.c
> index f0077dd4b8..e4d9a37bee 100644
> --- a/NetworkPkg/HttpDxe/HttpsSupport.c
> +++ b/NetworkPkg/HttpDxe/HttpsSupport.c
> @@ -1,1719 +1,1720 @@
> -/** @file
> - Miscellaneous routines specific to Https for HttpDxe driver.
> -
> -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> -(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> -This program and the accompanying materials
> -are licensed and made available under the terms and conditions of the BSD
> License
> -which accompanies this distribution. The full text of the license may be
> found at
> -http://opensource.org/licenses/bsd-license.php
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#include "HttpDriver.h"
> -
> -/**
> - Returns the first occurrence of a Null-terminated ASCII sub-string in a Null-
> terminated
> - ASCII string and ignore case during the search process.
> -
> - This function scans the contents of the ASCII string specified by String
> - and returns the first occurrence of SearchString and ignore case during the
> search process.
> - If SearchString is not found in String, then NULL is returned. If the length of
> SearchString
> - is zero, then String is returned.
> -
> - If String is NULL, then ASSERT().
> - If SearchString is NULL, then ASSERT().
> -
> - @param[in] String A pointer to a Null-terminated ASCII string.
> - @param[in] SearchString A pointer to a Null-terminated ASCII string to
> search for.
> -
> - @retval NULL If the SearchString does not appear in String.
> - @retval others If there is a match return the first occurrence of
> SearchingString.
> - If the length of SearchString is zero,return String.
> -
> -**/
> -CHAR8 *
> -AsciiStrCaseStr (
> - IN CONST CHAR8 *String,
> - IN CONST CHAR8 *SearchString
> - )
> -{
> - CONST CHAR8 *FirstMatch;
> - CONST CHAR8 *SearchStringTmp;
> -
> - CHAR8 Src;
> - CHAR8 Dst;
> -
> - //
> - // ASSERT both strings are less long than PcdMaximumAsciiStringLength
> - //
> - ASSERT (AsciiStrSize (String) != 0);
> - ASSERT (AsciiStrSize (SearchString) != 0);
> -
> - if (*SearchString == '\0') {
> - return (CHAR8 *) String;
> - }
> -
> - while (*String != '\0') {
> - SearchStringTmp = SearchString;
> - FirstMatch = String;
> -
> - while ((*SearchStringTmp != '\0')
> - && (*String != '\0')) {
> - Src = *String;
> - Dst = *SearchStringTmp;
> -
> - if ((Src >= 'A') && (Src <= 'Z')) {
> - Src -= ('A' - 'a');
> - }
> -
> - if ((Dst >= 'A') && (Dst <= 'Z')) {
> - Dst -= ('A' - 'a');
> - }
> -
> - if (Src != Dst) {
> - break;
> - }
> -
> - String++;
> - SearchStringTmp++;
> - }
> -
> - if (*SearchStringTmp == '\0') {
> - return (CHAR8 *) FirstMatch;
> - }
> -
> - String = FirstMatch + 1;
> - }
> -
> - return NULL;
> -}
> -
> -/**
> - The callback function to free the net buffer list.
> -
> - @param[in] Arg The opaque parameter.
> -
> -**/
> -VOID
> -EFIAPI
> -FreeNbufList (
> - IN VOID *Arg
> - )
> -{
> - ASSERT (Arg != NULL);
> -
> - NetbufFreeList ((LIST_ENTRY *) Arg);
> - FreePool (Arg);
> -}
> -
> -/**
> - Check whether the Url is from Https.
> -
> - @param[in] Url The pointer to a HTTP or HTTPS URL string.
> -
> - @retval TRUE The Url is from HTTPS.
> - @retval FALSE The Url is from HTTP.
> -
> -**/
> -BOOLEAN
> -IsHttpsUrl (
> - IN CHAR8 *Url
> - )
> -{
> - CHAR8 *Tmp;
> -
> - Tmp = NULL;
> -
> - Tmp = AsciiStrCaseStr (Url, HTTPS_FLAG);
> - if (Tmp != NULL && Tmp == Url) {
> - return TRUE;
> - }
> -
> - return FALSE;
> -}
> -
> -/**
> - Creates a Tls child handle, open EFI_TLS_PROTOCOL and
> EFI_TLS_CONFIGURATION_PROTOCOL.
> -
> - @param[in] ImageHandle The firmware allocated handle for the UEFI
> image.
> - @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
> - @param[out] TlsConfiguration Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> -
> - @return The child handle with opened EFI_TLS_PROTOCOL and
> EFI_TLS_CONFIGURATION_PROTOCOL.
> -
> -**/
> -EFI_HANDLE
> -EFIAPI
> -TlsCreateChild (
> - IN EFI_HANDLE ImageHandle,
> - OUT EFI_TLS_PROTOCOL **TlsProto,
> - OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
> - )
> -{
> - EFI_STATUS Status;
> - EFI_SERVICE_BINDING_PROTOCOL *TlsSb;
> - EFI_HANDLE TlsChildHandle;
> -
> - TlsSb = NULL;
> - TlsChildHandle = 0;
> -
> - //
> - // Locate TlsServiceBinding protocol.
> - //
> - gBS->LocateProtocol (
> - &gEfiTlsServiceBindingProtocolGuid,
> - NULL,
> - (VOID **) &TlsSb
> - );
> - if (TlsSb == NULL) {
> - return NULL;
> - }
> -
> - Status = TlsSb->CreateChild (TlsSb, &TlsChildHandle);
> - if (EFI_ERROR (Status)) {
> - return NULL;
> - }
> -
> - Status = gBS->OpenProtocol (
> - TlsChildHandle,
> - &gEfiTlsProtocolGuid,
> - (VOID **) TlsProto,
> - ImageHandle,
> - TlsChildHandle,
> - EFI_OPEN_PROTOCOL_GET_PROTOCOL
> - );
> - if (EFI_ERROR (Status)) {
> - TlsSb->DestroyChild (TlsSb, TlsChildHandle);
> - return NULL;
> - }
> -
> - Status = gBS->OpenProtocol (
> - TlsChildHandle,
> - &gEfiTlsConfigurationProtocolGuid,
> - (VOID **) TlsConfiguration,
> - ImageHandle,
> - TlsChildHandle,
> - EFI_OPEN_PROTOCOL_GET_PROTOCOL
> - );
> - if (EFI_ERROR (Status)) {
> - TlsSb->DestroyChild (TlsSb, TlsChildHandle);
> - return NULL;
> - }
> -
> - return TlsChildHandle;
> -}
> -
> -/**
> - Create event for the TLS receive and transmit tokens which are used to
> receive and
> - transmit TLS related messages.
> -
> - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> -
> - @retval EFI_SUCCESS The events are created successfully.
> - @retval others Other error as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsCreateTxRxEvent (
> - IN OUT HTTP_PROTOCOL *HttpInstance
> - )
> -{
> - EFI_STATUS Status;
> -
> - if (!HttpInstance->LocalAddressIsIPv6) {
> - //
> - // For Tcp4TlsTxToken.
> - //
> - Status = gBS->CreateEvent (
> - EVT_NOTIFY_SIGNAL,
> - TPL_NOTIFY,
> - HttpCommonNotify,
> - &HttpInstance->TlsIsTxDone,
> - &HttpInstance->Tcp4TlsTxToken.CompletionToken.Event
> - );
> - if (EFI_ERROR (Status)) {
> - goto ERROR;
> - }
> -
> - HttpInstance->Tcp4TlsTxData.Push = TRUE;
> - HttpInstance->Tcp4TlsTxData.Urgent = FALSE;
> - HttpInstance->Tcp4TlsTxData.DataLength = 0;
> - HttpInstance->Tcp4TlsTxData.FragmentCount = 1;
> - HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentLength =
> HttpInstance->Tcp4TlsTxData.DataLength;
> - HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentBuffer = NULL;
> - HttpInstance->Tcp4TlsTxToken.Packet.TxData = &HttpInstance-
> >Tcp4TlsTxData;
> - HttpInstance->Tcp4TlsTxToken.CompletionToken.Status =
> EFI_NOT_READY;
> -
> - //
> - // For Tcp4TlsRxToken.
> - //
> - Status = gBS->CreateEvent (
> - EVT_NOTIFY_SIGNAL,
> - TPL_NOTIFY,
> - HttpCommonNotify,
> - &HttpInstance->TlsIsRxDone,
> - &HttpInstance->Tcp4TlsRxToken.CompletionToken.Event
> - );
> - if (EFI_ERROR (Status)) {
> - goto ERROR;
> - }
> -
> - HttpInstance->Tcp4TlsRxData.DataLength = 0;
> - HttpInstance->Tcp4TlsRxData.FragmentCount = 1;
> - HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentLength =
> HttpInstance->Tcp4TlsRxData.DataLength ;
> - HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentBuffer = NULL;
> - HttpInstance->Tcp4TlsRxToken.Packet.RxData = &HttpInstance-
> >Tcp4TlsRxData;
> - HttpInstance->Tcp4TlsRxToken.CompletionToken.Status =
> EFI_NOT_READY;
> - } else {
> - //
> - // For Tcp6TlsTxToken.
> - //
> - Status = gBS->CreateEvent (
> - EVT_NOTIFY_SIGNAL,
> - TPL_NOTIFY,
> - HttpCommonNotify,
> - &HttpInstance->TlsIsTxDone,
> - &HttpInstance->Tcp6TlsTxToken.CompletionToken.Event
> - );
> - if (EFI_ERROR (Status)) {
> - goto ERROR;
> - }
> -
> - HttpInstance->Tcp6TlsTxData.Push = TRUE;
> - HttpInstance->Tcp6TlsTxData.Urgent = FALSE;
> - HttpInstance->Tcp6TlsTxData.DataLength = 0;
> - HttpInstance->Tcp6TlsTxData.FragmentCount = 1;
> - HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentLength =
> HttpInstance->Tcp6TlsTxData.DataLength;
> - HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentBuffer = NULL;
> - HttpInstance->Tcp6TlsTxToken.Packet.TxData = &HttpInstance-
> >Tcp6TlsTxData;
> - HttpInstance->Tcp6TlsTxToken.CompletionToken.Status =
> EFI_NOT_READY;
> -
> - //
> - // For Tcp6TlsRxToken.
> - //
> - Status = gBS->CreateEvent (
> - EVT_NOTIFY_SIGNAL,
> - TPL_NOTIFY,
> - HttpCommonNotify,
> - &HttpInstance->TlsIsRxDone,
> - &HttpInstance->Tcp6TlsRxToken.CompletionToken.Event
> - );
> - if (EFI_ERROR (Status)) {
> - goto ERROR;
> - }
> -
> - HttpInstance->Tcp6TlsRxData.DataLength = 0;
> - HttpInstance->Tcp6TlsRxData.FragmentCount = 1;
> - HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentLength =
> HttpInstance->Tcp6TlsRxData.DataLength ;
> - HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentBuffer = NULL;
> - HttpInstance->Tcp6TlsRxToken.Packet.RxData = &HttpInstance-
> >Tcp6TlsRxData;
> - HttpInstance->Tcp6TlsRxToken.CompletionToken.Status =
> EFI_NOT_READY;
> - }
> -
> - return Status;
> -
> -ERROR:
> - //
> - // Error handling
> - //
> - TlsCloseTxRxEvent (HttpInstance);
> -
> - return Status;
> -}
> -
> -/**
> - Close events in the TlsTxToken and TlsRxToken.
> -
> - @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
> -
> -**/
> -VOID
> -EFIAPI
> -TlsCloseTxRxEvent (
> - IN HTTP_PROTOCOL *HttpInstance
> - )
> -{
> - ASSERT (HttpInstance != NULL);
> - if (!HttpInstance->LocalAddressIsIPv6) {
> - if (NULL != HttpInstance->Tcp4TlsTxToken.CompletionToken.Event) {
> - gBS->CloseEvent(HttpInstance-
> >Tcp4TlsTxToken.CompletionToken.Event);
> - HttpInstance->Tcp4TlsTxToken.CompletionToken.Event = NULL;
> - }
> -
> - if (NULL != HttpInstance->Tcp4TlsRxToken.CompletionToken.Event) {
> - gBS->CloseEvent (HttpInstance-
> >Tcp4TlsRxToken.CompletionToken.Event);
> - HttpInstance->Tcp4TlsRxToken.CompletionToken.Event = NULL;
> - }
> - } else {
> - if (NULL != HttpInstance->Tcp6TlsTxToken.CompletionToken.Event) {
> - gBS->CloseEvent(HttpInstance-
> >Tcp6TlsTxToken.CompletionToken.Event);
> - HttpInstance->Tcp6TlsTxToken.CompletionToken.Event = NULL;
> - }
> -
> - if (NULL != HttpInstance->Tcp6TlsRxToken.CompletionToken.Event) {
> - gBS->CloseEvent (HttpInstance-
> >Tcp6TlsRxToken.CompletionToken.Event);
> - HttpInstance->Tcp6TlsRxToken.CompletionToken.Event = NULL;
> - }
> - }
> -}
> -
> -/**
> - Read the TlsCaCertificate variable and configure it.
> -
> - @param[in, out] HttpInstance The HTTP instance private data.
> -
> - @retval EFI_SUCCESS TlsCaCertificate is configured.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_NOT_FOUND Fail to get 'TlsCaCertificate' variable.
> - @retval Others Other error as indicated.
> -
> -**/
> -EFI_STATUS
> -TlsConfigCertificate (
> - IN OUT HTTP_PROTOCOL *HttpInstance
> - )
> -{
> - EFI_STATUS Status;
> - UINT8 *CACert;
> - UINTN CACertSize;
> - UINT32 Index;
> - EFI_SIGNATURE_LIST *CertList;
> - EFI_SIGNATURE_DATA *Cert;
> - UINTN CertCount;
> - UINT32 ItemDataSize;
> -
> - CACert = NULL;
> - CACertSize = 0;
> -
> - //
> - // Try to read the TlsCaCertificate variable.
> - //
> - Status = gRT->GetVariable (
> - EFI_TLS_CA_CERTIFICATE_VARIABLE,
> - &gEfiTlsCaCertificateGuid,
> - NULL,
> - &CACertSize,
> - NULL
> - );
> -
> - if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
> - return Status;
> - }
> -
> - //
> - // Allocate buffer and read the config variable.
> - //
> - CACert = AllocatePool (CACertSize);
> - if (CACert == NULL) {
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - Status = gRT->GetVariable (
> - EFI_TLS_CA_CERTIFICATE_VARIABLE,
> - &gEfiTlsCaCertificateGuid,
> - NULL,
> - &CACertSize,
> - CACert
> - );
> - if (EFI_ERROR (Status)) {
> - //
> - // GetVariable still error or the variable is corrupted.
> - // Fall back to the default value.
> - //
> - FreePool (CACert);
> -
> - return EFI_NOT_FOUND;
> - }
> -
> - ASSERT (CACert != NULL);
> -
> - //
> - // Enumerate all data and erasing the target item.
> - //
> - ItemDataSize = (UINT32) CACertSize;
> - CertList = (EFI_SIGNATURE_LIST *) CACert;
> - while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize))
> {
> - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof
> (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
> - CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) -
> CertList->SignatureHeaderSize) / CertList->SignatureSize;
> - for (Index = 0; Index < CertCount; Index++) {
> - //
> - // EfiTlsConfigDataTypeCACertificate
> - //
> - Status = HttpInstance->TlsConfiguration->SetData (
> - HttpInstance->TlsConfiguration,
> - EfiTlsConfigDataTypeCACertificate,
> - Cert->SignatureData,
> - CertList->SignatureSize - sizeof (Cert-
> >SignatureOwner)
> - );
> - if (EFI_ERROR (Status)) {
> - FreePool (CACert);
> - return Status;
> - }
> -
> - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList-
> >SignatureSize);
> - }
> -
> - ItemDataSize -= CertList->SignatureListSize;
> - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList-
> >SignatureListSize);
> - }
> -
> - FreePool (CACert);
> - return Status;
> -}
> -
> -/**
> - Configure TLS session data.
> -
> - @param[in, out] HttpInstance The HTTP instance private data.
> -
> - @retval EFI_SUCCESS TLS session data is configured.
> - @retval Others Other error as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsConfigureSession (
> - IN OUT HTTP_PROTOCOL *HttpInstance
> - )
> -{
> - EFI_STATUS Status;
> -
> - //
> - // TlsConfigData initialization
> - //
> - HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
> - HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
> - HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
> -
> - //
> - // EfiTlsConnectionEnd,
> - // EfiTlsVerifyMethod
> - // EfiTlsSessionState
> - //
> - Status = HttpInstance->Tls->SetSessionData (
> - HttpInstance->Tls,
> - EfiTlsConnectionEnd,
> - &(HttpInstance->TlsConfigData.ConnectionEnd),
> - sizeof (EFI_TLS_CONNECTION_END)
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->SetSessionData (
> - HttpInstance->Tls,
> - EfiTlsVerifyMethod,
> - &HttpInstance->TlsConfigData.VerifyMethod,
> - sizeof (EFI_TLS_VERIFY)
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->SetSessionData (
> - HttpInstance->Tls,
> - EfiTlsSessionState,
> - &(HttpInstance->TlsConfigData.SessionState),
> - sizeof (EFI_TLS_SESSION_STATE)
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - //
> - // Tls Config Certificate
> - //
> - Status = TlsConfigCertificate (HttpInstance);
> - if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "TLS Certificate Config Error!\n"));
> - return Status;
> - }
> -
> - //
> - // TlsCreateTxRxEvent
> - //
> - Status = TlsCreateTxRxEvent (HttpInstance);
> - if (EFI_ERROR (Status)) {
> - goto ERROR;
> - }
> -
> - return Status;
> -
> -ERROR:
> - TlsCloseTxRxEvent (HttpInstance);
> -
> - return Status;
> -}
> -
> -/**
> - Transmit the Packet by processing the associated HTTPS token.
> -
> - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> - @param[in] Packet The packet to transmit.
> -
> - @retval EFI_SUCCESS The packet is transmitted.
> - @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_DEVICE_ERROR An unexpected system or network error
> occurred.
> - @retval Others Other errors as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsCommonTransmit (
> - IN OUT HTTP_PROTOCOL *HttpInstance,
> - IN NET_BUF *Packet
> - )
> -{
> - EFI_STATUS Status;
> - VOID *Data;
> - UINTN Size;
> -
> - if ((HttpInstance == NULL) || (Packet == NULL)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - if (!HttpInstance->LocalAddressIsIPv6) {
> - Size = sizeof (EFI_TCP4_TRANSMIT_DATA) +
> - (Packet->BlockOpNum - 1) * sizeof (EFI_TCP4_FRAGMENT_DATA);
> - } else {
> - Size = sizeof (EFI_TCP6_TRANSMIT_DATA) +
> - (Packet->BlockOpNum - 1) * sizeof (EFI_TCP6_FRAGMENT_DATA);
> - }
> -
> - Data = AllocatePool (Size);
> - if (Data == NULL) {
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - if (!HttpInstance->LocalAddressIsIPv6) {
> - ((EFI_TCP4_TRANSMIT_DATA *) Data)->Push = TRUE;
> - ((EFI_TCP4_TRANSMIT_DATA *) Data)->Urgent = FALSE;
> - ((EFI_TCP4_TRANSMIT_DATA *) Data)->DataLength = Packet->TotalSize;
> -
> - //
> - // Build the fragment table.
> - //
> - ((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount = Packet-
> >BlockOpNum;
> -
> - NetbufBuildExt (
> - Packet,
> - (NET_FRAGMENT *) &((EFI_TCP4_TRANSMIT_DATA *) Data)-
> >FragmentTable[0],
> - &((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount
> - );
> -
> - HttpInstance->Tcp4TlsTxToken.Packet.TxData =
> (EFI_TCP4_TRANSMIT_DATA *) Data;
> -
> - Status = EFI_DEVICE_ERROR;
> -
> - //
> - // Transmit the packet.
> - //
> - Status = HttpInstance->Tcp4->Transmit (HttpInstance->Tcp4,
> &HttpInstance->Tcp4TlsTxToken);
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - while (!HttpInstance->TlsIsTxDone) {
> - HttpInstance->Tcp4->Poll (HttpInstance->Tcp4);
> - }
> -
> - HttpInstance->TlsIsTxDone = FALSE;
> - Status = HttpInstance->Tcp4TlsTxToken.CompletionToken.Status;
> - } else {
> - ((EFI_TCP6_TRANSMIT_DATA *) Data)->Push = TRUE;
> - ((EFI_TCP6_TRANSMIT_DATA *) Data)->Urgent = FALSE;
> - ((EFI_TCP6_TRANSMIT_DATA *) Data)->DataLength = Packet->TotalSize;
> -
> - //
> - // Build the fragment table.
> - //
> - ((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount = Packet-
> >BlockOpNum;
> -
> - NetbufBuildExt (
> - Packet,
> - (NET_FRAGMENT *) &((EFI_TCP6_TRANSMIT_DATA *) Data)-
> >FragmentTable[0],
> - &((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount
> - );
> -
> - HttpInstance->Tcp6TlsTxToken.Packet.TxData =
> (EFI_TCP6_TRANSMIT_DATA *) Data;
> -
> - Status = EFI_DEVICE_ERROR;
> -
> - //
> - // Transmit the packet.
> - //
> - Status = HttpInstance->Tcp6->Transmit (HttpInstance->Tcp6,
> &HttpInstance->Tcp6TlsTxToken);
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - while (!HttpInstance->TlsIsTxDone) {
> - HttpInstance->Tcp6->Poll (HttpInstance->Tcp6);
> - }
> -
> - HttpInstance->TlsIsTxDone = FALSE;
> - Status = HttpInstance->Tcp6TlsTxToken.CompletionToken.Status;
> - }
> -
> -ON_EXIT:
> - FreePool (Data);
> -
> - return Status;
> -}
> -
> -/**
> - Receive the Packet by processing the associated HTTPS token.
> -
> - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> - @param[in] Packet The packet to transmit.
> - @param[in] Timeout The time to wait for connection done.
> -
> - @retval EFI_SUCCESS The Packet is received.
> - @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_TIMEOUT The operation is time out.
> - @retval Others Other error as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsCommonReceive (
> - IN OUT HTTP_PROTOCOL *HttpInstance,
> - IN NET_BUF *Packet,
> - IN EFI_EVENT Timeout
> - )
> -{
> - EFI_TCP4_RECEIVE_DATA *Tcp4RxData;
> - EFI_TCP6_RECEIVE_DATA *Tcp6RxData;
> - EFI_STATUS Status;
> - NET_FRAGMENT *Fragment;
> - UINT32 FragmentCount;
> - UINT32 CurrentFragment;
> -
> - Tcp4RxData = NULL;
> - Tcp6RxData = NULL;
> -
> - if ((HttpInstance == NULL) || (Packet == NULL)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - FragmentCount = Packet->BlockOpNum;
> - Fragment = AllocatePool (FragmentCount * sizeof (NET_FRAGMENT));
> - if (Fragment == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - //
> - // Build the fragment table.
> - //
> - NetbufBuildExt (Packet, Fragment, &FragmentCount);
> -
> - if (!HttpInstance->LocalAddressIsIPv6) {
> - Tcp4RxData = HttpInstance->Tcp4TlsRxToken.Packet.RxData;
> - if (Tcp4RxData == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> - Tcp4RxData->FragmentCount = 1;
> - } else {
> - Tcp6RxData = HttpInstance->Tcp6TlsRxToken.Packet.RxData;
> - if (Tcp6RxData == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> - Tcp6RxData->FragmentCount = 1;
> - }
> -
> - CurrentFragment = 0;
> - Status = EFI_SUCCESS;
> -
> - while (CurrentFragment < FragmentCount) {
> - if (!HttpInstance->LocalAddressIsIPv6) {
> - Tcp4RxData->DataLength = Fragment[CurrentFragment].Len;
> - Tcp4RxData->FragmentTable[0].FragmentLength =
> Fragment[CurrentFragment].Len;
> - Tcp4RxData->FragmentTable[0].FragmentBuffer =
> Fragment[CurrentFragment].Bulk;
> - Status = HttpInstance->Tcp4->Receive (HttpInstance->Tcp4,
> &HttpInstance->Tcp4TlsRxToken);
> - } else {
> - Tcp6RxData->DataLength = Fragment[CurrentFragment].Len;
> - Tcp6RxData->FragmentTable[0].FragmentLength =
> Fragment[CurrentFragment].Len;
> - Tcp6RxData->FragmentTable[0].FragmentBuffer =
> Fragment[CurrentFragment].Bulk;
> - Status = HttpInstance->Tcp6->Receive (HttpInstance->Tcp6,
> &HttpInstance->Tcp6TlsRxToken);
> - }
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - while (!HttpInstance->TlsIsRxDone && ((Timeout == NULL) || EFI_ERROR
> (gBS->CheckEvent (Timeout)))) {
> - //
> - // Poll until some data is received or an error occurs.
> - //
> - if (!HttpInstance->LocalAddressIsIPv6) {
> - HttpInstance->Tcp4->Poll (HttpInstance->Tcp4);
> - } else {
> - HttpInstance->Tcp6->Poll (HttpInstance->Tcp6);
> - }
> - }
> -
> - if (!HttpInstance->TlsIsRxDone) {
> - //
> - // Timeout occurs, cancel the receive request.
> - //
> - if (!HttpInstance->LocalAddressIsIPv6) {
> - HttpInstance->Tcp4->Cancel (HttpInstance->Tcp4, &HttpInstance-
> >Tcp4TlsRxToken.CompletionToken);
> - } else {
> - HttpInstance->Tcp6->Cancel (HttpInstance->Tcp6, &HttpInstance-
> >Tcp6TlsRxToken.CompletionToken);
> - }
> -
> - Status = EFI_TIMEOUT;
> - goto ON_EXIT;
> - } else {
> - HttpInstance->TlsIsRxDone = FALSE;
> - }
> -
> - if (!HttpInstance->LocalAddressIsIPv6) {
> - Status = HttpInstance->Tcp4TlsRxToken.CompletionToken.Status;
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - Fragment[CurrentFragment].Len -= Tcp4RxData-
> >FragmentTable[0].FragmentLength;
> - if (Fragment[CurrentFragment].Len == 0) {
> - CurrentFragment++;
> - } else {
> - Fragment[CurrentFragment].Bulk += Tcp4RxData-
> >FragmentTable[0].FragmentLength;
> - }
> - } else {
> - Status = HttpInstance->Tcp6TlsRxToken.CompletionToken.Status;
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - Fragment[CurrentFragment].Len -= Tcp6RxData-
> >FragmentTable[0].FragmentLength;
> - if (Fragment[CurrentFragment].Len == 0) {
> - CurrentFragment++;
> - } else {
> - Fragment[CurrentFragment].Bulk += Tcp6RxData-
> >FragmentTable[0].FragmentLength;
> - }
> - }
> - }
> -
> -ON_EXIT:
> -
> - if (Fragment != NULL) {
> - FreePool (Fragment);
> - }
> -
> - return Status;
> -}
> -
> -/**
> - Receive one TLS PDU. An TLS PDU contains an TLS record header and it's
> - corresponding record data. These two parts will be put into two blocks of
> buffers in the
> - net buffer.
> -
> - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> - @param[out] Pdu The received TLS PDU.
> - @param[in] Timeout The time to wait for connection done.
> -
> - @retval EFI_SUCCESS An TLS PDU is received.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.
> - @retval Others Other errors as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsReceiveOnePdu (
> - IN OUT HTTP_PROTOCOL *HttpInstance,
> - OUT NET_BUF **Pdu,
> - IN EFI_EVENT Timeout
> - )
> -{
> - EFI_STATUS Status;
> -
> - LIST_ENTRY *NbufList;
> -
> - UINT32 Len;
> -
> - NET_BUF *PduHdr;
> - UINT8 *Header;
> - TLS_RECORD_HEADER RecordHeader;
> -
> - NET_BUF *DataSeg;
> -
> - NbufList = NULL;
> - PduHdr = NULL;
> - Header = NULL;
> - DataSeg = NULL;
> -
> - NbufList = AllocatePool (sizeof (LIST_ENTRY));
> - if (NbufList == NULL) {
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - InitializeListHead (NbufList);
> -
> - //
> - // Allocate buffer to receive one TLS header.
> - //
> - Len = sizeof (TLS_RECORD_HEADER);
> - PduHdr = NetbufAlloc (Len);
> - if (PduHdr == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - Header = NetbufAllocSpace (PduHdr, Len, NET_BUF_TAIL);
> - if (Header == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - //
> - // First step, receive one TLS header.
> - //
> - Status = TlsCommonReceive (HttpInstance, PduHdr, Timeout);
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - RecordHeader = *(TLS_RECORD_HEADER *) Header;
> - if ((RecordHeader.ContentType == TlsContentTypeHandshake ||
> - RecordHeader.ContentType == TlsContentTypeAlert ||
> - RecordHeader.ContentType == TlsContentTypeChangeCipherSpec ||
> - RecordHeader.ContentType == TlsContentTypeApplicationData) &&
> - (RecordHeader.Version.Major == 0x03) && /// Major versions are same.
> - (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
> - RecordHeader.Version.Minor ==TLS11_PROTOCOL_VERSION_MINOR ||
> - RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
> - ) {
> - InsertTailList (NbufList, &PduHdr->List);
> - } else {
> - Status = EFI_PROTOCOL_ERROR;
> - goto ON_EXIT;
> - }
> -
> - Len = SwapBytes16(RecordHeader.Length);
> - if (Len == 0) {
> - //
> - // No TLS payload.
> - //
> - goto FORM_PDU;
> - }
> -
> - //
> - // Allocate buffer to receive one TLS payload.
> - //
> - DataSeg = NetbufAlloc (Len);
> - if (DataSeg == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - NetbufAllocSpace (DataSeg, Len, NET_BUF_TAIL);
> -
> - //
> - // Second step, receive one TLS payload.
> - //
> - Status = TlsCommonReceive (HttpInstance, DataSeg, Timeout);
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - InsertTailList (NbufList, &DataSeg->List);
> -
> -FORM_PDU:
> - //
> - // Form the PDU from a list of PDU.
> - //
> - *Pdu = NetbufFromBufList (NbufList, 0, 0, FreeNbufList, NbufList);
> - if (*Pdu == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - }
> -
> -ON_EXIT:
> -
> - if (EFI_ERROR (Status)) {
> - //
> - // Free the Nbufs in this NbufList and the NbufList itself.
> - //
> - FreeNbufList (NbufList);
> - }
> -
> - return Status;
> -}
> -
> -/**
> - Connect one TLS session by finishing the TLS handshake process.
> -
> - @param[in] HttpInstance The HTTP instance private data.
> - @param[in] Timeout The time to wait for connection done.
> -
> - @retval EFI_SUCCESS The TLS session is established.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_ABORTED TLS session state is incorrect.
> - @retval Others Other error as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsConnectSession (
> - IN HTTP_PROTOCOL *HttpInstance,
> - IN EFI_EVENT Timeout
> - )
> -{
> - EFI_STATUS Status;
> - UINT8 *BufferOut;
> - UINTN BufferOutSize;
> - NET_BUF *PacketOut;
> - UINT8 *DataOut;
> - NET_BUF *Pdu;
> - UINT8 *BufferIn;
> - UINTN BufferInSize;
> - UINT8 *GetSessionDataBuffer;
> - UINTN GetSessionDataBufferSize;
> -
> - BufferOut = NULL;
> - PacketOut = NULL;
> - DataOut = NULL;
> - Pdu = NULL;
> - BufferIn = NULL;
> -
> - //
> - // Initialize TLS state.
> - //
> - HttpInstance->TlsSessionState = EfiTlsSessionNotStarted;
> - Status = HttpInstance->Tls->SetSessionData (
> - HttpInstance->Tls,
> - EfiTlsSessionState,
> - &(HttpInstance->TlsSessionState),
> - sizeof (EFI_TLS_SESSION_STATE)
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - //
> - // Create ClientHello
> - //
> - BufferOutSize = DEF_BUF_LEN;
> - BufferOut = AllocateZeroPool (BufferOutSize);
> - if (BufferOut == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->BuildResponsePacket (
> - HttpInstance->Tls,
> - NULL,
> - 0,
> - BufferOut,
> - &BufferOutSize
> - );
> - if (Status == EFI_BUFFER_TOO_SMALL) {
> - FreePool (BufferOut);
> - BufferOut = AllocateZeroPool (BufferOutSize);
> - if (BufferOut == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->BuildResponsePacket (
> - HttpInstance->Tls,
> - NULL,
> - 0,
> - BufferOut,
> - &BufferOutSize
> - );
> - }
> - if (EFI_ERROR (Status)) {
> - FreePool (BufferOut);
> - return Status;
> - }
> -
> - //
> - // Transmit ClientHello
> - //
> - PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
> - DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize,
> NET_BUF_TAIL);
> - if (DataOut == NULL) {
> - FreePool (BufferOut);
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - CopyMem (DataOut, BufferOut, BufferOutSize);
> - Status = TlsCommonTransmit (HttpInstance, PacketOut);
> -
> - FreePool (BufferOut);
> - NetbufFree (PacketOut);
> -
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - while(HttpInstance->TlsSessionState != EfiTlsSessionDataTransferring && \
> - ((Timeout == NULL) || EFI_ERROR (gBS->CheckEvent (Timeout)))) {
> - //
> - // Receive one TLS record.
> - //
> - Status = TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout);
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - BufferInSize = Pdu->TotalSize;
> - BufferIn = AllocateZeroPool (BufferInSize);
> - if (BufferIn == NULL) {
> - NetbufFree (Pdu);
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - NetbufCopy (Pdu, 0, (UINT32)BufferInSize, BufferIn);
> -
> - NetbufFree (Pdu);
> -
> - //
> - // Handle Receive data.
> - //
> - BufferOutSize = DEF_BUF_LEN;
> - BufferOut = AllocateZeroPool (BufferOutSize);
> - if (BufferOut == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->BuildResponsePacket (
> - HttpInstance->Tls,
> - BufferIn,
> - BufferInSize,
> - BufferOut,
> - &BufferOutSize
> - );
> - if (Status == EFI_BUFFER_TOO_SMALL) {
> - FreePool (BufferOut);
> - BufferOut = AllocateZeroPool (BufferOutSize);
> - if (BufferOut == NULL) {
> - FreePool (BufferIn);
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->BuildResponsePacket (
> - HttpInstance->Tls,
> - BufferIn,
> - BufferInSize,
> - BufferOut,
> - &BufferOutSize
> - );
> - }
> -
> - FreePool (BufferIn);
> -
> - if (EFI_ERROR (Status)) {
> - FreePool (BufferOut);
> - return Status;
> - }
> -
> - if (BufferOutSize != 0) {
> - //
> - // Transmit the response packet.
> - //
> - PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
> - DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize,
> NET_BUF_TAIL);
> - if (DataOut == NULL) {
> - FreePool (BufferOut);
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - CopyMem (DataOut, BufferOut, BufferOutSize);
> -
> - Status = TlsCommonTransmit (HttpInstance, PacketOut);
> -
> - NetbufFree (PacketOut);
> -
> - if (EFI_ERROR (Status)) {
> - FreePool (BufferOut);
> - return Status;
> - }
> - }
> -
> - FreePool (BufferOut);
> -
> - //
> - // Get the session state, then decide whether need to continue handle
> received packet.
> - //
> - GetSessionDataBufferSize = DEF_BUF_LEN;
> - GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
> - if (GetSessionDataBuffer == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->GetSessionData (
> - HttpInstance->Tls,
> - EfiTlsSessionState,
> - GetSessionDataBuffer,
> - &GetSessionDataBufferSize
> - );
> - if (Status == EFI_BUFFER_TOO_SMALL) {
> - FreePool (GetSessionDataBuffer);
> - GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
> - if (GetSessionDataBuffer == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->GetSessionData (
> - HttpInstance->Tls,
> - EfiTlsSessionState,
> - GetSessionDataBuffer,
> - &GetSessionDataBufferSize
> - );
> - }
> - if (EFI_ERROR (Status)) {
> - FreePool(GetSessionDataBuffer);
> - return Status;
> - }
> -
> - ASSERT(GetSessionDataBufferSize == sizeof (EFI_TLS_SESSION_STATE));
> - HttpInstance->TlsSessionState = *(EFI_TLS_SESSION_STATE *)
> GetSessionDataBuffer;
> -
> - FreePool (GetSessionDataBuffer);
> -
> - if(HttpInstance->TlsSessionState == EfiTlsSessionError) {
> - return EFI_ABORTED;
> - }
> - }
> -
> - if (HttpInstance->TlsSessionState != EfiTlsSessionDataTransferring) {
> - Status = EFI_ABORTED;
> - }
> -
> - return Status;
> -}
> -
> -/**
> - Close the TLS session and send out the close notification message.
> -
> - @param[in] HttpInstance The HTTP instance private data.
> -
> - @retval EFI_SUCCESS The TLS session is closed.
> - @retval EFI_INVALID_PARAMETER HttpInstance is NULL.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval Others Other error as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsCloseSession (
> - IN HTTP_PROTOCOL *HttpInstance
> - )
> -{
> - EFI_STATUS Status;
> -
> - UINT8 *BufferOut;
> - UINTN BufferOutSize;
> -
> - NET_BUF *PacketOut;
> - UINT8 *DataOut;
> -
> - Status = EFI_SUCCESS;
> - BufferOut = NULL;
> - PacketOut = NULL;
> - DataOut = NULL;
> -
> - if (HttpInstance == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - HttpInstance->TlsSessionState = EfiTlsSessionClosing;
> -
> - Status = HttpInstance->Tls->SetSessionData (
> - HttpInstance->Tls,
> - EfiTlsSessionState,
> - &(HttpInstance->TlsSessionState),
> - sizeof (EFI_TLS_SESSION_STATE)
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - BufferOutSize = DEF_BUF_LEN;
> - BufferOut = AllocateZeroPool (BufferOutSize);
> - if (BufferOut == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->BuildResponsePacket (
> - HttpInstance->Tls,
> - NULL,
> - 0,
> - BufferOut,
> - &BufferOutSize
> - );
> - if (Status == EFI_BUFFER_TOO_SMALL) {
> - FreePool (BufferOut);
> - BufferOut = AllocateZeroPool (BufferOutSize);
> - if (BufferOut == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->BuildResponsePacket (
> - HttpInstance->Tls,
> - NULL,
> - 0,
> - BufferOut,
> - &BufferOutSize
> - );
> - }
> -
> - if (EFI_ERROR (Status)) {
> - FreePool (BufferOut);
> - return Status;
> - }
> -
> - PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
> - DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize,
> NET_BUF_TAIL);
> - if (DataOut == NULL) {
> - FreePool (BufferOut);
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - CopyMem (DataOut, BufferOut, BufferOutSize);
> -
> - Status = TlsCommonTransmit (HttpInstance, PacketOut);
> -
> - FreePool (BufferOut);
> - NetbufFree (PacketOut);
> -
> - return Status;
> -}
> -
> -/**
> - Process one message according to the CryptMode.
> -
> - @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
> - @param[in] Message Pointer to the message buffer needed to
> processed.
> - @param[in] MessageSize Pointer to the message buffer size.
> - @param[in] ProcessMode Process mode.
> - @param[in, out] Fragment Only one Fragment returned after the
> Message is
> - processed successfully.
> -
> - @retval EFI_SUCCESS Message is processed successfully.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval Others Other errors as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsProcessMessage (
> - IN HTTP_PROTOCOL *HttpInstance,
> - IN UINT8 *Message,
> - IN UINTN MessageSize,
> - IN EFI_TLS_CRYPT_MODE ProcessMode,
> - IN OUT NET_FRAGMENT *Fragment
> - )
> -{
> - EFI_STATUS Status;
> - UINT8 *Buffer;
> - UINT32 BufferSize;
> - UINT32 BytesCopied;
> - EFI_TLS_FRAGMENT_DATA *FragmentTable;
> - UINT32 FragmentCount;
> - EFI_TLS_FRAGMENT_DATA *OriginalFragmentTable;
> - UINTN Index;
> -
> - Status = EFI_SUCCESS;
> - Buffer = NULL;
> - BufferSize = 0;
> - BytesCopied = 0;
> - FragmentTable = NULL;
> - OriginalFragmentTable = NULL;
> -
> - //
> - // Rebuild fragment table from BufferIn.
> - //
> - FragmentCount = 1;
> - FragmentTable = AllocateZeroPool (FragmentCount * sizeof
> (EFI_TLS_FRAGMENT_DATA));
> - if (FragmentTable == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - FragmentTable->FragmentLength = (UINT32) MessageSize;
> - FragmentTable->FragmentBuffer = Message;
> -
> - //
> - // Record the original FragmentTable.
> - //
> - OriginalFragmentTable = FragmentTable;
> -
> - //
> - // Process the Message.
> - //
> - Status = HttpInstance->Tls->ProcessPacket (
> - HttpInstance->Tls,
> - &FragmentTable,
> - &FragmentCount,
> - ProcessMode
> - );
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - //
> - // Calculate the size according to FragmentTable.
> - //
> - for (Index = 0; Index < FragmentCount; Index++) {
> - BufferSize += FragmentTable[Index].FragmentLength;
> - }
> -
> - //
> - // Allocate buffer for processed data.
> - //
> - Buffer = AllocateZeroPool (BufferSize);
> - if (Buffer == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - //
> - // Copy the new FragmentTable buffer into Buffer.
> - //
> - for (Index = 0; Index < FragmentCount; Index++) {
> - CopyMem (
> - (Buffer + BytesCopied),
> - FragmentTable[Index].FragmentBuffer,
> - FragmentTable[Index].FragmentLength
> - );
> - BytesCopied += FragmentTable[Index].FragmentLength;
> -
> - //
> - // Free the FragmentBuffer since it has been copied.
> - //
> - FreePool (FragmentTable[Index].FragmentBuffer);
> - }
> -
> - Fragment->Len = BufferSize;
> - Fragment->Bulk = Buffer;
> -
> -ON_EXIT:
> -
> - if (OriginalFragmentTable != NULL) {
> - FreePool (OriginalFragmentTable);
> - OriginalFragmentTable = NULL;
> - }
> -
> - //
> - // Caller has the responsibility to free the FragmentTable.
> - //
> - if (FragmentTable != NULL) {
> - FreePool (FragmentTable);
> - FragmentTable = NULL;
> - }
> -
> - return Status;
> -}
> -
> -/**
> - Receive one fragment decrypted from one TLS record.
> -
> - @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
> - @param[in, out] Fragment The received Fragment.
> - @param[in] Timeout The time to wait for connection done.
> -
> - @retval EFI_SUCCESS One fragment is received.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_ABORTED Something wrong decryption the message.
> - @retval Others Other errors as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -HttpsReceive (
> - IN HTTP_PROTOCOL *HttpInstance,
> - IN OUT NET_FRAGMENT *Fragment,
> - IN EFI_EVENT Timeout
> - )
> -{
> - EFI_STATUS Status;
> - NET_BUF *Pdu;
> - TLS_RECORD_HEADER RecordHeader;
> - UINT8 *BufferIn;
> - UINTN BufferInSize;
> - NET_FRAGMENT TempFragment;
> - UINT8 *BufferOut;
> - UINTN BufferOutSize;
> - NET_BUF *PacketOut;
> - UINT8 *DataOut;
> - UINT8 *GetSessionDataBuffer;
> - UINTN GetSessionDataBufferSize;
> -
> - Status = EFI_SUCCESS;
> - Pdu = NULL;
> - BufferIn = NULL;
> - BufferInSize = 0;
> - BufferOut = NULL;
> - BufferOutSize = 0;
> - PacketOut = NULL;
> - DataOut = NULL;
> - GetSessionDataBuffer = NULL;
> - GetSessionDataBufferSize = 0;
> -
> - //
> - // Receive only one TLS record
> - //
> - Status = TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout);
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - BufferInSize = Pdu->TotalSize;
> - BufferIn = AllocateZeroPool (BufferInSize);
> - if (BufferIn == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - NetbufFree (Pdu);
> - return Status;
> - }
> -
> - NetbufCopy (Pdu, 0, (UINT32) BufferInSize, BufferIn);
> -
> - NetbufFree (Pdu);
> -
> - //
> - // Handle Receive data.
> - //
> - RecordHeader = *(TLS_RECORD_HEADER *) BufferIn;
> -
> - if ((RecordHeader.ContentType == TlsContentTypeApplicationData) &&
> - (RecordHeader.Version.Major == 0x03) &&
> - (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
> - RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||
> - RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
> - ) {
> - //
> - // Decrypt Packet.
> - //
> - Status = TlsProcessMessage (
> - HttpInstance,
> - BufferIn,
> - BufferInSize,
> - EfiTlsDecrypt,
> - &TempFragment
> - );
> -
> - FreePool (BufferIn);
> -
> - if (EFI_ERROR (Status)) {
> - if (Status == EFI_ABORTED) {
> - //
> - // Something wrong decryption the message.
> - // BuildResponsePacket() will be called to generate Error Alert message
> and send it out.
> - //
> - BufferOutSize = DEF_BUF_LEN;
> - BufferOut = AllocateZeroPool (BufferOutSize);
> - if (BufferOut == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->BuildResponsePacket (
> - HttpInstance->Tls,
> - NULL,
> - 0,
> - BufferOut,
> - &BufferOutSize
> - );
> - if (Status == EFI_BUFFER_TOO_SMALL) {
> - FreePool (BufferOut);
> - BufferOut = AllocateZeroPool (BufferOutSize);
> - if (BufferOut == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->BuildResponsePacket (
> - HttpInstance->Tls,
> - NULL,
> - 0,
> - BufferOut,
> - &BufferOutSize
> - );
> - }
> - if (EFI_ERROR (Status)) {
> - FreePool(BufferOut);
> - return Status;
> - }
> -
> - if (BufferOutSize != 0) {
> - PacketOut = NetbufAlloc ((UINT32)BufferOutSize);
> - DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize,
> NET_BUF_TAIL);
> - if (DataOut == NULL) {
> - FreePool (BufferOut);
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - CopyMem (DataOut, BufferOut, BufferOutSize);
> -
> - Status = TlsCommonTransmit (HttpInstance, PacketOut);
> -
> - NetbufFree (PacketOut);
> - }
> -
> - FreePool(BufferOut);
> -
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - return EFI_ABORTED;
> - }
> -
> - return Status;
> - }
> -
> - //
> - // Parsing buffer.
> - //
> - ASSERT (((TLS_RECORD_HEADER *) (TempFragment.Bulk))->ContentType
> == TlsContentTypeApplicationData);
> -
> - BufferInSize = ((TLS_RECORD_HEADER *) (TempFragment.Bulk))->Length;
> - BufferIn = AllocateZeroPool (BufferInSize);
> - if (BufferIn == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER),
> BufferInSize);
> -
> - //
> - // Free the buffer in TempFragment.
> - //
> - FreePool (TempFragment.Bulk);
> -
> - } else if ((RecordHeader.ContentType == TlsContentTypeAlert) &&
> - (RecordHeader.Version.Major == 0x03) &&
> - (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
> - RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||
> - RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
> - ) {
> - BufferOutSize = DEF_BUF_LEN;
> - BufferOut = AllocateZeroPool (BufferOutSize);
> - if (BufferOut == NULL) {
> - FreePool (BufferIn);
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->BuildResponsePacket (
> - HttpInstance->Tls,
> - BufferIn,
> - BufferInSize,
> - BufferOut,
> - &BufferOutSize
> - );
> - if (Status == EFI_BUFFER_TOO_SMALL) {
> - FreePool (BufferOut);
> - BufferOut = AllocateZeroPool (BufferOutSize);
> - if (BufferOut == NULL) {
> - FreePool (BufferIn);
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->BuildResponsePacket (
> - HttpInstance->Tls,
> - BufferIn,
> - BufferInSize,
> - BufferOut,
> - &BufferOutSize
> - );
> - }
> -
> - FreePool (BufferIn);
> -
> - if (EFI_ERROR (Status)) {
> - FreePool (BufferOut);
> - return Status;
> - }
> -
> - if (BufferOutSize != 0) {
> - PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
> - DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize,
> NET_BUF_TAIL);
> - if (DataOut == NULL) {
> - FreePool (BufferOut);
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - CopyMem (DataOut, BufferOut, BufferOutSize);
> -
> - Status = TlsCommonTransmit (HttpInstance, PacketOut);
> -
> - NetbufFree (PacketOut);
> - }
> -
> - FreePool (BufferOut);
> -
> - //
> - // Get the session state.
> - //
> - GetSessionDataBufferSize = DEF_BUF_LEN;
> - GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
> - if (GetSessionDataBuffer == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->GetSessionData (
> - HttpInstance->Tls,
> - EfiTlsSessionState,
> - GetSessionDataBuffer,
> - &GetSessionDataBufferSize
> - );
> - if (Status == EFI_BUFFER_TOO_SMALL) {
> - FreePool (GetSessionDataBuffer);
> - GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
> - if (GetSessionDataBuffer == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - return Status;
> - }
> -
> - Status = HttpInstance->Tls->GetSessionData (
> - HttpInstance->Tls,
> - EfiTlsSessionState,
> - GetSessionDataBuffer,
> - &GetSessionDataBufferSize
> - );
> - }
> - if (EFI_ERROR (Status)) {
> - FreePool (GetSessionDataBuffer);
> - return Status;
> - }
> -
> - ASSERT(GetSessionDataBufferSize == sizeof (EFI_TLS_SESSION_STATE));
> - HttpInstance->TlsSessionState = *(EFI_TLS_SESSION_STATE *)
> GetSessionDataBuffer;
> -
> - FreePool (GetSessionDataBuffer);
> -
> - if(HttpInstance->TlsSessionState == EfiTlsSessionError) {
> - DEBUG ((EFI_D_ERROR, "TLS Session State Error!\n"));
> - return EFI_ABORTED;
> - }
> -
> - BufferIn = NULL;
> - BufferInSize = 0;
> - }
> -
> - Fragment->Bulk = BufferIn;
> - Fragment->Len = (UINT32) BufferInSize;
> -
> - return Status;
> -}
> +/** @file
> + Miscellaneous routines specific to Https for HttpDxe driver.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution. The full text of the license may be
> found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include "HttpDriver.h"
> +
> +/**
> + Returns the first occurrence of a Null-terminated ASCII sub-string in a Null-
> terminated
> + ASCII string and ignore case during the search process.
> +
> + This function scans the contents of the ASCII string specified by String
> + and returns the first occurrence of SearchString and ignore case during the
> search process.
> + If SearchString is not found in String, then NULL is returned. If the length of
> SearchString
> + is zero, then String is returned.
> +
> + If String is NULL, then ASSERT().
> + If SearchString is NULL, then ASSERT().
> +
> + @param[in] String A pointer to a Null-terminated ASCII string.
> + @param[in] SearchString A pointer to a Null-terminated ASCII string to
> search for.
> +
> + @retval NULL If the SearchString does not appear in String.
> + @retval others If there is a match return the first occurrence of
> SearchingString.
> + If the length of SearchString is zero,return String.
> +
> +**/
> +CHAR8 *
> +AsciiStrCaseStr (
> + IN CONST CHAR8 *String,
> + IN CONST CHAR8 *SearchString
> + )
> +{
> + CONST CHAR8 *FirstMatch;
> + CONST CHAR8 *SearchStringTmp;
> +
> + CHAR8 Src;
> + CHAR8 Dst;
> +
> + //
> + // ASSERT both strings are less long than PcdMaximumAsciiStringLength
> + //
> + ASSERT (AsciiStrSize (String) != 0);
> + ASSERT (AsciiStrSize (SearchString) != 0);
> +
> + if (*SearchString == '\0') {
> + return (CHAR8 *) String;
> + }
> +
> + while (*String != '\0') {
> + SearchStringTmp = SearchString;
> + FirstMatch = String;
> +
> + while ((*SearchStringTmp != '\0')
> + && (*String != '\0')) {
> + Src = *String;
> + Dst = *SearchStringTmp;
> +
> + if ((Src >= 'A') && (Src <= 'Z')) {
> + Src -= ('A' - 'a');
> + }
> +
> + if ((Dst >= 'A') && (Dst <= 'Z')) {
> + Dst -= ('A' - 'a');
> + }
> +
> + if (Src != Dst) {
> + break;
> + }
> +
> + String++;
> + SearchStringTmp++;
> + }
> +
> + if (*SearchStringTmp == '\0') {
> + return (CHAR8 *) FirstMatch;
> + }
> +
> + String = FirstMatch + 1;
> + }
> +
> + return NULL;
> +}
> +
> +/**
> + The callback function to free the net buffer list.
> +
> + @param[in] Arg The opaque parameter.
> +
> +**/
> +VOID
> +EFIAPI
> +FreeNbufList (
> + IN VOID *Arg
> + )
> +{
> + ASSERT (Arg != NULL);
> +
> + NetbufFreeList ((LIST_ENTRY *) Arg);
> + FreePool (Arg);
> +}
> +
> +/**
> + Check whether the Url is from Https.
> +
> + @param[in] Url The pointer to a HTTP or HTTPS URL string.
> +
> + @retval TRUE The Url is from HTTPS.
> + @retval FALSE The Url is from HTTP.
> +
> +**/
> +BOOLEAN
> +IsHttpsUrl (
> + IN CHAR8 *Url
> + )
> +{
> + CHAR8 *Tmp;
> +
> + Tmp = NULL;
> +
> + Tmp = AsciiStrCaseStr (Url, HTTPS_FLAG);
> + if (Tmp != NULL && Tmp == Url) {
> + return TRUE;
> + }
> +
> + return FALSE;
> +}
> +
> +/**
> + Creates a Tls child handle, open EFI_TLS_PROTOCOL and
> EFI_TLS_CONFIGURATION_PROTOCOL.
> +
> + @param[in] ImageHandle The firmware allocated handle for the UEFI
> image.
> + @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[out] TlsConfiguration Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> +
> + @return The child handle with opened EFI_TLS_PROTOCOL and
> EFI_TLS_CONFIGURATION_PROTOCOL.
> +
> +**/
> +EFI_HANDLE
> +EFIAPI
> +TlsCreateChild (
> + IN EFI_HANDLE ImageHandle,
> + OUT EFI_TLS_PROTOCOL **TlsProto,
> + OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
> + )
> +{
> + EFI_STATUS Status;
> + EFI_SERVICE_BINDING_PROTOCOL *TlsSb;
> + EFI_HANDLE TlsChildHandle;
> +
> + TlsSb = NULL;
> + TlsChildHandle = 0;
> +
> + //
> + // Locate TlsServiceBinding protocol.
> + //
> + gBS->LocateProtocol (
> + &gEfiTlsServiceBindingProtocolGuid,
> + NULL,
> + (VOID **) &TlsSb
> + );
> + if (TlsSb == NULL) {
> + return NULL;
> + }
> +
> + Status = TlsSb->CreateChild (TlsSb, &TlsChildHandle);
> + if (EFI_ERROR (Status)) {
> + return NULL;
> + }
> +
> + Status = gBS->OpenProtocol (
> + TlsChildHandle,
> + &gEfiTlsProtocolGuid,
> + (VOID **) TlsProto,
> + ImageHandle,
> + TlsChildHandle,
> + EFI_OPEN_PROTOCOL_GET_PROTOCOL
> + );
> + if (EFI_ERROR (Status)) {
> + TlsSb->DestroyChild (TlsSb, TlsChildHandle);
> + return NULL;
> + }
> +
> + Status = gBS->OpenProtocol (
> + TlsChildHandle,
> + &gEfiTlsConfigurationProtocolGuid,
> + (VOID **) TlsConfiguration,
> + ImageHandle,
> + TlsChildHandle,
> + EFI_OPEN_PROTOCOL_GET_PROTOCOL
> + );
> + if (EFI_ERROR (Status)) {
> + TlsSb->DestroyChild (TlsSb, TlsChildHandle);
> + return NULL;
> + }
> +
> + return TlsChildHandle;
> +}
> +
> +/**
> + Create event for the TLS receive and transmit tokens which are used to
> receive and
> + transmit TLS related messages.
> +
> + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> +
> + @retval EFI_SUCCESS The events are created successfully.
> + @retval others Other error as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsCreateTxRxEvent (
> + IN OUT HTTP_PROTOCOL *HttpInstance
> + )
> +{
> + EFI_STATUS Status;
> +
> + if (!HttpInstance->LocalAddressIsIPv6) {
> + //
> + // For Tcp4TlsTxToken.
> + //
> + Status = gBS->CreateEvent (
> + EVT_NOTIFY_SIGNAL,
> + TPL_NOTIFY,
> + HttpCommonNotify,
> + &HttpInstance->TlsIsTxDone,
> + &HttpInstance->Tcp4TlsTxToken.CompletionToken.Event
> + );
> + if (EFI_ERROR (Status)) {
> + goto ERROR;
> + }
> +
> + HttpInstance->Tcp4TlsTxData.Push = TRUE;
> + HttpInstance->Tcp4TlsTxData.Urgent = FALSE;
> + HttpInstance->Tcp4TlsTxData.DataLength = 0;
> + HttpInstance->Tcp4TlsTxData.FragmentCount = 1;
> + HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentLength =
> HttpInstance->Tcp4TlsTxData.DataLength;
> + HttpInstance->Tcp4TlsTxData.FragmentTable[0].FragmentBuffer = NULL;
> + HttpInstance->Tcp4TlsTxToken.Packet.TxData = &HttpInstance-
> >Tcp4TlsTxData;
> + HttpInstance->Tcp4TlsTxToken.CompletionToken.Status =
> EFI_NOT_READY;
> +
> + //
> + // For Tcp4TlsRxToken.
> + //
> + Status = gBS->CreateEvent (
> + EVT_NOTIFY_SIGNAL,
> + TPL_NOTIFY,
> + HttpCommonNotify,
> + &HttpInstance->TlsIsRxDone,
> + &HttpInstance->Tcp4TlsRxToken.CompletionToken.Event
> + );
> + if (EFI_ERROR (Status)) {
> + goto ERROR;
> + }
> +
> + HttpInstance->Tcp4TlsRxData.DataLength = 0;
> + HttpInstance->Tcp4TlsRxData.FragmentCount = 1;
> + HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentLength =
> HttpInstance->Tcp4TlsRxData.DataLength ;
> + HttpInstance->Tcp4TlsRxData.FragmentTable[0].FragmentBuffer = NULL;
> + HttpInstance->Tcp4TlsRxToken.Packet.RxData = &HttpInstance-
> >Tcp4TlsRxData;
> + HttpInstance->Tcp4TlsRxToken.CompletionToken.Status =
> EFI_NOT_READY;
> + } else {
> + //
> + // For Tcp6TlsTxToken.
> + //
> + Status = gBS->CreateEvent (
> + EVT_NOTIFY_SIGNAL,
> + TPL_NOTIFY,
> + HttpCommonNotify,
> + &HttpInstance->TlsIsTxDone,
> + &HttpInstance->Tcp6TlsTxToken.CompletionToken.Event
> + );
> + if (EFI_ERROR (Status)) {
> + goto ERROR;
> + }
> +
> + HttpInstance->Tcp6TlsTxData.Push = TRUE;
> + HttpInstance->Tcp6TlsTxData.Urgent = FALSE;
> + HttpInstance->Tcp6TlsTxData.DataLength = 0;
> + HttpInstance->Tcp6TlsTxData.FragmentCount = 1;
> + HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentLength =
> HttpInstance->Tcp6TlsTxData.DataLength;
> + HttpInstance->Tcp6TlsTxData.FragmentTable[0].FragmentBuffer = NULL;
> + HttpInstance->Tcp6TlsTxToken.Packet.TxData = &HttpInstance-
> >Tcp6TlsTxData;
> + HttpInstance->Tcp6TlsTxToken.CompletionToken.Status =
> EFI_NOT_READY;
> +
> + //
> + // For Tcp6TlsRxToken.
> + //
> + Status = gBS->CreateEvent (
> + EVT_NOTIFY_SIGNAL,
> + TPL_NOTIFY,
> + HttpCommonNotify,
> + &HttpInstance->TlsIsRxDone,
> + &HttpInstance->Tcp6TlsRxToken.CompletionToken.Event
> + );
> + if (EFI_ERROR (Status)) {
> + goto ERROR;
> + }
> +
> + HttpInstance->Tcp6TlsRxData.DataLength = 0;
> + HttpInstance->Tcp6TlsRxData.FragmentCount = 1;
> + HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentLength =
> HttpInstance->Tcp6TlsRxData.DataLength ;
> + HttpInstance->Tcp6TlsRxData.FragmentTable[0].FragmentBuffer = NULL;
> + HttpInstance->Tcp6TlsRxToken.Packet.RxData = &HttpInstance-
> >Tcp6TlsRxData;
> + HttpInstance->Tcp6TlsRxToken.CompletionToken.Status =
> EFI_NOT_READY;
> + }
> +
> + return Status;
> +
> +ERROR:
> + //
> + // Error handling
> + //
> + TlsCloseTxRxEvent (HttpInstance);
> +
> + return Status;
> +}
> +
> +/**
> + Close events in the TlsTxToken and TlsRxToken.
> +
> + @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsCloseTxRxEvent (
> + IN HTTP_PROTOCOL *HttpInstance
> + )
> +{
> + ASSERT (HttpInstance != NULL);
> + if (!HttpInstance->LocalAddressIsIPv6) {
> + if (NULL != HttpInstance->Tcp4TlsTxToken.CompletionToken.Event) {
> + gBS->CloseEvent(HttpInstance-
> >Tcp4TlsTxToken.CompletionToken.Event);
> + HttpInstance->Tcp4TlsTxToken.CompletionToken.Event = NULL;
> + }
> +
> + if (NULL != HttpInstance->Tcp4TlsRxToken.CompletionToken.Event) {
> + gBS->CloseEvent (HttpInstance-
> >Tcp4TlsRxToken.CompletionToken.Event);
> + HttpInstance->Tcp4TlsRxToken.CompletionToken.Event = NULL;
> + }
> + } else {
> + if (NULL != HttpInstance->Tcp6TlsTxToken.CompletionToken.Event) {
> + gBS->CloseEvent(HttpInstance-
> >Tcp6TlsTxToken.CompletionToken.Event);
> + HttpInstance->Tcp6TlsTxToken.CompletionToken.Event = NULL;
> + }
> +
> + if (NULL != HttpInstance->Tcp6TlsRxToken.CompletionToken.Event) {
> + gBS->CloseEvent (HttpInstance-
> >Tcp6TlsRxToken.CompletionToken.Event);
> + HttpInstance->Tcp6TlsRxToken.CompletionToken.Event = NULL;
> + }
> + }
> +}
> +
> +/**
> + Read the TlsCaCertificate variable and configure it.
> +
> + @param[in, out] HttpInstance The HTTP instance private data.
> +
> + @retval EFI_SUCCESS TlsCaCertificate is configured.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_NOT_FOUND Fail to get 'TlsCaCertificate' variable.
> + @retval Others Other error as indicated.
> +
> +**/
> +EFI_STATUS
> +TlsConfigCertificate (
> + IN OUT HTTP_PROTOCOL *HttpInstance
> + )
> +{
> + EFI_STATUS Status;
> + UINT8 *CACert;
> + UINTN CACertSize;
> + UINT32 Index;
> + EFI_SIGNATURE_LIST *CertList;
> + EFI_SIGNATURE_DATA *Cert;
> + UINTN CertCount;
> + UINT32 ItemDataSize;
> +
> + CACert = NULL;
> + CACertSize = 0;
> +
> + //
> + // Try to read the TlsCaCertificate variable.
> + //
> + Status = gRT->GetVariable (
> + EFI_TLS_CA_CERTIFICATE_VARIABLE,
> + &gEfiTlsCaCertificateGuid,
> + NULL,
> + &CACertSize,
> + NULL
> + );
> +
> + if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
> + return Status;
> + }
> +
> + //
> + // Allocate buffer and read the config variable.
> + //
> + CACert = AllocatePool (CACertSize);
> + if (CACert == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + Status = gRT->GetVariable (
> + EFI_TLS_CA_CERTIFICATE_VARIABLE,
> + &gEfiTlsCaCertificateGuid,
> + NULL,
> + &CACertSize,
> + CACert
> + );
> + if (EFI_ERROR (Status)) {
> + //
> + // GetVariable still error or the variable is corrupted.
> + // Fall back to the default value.
> + //
> + FreePool (CACert);
> +
> + return EFI_NOT_FOUND;
> + }
> +
> + ASSERT (CACert != NULL);
> +
> + //
> + // Enumerate all data and erasing the target item.
> + //
> + ItemDataSize = (UINT32) CACertSize;
> + CertList = (EFI_SIGNATURE_LIST *) CACert;
> + while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize))
> {
> + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof
> (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
> + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) -
> CertList->SignatureHeaderSize) / CertList->SignatureSize;
> + for (Index = 0; Index < CertCount; Index++) {
> + //
> + // EfiTlsConfigDataTypeCACertificate
> + //
> + Status = HttpInstance->TlsConfiguration->SetData (
> + HttpInstance->TlsConfiguration,
> + EfiTlsConfigDataTypeCACertificate,
> + Cert->SignatureData,
> + CertList->SignatureSize - sizeof (Cert-
> >SignatureOwner)
> + );
> + if (EFI_ERROR (Status)) {
> + FreePool (CACert);
> + return Status;
> + }
> +
> + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList-
> >SignatureSize);
> + }
> +
> + ItemDataSize -= CertList->SignatureListSize;
> + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList-
> >SignatureListSize);
> + }
> +
> + FreePool (CACert);
> + return Status;
> +}
> +
> +/**
> + Configure TLS session data.
> +
> + @param[in, out] HttpInstance The HTTP instance private data.
> +
> + @retval EFI_SUCCESS TLS session data is configured.
> + @retval Others Other error as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsConfigureSession (
> + IN OUT HTTP_PROTOCOL *HttpInstance
> + )
> +{
> + EFI_STATUS Status;
> +
> + //
> + // TlsConfigData initialization
> + //
> + HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
> + HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
> + HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
> +
> + //
> + // EfiTlsConnectionEnd,
> + // EfiTlsVerifyMethod
> + // EfiTlsSessionState
> + //
> + Status = HttpInstance->Tls->SetSessionData (
> + HttpInstance->Tls,
> + EfiTlsConnectionEnd,
> + &(HttpInstance->TlsConfigData.ConnectionEnd),
> + sizeof (EFI_TLS_CONNECTION_END)
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->SetSessionData (
> + HttpInstance->Tls,
> + EfiTlsVerifyMethod,
> + &HttpInstance->TlsConfigData.VerifyMethod,
> + sizeof (EFI_TLS_VERIFY)
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->SetSessionData (
> + HttpInstance->Tls,
> + EfiTlsSessionState,
> + &(HttpInstance->TlsConfigData.SessionState),
> + sizeof (EFI_TLS_SESSION_STATE)
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + //
> + // Tls Config Certificate
> + //
> + Status = TlsConfigCertificate (HttpInstance);
> + if (EFI_ERROR (Status)) {
> + DEBUG ((EFI_D_ERROR, "TLS Certificate Config Error!\n"));
> + return Status;
> + }
> +
> + //
> + // TlsCreateTxRxEvent
> + //
> + Status = TlsCreateTxRxEvent (HttpInstance);
> + if (EFI_ERROR (Status)) {
> + goto ERROR;
> + }
> +
> + return Status;
> +
> +ERROR:
> + TlsCloseTxRxEvent (HttpInstance);
> +
> + return Status;
> +}
> +
> +/**
> + Transmit the Packet by processing the associated HTTPS token.
> +
> + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> + @param[in] Packet The packet to transmit.
> +
> + @retval EFI_SUCCESS The packet is transmitted.
> + @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_DEVICE_ERROR An unexpected system or network error
> occurred.
> + @retval Others Other errors as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsCommonTransmit (
> + IN OUT HTTP_PROTOCOL *HttpInstance,
> + IN NET_BUF *Packet
> + )
> +{
> + EFI_STATUS Status;
> + VOID *Data;
> + UINTN Size;
> +
> + if ((HttpInstance == NULL) || (Packet == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + if (!HttpInstance->LocalAddressIsIPv6) {
> + Size = sizeof (EFI_TCP4_TRANSMIT_DATA) +
> + (Packet->BlockOpNum - 1) * sizeof (EFI_TCP4_FRAGMENT_DATA);
> + } else {
> + Size = sizeof (EFI_TCP6_TRANSMIT_DATA) +
> + (Packet->BlockOpNum - 1) * sizeof (EFI_TCP6_FRAGMENT_DATA);
> + }
> +
> + Data = AllocatePool (Size);
> + if (Data == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + if (!HttpInstance->LocalAddressIsIPv6) {
> + ((EFI_TCP4_TRANSMIT_DATA *) Data)->Push = TRUE;
> + ((EFI_TCP4_TRANSMIT_DATA *) Data)->Urgent = FALSE;
> + ((EFI_TCP4_TRANSMIT_DATA *) Data)->DataLength = Packet->TotalSize;
> +
> + //
> + // Build the fragment table.
> + //
> + ((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount = Packet-
> >BlockOpNum;
> +
> + NetbufBuildExt (
> + Packet,
> + (NET_FRAGMENT *) &((EFI_TCP4_TRANSMIT_DATA *) Data)-
> >FragmentTable[0],
> + &((EFI_TCP4_TRANSMIT_DATA *) Data)->FragmentCount
> + );
> +
> + HttpInstance->Tcp4TlsTxToken.Packet.TxData =
> (EFI_TCP4_TRANSMIT_DATA *) Data;
> +
> + Status = EFI_DEVICE_ERROR;
> +
> + //
> + // Transmit the packet.
> + //
> + Status = HttpInstance->Tcp4->Transmit (HttpInstance->Tcp4,
> &HttpInstance->Tcp4TlsTxToken);
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + while (!HttpInstance->TlsIsTxDone) {
> + HttpInstance->Tcp4->Poll (HttpInstance->Tcp4);
> + }
> +
> + HttpInstance->TlsIsTxDone = FALSE;
> + Status = HttpInstance->Tcp4TlsTxToken.CompletionToken.Status;
> + } else {
> + ((EFI_TCP6_TRANSMIT_DATA *) Data)->Push = TRUE;
> + ((EFI_TCP6_TRANSMIT_DATA *) Data)->Urgent = FALSE;
> + ((EFI_TCP6_TRANSMIT_DATA *) Data)->DataLength = Packet->TotalSize;
> +
> + //
> + // Build the fragment table.
> + //
> + ((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount = Packet-
> >BlockOpNum;
> +
> + NetbufBuildExt (
> + Packet,
> + (NET_FRAGMENT *) &((EFI_TCP6_TRANSMIT_DATA *) Data)-
> >FragmentTable[0],
> + &((EFI_TCP6_TRANSMIT_DATA *) Data)->FragmentCount
> + );
> +
> + HttpInstance->Tcp6TlsTxToken.Packet.TxData =
> (EFI_TCP6_TRANSMIT_DATA *) Data;
> +
> + Status = EFI_DEVICE_ERROR;
> +
> + //
> + // Transmit the packet.
> + //
> + Status = HttpInstance->Tcp6->Transmit (HttpInstance->Tcp6,
> &HttpInstance->Tcp6TlsTxToken);
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + while (!HttpInstance->TlsIsTxDone) {
> + HttpInstance->Tcp6->Poll (HttpInstance->Tcp6);
> + }
> +
> + HttpInstance->TlsIsTxDone = FALSE;
> + Status = HttpInstance->Tcp6TlsTxToken.CompletionToken.Status;
> + }
> +
> +ON_EXIT:
> + FreePool (Data);
> +
> + return Status;
> +}
> +
> +/**
> + Receive the Packet by processing the associated HTTPS token.
> +
> + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> + @param[in] Packet The packet to transmit.
> + @param[in] Timeout The time to wait for connection done.
> +
> + @retval EFI_SUCCESS The Packet is received.
> + @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_TIMEOUT The operation is time out.
> + @retval Others Other error as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsCommonReceive (
> + IN OUT HTTP_PROTOCOL *HttpInstance,
> + IN NET_BUF *Packet,
> + IN EFI_EVENT Timeout
> + )
> +{
> + EFI_TCP4_RECEIVE_DATA *Tcp4RxData;
> + EFI_TCP6_RECEIVE_DATA *Tcp6RxData;
> + EFI_STATUS Status;
> + NET_FRAGMENT *Fragment;
> + UINT32 FragmentCount;
> + UINT32 CurrentFragment;
> +
> + Tcp4RxData = NULL;
> + Tcp6RxData = NULL;
> +
> + if ((HttpInstance == NULL) || (Packet == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + FragmentCount = Packet->BlockOpNum;
> + Fragment = AllocatePool (FragmentCount * sizeof (NET_FRAGMENT));
> + if (Fragment == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + //
> + // Build the fragment table.
> + //
> + NetbufBuildExt (Packet, Fragment, &FragmentCount);
> +
> + if (!HttpInstance->LocalAddressIsIPv6) {
> + Tcp4RxData = HttpInstance->Tcp4TlsRxToken.Packet.RxData;
> + if (Tcp4RxData == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> + Tcp4RxData->FragmentCount = 1;
> + } else {
> + Tcp6RxData = HttpInstance->Tcp6TlsRxToken.Packet.RxData;
> + if (Tcp6RxData == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> + Tcp6RxData->FragmentCount = 1;
> + }
> +
> + CurrentFragment = 0;
> + Status = EFI_SUCCESS;
> +
> + while (CurrentFragment < FragmentCount) {
> + if (!HttpInstance->LocalAddressIsIPv6) {
> + Tcp4RxData->DataLength = Fragment[CurrentFragment].Len;
> + Tcp4RxData->FragmentTable[0].FragmentLength =
> Fragment[CurrentFragment].Len;
> + Tcp4RxData->FragmentTable[0].FragmentBuffer =
> Fragment[CurrentFragment].Bulk;
> + Status = HttpInstance->Tcp4->Receive (HttpInstance->Tcp4,
> &HttpInstance->Tcp4TlsRxToken);
> + } else {
> + Tcp6RxData->DataLength = Fragment[CurrentFragment].Len;
> + Tcp6RxData->FragmentTable[0].FragmentLength =
> Fragment[CurrentFragment].Len;
> + Tcp6RxData->FragmentTable[0].FragmentBuffer =
> Fragment[CurrentFragment].Bulk;
> + Status = HttpInstance->Tcp6->Receive (HttpInstance->Tcp6,
> &HttpInstance->Tcp6TlsRxToken);
> + }
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + while (!HttpInstance->TlsIsRxDone && ((Timeout == NULL) || EFI_ERROR
> (gBS->CheckEvent (Timeout)))) {
> + //
> + // Poll until some data is received or an error occurs.
> + //
> + if (!HttpInstance->LocalAddressIsIPv6) {
> + HttpInstance->Tcp4->Poll (HttpInstance->Tcp4);
> + } else {
> + HttpInstance->Tcp6->Poll (HttpInstance->Tcp6);
> + }
> + }
> +
> + if (!HttpInstance->TlsIsRxDone) {
> + //
> + // Timeout occurs, cancel the receive request.
> + //
> + if (!HttpInstance->LocalAddressIsIPv6) {
> + HttpInstance->Tcp4->Cancel (HttpInstance->Tcp4, &HttpInstance-
> >Tcp4TlsRxToken.CompletionToken);
> + } else {
> + HttpInstance->Tcp6->Cancel (HttpInstance->Tcp6, &HttpInstance-
> >Tcp6TlsRxToken.CompletionToken);
> + }
> +
> + Status = EFI_TIMEOUT;
> + goto ON_EXIT;
> + } else {
> + HttpInstance->TlsIsRxDone = FALSE;
> + }
> +
> + if (!HttpInstance->LocalAddressIsIPv6) {
> + Status = HttpInstance->Tcp4TlsRxToken.CompletionToken.Status;
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + Fragment[CurrentFragment].Len -= Tcp4RxData-
> >FragmentTable[0].FragmentLength;
> + if (Fragment[CurrentFragment].Len == 0) {
> + CurrentFragment++;
> + } else {
> + Fragment[CurrentFragment].Bulk += Tcp4RxData-
> >FragmentTable[0].FragmentLength;
> + }
> + } else {
> + Status = HttpInstance->Tcp6TlsRxToken.CompletionToken.Status;
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + Fragment[CurrentFragment].Len -= Tcp6RxData-
> >FragmentTable[0].FragmentLength;
> + if (Fragment[CurrentFragment].Len == 0) {
> + CurrentFragment++;
> + } else {
> + Fragment[CurrentFragment].Bulk += Tcp6RxData-
> >FragmentTable[0].FragmentLength;
> + }
> + }
> + }
> +
> +ON_EXIT:
> +
> + if (Fragment != NULL) {
> + FreePool (Fragment);
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Receive one TLS PDU. An TLS PDU contains an TLS record header and it's
> + corresponding record data. These two parts will be put into two blocks of
> buffers in the
> + net buffer.
> +
> + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> + @param[out] Pdu The received TLS PDU.
> + @param[in] Timeout The time to wait for connection done.
> +
> + @retval EFI_SUCCESS An TLS PDU is received.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.
> + @retval Others Other errors as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsReceiveOnePdu (
> + IN OUT HTTP_PROTOCOL *HttpInstance,
> + OUT NET_BUF **Pdu,
> + IN EFI_EVENT Timeout
> + )
> +{
> + EFI_STATUS Status;
> +
> + LIST_ENTRY *NbufList;
> +
> + UINT32 Len;
> +
> + NET_BUF *PduHdr;
> + UINT8 *Header;
> + TLS_RECORD_HEADER RecordHeader;
> +
> + NET_BUF *DataSeg;
> +
> + NbufList = NULL;
> + PduHdr = NULL;
> + Header = NULL;
> + DataSeg = NULL;
> +
> + NbufList = AllocatePool (sizeof (LIST_ENTRY));
> + if (NbufList == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + InitializeListHead (NbufList);
> +
> + //
> + // Allocate buffer to receive one TLS header.
> + //
> + Len = sizeof (TLS_RECORD_HEADER);
> + PduHdr = NetbufAlloc (Len);
> + if (PduHdr == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + Header = NetbufAllocSpace (PduHdr, Len, NET_BUF_TAIL);
> + if (Header == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + //
> + // First step, receive one TLS header.
> + //
> + Status = TlsCommonReceive (HttpInstance, PduHdr, Timeout);
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + RecordHeader = *(TLS_RECORD_HEADER *) Header;
> + if ((RecordHeader.ContentType == TlsContentTypeHandshake ||
> + RecordHeader.ContentType == TlsContentTypeAlert ||
> + RecordHeader.ContentType == TlsContentTypeChangeCipherSpec ||
> + RecordHeader.ContentType == TlsContentTypeApplicationData) &&
> + (RecordHeader.Version.Major == 0x03) && /// Major versions are same.
> + (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
> + RecordHeader.Version.Minor ==TLS11_PROTOCOL_VERSION_MINOR ||
> + RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
> + ) {
> + InsertTailList (NbufList, &PduHdr->List);
> + } else {
> + Status = EFI_PROTOCOL_ERROR;
> + goto ON_EXIT;
> + }
> +
> + Len = SwapBytes16(RecordHeader.Length);
> + if (Len == 0) {
> + //
> + // No TLS payload.
> + //
> + goto FORM_PDU;
> + }
> +
> + //
> + // Allocate buffer to receive one TLS payload.
> + //
> + DataSeg = NetbufAlloc (Len);
> + if (DataSeg == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + NetbufAllocSpace (DataSeg, Len, NET_BUF_TAIL);
> +
> + //
> + // Second step, receive one TLS payload.
> + //
> + Status = TlsCommonReceive (HttpInstance, DataSeg, Timeout);
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + InsertTailList (NbufList, &DataSeg->List);
> +
> +FORM_PDU:
> + //
> + // Form the PDU from a list of PDU.
> + //
> + *Pdu = NetbufFromBufList (NbufList, 0, 0, FreeNbufList, NbufList);
> + if (*Pdu == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + }
> +
> +ON_EXIT:
> +
> + if (EFI_ERROR (Status)) {
> + //
> + // Free the Nbufs in this NbufList and the NbufList itself.
> + //
> + FreeNbufList (NbufList);
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Connect one TLS session by finishing the TLS handshake process.
> +
> + @param[in] HttpInstance The HTTP instance private data.
> + @param[in] Timeout The time to wait for connection done.
> +
> + @retval EFI_SUCCESS The TLS session is established.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_ABORTED TLS session state is incorrect.
> + @retval Others Other error as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsConnectSession (
> + IN HTTP_PROTOCOL *HttpInstance,
> + IN EFI_EVENT Timeout
> + )
> +{
> + EFI_STATUS Status;
> + UINT8 *BufferOut;
> + UINTN BufferOutSize;
> + NET_BUF *PacketOut;
> + UINT8 *DataOut;
> + NET_BUF *Pdu;
> + UINT8 *BufferIn;
> + UINTN BufferInSize;
> + UINT8 *GetSessionDataBuffer;
> + UINTN GetSessionDataBufferSize;
> +
> + BufferOut = NULL;
> + PacketOut = NULL;
> + DataOut = NULL;
> + Pdu = NULL;
> + BufferIn = NULL;
> +
> + //
> + // Initialize TLS state.
> + //
> + HttpInstance->TlsSessionState = EfiTlsSessionNotStarted;
> + Status = HttpInstance->Tls->SetSessionData (
> + HttpInstance->Tls,
> + EfiTlsSessionState,
> + &(HttpInstance->TlsSessionState),
> + sizeof (EFI_TLS_SESSION_STATE)
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + //
> + // Create ClientHello
> + //
> + BufferOutSize = DEF_BUF_LEN;
> + BufferOut = AllocateZeroPool (BufferOutSize);
> + if (BufferOut == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->BuildResponsePacket (
> + HttpInstance->Tls,
> + NULL,
> + 0,
> + BufferOut,
> + &BufferOutSize
> + );
> + if (Status == EFI_BUFFER_TOO_SMALL) {
> + FreePool (BufferOut);
> + BufferOut = AllocateZeroPool (BufferOutSize);
> + if (BufferOut == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->BuildResponsePacket (
> + HttpInstance->Tls,
> + NULL,
> + 0,
> + BufferOut,
> + &BufferOutSize
> + );
> + }
> + if (EFI_ERROR (Status)) {
> + FreePool (BufferOut);
> + return Status;
> + }
> +
> + //
> + // Transmit ClientHello
> + //
> + PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
> + DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize,
> NET_BUF_TAIL);
> + if (DataOut == NULL) {
> + FreePool (BufferOut);
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + CopyMem (DataOut, BufferOut, BufferOutSize);
> + Status = TlsCommonTransmit (HttpInstance, PacketOut);
> +
> + FreePool (BufferOut);
> + NetbufFree (PacketOut);
> +
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + while(HttpInstance->TlsSessionState != EfiTlsSessionDataTransferring && \
> + ((Timeout == NULL) || EFI_ERROR (gBS->CheckEvent (Timeout)))) {
> + //
> + // Receive one TLS record.
> + //
> + Status = TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout);
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + BufferInSize = Pdu->TotalSize;
> + BufferIn = AllocateZeroPool (BufferInSize);
> + if (BufferIn == NULL) {
> + NetbufFree (Pdu);
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + NetbufCopy (Pdu, 0, (UINT32)BufferInSize, BufferIn);
> +
> + NetbufFree (Pdu);
> +
> + //
> + // Handle Receive data.
> + //
> + BufferOutSize = DEF_BUF_LEN;
> + BufferOut = AllocateZeroPool (BufferOutSize);
> + if (BufferOut == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->BuildResponsePacket (
> + HttpInstance->Tls,
> + BufferIn,
> + BufferInSize,
> + BufferOut,
> + &BufferOutSize
> + );
> + if (Status == EFI_BUFFER_TOO_SMALL) {
> + FreePool (BufferOut);
> + BufferOut = AllocateZeroPool (BufferOutSize);
> + if (BufferOut == NULL) {
> + FreePool (BufferIn);
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->BuildResponsePacket (
> + HttpInstance->Tls,
> + BufferIn,
> + BufferInSize,
> + BufferOut,
> + &BufferOutSize
> + );
> + }
> +
> + FreePool (BufferIn);
> +
> + if (EFI_ERROR (Status)) {
> + FreePool (BufferOut);
> + return Status;
> + }
> +
> + if (BufferOutSize != 0) {
> + //
> + // Transmit the response packet.
> + //
> + PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
> + DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize,
> NET_BUF_TAIL);
> + if (DataOut == NULL) {
> + FreePool (BufferOut);
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + CopyMem (DataOut, BufferOut, BufferOutSize);
> +
> + Status = TlsCommonTransmit (HttpInstance, PacketOut);
> +
> + NetbufFree (PacketOut);
> +
> + if (EFI_ERROR (Status)) {
> + FreePool (BufferOut);
> + return Status;
> + }
> + }
> +
> + FreePool (BufferOut);
> +
> + //
> + // Get the session state, then decide whether need to continue handle
> received packet.
> + //
> + GetSessionDataBufferSize = DEF_BUF_LEN;
> + GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
> + if (GetSessionDataBuffer == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->GetSessionData (
> + HttpInstance->Tls,
> + EfiTlsSessionState,
> + GetSessionDataBuffer,
> + &GetSessionDataBufferSize
> + );
> + if (Status == EFI_BUFFER_TOO_SMALL) {
> + FreePool (GetSessionDataBuffer);
> + GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
> + if (GetSessionDataBuffer == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->GetSessionData (
> + HttpInstance->Tls,
> + EfiTlsSessionState,
> + GetSessionDataBuffer,
> + &GetSessionDataBufferSize
> + );
> + }
> + if (EFI_ERROR (Status)) {
> + FreePool(GetSessionDataBuffer);
> + return Status;
> + }
> +
> + ASSERT(GetSessionDataBufferSize == sizeof (EFI_TLS_SESSION_STATE));
> + HttpInstance->TlsSessionState = *(EFI_TLS_SESSION_STATE *)
> GetSessionDataBuffer;
> +
> + FreePool (GetSessionDataBuffer);
> +
> + if(HttpInstance->TlsSessionState == EfiTlsSessionError) {
> + return EFI_ABORTED;
> + }
> + }
> +
> + if (HttpInstance->TlsSessionState != EfiTlsSessionDataTransferring) {
> + Status = EFI_ABORTED;
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Close the TLS session and send out the close notification message.
> +
> + @param[in] HttpInstance The HTTP instance private data.
> +
> + @retval EFI_SUCCESS The TLS session is closed.
> + @retval EFI_INVALID_PARAMETER HttpInstance is NULL.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval Others Other error as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsCloseSession (
> + IN HTTP_PROTOCOL *HttpInstance
> + )
> +{
> + EFI_STATUS Status;
> +
> + UINT8 *BufferOut;
> + UINTN BufferOutSize;
> +
> + NET_BUF *PacketOut;
> + UINT8 *DataOut;
> +
> + Status = EFI_SUCCESS;
> + BufferOut = NULL;
> + PacketOut = NULL;
> + DataOut = NULL;
> +
> + if (HttpInstance == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + HttpInstance->TlsSessionState = EfiTlsSessionClosing;
> +
> + Status = HttpInstance->Tls->SetSessionData (
> + HttpInstance->Tls,
> + EfiTlsSessionState,
> + &(HttpInstance->TlsSessionState),
> + sizeof (EFI_TLS_SESSION_STATE)
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + BufferOutSize = DEF_BUF_LEN;
> + BufferOut = AllocateZeroPool (BufferOutSize);
> + if (BufferOut == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->BuildResponsePacket (
> + HttpInstance->Tls,
> + NULL,
> + 0,
> + BufferOut,
> + &BufferOutSize
> + );
> + if (Status == EFI_BUFFER_TOO_SMALL) {
> + FreePool (BufferOut);
> + BufferOut = AllocateZeroPool (BufferOutSize);
> + if (BufferOut == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->BuildResponsePacket (
> + HttpInstance->Tls,
> + NULL,
> + 0,
> + BufferOut,
> + &BufferOutSize
> + );
> + }
> +
> + if (EFI_ERROR (Status)) {
> + FreePool (BufferOut);
> + return Status;
> + }
> +
> + PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
> + DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize,
> NET_BUF_TAIL);
> + if (DataOut == NULL) {
> + FreePool (BufferOut);
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + CopyMem (DataOut, BufferOut, BufferOutSize);
> +
> + Status = TlsCommonTransmit (HttpInstance, PacketOut);
> +
> + FreePool (BufferOut);
> + NetbufFree (PacketOut);
> +
> + return Status;
> +}
> +
> +/**
> + Process one message according to the CryptMode.
> +
> + @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
> + @param[in] Message Pointer to the message buffer needed to
> processed.
> + @param[in] MessageSize Pointer to the message buffer size.
> + @param[in] ProcessMode Process mode.
> + @param[in, out] Fragment Only one Fragment returned after the
> Message is
> + processed successfully.
> +
> + @retval EFI_SUCCESS Message is processed successfully.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval Others Other errors as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsProcessMessage (
> + IN HTTP_PROTOCOL *HttpInstance,
> + IN UINT8 *Message,
> + IN UINTN MessageSize,
> + IN EFI_TLS_CRYPT_MODE ProcessMode,
> + IN OUT NET_FRAGMENT *Fragment
> + )
> +{
> + EFI_STATUS Status;
> + UINT8 *Buffer;
> + UINT32 BufferSize;
> + UINT32 BytesCopied;
> + EFI_TLS_FRAGMENT_DATA *FragmentTable;
> + UINT32 FragmentCount;
> + EFI_TLS_FRAGMENT_DATA *OriginalFragmentTable;
> + UINTN Index;
> +
> + Status = EFI_SUCCESS;
> + Buffer = NULL;
> + BufferSize = 0;
> + BytesCopied = 0;
> + FragmentTable = NULL;
> + OriginalFragmentTable = NULL;
> +
> + //
> + // Rebuild fragment table from BufferIn.
> + //
> + FragmentCount = 1;
> + FragmentTable = AllocateZeroPool (FragmentCount * sizeof
> (EFI_TLS_FRAGMENT_DATA));
> + if (FragmentTable == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + FragmentTable->FragmentLength = (UINT32) MessageSize;
> + FragmentTable->FragmentBuffer = Message;
> +
> + //
> + // Record the original FragmentTable.
> + //
> + OriginalFragmentTable = FragmentTable;
> +
> + //
> + // Process the Message.
> + //
> + Status = HttpInstance->Tls->ProcessPacket (
> + HttpInstance->Tls,
> + &FragmentTable,
> + &FragmentCount,
> + ProcessMode
> + );
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + //
> + // Calculate the size according to FragmentTable.
> + //
> + for (Index = 0; Index < FragmentCount; Index++) {
> + BufferSize += FragmentTable[Index].FragmentLength;
> + }
> +
> + //
> + // Allocate buffer for processed data.
> + //
> + Buffer = AllocateZeroPool (BufferSize);
> + if (Buffer == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + //
> + // Copy the new FragmentTable buffer into Buffer.
> + //
> + for (Index = 0; Index < FragmentCount; Index++) {
> + CopyMem (
> + (Buffer + BytesCopied),
> + FragmentTable[Index].FragmentBuffer,
> + FragmentTable[Index].FragmentLength
> + );
> + BytesCopied += FragmentTable[Index].FragmentLength;
> +
> + //
> + // Free the FragmentBuffer since it has been copied.
> + //
> + FreePool (FragmentTable[Index].FragmentBuffer);
> + }
> +
> + Fragment->Len = BufferSize;
> + Fragment->Bulk = Buffer;
> +
> +ON_EXIT:
> +
> + if (OriginalFragmentTable != NULL) {
> + FreePool (OriginalFragmentTable);
> + OriginalFragmentTable = NULL;
> + }
> +
> + //
> + // Caller has the responsibility to free the FragmentTable.
> + //
> + if (FragmentTable != NULL) {
> + FreePool (FragmentTable);
> + FragmentTable = NULL;
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Receive one fragment decrypted from one TLS record.
> +
> + @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
> + @param[in, out] Fragment The received Fragment.
> + @param[in] Timeout The time to wait for connection done.
> +
> + @retval EFI_SUCCESS One fragment is received.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_ABORTED Something wrong decryption the message.
> + @retval Others Other errors as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +HttpsReceive (
> + IN HTTP_PROTOCOL *HttpInstance,
> + IN OUT NET_FRAGMENT *Fragment,
> + IN EFI_EVENT Timeout
> + )
> +{
> + EFI_STATUS Status;
> + NET_BUF *Pdu;
> + TLS_RECORD_HEADER RecordHeader;
> + UINT8 *BufferIn;
> + UINTN BufferInSize;
> + NET_FRAGMENT TempFragment;
> + UINT8 *BufferOut;
> + UINTN BufferOutSize;
> + NET_BUF *PacketOut;
> + UINT8 *DataOut;
> + UINT8 *GetSessionDataBuffer;
> + UINTN GetSessionDataBufferSize;
> +
> + Status = EFI_SUCCESS;
> + Pdu = NULL;
> + BufferIn = NULL;
> + BufferInSize = 0;
> + BufferOut = NULL;
> + BufferOutSize = 0;
> + PacketOut = NULL;
> + DataOut = NULL;
> + GetSessionDataBuffer = NULL;
> + GetSessionDataBufferSize = 0;
> +
> + //
> + // Receive only one TLS record
> + //
> + Status = TlsReceiveOnePdu (HttpInstance, &Pdu, Timeout);
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + BufferInSize = Pdu->TotalSize;
> + BufferIn = AllocateZeroPool (BufferInSize);
> + if (BufferIn == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + NetbufFree (Pdu);
> + return Status;
> + }
> +
> + NetbufCopy (Pdu, 0, (UINT32) BufferInSize, BufferIn);
> +
> + NetbufFree (Pdu);
> +
> + //
> + // Handle Receive data.
> + //
> + RecordHeader = *(TLS_RECORD_HEADER *) BufferIn;
> +
> + if ((RecordHeader.ContentType == TlsContentTypeApplicationData) &&
> + (RecordHeader.Version.Major == 0x03) &&
> + (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
> + RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||
> + RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
> + ) {
> + //
> + // Decrypt Packet.
> + //
> + Status = TlsProcessMessage (
> + HttpInstance,
> + BufferIn,
> + BufferInSize,
> + EfiTlsDecrypt,
> + &TempFragment
> + );
> +
> + FreePool (BufferIn);
> +
> + if (EFI_ERROR (Status)) {
> + if (Status == EFI_ABORTED) {
> + //
> + // Something wrong decryption the message.
> + // BuildResponsePacket() will be called to generate Error Alert message
> and send it out.
> + //
> + BufferOutSize = DEF_BUF_LEN;
> + BufferOut = AllocateZeroPool (BufferOutSize);
> + if (BufferOut == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->BuildResponsePacket (
> + HttpInstance->Tls,
> + NULL,
> + 0,
> + BufferOut,
> + &BufferOutSize
> + );
> + if (Status == EFI_BUFFER_TOO_SMALL) {
> + FreePool (BufferOut);
> + BufferOut = AllocateZeroPool (BufferOutSize);
> + if (BufferOut == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->BuildResponsePacket (
> + HttpInstance->Tls,
> + NULL,
> + 0,
> + BufferOut,
> + &BufferOutSize
> + );
> + }
> + if (EFI_ERROR (Status)) {
> + FreePool(BufferOut);
> + return Status;
> + }
> +
> + if (BufferOutSize != 0) {
> + PacketOut = NetbufAlloc ((UINT32)BufferOutSize);
> + DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize,
> NET_BUF_TAIL);
> + if (DataOut == NULL) {
> + FreePool (BufferOut);
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + CopyMem (DataOut, BufferOut, BufferOutSize);
> +
> + Status = TlsCommonTransmit (HttpInstance, PacketOut);
> +
> + NetbufFree (PacketOut);
> + }
> +
> + FreePool(BufferOut);
> +
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + return EFI_ABORTED;
> + }
> +
> + return Status;
> + }
> +
> + //
> + // Parsing buffer.
> + //
> + ASSERT (((TLS_RECORD_HEADER *) (TempFragment.Bulk))->ContentType
> == TlsContentTypeApplicationData);
> +
> + BufferInSize = ((TLS_RECORD_HEADER *) (TempFragment.Bulk))->Length;
> + BufferIn = AllocateZeroPool (BufferInSize);
> + if (BufferIn == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + CopyMem (BufferIn, TempFragment.Bulk + sizeof
> (TLS_RECORD_HEADER), BufferInSize);
> +
> + //
> + // Free the buffer in TempFragment.
> + //
> + FreePool (TempFragment.Bulk);
> +
> + } else if ((RecordHeader.ContentType == TlsContentTypeAlert) &&
> + (RecordHeader.Version.Major == 0x03) &&
> + (RecordHeader.Version.Minor == TLS10_PROTOCOL_VERSION_MINOR ||
> + RecordHeader.Version.Minor == TLS11_PROTOCOL_VERSION_MINOR ||
> + RecordHeader.Version.Minor == TLS12_PROTOCOL_VERSION_MINOR)
> + ) {
> + BufferOutSize = DEF_BUF_LEN;
> + BufferOut = AllocateZeroPool (BufferOutSize);
> + if (BufferOut == NULL) {
> + FreePool (BufferIn);
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->BuildResponsePacket (
> + HttpInstance->Tls,
> + BufferIn,
> + BufferInSize,
> + BufferOut,
> + &BufferOutSize
> + );
> + if (Status == EFI_BUFFER_TOO_SMALL) {
> + FreePool (BufferOut);
> + BufferOut = AllocateZeroPool (BufferOutSize);
> + if (BufferOut == NULL) {
> + FreePool (BufferIn);
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->BuildResponsePacket (
> + HttpInstance->Tls,
> + BufferIn,
> + BufferInSize,
> + BufferOut,
> + &BufferOutSize
> + );
> + }
> +
> + FreePool (BufferIn);
> +
> + if (EFI_ERROR (Status)) {
> + FreePool (BufferOut);
> + return Status;
> + }
> +
> + if (BufferOutSize != 0) {
> + PacketOut = NetbufAlloc ((UINT32) BufferOutSize);
> + DataOut = NetbufAllocSpace (PacketOut, (UINT32) BufferOutSize,
> NET_BUF_TAIL);
> + if (DataOut == NULL) {
> + FreePool (BufferOut);
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + CopyMem (DataOut, BufferOut, BufferOutSize);
> +
> + Status = TlsCommonTransmit (HttpInstance, PacketOut);
> +
> + NetbufFree (PacketOut);
> + }
> +
> + FreePool (BufferOut);
> +
> + //
> + // Get the session state.
> + //
> + GetSessionDataBufferSize = DEF_BUF_LEN;
> + GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
> + if (GetSessionDataBuffer == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->GetSessionData (
> + HttpInstance->Tls,
> + EfiTlsSessionState,
> + GetSessionDataBuffer,
> + &GetSessionDataBufferSize
> + );
> + if (Status == EFI_BUFFER_TOO_SMALL) {
> + FreePool (GetSessionDataBuffer);
> + GetSessionDataBuffer = AllocateZeroPool (GetSessionDataBufferSize);
> + if (GetSessionDataBuffer == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + return Status;
> + }
> +
> + Status = HttpInstance->Tls->GetSessionData (
> + HttpInstance->Tls,
> + EfiTlsSessionState,
> + GetSessionDataBuffer,
> + &GetSessionDataBufferSize
> + );
> + }
> + if (EFI_ERROR (Status)) {
> + FreePool (GetSessionDataBuffer);
> + return Status;
> + }
> +
> + ASSERT(GetSessionDataBufferSize == sizeof (EFI_TLS_SESSION_STATE));
> + HttpInstance->TlsSessionState = *(EFI_TLS_SESSION_STATE *)
> GetSessionDataBuffer;
> +
> + FreePool (GetSessionDataBuffer);
> +
> + if(HttpInstance->TlsSessionState == EfiTlsSessionError) {
> + DEBUG ((EFI_D_ERROR, "TLS Session State Error!\n"));
> + return EFI_ABORTED;
> + }
> +
> + BufferIn = NULL;
> + BufferInSize = 0;
> + }
> +
> + Fragment->Bulk = BufferIn;
> + Fragment->Len = (UINT32) BufferInSize;
> +
> + return Status;
> +}
> +
> diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h
> b/NetworkPkg/HttpDxe/HttpsSupport.h
> index fcb3aa05c1..68a6073ceb 100644
> --- a/NetworkPkg/HttpDxe/HttpsSupport.h
> +++ b/NetworkPkg/HttpDxe/HttpsSupport.h
> @@ -1,260 +1,261 @@
> -/** @file
> - The header files of miscellaneous routines specific to Https for HttpDxe
> driver.
> -
> -Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -This program and the accompanying materials
> -are licensed and made available under the terms and conditions of the BSD
> License
> -which accompanies this distribution. The full text of the license may be
> found at
> -http://opensource.org/licenses/bsd-license.php
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#ifndef __EFI_HTTPS_SUPPORT_H__
> -#define __EFI_HTTPS_SUPPORT_H__
> -
> -#define HTTPS_DEFAULT_PORT 443
> -
> -#define HTTPS_FLAG "https://"
> -
> -/**
> - Check whether the Url is from Https.
> -
> - @param[in] Url The pointer to a HTTP or HTTPS URL string.
> -
> - @retval TRUE The Url is from HTTPS.
> - @retval FALSE The Url is from HTTP.
> -
> -**/
> -BOOLEAN
> -IsHttpsUrl (
> - IN CHAR8 *Url
> - );
> -
> -/**
> - Creates a Tls child handle, open EFI_TLS_PROTOCOL and
> EFI_TLS_CONFIGURATION_PROTOCOL.
> -
> - @param[in] ImageHandle The firmware allocated handle for the UEFI
> image.
> - @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
> - @param[out] TlsConfiguration Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> -
> - @return The child handle with opened EFI_TLS_PROTOCOL and
> EFI_TLS_CONFIGURATION_PROTOCOL.
> -
> -**/
> -EFI_HANDLE
> -EFIAPI
> -TlsCreateChild (
> - IN EFI_HANDLE ImageHandle,
> - OUT EFI_TLS_PROTOCOL **TlsProto,
> - OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
> - );
> -
> -/**
> - Create event for the TLS receive and transmit tokens which are used to
> receive and
> - transmit TLS related messages.
> -
> - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> -
> - @retval EFI_SUCCESS The events are created successfully.
> - @retval others Other error as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsCreateTxRxEvent (
> - IN OUT HTTP_PROTOCOL *HttpInstance
> - );
> -
> -/**
> - Close events in the TlsTxToken and TlsRxToken.
> -
> - @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
> -
> -**/
> -VOID
> -EFIAPI
> -TlsCloseTxRxEvent (
> - IN HTTP_PROTOCOL *HttpInstance
> - );
> -
> -/**
> - Read the TlsCaCertificate variable and configure it.
> -
> - @param[in, out] HttpInstance The HTTP instance private data.
> -
> - @retval EFI_SUCCESS TlsCaCertificate is configured.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_NOT_FOUND Fail to get "TlsCaCertificate" variable.
> - @retval Others Other error as indicated.
> -
> -**/
> -EFI_STATUS
> -TlsConfigCertificate (
> - IN OUT HTTP_PROTOCOL *HttpInstance
> - );
> -
> -/**
> - Configure TLS session data.
> -
> - @param[in, out] HttpInstance The HTTP instance private data.
> -
> - @retval EFI_SUCCESS TLS session data is configured.
> - @retval Others Other error as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsConfigureSession (
> - IN OUT HTTP_PROTOCOL *HttpInstance
> - );
> -
> -/**
> - Transmit the Packet by processing the associated HTTPS token.
> -
> - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> - @param[in] Packet The packet to transmit.
> -
> - @retval EFI_SUCCESS The packet is transmitted.
> - @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_DEVICE_ERROR An unexpected system or network error
> occurred.
> - @retval Others Other errors as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsCommonTransmit (
> - IN OUT HTTP_PROTOCOL *HttpInstance,
> - IN NET_BUF *Packet
> - );
> -
> -/**
> - Receive the Packet by processing the associated HTTPS token.
> -
> - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> - @param[in] Packet The packet to transmit.
> - @param[in] Timeout The time to wait for connection done.
> -
> - @retval EFI_SUCCESS The Packet is received.
> - @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_TIMEOUT The operation is time out.
> - @retval Others Other error as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsCommonReceive (
> - IN OUT HTTP_PROTOCOL *HttpInstance,
> - IN NET_BUF *Packet,
> - IN EFI_EVENT Timeout
> - );
> -
> -/**
> - Receive one TLS PDU. An TLS PDU contains an TLS record header and it's
> - corresponding record data. These two parts will be put into two blocks of
> buffers in the
> - net buffer.
> -
> - @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> - @param[out] Pdu The received TLS PDU.
> - @param[in] Timeout The time to wait for connection done.
> -
> - @retval EFI_SUCCESS An TLS PDU is received.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.
> - @retval Others Other errors as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsReceiveOnePdu (
> - IN OUT HTTP_PROTOCOL *HttpInstance,
> - OUT NET_BUF **Pdu,
> - IN EFI_EVENT Timeout
> - );
> -
> -/**
> - Connect one TLS session by finishing the TLS handshake process.
> -
> - @param[in] HttpInstance The HTTP instance private data.
> - @param[in] Timeout The time to wait for connection done.
> -
> - @retval EFI_SUCCESS The TLS session is established.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_ABORTED TLS session state is incorrect.
> - @retval Others Other error as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsConnectSession (
> - IN HTTP_PROTOCOL *HttpInstance,
> - IN EFI_EVENT Timeout
> - );
> -
> -/**
> - Close the TLS session and send out the close notification message.
> -
> - @param[in] HttpInstance The HTTP instance private data.
> -
> - @retval EFI_SUCCESS The TLS session is closed.
> - @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval Others Other error as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsCloseSession (
> - IN HTTP_PROTOCOL *HttpInstance
> - );
> -
> -/**
> - Process one message according to the CryptMode.
> -
> - @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
> - @param[in] Message Pointer to the message buffer needed to
> processed.
> - @param[in] MessageSize Pointer to the message buffer size.
> - @param[in] ProcessMode Process mode.
> - @param[in, out] Fragment Only one Fragment returned after the
> Message is
> - processed successfully.
> -
> - @retval EFI_SUCCESS Message is processed successfully.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval Others Other errors as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsProcessMessage (
> - IN HTTP_PROTOCOL *HttpInstance,
> - IN UINT8 *Message,
> - IN UINTN MessageSize,
> - IN EFI_TLS_CRYPT_MODE ProcessMode,
> - IN OUT NET_FRAGMENT *Fragment
> - );
> -
> -/**
> - Receive one fragment decrypted from one TLS record.
> -
> - @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
> - @param[in, out] Fragment The received Fragment.
> - @param[in] Timeout The time to wait for connection done.
> -
> - @retval EFI_SUCCESS One fragment is received.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_ABORTED Something wrong decryption the message.
> - @retval Others Other errors as indicated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -HttpsReceive (
> - IN HTTP_PROTOCOL *HttpInstance,
> - IN OUT NET_FRAGMENT *Fragment,
> - IN EFI_EVENT Timeout
> - );
> -
> -#endif
> +/** @file
> + The header files of miscellaneous routines specific to Https for HttpDxe
> driver.
> +
> +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution. The full text of the license may be
> found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#ifndef __EFI_HTTPS_SUPPORT_H__
> +#define __EFI_HTTPS_SUPPORT_H__
> +
> +#define HTTPS_DEFAULT_PORT 443
> +
> +#define HTTPS_FLAG "https://"
> +
> +/**
> + Check whether the Url is from Https.
> +
> + @param[in] Url The pointer to a HTTP or HTTPS URL string.
> +
> + @retval TRUE The Url is from HTTPS.
> + @retval FALSE The Url is from HTTP.
> +
> +**/
> +BOOLEAN
> +IsHttpsUrl (
> + IN CHAR8 *Url
> + );
> +
> +/**
> + Creates a Tls child handle, open EFI_TLS_PROTOCOL and
> EFI_TLS_CONFIGURATION_PROTOCOL.
> +
> + @param[in] ImageHandle The firmware allocated handle for the UEFI
> image.
> + @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[out] TlsConfiguration Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> +
> + @return The child handle with opened EFI_TLS_PROTOCOL and
> EFI_TLS_CONFIGURATION_PROTOCOL.
> +
> +**/
> +EFI_HANDLE
> +EFIAPI
> +TlsCreateChild (
> + IN EFI_HANDLE ImageHandle,
> + OUT EFI_TLS_PROTOCOL **TlsProto,
> + OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
> + );
> +
> +/**
> + Create event for the TLS receive and transmit tokens which are used to
> receive and
> + transmit TLS related messages.
> +
> + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> +
> + @retval EFI_SUCCESS The events are created successfully.
> + @retval others Other error as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsCreateTxRxEvent (
> + IN OUT HTTP_PROTOCOL *HttpInstance
> + );
> +
> +/**
> + Close events in the TlsTxToken and TlsRxToken.
> +
> + @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsCloseTxRxEvent (
> + IN HTTP_PROTOCOL *HttpInstance
> + );
> +
> +/**
> + Read the TlsCaCertificate variable and configure it.
> +
> + @param[in, out] HttpInstance The HTTP instance private data.
> +
> + @retval EFI_SUCCESS TlsCaCertificate is configured.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_NOT_FOUND Fail to get "TlsCaCertificate" variable.
> + @retval Others Other error as indicated.
> +
> +**/
> +EFI_STATUS
> +TlsConfigCertificate (
> + IN OUT HTTP_PROTOCOL *HttpInstance
> + );
> +
> +/**
> + Configure TLS session data.
> +
> + @param[in, out] HttpInstance The HTTP instance private data.
> +
> + @retval EFI_SUCCESS TLS session data is configured.
> + @retval Others Other error as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsConfigureSession (
> + IN OUT HTTP_PROTOCOL *HttpInstance
> + );
> +
> +/**
> + Transmit the Packet by processing the associated HTTPS token.
> +
> + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> + @param[in] Packet The packet to transmit.
> +
> + @retval EFI_SUCCESS The packet is transmitted.
> + @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_DEVICE_ERROR An unexpected system or network error
> occurred.
> + @retval Others Other errors as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsCommonTransmit (
> + IN OUT HTTP_PROTOCOL *HttpInstance,
> + IN NET_BUF *Packet
> + );
> +
> +/**
> + Receive the Packet by processing the associated HTTPS token.
> +
> + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> + @param[in] Packet The packet to transmit.
> + @param[in] Timeout The time to wait for connection done.
> +
> + @retval EFI_SUCCESS The Packet is received.
> + @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_TIMEOUT The operation is time out.
> + @retval Others Other error as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsCommonReceive (
> + IN OUT HTTP_PROTOCOL *HttpInstance,
> + IN NET_BUF *Packet,
> + IN EFI_EVENT Timeout
> + );
> +
> +/**
> + Receive one TLS PDU. An TLS PDU contains an TLS record header and it's
> + corresponding record data. These two parts will be put into two blocks of
> buffers in the
> + net buffer.
> +
> + @param[in, out] HttpInstance Pointer to HTTP_PROTOCOL structure.
> + @param[out] Pdu The received TLS PDU.
> + @param[in] Timeout The time to wait for connection done.
> +
> + @retval EFI_SUCCESS An TLS PDU is received.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_PROTOCOL_ERROR An unexpected TLS packet was received.
> + @retval Others Other errors as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsReceiveOnePdu (
> + IN OUT HTTP_PROTOCOL *HttpInstance,
> + OUT NET_BUF **Pdu,
> + IN EFI_EVENT Timeout
> + );
> +
> +/**
> + Connect one TLS session by finishing the TLS handshake process.
> +
> + @param[in] HttpInstance The HTTP instance private data.
> + @param[in] Timeout The time to wait for connection done.
> +
> + @retval EFI_SUCCESS The TLS session is established.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_ABORTED TLS session state is incorrect.
> + @retval Others Other error as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsConnectSession (
> + IN HTTP_PROTOCOL *HttpInstance,
> + IN EFI_EVENT Timeout
> + );
> +
> +/**
> + Close the TLS session and send out the close notification message.
> +
> + @param[in] HttpInstance The HTTP instance private data.
> +
> + @retval EFI_SUCCESS The TLS session is closed.
> + @retval EFI_INVALID_PARAMETER HttpInstance is NULL or Packet is NULL.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval Others Other error as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsCloseSession (
> + IN HTTP_PROTOCOL *HttpInstance
> + );
> +
> +/**
> + Process one message according to the CryptMode.
> +
> + @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
> + @param[in] Message Pointer to the message buffer needed to
> processed.
> + @param[in] MessageSize Pointer to the message buffer size.
> + @param[in] ProcessMode Process mode.
> + @param[in, out] Fragment Only one Fragment returned after the
> Message is
> + processed successfully.
> +
> + @retval EFI_SUCCESS Message is processed successfully.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval Others Other errors as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsProcessMessage (
> + IN HTTP_PROTOCOL *HttpInstance,
> + IN UINT8 *Message,
> + IN UINTN MessageSize,
> + IN EFI_TLS_CRYPT_MODE ProcessMode,
> + IN OUT NET_FRAGMENT *Fragment
> + );
> +
> +/**
> + Receive one fragment decrypted from one TLS record.
> +
> + @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
> + @param[in, out] Fragment The received Fragment.
> + @param[in] Timeout The time to wait for connection done.
> +
> + @retval EFI_SUCCESS One fragment is received.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_ABORTED Something wrong decryption the message.
> + @retval Others Other errors as indicated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +HttpsReceive (
> + IN HTTP_PROTOCOL *HttpInstance,
> + IN OUT NET_FRAGMENT *Fragment,
> + IN EFI_EVENT Timeout
> + );
> +
> +#endif
> +
> diff --git a/NetworkPkg/Include/Guid/TlsAuthConfigHii.h
> b/NetworkPkg/Include/Guid/TlsAuthConfigHii.h
> index 9d21426f9f..5e5637c4c6 100644
> --- a/NetworkPkg/Include/Guid/TlsAuthConfigHii.h
> +++ b/NetworkPkg/Include/Guid/TlsAuthConfigHii.h
> @@ -1,25 +1,26 @@
> -/** @file
> - GUIDs used as HII FormSet and HII Package list GUID in TlsAuthConfigDxe
> driver.
> -
> -Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -This program and the accompanying materials are licensed and made
> available under
> -the terms and conditions of the BSD License that accompanies this
> distribution.
> -The full text of the license may be found at
> -http://opensource.org/licenses/bsd-license.php.
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#ifndef __TLS_AUTH_CONFIG_HII_GUID_H__
> -#define __TLS_AUTH_CONFIG_HII_GUID_H__
> -
> -#define TLS_AUTH_CONFIG_GUID \
> - { \
> - 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65, 0xdf }
> \
> - }
> -
> -extern EFI_GUID gTlsAuthConfigGuid;
> -
> -#endif
> +/** @file
> + GUIDs used as HII FormSet and HII Package list GUID in TlsAuthConfigDxe
> driver.
> +
> +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +This program and the accompanying materials are licensed and made
> available under
> +the terms and conditions of the BSD License that accompanies this
> distribution.
> +The full text of the license may be found at
> +http://opensource.org/licenses/bsd-license.php.
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#ifndef __TLS_AUTH_CONFIG_HII_GUID_H__
> +#define __TLS_AUTH_CONFIG_HII_GUID_H__
> +
> +#define TLS_AUTH_CONFIG_GUID \
> + { \
> + 0xb0eae4f8, 0x9a04, 0x4c6d, { 0xa7, 0x48, 0x79, 0x3d, 0xaa, 0xf, 0x65,
> 0xdf } \
> + }
> +
> +extern EFI_GUID gTlsAuthConfigGuid;
> +
> +#endif
> +
> diff --git a/NetworkPkg/Include/Guid/TlsAuthentication.h
> b/NetworkPkg/Include/Guid/TlsAuthentication.h
> index 2e800dce12..e8497be68b 100644
> --- a/NetworkPkg/Include/Guid/TlsAuthentication.h
> +++ b/NetworkPkg/Include/Guid/TlsAuthentication.h
> @@ -1,29 +1,30 @@
> -/** @file
> - This file defines TlsCaCertificate variable.
> -
> -Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -This program and the accompanying materials are licensed and made
> available under
> -the terms and conditions of the BSD License that accompanies this
> distribution.
> -The full text of the license may be found at
> -http://opensource.org/licenses/bsd-license.php.
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#ifndef __TLS_AUTHENTICATION_H__
> -#define __TLS_AUTHENTICATION_H__
> -
> -// Private variable for CA Certificate configuration
> -//
> -#define EFI_TLS_CA_CERTIFICATE_GUID \
> - { \
> - 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e,
> 0xae } \
> - }
> -
> -#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate"
> -
> -extern EFI_GUID gEfiTlsCaCertificateGuid;
> -
> -#endif
> +/** @file
> + This file defines TlsCaCertificate variable.
> +
> +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +This program and the accompanying materials are licensed and made
> available under
> +the terms and conditions of the BSD License that accompanies this
> distribution.
> +The full text of the license may be found at
> +http://opensource.org/licenses/bsd-license.php.
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#ifndef __TLS_AUTHENTICATION_H__
> +#define __TLS_AUTHENTICATION_H__
> +
> +// Private variable for CA Certificate configuration
> +//
> +#define EFI_TLS_CA_CERTIFICATE_GUID \
> + { \
> + 0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e,
> 0xae } \
> + }
> +
> +#define EFI_TLS_CA_CERTIFICATE_VARIABLE L"TlsCaCertificate"
> +
> +extern EFI_GUID gEfiTlsCaCertificateGuid;
> +
> +#endif
> +
> diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c
> b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c
> index 647bc2f01b..351656ff0c 100644
> --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c
> +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.c
> @@ -1,135 +1,135 @@
> -/** @file
> - The DriverEntryPoint for TlsAuthConfigDxe driver.
> -
> - Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -
> - This program and the accompanying materials
> - are licensed and made available under the terms and conditions of the BSD
> License
> - which accompanies this distribution. The full text of the license may be
> found at
> - http://opensource.org/licenses/bsd-license.php.
> -
> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#include "TlsAuthConfigImpl.h"
> -
> -/**
> - Unloads an image.
> -
> - @param ImageHandle Handle that identifies the image to be
> unloaded.
> -
> - @retval EFI_SUCCESS The image has been unloaded.
> - @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsAuthConfigDxeUnload (
> - IN EFI_HANDLE ImageHandle
> - )
> -{
> - EFI_STATUS Status;
> - TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
> -
> - Status = gBS->HandleProtocol (
> - ImageHandle,
> - &gEfiCallerIdGuid,
> - (VOID **) &PrivateData
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - ASSERT (PrivateData->Signature ==
> TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE);
> -
> - gBS->UninstallMultipleProtocolInterfaces (
> - &ImageHandle,
> - &gEfiCallerIdGuid,
> - PrivateData,
> - NULL
> - );
> -
> - TlsAuthConfigFormUnload (PrivateData);
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - This is the declaration of an EFI image entry point. This entry point is
> - the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
> - both device drivers and bus drivers.
> -
> - @param ImageHandle The firmware allocated handle for the UEFI
> image.
> - @param SystemTable A pointer to the EFI System Table.
> -
> - @retval EFI_SUCCESS The operation completed successfully.
> - @retval Others An unexpected error occurred.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsAuthConfigDxeDriverEntryPoint (
> - IN EFI_HANDLE ImageHandle,
> - IN EFI_SYSTEM_TABLE *SystemTable
> - )
> -{
> - EFI_STATUS Status;
> -
> - TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
> -
> - PrivateData = NULL;
> -
> - //
> - // If already started, return.
> - //
> - Status = gBS->OpenProtocol (
> - ImageHandle,
> - &gEfiCallerIdGuid,
> - NULL,
> - ImageHandle,
> - ImageHandle,
> - EFI_OPEN_PROTOCOL_TEST_PROTOCOL
> - );
> - if (!EFI_ERROR (Status)) {
> - return EFI_ALREADY_STARTED;
> - }
> -
> - //
> - // Initialize the private data structure.
> - //
> - PrivateData = AllocateZeroPool (sizeof
> (TLS_AUTH_CONFIG_PRIVATE_DATA));
> - if (PrivateData == NULL) {
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - //
> - // Initialize the HII configuration form.
> - //
> - Status = TlsAuthConfigFormInit (PrivateData);
> - if (EFI_ERROR (Status)) {
> - goto ON_ERROR;
> - }
> -
> - //
> - // Install private GUID.
> - //
> - Status = gBS->InstallMultipleProtocolInterfaces (
> - &ImageHandle,
> - &gEfiCallerIdGuid,
> - PrivateData,
> - NULL
> - );
> - if (EFI_ERROR (Status)) {
> - goto ON_ERROR;
> - }
> -
> - return EFI_SUCCESS;
> -
> -ON_ERROR:
> - TlsAuthConfigFormUnload (PrivateData);
> - FreePool (PrivateData);
> -
> - return Status;
> -}
> -
> +/** @file
> + The DriverEntryPoint for TlsAuthConfigDxe driver.
> +
> + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +
> + This program and the accompanying materials
> + are licensed and made available under the terms and conditions of the BSD
> License
> + which accompanies this distribution. The full text of the license may be
> found at
> + http://opensource.org/licenses/bsd-license.php.
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include "TlsAuthConfigImpl.h"
> +
> +/**
> + Unloads an image.
> +
> + @param ImageHandle Handle that identifies the image to be
> unloaded.
> +
> + @retval EFI_SUCCESS The image has been unloaded.
> + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image
> handle.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsAuthConfigDxeUnload (
> + IN EFI_HANDLE ImageHandle
> + )
> +{
> + EFI_STATUS Status;
> + TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
> +
> + Status = gBS->HandleProtocol (
> + ImageHandle,
> + &gEfiCallerIdGuid,
> + (VOID **) &PrivateData
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + ASSERT (PrivateData->Signature ==
> TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE);
> +
> + gBS->UninstallMultipleProtocolInterfaces (
> + &ImageHandle,
> + &gEfiCallerIdGuid,
> + PrivateData,
> + NULL
> + );
> +
> + TlsAuthConfigFormUnload (PrivateData);
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + This is the declaration of an EFI image entry point. This entry point is
> + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
> + both device drivers and bus drivers.
> +
> + @param ImageHandle The firmware allocated handle for the UEFI
> image.
> + @param SystemTable A pointer to the EFI System Table.
> +
> + @retval EFI_SUCCESS The operation completed successfully.
> + @retval Others An unexpected error occurred.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsAuthConfigDxeDriverEntryPoint (
> + IN EFI_HANDLE ImageHandle,
> + IN EFI_SYSTEM_TABLE *SystemTable
> + )
> +{
> + EFI_STATUS Status;
> +
> + TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData;
> +
> + PrivateData = NULL;
> +
> + //
> + // If already started, return.
> + //
> + Status = gBS->OpenProtocol (
> + ImageHandle,
> + &gEfiCallerIdGuid,
> + NULL,
> + ImageHandle,
> + ImageHandle,
> + EFI_OPEN_PROTOCOL_TEST_PROTOCOL
> + );
> + if (!EFI_ERROR (Status)) {
> + return EFI_ALREADY_STARTED;
> + }
> +
> + //
> + // Initialize the private data structure.
> + //
> + PrivateData = AllocateZeroPool (sizeof
> (TLS_AUTH_CONFIG_PRIVATE_DATA));
> + if (PrivateData == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + //
> + // Initialize the HII configuration form.
> + //
> + Status = TlsAuthConfigFormInit (PrivateData);
> + if (EFI_ERROR (Status)) {
> + goto ON_ERROR;
> + }
> +
> + //
> + // Install private GUID.
> + //
> + Status = gBS->InstallMultipleProtocolInterfaces (
> + &ImageHandle,
> + &gEfiCallerIdGuid,
> + PrivateData,
> + NULL
> + );
> + if (EFI_ERROR (Status)) {
> + goto ON_ERROR;
> + }
> +
> + return EFI_SUCCESS;
> +
> +ON_ERROR:
> + TlsAuthConfigFormUnload (PrivateData);
> + FreePool (PrivateData);
> +
> + return Status;
> +}
> +
> diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> index 19f095e89d..2a893689bb 100644
> --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.inf
> @@ -1,73 +1,74 @@
> -## @file
> -# Provides the capability to configure Tls Authentication in a setup browser
> -# By this module, user may change the content of TlsCaCertificate.
> -#
> -# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -# This program and the accompanying materials
> -# are licensed and made available under the terms and conditions of the
> BSD License
> -# which accompanies this distribution. The full text of the license may be
> found at
> -# http://opensource.org/licenses/bsd-license.php
> -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -#
> -##
> -
> -[Defines]
> - INF_VERSION = 0x00010005
> - BASE_NAME = TlsAuthConfigDxe
> - MODULE_UNI_FILE = TlsAuthConfigDxe.uni
> - FILE_GUID = 7ca1024f-eb17-11e5-9dba-28d2447c4829
> - MODULE_TYPE = DXE_DRIVER
> - VERSION_STRING = 1.0
> - ENTRY_POINT = TlsAuthConfigDxeDriverEntryPoint
> - UNLOAD_IMAGE = TlsAuthConfigDxeUnload
> -
> -#
> -# VALID_ARCHITECTURES = IA32 X64
> -#
> -
> -[Packages]
> - MdePkg/MdePkg.dec
> - MdeModulePkg/MdeModulePkg.dec
> - NetworkPkg/NetworkPkg.dec
> -
> -[Sources]
> - TlsAuthConfigImpl.c
> - TlsAuthConfigImpl.h
> - TlsAuthConfigNvData.h
> - TlsAuthConfigDxe.c
> - TlsAuthConfigDxeStrings.uni
> - TlsAuthConfigVfr.vfr
> -
> -[LibraryClasses]
> - BaseLib
> - BaseMemoryLib
> - MemoryAllocationLib
> - UefiLib
> - UefiBootServicesTableLib
> - UefiRuntimeServicesTableLib
> - UefiDriverEntryPoint
> - DebugLib
> - HiiLib
> - DevicePathLib
> - UefiHiiServicesLib
> - FileExplorerLib
> - PrintLib
> -
> -[Protocols]
> - gEfiDevicePathProtocolGuid ## PRODUCES
> - gEfiHiiConfigAccessProtocolGuid ## PRODUCES
> - gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES
> -
> -[Guids]
> - gTlsAuthConfigGuid ## PRODUCES ## GUID
> - gEfiCertX509Guid ## CONSUMES ## GUID # Indicate the
> cert type
> - gEfiIfrTianoGuid ## CONSUMES ## HII
> - gEfiTlsCaCertificateGuid ## PRODUCES ## GUID
> -
> -[Depex]
> - gEfiHiiConfigRoutingProtocolGuid AND
> - gEfiHiiDatabaseProtocolGuid
> -
> -[UserExtensions.TianoCore."ExtraFiles"]
> - TlsAuthConfigDxeExtra.uni
> +## @file
> +# Provides the capability to configure Tls Authentication in a setup browser
> +# By this module, user may change the content of TlsCaCertificate.
> +#
> +# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +# This program and the accompanying materials
> +# are licensed and made available under the terms and conditions of the
> BSD License
> +# which accompanies this distribution. The full text of the license may be
> found at
> +# http://opensource.org/licenses/bsd-license.php
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = TlsAuthConfigDxe
> + MODULE_UNI_FILE = TlsAuthConfigDxe.uni
> + FILE_GUID = 7ca1024f-eb17-11e5-9dba-28d2447c4829
> + MODULE_TYPE = DXE_DRIVER
> + VERSION_STRING = 1.0
> + ENTRY_POINT = TlsAuthConfigDxeDriverEntryPoint
> + UNLOAD_IMAGE = TlsAuthConfigDxeUnload
> +
> +#
> +# VALID_ARCHITECTURES = IA32 X64
> +#
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + MdeModulePkg/MdeModulePkg.dec
> + NetworkPkg/NetworkPkg.dec
> +
> +[Sources]
> + TlsAuthConfigImpl.c
> + TlsAuthConfigImpl.h
> + TlsAuthConfigNvData.h
> + TlsAuthConfigDxe.c
> + TlsAuthConfigDxeStrings.uni
> + TlsAuthConfigVfr.vfr
> +
> +[LibraryClasses]
> + BaseLib
> + BaseMemoryLib
> + MemoryAllocationLib
> + UefiLib
> + UefiBootServicesTableLib
> + UefiRuntimeServicesTableLib
> + UefiDriverEntryPoint
> + DebugLib
> + HiiLib
> + DevicePathLib
> + UefiHiiServicesLib
> + FileExplorerLib
> + PrintLib
> +
> +[Protocols]
> + gEfiDevicePathProtocolGuid ## PRODUCES
> + gEfiHiiConfigAccessProtocolGuid ## PRODUCES
> + gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES
> +
> +[Guids]
> + gTlsAuthConfigGuid ## PRODUCES ## GUID
> + gEfiCertX509Guid ## CONSUMES ## GUID # Indicate the
> cert type
> + gEfiIfrTianoGuid ## CONSUMES ## HII
> + gEfiTlsCaCertificateGuid ## PRODUCES ## GUID
> +
> +[Depex]
> + gEfiHiiConfigRoutingProtocolGuid AND
> + gEfiHiiDatabaseProtocolGuid
> +
> +[UserExtensions.TianoCore."ExtraFiles"]
> + TlsAuthConfigDxeExtra.uni
> +
> diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni
> b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni
> index f99a14f575..dcd308fda0 100644
> --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni
> +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxe.uni
> @@ -1,21 +1,21 @@
> -// /** @file
> -// Provides the capability to configure Tls Authentication in a setup browser
> -//
> -// By this module, user may change the content of TlsCaCertificate.
> -//
> -// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -//
> -// This program and the accompanying materials
> -// are licensed and made available under the terms and conditions of the
> BSD License
> -// which accompanies this distribution. The full text of the license may be
> found at
> -// http://opensource.org/licenses/bsd-license.php
> -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -//
> -// **/
> -
> -
> -#string STR_MODULE_ABSTRACT #language en-US "Provides the
> capability to configure Tls Authentication in a setup browser"
> -
> -#string STR_MODULE_DESCRIPTION #language en-US "By this module,
> user may change the content of TlsCaCertificate."
> -
> +// /** @file
> +// Provides the capability to configure Tls Authentication in a setup browser
> +//
> +// By this module, user may change the content of TlsCaCertificate.
> +//
> +// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +//
> +// This program and the accompanying materials
> +// are licensed and made available under the terms and conditions of the
> BSD License
> +// which accompanies this distribution. The full text of the license may be
> found at
> +// http://opensource.org/licenses/bsd-license.php
> +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT #language en-US "Provides the
> capability to configure Tls Authentication in a setup browser"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "By this module,
> user may change the content of TlsCaCertificate."
> +
> diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni
> b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni
> index ee4c49f15b..d284537303 100644
> --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni
> +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeExtra.uni
> @@ -1,19 +1,19 @@
> -// /** @file
> -// TlsAuthConfigDxe Localized Strings and Content
> -//
> -// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -//
> -// This program and the accompanying materials
> -// are licensed and made available under the terms and conditions of the
> BSD License
> -// which accompanies this distribution. The full text of the license may be
> found at
> -// http://opensource.org/licenses/bsd-license.php
> -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -//
> -// **/
> -
> -#string STR_PROPERTIES_MODULE_NAME
> -#language en-US
> -"TLS Auth Config DXE"
> -
> -
> +// /** @file
> +// TlsAuthConfigDxe Localized Strings and Content
> +//
> +// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +//
> +// This program and the accompanying materials
> +// are licensed and made available under the terms and conditions of the
> BSD License
> +// which accompanies this distribution. The full text of the license may be
> found at
> +// http://opensource.org/licenses/bsd-license.php
> +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +//
> +// **/
> +
> +#string STR_PROPERTIES_MODULE_NAME
> +#language en-US
> +"TLS Auth Config DXE"
> +
> +
> diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni
> b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni
> index a8f7e434c3..6ffa52df62 100644
> --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni
> +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigDxeStrings.uni
> @@ -1,39 +1,39 @@
> -/** @file
> - String definitions for Tls Authentication Configuration form.
> -
> -Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -This program and the accompanying materials
> -are licensed and made available under the terms and conditions of the BSD
> License
> -which accompanies this distribution. The full text of the license may be
> found at
> -http://opensource.org/licenses/bsd-license.php
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#langdef en-US "English"
> -
> -#string STR_TLS_AUTH_CONFIG_TITLE #language en-US "Tls Auth
> Configuration"
> -#string STR_TLS_AUTH_CONFIG_HELP #language en-US "Press
> <Enter> to select Tls Auth Configuration."
> -
> -#string STR_TLS_AUTH_CONFIG_SERVER_CA #language
> en-US "Server CA Configuration"
> -#string STR_TLS_AUTH_CONFIG_SERVER_CA_HELP #language
> en-US "Press <Enter> to configure Server CA."
> -#string STR_TLS_AUTH_CONFIG_CLIENT_CERT #language en-US
> "Client Cert Configuration"
> -#string STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP #language
> en-US "Client cert configuration is unsupported currently."
> -
> -#string STR_TLS_AUTH_CONFIG_ENROLL_CERT #language en-US
> "Enroll Cert"
> -#string STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP #language en-US
> "Press <Enter> to enroll cert."
> -#string STR_TLS_AUTH_CONFIG_DELETE_CERT #language en-US
> "Delete Cert"
> -#string STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP #language en-US
> "Press <Enter> to delete cert."
> -
> -#string STR_TLS_AUTH_CONFIG_ADD_CERT_FILE #language en-US
> "Enroll Cert Using File"
> -
> -#string STR_TLS_AUTH_CONFIG_CERT_GUID #language en-US "Cert
> GUID"
> -#string STR_TLS_AUTH_CONFIG_CERT_GUID_HELP #language en-US
> "Input digit character in 11111111-2222-3333-4444-1234567890ab format."
> -#string STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT #language en-US
> "Commit Changes and Exit"
> -#string STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT #language en-US
> "Discard Changes and Exit"
> -
> -#string STR_CERT_TYPE_PCKS_GUID #language en-US "GUID for
> CERT"
> -
> -#string STR_NULL #language en-US ""
> \ No newline at end of file
> +/** @file
> + String definitions for Tls Authentication Configuration form.
> +
> +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution. The full text of the license may be
> found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#langdef en-US "English"
> +
> +#string STR_TLS_AUTH_CONFIG_TITLE #language en-US "Tls Auth
> Configuration"
> +#string STR_TLS_AUTH_CONFIG_HELP #language en-US "Press
> <Enter> to select Tls Auth Configuration."
> +
> +#string STR_TLS_AUTH_CONFIG_SERVER_CA #language en-US
> "Server CA Configuration"
> +#string STR_TLS_AUTH_CONFIG_SERVER_CA_HELP #language en-US
> "Press <Enter> to configure Server CA."
> +#string STR_TLS_AUTH_CONFIG_CLIENT_CERT #language en-US
> "Client Cert Configuration"
> +#string STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP #language en-US
> "Client cert configuration is unsupported currently."
> +
> +#string STR_TLS_AUTH_CONFIG_ENROLL_CERT #language en-US
> "Enroll Cert"
> +#string STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP #language en-US
> "Press <Enter> to enroll cert."
> +#string STR_TLS_AUTH_CONFIG_DELETE_CERT #language en-US
> "Delete Cert"
> +#string STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP #language en-US
> "Press <Enter> to delete cert."
> +
> +#string STR_TLS_AUTH_CONFIG_ADD_CERT_FILE #language en-US
> "Enroll Cert Using File"
> +
> +#string STR_TLS_AUTH_CONFIG_CERT_GUID #language en-US "Cert
> GUID"
> +#string STR_TLS_AUTH_CONFIG_CERT_GUID_HELP #language en-US
> "Input digit character in 11111111-2222-3333-4444-1234567890ab format."
> +#string STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT #language en-US
> "Commit Changes and Exit"
> +#string STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT #language en-
> US "Discard Changes and Exit"
> +
> +#string STR_CERT_TYPE_PCKS_GUID #language en-US "GUID for
> CERT"
> +
> +#string STR_NULL #language en-US ""
> diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
> b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
> index 5b4756f16b..81f7e7d0f4 100644
> --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
> +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
> @@ -1,1688 +1,1689 @@
> -/** @file
> - The Miscellaneous Routines for TlsAuthConfigDxe driver.
> -
> -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> -
> -This program and the accompanying materials
> -are licensed and made available under the terms and conditions of the BSD
> License
> -which accompanies this distribution. The full text of the license may be
> found at
> -http://opensource.org/licenses/bsd-license.php
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#include "TlsAuthConfigImpl.h"
> -
> -VOID *mStartOpCodeHandle = NULL;
> -VOID *mEndOpCodeHandle = NULL;
> -EFI_IFR_GUID_LABEL *mStartLabel = NULL;
> -EFI_IFR_GUID_LABEL *mEndLabel = NULL;
> -
> -
> -CHAR16 mTlsAuthConfigStorageName[] =
> L"TLS_AUTH_CONFIG_IFR_NVDATA";
> -
> -TLS_AUTH_CONFIG_PRIVATE_DATA *mTlsAuthPrivateData = NULL;
> -
> -HII_VENDOR_DEVICE_PATH mTlsAuthConfigHiiVendorDevicePath = {
> - {
> - {
> - HARDWARE_DEVICE_PATH,
> - HW_VENDOR_DP,
> - {
> - (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
> - (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
> - }
> - },
> - TLS_AUTH_CONFIG_GUID
> - },
> - {
> - END_DEVICE_PATH_TYPE,
> - END_ENTIRE_DEVICE_PATH_SUBTYPE,
> - {
> - (UINT8) (END_DEVICE_PATH_LENGTH),
> - (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
> - }
> - }
> -};
> -
> -//
> -// Possible DER-encoded certificate file suffixes, end with NULL pointer.
> -//
> -CHAR16* mDerPemEncodedSuffix[] = {
> - L".cer",
> - L".der",
> - L".crt",
> - L".pem",
> - NULL
> -};
> -
> -/**
> - This code checks if the FileSuffix is one of the possible DER/PEM-encoded
> certificate suffix.
> -
> - @param[in] FileSuffix The suffix of the input certificate file
> -
> - @retval TRUE It's a DER/PEM-encoded certificate.
> - @retval FALSE It's NOT a DER/PEM-encoded certificate.
> -
> -**/
> -BOOLEAN
> -IsDerPemEncodeCertificate (
> - IN CONST CHAR16 *FileSuffix
> -)
> -{
> - UINTN Index;
> - for (Index = 0; mDerPemEncodedSuffix[Index] != NULL; Index++) {
> - if (StrCmp (FileSuffix, mDerPemEncodedSuffix[Index]) == 0) {
> - return TRUE;
> - }
> - }
> - return FALSE;
> -}
> -
> -/**
> - Worker function that prints an EFI_GUID into specified Buffer.
> -
> - @param[in] Guid Pointer to GUID to print.
> - @param[in] Buffer Buffer to print Guid into.
> - @param[in] BufferSize Size of Buffer.
> -
> - @retval Number of characters printed.
> -
> -**/
> -UINTN
> -GuidToString (
> - IN EFI_GUID *Guid,
> - IN CHAR16 *Buffer,
> - IN UINTN BufferSize
> - )
> -{
> - return UnicodeSPrint (
> - Buffer,
> - BufferSize,
> - L"%g",
> - Guid
> - );
> -}
> -
> -/**
> - List all cert in specified database by GUID in the page
> - for user to select and delete as needed.
> -
> - @param[in] PrivateData Module's private data.
> - @param[in] VariableName The variable name of the vendor's
> signature database.
> - @param[in] VendorGuid A unique identifier for the vendor.
> - @param[in] LabelNumber Label number to insert opcodes.
> - @param[in] FormId Form ID of current page.
> - @param[in] QuestionIdBase Base question id of the signature list.
> -
> - @retval EFI_SUCCESS Success to update the signature list page
> - @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources.
> -
> -**/
> -EFI_STATUS
> -UpdateDeletePage (
> - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
> - IN CHAR16 *VariableName,
> - IN EFI_GUID *VendorGuid,
> - IN UINT16 LabelNumber,
> - IN EFI_FORM_ID FormId,
> - IN EFI_QUESTION_ID QuestionIdBase
> - )
> -{
> - EFI_STATUS Status;
> - UINT32 Index;
> - UINTN CertCount;
> - UINTN GuidIndex;
> - VOID *StartOpCodeHandle;
> - VOID *EndOpCodeHandle;
> - EFI_IFR_GUID_LABEL *StartLabel;
> - EFI_IFR_GUID_LABEL *EndLabel;
> - UINTN DataSize;
> - UINT8 *Data;
> - EFI_SIGNATURE_LIST *CertList;
> - EFI_SIGNATURE_DATA *Cert;
> - UINT32 ItemDataSize;
> - CHAR16 *GuidStr;
> - EFI_STRING_ID GuidID;
> - EFI_STRING_ID Help;
> -
> - Data = NULL;
> - CertList = NULL;
> - Cert = NULL;
> - GuidStr = NULL;
> - StartOpCodeHandle = NULL;
> - EndOpCodeHandle = NULL;
> -
> - //
> - // Initialize the container for dynamic opcodes.
> - //
> - StartOpCodeHandle = HiiAllocateOpCodeHandle ();
> - if (StartOpCodeHandle == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - EndOpCodeHandle = HiiAllocateOpCodeHandle ();
> - if (EndOpCodeHandle == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - //
> - // Create Hii Extend Label OpCode.
> - //
> - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
> - StartOpCodeHandle,
> - &gEfiIfrTianoGuid,
> - NULL,
> - sizeof (EFI_IFR_GUID_LABEL)
> - );
> - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
> - StartLabel->Number = LabelNumber;
> -
> - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
> - EndOpCodeHandle,
> - &gEfiIfrTianoGuid,
> - NULL,
> - sizeof (EFI_IFR_GUID_LABEL)
> - );
> - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
> - EndLabel->Number = LABEL_END;
> -
> - //
> - // Read Variable.
> - //
> - DataSize = 0;
> - Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize,
> Data);
> - if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
> - goto ON_EXIT;
> - }
> -
> - Data = (UINT8 *) AllocateZeroPool (DataSize);
> - if (Data == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize,
> Data);
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - GuidStr = AllocateZeroPool (100);
> - if (GuidStr == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - //
> - // Enumerate all data.
> - //
> - ItemDataSize = (UINT32) DataSize;
> - CertList = (EFI_SIGNATURE_LIST *) Data;
> - GuidIndex = 0;
> -
> - while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize))
> {
> -
> - if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
> - Help = STRING_TOKEN (STR_CERT_TYPE_PCKS_GUID);
> - } else {
> - //
> - // The signature type is not supported in current implementation.
> - //
> - ItemDataSize -= CertList->SignatureListSize;
> - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList-
> >SignatureListSize);
> - continue;
> - }
> -
> - CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) -
> CertList->SignatureHeaderSize) / CertList->SignatureSize;
> - for (Index = 0; Index < CertCount; Index++) {
> - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList
> - + sizeof (EFI_SIGNATURE_LIST)
> - + CertList->SignatureHeaderSize
> - + Index * CertList->SignatureSize);
> - //
> - // Display GUID and help
> - //
> - GuidToString (&Cert->SignatureOwner, GuidStr, 100);
> - GuidID = HiiSetString (Private->RegisteredHandle, 0, GuidStr, NULL);
> - HiiCreateCheckBoxOpCode (
> - StartOpCodeHandle,
> - (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++),
> - 0,
> - 0,
> - GuidID,
> - Help,
> - EFI_IFR_FLAG_CALLBACK,
> - 0,
> - NULL
> - );
> - }
> -
> - ItemDataSize -= CertList->SignatureListSize;
> - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList-
> >SignatureListSize);
> - }
> -
> -ON_EXIT:
> - HiiUpdateForm (
> - Private->RegisteredHandle,
> - &gTlsAuthConfigGuid,
> - FormId,
> - StartOpCodeHandle,
> - EndOpCodeHandle
> - );
> -
> - if (StartOpCodeHandle != NULL) {
> - HiiFreeOpCodeHandle (StartOpCodeHandle);
> - }
> -
> - if (EndOpCodeHandle != NULL) {
> - HiiFreeOpCodeHandle (EndOpCodeHandle);
> - }
> -
> - if (Data != NULL) {
> - FreePool (Data);
> - }
> -
> - if (GuidStr != NULL) {
> - FreePool (GuidStr);
> - }
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Delete one entry from cert database.
> -
> - @param[in] PrivateData Module's private data.
> - @param[in] VariableName The variable name of the database.
> - @param[in] VendorGuid A unique identifier for the vendor.
> - @param[in] LabelNumber Label number to insert opcodes.
> - @param[in] FormId Form ID of current page.
> - @param[in] QuestionIdBase Base question id of the cert list.
> - @param[in] DeleteIndex Cert index to delete.
> -
> - @retval EFI_SUCCESS Delete siganture successfully.
> - @retval EFI_NOT_FOUND Can't find the signature item,
> - @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
> -**/
> -EFI_STATUS
> -DeleteCert (
> - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
> - IN CHAR16 *VariableName,
> - IN EFI_GUID *VendorGuid,
> - IN UINT16 LabelNumber,
> - IN EFI_FORM_ID FormId,
> - IN EFI_QUESTION_ID QuestionIdBase,
> - IN UINTN DeleteIndex
> - )
> -{
> - EFI_STATUS Status;
> - UINTN DataSize;
> - UINT8 *Data;
> - UINT8 *OldData;
> - UINT32 Attr;
> - UINT32 Index;
> - EFI_SIGNATURE_LIST *CertList;
> - EFI_SIGNATURE_LIST *NewCertList;
> - EFI_SIGNATURE_DATA *Cert;
> - UINTN CertCount;
> - UINT32 Offset;
> - BOOLEAN IsItemFound;
> - UINT32 ItemDataSize;
> - UINTN GuidIndex;
> -
> - Data = NULL;
> - OldData = NULL;
> - CertList = NULL;
> - Cert = NULL;
> - Attr = 0;
> -
> - //
> - // Get original signature list data.
> - //
> - DataSize = 0;
> - Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize,
> NULL);
> - if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
> - goto ON_EXIT;
> - }
> -
> - OldData = (UINT8 *) AllocateZeroPool (DataSize);
> - if (OldData == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - Status = gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSize,
> OldData);
> - if (EFI_ERROR(Status)) {
> - goto ON_EXIT;
> - }
> -
> - //
> - // Allocate space for new variable.
> - //
> - Data = (UINT8*) AllocateZeroPool (DataSize);
> - if (Data == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - //
> - // Enumerate all data and erasing the target item.
> - //
> - IsItemFound = FALSE;
> - ItemDataSize = (UINT32) DataSize;
> - CertList = (EFI_SIGNATURE_LIST *) OldData;
> - Offset = 0;
> - GuidIndex = 0;
> - while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize))
> {
> - if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
> - //
> - // Copy EFI_SIGNATURE_LIST header then calculate the signature count
> in this list.
> - //
> - CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) +
> CertList->SignatureHeaderSize));
> - NewCertList = (EFI_SIGNATURE_LIST*) (Data + Offset);
> - Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
> - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof
> (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
> - CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) -
> CertList->SignatureHeaderSize) / CertList->SignatureSize;
> - for (Index = 0; Index < CertCount; Index++) {
> - if (GuidIndex == DeleteIndex) {
> - //
> - // Find it! Skip it!
> - //
> - NewCertList->SignatureListSize -= CertList->SignatureSize;
> - IsItemFound = TRUE;
> - } else {
> - //
> - // This item doesn't match. Copy it to the Data buffer.
> - //
> - CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSize);
> - Offset += CertList->SignatureSize;
> - }
> - GuidIndex++;
> - Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList-
> >SignatureSize);
> - }
> - } else {
> - //
> - // This List doesn't match. Just copy it to the Data buffer.
> - //
> - CopyMem (Data + Offset, (UINT8*)(CertList), CertList->SignatureListSize);
> - Offset += CertList->SignatureListSize;
> - }
> -
> - ItemDataSize -= CertList->SignatureListSize;
> - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList-
> >SignatureListSize);
> - }
> -
> - if (!IsItemFound) {
> - //
> - // Doesn't find the signature Item!
> - //
> - Status = EFI_NOT_FOUND;
> - goto ON_EXIT;
> - }
> -
> - //
> - // Delete the EFI_SIGNATURE_LIST header if there is no signature in the list.
> - //
> - ItemDataSize = Offset;
> - CertList = (EFI_SIGNATURE_LIST *) Data;
> - Offset = 0;
> - ZeroMem (OldData, ItemDataSize);
> - while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize))
> {
> - CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) -
> CertList->SignatureHeaderSize) / CertList->SignatureSize;
> - DEBUG ((DEBUG_INFO, " CertCount = %x\n", CertCount));
> - if (CertCount != 0) {
> - CopyMem (OldData + Offset, (UINT8*)(CertList), CertList-
> >SignatureListSize);
> - Offset += CertList->SignatureListSize;
> - }
> - ItemDataSize -= CertList->SignatureListSize;
> - CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList-
> >SignatureListSize);
> - }
> -
> - DataSize = Offset;
> -
> - Status = gRT->SetVariable(
> - VariableName,
> - VendorGuid,
> - Attr,
> - DataSize,
> - OldData
> - );
> - if (EFI_ERROR (Status)) {
> - DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r\n", Status));
> - goto ON_EXIT;
> - }
> -
> -ON_EXIT:
> - if (Data != NULL) {
> - FreePool(Data);
> - }
> -
> - if (OldData != NULL) {
> - FreePool(OldData);
> - }
> -
> - return UpdateDeletePage (
> - Private,
> - VariableName,
> - VendorGuid,
> - LabelNumber,
> - FormId,
> - QuestionIdBase
> - );
> -}
> -
> -
> -/**
> - Close an open file handle.
> -
> - @param[in] FileHandle The file handle to close.
> -
> -**/
> -VOID
> -CloseFile (
> - IN EFI_FILE_HANDLE FileHandle
> - )
> -{
> - if (FileHandle != NULL) {
> - FileHandle->Close (FileHandle);
> - }
> -}
> -
> -/**
> - Read file content into BufferPtr, the size of the allocate buffer
> - is *FileSize plus AddtionAllocateSize.
> -
> - @param[in] FileHandle The file to be read.
> - @param[in, out] BufferPtr Pointers to the pointer of allocated buffer.
> - @param[out] FileSize Size of input file
> - @param[in] AddtionAllocateSize Addtion size the buffer need to be
> allocated.
> - In case the buffer need to contain others besides the
> file content.
> -
> - @retval EFI_SUCCESS The file was read into the buffer.
> - @retval EFI_INVALID_PARAMETER A parameter was invalid.
> - @retval EFI_OUT_OF_RESOURCES A memory allocation failed.
> - @retval others Unexpected error.
> -
> -**/
> -EFI_STATUS
> -ReadFileContent (
> - IN EFI_FILE_HANDLE FileHandle,
> - IN OUT VOID **BufferPtr,
> - OUT UINTN *FileSize,
> - IN UINTN AddtionAllocateSize
> - )
> -
> -{
> - UINTN BufferSize;
> - UINT64 SourceFileSize;
> - VOID *Buffer;
> - EFI_STATUS Status;
> -
> - if ((FileHandle == NULL) || (FileSize == NULL)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - Buffer = NULL;
> -
> - //
> - // Get the file size
> - //
> - Status = FileHandle->SetPosition (FileHandle, (UINT64) -1);
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - Status = FileHandle->GetPosition (FileHandle, &SourceFileSize);
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - Status = FileHandle->SetPosition (FileHandle, 0);
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - BufferSize = (UINTN) SourceFileSize + AddtionAllocateSize;
> - Buffer = AllocateZeroPool(BufferSize);
> - if (Buffer == NULL) {
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - BufferSize = (UINTN) SourceFileSize;
> - *FileSize = BufferSize;
> -
> - Status = FileHandle->Read (FileHandle, &BufferSize, Buffer);
> - if (EFI_ERROR (Status) || BufferSize != *FileSize) {
> - FreePool (Buffer);
> - Buffer = NULL;
> - Status = EFI_BAD_BUFFER_SIZE;
> - goto ON_EXIT;
> - }
> -
> -ON_EXIT:
> -
> - *BufferPtr = Buffer;
> - return Status;
> -}
> -
> -/**
> - This function will open a file or directory referenced by DevicePath.
> -
> - This function opens a file with the open mode according to the file path.
> The
> - Attributes is valid only for EFI_FILE_MODE_CREATE.
> -
> - @param[in, out] FilePath On input, the device path to the file.
> - On output, the remaining device path.
> - @param[out] FileHandle Pointer to the file handle.
> - @param[in] OpenMode The mode to open the file with.
> - @param[in] Attributes The file's file attributes.
> -
> - @retval EFI_SUCCESS The information was set.
> - @retval EFI_INVALID_PARAMETER One of the parameters has an invalid
> value.
> - @retval EFI_UNSUPPORTED Could not open the file path.
> - @retval EFI_NOT_FOUND The specified file could not be found on the
> - device or the file system could not be found on
> - the device.
> - @retval EFI_NO_MEDIA The device has no medium.
> - @retval EFI_MEDIA_CHANGED The device has a different medium in it
> or the
> - medium is no longer supported.
> - @retval EFI_DEVICE_ERROR The device reported an error.
> - @retval EFI_VOLUME_CORRUPTED The file system structures are
> corrupted.
> - @retval EFI_WRITE_PROTECTED The file or medium is write protected.
> - @retval EFI_ACCESS_DENIED The file was opened read only.
> - @retval EFI_OUT_OF_RESOURCES Not enough resources were available
> to open the
> - file.
> - @retval EFI_VOLUME_FULL The volume is full.
> -**/
> -EFI_STATUS
> -EFIAPI
> -OpenFileByDevicePath (
> - IN OUT EFI_DEVICE_PATH_PROTOCOL **FilePath,
> - OUT EFI_FILE_HANDLE *FileHandle,
> - IN UINT64 OpenMode,
> - IN UINT64 Attributes
> - )
> -{
> - EFI_STATUS Status;
> - EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol;
> - EFI_FILE_PROTOCOL *Handle1;
> - EFI_FILE_PROTOCOL *Handle2;
> - EFI_HANDLE DeviceHandle;
> -
> - if ((FilePath == NULL || FileHandle == NULL)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - Status = gBS->LocateDevicePath (
> - &gEfiSimpleFileSystemProtocolGuid,
> - FilePath,
> - &DeviceHandle
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - Status = gBS->OpenProtocol(
> - DeviceHandle,
> - &gEfiSimpleFileSystemProtocolGuid,
> - (VOID**)&EfiSimpleFileSystemProtocol,
> - gImageHandle,
> - NULL,
> - EFI_OPEN_PROTOCOL_GET_PROTOCOL
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - Status = EfiSimpleFileSystemProtocol-
> >OpenVolume(EfiSimpleFileSystemProtocol, &Handle1);
> - if (EFI_ERROR (Status)) {
> - FileHandle = NULL;
> - return Status;
> - }
> -
> - //
> - // go down directories one node at a time.
> - //
> - while (!IsDevicePathEnd (*FilePath)) {
> - //
> - // For file system access each node should be a file path component
> - //
> - if (DevicePathType (*FilePath) != MEDIA_DEVICE_PATH ||
> - DevicePathSubType (*FilePath) != MEDIA_FILEPATH_DP
> - ) {
> - FileHandle = NULL;
> - return (EFI_INVALID_PARAMETER);
> - }
> - //
> - // Open this file path node
> - //
> - Handle2 = Handle1;
> - Handle1 = NULL;
> -
> - //
> - // Try to test opening an existing file
> - //
> - Status = Handle2->Open (
> - Handle2,
> - &Handle1,
> - ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
> - OpenMode &~EFI_FILE_MODE_CREATE,
> - 0
> - );
> -
> - //
> - // see if the error was that it needs to be created
> - //
> - if ((EFI_ERROR (Status)) && (OpenMode != (OpenMode
> &~EFI_FILE_MODE_CREATE))) {
> - Status = Handle2->Open (
> - Handle2,
> - &Handle1,
> - ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
> - OpenMode,
> - Attributes
> - );
> - }
> - //
> - // Close the last node
> - //
> - Handle2->Close (Handle2);
> -
> - if (EFI_ERROR(Status)) {
> - return (Status);
> - }
> -
> - //
> - // Get the next node
> - //
> - *FilePath = NextDevicePathNode (*FilePath);
> - }
> -
> - //
> - // This is a weak spot since if the undefined SHELL_FILE_HANDLE format
> changes this must change also!
> - //
> - *FileHandle = (VOID*)Handle1;
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - This function converts an input device structure to a Unicode string.
> -
> - @param[in] DevPath A pointer to the device path structure.
> -
> - @return A new allocated Unicode string that represents the device path.
> -
> -**/
> -CHAR16 *
> -EFIAPI
> -DevicePathToStr (
> - IN EFI_DEVICE_PATH_PROTOCOL *DevPath
> - )
> -{
> - return ConvertDevicePathToText (
> - DevPath,
> - FALSE,
> - TRUE
> - );
> -}
> -
> -
> -/**
> - Extract filename from device path. The returned buffer is allocated using
> AllocateCopyPool.
> - The caller is responsible for freeing the allocated buffer using FreePool(). If
> return NULL
> - means not enough memory resource.
> -
> - @param DevicePath Device path.
> -
> - @retval NULL Not enough memory resourece for AllocateCopyPool.
> - @retval Other A new allocated string that represents the file name.
> -
> -**/
> -CHAR16 *
> -ExtractFileNameFromDevicePath (
> - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
> - )
> -{
> - CHAR16 *String;
> - CHAR16 *MatchString;
> - CHAR16 *LastMatch;
> - CHAR16 *FileName;
> - UINTN Length;
> -
> - ASSERT(DevicePath != NULL);
> -
> - String = DevicePathToStr(DevicePath);
> - MatchString = String;
> - LastMatch = String;
> - FileName = NULL;
> -
> - while(MatchString != NULL){
> - LastMatch = MatchString + 1;
> - MatchString = StrStr(LastMatch,L"\\");
> - }
> -
> - Length = StrLen(LastMatch);
> - FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch);
> - if (FileName != NULL) {
> - *(FileName + Length) = 0;
> - }
> -
> - FreePool(String);
> -
> - return FileName;
> -}
> -
> -/**
> - Enroll a new X509 certificate into Variable.
> -
> - @param[in] PrivateData The module's private data.
> - @param[in] VariableName Variable name of CA database.
> -
> - @retval EFI_SUCCESS New X509 is enrolled successfully.
> - @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
> -
> -**/
> -EFI_STATUS
> -EnrollX509toVariable (
> - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
> - IN CHAR16 *VariableName
> - )
> -{
> - EFI_STATUS Status;
> - UINTN X509DataSize;
> - VOID *X509Data;
> - EFI_SIGNATURE_LIST *CACert;
> - EFI_SIGNATURE_DATA *CACertData;
> - VOID *Data;
> - UINTN DataSize;
> - UINTN SigDataSize;
> - UINT32 Attr;
> -
> - X509DataSize = 0;
> - SigDataSize = 0;
> - DataSize = 0;
> - X509Data = NULL;
> - CACert = NULL;
> - CACertData = NULL;
> - Data = NULL;
> -
> - Status = ReadFileContent (
> - Private->FileContext->FHandle,
> - &X509Data,
> - &X509DataSize,
> - 0
> - );
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> - ASSERT (X509Data != NULL);
> -
> - SigDataSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA)
> - 1 + X509DataSize;
> -
> - Data = AllocateZeroPool (SigDataSize);
> - if (Data == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - //
> - // Fill Certificate Database parameters.
> - //
> - CACert = (EFI_SIGNATURE_LIST*) Data;
> - CACert->SignatureListSize = (UINT32) SigDataSize;
> - CACert->SignatureHeaderSize = 0;
> - CACert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 +
> X509DataSize);
> - CopyGuid (&CACert->SignatureType, &gEfiCertX509Guid);
> -
> - CACertData = (EFI_SIGNATURE_DATA*) ((UINT8* ) CACert + sizeof
> (EFI_SIGNATURE_LIST));
> - CopyGuid (&CACertData->SignatureOwner, Private->CertGuid);
> - CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data,
> X509DataSize);
> -
> - //
> - // Check if signature database entry has been already existed.
> - // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
> - // new signature data to original variable
> - //
> - Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
> -
> - Status = gRT->GetVariable(
> - VariableName,
> - &gEfiTlsCaCertificateGuid,
> - NULL,
> - &DataSize,
> - NULL
> - );
> - if (Status == EFI_BUFFER_TOO_SMALL) {
> - Attr |= EFI_VARIABLE_APPEND_WRITE;
> - } else if (Status != EFI_NOT_FOUND) {
> - goto ON_EXIT;
> - }
> -
> - Status = gRT->SetVariable(
> - VariableName,
> - &gEfiTlsCaCertificateGuid,
> - Attr,
> - SigDataSize,
> - Data
> - );
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> -ON_EXIT:
> -
> - CloseFile (Private->FileContext->FHandle);
> - if (Private->FileContext->FileName != NULL) {
> - FreePool(Private->FileContext->FileName);
> - Private->FileContext->FileName = NULL;
> - }
> -
> - Private->FileContext->FHandle = NULL;
> -
> - if (Private->CertGuid != NULL) {
> - FreePool (Private->CertGuid);
> - Private->CertGuid = NULL;
> - }
> -
> - if (Data != NULL) {
> - FreePool (Data);
> - }
> -
> - if (X509Data != NULL) {
> - FreePool (X509Data);
> - }
> -
> - return Status;
> -}
> -
> -/**
> - Enroll Cert into TlsCaCertificate. The GUID will be Private->CertGuid.
> -
> - @param[in] PrivateData The module's private data.
> - @param[in] VariableName Variable name of signature database.
> -
> - @retval EFI_SUCCESS New Cert enrolled successfully.
> - @retval EFI_INVALID_PARAMETER The parameter is invalid.
> - @retval EFI_UNSUPPORTED The Cert file is unsupported type.
> - @retval others Fail to enroll Cert data.
> -
> -**/
> -EFI_STATUS
> -EnrollCertDatabase (
> - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
> - IN CHAR16 *VariableName
> - )
> -{
> - UINT16* FilePostFix;
> - UINTN NameLength;
> -
> - if ((Private->FileContext->FileName == NULL) || (Private->FileContext-
> >FHandle == NULL) || (Private->CertGuid == NULL)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - //
> - // Parse the file's postfix.
> - //
> - NameLength = StrLen (Private->FileContext->FileName);
> - if (NameLength <= 4) {
> - return EFI_INVALID_PARAMETER;
> - }
> - FilePostFix = Private->FileContext->FileName + NameLength - 4;
> -
> - if (IsDerPemEncodeCertificate (FilePostFix)) {
> - //
> - // Supports DER-encoded X509 certificate.
> - //
> - return EnrollX509toVariable (Private, VariableName);
> - }
> -
> - return EFI_UNSUPPORTED;
> -}
> -
> -/**
> - Refresh the global UpdateData structure.
> -
> -**/
> -VOID
> -RefreshUpdateData (
> - VOID
> - )
> -{
> - //
> - // Free current updated date
> - //
> - if (mStartOpCodeHandle != NULL) {
> - HiiFreeOpCodeHandle (mStartOpCodeHandle);
> - }
> -
> - //
> - // Create new OpCode Handle
> - //
> - mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
> -
> - //
> - // Create Hii Extend Label OpCode as the start opcode
> - //
> - mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
> - mStartOpCodeHandle,
> - &gEfiIfrTianoGuid,
> - NULL,
> - sizeof (EFI_IFR_GUID_LABEL)
> - );
> - mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
> -}
> -
> -/**
> - Clean up the dynamic opcode at label and form specified by both LabelId.
> -
> - @param[in] LabelId It is both the Form ID and Label ID for opcode
> deletion.
> - @param[in] PrivateData Module private data.
> -
> -**/
> -VOID
> -CleanUpPage (
> - IN UINT16 LabelId,
> - IN TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData
> - )
> -{
> - RefreshUpdateData ();
> -
> - //
> - // Remove all op-codes from dynamic page
> - //
> - mStartLabel->Number = LabelId;
> - HiiUpdateForm (
> - PrivateData->RegisteredHandle,
> - &gTlsAuthConfigGuid,
> - LabelId,
> - mStartOpCodeHandle, // Label LabelId
> - mEndOpCodeHandle // LABEL_END
> - );
> -}
> -
> -/**
> - Update the form base on the selected file.
> -
> - @param FilePath Point to the file path.
> - @param FormId The form need to display.
> -
> - @retval TRUE Exit caller function.
> - @retval FALSE Not exit caller function.
> -
> -**/
> -BOOLEAN
> -UpdatePage(
> - IN EFI_DEVICE_PATH_PROTOCOL *FilePath,
> - IN EFI_FORM_ID FormId
> - )
> -{
> - CHAR16 *FileName;
> - EFI_STRING_ID StringToken;
> -
> - FileName = NULL;
> -
> - if (FilePath != NULL) {
> - FileName = ExtractFileNameFromDevicePath(FilePath);
> - }
> - if (FileName == NULL) {
> - //
> - // FileName = NULL has two case:
> - // 1. FilePath == NULL, not select file.
> - // 2. FilePath != NULL, but ExtractFileNameFromDevicePath return NULL
> not enough memory resource.
> - // In these two case, no need to update the form, and exit the caller
> function.
> - //
> - return TRUE;
> - }
> - StringToken = HiiSetString (mTlsAuthPrivateData->RegisteredHandle, 0,
> FileName, NULL);
> -
> - mTlsAuthPrivateData->FileContext->FileName = FileName;
> -
> - OpenFileByDevicePath (
> - &FilePath,
> - &mTlsAuthPrivateData->FileContext->FHandle,
> - EFI_FILE_MODE_READ,
> - 0
> - );
> - //
> - // Create Subtitle op-code for the display string of the option.
> - //
> - RefreshUpdateData ();
> - mStartLabel->Number = FormId;
> -
> - HiiCreateSubTitleOpCode (
> - mStartOpCodeHandle,
> - StringToken,
> - 0,
> - 0,
> - 0
> - );
> -
> - HiiUpdateForm (
> - mTlsAuthPrivateData->RegisteredHandle,
> - &gTlsAuthConfigGuid,
> - FormId,
> - mStartOpCodeHandle, /// Label FormId
> - mEndOpCodeHandle /// LABEL_END
> - );
> -
> - return TRUE;
> -}
> -
> -/**
> - Update the form base on the input file path info.
> -
> - @param FilePath Point to the file path.
> -
> - @retval TRUE Exit caller function.
> - @retval FALSE Not exit caller function.
> -**/
> -BOOLEAN
> -EFIAPI
> -UpdateCAFromFile (
> - IN EFI_DEVICE_PATH_PROTOCOL *FilePath
> - )
> -{
> - return UpdatePage(FilePath, TLS_AUTH_CONFIG_FORMID4_FORM);
> -}
> -
> -/**
> - Unload the configuration form, this includes: delete all the configuration
> - entries, uninstall the form callback protocol, and free the resources used.
> -
> - @param[in] Private Pointer to the driver private data.
> -
> - @retval EFI_SUCCESS The configuration form is unloaded.
> - @retval Others Failed to unload the form.
> -
> -**/
> -EFI_STATUS
> -TlsAuthConfigFormUnload (
> - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
> - )
> -{
> - if (Private->DriverHandle != NULL) {
> - //
> - // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL
> - //
> - gBS->UninstallMultipleProtocolInterfaces (
> - Private->DriverHandle,
> - &gEfiDevicePathProtocolGuid,
> - &mTlsAuthConfigHiiVendorDevicePath,
> - &gEfiHiiConfigAccessProtocolGuid,
> - &Private->ConfigAccess,
> - NULL
> - );
> - Private->DriverHandle = NULL;
> - }
> -
> - if (Private->RegisteredHandle != NULL) {
> - //
> - // Remove HII package list
> - //
> - HiiRemovePackages (Private->RegisteredHandle);
> - Private->RegisteredHandle = NULL;
> - }
> -
> - if (Private->CertGuid != NULL) {
> - FreePool (Private->CertGuid);
> - }
> -
> - if (Private->FileContext != NULL) {
> - FreePool (Private->FileContext);
> - }
> -
> - FreePool (Private);
> -
> - if (mStartOpCodeHandle != NULL) {
> - HiiFreeOpCodeHandle (mStartOpCodeHandle);
> - }
> -
> - if (mEndOpCodeHandle != NULL) {
> - HiiFreeOpCodeHandle (mEndOpCodeHandle);
> - }
> -
> - return EFI_SUCCESS;
> -}
> -
> -
> -/**
> - Initialize the configuration form.
> -
> - @param[in] Private Pointer to the driver private data.
> -
> - @retval EFI_SUCCESS The configuration form is initialized.
> - @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
> -
> -**/
> -EFI_STATUS
> -TlsAuthConfigFormInit (
> - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
> - )
> -{
> - EFI_STATUS Status;
> -
> - Private->Signature = TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE;
> -
> - Private->ConfigAccess.ExtractConfig = TlsAuthConfigAccessExtractConfig;
> - Private->ConfigAccess.RouteConfig = TlsAuthConfigAccessRouteConfig;
> - Private->ConfigAccess.Callback = TlsAuthConfigAccessCallback;
> -
> - //
> - // Install Device Path Protocol and Config Access protocol to driver handle.
> - //
> - Status = gBS->InstallMultipleProtocolInterfaces (
> - &Private->DriverHandle,
> - &gEfiDevicePathProtocolGuid,
> - &mTlsAuthConfigHiiVendorDevicePath,
> - &gEfiHiiConfigAccessProtocolGuid,
> - &Private->ConfigAccess,
> - NULL
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - //
> - // Publish our HII data.
> - //
> - Private->RegisteredHandle = HiiAddPackages (
> - &gTlsAuthConfigGuid,
> - Private->DriverHandle,
> - TlsAuthConfigDxeStrings,
> - TlsAuthConfigVfrBin,
> - NULL
> - );
> - if (Private->RegisteredHandle == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto Error;
> - }
> -
> - Private->FileContext = AllocateZeroPool (sizeof
> (TLS_AUTH_CONFIG_FILE_CONTEXT));
> - if (Private->FileContext == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto Error;
> - }
> -
> - //
> - // Init OpCode Handle and Allocate space for creation of Buffer
> - //
> - mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
> - if (mStartOpCodeHandle == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto Error;
> - }
> -
> - mEndOpCodeHandle = HiiAllocateOpCodeHandle ();
> - if (mEndOpCodeHandle == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto Error;
> - }
> -
> - //
> - // Create Hii Extend Label OpCode as the start opcode
> - //
> - mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
> - mStartOpCodeHandle,
> - &gEfiIfrTianoGuid,
> - NULL,
> - sizeof (EFI_IFR_GUID_LABEL)
> - );
> - mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
> -
> - //
> - // Create Hii Extend Label OpCode as the end opcode
> - //
> - mEndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
> - mEndOpCodeHandle,
> - &gEfiIfrTianoGuid,
> - NULL,
> - sizeof (EFI_IFR_GUID_LABEL)
> - );
> - mEndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
> - mEndLabel->Number = LABEL_END;
> -
> - return EFI_SUCCESS;
> -
> -Error:
> - TlsAuthConfigFormUnload (Private);
> - return Status;
> -}
> -
> -/**
> -
> - This function allows the caller to request the current
> - configuration for one or more named elements. The resulting
> - string is in <ConfigAltResp> format. Any and all alternative
> - configuration strings shall also be appended to the end of the
> - current configuration string. If they are, they must appear
> - after the current configuration. They must contain the same
> - routing (GUID, NAME, PATH) as the current configuration string.
> - They must have an additional description indicating the type of
> - alternative configuration the string represents,
> - "ALTCFG=<StringToken>". That <StringToken> (when
> - converted from Hex UNICODE to binary) is a reference to a
> - string in the associated string pack.
> -
> - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
> -
> - @param Request A null-terminated Unicode string in
> - <ConfigRequest> format. Note that this
> - includes the routing information as well as
> - the configurable name / value pairs. It is
> - invalid for this string to be in
> - <MultiConfigRequest> format.
> - If a NULL is passed in for the Request field,
> - all of the settings being abstracted by this function
> - will be returned in the Results field. In addition,
> - if a ConfigHdr is passed in with no request elements,
> - all of the settings being abstracted for that particular
> - ConfigHdr reference will be returned in the Results Field.
> -
> - @param Progress On return, points to a character in the
> - Request string. Points to the string's null
> - terminator if request was successful. Points
> - to the most recent "&" before the first
> - failing name / value pair (or the beginning
> - of the string if the failure is in the first
> - name / value pair) if the request was not
> - successful.
> -
> - @param Results A null-terminated Unicode string in
> - <MultiConfigAltResp> format which has all values
> - filled in for the names in the Request string.
> - String to be allocated by the called function.
> -
> - @retval EFI_SUCCESS The Results string is filled with the
> - values corresponding to all requested
> - names.
> -
> - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
> - parts of the results that must be
> - stored awaiting possible future
> - protocols.
> -
> - @retval EFI_NOT_FOUND Routing data doesn't match any
> - known driver. Progress set to the
> - first character in the routing header.
> - Note: There is no requirement that the
> - driver validate the routing data. It
> - must skip the <ConfigHdr> in order to
> - process the names.
> -
> - @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
> - to most recent "&" before the
> - error or the beginning of the
> - string.
> -
> - @retval EFI_INVALID_PARAMETER Unknown name. Progress points
> - to the & before the name in
> - question.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsAuthConfigAccessExtractConfig (
> - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
> - IN CONST EFI_STRING Request,
> - OUT EFI_STRING *Progress,
> - OUT EFI_STRING *Results
> - )
> -{
> - EFI_STATUS Status;
> - UINTN BufferSize;
> - UINTN Size;
> - EFI_STRING ConfigRequest;
> - EFI_STRING ConfigRequestHdr;
> - TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
> - BOOLEAN AllocatedRequest;
> -
> - if (Progress == NULL || Results == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - AllocatedRequest = FALSE;
> - ConfigRequestHdr = NULL;
> - ConfigRequest = NULL;
> - Size = 0;
> -
> - Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
> -
> - BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
> - ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);
> -
> - *Progress = Request;
> -
> - if ((Request != NULL) && !HiiIsConfigHdrMatch (Request,
> &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {
> - return EFI_NOT_FOUND;
> - }
> -
> - ConfigRequest = Request;
> - if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {
> - //
> - // Request is set to NULL or OFFSET is NULL, construct full request string.
> - //
> - // Allocate and fill a buffer large enough to hold the <ConfigHdr> template
> - // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW"
> followed by a Null-terminator
> - //
> - ConfigRequestHdr = HiiConstructConfigHdr (&gTlsAuthConfigGuid,
> mTlsAuthConfigStorageName, Private->DriverHandle);
> - Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
> - ConfigRequest = AllocateZeroPool (Size);
> - ASSERT (ConfigRequest != NULL);
> - AllocatedRequest = TRUE;
> - UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX",
> ConfigRequestHdr, (UINT64)BufferSize);
> - FreePool (ConfigRequestHdr);
> - ConfigRequestHdr = NULL;
> - }
> -
> - Status = gHiiConfigRouting->BlockToConfig (
> - gHiiConfigRouting,
> - ConfigRequest,
> - (UINT8 *) &Private->TlsAuthConfigNvData,
> - BufferSize,
> - Results,
> - Progress
> - );
> -
> - //
> - // Free the allocated config request string.
> - //
> - if (AllocatedRequest) {
> - FreePool (ConfigRequest);
> - }
> -
> - //
> - // Set Progress string to the original request string.
> - //
> - if (Request == NULL) {
> - *Progress = NULL;
> - } else if (StrStr (Request, L"OFFSET") == NULL) {
> - *Progress = Request + StrLen (Request);
> - }
> -
> - return Status;
> -}
> -
> -/**
> -
> - This function applies changes in a driver's configuration.
> - Input is a Configuration, which has the routing data for this
> - driver followed by name / value configuration pairs. The driver
> - must apply those pairs to its configurable storage. If the
> - driver's configuration is stored in a linear block of data
> - and the driver's name / value pairs are in <BlockConfig>
> - format, it may use the ConfigToBlock helper function (above) to
> - simplify the job.
> -
> - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
> -
> - @param Configuration A null-terminated Unicode string in
> - <ConfigString> format.
> -
> - @param Progress A pointer to a string filled in with the
> - offset of the most recent '&' before the
> - first failing name / value pair (or the
> - beginn ing of the string if the failure
> - is in the first name / value pair) or
> - the terminating NULL if all was
> - successful.
> -
> - @retval EFI_SUCCESS The results have been distributed or are
> - awaiting distribution.
> -
> - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
> - parts of the results that must be
> - stored awaiting possible future
> - protocols.
> -
> - @retval EFI_INVALID_PARAMETERS Passing in a NULL for the
> - Results parameter would result
> - in this type of error.
> -
> - @retval EFI_NOT_FOUND Target for the specified routing data
> - was not found
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsAuthConfigAccessRouteConfig (
> - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
> - IN CONST EFI_STRING Configuration,
> - OUT EFI_STRING *Progress
> - )
> -{
> - EFI_STATUS Status;
> - UINTN BufferSize;
> - TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
> -
> - if (Progress == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> - *Progress = Configuration;
> -
> - if (Configuration == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - //
> - // Check routing data in <ConfigHdr>.
> - // Note: there is no name for Name/Value storage, only GUID will be
> checked
> - //
> - if (!HiiIsConfigHdrMatch (Configuration, &gTlsAuthConfigGuid,
> mTlsAuthConfigStorageName)) {
> - return EFI_NOT_FOUND;
> - }
> -
> - Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
> -
> - BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
> - ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);
> -
> - Status = gHiiConfigRouting->ConfigToBlock (
> - gHiiConfigRouting,
> - Configuration,
> - (UINT8 *) &Private->TlsAuthConfigNvData,
> - &BufferSize,
> - Progress
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - return Status;
> -}
> -
> -/**
> -
> - This function is called to provide results data to the driver.
> - This data consists of a unique key that is used to identify
> - which data is either being passed back or being asked for.
> -
> - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
> - @param Action Specifies the type of action taken by the browser.
> - @param QuestionId A unique value which is sent to the original
> - exporting driver so that it can identify the type
> - of data to expect. The format of the data tends to
> - vary based on the opcode that generated the callback.
> - @param Type The type of value for the question.
> - @param Value A pointer to the data being sent to the original
> - exporting driver.
> - @param ActionRequest On return, points to the action requested by
> the
> - callback function.
> -
> - @retval EFI_SUCCESS The callback successfully handled the action.
> - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold
> the
> - variable and its data.
> - @retval EFI_DEVICE_ERROR The variable could not be saved.
> - @retval EFI_UNSUPPORTED The specified Action is not supported by
> the
> - callback.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsAuthConfigAccessCallback (
> - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
> - IN EFI_BROWSER_ACTION Action,
> - IN EFI_QUESTION_ID QuestionId,
> - IN UINT8 Type,
> - IN OUT EFI_IFR_TYPE_VALUE *Value,
> - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
> - )
> -{
> - EFI_INPUT_KEY Key;
> - EFI_STATUS Status;
> - RETURN_STATUS RStatus;
> - TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
> - UINTN BufferSize;
> - TLS_AUTH_CONFIG_IFR_NVDATA *IfrNvData;
> - UINT16 LabelId;
> - EFI_DEVICE_PATH_PROTOCOL *File;
> -
> - Status = EFI_SUCCESS;
> - File = NULL;
> -
> - if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
> -
> - mTlsAuthPrivateData = Private;
> -
> - //
> - // Retrieve uncommitted data from Browser
> - //
> - BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
> - IfrNvData = AllocateZeroPool (BufferSize);
> - if (IfrNvData == NULL) {
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - HiiGetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName,
> BufferSize, (UINT8 *) IfrNvData);
> -
> - if ((Action != EFI_BROWSER_ACTION_CHANGED) &&
> - (Action != EFI_BROWSER_ACTION_CHANGING)) {
> - Status = EFI_UNSUPPORTED;
> - goto EXIT;
> - }
> -
> - if (Action == EFI_BROWSER_ACTION_CHANGING) {
> - switch (QuestionId) {
> - case KEY_TLS_AUTH_CONFIG_CLIENT_CERT:
> - case KEY_TLS_AUTH_CONFIG_SERVER_CA:
> - //
> - // Clear Cert GUID.
> - //
> - ZeroMem (IfrNvData->CertGuid, sizeof (IfrNvData->CertGuid));
> - if (Private->CertGuid == NULL) {
> - Private->CertGuid = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID));
> - if (Private->CertGuid == NULL) {
> - return EFI_OUT_OF_RESOURCES;
> - }
> - }
> - if (QuestionId == KEY_TLS_AUTH_CONFIG_CLIENT_CERT) {
> - LabelId = TLS_AUTH_CONFIG_FORMID3_FORM;
> - } else {
> - LabelId = TLS_AUTH_CONFIG_FORMID4_FORM;
> - }
> -
> - //
> - // Refresh selected file.
> - //
> - CleanUpPage (LabelId, Private);
> - break;
> - case KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE:
> - ChooseFile( NULL, NULL, UpdateCAFromFile, &File);
> - break;
> -
> - case KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT:
> - Status = EnrollCertDatabase (Private,
> EFI_TLS_CA_CERTIFICATE_VARIABLE);
> - if (EFI_ERROR (Status)) {
> - CreatePopUp (
> - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
> - &Key,
> - L"ERROR: Enroll Cert Failure!",
> - NULL
> - );
> - }
> - break;
> -
> - case KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT:
> - if (Private->FileContext->FHandle != NULL) {
> - CloseFile (Private->FileContext->FHandle);
> - Private->FileContext->FHandle = NULL;
> - if (Private->FileContext->FileName!= NULL){
> - FreePool(Private->FileContext->FileName);
> - Private->FileContext->FileName = NULL;
> - }
> - }
> -
> - if (Private->CertGuid!= NULL) {
> - FreePool (Private->CertGuid);
> - Private->CertGuid = NULL;
> - }
> - break;
> -
> - case KEY_TLS_AUTH_CONFIG_DELETE_CERT:
> - UpdateDeletePage (
> - Private,
> - EFI_TLS_CA_CERTIFICATE_VARIABLE,
> - &gEfiTlsCaCertificateGuid,
> - LABEL_CA_DELETE,
> - TLS_AUTH_CONFIG_FORMID5_FORM,
> - OPTION_DEL_CA_ESTION_ID
> - );
> - break;
> -
> - default:
> - if ((QuestionId >= OPTION_DEL_CA_ESTION_ID) &&
> - (QuestionId < (OPTION_DEL_CA_ESTION_ID +
> OPTION_CONFIG_RANGE))) {
> - DeleteCert (
> - Private,
> - EFI_TLS_CA_CERTIFICATE_VARIABLE,
> - &gEfiTlsCaCertificateGuid,
> - LABEL_CA_DELETE,
> - TLS_AUTH_CONFIG_FORMID5_FORM,
> - OPTION_DEL_CA_ESTION_ID,
> - QuestionId - OPTION_DEL_CA_ESTION_ID
> - );
> - }
> - break;
> - }
> - } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
> - switch (QuestionId) {
> - case KEY_TLS_AUTH_CONFIG_CERT_GUID:
> - ASSERT (Private->CertGuid != NULL);
> - RStatus = StrToGuid (
> - IfrNvData->CertGuid,
> - Private->CertGuid
> - );
> - if (RETURN_ERROR (RStatus) || (IfrNvData-
> >CertGuid[GUID_STRING_LENGTH] != L'\0')) {
> - Status = EFI_INVALID_PARAMETER;
> - break;
> - }
> -
> - *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
> - break;
> - default:
> - break;
> - }
> - }
> -
> -EXIT:
> -
> - if (!EFI_ERROR (Status)) {
> - BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
> - HiiSetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName,
> BufferSize, (UINT8*) IfrNvData, NULL);
> - }
> -
> - FreePool (IfrNvData);
> -
> - if (File != NULL){
> - FreePool(File);
> - File = NULL;
> - }
> -
> - return EFI_SUCCESS;
> -
> -}
> +/** @file
> + The Miscellaneous Routines for TlsAuthConfigDxe driver.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution. The full text of the license may be
> found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include "TlsAuthConfigImpl.h"
> +
> +VOID *mStartOpCodeHandle = NULL;
> +VOID *mEndOpCodeHandle = NULL;
> +EFI_IFR_GUID_LABEL *mStartLabel = NULL;
> +EFI_IFR_GUID_LABEL *mEndLabel = NULL;
> +
> +
> +CHAR16 mTlsAuthConfigStorageName[] =
> L"TLS_AUTH_CONFIG_IFR_NVDATA";
> +
> +TLS_AUTH_CONFIG_PRIVATE_DATA *mTlsAuthPrivateData = NULL;
> +
> +HII_VENDOR_DEVICE_PATH mTlsAuthConfigHiiVendorDevicePath = {
> + {
> + {
> + HARDWARE_DEVICE_PATH,
> + HW_VENDOR_DP,
> + {
> + (UINT8) (sizeof (VENDOR_DEVICE_PATH)),
> + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
> + }
> + },
> + TLS_AUTH_CONFIG_GUID
> + },
> + {
> + END_DEVICE_PATH_TYPE,
> + END_ENTIRE_DEVICE_PATH_SUBTYPE,
> + {
> + (UINT8) (END_DEVICE_PATH_LENGTH),
> + (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
> + }
> + }
> +};
> +
> +//
> +// Possible DER-encoded certificate file suffixes, end with NULL pointer.
> +//
> +CHAR16* mDerPemEncodedSuffix[] = {
> + L".cer",
> + L".der",
> + L".crt",
> + L".pem",
> + NULL
> +};
> +
> +/**
> + This code checks if the FileSuffix is one of the possible DER/PEM-encoded
> certificate suffix.
> +
> + @param[in] FileSuffix The suffix of the input certificate file
> +
> + @retval TRUE It's a DER/PEM-encoded certificate.
> + @retval FALSE It's NOT a DER/PEM-encoded certificate.
> +
> +**/
> +BOOLEAN
> +IsDerPemEncodeCertificate (
> + IN CONST CHAR16 *FileSuffix
> +)
> +{
> + UINTN Index;
> + for (Index = 0; mDerPemEncodedSuffix[Index] != NULL; Index++) {
> + if (StrCmp (FileSuffix, mDerPemEncodedSuffix[Index]) == 0) {
> + return TRUE;
> + }
> + }
> + return FALSE;
> +}
> +
> +/**
> + Worker function that prints an EFI_GUID into specified Buffer.
> +
> + @param[in] Guid Pointer to GUID to print.
> + @param[in] Buffer Buffer to print Guid into.
> + @param[in] BufferSize Size of Buffer.
> +
> + @retval Number of characters printed.
> +
> +**/
> +UINTN
> +GuidToString (
> + IN EFI_GUID *Guid,
> + IN CHAR16 *Buffer,
> + IN UINTN BufferSize
> + )
> +{
> + return UnicodeSPrint (
> + Buffer,
> + BufferSize,
> + L"%g",
> + Guid
> + );
> +}
> +
> +/**
> + List all cert in specified database by GUID in the page
> + for user to select and delete as needed.
> +
> + @param[in] PrivateData Module's private data.
> + @param[in] VariableName The variable name of the vendor's
> signature database.
> + @param[in] VendorGuid A unique identifier for the vendor.
> + @param[in] LabelNumber Label number to insert opcodes.
> + @param[in] FormId Form ID of current page.
> + @param[in] QuestionIdBase Base question id of the signature list.
> +
> + @retval EFI_SUCCESS Success to update the signature list page
> + @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources.
> +
> +**/
> +EFI_STATUS
> +UpdateDeletePage (
> + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
> + IN CHAR16 *VariableName,
> + IN EFI_GUID *VendorGuid,
> + IN UINT16 LabelNumber,
> + IN EFI_FORM_ID FormId,
> + IN EFI_QUESTION_ID QuestionIdBase
> + )
> +{
> + EFI_STATUS Status;
> + UINT32 Index;
> + UINTN CertCount;
> + UINTN GuidIndex;
> + VOID *StartOpCodeHandle;
> + VOID *EndOpCodeHandle;
> + EFI_IFR_GUID_LABEL *StartLabel;
> + EFI_IFR_GUID_LABEL *EndLabel;
> + UINTN DataSize;
> + UINT8 *Data;
> + EFI_SIGNATURE_LIST *CertList;
> + EFI_SIGNATURE_DATA *Cert;
> + UINT32 ItemDataSize;
> + CHAR16 *GuidStr;
> + EFI_STRING_ID GuidID;
> + EFI_STRING_ID Help;
> +
> + Data = NULL;
> + CertList = NULL;
> + Cert = NULL;
> + GuidStr = NULL;
> + StartOpCodeHandle = NULL;
> + EndOpCodeHandle = NULL;
> +
> + //
> + // Initialize the container for dynamic opcodes.
> + //
> + StartOpCodeHandle = HiiAllocateOpCodeHandle ();
> + if (StartOpCodeHandle == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + EndOpCodeHandle = HiiAllocateOpCodeHandle ();
> + if (EndOpCodeHandle == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + //
> + // Create Hii Extend Label OpCode.
> + //
> + StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
> + StartOpCodeHandle,
> + &gEfiIfrTianoGuid,
> + NULL,
> + sizeof (EFI_IFR_GUID_LABEL)
> + );
> + StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
> + StartLabel->Number = LabelNumber;
> +
> + EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
> + EndOpCodeHandle,
> + &gEfiIfrTianoGuid,
> + NULL,
> + sizeof (EFI_IFR_GUID_LABEL)
> + );
> + EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
> + EndLabel->Number = LABEL_END;
> +
> + //
> + // Read Variable.
> + //
> + DataSize = 0;
> + Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize,
> Data);
> + if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
> + goto ON_EXIT;
> + }
> +
> + Data = (UINT8 *) AllocateZeroPool (DataSize);
> + if (Data == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize,
> Data);
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + GuidStr = AllocateZeroPool (100);
> + if (GuidStr == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + //
> + // Enumerate all data.
> + //
> + ItemDataSize = (UINT32) DataSize;
> + CertList = (EFI_SIGNATURE_LIST *) Data;
> + GuidIndex = 0;
> +
> + while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize))
> {
> +
> + if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
> + Help = STRING_TOKEN (STR_CERT_TYPE_PCKS_GUID);
> + } else {
> + //
> + // The signature type is not supported in current implementation.
> + //
> + ItemDataSize -= CertList->SignatureListSize;
> + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList-
> >SignatureListSize);
> + continue;
> + }
> +
> + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) -
> CertList->SignatureHeaderSize) / CertList->SignatureSize;
> + for (Index = 0; Index < CertCount; Index++) {
> + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList
> + + sizeof (EFI_SIGNATURE_LIST)
> + + CertList->SignatureHeaderSize
> + + Index * CertList->SignatureSize);
> + //
> + // Display GUID and help
> + //
> + GuidToString (&Cert->SignatureOwner, GuidStr, 100);
> + GuidID = HiiSetString (Private->RegisteredHandle, 0, GuidStr, NULL);
> + HiiCreateCheckBoxOpCode (
> + StartOpCodeHandle,
> + (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++),
> + 0,
> + 0,
> + GuidID,
> + Help,
> + EFI_IFR_FLAG_CALLBACK,
> + 0,
> + NULL
> + );
> + }
> +
> + ItemDataSize -= CertList->SignatureListSize;
> + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList-
> >SignatureListSize);
> + }
> +
> +ON_EXIT:
> + HiiUpdateForm (
> + Private->RegisteredHandle,
> + &gTlsAuthConfigGuid,
> + FormId,
> + StartOpCodeHandle,
> + EndOpCodeHandle
> + );
> +
> + if (StartOpCodeHandle != NULL) {
> + HiiFreeOpCodeHandle (StartOpCodeHandle);
> + }
> +
> + if (EndOpCodeHandle != NULL) {
> + HiiFreeOpCodeHandle (EndOpCodeHandle);
> + }
> +
> + if (Data != NULL) {
> + FreePool (Data);
> + }
> +
> + if (GuidStr != NULL) {
> + FreePool (GuidStr);
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Delete one entry from cert database.
> +
> + @param[in] PrivateData Module's private data.
> + @param[in] VariableName The variable name of the database.
> + @param[in] VendorGuid A unique identifier for the vendor.
> + @param[in] LabelNumber Label number to insert opcodes.
> + @param[in] FormId Form ID of current page.
> + @param[in] QuestionIdBase Base question id of the cert list.
> + @param[in] DeleteIndex Cert index to delete.
> +
> + @retval EFI_SUCCESS Delete siganture successfully.
> + @retval EFI_NOT_FOUND Can't find the signature item,
> + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
> +**/
> +EFI_STATUS
> +DeleteCert (
> + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
> + IN CHAR16 *VariableName,
> + IN EFI_GUID *VendorGuid,
> + IN UINT16 LabelNumber,
> + IN EFI_FORM_ID FormId,
> + IN EFI_QUESTION_ID QuestionIdBase,
> + IN UINTN DeleteIndex
> + )
> +{
> + EFI_STATUS Status;
> + UINTN DataSize;
> + UINT8 *Data;
> + UINT8 *OldData;
> + UINT32 Attr;
> + UINT32 Index;
> + EFI_SIGNATURE_LIST *CertList;
> + EFI_SIGNATURE_LIST *NewCertList;
> + EFI_SIGNATURE_DATA *Cert;
> + UINTN CertCount;
> + UINT32 Offset;
> + BOOLEAN IsItemFound;
> + UINT32 ItemDataSize;
> + UINTN GuidIndex;
> +
> + Data = NULL;
> + OldData = NULL;
> + CertList = NULL;
> + Cert = NULL;
> + Attr = 0;
> +
> + //
> + // Get original signature list data.
> + //
> + DataSize = 0;
> + Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize,
> NULL);
> + if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) {
> + goto ON_EXIT;
> + }
> +
> + OldData = (UINT8 *) AllocateZeroPool (DataSize);
> + if (OldData == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + Status = gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSize,
> OldData);
> + if (EFI_ERROR(Status)) {
> + goto ON_EXIT;
> + }
> +
> + //
> + // Allocate space for new variable.
> + //
> + Data = (UINT8*) AllocateZeroPool (DataSize);
> + if (Data == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + //
> + // Enumerate all data and erasing the target item.
> + //
> + IsItemFound = FALSE;
> + ItemDataSize = (UINT32) DataSize;
> + CertList = (EFI_SIGNATURE_LIST *) OldData;
> + Offset = 0;
> + GuidIndex = 0;
> + while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize))
> {
> + if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
> + //
> + // Copy EFI_SIGNATURE_LIST header then calculate the signature count
> in this list.
> + //
> + CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) +
> CertList->SignatureHeaderSize));
> + NewCertList = (EFI_SIGNATURE_LIST*) (Data + Offset);
> + Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList-
> >SignatureHeaderSize);
> + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof
> (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
> + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) -
> CertList->SignatureHeaderSize) / CertList->SignatureSize;
> + for (Index = 0; Index < CertCount; Index++) {
> + if (GuidIndex == DeleteIndex) {
> + //
> + // Find it! Skip it!
> + //
> + NewCertList->SignatureListSize -= CertList->SignatureSize;
> + IsItemFound = TRUE;
> + } else {
> + //
> + // This item doesn't match. Copy it to the Data buffer.
> + //
> + CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSize);
> + Offset += CertList->SignatureSize;
> + }
> + GuidIndex++;
> + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList-
> >SignatureSize);
> + }
> + } else {
> + //
> + // This List doesn't match. Just copy it to the Data buffer.
> + //
> + CopyMem (Data + Offset, (UINT8*)(CertList), CertList-
> >SignatureListSize);
> + Offset += CertList->SignatureListSize;
> + }
> +
> + ItemDataSize -= CertList->SignatureListSize;
> + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList-
> >SignatureListSize);
> + }
> +
> + if (!IsItemFound) {
> + //
> + // Doesn't find the signature Item!
> + //
> + Status = EFI_NOT_FOUND;
> + goto ON_EXIT;
> + }
> +
> + //
> + // Delete the EFI_SIGNATURE_LIST header if there is no signature in the
> list.
> + //
> + ItemDataSize = Offset;
> + CertList = (EFI_SIGNATURE_LIST *) Data;
> + Offset = 0;
> + ZeroMem (OldData, ItemDataSize);
> + while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize))
> {
> + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) -
> CertList->SignatureHeaderSize) / CertList->SignatureSize;
> + DEBUG ((DEBUG_INFO, " CertCount = %x\n", CertCount));
> + if (CertCount != 0) {
> + CopyMem (OldData + Offset, (UINT8*)(CertList), CertList-
> >SignatureListSize);
> + Offset += CertList->SignatureListSize;
> + }
> + ItemDataSize -= CertList->SignatureListSize;
> + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList-
> >SignatureListSize);
> + }
> +
> + DataSize = Offset;
> +
> + Status = gRT->SetVariable(
> + VariableName,
> + VendorGuid,
> + Attr,
> + DataSize,
> + OldData
> + );
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r\n", Status));
> + goto ON_EXIT;
> + }
> +
> +ON_EXIT:
> + if (Data != NULL) {
> + FreePool(Data);
> + }
> +
> + if (OldData != NULL) {
> + FreePool(OldData);
> + }
> +
> + return UpdateDeletePage (
> + Private,
> + VariableName,
> + VendorGuid,
> + LabelNumber,
> + FormId,
> + QuestionIdBase
> + );
> +}
> +
> +
> +/**
> + Close an open file handle.
> +
> + @param[in] FileHandle The file handle to close.
> +
> +**/
> +VOID
> +CloseFile (
> + IN EFI_FILE_HANDLE FileHandle
> + )
> +{
> + if (FileHandle != NULL) {
> + FileHandle->Close (FileHandle);
> + }
> +}
> +
> +/**
> + Read file content into BufferPtr, the size of the allocate buffer
> + is *FileSize plus AddtionAllocateSize.
> +
> + @param[in] FileHandle The file to be read.
> + @param[in, out] BufferPtr Pointers to the pointer of allocated
> buffer.
> + @param[out] FileSize Size of input file
> + @param[in] AddtionAllocateSize Addtion size the buffer need to be
> allocated.
> + In case the buffer need to contain others besides the
> file content.
> +
> + @retval EFI_SUCCESS The file was read into the buffer.
> + @retval EFI_INVALID_PARAMETER A parameter was invalid.
> + @retval EFI_OUT_OF_RESOURCES A memory allocation failed.
> + @retval others Unexpected error.
> +
> +**/
> +EFI_STATUS
> +ReadFileContent (
> + IN EFI_FILE_HANDLE FileHandle,
> + IN OUT VOID **BufferPtr,
> + OUT UINTN *FileSize,
> + IN UINTN AddtionAllocateSize
> + )
> +
> +{
> + UINTN BufferSize;
> + UINT64 SourceFileSize;
> + VOID *Buffer;
> + EFI_STATUS Status;
> +
> + if ((FileHandle == NULL) || (FileSize == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Buffer = NULL;
> +
> + //
> + // Get the file size
> + //
> + Status = FileHandle->SetPosition (FileHandle, (UINT64) -1);
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + Status = FileHandle->GetPosition (FileHandle, &SourceFileSize);
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + Status = FileHandle->SetPosition (FileHandle, 0);
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + BufferSize = (UINTN) SourceFileSize + AddtionAllocateSize;
> + Buffer = AllocateZeroPool(BufferSize);
> + if (Buffer == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + BufferSize = (UINTN) SourceFileSize;
> + *FileSize = BufferSize;
> +
> + Status = FileHandle->Read (FileHandle, &BufferSize, Buffer);
> + if (EFI_ERROR (Status) || BufferSize != *FileSize) {
> + FreePool (Buffer);
> + Buffer = NULL;
> + Status = EFI_BAD_BUFFER_SIZE;
> + goto ON_EXIT;
> + }
> +
> +ON_EXIT:
> +
> + *BufferPtr = Buffer;
> + return Status;
> +}
> +
> +/**
> + This function will open a file or directory referenced by DevicePath.
> +
> + This function opens a file with the open mode according to the file path.
> The
> + Attributes is valid only for EFI_FILE_MODE_CREATE.
> +
> + @param[in, out] FilePath On input, the device path to the file.
> + On output, the remaining device path.
> + @param[out] FileHandle Pointer to the file handle.
> + @param[in] OpenMode The mode to open the file with.
> + @param[in] Attributes The file's file attributes.
> +
> + @retval EFI_SUCCESS The information was set.
> + @retval EFI_INVALID_PARAMETER One of the parameters has an invalid
> value.
> + @retval EFI_UNSUPPORTED Could not open the file path.
> + @retval EFI_NOT_FOUND The specified file could not be found on
> the
> + device or the file system could not be found on
> + the device.
> + @retval EFI_NO_MEDIA The device has no medium.
> + @retval EFI_MEDIA_CHANGED The device has a different medium in it
> or the
> + medium is no longer supported.
> + @retval EFI_DEVICE_ERROR The device reported an error.
> + @retval EFI_VOLUME_CORRUPTED The file system structures are
> corrupted.
> + @retval EFI_WRITE_PROTECTED The file or medium is write protected.
> + @retval EFI_ACCESS_DENIED The file was opened read only.
> + @retval EFI_OUT_OF_RESOURCES Not enough resources were available
> to open the
> + file.
> + @retval EFI_VOLUME_FULL The volume is full.
> +**/
> +EFI_STATUS
> +EFIAPI
> +OpenFileByDevicePath (
> + IN OUT EFI_DEVICE_PATH_PROTOCOL **FilePath,
> + OUT EFI_FILE_HANDLE *FileHandle,
> + IN UINT64 OpenMode,
> + IN UINT64 Attributes
> + )
> +{
> + EFI_STATUS Status;
> + EFI_SIMPLE_FILE_SYSTEM_PROTOCOL *EfiSimpleFileSystemProtocol;
> + EFI_FILE_PROTOCOL *Handle1;
> + EFI_FILE_PROTOCOL *Handle2;
> + EFI_HANDLE DeviceHandle;
> +
> + if ((FilePath == NULL || FileHandle == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Status = gBS->LocateDevicePath (
> + &gEfiSimpleFileSystemProtocolGuid,
> + FilePath,
> + &DeviceHandle
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + Status = gBS->OpenProtocol(
> + DeviceHandle,
> + &gEfiSimpleFileSystemProtocolGuid,
> + (VOID**)&EfiSimpleFileSystemProtocol,
> + gImageHandle,
> + NULL,
> + EFI_OPEN_PROTOCOL_GET_PROTOCOL
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + Status = EfiSimpleFileSystemProtocol-
> >OpenVolume(EfiSimpleFileSystemProtocol, &Handle1);
> + if (EFI_ERROR (Status)) {
> + FileHandle = NULL;
> + return Status;
> + }
> +
> + //
> + // go down directories one node at a time.
> + //
> + while (!IsDevicePathEnd (*FilePath)) {
> + //
> + // For file system access each node should be a file path component
> + //
> + if (DevicePathType (*FilePath) != MEDIA_DEVICE_PATH ||
> + DevicePathSubType (*FilePath) != MEDIA_FILEPATH_DP
> + ) {
> + FileHandle = NULL;
> + return (EFI_INVALID_PARAMETER);
> + }
> + //
> + // Open this file path node
> + //
> + Handle2 = Handle1;
> + Handle1 = NULL;
> +
> + //
> + // Try to test opening an existing file
> + //
> + Status = Handle2->Open (
> + Handle2,
> + &Handle1,
> + ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
> + OpenMode &~EFI_FILE_MODE_CREATE,
> + 0
> + );
> +
> + //
> + // see if the error was that it needs to be created
> + //
> + if ((EFI_ERROR (Status)) && (OpenMode != (OpenMode
> &~EFI_FILE_MODE_CREATE))) {
> + Status = Handle2->Open (
> + Handle2,
> + &Handle1,
> + ((FILEPATH_DEVICE_PATH*)*FilePath)->PathName,
> + OpenMode,
> + Attributes
> + );
> + }
> + //
> + // Close the last node
> + //
> + Handle2->Close (Handle2);
> +
> + if (EFI_ERROR(Status)) {
> + return (Status);
> + }
> +
> + //
> + // Get the next node
> + //
> + *FilePath = NextDevicePathNode (*FilePath);
> + }
> +
> + //
> + // This is a weak spot since if the undefined SHELL_FILE_HANDLE format
> changes this must change also!
> + //
> + *FileHandle = (VOID*)Handle1;
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + This function converts an input device structure to a Unicode string.
> +
> + @param[in] DevPath A pointer to the device path structure.
> +
> + @return A new allocated Unicode string that represents the device path.
> +
> +**/
> +CHAR16 *
> +EFIAPI
> +DevicePathToStr (
> + IN EFI_DEVICE_PATH_PROTOCOL *DevPath
> + )
> +{
> + return ConvertDevicePathToText (
> + DevPath,
> + FALSE,
> + TRUE
> + );
> +}
> +
> +
> +/**
> + Extract filename from device path. The returned buffer is allocated using
> AllocateCopyPool.
> + The caller is responsible for freeing the allocated buffer using FreePool(). If
> return NULL
> + means not enough memory resource.
> +
> + @param DevicePath Device path.
> +
> + @retval NULL Not enough memory resourece for AllocateCopyPool.
> + @retval Other A new allocated string that represents the file name.
> +
> +**/
> +CHAR16 *
> +ExtractFileNameFromDevicePath (
> + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
> + )
> +{
> + CHAR16 *String;
> + CHAR16 *MatchString;
> + CHAR16 *LastMatch;
> + CHAR16 *FileName;
> + UINTN Length;
> +
> + ASSERT(DevicePath != NULL);
> +
> + String = DevicePathToStr(DevicePath);
> + MatchString = String;
> + LastMatch = String;
> + FileName = NULL;
> +
> + while(MatchString != NULL){
> + LastMatch = MatchString + 1;
> + MatchString = StrStr(LastMatch,L"\\");
> + }
> +
> + Length = StrLen(LastMatch);
> + FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch);
> + if (FileName != NULL) {
> + *(FileName + Length) = 0;
> + }
> +
> + FreePool(String);
> +
> + return FileName;
> +}
> +
> +/**
> + Enroll a new X509 certificate into Variable.
> +
> + @param[in] PrivateData The module's private data.
> + @param[in] VariableName Variable name of CA database.
> +
> + @retval EFI_SUCCESS New X509 is enrolled successfully.
> + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources.
> +
> +**/
> +EFI_STATUS
> +EnrollX509toVariable (
> + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
> + IN CHAR16 *VariableName
> + )
> +{
> + EFI_STATUS Status;
> + UINTN X509DataSize;
> + VOID *X509Data;
> + EFI_SIGNATURE_LIST *CACert;
> + EFI_SIGNATURE_DATA *CACertData;
> + VOID *Data;
> + UINTN DataSize;
> + UINTN SigDataSize;
> + UINT32 Attr;
> +
> + X509DataSize = 0;
> + SigDataSize = 0;
> + DataSize = 0;
> + X509Data = NULL;
> + CACert = NULL;
> + CACertData = NULL;
> + Data = NULL;
> +
> + Status = ReadFileContent (
> + Private->FileContext->FHandle,
> + &X509Data,
> + &X509DataSize,
> + 0
> + );
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> + ASSERT (X509Data != NULL);
> +
> + SigDataSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA)
> - 1 + X509DataSize;
> +
> + Data = AllocateZeroPool (SigDataSize);
> + if (Data == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + //
> + // Fill Certificate Database parameters.
> + //
> + CACert = (EFI_SIGNATURE_LIST*) Data;
> + CACert->SignatureListSize = (UINT32) SigDataSize;
> + CACert->SignatureHeaderSize = 0;
> + CACert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 +
> X509DataSize);
> + CopyGuid (&CACert->SignatureType, &gEfiCertX509Guid);
> +
> + CACertData = (EFI_SIGNATURE_DATA*) ((UINT8* ) CACert + sizeof
> (EFI_SIGNATURE_LIST));
> + CopyGuid (&CACertData->SignatureOwner, Private->CertGuid);
> + CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data,
> X509DataSize);
> +
> + //
> + // Check if signature database entry has been already existed.
> + // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
> + // new signature data to original variable
> + //
> + Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
> +
> + Status = gRT->GetVariable(
> + VariableName,
> + &gEfiTlsCaCertificateGuid,
> + NULL,
> + &DataSize,
> + NULL
> + );
> + if (Status == EFI_BUFFER_TOO_SMALL) {
> + Attr |= EFI_VARIABLE_APPEND_WRITE;
> + } else if (Status != EFI_NOT_FOUND) {
> + goto ON_EXIT;
> + }
> +
> + Status = gRT->SetVariable(
> + VariableName,
> + &gEfiTlsCaCertificateGuid,
> + Attr,
> + SigDataSize,
> + Data
> + );
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> +ON_EXIT:
> +
> + CloseFile (Private->FileContext->FHandle);
> + if (Private->FileContext->FileName != NULL) {
> + FreePool(Private->FileContext->FileName);
> + Private->FileContext->FileName = NULL;
> + }
> +
> + Private->FileContext->FHandle = NULL;
> +
> + if (Private->CertGuid != NULL) {
> + FreePool (Private->CertGuid);
> + Private->CertGuid = NULL;
> + }
> +
> + if (Data != NULL) {
> + FreePool (Data);
> + }
> +
> + if (X509Data != NULL) {
> + FreePool (X509Data);
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Enroll Cert into TlsCaCertificate. The GUID will be Private->CertGuid.
> +
> + @param[in] PrivateData The module's private data.
> + @param[in] VariableName Variable name of signature database.
> +
> + @retval EFI_SUCCESS New Cert enrolled successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED The Cert file is unsupported type.
> + @retval others Fail to enroll Cert data.
> +
> +**/
> +EFI_STATUS
> +EnrollCertDatabase (
> + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private,
> + IN CHAR16 *VariableName
> + )
> +{
> + UINT16* FilePostFix;
> + UINTN NameLength;
> +
> + if ((Private->FileContext->FileName == NULL) || (Private->FileContext-
> >FHandle == NULL) || (Private->CertGuid == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + //
> + // Parse the file's postfix.
> + //
> + NameLength = StrLen (Private->FileContext->FileName);
> + if (NameLength <= 4) {
> + return EFI_INVALID_PARAMETER;
> + }
> + FilePostFix = Private->FileContext->FileName + NameLength - 4;
> +
> + if (IsDerPemEncodeCertificate (FilePostFix)) {
> + //
> + // Supports DER-encoded X509 certificate.
> + //
> + return EnrollX509toVariable (Private, VariableName);
> + }
> +
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Refresh the global UpdateData structure.
> +
> +**/
> +VOID
> +RefreshUpdateData (
> + VOID
> + )
> +{
> + //
> + // Free current updated date
> + //
> + if (mStartOpCodeHandle != NULL) {
> + HiiFreeOpCodeHandle (mStartOpCodeHandle);
> + }
> +
> + //
> + // Create new OpCode Handle
> + //
> + mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
> +
> + //
> + // Create Hii Extend Label OpCode as the start opcode
> + //
> + mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
> + mStartOpCodeHandle,
> + &gEfiIfrTianoGuid,
> + NULL,
> + sizeof (EFI_IFR_GUID_LABEL)
> + );
> + mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
> +}
> +
> +/**
> + Clean up the dynamic opcode at label and form specified by both LabelId.
> +
> + @param[in] LabelId It is both the Form ID and Label ID for opcode
> deletion.
> + @param[in] PrivateData Module private data.
> +
> +**/
> +VOID
> +CleanUpPage (
> + IN UINT16 LabelId,
> + IN TLS_AUTH_CONFIG_PRIVATE_DATA *PrivateData
> + )
> +{
> + RefreshUpdateData ();
> +
> + //
> + // Remove all op-codes from dynamic page
> + //
> + mStartLabel->Number = LabelId;
> + HiiUpdateForm (
> + PrivateData->RegisteredHandle,
> + &gTlsAuthConfigGuid,
> + LabelId,
> + mStartOpCodeHandle, // Label LabelId
> + mEndOpCodeHandle // LABEL_END
> + );
> +}
> +
> +/**
> + Update the form base on the selected file.
> +
> + @param FilePath Point to the file path.
> + @param FormId The form need to display.
> +
> + @retval TRUE Exit caller function.
> + @retval FALSE Not exit caller function.
> +
> +**/
> +BOOLEAN
> +UpdatePage(
> + IN EFI_DEVICE_PATH_PROTOCOL *FilePath,
> + IN EFI_FORM_ID FormId
> + )
> +{
> + CHAR16 *FileName;
> + EFI_STRING_ID StringToken;
> +
> + FileName = NULL;
> +
> + if (FilePath != NULL) {
> + FileName = ExtractFileNameFromDevicePath(FilePath);
> + }
> + if (FileName == NULL) {
> + //
> + // FileName = NULL has two case:
> + // 1. FilePath == NULL, not select file.
> + // 2. FilePath != NULL, but ExtractFileNameFromDevicePath return NULL
> not enough memory resource.
> + // In these two case, no need to update the form, and exit the caller
> function.
> + //
> + return TRUE;
> + }
> + StringToken = HiiSetString (mTlsAuthPrivateData->RegisteredHandle, 0,
> FileName, NULL);
> +
> + mTlsAuthPrivateData->FileContext->FileName = FileName;
> +
> + OpenFileByDevicePath (
> + &FilePath,
> + &mTlsAuthPrivateData->FileContext->FHandle,
> + EFI_FILE_MODE_READ,
> + 0
> + );
> + //
> + // Create Subtitle op-code for the display string of the option.
> + //
> + RefreshUpdateData ();
> + mStartLabel->Number = FormId;
> +
> + HiiCreateSubTitleOpCode (
> + mStartOpCodeHandle,
> + StringToken,
> + 0,
> + 0,
> + 0
> + );
> +
> + HiiUpdateForm (
> + mTlsAuthPrivateData->RegisteredHandle,
> + &gTlsAuthConfigGuid,
> + FormId,
> + mStartOpCodeHandle, /// Label FormId
> + mEndOpCodeHandle /// LABEL_END
> + );
> +
> + return TRUE;
> +}
> +
> +/**
> + Update the form base on the input file path info.
> +
> + @param FilePath Point to the file path.
> +
> + @retval TRUE Exit caller function.
> + @retval FALSE Not exit caller function.
> +**/
> +BOOLEAN
> +EFIAPI
> +UpdateCAFromFile (
> + IN EFI_DEVICE_PATH_PROTOCOL *FilePath
> + )
> +{
> + return UpdatePage(FilePath, TLS_AUTH_CONFIG_FORMID4_FORM);
> +}
> +
> +/**
> + Unload the configuration form, this includes: delete all the configuration
> + entries, uninstall the form callback protocol, and free the resources used.
> +
> + @param[in] Private Pointer to the driver private data.
> +
> + @retval EFI_SUCCESS The configuration form is unloaded.
> + @retval Others Failed to unload the form.
> +
> +**/
> +EFI_STATUS
> +TlsAuthConfigFormUnload (
> + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
> + )
> +{
> + if (Private->DriverHandle != NULL) {
> + //
> + // Uninstall EFI_HII_CONFIG_ACCESS_PROTOCOL
> + //
> + gBS->UninstallMultipleProtocolInterfaces (
> + Private->DriverHandle,
> + &gEfiDevicePathProtocolGuid,
> + &mTlsAuthConfigHiiVendorDevicePath,
> + &gEfiHiiConfigAccessProtocolGuid,
> + &Private->ConfigAccess,
> + NULL
> + );
> + Private->DriverHandle = NULL;
> + }
> +
> + if (Private->RegisteredHandle != NULL) {
> + //
> + // Remove HII package list
> + //
> + HiiRemovePackages (Private->RegisteredHandle);
> + Private->RegisteredHandle = NULL;
> + }
> +
> + if (Private->CertGuid != NULL) {
> + FreePool (Private->CertGuid);
> + }
> +
> + if (Private->FileContext != NULL) {
> + FreePool (Private->FileContext);
> + }
> +
> + FreePool (Private);
> +
> + if (mStartOpCodeHandle != NULL) {
> + HiiFreeOpCodeHandle (mStartOpCodeHandle);
> + }
> +
> + if (mEndOpCodeHandle != NULL) {
> + HiiFreeOpCodeHandle (mEndOpCodeHandle);
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +
> +/**
> + Initialize the configuration form.
> +
> + @param[in] Private Pointer to the driver private data.
> +
> + @retval EFI_SUCCESS The configuration form is initialized.
> + @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
> +
> +**/
> +EFI_STATUS
> +TlsAuthConfigFormInit (
> + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
> + )
> +{
> + EFI_STATUS Status;
> +
> + Private->Signature = TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE;
> +
> + Private->ConfigAccess.ExtractConfig = TlsAuthConfigAccessExtractConfig;
> + Private->ConfigAccess.RouteConfig = TlsAuthConfigAccessRouteConfig;
> + Private->ConfigAccess.Callback = TlsAuthConfigAccessCallback;
> +
> + //
> + // Install Device Path Protocol and Config Access protocol to driver handle.
> + //
> + Status = gBS->InstallMultipleProtocolInterfaces (
> + &Private->DriverHandle,
> + &gEfiDevicePathProtocolGuid,
> + &mTlsAuthConfigHiiVendorDevicePath,
> + &gEfiHiiConfigAccessProtocolGuid,
> + &Private->ConfigAccess,
> + NULL
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + //
> + // Publish our HII data.
> + //
> + Private->RegisteredHandle = HiiAddPackages (
> + &gTlsAuthConfigGuid,
> + Private->DriverHandle,
> + TlsAuthConfigDxeStrings,
> + TlsAuthConfigVfrBin,
> + NULL
> + );
> + if (Private->RegisteredHandle == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto Error;
> + }
> +
> + Private->FileContext = AllocateZeroPool (sizeof
> (TLS_AUTH_CONFIG_FILE_CONTEXT));
> + if (Private->FileContext == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto Error;
> + }
> +
> + //
> + // Init OpCode Handle and Allocate space for creation of Buffer
> + //
> + mStartOpCodeHandle = HiiAllocateOpCodeHandle ();
> + if (mStartOpCodeHandle == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto Error;
> + }
> +
> + mEndOpCodeHandle = HiiAllocateOpCodeHandle ();
> + if (mEndOpCodeHandle == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto Error;
> + }
> +
> + //
> + // Create Hii Extend Label OpCode as the start opcode
> + //
> + mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
> + mStartOpCodeHandle,
> + &gEfiIfrTianoGuid,
> + NULL,
> + sizeof (EFI_IFR_GUID_LABEL)
> + );
> + mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
> +
> + //
> + // Create Hii Extend Label OpCode as the end opcode
> + //
> + mEndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
> + mEndOpCodeHandle,
> + &gEfiIfrTianoGuid,
> + NULL,
> + sizeof (EFI_IFR_GUID_LABEL)
> + );
> + mEndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
> + mEndLabel->Number = LABEL_END;
> +
> + return EFI_SUCCESS;
> +
> +Error:
> + TlsAuthConfigFormUnload (Private);
> + return Status;
> +}
> +
> +/**
> +
> + This function allows the caller to request the current
> + configuration for one or more named elements. The resulting
> + string is in <ConfigAltResp> format. Any and all alternative
> + configuration strings shall also be appended to the end of the
> + current configuration string. If they are, they must appear
> + after the current configuration. They must contain the same
> + routing (GUID, NAME, PATH) as the current configuration string.
> + They must have an additional description indicating the type of
> + alternative configuration the string represents,
> + "ALTCFG=<StringToken>". That <StringToken> (when
> + converted from Hex UNICODE to binary) is a reference to a
> + string in the associated string pack.
> +
> + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
> +
> + @param Request A null-terminated Unicode string in
> + <ConfigRequest> format. Note that this
> + includes the routing information as well as
> + the configurable name / value pairs. It is
> + invalid for this string to be in
> + <MultiConfigRequest> format.
> + If a NULL is passed in for the Request field,
> + all of the settings being abstracted by this function
> + will be returned in the Results field. In addition,
> + if a ConfigHdr is passed in with no request elements,
> + all of the settings being abstracted for that particular
> + ConfigHdr reference will be returned in the Results Field.
> +
> + @param Progress On return, points to a character in the
> + Request string. Points to the string's null
> + terminator if request was successful. Points
> + to the most recent "&" before the first
> + failing name / value pair (or the beginning
> + of the string if the failure is in the first
> + name / value pair) if the request was not
> + successful.
> +
> + @param Results A null-terminated Unicode string in
> + <MultiConfigAltResp> format which has all values
> + filled in for the names in the Request string.
> + String to be allocated by the called function.
> +
> + @retval EFI_SUCCESS The Results string is filled with the
> + values corresponding to all requested
> + names.
> +
> + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
> + parts of the results that must be
> + stored awaiting possible future
> + protocols.
> +
> + @retval EFI_NOT_FOUND Routing data doesn't match any
> + known driver. Progress set to the
> + first character in the routing header.
> + Note: There is no requirement that the
> + driver validate the routing data. It
> + must skip the <ConfigHdr> in order to
> + process the names.
> +
> + @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
> + to most recent "&" before the
> + error or the beginning of the
> + string.
> +
> + @retval EFI_INVALID_PARAMETER Unknown name. Progress points
> + to the & before the name in
> + question.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsAuthConfigAccessExtractConfig (
> + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
> + IN CONST EFI_STRING Request,
> + OUT EFI_STRING *Progress,
> + OUT EFI_STRING *Results
> + )
> +{
> + EFI_STATUS Status;
> + UINTN BufferSize;
> + UINTN Size;
> + EFI_STRING ConfigRequest;
> + EFI_STRING ConfigRequestHdr;
> + TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
> + BOOLEAN AllocatedRequest;
> +
> + if (Progress == NULL || Results == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + AllocatedRequest = FALSE;
> + ConfigRequestHdr = NULL;
> + ConfigRequest = NULL;
> + Size = 0;
> +
> + Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
> +
> + BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
> + ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);
> +
> + *Progress = Request;
> +
> + if ((Request != NULL) && !HiiIsConfigHdrMatch (Request,
> &gTlsAuthConfigGuid, mTlsAuthConfigStorageName)) {
> + return EFI_NOT_FOUND;
> + }
> +
> + ConfigRequest = Request;
> + if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) {
> + //
> + // Request is set to NULL or OFFSET is NULL, construct full request string.
> + //
> + // Allocate and fill a buffer large enough to hold the <ConfigHdr>
> template
> + // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW"
> followed by a Null-terminator
> + //
> + ConfigRequestHdr = HiiConstructConfigHdr (&gTlsAuthConfigGuid,
> mTlsAuthConfigStorageName, Private->DriverHandle);
> + Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
> + ConfigRequest = AllocateZeroPool (Size);
> + ASSERT (ConfigRequest != NULL);
> + AllocatedRequest = TRUE;
> + UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX",
> ConfigRequestHdr, (UINT64)BufferSize);
> + FreePool (ConfigRequestHdr);
> + ConfigRequestHdr = NULL;
> + }
> +
> + Status = gHiiConfigRouting->BlockToConfig (
> + gHiiConfigRouting,
> + ConfigRequest,
> + (UINT8 *) &Private->TlsAuthConfigNvData,
> + BufferSize,
> + Results,
> + Progress
> + );
> +
> + //
> + // Free the allocated config request string.
> + //
> + if (AllocatedRequest) {
> + FreePool (ConfigRequest);
> + }
> +
> + //
> + // Set Progress string to the original request string.
> + //
> + if (Request == NULL) {
> + *Progress = NULL;
> + } else if (StrStr (Request, L"OFFSET") == NULL) {
> + *Progress = Request + StrLen (Request);
> + }
> +
> + return Status;
> +}
> +
> +/**
> +
> + This function applies changes in a driver's configuration.
> + Input is a Configuration, which has the routing data for this
> + driver followed by name / value configuration pairs. The driver
> + must apply those pairs to its configurable storage. If the
> + driver's configuration is stored in a linear block of data
> + and the driver's name / value pairs are in <BlockConfig>
> + format, it may use the ConfigToBlock helper function (above) to
> + simplify the job.
> +
> + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
> +
> + @param Configuration A null-terminated Unicode string in
> + <ConfigString> format.
> +
> + @param Progress A pointer to a string filled in with the
> + offset of the most recent '&' before the
> + first failing name / value pair (or the
> + beginn ing of the string if the failure
> + is in the first name / value pair) or
> + the terminating NULL if all was
> + successful.
> +
> + @retval EFI_SUCCESS The results have been distributed or are
> + awaiting distribution.
> +
> + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
> + parts of the results that must be
> + stored awaiting possible future
> + protocols.
> +
> + @retval EFI_INVALID_PARAMETERS Passing in a NULL for the
> + Results parameter would result
> + in this type of error.
> +
> + @retval EFI_NOT_FOUND Target for the specified routing data
> + was not found
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsAuthConfigAccessRouteConfig (
> + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
> + IN CONST EFI_STRING Configuration,
> + OUT EFI_STRING *Progress
> + )
> +{
> + EFI_STATUS Status;
> + UINTN BufferSize;
> + TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
> +
> + if (Progress == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> + *Progress = Configuration;
> +
> + if (Configuration == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + //
> + // Check routing data in <ConfigHdr>.
> + // Note: there is no name for Name/Value storage, only GUID will be
> checked
> + //
> + if (!HiiIsConfigHdrMatch (Configuration, &gTlsAuthConfigGuid,
> mTlsAuthConfigStorageName)) {
> + return EFI_NOT_FOUND;
> + }
> +
> + Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
> +
> + BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
> + ZeroMem (&Private->TlsAuthConfigNvData, BufferSize);
> +
> + Status = gHiiConfigRouting->ConfigToBlock (
> + gHiiConfigRouting,
> + Configuration,
> + (UINT8 *) &Private->TlsAuthConfigNvData,
> + &BufferSize,
> + Progress
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + return Status;
> +}
> +
> +/**
> +
> + This function is called to provide results data to the driver.
> + This data consists of a unique key that is used to identify
> + which data is either being passed back or being asked for.
> +
> + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
> + @param Action Specifies the type of action taken by the browser.
> + @param QuestionId A unique value which is sent to the original
> + exporting driver so that it can identify the type
> + of data to expect. The format of the data tends to
> + vary based on the opcode that generated the callback.
> + @param Type The type of value for the question.
> + @param Value A pointer to the data being sent to the original
> + exporting driver.
> + @param ActionRequest On return, points to the action requested by
> the
> + callback function.
> +
> + @retval EFI_SUCCESS The callback successfully handled the action.
> + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold
> the
> + variable and its data.
> + @retval EFI_DEVICE_ERROR The variable could not be saved.
> + @retval EFI_UNSUPPORTED The specified Action is not supported by
> the
> + callback.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsAuthConfigAccessCallback (
> + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
> + IN EFI_BROWSER_ACTION Action,
> + IN EFI_QUESTION_ID QuestionId,
> + IN UINT8 Type,
> + IN OUT EFI_IFR_TYPE_VALUE *Value,
> + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
> + )
> +{
> + EFI_INPUT_KEY Key;
> + EFI_STATUS Status;
> + RETURN_STATUS RStatus;
> + TLS_AUTH_CONFIG_PRIVATE_DATA *Private;
> + UINTN BufferSize;
> + TLS_AUTH_CONFIG_IFR_NVDATA *IfrNvData;
> + UINT16 LabelId;
> + EFI_DEVICE_PATH_PROTOCOL *File;
> +
> + Status = EFI_SUCCESS;
> + File = NULL;
> +
> + if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Private = TLS_AUTH_CONFIG_PRIVATE_FROM_THIS (This);
> +
> + mTlsAuthPrivateData = Private;
> +
> + //
> + // Retrieve uncommitted data from Browser
> + //
> + BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
> + IfrNvData = AllocateZeroPool (BufferSize);
> + if (IfrNvData == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + HiiGetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName,
> BufferSize, (UINT8 *) IfrNvData);
> +
> + if ((Action != EFI_BROWSER_ACTION_CHANGED) &&
> + (Action != EFI_BROWSER_ACTION_CHANGING)) {
> + Status = EFI_UNSUPPORTED;
> + goto EXIT;
> + }
> +
> + if (Action == EFI_BROWSER_ACTION_CHANGING) {
> + switch (QuestionId) {
> + case KEY_TLS_AUTH_CONFIG_CLIENT_CERT:
> + case KEY_TLS_AUTH_CONFIG_SERVER_CA:
> + //
> + // Clear Cert GUID.
> + //
> + ZeroMem (IfrNvData->CertGuid, sizeof (IfrNvData->CertGuid));
> + if (Private->CertGuid == NULL) {
> + Private->CertGuid = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID));
> + if (Private->CertGuid == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> + }
> + if (QuestionId == KEY_TLS_AUTH_CONFIG_CLIENT_CERT) {
> + LabelId = TLS_AUTH_CONFIG_FORMID3_FORM;
> + } else {
> + LabelId = TLS_AUTH_CONFIG_FORMID4_FORM;
> + }
> +
> + //
> + // Refresh selected file.
> + //
> + CleanUpPage (LabelId, Private);
> + break;
> + case KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE:
> + ChooseFile( NULL, NULL, UpdateCAFromFile, &File);
> + break;
> +
> + case KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT:
> + Status = EnrollCertDatabase (Private,
> EFI_TLS_CA_CERTIFICATE_VARIABLE);
> + if (EFI_ERROR (Status)) {
> + CreatePopUp (
> + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
> + &Key,
> + L"ERROR: Enroll Cert Failure!",
> + NULL
> + );
> + }
> + break;
> +
> + case KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT:
> + if (Private->FileContext->FHandle != NULL) {
> + CloseFile (Private->FileContext->FHandle);
> + Private->FileContext->FHandle = NULL;
> + if (Private->FileContext->FileName!= NULL){
> + FreePool(Private->FileContext->FileName);
> + Private->FileContext->FileName = NULL;
> + }
> + }
> +
> + if (Private->CertGuid!= NULL) {
> + FreePool (Private->CertGuid);
> + Private->CertGuid = NULL;
> + }
> + break;
> +
> + case KEY_TLS_AUTH_CONFIG_DELETE_CERT:
> + UpdateDeletePage (
> + Private,
> + EFI_TLS_CA_CERTIFICATE_VARIABLE,
> + &gEfiTlsCaCertificateGuid,
> + LABEL_CA_DELETE,
> + TLS_AUTH_CONFIG_FORMID5_FORM,
> + OPTION_DEL_CA_ESTION_ID
> + );
> + break;
> +
> + default:
> + if ((QuestionId >= OPTION_DEL_CA_ESTION_ID) &&
> + (QuestionId < (OPTION_DEL_CA_ESTION_ID +
> OPTION_CONFIG_RANGE))) {
> + DeleteCert (
> + Private,
> + EFI_TLS_CA_CERTIFICATE_VARIABLE,
> + &gEfiTlsCaCertificateGuid,
> + LABEL_CA_DELETE,
> + TLS_AUTH_CONFIG_FORMID5_FORM,
> + OPTION_DEL_CA_ESTION_ID,
> + QuestionId - OPTION_DEL_CA_ESTION_ID
> + );
> + }
> + break;
> + }
> + } else if (Action == EFI_BROWSER_ACTION_CHANGED) {
> + switch (QuestionId) {
> + case KEY_TLS_AUTH_CONFIG_CERT_GUID:
> + ASSERT (Private->CertGuid != NULL);
> + RStatus = StrToGuid (
> + IfrNvData->CertGuid,
> + Private->CertGuid
> + );
> + if (RETURN_ERROR (RStatus) || (IfrNvData-
> >CertGuid[GUID_STRING_LENGTH] != L'\0')) {
> + Status = EFI_INVALID_PARAMETER;
> + break;
> + }
> +
> + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY;
> + break;
> + default:
> + break;
> + }
> + }
> +
> +EXIT:
> +
> + if (!EFI_ERROR (Status)) {
> + BufferSize = sizeof (TLS_AUTH_CONFIG_IFR_NVDATA);
> + HiiSetBrowserData (&gTlsAuthConfigGuid, mTlsAuthConfigStorageName,
> BufferSize, (UINT8*) IfrNvData, NULL);
> + }
> +
> + FreePool (IfrNvData);
> +
> + if (File != NULL){
> + FreePool(File);
> + File = NULL;
> + }
> +
> + return EFI_SUCCESS;
> +
> +}
> +
> diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h
> b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h
> index 398f7b6eea..f50d60d269 100644
> --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h
> +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.h
> @@ -1,282 +1,282 @@
> -/** @file
> - Header file of Miscellaneous Routines for TlsAuthConfigDxe driver.
> -
> -Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -
> -This program and the accompanying materials
> -are licensed and made available under the terms and conditions of the BSD
> License
> -which accompanies this distribution. The full text of the license may be
> found at
> -http://opensource.org/licenses/bsd-license.php
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#ifndef __TLS_AUTH_CONFIG_IMPL_H__
> -#define __TLS_AUTH_CONFIG_IMPL_H__
> -
> -#include <Uefi.h>
> -
> -#include <Protocol/HiiConfigAccess.h>
> -#include <Protocol/SimpleFileSystem.h>
> -
> -//
> -// Libraries
> -//
> -#include <Library/UefiBootServicesTableLib.h>
> -#include <Library/UefiRuntimeServicesTableLib.h>
> -#include <Library/MemoryAllocationLib.h>
> -#include <Library/BaseMemoryLib.h>
> -#include <Library/BaseLib.h>
> -#include <Library/UefiLib.h>
> -#include <Library/DebugLib.h>
> -#include <Library/DevicePathLib.h>
> -#include <Library/HiiLib.h>
> -#include <Library/UefiHiiServicesLib.h>
> -#include <Library/FileExplorerLib.h>
> -#include <Library/PrintLib.h>
> -
> -#include <Guid/MdeModuleHii.h>
> -#include <Guid/ImageAuthentication.h>
> -#include <Guid/TlsAuthentication.h>
> -
> -
> -//
> -// Include files with function prototypes
> -//
> -#include "TlsAuthConfigNvData.h"
> -
> -extern UINT8 TlsAuthConfigDxeStrings[];
> -extern UINT8 TlsAuthConfigVfrBin[];
> -
> -#define TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32
> ('T', 'A', 'C', 'D')
> -#define TLS_AUTH_CONFIG_PRIVATE_FROM_THIS(a) CR (a,
> TLS_AUTH_CONFIG_PRIVATE_DATA, ConfigAccess,
> TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE)
> -
> -#define TLS_AUTH_CONFIG_VAR_BASE_ATTR
> (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
> -
> -typedef struct _TLS_AUTH_CONFIG_PRIVATE_DATA
> TLS_AUTH_CONFIG_PRIVATE_DATA;
> -typedef struct _TLS_AUTH_CONFIG_FILE_CONTEXT
> TLS_AUTH_CONFIG_FILE_CONTEXT;
> -
> -///
> -/// HII specific Vendor Device Path definition.
> -///
> -typedef struct {
> - VENDOR_DEVICE_PATH VendorDevicePath;
> - EFI_DEVICE_PATH_PROTOCOL End;
> -} HII_VENDOR_DEVICE_PATH;
> -
> -struct _TLS_AUTH_CONFIG_FILE_CONTEXT {
> - EFI_FILE_HANDLE FHandle;
> - UINT16 *FileName;
> -};
> -
> -struct _TLS_AUTH_CONFIG_PRIVATE_DATA {
> - UINTN Signature;
> -
> - EFI_HANDLE DriverHandle;
> - EFI_HII_HANDLE RegisteredHandle;
> - EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
> - TLS_AUTH_CONFIG_IFR_NVDATA TlsAuthConfigNvData;
> -
> - TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext;
> -
> - EFI_GUID *CertGuid;
> -};
> -
> -/**
> - Unload the configuration form, this includes: delete all the configuration
> - entries, uninstall the form callback protocol, and free the resources used.
> - The form will only be unload completely when both IP4 and IP6 stack are
> stopped.
> -
> - @param[in] Private Pointer to the driver private data.
> -
> - @retval EFI_SUCCESS The configuration form is unloaded.
> - @retval Others Failed to unload the form.
> -
> -**/
> -EFI_STATUS
> -TlsAuthConfigFormUnload (
> - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
> - );
> -
> -/**
> - Initialize the configuration form.
> -
> - @param[in] Private Pointer to the driver private data.
> -
> - @retval EFI_SUCCESS The configuration form is initialized.
> - @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
> -
> -**/
> -EFI_STATUS
> -TlsAuthConfigFormInit (
> - IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
> - );
> -
> -/**
> -
> - This function allows the caller to request the current
> - configuration for one or more named elements. The resulting
> - string is in <ConfigAltResp> format. Any and all alternative
> - configuration strings shall also be appended to the end of the
> - current configuration string. If they are, they must appear
> - after the current configuration. They must contain the same
> - routing (GUID, NAME, PATH) as the current configuration string.
> - They must have an additional description indicating the type of
> - alternative configuration the string represents,
> - "ALTCFG=<StringToken>". That <StringToken> (when
> - converted from Hex UNICODE to binary) is a reference to a
> - string in the associated string pack.
> -
> - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
> -
> - @param Request A null-terminated Unicode string in
> - <ConfigRequest> format. Note that this
> - includes the routing information as well as
> - the configurable name / value pairs. It is
> - invalid for this string to be in
> - <MultiConfigRequest> format.
> - If a NULL is passed in for the Request field,
> - all of the settings being abstracted by this function
> - will be returned in the Results field. In addition,
> - if a ConfigHdr is passed in with no request elements,
> - all of the settings being abstracted for that particular
> - ConfigHdr reference will be returned in the Results Field.
> -
> - @param Progress On return, points to a character in the
> - Request string. Points to the string's null
> - terminator if request was successful. Points
> - to the most recent "&" before the first
> - failing name / value pair (or the beginning
> - of the string if the failure is in the first
> - name / value pair) if the request was not
> - successful.
> -
> - @param Results A null-terminated Unicode string in
> - <MultiConfigAltResp> format which has all values
> - filled in for the names in the Request string.
> - String to be allocated by the called function.
> -
> - @retval EFI_SUCCESS The Results string is filled with the
> - values corresponding to all requested
> - names.
> -
> - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
> - parts of the results that must be
> - stored awaiting possible future
> - protocols.
> -
> - @retval EFI_NOT_FOUND Routing data doesn't match any
> - known driver. Progress set to the
> - first character in the routing header.
> - Note: There is no requirement that the
> - driver validate the routing data. It
> - must skip the <ConfigHdr> in order to
> - process the names.
> -
> - @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
> - to most recent "&" before the
> - error or the beginning of the
> - string.
> -
> - @retval EFI_INVALID_PARAMETER Unknown name. Progress points
> - to the & before the name in
> - question.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsAuthConfigAccessExtractConfig (
> - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
> - IN CONST EFI_STRING Request,
> - OUT EFI_STRING *Progress,
> - OUT EFI_STRING *Results
> - );
> -
> -/**
> -
> - This function applies changes in a driver's configuration.
> - Input is a Configuration, which has the routing data for this
> - driver followed by name / value configuration pairs. The driver
> - must apply those pairs to its configurable storage. If the
> - driver's configuration is stored in a linear block of data
> - and the driver's name / value pairs are in <BlockConfig>
> - format, it may use the ConfigToBlock helper function (above) to
> - simplify the job.
> -
> - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
> -
> - @param Configuration A null-terminated Unicode string in
> - <ConfigString> format.
> -
> - @param Progress A pointer to a string filled in with the
> - offset of the most recent '&' before the
> - first failing name / value pair (or the
> - beginn ing of the string if the failure
> - is in the first name / value pair) or
> - the terminating NULL if all was
> - successful.
> -
> - @retval EFI_SUCCESS The results have been distributed or are
> - awaiting distribution.
> -
> - @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
> - parts of the results that must be
> - stored awaiting possible future
> - protocols.
> -
> - @retval EFI_INVALID_PARAMETERS Passing in a NULL for the
> - Results parameter would result
> - in this type of error.
> -
> - @retval EFI_NOT_FOUND Target for the specified routing data
> - was not found
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsAuthConfigAccessRouteConfig (
> - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
> - IN CONST EFI_STRING Configuration,
> - OUT EFI_STRING *Progress
> - );
> -
> -/**
> -
> - This function is called to provide results data to the driver.
> - This data consists of a unique key that is used to identify
> - which data is either being passed back or being asked for.
> -
> - @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
> - @param Action Specifies the type of action taken by the browser.
> - @param QuestionId A unique value which is sent to the original
> - exporting driver so that it can identify the type
> - of data to expect. The format of the data tends to
> - vary based on the opcode that generated the callback.
> - @param Type The type of value for the question.
> - @param Value A pointer to the data being sent to the original
> - exporting driver.
> - @param ActionRequest On return, points to the action requested by
> the
> - callback function.
> -
> - @retval EFI_SUCCESS The callback successfully handled the action.
> - @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold
> the
> - variable and its data.
> - @retval EFI_DEVICE_ERROR The variable could not be saved.
> - @retval EFI_UNSUPPORTED The specified Action is not supported by
> the
> - callback.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsAuthConfigAccessCallback (
> - IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
> - IN EFI_BROWSER_ACTION Action,
> - IN EFI_QUESTION_ID QuestionId,
> - IN UINT8 Type,
> - IN OUT EFI_IFR_TYPE_VALUE *Value,
> - OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
> - );
> -
> -#endif
> -
> +/** @file
> + Header file of Miscellaneous Routines for TlsAuthConfigDxe driver.
> +
> +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution. The full text of the license may be
> found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#ifndef __TLS_AUTH_CONFIG_IMPL_H__
> +#define __TLS_AUTH_CONFIG_IMPL_H__
> +
> +#include <Uefi.h>
> +
> +#include <Protocol/HiiConfigAccess.h>
> +#include <Protocol/SimpleFileSystem.h>
> +
> +//
> +// Libraries
> +//
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/UefiRuntimeServicesTableLib.h>
> +#include <Library/MemoryAllocationLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/BaseLib.h>
> +#include <Library/UefiLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/DevicePathLib.h>
> +#include <Library/HiiLib.h>
> +#include <Library/UefiHiiServicesLib.h>
> +#include <Library/FileExplorerLib.h>
> +#include <Library/PrintLib.h>
> +
> +#include <Guid/MdeModuleHii.h>
> +#include <Guid/ImageAuthentication.h>
> +#include <Guid/TlsAuthentication.h>
> +
> +
> +//
> +// Include files with function prototypes
> +//
> +#include "TlsAuthConfigNvData.h"
> +
> +extern UINT8 TlsAuthConfigDxeStrings[];
> +extern UINT8 TlsAuthConfigVfrBin[];
> +
> +#define TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32
> ('T', 'A', 'C', 'D')
> +#define TLS_AUTH_CONFIG_PRIVATE_FROM_THIS(a) CR (a,
> TLS_AUTH_CONFIG_PRIVATE_DATA, ConfigAccess,
> TLS_AUTH_CONFIG_PRIVATE_DATA_SIGNATURE)
> +
> +#define TLS_AUTH_CONFIG_VAR_BASE_ATTR
> (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
> +
> +typedef struct _TLS_AUTH_CONFIG_PRIVATE_DATA
> TLS_AUTH_CONFIG_PRIVATE_DATA;
> +typedef struct _TLS_AUTH_CONFIG_FILE_CONTEXT
> TLS_AUTH_CONFIG_FILE_CONTEXT;
> +
> +///
> +/// HII specific Vendor Device Path definition.
> +///
> +typedef struct {
> + VENDOR_DEVICE_PATH VendorDevicePath;
> + EFI_DEVICE_PATH_PROTOCOL End;
> +} HII_VENDOR_DEVICE_PATH;
> +
> +struct _TLS_AUTH_CONFIG_FILE_CONTEXT {
> + EFI_FILE_HANDLE FHandle;
> + UINT16 *FileName;
> +};
> +
> +struct _TLS_AUTH_CONFIG_PRIVATE_DATA {
> + UINTN Signature;
> +
> + EFI_HANDLE DriverHandle;
> + EFI_HII_HANDLE RegisteredHandle;
> + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
> + TLS_AUTH_CONFIG_IFR_NVDATA TlsAuthConfigNvData;
> +
> + TLS_AUTH_CONFIG_FILE_CONTEXT *FileContext;
> +
> + EFI_GUID *CertGuid;
> +};
> +
> +/**
> + Unload the configuration form, this includes: delete all the configuration
> + entries, uninstall the form callback protocol, and free the resources used.
> + The form will only be unload completely when both IP4 and IP6 stack are
> stopped.
> +
> + @param[in] Private Pointer to the driver private data.
> +
> + @retval EFI_SUCCESS The configuration form is unloaded.
> + @retval Others Failed to unload the form.
> +
> +**/
> +EFI_STATUS
> +TlsAuthConfigFormUnload (
> + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
> + );
> +
> +/**
> + Initialize the configuration form.
> +
> + @param[in] Private Pointer to the driver private data.
> +
> + @retval EFI_SUCCESS The configuration form is initialized.
> + @retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
> +
> +**/
> +EFI_STATUS
> +TlsAuthConfigFormInit (
> + IN TLS_AUTH_CONFIG_PRIVATE_DATA *Private
> + );
> +
> +/**
> +
> + This function allows the caller to request the current
> + configuration for one or more named elements. The resulting
> + string is in <ConfigAltResp> format. Any and all alternative
> + configuration strings shall also be appended to the end of the
> + current configuration string. If they are, they must appear
> + after the current configuration. They must contain the same
> + routing (GUID, NAME, PATH) as the current configuration string.
> + They must have an additional description indicating the type of
> + alternative configuration the string represents,
> + "ALTCFG=<StringToken>". That <StringToken> (when
> + converted from Hex UNICODE to binary) is a reference to a
> + string in the associated string pack.
> +
> + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
> +
> + @param Request A null-terminated Unicode string in
> + <ConfigRequest> format. Note that this
> + includes the routing information as well as
> + the configurable name / value pairs. It is
> + invalid for this string to be in
> + <MultiConfigRequest> format.
> + If a NULL is passed in for the Request field,
> + all of the settings being abstracted by this function
> + will be returned in the Results field. In addition,
> + if a ConfigHdr is passed in with no request elements,
> + all of the settings being abstracted for that particular
> + ConfigHdr reference will be returned in the Results Field.
> +
> + @param Progress On return, points to a character in the
> + Request string. Points to the string's null
> + terminator if request was successful. Points
> + to the most recent "&" before the first
> + failing name / value pair (or the beginning
> + of the string if the failure is in the first
> + name / value pair) if the request was not
> + successful.
> +
> + @param Results A null-terminated Unicode string in
> + <MultiConfigAltResp> format which has all values
> + filled in for the names in the Request string.
> + String to be allocated by the called function.
> +
> + @retval EFI_SUCCESS The Results string is filled with the
> + values corresponding to all requested
> + names.
> +
> + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
> + parts of the results that must be
> + stored awaiting possible future
> + protocols.
> +
> + @retval EFI_NOT_FOUND Routing data doesn't match any
> + known driver. Progress set to the
> + first character in the routing header.
> + Note: There is no requirement that the
> + driver validate the routing data. It
> + must skip the <ConfigHdr> in order to
> + process the names.
> +
> + @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set
> + to most recent "&" before the
> + error or the beginning of the
> + string.
> +
> + @retval EFI_INVALID_PARAMETER Unknown name. Progress points
> + to the & before the name in
> + question.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsAuthConfigAccessExtractConfig (
> + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
> + IN CONST EFI_STRING Request,
> + OUT EFI_STRING *Progress,
> + OUT EFI_STRING *Results
> + );
> +
> +/**
> +
> + This function applies changes in a driver's configuration.
> + Input is a Configuration, which has the routing data for this
> + driver followed by name / value configuration pairs. The driver
> + must apply those pairs to its configurable storage. If the
> + driver's configuration is stored in a linear block of data
> + and the driver's name / value pairs are in <BlockConfig>
> + format, it may use the ConfigToBlock helper function (above) to
> + simplify the job.
> +
> + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
> +
> + @param Configuration A null-terminated Unicode string in
> + <ConfigString> format.
> +
> + @param Progress A pointer to a string filled in with the
> + offset of the most recent '&' before the
> + first failing name / value pair (or the
> + beginn ing of the string if the failure
> + is in the first name / value pair) or
> + the terminating NULL if all was
> + successful.
> +
> + @retval EFI_SUCCESS The results have been distributed or are
> + awaiting distribution.
> +
> + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the
> + parts of the results that must be
> + stored awaiting possible future
> + protocols.
> +
> + @retval EFI_INVALID_PARAMETERS Passing in a NULL for the
> + Results parameter would result
> + in this type of error.
> +
> + @retval EFI_NOT_FOUND Target for the specified routing data
> + was not found
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsAuthConfigAccessRouteConfig (
> + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
> + IN CONST EFI_STRING Configuration,
> + OUT EFI_STRING *Progress
> + );
> +
> +/**
> +
> + This function is called to provide results data to the driver.
> + This data consists of a unique key that is used to identify
> + which data is either being passed back or being asked for.
> +
> + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL.
> + @param Action Specifies the type of action taken by the browser.
> + @param QuestionId A unique value which is sent to the original
> + exporting driver so that it can identify the type
> + of data to expect. The format of the data tends to
> + vary based on the opcode that generated the callback.
> + @param Type The type of value for the question.
> + @param Value A pointer to the data being sent to the original
> + exporting driver.
> + @param ActionRequest On return, points to the action requested by
> the
> + callback function.
> +
> + @retval EFI_SUCCESS The callback successfully handled the action.
> + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold
> the
> + variable and its data.
> + @retval EFI_DEVICE_ERROR The variable could not be saved.
> + @retval EFI_UNSUPPORTED The specified Action is not supported by
> the
> + callback.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsAuthConfigAccessCallback (
> + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
> + IN EFI_BROWSER_ACTION Action,
> + IN EFI_QUESTION_ID QuestionId,
> + IN UINT8 Type,
> + IN OUT EFI_IFR_TYPE_VALUE *Value,
> + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
> + );
> +
> +#endif
> +
> diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h
> b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h
> index f453201cb7..80baa3836f 100644
> --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h
> +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigNvData.h
> @@ -1,49 +1,50 @@
> -/** @file
> - Header file for NV data structure definition.
> -
> -Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -This program and the accompanying materials
> -are licensed and made available under the terms and conditions of the BSD
> License
> -which accompanies this distribution. The full text of the license may be
> found at
> -http://opensource.org/licenses/bsd-license.php
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#ifndef __TLS_AUTH_CONFIG_NV_DATA_H__
> -#define __TLS_AUTH_CONFIG_NV_DATA_H__
> -
> -#include <Guid/TlsAuthConfigHii.h>
> -
> -#define TLS_AUTH_CONFIG_GUID_SIZE 36
> -#define TLS_AUTH_CONFIG_GUID_STORAGE_SIZE 37
> -
> -#define TLS_AUTH_CONFIG_FORMID1_FORM 1
> -#define TLS_AUTH_CONFIG_FORMID2_FORM 2
> -#define TLS_AUTH_CONFIG_FORMID3_FORM 3
> -#define TLS_AUTH_CONFIG_FORMID4_FORM 4
> -#define TLS_AUTH_CONFIG_FORMID5_FORM 5
> -
> -
> -#define KEY_TLS_AUTH_CONFIG_SERVER_CA 0x1000
> -#define KEY_TLS_AUTH_CONFIG_CLIENT_CERT 0x1001
> -#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT 0x1002
> -#define KEY_TLS_AUTH_CONFIG_DELETE_CERT 0x1003
> -#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE 0x1004
> -#define KEY_TLS_AUTH_CONFIG_CERT_GUID 0x1005
> -#define KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT 0x1006
> -#define KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT 0x1007
> -
> -#define OPTION_DEL_CA_ESTION_ID 0x2000
> -#define OPTION_CONFIG_RANGE 0x1000
> -
> -#define LABEL_CA_DELETE 0x1101
> -#define LABEL_END 0xffff
> -
> -typedef struct {
> - CHAR16 CertGuid[TLS_AUTH_CONFIG_GUID_STORAGE_SIZE];
> -} TLS_AUTH_CONFIG_IFR_NVDATA;
> -
> -#endif
> +/** @file
> + Header file for NV data structure definition.
> +
> +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution. The full text of the license may be
> found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#ifndef __TLS_AUTH_CONFIG_NV_DATA_H__
> +#define __TLS_AUTH_CONFIG_NV_DATA_H__
> +
> +#include <Guid/TlsAuthConfigHii.h>
> +
> +#define TLS_AUTH_CONFIG_GUID_SIZE 36
> +#define TLS_AUTH_CONFIG_GUID_STORAGE_SIZE 37
> +
> +#define TLS_AUTH_CONFIG_FORMID1_FORM 1
> +#define TLS_AUTH_CONFIG_FORMID2_FORM 2
> +#define TLS_AUTH_CONFIG_FORMID3_FORM 3
> +#define TLS_AUTH_CONFIG_FORMID4_FORM 4
> +#define TLS_AUTH_CONFIG_FORMID5_FORM 5
> +
> +
> +#define KEY_TLS_AUTH_CONFIG_SERVER_CA 0x1000
> +#define KEY_TLS_AUTH_CONFIG_CLIENT_CERT 0x1001
> +#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT 0x1002
> +#define KEY_TLS_AUTH_CONFIG_DELETE_CERT 0x1003
> +#define KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE 0x1004
> +#define KEY_TLS_AUTH_CONFIG_CERT_GUID 0x1005
> +#define KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT 0x1006
> +#define KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT 0x1007
> +
> +#define OPTION_DEL_CA_ESTION_ID 0x2000
> +#define OPTION_CONFIG_RANGE 0x1000
> +
> +#define LABEL_CA_DELETE 0x1101
> +#define LABEL_END 0xffff
> +
> +typedef struct {
> + CHAR16 CertGuid[TLS_AUTH_CONFIG_GUID_STORAGE_SIZE];
> +} TLS_AUTH_CONFIG_IFR_NVDATA;
> +
> +#endif
> +
> diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr
> b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr
> index fb130d9d9d..9bca2c119f 100644
> --- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr
> +++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigVfr.vfr
> @@ -1,152 +1,153 @@
> -/** @file
> - VFR file used by TlsAuthConfigDxe driver.
> -
> - Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -
> - This program and the accompanying materials
> - are licensed and made available under the terms and conditions of the BSD
> License
> - which accompanies this distribution. The full text of the license may be
> found at
> - http://opensource.org/licenses/bsd-license.php.
> -
> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#include "TlsAuthConfigNvData.h"
> -
> -formset
> - guid = TLS_AUTH_CONFIG_GUID,
> - title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE),
> - help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_HELP),
> -
> - varstore TLS_AUTH_CONFIG_IFR_NVDATA,
> - name = TLS_AUTH_CONFIG_IFR_NVDATA,
> - guid = TLS_AUTH_CONFIG_GUID;
> -
> - //
> - // ##1 Form1: Main form for Tls Auth configration
> - //
> - form formid = TLS_AUTH_CONFIG_FORMID1_FORM,
> - title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE);
> -
> - subtitle text = STRING_TOKEN(STR_NULL);
> -
> - //
> - // Display Server CA configration
> - //
> - goto TLS_AUTH_CONFIG_FORMID2_FORM,
> - prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA),
> - help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA_HELP),
> - flags = INTERACTIVE,
> - key = KEY_TLS_AUTH_CONFIG_SERVER_CA;
> -
> - subtitle text = STRING_TOKEN(STR_NULL);
> -
> - //
> - // Display Client cert configration
> - //
> - grayoutif TRUE; /// Current unsupported.
> - goto TLS_AUTH_CONFIG_FORMID3_FORM,
> - prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT),
> - help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP),
> - flags = INTERACTIVE,
> - key = KEY_TLS_AUTH_CONFIG_CLIENT_CERT;
> - endif;
> - endform;
> -
> - //
> - // ##2 Form2: CA configuration
> - //
> - form formid = TLS_AUTH_CONFIG_FORMID2_FORM,
> - title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA);
> -
> - subtitle text = STRING_TOKEN(STR_NULL);
> -
> - goto TLS_AUTH_CONFIG_FORMID4_FORM,
> - prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT),
> - help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP),
> - flags = INTERACTIVE,
> - key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT;
> -
> - subtitle text = STRING_TOKEN(STR_NULL);
> -
> - goto TLS_AUTH_CONFIG_FORMID5_FORM,
> - prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT),
> - help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP),
> - flags = INTERACTIVE,
> - key = KEY_TLS_AUTH_CONFIG_DELETE_CERT;
> - endform;
> -
> - //
> - // ##3 Form3 : Client cert configuration
> - //
> - form formid = TLS_AUTH_CONFIG_FORMID3_FORM,
> - title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT);
> -
> - subtitle text = STRING_TOKEN(STR_NULL);
> -
> - //
> - // TODO...
> - //
> - endform;
> -
> - //
> - // ##4 Form4: Enroll cert for CA
> - //
> - form formid = TLS_AUTH_CONFIG_FORMID4_FORM,
> - title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT);
> -
> - subtitle text = STRING_TOKEN(STR_NULL);
> -
> - goto TLS_AUTH_CONFIG_FORMID4_FORM,
> - prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
> - help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
> - flags = INTERACTIVE,
> - key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE;
> -
> - subtitle text = STRING_TOKEN(STR_NULL);
> - label TLS_AUTH_CONFIG_FORMID4_FORM;
> - label LABEL_END;
> - subtitle text = STRING_TOKEN(STR_NULL);
> -
> - string varid = TLS_AUTH_CONFIG_IFR_NVDATA.CertGuid,
> - prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID),
> - help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID_HELP),
> - flags = INTERACTIVE,
> - key = KEY_TLS_AUTH_CONFIG_CERT_GUID,
> - minsize = TLS_AUTH_CONFIG_GUID_SIZE,
> - maxsize = TLS_AUTH_CONFIG_GUID_SIZE,
> - endstring;
> -
> - subtitle text = STRING_TOKEN(STR_NULL);
> - subtitle text = STRING_TOKEN(STR_NULL);
> -
> - goto TLS_AUTH_CONFIG_FORMID1_FORM,
> - prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
> - help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
> - flags = INTERACTIVE,
> - key = KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT;
> -
> - goto TLS_AUTH_CONFIG_FORMID1_FORM,
> - prompt =
> STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
> - help =
> STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
> - flags = INTERACTIVE,
> - key = KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT;
> -
> - endform;
> -
> - //
> - // ##5 Form5: Delete cert for CA
> - //
> - form formid = TLS_AUTH_CONFIG_FORMID5_FORM,
> - title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT);
> -
> - label LABEL_CA_DELETE;
> - label LABEL_END;
> -
> - subtitle text = STRING_TOKEN(STR_NULL);
> -
> - endform;
> -
> -endformset;
> +/** @file
> + VFR file used by TlsAuthConfigDxe driver.
> +
> + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +
> + This program and the accompanying materials
> + are licensed and made available under the terms and conditions of the BSD
> License
> + which accompanies this distribution. The full text of the license may be
> found at
> + http://opensource.org/licenses/bsd-license.php.
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include "TlsAuthConfigNvData.h"
> +
> +formset
> + guid = TLS_AUTH_CONFIG_GUID,
> + title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE),
> + help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_HELP),
> +
> + varstore TLS_AUTH_CONFIG_IFR_NVDATA,
> + name = TLS_AUTH_CONFIG_IFR_NVDATA,
> + guid = TLS_AUTH_CONFIG_GUID;
> +
> + //
> + // ##1 Form1: Main form for Tls Auth configration
> + //
> + form formid = TLS_AUTH_CONFIG_FORMID1_FORM,
> + title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_TITLE);
> +
> + subtitle text = STRING_TOKEN(STR_NULL);
> +
> + //
> + // Display Server CA configration
> + //
> + goto TLS_AUTH_CONFIG_FORMID2_FORM,
> + prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA),
> + help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA_HELP),
> + flags = INTERACTIVE,
> + key = KEY_TLS_AUTH_CONFIG_SERVER_CA;
> +
> + subtitle text = STRING_TOKEN(STR_NULL);
> +
> + //
> + // Display Client cert configration
> + //
> + grayoutif TRUE; /// Current unsupported.
> + goto TLS_AUTH_CONFIG_FORMID3_FORM,
> + prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT),
> + help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT_HELP),
> + flags = INTERACTIVE,
> + key = KEY_TLS_AUTH_CONFIG_CLIENT_CERT;
> + endif;
> + endform;
> +
> + //
> + // ##2 Form2: CA configuration
> + //
> + form formid = TLS_AUTH_CONFIG_FORMID2_FORM,
> + title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SERVER_CA);
> +
> + subtitle text = STRING_TOKEN(STR_NULL);
> +
> + goto TLS_AUTH_CONFIG_FORMID4_FORM,
> + prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT),
> + help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT_HELP),
> + flags = INTERACTIVE,
> + key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT;
> +
> + subtitle text = STRING_TOKEN(STR_NULL);
> +
> + goto TLS_AUTH_CONFIG_FORMID5_FORM,
> + prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT),
> + help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT_HELP),
> + flags = INTERACTIVE,
> + key = KEY_TLS_AUTH_CONFIG_DELETE_CERT;
> + endform;
> +
> + //
> + // ##3 Form3 : Client cert configuration
> + //
> + form formid = TLS_AUTH_CONFIG_FORMID3_FORM,
> + title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CLIENT_CERT);
> +
> + subtitle text = STRING_TOKEN(STR_NULL);
> +
> + //
> + // TODO...
> + //
> + endform;
> +
> + //
> + // ##4 Form4: Enroll cert for CA
> + //
> + form formid = TLS_AUTH_CONFIG_FORMID4_FORM,
> + title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ENROLL_CERT);
> +
> + subtitle text = STRING_TOKEN(STR_NULL);
> +
> + goto TLS_AUTH_CONFIG_FORMID4_FORM,
> + prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
> + help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_ADD_CERT_FILE),
> + flags = INTERACTIVE,
> + key = KEY_TLS_AUTH_CONFIG_ENROLL_CERT_FROM_FILE;
> +
> + subtitle text = STRING_TOKEN(STR_NULL);
> + label TLS_AUTH_CONFIG_FORMID4_FORM;
> + label LABEL_END;
> + subtitle text = STRING_TOKEN(STR_NULL);
> +
> + string varid = TLS_AUTH_CONFIG_IFR_NVDATA.CertGuid,
> + prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID),
> + help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_CERT_GUID_HELP),
> + flags = INTERACTIVE,
> + key = KEY_TLS_AUTH_CONFIG_CERT_GUID,
> + minsize = TLS_AUTH_CONFIG_GUID_SIZE,
> + maxsize = TLS_AUTH_CONFIG_GUID_SIZE,
> + endstring;
> +
> + subtitle text = STRING_TOKEN(STR_NULL);
> + subtitle text = STRING_TOKEN(STR_NULL);
> +
> + goto TLS_AUTH_CONFIG_FORMID1_FORM,
> + prompt = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
> + help = STRING_TOKEN(STR_TLS_AUTH_CONFIG_SAVE_AND_EXIT),
> + flags = INTERACTIVE,
> + key = KEY_TLS_AUTH_CONFIG_VALUE_SAVE_AND_EXIT;
> +
> + goto TLS_AUTH_CONFIG_FORMID1_FORM,
> + prompt =
> STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
> + help =
> STRING_TOKEN(STR_TLS_AUTH_CONFIG_NO_SAVE_AND_EXIT),
> + flags = INTERACTIVE,
> + key = KEY_TLS_AUTH_CONFIG_VALUE_NO_SAVE_AND_EXIT;
> +
> + endform;
> +
> + //
> + // ##5 Form5: Delete cert for CA
> + //
> + form formid = TLS_AUTH_CONFIG_FORMID5_FORM,
> + title = STRING_TOKEN(STR_TLS_AUTH_CONFIG_DELETE_CERT);
> +
> + label LABEL_CA_DELETE;
> + label LABEL_END;
> +
> + subtitle text = STRING_TOKEN(STR_NULL);
> +
> + endform;
> +
> +endformset;
> +
> diff --git a/NetworkPkg/TlsDxe/TlsConfigProtocol.c
> b/NetworkPkg/TlsDxe/TlsConfigProtocol.c
> index 5292433da3..15a865e386 100644
> --- a/NetworkPkg/TlsDxe/TlsConfigProtocol.c
> +++ b/NetworkPkg/TlsDxe/TlsConfigProtocol.c
> @@ -1,152 +1,153 @@
> -/** @file
> - Implementation of EFI TLS Configuration Protocol Interfaces.
> -
> - Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -
> - This program and the accompanying materials
> - are licensed and made available under the terms and conditions of the BSD
> License
> - which accompanies this distribution. The full text of the license may be
> found at
> - http://opensource.org/licenses/bsd-license.php.
> -
> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#include "TlsImpl.h"
> -
> -EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol = {
> - TlsConfigurationSetData,
> - TlsConfigurationGetData
> -};
> -
> -/**
> - Set TLS configuration data.
> -
> - The SetData() function sets TLS configuration to non-volatile storage or
> volatile
> - storage.
> -
> - @param[in] This Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> - @param[in] DataType Configuration data type.
> - @param[in] Data Pointer to configuration data.
> - @param[in] DataSize Total size of configuration data.
> -
> - @retval EFI_SUCCESS The TLS configuration data is set successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - This is NULL.
> - Data is NULL.
> - DataSize is 0.
> - @retval EFI_UNSUPPORTED The DataType is unsupported.
> - @retval EFI_OUT_OF_RESOURCES Required system resources could not
> be allocated.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsConfigurationSetData (
> - IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
> - IN EFI_TLS_CONFIG_DATA_TYPE DataType,
> - IN VOID *Data,
> - IN UINTN DataSize
> - )
> -{
> - EFI_STATUS Status;
> - TLS_INSTANCE *Instance;
> - EFI_TPL OldTpl;
> -
> - Status = EFI_SUCCESS;
> -
> - if (This == NULL || Data == NULL || DataSize == 0) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> -
> - Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
> -
> - switch (DataType) {
> - case EfiTlsConfigDataTypeCACertificate:
> - Status = TlsSetCaCertificate (Instance->TlsConn, Data, DataSize);
> - break;
> - case EfiTlsConfigDataTypeHostPublicCert:
> - Status = TlsSetHostPublicCert (Instance->TlsConn, Data, DataSize);
> - break;
> - case EfiTlsConfigDataTypeHostPrivateKey:
> - Status = TlsSetHostPrivateKey (Instance->TlsConn, Data, DataSize);
> - break;
> - case EfiTlsConfigDataTypeCertRevocationList:
> - Status = TlsSetCertRevocationList (Data, DataSize);
> - break;
> - default:
> - Status = EFI_UNSUPPORTED;
> - }
> -
> - gBS->RestoreTPL (OldTpl);
> - return Status;
> -}
> -
> -/**
> - Get TLS configuration data.
> -
> - The GetData() function gets TLS configuration.
> -
> - @param[in] This Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> - @param[in] DataType Configuration data type.
> - @param[in, out] Data Pointer to configuration data.
> - @param[in, out] DataSize Total size of configuration data. On input, it
> means
> - the size of Data buffer. On output, it means the size
> - of copied Data buffer if EFI_SUCCESS, and means the
> - size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
> -
> - @retval EFI_SUCCESS The TLS configuration data is got successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - This is NULL.
> - DataSize is NULL.
> - Data is NULL if *DataSize is not zero.
> - @retval EFI_UNSUPPORTED The DataType is unsupported.
> - @retval EFI_NOT_FOUND The TLS configuration data is not found.
> - @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsConfigurationGetData (
> - IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
> - IN EFI_TLS_CONFIG_DATA_TYPE DataType,
> - IN OUT VOID *Data, OPTIONAL
> - IN OUT UINTN *DataSize
> - )
> -{
> - EFI_STATUS Status;
> - TLS_INSTANCE *Instance;
> -
> - EFI_TPL OldTpl;
> -
> - Status = EFI_SUCCESS;
> -
> - if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> -
> - Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
> -
> - switch (DataType) {
> - case EfiTlsConfigDataTypeCACertificate:
> - Status = TlsGetCaCertificate (Instance->TlsConn, Data, DataSize);
> - break;
> - case EfiTlsConfigDataTypeHostPublicCert:
> - Status = TlsGetHostPublicCert (Instance->TlsConn, Data, DataSize);
> - break;
> - case EfiTlsConfigDataTypeHostPrivateKey:
> - Status = TlsGetHostPrivateKey (Instance->TlsConn, Data, DataSize);
> - break;
> - case EfiTlsConfigDataTypeCertRevocationList:
> - Status = TlsGetCertRevocationList (Data, DataSize);
> - break;
> - default:
> - Status = EFI_UNSUPPORTED;
> - }
> -
> - gBS->RestoreTPL (OldTpl);
> - return Status;
> -}
> +/** @file
> + Implementation of EFI TLS Configuration Protocol Interfaces.
> +
> + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +
> + This program and the accompanying materials
> + are licensed and made available under the terms and conditions of the BSD
> License
> + which accompanies this distribution. The full text of the license may be
> found at
> + http://opensource.org/licenses/bsd-license.php.
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include "TlsImpl.h"
> +
> +EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol = {
> + TlsConfigurationSetData,
> + TlsConfigurationGetData
> +};
> +
> +/**
> + Set TLS configuration data.
> +
> + The SetData() function sets TLS configuration to non-volatile storage or
> volatile
> + storage.
> +
> + @param[in] This Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> + @param[in] DataType Configuration data type.
> + @param[in] Data Pointer to configuration data.
> + @param[in] DataSize Total size of configuration data.
> +
> + @retval EFI_SUCCESS The TLS configuration data is set successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + Data is NULL.
> + DataSize is 0.
> + @retval EFI_UNSUPPORTED The DataType is unsupported.
> + @retval EFI_OUT_OF_RESOURCES Required system resources could not
> be allocated.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsConfigurationSetData (
> + IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
> + IN EFI_TLS_CONFIG_DATA_TYPE DataType,
> + IN VOID *Data,
> + IN UINTN DataSize
> + )
> +{
> + EFI_STATUS Status;
> + TLS_INSTANCE *Instance;
> + EFI_TPL OldTpl;
> +
> + Status = EFI_SUCCESS;
> +
> + if (This == NULL || Data == NULL || DataSize == 0) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> +
> + Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
> +
> + switch (DataType) {
> + case EfiTlsConfigDataTypeCACertificate:
> + Status = TlsSetCaCertificate (Instance->TlsConn, Data, DataSize);
> + break;
> + case EfiTlsConfigDataTypeHostPublicCert:
> + Status = TlsSetHostPublicCert (Instance->TlsConn, Data, DataSize);
> + break;
> + case EfiTlsConfigDataTypeHostPrivateKey:
> + Status = TlsSetHostPrivateKey (Instance->TlsConn, Data, DataSize);
> + break;
> + case EfiTlsConfigDataTypeCertRevocationList:
> + Status = TlsSetCertRevocationList (Data, DataSize);
> + break;
> + default:
> + Status = EFI_UNSUPPORTED;
> + }
> +
> + gBS->RestoreTPL (OldTpl);
> + return Status;
> +}
> +
> +/**
> + Get TLS configuration data.
> +
> + The GetData() function gets TLS configuration.
> +
> + @param[in] This Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> + @param[in] DataType Configuration data type.
> + @param[in, out] Data Pointer to configuration data.
> + @param[in, out] DataSize Total size of configuration data. On input, it
> means
> + the size of Data buffer. On output, it means the size
> + of copied Data buffer if EFI_SUCCESS, and means the
> + size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
> +
> + @retval EFI_SUCCESS The TLS configuration data is got successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + DataSize is NULL.
> + Data is NULL if *DataSize is not zero.
> + @retval EFI_UNSUPPORTED The DataType is unsupported.
> + @retval EFI_NOT_FOUND The TLS configuration data is not found.
> + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsConfigurationGetData (
> + IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
> + IN EFI_TLS_CONFIG_DATA_TYPE DataType,
> + IN OUT VOID *Data, OPTIONAL
> + IN OUT UINTN *DataSize
> + )
> +{
> + EFI_STATUS Status;
> + TLS_INSTANCE *Instance;
> +
> + EFI_TPL OldTpl;
> +
> + Status = EFI_SUCCESS;
> +
> + if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0))
> {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> +
> + Instance = TLS_INSTANCE_FROM_CONFIGURATION (This);
> +
> + switch (DataType) {
> + case EfiTlsConfigDataTypeCACertificate:
> + Status = TlsGetCaCertificate (Instance->TlsConn, Data, DataSize);
> + break;
> + case EfiTlsConfigDataTypeHostPublicCert:
> + Status = TlsGetHostPublicCert (Instance->TlsConn, Data, DataSize);
> + break;
> + case EfiTlsConfigDataTypeHostPrivateKey:
> + Status = TlsGetHostPrivateKey (Instance->TlsConn, Data, DataSize);
> + break;
> + case EfiTlsConfigDataTypeCertRevocationList:
> + Status = TlsGetCertRevocationList (Data, DataSize);
> + break;
> + default:
> + Status = EFI_UNSUPPORTED;
> + }
> +
> + gBS->RestoreTPL (OldTpl);
> + return Status;
> +}
> +
> diff --git a/NetworkPkg/TlsDxe/TlsDriver.c b/NetworkPkg/TlsDxe/TlsDriver.c
> index 38bf5993ce..29bc966c3e 100644
> --- a/NetworkPkg/TlsDxe/TlsDriver.c
> +++ b/NetworkPkg/TlsDxe/TlsDriver.c
> @@ -1,496 +1,497 @@
> -/** @file
> - The Driver Binding and Service Binding Protocol for TlsDxe driver.
> -
> - Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -
> - This program and the accompanying materials
> - are licensed and made available under the terms and conditions of the BSD
> License
> - which accompanies this distribution. The full text of the license may be
> found at
> - http://opensource.org/licenses/bsd-license.php.
> -
> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#include "TlsImpl.h"
> -
> -EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding = {
> - TlsServiceBindingCreateChild,
> - TlsServiceBindingDestroyChild
> -};
> -
> -/**
> - Release all the resources used by the TLS instance.
> -
> - @param[in] Instance The TLS instance data.
> -
> -**/
> -VOID
> -TlsCleanInstance (
> - IN TLS_INSTANCE *Instance
> - )
> -{
> - if (Instance != NULL) {
> - if (Instance->TlsConn != NULL) {
> - TlsFree (Instance->TlsConn);
> - }
> -
> - FreePool (Instance);
> - }
> -}
> -
> -/**
> - Create the TLS instance and initialize it.
> -
> - @param[in] Service The pointer to the TLS service.
> - @param[out] Instance The pointer to the TLS instance.
> -
> - @retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
> - @retval EFI_SUCCESS The TLS instance is created.
> -
> -**/
> -EFI_STATUS
> -TlsCreateInstance (
> - IN TLS_SERVICE *Service,
> - OUT TLS_INSTANCE **Instance
> - )
> -{
> - TLS_INSTANCE *TlsInstance;
> -
> - *Instance = NULL;
> -
> - TlsInstance = AllocateZeroPool (sizeof (TLS_INSTANCE));
> - if (TlsInstance == NULL) {
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - TlsInstance->Signature = TLS_INSTANCE_SIGNATURE;
> - InitializeListHead (&TlsInstance->Link);
> - TlsInstance->InDestroy = FALSE;
> - TlsInstance->Service = Service;
> -
> - CopyMem (&TlsInstance->Tls, &mTlsProtocol, sizeof (TlsInstance->Tls));
> - CopyMem (&TlsInstance->TlsConfig, &mTlsConfigurationProtocol, sizeof
> (TlsInstance->TlsConfig));
> -
> - TlsInstance->TlsSessionState = EfiTlsSessionNotStarted;
> -
> - *Instance = TlsInstance;
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Release all the resources used by the TLS service binding instance.
> -
> - @param[in] Service The TLS service data.
> -
> -**/
> -VOID
> -TlsCleanService (
> - IN TLS_SERVICE *Service
> - )
> -{
> - if (Service != NULL) {
> - if (Service->TlsCtx != NULL) {
> - TlsCtxFree (Service->TlsCtx);
> - }
> -
> - FreePool (Service);
> - }
> -}
> -
> -/**
> - Create then initialize a TLS service.
> -
> - @param[in] Image ImageHandle of the TLS driver
> - @param[out] Service The service for TLS driver
> -
> - @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the
> service.
> - @retval EFI_SUCCESS The service is created for the driver.
> -
> -**/
> -EFI_STATUS
> -TlsCreateService (
> - IN EFI_HANDLE Image,
> - OUT TLS_SERVICE **Service
> - )
> -{
> - TLS_SERVICE *TlsService;
> -
> - ASSERT (Service != NULL);
> -
> - *Service = NULL;
> -
> - //
> - // Allocate a TLS Service Data
> - //
> - TlsService = AllocateZeroPool (sizeof (TLS_SERVICE));
> - if (TlsService == NULL) {
> - return EFI_OUT_OF_RESOURCES;
> - }
> -
> - //
> - // Initialize TLS Service Data
> - //
> - TlsService->Signature = TLS_SERVICE_SIGNATURE;
> - CopyMem (&TlsService->ServiceBinding, &mTlsServiceBinding, sizeof
> (TlsService->ServiceBinding));
> - TlsService->TlsChildrenNum = 0;
> - InitializeListHead (&TlsService->TlsChildrenList);
> - TlsService->ImageHandle = Image;
> -
> - *Service = TlsService;
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - Unloads an image.
> -
> - @param[in] ImageHandle Handle that identifies the image to be
> unloaded.
> -
> - @retval EFI_SUCCESS The image has been unloaded.
> - @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsUnload (
> - IN EFI_HANDLE ImageHandle
> - )
> -{
> - EFI_STATUS Status;
> - UINTN HandleNum;
> - EFI_HANDLE *HandleBuffer;
> - UINT32 Index;
> - EFI_SERVICE_BINDING_PROTOCOL *ServiceBinding;
> - TLS_SERVICE *TlsService;
> -
> - HandleBuffer = NULL;
> - ServiceBinding = NULL;
> - TlsService = NULL;
> -
> - //
> - // Locate all the handles with Tls service binding protocol.
> - //
> - Status = gBS->LocateHandleBuffer (
> - ByProtocol,
> - &gEfiTlsServiceBindingProtocolGuid,
> - NULL,
> - &HandleNum,
> - &HandleBuffer
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - for (Index = 0; Index < HandleNum; Index++) {
> - //
> - // Firstly, find ServiceBinding interface
> - //
> - Status = gBS->OpenProtocol (
> - HandleBuffer[Index],
> - &gEfiTlsServiceBindingProtocolGuid,
> - (VOID **) &ServiceBinding,
> - ImageHandle,
> - NULL,
> - EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - TlsService = TLS_SERVICE_FROM_THIS (ServiceBinding);
> -
> - //
> - // Then, uninstall ServiceBinding interface
> - //
> - Status = gBS->UninstallMultipleProtocolInterfaces (
> - HandleBuffer[Index],
> - &gEfiTlsServiceBindingProtocolGuid, ServiceBinding,
> - NULL
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - TlsCleanService (TlsService);
> - }
> -
> - if (HandleBuffer != NULL) {
> - FreePool (HandleBuffer);
> - }
> -
> - return EFI_SUCCESS;
> -}
> -
> -/**
> - This is the declaration of an EFI image entry point. This entry point is
> - the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
> - both device drivers and bus drivers.
> -
> - @param ImageHandle The firmware allocated handle for the UEFI
> image.
> - @param SystemTable A pointer to the EFI System Table.
> -
> - @retval EFI_SUCCESS The operation completed successfully.
> - @retval Others An unexpected error occurred.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsDriverEntryPoint (
> - IN EFI_HANDLE ImageHandle,
> - IN EFI_SYSTEM_TABLE *SystemTable
> - )
> -{
> - EFI_STATUS Status;
> -
> - TLS_SERVICE *TlsService;
> -
> - //
> - // Create TLS Service
> - //
> - Status = TlsCreateService (ImageHandle, &TlsService);
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - ASSERT (TlsService != NULL);
> -
> - //
> - // Initializes the OpenSSL library.
> - //
> - TlsInitialize ();
> -
> - //
> - // Create a new SSL_CTX object as framework to establish TLS/SSL enabled
> - // connections. TLS 1.0 is used as the default version.
> - //
> - TlsService->TlsCtx = TlsCtxNew (TLS10_PROTOCOL_VERSION_MAJOR,
> TLS10_PROTOCOL_VERSION_MINOR);
> - if (TlsService->TlsCtx == NULL) {
> - FreePool (TlsService);
> - return EFI_ABORTED;
> - }
> -
> - //
> - // Install the TlsServiceBinding Protocol onto Handle
> - //
> - Status = gBS->InstallMultipleProtocolInterfaces (
> - &TlsService->Handle,
> - &gEfiTlsServiceBindingProtocolGuid,
> - &TlsService->ServiceBinding,
> - NULL
> - );
> - if (EFI_ERROR (Status)) {
> - goto ON_CLEAN_SERVICE;
> - }
> -
> - return Status;
> -
> -ON_CLEAN_SERVICE:
> - TlsCleanService (TlsService);
> -
> - return Status;
> -}
> -
> -/**
> - Creates a child handle and installs a protocol.
> -
> - The CreateChild() function installs a protocol on ChildHandle.
> - If ChildHandle is a pointer to NULL, then a new handle is created and
> returned in ChildHandle.
> - If ChildHandle is not a pointer to NULL, then the protocol installs on the
> existing ChildHandle.
> -
> - @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL
> instance.
> - @param[in] ChildHandle Pointer to the handle of the child to create. If it is
> NULL,
> - then a new handle is created. If it is a pointer to an existing UEFI
> handle,
> - then the protocol is added to the existing UEFI handle.
> -
> - @retval EFI_SUCCES The protocol was added to ChildHandle.
> - @retval EFI_INVALID_PARAMETER ChildHandle is NULL.
> - @retval EFI_OUT_OF_RESOURCES There are not enough resources
> available to create
> - the child.
> - @retval other The child handle was not created.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsServiceBindingCreateChild (
> - IN EFI_SERVICE_BINDING_PROTOCOL *This,
> - IN EFI_HANDLE *ChildHandle
> - )
> -{
> - TLS_SERVICE *TlsService;
> - TLS_INSTANCE *TlsInstance;
> - EFI_STATUS Status;
> - EFI_TPL OldTpl;
> -
> - if ((This == NULL) || (ChildHandle == NULL)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - TlsService = TLS_SERVICE_FROM_THIS (This);
> -
> - Status = TlsCreateInstance (TlsService, &TlsInstance);
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - ASSERT (TlsInstance != NULL);
> -
> - //
> - // Create a new TLS connection object.
> - //
> - TlsInstance->TlsConn = TlsNew (TlsService->TlsCtx);
> - if (TlsInstance->TlsConn == NULL) {
> - Status = EFI_ABORTED;
> - goto ON_ERROR;
> - }
> -
> - //
> - // Set default ConnectionEnd to EfiTlsClient
> - //
> - Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient);
> - if (EFI_ERROR (Status)) {
> - goto ON_ERROR;
> - }
> -
> - //
> - // Install TLS protocol and configuration protocol onto ChildHandle
> - //
> - Status = gBS->InstallMultipleProtocolInterfaces (
> - ChildHandle,
> - &gEfiTlsProtocolGuid,
> - &TlsInstance->Tls,
> - &gEfiTlsConfigurationProtocolGuid,
> - &TlsInstance->TlsConfig,
> - NULL
> - );
> - if (EFI_ERROR (Status)) {
> - goto ON_ERROR;
> - }
> -
> - TlsInstance->ChildHandle = *ChildHandle;
> -
> - //
> - // Add it to the TLS service's child list.
> - //
> - OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> -
> - InsertTailList (&TlsService->TlsChildrenList, &TlsInstance->Link);
> - TlsService->TlsChildrenNum++;
> -
> - gBS->RestoreTPL (OldTpl);
> -
> - return EFI_SUCCESS;
> -
> -ON_ERROR:
> - TlsCleanInstance (TlsInstance);
> - return Status;
> -}
> -
> -/**
> - Destroys a child handle with a protocol installed on it.
> -
> - The DestroyChild() function does the opposite of CreateChild(). It removes
> a protocol
> - that was installed by CreateChild() from ChildHandle. If the removed
> protocol is the
> - last protocol on ChildHandle, then ChildHandle is destroyed.
> -
> - @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL
> instance.
> - @param ChildHandle Handle of the child to destroy.
> -
> - @retval EFI_SUCCES The protocol was removed from ChildHandle.
> - @retval EFI_UNSUPPORTED ChildHandle does not support the protocol
> that is being removed.
> - @retval EFI_INVALID_PARAMETER Child handle is NULL.
> - @retval EFI_ACCESS_DENIED The protocol could not be removed from
> the ChildHandle
> - because its services are being used.
> - @retval other The child handle was not destroyed.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsServiceBindingDestroyChild (
> - IN EFI_SERVICE_BINDING_PROTOCOL *This,
> - IN EFI_HANDLE ChildHandle
> - )
> -{
> - TLS_SERVICE *TlsService;
> - TLS_INSTANCE *TlsInstance;
> -
> - EFI_TLS_PROTOCOL *Tls;
> - EFI_TLS_CONFIGURATION_PROTOCOL *TlsConfig;
> - EFI_STATUS Status;
> - EFI_TPL OldTpl;
> -
> - if ((This == NULL) || (ChildHandle == NULL)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - TlsService = TLS_SERVICE_FROM_THIS (This);
> -
> - //
> - // Find TLS protocol interface installed in ChildHandle
> - //
> - Status = gBS->OpenProtocol (
> - ChildHandle,
> - &gEfiTlsProtocolGuid,
> - (VOID **) &Tls,
> - TlsService->ImageHandle,
> - NULL,
> - EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - //
> - // Find TLS configuration protocol interface installed in ChildHandle
> - //
> - Status = gBS->OpenProtocol (
> - ChildHandle,
> - &gEfiTlsConfigurationProtocolGuid,
> - (VOID **) &TlsConfig,
> - TlsService->ImageHandle,
> - NULL,
> - EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - TlsInstance = TLS_INSTANCE_FROM_PROTOCOL (Tls);
> -
> - if (TlsInstance->Service != TlsService) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - if (TlsInstance->InDestroy) {
> - return EFI_SUCCESS;
> - }
> -
> - OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> -
> - TlsInstance->InDestroy = TRUE;
> -
> - //
> - // Uninstall the TLS protocol and TLS Configuration Protocol interface
> installed in ChildHandle.
> - //
> - Status = gBS->UninstallMultipleProtocolInterfaces (
> - ChildHandle,
> - &gEfiTlsProtocolGuid,
> - Tls,
> - &gEfiTlsConfigurationProtocolGuid,
> - TlsConfig,
> - NULL
> - );
> - if (EFI_ERROR (Status)) {
> - return Status;
> - }
> -
> - RemoveEntryList (&TlsInstance->Link);
> - TlsService->TlsChildrenNum--;
> -
> - gBS->RestoreTPL (OldTpl);
> -
> - TlsCleanInstance (TlsInstance);
> -
> - return EFI_SUCCESS;
> -}
> +/** @file
> + The Driver Binding and Service Binding Protocol for TlsDxe driver.
> +
> + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +
> + This program and the accompanying materials
> + are licensed and made available under the terms and conditions of the BSD
> License
> + which accompanies this distribution. The full text of the license may be
> found at
> + http://opensource.org/licenses/bsd-license.php.
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include "TlsImpl.h"
> +
> +EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding = {
> + TlsServiceBindingCreateChild,
> + TlsServiceBindingDestroyChild
> +};
> +
> +/**
> + Release all the resources used by the TLS instance.
> +
> + @param[in] Instance The TLS instance data.
> +
> +**/
> +VOID
> +TlsCleanInstance (
> + IN TLS_INSTANCE *Instance
> + )
> +{
> + if (Instance != NULL) {
> + if (Instance->TlsConn != NULL) {
> + TlsFree (Instance->TlsConn);
> + }
> +
> + FreePool (Instance);
> + }
> +}
> +
> +/**
> + Create the TLS instance and initialize it.
> +
> + @param[in] Service The pointer to the TLS service.
> + @param[out] Instance The pointer to the TLS instance.
> +
> + @retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
> + @retval EFI_SUCCESS The TLS instance is created.
> +
> +**/
> +EFI_STATUS
> +TlsCreateInstance (
> + IN TLS_SERVICE *Service,
> + OUT TLS_INSTANCE **Instance
> + )
> +{
> + TLS_INSTANCE *TlsInstance;
> +
> + *Instance = NULL;
> +
> + TlsInstance = AllocateZeroPool (sizeof (TLS_INSTANCE));
> + if (TlsInstance == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + TlsInstance->Signature = TLS_INSTANCE_SIGNATURE;
> + InitializeListHead (&TlsInstance->Link);
> + TlsInstance->InDestroy = FALSE;
> + TlsInstance->Service = Service;
> +
> + CopyMem (&TlsInstance->Tls, &mTlsProtocol, sizeof (TlsInstance->Tls));
> + CopyMem (&TlsInstance->TlsConfig, &mTlsConfigurationProtocol, sizeof
> (TlsInstance->TlsConfig));
> +
> + TlsInstance->TlsSessionState = EfiTlsSessionNotStarted;
> +
> + *Instance = TlsInstance;
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Release all the resources used by the TLS service binding instance.
> +
> + @param[in] Service The TLS service data.
> +
> +**/
> +VOID
> +TlsCleanService (
> + IN TLS_SERVICE *Service
> + )
> +{
> + if (Service != NULL) {
> + if (Service->TlsCtx != NULL) {
> + TlsCtxFree (Service->TlsCtx);
> + }
> +
> + FreePool (Service);
> + }
> +}
> +
> +/**
> + Create then initialize a TLS service.
> +
> + @param[in] Image ImageHandle of the TLS driver
> + @param[out] Service The service for TLS driver
> +
> + @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create
> the service.
> + @retval EFI_SUCCESS The service is created for the driver.
> +
> +**/
> +EFI_STATUS
> +TlsCreateService (
> + IN EFI_HANDLE Image,
> + OUT TLS_SERVICE **Service
> + )
> +{
> + TLS_SERVICE *TlsService;
> +
> + ASSERT (Service != NULL);
> +
> + *Service = NULL;
> +
> + //
> + // Allocate a TLS Service Data
> + //
> + TlsService = AllocateZeroPool (sizeof (TLS_SERVICE));
> + if (TlsService == NULL) {
> + return EFI_OUT_OF_RESOURCES;
> + }
> +
> + //
> + // Initialize TLS Service Data
> + //
> + TlsService->Signature = TLS_SERVICE_SIGNATURE;
> + CopyMem (&TlsService->ServiceBinding, &mTlsServiceBinding, sizeof
> (TlsService->ServiceBinding));
> + TlsService->TlsChildrenNum = 0;
> + InitializeListHead (&TlsService->TlsChildrenList);
> + TlsService->ImageHandle = Image;
> +
> + *Service = TlsService;
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + Unloads an image.
> +
> + @param[in] ImageHandle Handle that identifies the image to be
> unloaded.
> +
> + @retval EFI_SUCCESS The image has been unloaded.
> + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image
> handle.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsUnload (
> + IN EFI_HANDLE ImageHandle
> + )
> +{
> + EFI_STATUS Status;
> + UINTN HandleNum;
> + EFI_HANDLE *HandleBuffer;
> + UINT32 Index;
> + EFI_SERVICE_BINDING_PROTOCOL *ServiceBinding;
> + TLS_SERVICE *TlsService;
> +
> + HandleBuffer = NULL;
> + ServiceBinding = NULL;
> + TlsService = NULL;
> +
> + //
> + // Locate all the handles with Tls service binding protocol.
> + //
> + Status = gBS->LocateHandleBuffer (
> + ByProtocol,
> + &gEfiTlsServiceBindingProtocolGuid,
> + NULL,
> + &HandleNum,
> + &HandleBuffer
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + for (Index = 0; Index < HandleNum; Index++) {
> + //
> + // Firstly, find ServiceBinding interface
> + //
> + Status = gBS->OpenProtocol (
> + HandleBuffer[Index],
> + &gEfiTlsServiceBindingProtocolGuid,
> + (VOID **) &ServiceBinding,
> + ImageHandle,
> + NULL,
> + EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + TlsService = TLS_SERVICE_FROM_THIS (ServiceBinding);
> +
> + //
> + // Then, uninstall ServiceBinding interface
> + //
> + Status = gBS->UninstallMultipleProtocolInterfaces (
> + HandleBuffer[Index],
> + &gEfiTlsServiceBindingProtocolGuid, ServiceBinding,
> + NULL
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + TlsCleanService (TlsService);
> + }
> +
> + if (HandleBuffer != NULL) {
> + FreePool (HandleBuffer);
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> +/**
> + This is the declaration of an EFI image entry point. This entry point is
> + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
> + both device drivers and bus drivers.
> +
> + @param ImageHandle The firmware allocated handle for the UEFI
> image.
> + @param SystemTable A pointer to the EFI System Table.
> +
> + @retval EFI_SUCCESS The operation completed successfully.
> + @retval Others An unexpected error occurred.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsDriverEntryPoint (
> + IN EFI_HANDLE ImageHandle,
> + IN EFI_SYSTEM_TABLE *SystemTable
> + )
> +{
> + EFI_STATUS Status;
> +
> + TLS_SERVICE *TlsService;
> +
> + //
> + // Create TLS Service
> + //
> + Status = TlsCreateService (ImageHandle, &TlsService);
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + ASSERT (TlsService != NULL);
> +
> + //
> + // Initializes the OpenSSL library.
> + //
> + TlsInitialize ();
> +
> + //
> + // Create a new SSL_CTX object as framework to establish TLS/SSL enabled
> + // connections. TLS 1.0 is used as the default version.
> + //
> + TlsService->TlsCtx = TlsCtxNew (TLS10_PROTOCOL_VERSION_MAJOR,
> TLS10_PROTOCOL_VERSION_MINOR);
> + if (TlsService->TlsCtx == NULL) {
> + FreePool (TlsService);
> + return EFI_ABORTED;
> + }
> +
> + //
> + // Install the TlsServiceBinding Protocol onto Handle
> + //
> + Status = gBS->InstallMultipleProtocolInterfaces (
> + &TlsService->Handle,
> + &gEfiTlsServiceBindingProtocolGuid,
> + &TlsService->ServiceBinding,
> + NULL
> + );
> + if (EFI_ERROR (Status)) {
> + goto ON_CLEAN_SERVICE;
> + }
> +
> + return Status;
> +
> +ON_CLEAN_SERVICE:
> + TlsCleanService (TlsService);
> +
> + return Status;
> +}
> +
> +/**
> + Creates a child handle and installs a protocol.
> +
> + The CreateChild() function installs a protocol on ChildHandle.
> + If ChildHandle is a pointer to NULL, then a new handle is created and
> returned in ChildHandle.
> + If ChildHandle is not a pointer to NULL, then the protocol installs on the
> existing ChildHandle.
> +
> + @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL
> instance.
> + @param[in] ChildHandle Pointer to the handle of the child to create. If it is
> NULL,
> + then a new handle is created. If it is a pointer to an existing
> UEFI handle,
> + then the protocol is added to the existing UEFI handle.
> +
> + @retval EFI_SUCCES The protocol was added to ChildHandle.
> + @retval EFI_INVALID_PARAMETER ChildHandle is NULL.
> + @retval EFI_OUT_OF_RESOURCES There are not enough resources
> available to create
> + the child.
> + @retval other The child handle was not created.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsServiceBindingCreateChild (
> + IN EFI_SERVICE_BINDING_PROTOCOL *This,
> + IN EFI_HANDLE *ChildHandle
> + )
> +{
> + TLS_SERVICE *TlsService;
> + TLS_INSTANCE *TlsInstance;
> + EFI_STATUS Status;
> + EFI_TPL OldTpl;
> +
> + if ((This == NULL) || (ChildHandle == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + TlsService = TLS_SERVICE_FROM_THIS (This);
> +
> + Status = TlsCreateInstance (TlsService, &TlsInstance);
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + ASSERT (TlsInstance != NULL);
> +
> + //
> + // Create a new TLS connection object.
> + //
> + TlsInstance->TlsConn = TlsNew (TlsService->TlsCtx);
> + if (TlsInstance->TlsConn == NULL) {
> + Status = EFI_ABORTED;
> + goto ON_ERROR;
> + }
> +
> + //
> + // Set default ConnectionEnd to EfiTlsClient
> + //
> + Status = TlsSetConnectionEnd (TlsInstance->TlsConn, EfiTlsClient);
> + if (EFI_ERROR (Status)) {
> + goto ON_ERROR;
> + }
> +
> + //
> + // Install TLS protocol and configuration protocol onto ChildHandle
> + //
> + Status = gBS->InstallMultipleProtocolInterfaces (
> + ChildHandle,
> + &gEfiTlsProtocolGuid,
> + &TlsInstance->Tls,
> + &gEfiTlsConfigurationProtocolGuid,
> + &TlsInstance->TlsConfig,
> + NULL
> + );
> + if (EFI_ERROR (Status)) {
> + goto ON_ERROR;
> + }
> +
> + TlsInstance->ChildHandle = *ChildHandle;
> +
> + //
> + // Add it to the TLS service's child list.
> + //
> + OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> +
> + InsertTailList (&TlsService->TlsChildrenList, &TlsInstance->Link);
> + TlsService->TlsChildrenNum++;
> +
> + gBS->RestoreTPL (OldTpl);
> +
> + return EFI_SUCCESS;
> +
> +ON_ERROR:
> + TlsCleanInstance (TlsInstance);
> + return Status;
> +}
> +
> +/**
> + Destroys a child handle with a protocol installed on it.
> +
> + The DestroyChild() function does the opposite of CreateChild(). It removes
> a protocol
> + that was installed by CreateChild() from ChildHandle. If the removed
> protocol is the
> + last protocol on ChildHandle, then ChildHandle is destroyed.
> +
> + @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL
> instance.
> + @param ChildHandle Handle of the child to destroy.
> +
> + @retval EFI_SUCCES The protocol was removed from ChildHandle.
> + @retval EFI_UNSUPPORTED ChildHandle does not support the protocol
> that is being removed.
> + @retval EFI_INVALID_PARAMETER Child handle is NULL.
> + @retval EFI_ACCESS_DENIED The protocol could not be removed from
> the ChildHandle
> + because its services are being used.
> + @retval other The child handle was not destroyed.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsServiceBindingDestroyChild (
> + IN EFI_SERVICE_BINDING_PROTOCOL *This,
> + IN EFI_HANDLE ChildHandle
> + )
> +{
> + TLS_SERVICE *TlsService;
> + TLS_INSTANCE *TlsInstance;
> +
> + EFI_TLS_PROTOCOL *Tls;
> + EFI_TLS_CONFIGURATION_PROTOCOL *TlsConfig;
> + EFI_STATUS Status;
> + EFI_TPL OldTpl;
> +
> + if ((This == NULL) || (ChildHandle == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + TlsService = TLS_SERVICE_FROM_THIS (This);
> +
> + //
> + // Find TLS protocol interface installed in ChildHandle
> + //
> + Status = gBS->OpenProtocol (
> + ChildHandle,
> + &gEfiTlsProtocolGuid,
> + (VOID **) &Tls,
> + TlsService->ImageHandle,
> + NULL,
> + EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + //
> + // Find TLS configuration protocol interface installed in ChildHandle
> + //
> + Status = gBS->OpenProtocol (
> + ChildHandle,
> + &gEfiTlsConfigurationProtocolGuid,
> + (VOID **) &TlsConfig,
> + TlsService->ImageHandle,
> + NULL,
> + EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + TlsInstance = TLS_INSTANCE_FROM_PROTOCOL (Tls);
> +
> + if (TlsInstance->Service != TlsService) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + if (TlsInstance->InDestroy) {
> + return EFI_SUCCESS;
> + }
> +
> + OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> +
> + TlsInstance->InDestroy = TRUE;
> +
> + //
> + // Uninstall the TLS protocol and TLS Configuration Protocol interface
> installed in ChildHandle.
> + //
> + Status = gBS->UninstallMultipleProtocolInterfaces (
> + ChildHandle,
> + &gEfiTlsProtocolGuid,
> + Tls,
> + &gEfiTlsConfigurationProtocolGuid,
> + TlsConfig,
> + NULL
> + );
> + if (EFI_ERROR (Status)) {
> + return Status;
> + }
> +
> + RemoveEntryList (&TlsInstance->Link);
> + TlsService->TlsChildrenNum--;
> +
> + gBS->RestoreTPL (OldTpl);
> +
> + TlsCleanInstance (TlsInstance);
> +
> + return EFI_SUCCESS;
> +}
> +
> diff --git a/NetworkPkg/TlsDxe/TlsDriver.h b/NetworkPkg/TlsDxe/TlsDriver.h
> index a9e55ba752..950429af8f 100644
> --- a/NetworkPkg/TlsDxe/TlsDriver.h
> +++ b/NetworkPkg/TlsDxe/TlsDriver.h
> @@ -1,237 +1,238 @@
> -/** @file
> - Header file of the Driver Binding and Service Binding Protocol for TlsDxe
> driver.
> -
> - Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -
> - This program and the accompanying materials
> - are licensed and made available under the terms and conditions of the BSD
> License
> - which accompanies this distribution. The full text of the license may be
> found at
> - http://opensource.org/licenses/bsd-license.php.
> -
> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#ifndef __EFI_TLS_DRIVER_H__
> -#define __EFI_TLS_DRIVER_H__
> -
> -#include <Uefi.h>
> -
> -//
> -// Driver Protocols
> -//
> -#include <Protocol/ServiceBinding.h>
> -
> -//
> -// Driver Version
> -//
> -#define TLS_VERSION 0x00000000
> -
> -#define TLS_SERVICE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'S')
> -
> -#define TLS_INSTANCE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'I')
> -
> -///
> -/// TLS Service Data
> -///
> -typedef struct _TLS_SERVICE TLS_SERVICE;
> -
> -///
> -/// TLS Instance Data
> -///
> -typedef struct _TLS_INSTANCE TLS_INSTANCE;
> -
> -
> -struct _TLS_SERVICE {
> - UINT32 Signature;
> - EFI_SERVICE_BINDING_PROTOCOL ServiceBinding;
> -
> - UINT16 TlsChildrenNum;
> - LIST_ENTRY TlsChildrenList;
> -
> - //
> - // Handle to install TlsServiceBinding protocol.
> - //
> - EFI_HANDLE Handle;
> - EFI_HANDLE ImageHandle;
> -
> - //
> - // Main SSL Context object which is created by a server or client once per
> program
> - // life-time and which holds mainly default values for the SSL object which
> are later
> - // created for the connections.
> - //
> - VOID *TlsCtx;
> -};
> -
> -struct _TLS_INSTANCE {
> - UINT32 Signature;
> - LIST_ENTRY Link;
> -
> - BOOLEAN InDestroy;
> -
> - TLS_SERVICE *Service;
> - EFI_HANDLE ChildHandle;
> -
> - EFI_TLS_PROTOCOL Tls;
> - EFI_TLS_CONFIGURATION_PROTOCOL TlsConfig;
> -
> - EFI_TLS_SESSION_STATE TlsSessionState;
> -
> - //
> - // Main SSL Connection which is created by a server or a client
> - // per established connection.
> - //
> - VOID *TlsConn;
> -};
> -
> -
> -#define TLS_SERVICE_FROM_THIS(a) \
> - CR (a, TLS_SERVICE, ServiceBinding, TLS_SERVICE_SIGNATURE)
> -
> -#define TLS_INSTANCE_FROM_PROTOCOL(a) \
> - CR (a, TLS_INSTANCE, Tls, TLS_INSTANCE_SIGNATURE)
> -
> -#define TLS_INSTANCE_FROM_CONFIGURATION(a) \
> - CR (a, TLS_INSTANCE, TlsConfig, TLS_INSTANCE_SIGNATURE)
> -
> -
> -/**
> - Release all the resources used by the TLS instance.
> -
> - @param[in] Instance The TLS instance data.
> -
> -**/
> -VOID
> -TlsCleanInstance (
> - IN TLS_INSTANCE *Instance
> - );
> -
> -/**
> - Create the TLS instance and initialize it.
> -
> - @param[in] Service The pointer to the TLS service.
> - @param[out] Instance The pointer to the TLS instance.
> -
> - @retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
> - @retval EFI_SUCCESS The TLS instance is created.
> -
> -**/
> -EFI_STATUS
> -TlsCreateInstance (
> - IN TLS_SERVICE *Service,
> - OUT TLS_INSTANCE **Instance
> - );
> -
> -/**
> - Release all the resources used by the TLS service binding instance.
> -
> - @param[in] Service The TLS service data.
> -
> -**/
> -VOID
> -TlsCleanService (
> - IN TLS_SERVICE *Service
> - );
> -
> -/**
> - Create then initialize a TLS service.
> -
> - @param[in] Image ImageHandle of the TLS driver
> - @param[out] Service The service for TLS driver
> -
> - @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create the
> service.
> - @retval EFI_SUCCESS The service is created for the driver.
> -
> -**/
> -EFI_STATUS
> -TlsCreateService (
> - IN EFI_HANDLE Image,
> - OUT TLS_SERVICE **Service
> - );
> -
> -/**
> - Unloads an image.
> -
> - @param[in] ImageHandle Handle that identifies the image to be
> unloaded.
> -
> - @retval EFI_SUCCESS The image has been unloaded.
> - @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image handle.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsUnload (
> - IN EFI_HANDLE ImageHandle
> - );
> -
> -/**
> - This is the declaration of an EFI image entry point. This entry point is
> - the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
> - both device drivers and bus drivers.
> -
> - @param ImageHandle The firmware allocated handle for the UEFI
> image.
> - @param SystemTable A pointer to the EFI System Table.
> -
> - @retval EFI_SUCCESS The operation completed successfully.
> - @retval Others An unexpected error occurred.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsDriverEntryPoint (
> - IN EFI_HANDLE ImageHandle,
> - IN EFI_SYSTEM_TABLE *SystemTable
> - );
> -
> -/**
> - Creates a child handle and installs a protocol.
> -
> - The CreateChild() function installs a protocol on ChildHandle.
> - If ChildHandle is a pointer to NULL, then a new handle is created and
> returned in ChildHandle.
> - If ChildHandle is not a pointer to NULL, then the protocol installs on the
> existing ChildHandle.
> -
> - @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL
> instance.
> - @param[in] ChildHandle Pointer to the handle of the child to create. If it is
> NULL,
> - then a new handle is created. If it is a pointer to an existing UEFI
> handle,
> - then the protocol is added to the existing UEFI handle.
> -
> - @retval EFI_SUCCES The protocol was added to ChildHandle.
> - @retval EFI_INVALID_PARAMETER ChildHandle is NULL.
> - @retval EFI_OUT_OF_RESOURCES There are not enough resources
> available to create
> - the child.
> - @retval other The child handle was not created.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsServiceBindingCreateChild (
> - IN EFI_SERVICE_BINDING_PROTOCOL *This,
> - IN EFI_HANDLE *ChildHandle
> - );
> -
> -/**
> - Destroys a child handle with a protocol installed on it.
> -
> - The DestroyChild() function does the opposite of CreateChild(). It removes
> a protocol
> - that was installed by CreateChild() from ChildHandle. If the removed
> protocol is the
> - last protocol on ChildHandle, then ChildHandle is destroyed.
> -
> - @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL
> instance.
> - @param ChildHandle Handle of the child to destroy.
> -
> - @retval EFI_SUCCES The protocol was removed from ChildHandle.
> - @retval EFI_UNSUPPORTED ChildHandle does not support the protocol
> that is being removed.
> - @retval EFI_INVALID_PARAMETER Child handle is NULL.
> - @retval EFI_ACCESS_DENIED The protocol could not be removed from
> the ChildHandle
> - because its services are being used.
> - @retval other The child handle was not destroyed.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsServiceBindingDestroyChild (
> - IN EFI_SERVICE_BINDING_PROTOCOL *This,
> - IN EFI_HANDLE ChildHandle
> - );
> -
> -#endif
> +/** @file
> + Header file of the Driver Binding and Service Binding Protocol for TlsDxe
> driver.
> +
> + Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +
> + This program and the accompanying materials
> + are licensed and made available under the terms and conditions of the BSD
> License
> + which accompanies this distribution. The full text of the license may be
> found at
> + http://opensource.org/licenses/bsd-license.php.
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#ifndef __EFI_TLS_DRIVER_H__
> +#define __EFI_TLS_DRIVER_H__
> +
> +#include <Uefi.h>
> +
> +//
> +// Driver Protocols
> +//
> +#include <Protocol/ServiceBinding.h>
> +
> +//
> +// Driver Version
> +//
> +#define TLS_VERSION 0x00000000
> +
> +#define TLS_SERVICE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'S')
> +
> +#define TLS_INSTANCE_SIGNATURE SIGNATURE_32 ('T', 'L', 'S', 'I')
> +
> +///
> +/// TLS Service Data
> +///
> +typedef struct _TLS_SERVICE TLS_SERVICE;
> +
> +///
> +/// TLS Instance Data
> +///
> +typedef struct _TLS_INSTANCE TLS_INSTANCE;
> +
> +
> +struct _TLS_SERVICE {
> + UINT32 Signature;
> + EFI_SERVICE_BINDING_PROTOCOL ServiceBinding;
> +
> + UINT16 TlsChildrenNum;
> + LIST_ENTRY TlsChildrenList;
> +
> + //
> + // Handle to install TlsServiceBinding protocol.
> + //
> + EFI_HANDLE Handle;
> + EFI_HANDLE ImageHandle;
> +
> + //
> + // Main SSL Context object which is created by a server or client once per
> program
> + // life-time and which holds mainly default values for the SSL object which
> are later
> + // created for the connections.
> + //
> + VOID *TlsCtx;
> +};
> +
> +struct _TLS_INSTANCE {
> + UINT32 Signature;
> + LIST_ENTRY Link;
> +
> + BOOLEAN InDestroy;
> +
> + TLS_SERVICE *Service;
> + EFI_HANDLE ChildHandle;
> +
> + EFI_TLS_PROTOCOL Tls;
> + EFI_TLS_CONFIGURATION_PROTOCOL TlsConfig;
> +
> + EFI_TLS_SESSION_STATE TlsSessionState;
> +
> + //
> + // Main SSL Connection which is created by a server or a client
> + // per established connection.
> + //
> + VOID *TlsConn;
> +};
> +
> +
> +#define TLS_SERVICE_FROM_THIS(a) \
> + CR (a, TLS_SERVICE, ServiceBinding, TLS_SERVICE_SIGNATURE)
> +
> +#define TLS_INSTANCE_FROM_PROTOCOL(a) \
> + CR (a, TLS_INSTANCE, Tls, TLS_INSTANCE_SIGNATURE)
> +
> +#define TLS_INSTANCE_FROM_CONFIGURATION(a) \
> + CR (a, TLS_INSTANCE, TlsConfig, TLS_INSTANCE_SIGNATURE)
> +
> +
> +/**
> + Release all the resources used by the TLS instance.
> +
> + @param[in] Instance The TLS instance data.
> +
> +**/
> +VOID
> +TlsCleanInstance (
> + IN TLS_INSTANCE *Instance
> + );
> +
> +/**
> + Create the TLS instance and initialize it.
> +
> + @param[in] Service The pointer to the TLS service.
> + @param[out] Instance The pointer to the TLS instance.
> +
> + @retval EFI_OUT_OF_RESOURCES Failed to allocate resources.
> + @retval EFI_SUCCESS The TLS instance is created.
> +
> +**/
> +EFI_STATUS
> +TlsCreateInstance (
> + IN TLS_SERVICE *Service,
> + OUT TLS_INSTANCE **Instance
> + );
> +
> +/**
> + Release all the resources used by the TLS service binding instance.
> +
> + @param[in] Service The TLS service data.
> +
> +**/
> +VOID
> +TlsCleanService (
> + IN TLS_SERVICE *Service
> + );
> +
> +/**
> + Create then initialize a TLS service.
> +
> + @param[in] Image ImageHandle of the TLS driver
> + @param[out] Service The service for TLS driver
> +
> + @retval EFI_OUT_OF_RESOURCES Failed to allocate resource to create
> the service.
> + @retval EFI_SUCCESS The service is created for the driver.
> +
> +**/
> +EFI_STATUS
> +TlsCreateService (
> + IN EFI_HANDLE Image,
> + OUT TLS_SERVICE **Service
> + );
> +
> +/**
> + Unloads an image.
> +
> + @param[in] ImageHandle Handle that identifies the image to be
> unloaded.
> +
> + @retval EFI_SUCCESS The image has been unloaded.
> + @retval EFI_INVALID_PARAMETER ImageHandle is not a valid image
> handle.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsUnload (
> + IN EFI_HANDLE ImageHandle
> + );
> +
> +/**
> + This is the declaration of an EFI image entry point. This entry point is
> + the same for UEFI Applications, UEFI OS Loaders, and UEFI Drivers including
> + both device drivers and bus drivers.
> +
> + @param ImageHandle The firmware allocated handle for the UEFI
> image.
> + @param SystemTable A pointer to the EFI System Table.
> +
> + @retval EFI_SUCCESS The operation completed successfully.
> + @retval Others An unexpected error occurred.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsDriverEntryPoint (
> + IN EFI_HANDLE ImageHandle,
> + IN EFI_SYSTEM_TABLE *SystemTable
> + );
> +
> +/**
> + Creates a child handle and installs a protocol.
> +
> + The CreateChild() function installs a protocol on ChildHandle.
> + If ChildHandle is a pointer to NULL, then a new handle is created and
> returned in ChildHandle.
> + If ChildHandle is not a pointer to NULL, then the protocol installs on the
> existing ChildHandle.
> +
> + @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL
> instance.
> + @param[in] ChildHandle Pointer to the handle of the child to create. If it is
> NULL,
> + then a new handle is created. If it is a pointer to an existing
> UEFI handle,
> + then the protocol is added to the existing UEFI handle.
> +
> + @retval EFI_SUCCES The protocol was added to ChildHandle.
> + @retval EFI_INVALID_PARAMETER ChildHandle is NULL.
> + @retval EFI_OUT_OF_RESOURCES There are not enough resources
> available to create
> + the child.
> + @retval other The child handle was not created.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsServiceBindingCreateChild (
> + IN EFI_SERVICE_BINDING_PROTOCOL *This,
> + IN EFI_HANDLE *ChildHandle
> + );
> +
> +/**
> + Destroys a child handle with a protocol installed on it.
> +
> + The DestroyChild() function does the opposite of CreateChild(). It removes
> a protocol
> + that was installed by CreateChild() from ChildHandle. If the removed
> protocol is the
> + last protocol on ChildHandle, then ChildHandle is destroyed.
> +
> + @param This Pointer to the EFI_SERVICE_BINDING_PROTOCOL
> instance.
> + @param ChildHandle Handle of the child to destroy.
> +
> + @retval EFI_SUCCES The protocol was removed from ChildHandle.
> + @retval EFI_UNSUPPORTED ChildHandle does not support the protocol
> that is being removed.
> + @retval EFI_INVALID_PARAMETER Child handle is NULL.
> + @retval EFI_ACCESS_DENIED The protocol could not be removed from
> the ChildHandle
> + because its services are being used.
> + @retval other The child handle was not destroyed.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsServiceBindingDestroyChild (
> + IN EFI_SERVICE_BINDING_PROTOCOL *This,
> + IN EFI_HANDLE ChildHandle
> + );
> +
> +#endif
> +
> diff --git a/NetworkPkg/TlsDxe/TlsDxe.inf b/NetworkPkg/TlsDxe/TlsDxe.inf
> index dba3257203..907feb735b 100644
> --- a/NetworkPkg/TlsDxe/TlsDxe.inf
> +++ b/NetworkPkg/TlsDxe/TlsDxe.inf
> @@ -1,65 +1,66 @@
> -## @file
> -# This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol
> and
> -# EFI TLS Configuration Protocol.
> -#
> -# This module produces EFI TLS (Transport Layer Security) Protocol and EFI
> TLS
> -# Service Binding Protocol, to provide TLS services.
> -#
> -# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -#
> -# This program and the accompanying materials
> -# are licensed and made available under the terms and conditions of the
> BSD License
> -# which accompanies this distribution. The full text of the license may be
> found at
> -# http://opensource.org/licenses/bsd-license.php.
> -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -#
> -#
> -##
> -
> -[Defines]
> - INF_VERSION = 0x00010005
> - BASE_NAME = TlsDxe
> - FILE_GUID = 3aceb0c0-3c72-11e4-9a56-74d435052646
> - MODULE_TYPE = UEFI_DRIVER
> - VERSION_STRING = 1.0
> - ENTRY_POINT = TlsDriverEntryPoint
> - UNLOAD_IMAGE = TlsUnload
> - MODULE_UNI_FILE = TlsDxe.uni
> -
> -#
> -# VALID_ARCHITECTURES = IA32 X64
> -#
> -
> -[Packages]
> - MdePkg/MdePkg.dec
> - MdeModulePkg/MdeModulePkg.dec
> - CryptoPkg/CryptoPkg.dec
> -
> -[Sources]
> - TlsDriver.h
> - TlsDriver.c
> - TlsProtocol.c
> - TlsConfigProtocol.c
> - TlsImpl.h
> - TlsImpl.c
> -
> -[LibraryClasses]
> - UefiDriverEntryPoint
> - UefiBootServicesTableLib
> - MemoryAllocationLib
> - BaseMemoryLib
> - BaseLib
> - UefiLib
> - DebugLib
> - NetLib
> - BaseCryptLib
> - TlsLib
> -
> -[Protocols]
> - gEfiTlsServiceBindingProtocolGuid ## PRODUCES
> - gEfiTlsProtocolGuid ## PRODUCES
> - gEfiTlsConfigurationProtocolGuid ## PRODUCES
> -
> -[UserExtensions.TianoCore."ExtraFiles"]
> - TlsDxeExtra.uni
> +## @file
> +# This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol
> and
> +# EFI TLS Configuration Protocol.
> +#
> +# This module produces EFI TLS (Transport Layer Security) Protocol and EFI
> TLS
> +# Service Binding Protocol, to provide TLS services.
> +#
> +# Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +#
> +# This program and the accompanying materials
> +# are licensed and made available under the terms and conditions of the
> BSD License
> +# which accompanies this distribution. The full text of the license may be
> found at
> +# http://opensource.org/licenses/bsd-license.php.
> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +#
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = TlsDxe
> + FILE_GUID = 3aceb0c0-3c72-11e4-9a56-74d435052646
> + MODULE_TYPE = UEFI_DRIVER
> + VERSION_STRING = 1.0
> + ENTRY_POINT = TlsDriverEntryPoint
> + UNLOAD_IMAGE = TlsUnload
> + MODULE_UNI_FILE = TlsDxe.uni
> +
> +#
> +# VALID_ARCHITECTURES = IA32 X64
> +#
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + MdeModulePkg/MdeModulePkg.dec
> + CryptoPkg/CryptoPkg.dec
> +
> +[Sources]
> + TlsDriver.h
> + TlsDriver.c
> + TlsProtocol.c
> + TlsConfigProtocol.c
> + TlsImpl.h
> + TlsImpl.c
> +
> +[LibraryClasses]
> + UefiDriverEntryPoint
> + UefiBootServicesTableLib
> + MemoryAllocationLib
> + BaseMemoryLib
> + BaseLib
> + UefiLib
> + DebugLib
> + NetLib
> + BaseCryptLib
> + TlsLib
> +
> +[Protocols]
> + gEfiTlsServiceBindingProtocolGuid ## PRODUCES
> + gEfiTlsProtocolGuid ## PRODUCES
> + gEfiTlsConfigurationProtocolGuid ## PRODUCES
> +
> +[UserExtensions.TianoCore."ExtraFiles"]
> + TlsDxeExtra.uni
> +
> diff --git a/NetworkPkg/TlsDxe/TlsDxe.uni b/NetworkPkg/TlsDxe/TlsDxe.uni
> index 98c41ca7c5..e2b1f5cd0b 100644
> --- a/NetworkPkg/TlsDxe/TlsDxe.uni
> +++ b/NetworkPkg/TlsDxe/TlsDxe.uni
> @@ -1,25 +1,25 @@
> -// /** @file
> -// This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol
> and
> -// EFI TLS Configuration Protocol.
> -//
> -// This module produces EFI TLS (Transport Layer Security) Protocol, EFI TLS
> -// Service Binding Protocol, and EFI TLS Configuration Protocol to provide TLS
> -// services.
> -//
> -// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -//
> -// This program and the accompanying materials
> -// are licensed and made available under the terms and conditions of the
> BSD License
> -// which accompanies this distribution. The full text of the license may be
> found at
> -// http://opensource.org/licenses/bsd-license.php
> -//
> -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -//
> -// **/
> -
> -
> -#string STR_MODULE_ABSTRACT #language en-US "UEFI TLS service"
> -
> -#string STR_MODULE_DESCRIPTION #language en-US "This module
> produces EFI TLS Protocol, EFI TLS Service Binding Protocol and EFI TLS
> Configuration Protocol to provide EFI TLS services."
> -
> +// /** @file
> +// This module produces EFI TLS Protocol, EFI TLS Service Binding Protocol
> and
> +// EFI TLS Configuration Protocol.
> +//
> +// This module produces EFI TLS (Transport Layer Security) Protocol, EFI TLS
> +// Service Binding Protocol, and EFI TLS Configuration Protocol to provide
> TLS
> +// services.
> +//
> +// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +//
> +// This program and the accompanying materials
> +// are licensed and made available under the terms and conditions of the
> BSD License
> +// which accompanies this distribution. The full text of the license may be
> found at
> +// http://opensource.org/licenses/bsd-license.php
> +//
> +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT #language en-US "UEFI TLS service"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "This module
> produces EFI TLS Protocol, EFI TLS Service Binding Protocol and EFI TLS
> Configuration Protocol to provide EFI TLS services."
> +
> diff --git a/NetworkPkg/TlsDxe/TlsDxeExtra.uni
> b/NetworkPkg/TlsDxe/TlsDxeExtra.uni
> index a38582a887..a5663c3279 100644
> --- a/NetworkPkg/TlsDxe/TlsDxeExtra.uni
> +++ b/NetworkPkg/TlsDxe/TlsDxeExtra.uni
> @@ -1,18 +1,19 @@
> -// /** @file
> -// TlsDxe Localized Strings and Content
> -//
> -// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -//
> -// This program and the accompanying materials
> -// are licensed and made available under the terms and conditions of the
> BSD License
> -// which accompanies this distribution. The full text of the license may be
> found at
> -// http://opensource.org/licenses/bsd-license.php.
> -//
> -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -//
> -// **/
> -
> -#string STR_PROPERTIES_MODULE_NAME
> -#language en-US
> -"EFI TLS DXE Driver"
> +// /** @file
> +// TlsDxe Localized Strings and Content
> +//
> +// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +//
> +// This program and the accompanying materials
> +// are licensed and made available under the terms and conditions of the
> BSD License
> +// which accompanies this distribution. The full text of the license may be
> found at
> +// http://opensource.org/licenses/bsd-license.php.
> +//
> +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +//
> +// **/
> +
> +#string STR_PROPERTIES_MODULE_NAME
> +#language en-US
> +"EFI TLS DXE Driver"
> +
> diff --git a/NetworkPkg/TlsDxe/TlsImpl.c b/NetworkPkg/TlsDxe/TlsImpl.c
> index efdec2d92d..8e1238216b 100644
> --- a/NetworkPkg/TlsDxe/TlsImpl.c
> +++ b/NetworkPkg/TlsDxe/TlsImpl.c
> @@ -1,326 +1,327 @@
> -/** @file
> - The Miscellaneous Routines for TlsDxe driver.
> -
> -Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> -
> -This program and the accompanying materials
> -are licensed and made available under the terms and conditions of the BSD
> License
> -which accompanies this distribution. The full text of the license may be
> found at
> -http://opensource.org/licenses/bsd-license.php
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#include "TlsImpl.h"
> -
> -/**
> - Encrypt the message listed in fragment.
> -
> - @param[in] TlsInstance The pointer to the TLS instance.
> - @param[in, out] FragmentTable Pointer to a list of fragment.
> - On input these fragments contain the TLS header and
> - plain text TLS payload;
> - On output these fragments contain the TLS header and
> - cipher text TLS payload.
> - @param[in] FragmentCount Number of fragment.
> -
> - @retval EFI_SUCCESS The operation completed successfully.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_ABORTED TLS session state is incorrect.
> - @retval Others Other errors as indicated.
> -**/
> -EFI_STATUS
> -TlsEncryptPacket (
> - IN TLS_INSTANCE *TlsInstance,
> - IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
> - IN UINT32 *FragmentCount
> - )
> -{
> - EFI_STATUS Status;
> - UINTN Index;
> - UINT32 BytesCopied;
> - UINT32 BufferInSize;
> - UINT8 *BufferIn;
> - UINT8 *BufferInPtr;
> - TLS_RECORD_HEADER *RecordHeaderIn;
> - UINT16 ThisPlainMessageSize;
> - TLS_RECORD_HEADER *TempRecordHeader;
> - UINT16 ThisMessageSize;
> - UINT32 BufferOutSize;
> - UINT8 *BufferOut;
> - INTN Ret;
> -
> - Status = EFI_SUCCESS;
> - BytesCopied = 0;
> - BufferInSize = 0;
> - BufferIn = NULL;
> - BufferInPtr = NULL;
> - RecordHeaderIn = NULL;
> - TempRecordHeader = NULL;
> - BufferOutSize = 0;
> - BufferOut = NULL;
> - Ret = 0;
> -
> - //
> - // Calculate the size according to the fragment table.
> - //
> - for (Index = 0; Index < *FragmentCount; Index++) {
> - BufferInSize += (*FragmentTable)[Index].FragmentLength;
> - }
> -
> - //
> - // Allocate buffer for processing data.
> - //
> - BufferIn = AllocateZeroPool (BufferInSize);
> - if (BufferIn == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ERROR;
> - }
> -
> - //
> - // Copy all TLS plain record header and payload into BufferIn.
> - //
> - for (Index = 0; Index < *FragmentCount; Index++) {
> - CopyMem (
> - (BufferIn + BytesCopied),
> - (*FragmentTable)[Index].FragmentBuffer,
> - (*FragmentTable)[Index].FragmentLength
> - );
> - BytesCopied += (*FragmentTable)[Index].FragmentLength;
> - }
> -
> - BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
> - if (BufferOut == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ERROR;
> - }
> -
> - //
> - // Parsing buffer.
> - //
> - BufferInPtr = BufferIn;
> - TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
> - while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
> - RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
> -
> - if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
> - Status = EFI_INVALID_PARAMETER;
> - goto ERROR;
> - }
> -
> - ThisPlainMessageSize = RecordHeaderIn->Length;
> -
> - TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1),
> ThisPlainMessageSize);
> -
> - Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8
> *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
> -
> - if (Ret > 0) {
> - ThisMessageSize = (UINT16) Ret;
> - } else {
> - //
> - // No data was successfully encrypted, continue to encrypt other
> messages.
> - //
> - DEBUG ((EFI_D_WARN, "TlsEncryptPacket: No data read from TLS
> object.\n"));
> -
> - ThisMessageSize = 0;
> - }
> -
> - BufferOutSize += ThisMessageSize;
> -
> - BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
> - TempRecordHeader += ThisMessageSize;
> - }
> -
> - FreePool (BufferIn);
> - BufferIn = NULL;
> -
> - //
> - // The caller will be responsible to handle the original fragment table.
> - //
> - *FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
> - if (*FragmentTable == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ERROR;
> - }
> -
> - (*FragmentTable)[0].FragmentBuffer = BufferOut;
> - (*FragmentTable)[0].FragmentLength = BufferOutSize;
> - *FragmentCount = 1;
> -
> - return Status;
> -
> -ERROR:
> -
> - if (BufferIn != NULL) {
> - FreePool (BufferIn);
> - BufferIn = NULL;
> - }
> -
> - if (BufferOut != NULL) {
> - FreePool (BufferOut);
> - BufferOut = NULL;
> - }
> -
> - return Status;
> -}
> -
> -/**
> - Decrypt the message listed in fragment.
> -
> - @param[in] TlsInstance The pointer to the TLS instance.
> - @param[in, out] FragmentTable Pointer to a list of fragment.
> - On input these fragments contain the TLS header and
> - cipher text TLS payload;
> - On output these fragments contain the TLS header and
> - plain text TLS payload.
> - @param[in] FragmentCount Number of fragment.
> -
> - @retval EFI_SUCCESS The operation completed successfully.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_ABORTED TLS session state is incorrect.
> - @retval Others Other errors as indicated.
> -**/
> -EFI_STATUS
> -TlsDecryptPacket (
> - IN TLS_INSTANCE *TlsInstance,
> - IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
> - IN UINT32 *FragmentCount
> - )
> -{
> - EFI_STATUS Status;
> - UINTN Index;
> - UINT32 BytesCopied;
> - UINT8 *BufferIn;
> - UINT32 BufferInSize;
> - UINT8 *BufferInPtr;
> - TLS_RECORD_HEADER *RecordHeaderIn;
> - UINT16 ThisCipherMessageSize;
> - TLS_RECORD_HEADER *TempRecordHeader;
> - UINT16 ThisPlainMessageSize;
> - UINT8 *BufferOut;
> - UINT32 BufferOutSize;
> - INTN Ret;
> -
> - Status = EFI_SUCCESS;
> - BytesCopied = 0;
> - BufferIn = NULL;
> - BufferInSize = 0;
> - BufferInPtr = NULL;
> - RecordHeaderIn = NULL;
> - TempRecordHeader = NULL;
> - BufferOut = NULL;
> - BufferOutSize = 0;
> - Ret = 0;
> -
> - //
> - // Calculate the size according to the fragment table.
> - //
> - for (Index = 0; Index < *FragmentCount; Index++) {
> - BufferInSize += (*FragmentTable)[Index].FragmentLength;
> - }
> -
> - //
> - // Allocate buffer for processing data
> - //
> - BufferIn = AllocateZeroPool (BufferInSize);
> - if (BufferIn == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ERROR;
> - }
> -
> - //
> - // Copy all TLS plain record header and payload to BufferIn
> - //
> - for (Index = 0; Index < *FragmentCount; Index++) {
> - CopyMem (
> - (BufferIn + BytesCopied),
> - (*FragmentTable)[Index].FragmentBuffer,
> - (*FragmentTable)[Index].FragmentLength
> - );
> - BytesCopied += (*FragmentTable)[Index].FragmentLength;
> - }
> -
> - BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
> - if (BufferOut == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ERROR;
> - }
> -
> - //
> - // Parsing buffer. Received packet may have multiple TLS record messages.
> - //
> - BufferInPtr = BufferIn;
> - TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
> - while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
> - RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
> -
> - if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
> - Status = EFI_INVALID_PARAMETER;
> - goto ERROR;
> - }
> -
> - ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
> -
> - Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn),
> RECORD_HEADER_LEN + ThisCipherMessageSize);
> - if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {
> - TlsInstance->TlsSessionState = EfiTlsSessionError;
> - Status = EFI_ABORTED;
> - goto ERROR;
> - }
> -
> - Ret = 0;
> - Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1),
> MAX_BUFFER_SIZE - BufferOutSize);
> -
> - if (Ret > 0) {
> - ThisPlainMessageSize = (UINT16) Ret;
> - } else {
> - //
> - // No data was successfully decrypted, continue to decrypt other
> messages.
> - //
> - DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS
> object.\n"));
> -
> - ThisPlainMessageSize = 0;
> - }
> -
> - CopyMem (TempRecordHeader, RecordHeaderIn, RECORD_HEADER_LEN);
> - TempRecordHeader->Length = ThisPlainMessageSize;
> - BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;
> -
> - BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;
> - TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;
> - }
> -
> - FreePool (BufferIn);
> - BufferIn = NULL;
> -
> - //
> - // The caller will be responsible to handle the original fragment table
> - //
> - *FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
> - if (*FragmentTable == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ERROR;
> - }
> -
> - (*FragmentTable)[0].FragmentBuffer = BufferOut;
> - (*FragmentTable)[0].FragmentLength = BufferOutSize;
> - *FragmentCount = 1;
> -
> - return Status;
> -
> -ERROR:
> -
> - if (BufferIn != NULL) {
> - FreePool (BufferIn);
> - BufferIn = NULL;
> - }
> -
> - if (BufferOut != NULL) {
> - FreePool (BufferOut);
> - BufferOut = NULL;
> - }
> -
> - return Status;
> -}
> +/** @file
> + The Miscellaneous Routines for TlsDxe driver.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution. The full text of the license may be
> found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include "TlsImpl.h"
> +
> +/**
> + Encrypt the message listed in fragment.
> +
> + @param[in] TlsInstance The pointer to the TLS instance.
> + @param[in, out] FragmentTable Pointer to a list of fragment.
> + On input these fragments contain the TLS header and
> + plain text TLS payload;
> + On output these fragments contain the TLS header and
> + cipher text TLS payload.
> + @param[in] FragmentCount Number of fragment.
> +
> + @retval EFI_SUCCESS The operation completed successfully.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_ABORTED TLS session state is incorrect.
> + @retval Others Other errors as indicated.
> +**/
> +EFI_STATUS
> +TlsEncryptPacket (
> + IN TLS_INSTANCE *TlsInstance,
> + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
> + IN UINT32 *FragmentCount
> + )
> +{
> + EFI_STATUS Status;
> + UINTN Index;
> + UINT32 BytesCopied;
> + UINT32 BufferInSize;
> + UINT8 *BufferIn;
> + UINT8 *BufferInPtr;
> + TLS_RECORD_HEADER *RecordHeaderIn;
> + UINT16 ThisPlainMessageSize;
> + TLS_RECORD_HEADER *TempRecordHeader;
> + UINT16 ThisMessageSize;
> + UINT32 BufferOutSize;
> + UINT8 *BufferOut;
> + INTN Ret;
> +
> + Status = EFI_SUCCESS;
> + BytesCopied = 0;
> + BufferInSize = 0;
> + BufferIn = NULL;
> + BufferInPtr = NULL;
> + RecordHeaderIn = NULL;
> + TempRecordHeader = NULL;
> + BufferOutSize = 0;
> + BufferOut = NULL;
> + Ret = 0;
> +
> + //
> + // Calculate the size according to the fragment table.
> + //
> + for (Index = 0; Index < *FragmentCount; Index++) {
> + BufferInSize += (*FragmentTable)[Index].FragmentLength;
> + }
> +
> + //
> + // Allocate buffer for processing data.
> + //
> + BufferIn = AllocateZeroPool (BufferInSize);
> + if (BufferIn == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ERROR;
> + }
> +
> + //
> + // Copy all TLS plain record header and payload into BufferIn.
> + //
> + for (Index = 0; Index < *FragmentCount; Index++) {
> + CopyMem (
> + (BufferIn + BytesCopied),
> + (*FragmentTable)[Index].FragmentBuffer,
> + (*FragmentTable)[Index].FragmentLength
> + );
> + BytesCopied += (*FragmentTable)[Index].FragmentLength;
> + }
> +
> + BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
> + if (BufferOut == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ERROR;
> + }
> +
> + //
> + // Parsing buffer.
> + //
> + BufferInPtr = BufferIn;
> + TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
> + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
> + RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
> +
> + if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
> + Status = EFI_INVALID_PARAMETER;
> + goto ERROR;
> + }
> +
> + ThisPlainMessageSize = RecordHeaderIn->Length;
> +
> + TlsWrite (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn + 1),
> ThisPlainMessageSize);
> +
> + Ret = TlsCtrlTrafficOut (TlsInstance->TlsConn, (UINT8
> *)(TempRecordHeader), MAX_BUFFER_SIZE - BufferOutSize);
> +
> + if (Ret > 0) {
> + ThisMessageSize = (UINT16) Ret;
> + } else {
> + //
> + // No data was successfully encrypted, continue to encrypt other
> messages.
> + //
> + DEBUG ((EFI_D_WARN, "TlsEncryptPacket: No data read from TLS
> object.\n"));
> +
> + ThisMessageSize = 0;
> + }
> +
> + BufferOutSize += ThisMessageSize;
> +
> + BufferInPtr += RECORD_HEADER_LEN + ThisPlainMessageSize;
> + TempRecordHeader += ThisMessageSize;
> + }
> +
> + FreePool (BufferIn);
> + BufferIn = NULL;
> +
> + //
> + // The caller will be responsible to handle the original fragment table.
> + //
> + *FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
> + if (*FragmentTable == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ERROR;
> + }
> +
> + (*FragmentTable)[0].FragmentBuffer = BufferOut;
> + (*FragmentTable)[0].FragmentLength = BufferOutSize;
> + *FragmentCount = 1;
> +
> + return Status;
> +
> +ERROR:
> +
> + if (BufferIn != NULL) {
> + FreePool (BufferIn);
> + BufferIn = NULL;
> + }
> +
> + if (BufferOut != NULL) {
> + FreePool (BufferOut);
> + BufferOut = NULL;
> + }
> +
> + return Status;
> +}
> +
> +/**
> + Decrypt the message listed in fragment.
> +
> + @param[in] TlsInstance The pointer to the TLS instance.
> + @param[in, out] FragmentTable Pointer to a list of fragment.
> + On input these fragments contain the TLS header and
> + cipher text TLS payload;
> + On output these fragments contain the TLS header and
> + plain text TLS payload.
> + @param[in] FragmentCount Number of fragment.
> +
> + @retval EFI_SUCCESS The operation completed successfully.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_ABORTED TLS session state is incorrect.
> + @retval Others Other errors as indicated.
> +**/
> +EFI_STATUS
> +TlsDecryptPacket (
> + IN TLS_INSTANCE *TlsInstance,
> + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
> + IN UINT32 *FragmentCount
> + )
> +{
> + EFI_STATUS Status;
> + UINTN Index;
> + UINT32 BytesCopied;
> + UINT8 *BufferIn;
> + UINT32 BufferInSize;
> + UINT8 *BufferInPtr;
> + TLS_RECORD_HEADER *RecordHeaderIn;
> + UINT16 ThisCipherMessageSize;
> + TLS_RECORD_HEADER *TempRecordHeader;
> + UINT16 ThisPlainMessageSize;
> + UINT8 *BufferOut;
> + UINT32 BufferOutSize;
> + INTN Ret;
> +
> + Status = EFI_SUCCESS;
> + BytesCopied = 0;
> + BufferIn = NULL;
> + BufferInSize = 0;
> + BufferInPtr = NULL;
> + RecordHeaderIn = NULL;
> + TempRecordHeader = NULL;
> + BufferOut = NULL;
> + BufferOutSize = 0;
> + Ret = 0;
> +
> + //
> + // Calculate the size according to the fragment table.
> + //
> + for (Index = 0; Index < *FragmentCount; Index++) {
> + BufferInSize += (*FragmentTable)[Index].FragmentLength;
> + }
> +
> + //
> + // Allocate buffer for processing data
> + //
> + BufferIn = AllocateZeroPool (BufferInSize);
> + if (BufferIn == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ERROR;
> + }
> +
> + //
> + // Copy all TLS plain record header and payload to BufferIn
> + //
> + for (Index = 0; Index < *FragmentCount; Index++) {
> + CopyMem (
> + (BufferIn + BytesCopied),
> + (*FragmentTable)[Index].FragmentBuffer,
> + (*FragmentTable)[Index].FragmentLength
> + );
> + BytesCopied += (*FragmentTable)[Index].FragmentLength;
> + }
> +
> + BufferOut = AllocateZeroPool (MAX_BUFFER_SIZE);
> + if (BufferOut == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ERROR;
> + }
> +
> + //
> + // Parsing buffer. Received packet may have multiple TLS record messages.
> + //
> + BufferInPtr = BufferIn;
> + TempRecordHeader = (TLS_RECORD_HEADER *) BufferOut;
> + while ((UINTN) BufferInPtr < (UINTN) BufferIn + BufferInSize) {
> + RecordHeaderIn = (TLS_RECORD_HEADER *) BufferInPtr;
> +
> + if (RecordHeaderIn->ContentType != TlsContentTypeApplicationData) {
> + Status = EFI_INVALID_PARAMETER;
> + goto ERROR;
> + }
> +
> + ThisCipherMessageSize = NTOHS (RecordHeaderIn->Length);
> +
> + Ret = TlsCtrlTrafficIn (TlsInstance->TlsConn, (UINT8 *) (RecordHeaderIn),
> RECORD_HEADER_LEN + ThisCipherMessageSize);
> + if (Ret != RECORD_HEADER_LEN + ThisCipherMessageSize) {
> + TlsInstance->TlsSessionState = EfiTlsSessionError;
> + Status = EFI_ABORTED;
> + goto ERROR;
> + }
> +
> + Ret = 0;
> + Ret = TlsRead (TlsInstance->TlsConn, (UINT8 *) (TempRecordHeader + 1),
> MAX_BUFFER_SIZE - BufferOutSize);
> +
> + if (Ret > 0) {
> + ThisPlainMessageSize = (UINT16) Ret;
> + } else {
> + //
> + // No data was successfully decrypted, continue to decrypt other
> messages.
> + //
> + DEBUG ((EFI_D_WARN, "TlsDecryptPacket: No data read from TLS
> object.\n"));
> +
> + ThisPlainMessageSize = 0;
> + }
> +
> + CopyMem (TempRecordHeader, RecordHeaderIn,
> RECORD_HEADER_LEN);
> + TempRecordHeader->Length = ThisPlainMessageSize;
> + BufferOutSize += RECORD_HEADER_LEN + ThisPlainMessageSize;
> +
> + BufferInPtr += RECORD_HEADER_LEN + ThisCipherMessageSize;
> + TempRecordHeader += RECORD_HEADER_LEN + ThisPlainMessageSize;
> + }
> +
> + FreePool (BufferIn);
> + BufferIn = NULL;
> +
> + //
> + // The caller will be responsible to handle the original fragment table
> + //
> + *FragmentTable = AllocateZeroPool (sizeof (EFI_TLS_FRAGMENT_DATA));
> + if (*FragmentTable == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ERROR;
> + }
> +
> + (*FragmentTable)[0].FragmentBuffer = BufferOut;
> + (*FragmentTable)[0].FragmentLength = BufferOutSize;
> + *FragmentCount = 1;
> +
> + return Status;
> +
> +ERROR:
> +
> + if (BufferIn != NULL) {
> + FreePool (BufferIn);
> + BufferIn = NULL;
> + }
> +
> + if (BufferOut != NULL) {
> + FreePool (BufferOut);
> + BufferOut = NULL;
> + }
> +
> + return Status;
> +}
> +
> diff --git a/NetworkPkg/TlsDxe/TlsImpl.h b/NetworkPkg/TlsDxe/TlsImpl.h
> index 71b1bdb7dc..3ae9d0d546 100644
> --- a/NetworkPkg/TlsDxe/TlsImpl.h
> +++ b/NetworkPkg/TlsDxe/TlsImpl.h
> @@ -1,315 +1,316 @@
> -/** @file
> - Header file of Miscellaneous Routines for TlsDxe driver.
> -
> -Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> -
> -This program and the accompanying materials
> -are licensed and made available under the terms and conditions of the BSD
> License
> -which accompanies this distribution. The full text of the license may be
> found at
> -http://opensource.org/licenses/bsd-license.php
> -
> -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#ifndef __EFI_TLS_IMPL_H__
> -#define __EFI_TLS_IMPL_H__
> -
> -//
> -// Libraries
> -//
> -#include <Library/UefiBootServicesTableLib.h>
> -#include <Library/MemoryAllocationLib.h>
> -#include <Library/BaseMemoryLib.h>
> -#include <Library/BaseLib.h>
> -#include <Library/UefiLib.h>
> -#include <Library/DebugLib.h>
> -#include <Library/NetLib.h>
> -#include <Library/BaseCryptLib.h>
> -#include <Library/TlsLib.h>
> -
> -//
> -// Consumed Protocols
> -//
> -#include <Protocol/Tls.h>
> -#include <Protocol/TlsConfig.h>
> -
> -#include <IndustryStandard/Tls1.h>
> -
> -#include "TlsDriver.h"
> -
> -//
> -// Protocol instances
> -//
> -extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding;
> -extern EFI_TLS_PROTOCOL mTlsProtocol;
> -extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol;
> -
> -#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) +
> Length(2)
> -
> -#define MAX_BUFFER_SIZE 32768
> -
> -/**
> - Encrypt the message listed in fragment.
> -
> - @param[in] TlsInstance The pointer to the TLS instance.
> - @param[in, out] FragmentTable Pointer to a list of fragment.
> - On input these fragments contain the TLS header and
> - plain text TLS payload;
> - On output these fragments contain the TLS header and
> - cipher text TLS payload.
> - @param[in] FragmentCount Number of fragment.
> -
> - @retval EFI_SUCCESS The operation completed successfully.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_ABORTED TLS session state is incorrect.
> - @retval Others Other errors as indicated.
> -**/
> -EFI_STATUS
> -TlsEncryptPacket (
> - IN TLS_INSTANCE *TlsInstance,
> - IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
> - IN UINT32 *FragmentCount
> - );
> -
> -/**
> - Decrypt the message listed in fragment.
> -
> - @param[in] TlsInstance The pointer to the TLS instance.
> - @param[in, out] FragmentTable Pointer to a list of fragment.
> - On input these fragments contain the TLS header and
> - cipher text TLS payload;
> - On output these fragments contain the TLS header and
> - plain text TLS payload.
> - @param[in] FragmentCount Number of fragment.
> -
> - @retval EFI_SUCCESS The operation completed successfully.
> - @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> - @retval EFI_ABORTED TLS session state is incorrect.
> - @retval Others Other errors as indicated.
> -**/
> -EFI_STATUS
> -TlsDecryptPacket (
> - IN TLS_INSTANCE *TlsInstance,
> - IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
> - IN UINT32 *FragmentCount
> - );
> -
> -/**
> - Set TLS session data.
> -
> - The SetSessionData() function set data for a new TLS session. All session
> data should
> - be set before BuildResponsePacket() invoked.
> -
> - @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> - @param[in] DataType TLS session data type.
> - @param[in] Data Pointer to session data.
> - @param[in] DataSize Total size of session data.
> -
> - @retval EFI_SUCCESS The TLS session data is set successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - This is NULL.
> - Data is NULL.
> - DataSize is 0.
> - @retval EFI_UNSUPPORTED The DataType is unsupported.
> - @retval EFI_ACCESS_DENIED If the DataType is one of below:
> - EfiTlsClientRandom
> - EfiTlsServerRandom
> - EfiTlsKeyMaterial
> - @retval EFI_NOT_READY Current TLS session state is NOT
> - EfiTlsSessionStateNotStarted.
> - @retval EFI_OUT_OF_RESOURCES Required system resources could not
> be allocated.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetSessionData (
> - IN EFI_TLS_PROTOCOL *This,
> - IN EFI_TLS_SESSION_DATA_TYPE DataType,
> - IN VOID *Data,
> - IN UINTN DataSize
> - );
> -
> -/**
> - Get TLS session data.
> -
> - The GetSessionData() function return the TLS session information.
> -
> - @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> - @param[in] DataType TLS session data type.
> - @param[in, out] Data Pointer to session data.
> - @param[in, out] DataSize Total size of session data. On input, it means
> - the size of Data buffer. On output, it means the size
> - of copied Data buffer if EFI_SUCCESS, and means the
> - size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
> -
> - @retval EFI_SUCCESS The TLS session data is got successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - This is NULL.
> - DataSize is NULL.
> - Data is NULL if *DataSize is not zero.
> - @retval EFI_UNSUPPORTED The DataType is unsupported.
> - @retval EFI_NOT_FOUND The TLS session data is not found.
> - @retval EFI_NOT_READY The DataType is not ready in current session
> state.
> - @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetSessionData (
> - IN EFI_TLS_PROTOCOL *This,
> - IN EFI_TLS_SESSION_DATA_TYPE DataType,
> - IN OUT VOID *Data, OPTIONAL
> - IN OUT UINTN *DataSize
> - );
> -
> -/**
> - Build response packet according to TLS state machine. This function is only
> valid for
> - alert, handshake and change_cipher_spec content type.
> -
> - The BuildResponsePacket() function builds TLS response packet in
> response to the TLS
> - request packet specified by RequestBuffer and RequestSize. If
> RequestBuffer is NULL and
> - RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS
> session
> - will be initiated and the response packet needs to be ClientHello. If
> RequestBuffer is
> - NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing,
> the TLS
> - session will be closed and response packet needs to be CloseNotify. If
> RequestBuffer is
> - NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the
> TLS
> - session has errors and the response packet needs to be Alert message
> based on error
> - type.
> -
> - @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> - @param[in] RequestBuffer Pointer to the most recently received TLS
> packet. NULL
> - means TLS need initiate the TLS session and response
> - packet need to be ClientHello.
> - @param[in] RequestSize Packet size in bytes for the most recently
> received TLS
> - packet. 0 is only valid when RequestBuffer is NULL.
> - @param[out] Buffer Pointer to the buffer to hold the built packet.
> - @param[in, out] BufferSize Pointer to the buffer size in bytes. On input,
> it is
> - the buffer size provided by the caller. On output, it
> - is the buffer size in fact needed to contain the
> - packet.
> -
> - @retval EFI_SUCCESS The required TLS packet is built successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - This is NULL.
> - RequestBuffer is NULL but RequestSize is NOT 0.
> - RequestSize is 0 but RequestBuffer is NOT NULL.
> - BufferSize is NULL.
> - Buffer is NULL if *BufferSize is not zero.
> - @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the
> response packet.
> - @retval EFI_NOT_READY Current TLS session state is NOT ready to
> build
> - ResponsePacket.
> - @retval EFI_ABORTED Something wrong build response packet.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsBuildResponsePacket (
> - IN EFI_TLS_PROTOCOL *This,
> - IN UINT8 *RequestBuffer, OPTIONAL
> - IN UINTN RequestSize, OPTIONAL
> - OUT UINT8 *Buffer, OPTIONAL
> - IN OUT UINTN *BufferSize
> - );
> -
> -/**
> - Decrypt or encrypt TLS packet during session. This function is only valid
> after
> - session connected and for application_data content type.
> -
> - The ProcessPacket () function process each inbound or outbound TLS APP
> packet.
> -
> - @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> - @param[in, out] FragmentTable Pointer to a list of fragment. The caller
> will take
> - responsible to handle the original FragmentTable while
> - it may be reallocated in TLS driver. If CryptMode is
> - EfiTlsEncrypt, on input these fragments contain the TLS
> - header and plain text TLS APP payload; on output these
> - fragments contain the TLS header and cipher text TLS
> - APP payload. If CryptMode is EfiTlsDecrypt, on input
> - these fragments contain the TLS header and cipher text
> - TLS APP payload; on output these fragments contain the
> - TLS header and plain text TLS APP payload.
> - @param[in] FragmentCount Number of fragment.
> - @param[in] CryptMode Crypt mode.
> -
> - @retval EFI_SUCCESS The operation completed successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - This is NULL.
> - FragmentTable is NULL.
> - FragmentCount is NULL.
> - CryptoMode is invalid.
> - @retval EFI_NOT_READY Current TLS session state is NOT
> - EfiTlsSessionDataTransferring.
> - @retval EFI_ABORTED Something wrong decryption the message. TLS
> session
> - status will become EfiTlsSessionError. The caller need
> - call BuildResponsePacket() to generate Error Alert
> - message and send it out.
> - @retval EFI_OUT_OF_RESOURCES No enough resource to finish the
> operation.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsProcessPacket (
> - IN EFI_TLS_PROTOCOL *This,
> - IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
> - IN UINT32 *FragmentCount,
> - IN EFI_TLS_CRYPT_MODE CryptMode
> - );
> -
> -/**
> - Set TLS configuration data.
> -
> - The SetData() function sets TLS configuration to non-volatile storage or
> volatile
> - storage.
> -
> - @param[in] This Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> - @param[in] DataType Configuration data type.
> - @param[in] Data Pointer to configuration data.
> - @param[in] DataSize Total size of configuration data.
> -
> - @retval EFI_SUCCESS The TLS configuration data is set successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - This is NULL.
> - Data is NULL.
> - DataSize is 0.
> - @retval EFI_UNSUPPORTED The DataType is unsupported.
> - @retval EFI_OUT_OF_RESOURCES Required system resources could not
> be allocated.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsConfigurationSetData (
> - IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
> - IN EFI_TLS_CONFIG_DATA_TYPE DataType,
> - IN VOID *Data,
> - IN UINTN DataSize
> - );
> -
> -/**
> - Get TLS configuration data.
> -
> - The GetData() function gets TLS configuration.
> -
> - @param[in] This Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> - @param[in] DataType Configuration data type.
> - @param[in, out] Data Pointer to configuration data.
> - @param[in, out] DataSize Total size of configuration data. On input, it
> means
> - the size of Data buffer. On output, it means the size
> - of copied Data buffer if EFI_SUCCESS, and means the
> - size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
> -
> - @retval EFI_SUCCESS The TLS configuration data is got successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - This is NULL.
> - DataSize is NULL.
> - Data is NULL if *DataSize is not zero.
> - @retval EFI_UNSUPPORTED The DataType is unsupported.
> - @retval EFI_NOT_FOUND The TLS configuration data is not found.
> - @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsConfigurationGetData (
> - IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
> - IN EFI_TLS_CONFIG_DATA_TYPE DataType,
> - IN OUT VOID *Data, OPTIONAL
> - IN OUT UINTN *DataSize
> - );
> -
> -#endif
> +/** @file
> + Header file of Miscellaneous Routines for TlsDxe driver.
> +
> +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +
> +This program and the accompanying materials
> +are licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution. The full text of the license may be
> found at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#ifndef __EFI_TLS_IMPL_H__
> +#define __EFI_TLS_IMPL_H__
> +
> +//
> +// Libraries
> +//
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/MemoryAllocationLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/BaseLib.h>
> +#include <Library/UefiLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/NetLib.h>
> +#include <Library/BaseCryptLib.h>
> +#include <Library/TlsLib.h>
> +
> +//
> +// Consumed Protocols
> +//
> +#include <Protocol/Tls.h>
> +#include <Protocol/TlsConfig.h>
> +
> +#include <IndustryStandard/Tls1.h>
> +
> +#include "TlsDriver.h"
> +
> +//
> +// Protocol instances
> +//
> +extern EFI_SERVICE_BINDING_PROTOCOL mTlsServiceBinding;
> +extern EFI_TLS_PROTOCOL mTlsProtocol;
> +extern EFI_TLS_CONFIGURATION_PROTOCOL mTlsConfigurationProtocol;
> +
> +#define RECORD_HEADER_LEN 5 /// ContentType(1) + Version(2) +
> Length(2)
> +
> +#define MAX_BUFFER_SIZE 32768
> +
> +/**
> + Encrypt the message listed in fragment.
> +
> + @param[in] TlsInstance The pointer to the TLS instance.
> + @param[in, out] FragmentTable Pointer to a list of fragment.
> + On input these fragments contain the TLS header and
> + plain text TLS payload;
> + On output these fragments contain the TLS header and
> + cipher text TLS payload.
> + @param[in] FragmentCount Number of fragment.
> +
> + @retval EFI_SUCCESS The operation completed successfully.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_ABORTED TLS session state is incorrect.
> + @retval Others Other errors as indicated.
> +**/
> +EFI_STATUS
> +TlsEncryptPacket (
> + IN TLS_INSTANCE *TlsInstance,
> + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
> + IN UINT32 *FragmentCount
> + );
> +
> +/**
> + Decrypt the message listed in fragment.
> +
> + @param[in] TlsInstance The pointer to the TLS instance.
> + @param[in, out] FragmentTable Pointer to a list of fragment.
> + On input these fragments contain the TLS header and
> + cipher text TLS payload;
> + On output these fragments contain the TLS header and
> + plain text TLS payload.
> + @param[in] FragmentCount Number of fragment.
> +
> + @retval EFI_SUCCESS The operation completed successfully.
> + @retval EFI_OUT_OF_RESOURCES Can't allocate memory resources.
> + @retval EFI_ABORTED TLS session state is incorrect.
> + @retval Others Other errors as indicated.
> +**/
> +EFI_STATUS
> +TlsDecryptPacket (
> + IN TLS_INSTANCE *TlsInstance,
> + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
> + IN UINT32 *FragmentCount
> + );
> +
> +/**
> + Set TLS session data.
> +
> + The SetSessionData() function set data for a new TLS session. All session
> data should
> + be set before BuildResponsePacket() invoked.
> +
> + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[in] DataType TLS session data type.
> + @param[in] Data Pointer to session data.
> + @param[in] DataSize Total size of session data.
> +
> + @retval EFI_SUCCESS The TLS session data is set successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + Data is NULL.
> + DataSize is 0.
> + @retval EFI_UNSUPPORTED The DataType is unsupported.
> + @retval EFI_ACCESS_DENIED If the DataType is one of below:
> + EfiTlsClientRandom
> + EfiTlsServerRandom
> + EfiTlsKeyMaterial
> + @retval EFI_NOT_READY Current TLS session state is NOT
> + EfiTlsSessionStateNotStarted.
> + @retval EFI_OUT_OF_RESOURCES Required system resources could not
> be allocated.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetSessionData (
> + IN EFI_TLS_PROTOCOL *This,
> + IN EFI_TLS_SESSION_DATA_TYPE DataType,
> + IN VOID *Data,
> + IN UINTN DataSize
> + );
> +
> +/**
> + Get TLS session data.
> +
> + The GetSessionData() function return the TLS session information.
> +
> + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[in] DataType TLS session data type.
> + @param[in, out] Data Pointer to session data.
> + @param[in, out] DataSize Total size of session data. On input, it means
> + the size of Data buffer. On output, it means the size
> + of copied Data buffer if EFI_SUCCESS, and means the
> + size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
> +
> + @retval EFI_SUCCESS The TLS session data is got successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + DataSize is NULL.
> + Data is NULL if *DataSize is not zero.
> + @retval EFI_UNSUPPORTED The DataType is unsupported.
> + @retval EFI_NOT_FOUND The TLS session data is not found.
> + @retval EFI_NOT_READY The DataType is not ready in current session
> state.
> + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetSessionData (
> + IN EFI_TLS_PROTOCOL *This,
> + IN EFI_TLS_SESSION_DATA_TYPE DataType,
> + IN OUT VOID *Data, OPTIONAL
> + IN OUT UINTN *DataSize
> + );
> +
> +/**
> + Build response packet according to TLS state machine. This function is only
> valid for
> + alert, handshake and change_cipher_spec content type.
> +
> + The BuildResponsePacket() function builds TLS response packet in
> response to the TLS
> + request packet specified by RequestBuffer and RequestSize. If
> RequestBuffer is NULL and
> + RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS
> session
> + will be initiated and the response packet needs to be ClientHello. If
> RequestBuffer is
> + NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing,
> the TLS
> + session will be closed and response packet needs to be CloseNotify. If
> RequestBuffer is
> + NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the
> TLS
> + session has errors and the response packet needs to be Alert message
> based on error
> + type.
> +
> + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[in] RequestBuffer Pointer to the most recently received TLS
> packet. NULL
> + means TLS need initiate the TLS session and response
> + packet need to be ClientHello.
> + @param[in] RequestSize Packet size in bytes for the most recently
> received TLS
> + packet. 0 is only valid when RequestBuffer is NULL.
> + @param[out] Buffer Pointer to the buffer to hold the built packet.
> + @param[in, out] BufferSize Pointer to the buffer size in bytes. On input,
> it is
> + the buffer size provided by the caller. On output, it
> + is the buffer size in fact needed to contain the
> + packet.
> +
> + @retval EFI_SUCCESS The required TLS packet is built successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + RequestBuffer is NULL but RequestSize is NOT 0.
> + RequestSize is 0 but RequestBuffer is NOT NULL.
> + BufferSize is NULL.
> + Buffer is NULL if *BufferSize is not zero.
> + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the
> response packet.
> + @retval EFI_NOT_READY Current TLS session state is NOT ready to
> build
> + ResponsePacket.
> + @retval EFI_ABORTED Something wrong build response packet.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsBuildResponsePacket (
> + IN EFI_TLS_PROTOCOL *This,
> + IN UINT8 *RequestBuffer, OPTIONAL
> + IN UINTN RequestSize, OPTIONAL
> + OUT UINT8 *Buffer, OPTIONAL
> + IN OUT UINTN *BufferSize
> + );
> +
> +/**
> + Decrypt or encrypt TLS packet during session. This function is only valid
> after
> + session connected and for application_data content type.
> +
> + The ProcessPacket () function process each inbound or outbound TLS APP
> packet.
> +
> + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[in, out] FragmentTable Pointer to a list of fragment. The caller
> will take
> + responsible to handle the original FragmentTable while
> + it may be reallocated in TLS driver. If CryptMode is
> + EfiTlsEncrypt, on input these fragments contain the TLS
> + header and plain text TLS APP payload; on output these
> + fragments contain the TLS header and cipher text TLS
> + APP payload. If CryptMode is EfiTlsDecrypt, on input
> + these fragments contain the TLS header and cipher text
> + TLS APP payload; on output these fragments contain the
> + TLS header and plain text TLS APP payload.
> + @param[in] FragmentCount Number of fragment.
> + @param[in] CryptMode Crypt mode.
> +
> + @retval EFI_SUCCESS The operation completed successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + FragmentTable is NULL.
> + FragmentCount is NULL.
> + CryptoMode is invalid.
> + @retval EFI_NOT_READY Current TLS session state is NOT
> + EfiTlsSessionDataTransferring.
> + @retval EFI_ABORTED Something wrong decryption the message.
> TLS session
> + status will become EfiTlsSessionError. The caller need
> + call BuildResponsePacket() to generate Error Alert
> + message and send it out.
> + @retval EFI_OUT_OF_RESOURCES No enough resource to finish the
> operation.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsProcessPacket (
> + IN EFI_TLS_PROTOCOL *This,
> + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
> + IN UINT32 *FragmentCount,
> + IN EFI_TLS_CRYPT_MODE CryptMode
> + );
> +
> +/**
> + Set TLS configuration data.
> +
> + The SetData() function sets TLS configuration to non-volatile storage or
> volatile
> + storage.
> +
> + @param[in] This Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> + @param[in] DataType Configuration data type.
> + @param[in] Data Pointer to configuration data.
> + @param[in] DataSize Total size of configuration data.
> +
> + @retval EFI_SUCCESS The TLS configuration data is set successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + Data is NULL.
> + DataSize is 0.
> + @retval EFI_UNSUPPORTED The DataType is unsupported.
> + @retval EFI_OUT_OF_RESOURCES Required system resources could not
> be allocated.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsConfigurationSetData (
> + IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
> + IN EFI_TLS_CONFIG_DATA_TYPE DataType,
> + IN VOID *Data,
> + IN UINTN DataSize
> + );
> +
> +/**
> + Get TLS configuration data.
> +
> + The GetData() function gets TLS configuration.
> +
> + @param[in] This Pointer to the
> EFI_TLS_CONFIGURATION_PROTOCOL instance.
> + @param[in] DataType Configuration data type.
> + @param[in, out] Data Pointer to configuration data.
> + @param[in, out] DataSize Total size of configuration data. On input, it
> means
> + the size of Data buffer. On output, it means the size
> + of copied Data buffer if EFI_SUCCESS, and means the
> + size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
> +
> + @retval EFI_SUCCESS The TLS configuration data is got successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + DataSize is NULL.
> + Data is NULL if *DataSize is not zero.
> + @retval EFI_UNSUPPORTED The DataType is unsupported.
> + @retval EFI_NOT_FOUND The TLS configuration data is not found.
> + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsConfigurationGetData (
> + IN EFI_TLS_CONFIGURATION_PROTOCOL *This,
> + IN EFI_TLS_CONFIG_DATA_TYPE DataType,
> + IN OUT VOID *Data, OPTIONAL
> + IN OUT UINTN *DataSize
> + );
> +
> +#endif
> +
> diff --git a/NetworkPkg/TlsDxe/TlsProtocol.c
> b/NetworkPkg/TlsDxe/TlsProtocol.c
> index 58a83c3ab7..ad4c922c60 100644
> --- a/NetworkPkg/TlsDxe/TlsProtocol.c
> +++ b/NetworkPkg/TlsDxe/TlsProtocol.c
> @@ -1,632 +1,633 @@
> -/** @file
> - Implementation of EFI TLS Protocol Interfaces.
> -
> - Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> -
> - This program and the accompanying materials
> - are licensed and made available under the terms and conditions of the BSD
> License
> - which accompanies this distribution. The full text of the license may be
> found at
> - http://opensource.org/licenses/bsd-license.php.
> -
> - THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> - WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> -
> -**/
> -
> -#include "TlsImpl.h"
> -
> -EFI_TLS_PROTOCOL mTlsProtocol = {
> - TlsSetSessionData,
> - TlsGetSessionData,
> - TlsBuildResponsePacket,
> - TlsProcessPacket
> -};
> -
> -/**
> - Set TLS session data.
> -
> - The SetSessionData() function set data for a new TLS session. All session
> data should
> - be set before BuildResponsePacket() invoked.
> -
> - @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> - @param[in] DataType TLS session data type.
> - @param[in] Data Pointer to session data.
> - @param[in] DataSize Total size of session data.
> -
> - @retval EFI_SUCCESS The TLS session data is set successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - This is NULL.
> - Data is NULL.
> - DataSize is 0.
> - @retval EFI_UNSUPPORTED The DataType is unsupported.
> - @retval EFI_ACCESS_DENIED If the DataType is one of below:
> - EfiTlsClientRandom
> - EfiTlsServerRandom
> - EfiTlsKeyMaterial
> - @retval EFI_NOT_READY Current TLS session state is NOT
> - EfiTlsSessionStateNotStarted.
> - @retval EFI_OUT_OF_RESOURCES Required system resources could not
> be allocated.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsSetSessionData (
> - IN EFI_TLS_PROTOCOL *This,
> - IN EFI_TLS_SESSION_DATA_TYPE DataType,
> - IN VOID *Data,
> - IN UINTN DataSize
> - )
> -{
> - EFI_STATUS Status;
> - TLS_INSTANCE *Instance;
> - UINT16 *CipherId;
> - UINTN Index;
> -
> - EFI_TPL OldTpl;
> -
> - Status = EFI_SUCCESS;
> - CipherId = NULL;
> -
> - if (This == NULL || Data == NULL || DataSize == 0) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> -
> - Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
> -
> - if (DataType != EfiTlsSessionState && Instance->TlsSessionState !=
> EfiTlsSessionNotStarted){
> - Status = EFI_NOT_READY;
> - goto ON_EXIT;
> - }
> -
> - switch (DataType) {
> - //
> - // Session Configuration
> - //
> - case EfiTlsVersion:
> - if (DataSize != sizeof (EFI_TLS_VERSION)) {
> - Status = EFI_INVALID_PARAMETER;
> - goto ON_EXIT;
> - }
> -
> - Status = TlsSetVersion (Instance->TlsConn, ((EFI_TLS_VERSION *) Data)-
> >Major, ((EFI_TLS_VERSION *) Data)->Minor);
> - break;
> - case EfiTlsConnectionEnd:
> - if (DataSize != sizeof (EFI_TLS_CONNECTION_END)) {
> - Status = EFI_INVALID_PARAMETER;
> - goto ON_EXIT;
> - }
> -
> - Status = TlsSetConnectionEnd (Instance->TlsConn,
> *((EFI_TLS_CONNECTION_END *) Data));
> - break;
> - case EfiTlsCipherList:
> - CipherId = AllocatePool (DataSize);
> - if (CipherId == NULL) {
> - Status = EFI_OUT_OF_RESOURCES;
> - goto ON_EXIT;
> - }
> -
> - for (Index = 0; Index < DataSize / sizeof (EFI_TLS_CIPHER); Index++) {
> - *(CipherId +Index) = HTONS (*(((UINT16 *) Data) + Index));
> - }
> -
> - Status = TlsSetCipherList (Instance->TlsConn, CipherId, DataSize / sizeof
> (EFI_TLS_CIPHER));
> -
> - FreePool (CipherId);
> - break;
> - case EfiTlsCompressionMethod:
> - //
> - // TLS seems only define one CompressionMethod.null, which specifies
> that data exchanged via the
> - // record protocol will not be compressed.
> - // More information from OpenSSL:
> http://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compressio
> n_method.html
> - // The TLS RFC does however not specify compression methods or their
> corresponding identifiers,
> - // so there is currently no compatible way to integrate compression with
> unknown peers.
> - // It is therefore currently not recommended to integrate compression
> into applications.
> - // Applications for non-public use may agree on certain compression
> methods.
> - // Using different compression methods with the same identifier will lead
> to connection failure.
> - //
> - for (Index = 0; Index < DataSize / sizeof (EFI_TLS_COMPRESSION);
> Index++) {
> - Status = TlsSetCompressionMethod (*((UINT8 *) Data + Index));
> - if (EFI_ERROR (Status)) {
> - break;
> - }
> - }
> -
> - break;
> - case EfiTlsExtensionData:
> - Status = EFI_UNSUPPORTED;
> - goto ON_EXIT;
> - case EfiTlsVerifyMethod:
> - if (DataSize != sizeof (EFI_TLS_VERIFY)) {
> - Status = EFI_INVALID_PARAMETER;
> - goto ON_EXIT;
> - }
> -
> - TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));
> - break;
> - case EfiTlsSessionID:
> - if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {
> - Status = EFI_INVALID_PARAMETER;
> - goto ON_EXIT;
> - }
> -
> - Status = TlsSetSessionId (
> - Instance->TlsConn,
> - ((EFI_TLS_SESSION_ID *) Data)->Data,
> - ((EFI_TLS_SESSION_ID *) Data)->Length
> - );
> - break;
> - case EfiTlsSessionState:
> - if (DataSize != sizeof (EFI_TLS_SESSION_STATE)) {
> - Status = EFI_INVALID_PARAMETER;
> - goto ON_EXIT;
> - }
> -
> - Instance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) Data;
> - break;
> - //
> - // Session information
> - //
> - case EfiTlsClientRandom:
> - Status = EFI_ACCESS_DENIED;
> - break;
> - case EfiTlsServerRandom:
> - Status = EFI_ACCESS_DENIED;
> - break;
> - case EfiTlsKeyMaterial:
> - Status = EFI_ACCESS_DENIED;
> - break;
> - //
> - // Unsupported type.
> - //
> - default:
> - Status = EFI_UNSUPPORTED;
> - }
> -
> -ON_EXIT:
> - gBS->RestoreTPL (OldTpl);
> - return Status;
> -}
> -
> -/**
> - Get TLS session data.
> -
> - The GetSessionData() function return the TLS session information.
> -
> - @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> - @param[in] DataType TLS session data type.
> - @param[in, out] Data Pointer to session data.
> - @param[in, out] DataSize Total size of session data. On input, it means
> - the size of Data buffer. On output, it means the size
> - of copied Data buffer if EFI_SUCCESS, and means the
> - size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
> -
> - @retval EFI_SUCCESS The TLS session data is got successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - This is NULL.
> - DataSize is NULL.
> - Data is NULL if *DataSize is not zero.
> - @retval EFI_UNSUPPORTED The DataType is unsupported.
> - @retval EFI_NOT_FOUND The TLS session data is not found.
> - @retval EFI_NOT_READY The DataType is not ready in current session
> state.
> - @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsGetSessionData (
> - IN EFI_TLS_PROTOCOL *This,
> - IN EFI_TLS_SESSION_DATA_TYPE DataType,
> - IN OUT VOID *Data, OPTIONAL
> - IN OUT UINTN *DataSize
> - )
> -{
> - EFI_STATUS Status;
> - TLS_INSTANCE *Instance;
> -
> - EFI_TPL OldTpl;
> -
> - Status = EFI_SUCCESS;
> -
> - if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> -
> - Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
> -
> - if (Instance->TlsSessionState == EfiTlsSessionNotStarted &&
> - (DataType == EfiTlsSessionID || DataType == EfiTlsClientRandom ||
> - DataType == EfiTlsServerRandom || DataType == EfiTlsKeyMaterial)) {
> - Status = EFI_NOT_READY;
> - goto ON_EXIT;
> - }
> -
> - switch (DataType) {
> - case EfiTlsVersion:
> - if (*DataSize < sizeof (EFI_TLS_VERSION)) {
> - *DataSize = sizeof (EFI_TLS_VERSION);
> - Status = EFI_BUFFER_TOO_SMALL;
> - goto ON_EXIT;
> - }
> - *DataSize = sizeof (EFI_TLS_VERSION);
> - *((UINT16 *) Data) = HTONS (TlsGetVersion (Instance->TlsConn));
> - break;
> - case EfiTlsConnectionEnd:
> - if (*DataSize < sizeof (EFI_TLS_CONNECTION_END)) {
> - *DataSize = sizeof (EFI_TLS_CONNECTION_END);
> - Status = EFI_BUFFER_TOO_SMALL;
> - goto ON_EXIT;
> - }
> - *DataSize = sizeof (EFI_TLS_CONNECTION_END);
> - *((UINT8 *) Data) = TlsGetConnectionEnd (Instance->TlsConn);
> - break;
> - case EfiTlsCipherList:
> - //
> - // Get the current session cipher suite.
> - //
> - if (*DataSize < sizeof (EFI_TLS_CIPHER)) {
> - *DataSize = sizeof (EFI_TLS_CIPHER);
> - Status = EFI_BUFFER_TOO_SMALL;
> - goto ON_EXIT;
> - }
> - *DataSize = sizeof(EFI_TLS_CIPHER);
> - Status = TlsGetCurrentCipher (Instance->TlsConn, (UINT16 *) Data);
> - *((UINT16 *) Data) = HTONS (*((UINT16 *) Data));
> - break;
> - case EfiTlsCompressionMethod:
> - //
> - // Get the current session compression method.
> - //
> - if (*DataSize < sizeof (EFI_TLS_COMPRESSION)) {
> - *DataSize = sizeof (EFI_TLS_COMPRESSION);
> - Status = EFI_BUFFER_TOO_SMALL;
> - goto ON_EXIT;
> - }
> - *DataSize = sizeof (EFI_TLS_COMPRESSION);
> - Status = TlsGetCurrentCompressionId (Instance->TlsConn, (UINT8 *) Data);
> - break;
> - case EfiTlsExtensionData:
> - Status = EFI_UNSUPPORTED;
> - goto ON_EXIT;
> - case EfiTlsVerifyMethod:
> - if (*DataSize < sizeof (EFI_TLS_VERIFY)) {
> - *DataSize = sizeof (EFI_TLS_VERIFY);
> - Status = EFI_BUFFER_TOO_SMALL;
> - goto ON_EXIT;
> - }
> - *DataSize = sizeof (EFI_TLS_VERIFY);
> - *((UINT32 *) Data) = TlsGetVerify (Instance->TlsConn);
> - break;
> - case EfiTlsSessionID:
> - if (*DataSize < sizeof (EFI_TLS_SESSION_ID)) {
> - *DataSize = sizeof (EFI_TLS_SESSION_ID);
> - Status = EFI_BUFFER_TOO_SMALL;
> - goto ON_EXIT;
> - }
> - *DataSize = sizeof (EFI_TLS_SESSION_ID);
> - Status = TlsGetSessionId (
> - Instance->TlsConn,
> - ((EFI_TLS_SESSION_ID *) Data)->Data,
> - &(((EFI_TLS_SESSION_ID *) Data)->Length)
> - );
> - break;
> - case EfiTlsSessionState:
> - if (*DataSize < sizeof (EFI_TLS_SESSION_STATE)) {
> - *DataSize = sizeof (EFI_TLS_SESSION_STATE);
> - Status = EFI_BUFFER_TOO_SMALL;
> - goto ON_EXIT;
> - }
> - *DataSize = sizeof (EFI_TLS_SESSION_STATE);
> - CopyMem (Data, &Instance->TlsSessionState, *DataSize);
> - break;
> - case EfiTlsClientRandom:
> - if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
> - *DataSize = sizeof (EFI_TLS_RANDOM);
> - Status = EFI_BUFFER_TOO_SMALL;
> - goto ON_EXIT;
> - }
> - *DataSize = sizeof (EFI_TLS_RANDOM);
> - TlsGetClientRandom (Instance->TlsConn, (UINT8 *) Data);
> - break;
> - case EfiTlsServerRandom:
> - if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
> - *DataSize = sizeof (EFI_TLS_RANDOM);
> - Status = EFI_BUFFER_TOO_SMALL;
> - goto ON_EXIT;
> - }
> - *DataSize = sizeof (EFI_TLS_RANDOM);
> - TlsGetServerRandom (Instance->TlsConn, (UINT8 *) Data);
> - break;
> - case EfiTlsKeyMaterial:
> - if (*DataSize < sizeof (EFI_TLS_MASTER_SECRET)) {
> - *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
> - Status = EFI_BUFFER_TOO_SMALL;
> - goto ON_EXIT;
> - }
> - *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
> - Status = TlsGetKeyMaterial (Instance->TlsConn, (UINT8 *) Data);
> - break;
> - //
> - // Unsupported type.
> - //
> - default:
> - Status = EFI_UNSUPPORTED;
> - }
> -
> -ON_EXIT:
> - gBS->RestoreTPL (OldTpl);
> - return Status;
> -}
> -
> -/**
> - Build response packet according to TLS state machine. This function is only
> valid for
> - alert, handshake and change_cipher_spec content type.
> -
> - The BuildResponsePacket() function builds TLS response packet in
> response to the TLS
> - request packet specified by RequestBuffer and RequestSize. If
> RequestBuffer is NULL and
> - RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS
> session
> - will be initiated and the response packet needs to be ClientHello. If
> RequestBuffer is
> - NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing,
> the TLS
> - session will be closed and response packet needs to be CloseNotify. If
> RequestBuffer is
> - NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the
> TLS
> - session has errors and the response packet needs to be Alert message
> based on error
> - type.
> -
> - @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> - @param[in] RequestBuffer Pointer to the most recently received TLS
> packet. NULL
> - means TLS need initiate the TLS session and response
> - packet need to be ClientHello.
> - @param[in] RequestSize Packet size in bytes for the most recently
> received TLS
> - packet. 0 is only valid when RequestBuffer is NULL.
> - @param[out] Buffer Pointer to the buffer to hold the built packet.
> - @param[in, out] BufferSize Pointer to the buffer size in bytes. On input,
> it is
> - the buffer size provided by the caller. On output, it
> - is the buffer size in fact needed to contain the
> - packet.
> -
> - @retval EFI_SUCCESS The required TLS packet is built successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - This is NULL.
> - RequestBuffer is NULL but RequestSize is NOT 0.
> - RequestSize is 0 but RequestBuffer is NOT NULL.
> - BufferSize is NULL.
> - Buffer is NULL if *BufferSize is not zero.
> - @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the
> response packet.
> - @retval EFI_NOT_READY Current TLS session state is NOT ready to
> build
> - ResponsePacket.
> - @retval EFI_ABORTED Something wrong build response packet.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsBuildResponsePacket (
> - IN EFI_TLS_PROTOCOL *This,
> - IN UINT8 *RequestBuffer, OPTIONAL
> - IN UINTN RequestSize, OPTIONAL
> - OUT UINT8 *Buffer, OPTIONAL
> - IN OUT UINTN *BufferSize
> - )
> -{
> - EFI_STATUS Status;
> - TLS_INSTANCE *Instance;
> - EFI_TPL OldTpl;
> -
> - Status = EFI_SUCCESS;
> -
> - if ((This == NULL) || (BufferSize == NULL) ||
> - (RequestBuffer == NULL && RequestSize != 0) ||
> - (RequestBuffer != NULL && RequestSize == 0) ||
> - (Buffer == NULL && *BufferSize !=0)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> -
> - Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
> -
> - if(RequestBuffer == NULL && RequestSize == 0) {
> - switch (Instance->TlsSessionState) {
> - case EfiTlsSessionNotStarted:
> - //
> - // ClientHello.
> - //
> - Status = TlsDoHandshake (
> - Instance->TlsConn,
> - NULL,
> - 0,
> - Buffer,
> - BufferSize
> - );
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - //
> - // *BufferSize should not be zero when ClientHello.
> - //
> - if (*BufferSize == 0) {
> - Status = EFI_ABORTED;
> - goto ON_EXIT;
> - }
> -
> - Instance->TlsSessionState = EfiTlsSessionHandShaking;
> -
> - break;
> - case EfiTlsSessionClosing:
> - //
> - // TLS session will be closed and response packet needs to be CloseNotify.
> - //
> - Status = TlsCloseNotify (
> - Instance->TlsConn,
> - Buffer,
> - BufferSize
> - );
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - //
> - // *BufferSize should not be zero when build CloseNotify message.
> - //
> - if (*BufferSize == 0) {
> - Status = EFI_ABORTED;
> - goto ON_EXIT;
> - }
> -
> - break;
> - case EfiTlsSessionError:
> - //
> - // TLS session has errors and the response packet needs to be Alert
> - // message based on error type.
> - //
> - Status = TlsHandleAlert (
> - Instance->TlsConn,
> - NULL,
> - 0,
> - Buffer,
> - BufferSize
> - );
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - break;
> - default:
> - //
> - // Current TLS session state is NOT ready to build ResponsePacket.
> - //
> - Status = EFI_NOT_READY;
> - }
> - } else {
> - //
> - // 1. Received packet may have multiple TLS record messages.
> - // 2. One TLS record message may have multiple handshake protocol.
> - // 3. Some errors may be happened in handshake.
> - // TlsDoHandshake() can handle all of those cases.
> - //
> - if (TlsInHandshake (Instance->TlsConn)) {
> - Status = TlsDoHandshake (
> - Instance->TlsConn,
> - RequestBuffer,
> - RequestSize,
> - Buffer,
> - BufferSize
> - );
> - if (EFI_ERROR (Status)) {
> - goto ON_EXIT;
> - }
> -
> - if (!TlsInHandshake (Instance->TlsConn)) {
> - Instance->TlsSessionState = EfiTlsSessionDataTransferring;
> - }
> - } else {
> - //
> - // Must be alert message, Decrypt it and build the ResponsePacket.
> - //
> - ASSERT (((TLS_RECORD_HEADER *) RequestBuffer)->ContentType ==
> TlsContentTypeAlert);
> -
> - Status = TlsHandleAlert (
> - Instance->TlsConn,
> - RequestBuffer,
> - RequestSize,
> - Buffer,
> - BufferSize
> - );
> - if (EFI_ERROR (Status)) {
> - if (Status != EFI_BUFFER_TOO_SMALL) {
> - Instance->TlsSessionState = EfiTlsSessionError;
> - }
> -
> - goto ON_EXIT;
> - }
> - }
> - }
> -
> -ON_EXIT:
> - gBS->RestoreTPL (OldTpl);
> - return Status;
> -}
> -
> -/**
> - Decrypt or encrypt TLS packet during session. This function is only valid
> after
> - session connected and for application_data content type.
> -
> - The ProcessPacket () function process each inbound or outbound TLS APP
> packet.
> -
> - @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> - @param[in, out] FragmentTable Pointer to a list of fragment. The caller
> will take
> - responsible to handle the original FragmentTable while
> - it may be reallocated in TLS driver. If CryptMode is
> - EfiTlsEncrypt, on input these fragments contain the TLS
> - header and plain text TLS APP payload; on output these
> - fragments contain the TLS header and cipher text TLS
> - APP payload. If CryptMode is EfiTlsDecrypt, on input
> - these fragments contain the TLS header and cipher text
> - TLS APP payload; on output these fragments contain the
> - TLS header and plain text TLS APP payload.
> - @param[in] FragmentCount Number of fragment.
> - @param[in] CryptMode Crypt mode.
> -
> - @retval EFI_SUCCESS The operation completed successfully.
> - @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> - This is NULL.
> - FragmentTable is NULL.
> - FragmentCount is NULL.
> - CryptoMode is invalid.
> - @retval EFI_NOT_READY Current TLS session state is NOT
> - EfiTlsSessionDataTransferring.
> - @retval EFI_ABORTED Something wrong decryption the message. TLS
> session
> - status will become EfiTlsSessionError. The caller need
> - call BuildResponsePacket() to generate Error Alert
> - message and send it out.
> - @retval EFI_OUT_OF_RESOURCES No enough resource to finish the
> operation.
> -**/
> -EFI_STATUS
> -EFIAPI
> -TlsProcessPacket (
> - IN EFI_TLS_PROTOCOL *This,
> - IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
> - IN UINT32 *FragmentCount,
> - IN EFI_TLS_CRYPT_MODE CryptMode
> - )
> -{
> - EFI_STATUS Status;
> - TLS_INSTANCE *Instance;
> -
> - EFI_TPL OldTpl;
> -
> - Status = EFI_SUCCESS;
> -
> - if (This == NULL || FragmentTable == NULL || FragmentCount == NULL) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> -
> - Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
> -
> - if (Instance->TlsSessionState != EfiTlsSessionDataTransferring) {
> - Status = EFI_NOT_READY;
> - goto ON_EXIT;
> - }
> -
> - //
> - // Packet sent or received may have multiple TLS record messages
> (Application data type).
> - // So,on input these fragments contain the TLS header and TLS APP payload;
> - // on output these fragments also contain the TLS header and TLS APP
> payload.
> - //
> - switch (CryptMode) {
> - case EfiTlsEncrypt:
> - Status = TlsEncryptPacket (Instance, FragmentTable, FragmentCount);
> - break;
> - case EfiTlsDecrypt:
> - Status = TlsDecryptPacket (Instance, FragmentTable, FragmentCount);
> - break;
> - default:
> - return EFI_INVALID_PARAMETER;
> - }
> -
> -ON_EXIT:
> - gBS->RestoreTPL (OldTpl);
> - return Status;
> -}
> +/** @file
> + Implementation of EFI TLS Protocol Interfaces.
> +
> + Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +
> + This program and the accompanying materials
> + are licensed and made available under the terms and conditions of the BSD
> License
> + which accompanies this distribution. The full text of the license may be
> found at
> + http://opensource.org/licenses/bsd-license.php.
> +
> + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"
> BASIS,
> + WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
> EXPRESS OR IMPLIED.
> +
> +**/
> +
> +#include "TlsImpl.h"
> +
> +EFI_TLS_PROTOCOL mTlsProtocol = {
> + TlsSetSessionData,
> + TlsGetSessionData,
> + TlsBuildResponsePacket,
> + TlsProcessPacket
> +};
> +
> +/**
> + Set TLS session data.
> +
> + The SetSessionData() function set data for a new TLS session. All session
> data should
> + be set before BuildResponsePacket() invoked.
> +
> + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[in] DataType TLS session data type.
> + @param[in] Data Pointer to session data.
> + @param[in] DataSize Total size of session data.
> +
> + @retval EFI_SUCCESS The TLS session data is set successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + Data is NULL.
> + DataSize is 0.
> + @retval EFI_UNSUPPORTED The DataType is unsupported.
> + @retval EFI_ACCESS_DENIED If the DataType is one of below:
> + EfiTlsClientRandom
> + EfiTlsServerRandom
> + EfiTlsKeyMaterial
> + @retval EFI_NOT_READY Current TLS session state is NOT
> + EfiTlsSessionStateNotStarted.
> + @retval EFI_OUT_OF_RESOURCES Required system resources could not
> be allocated.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetSessionData (
> + IN EFI_TLS_PROTOCOL *This,
> + IN EFI_TLS_SESSION_DATA_TYPE DataType,
> + IN VOID *Data,
> + IN UINTN DataSize
> + )
> +{
> + EFI_STATUS Status;
> + TLS_INSTANCE *Instance;
> + UINT16 *CipherId;
> + UINTN Index;
> +
> + EFI_TPL OldTpl;
> +
> + Status = EFI_SUCCESS;
> + CipherId = NULL;
> +
> + if (This == NULL || Data == NULL || DataSize == 0) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> +
> + Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
> +
> + if (DataType != EfiTlsSessionState && Instance->TlsSessionState !=
> EfiTlsSessionNotStarted){
> + Status = EFI_NOT_READY;
> + goto ON_EXIT;
> + }
> +
> + switch (DataType) {
> + //
> + // Session Configuration
> + //
> + case EfiTlsVersion:
> + if (DataSize != sizeof (EFI_TLS_VERSION)) {
> + Status = EFI_INVALID_PARAMETER;
> + goto ON_EXIT;
> + }
> +
> + Status = TlsSetVersion (Instance->TlsConn, ((EFI_TLS_VERSION *) Data)-
> >Major, ((EFI_TLS_VERSION *) Data)->Minor);
> + break;
> + case EfiTlsConnectionEnd:
> + if (DataSize != sizeof (EFI_TLS_CONNECTION_END)) {
> + Status = EFI_INVALID_PARAMETER;
> + goto ON_EXIT;
> + }
> +
> + Status = TlsSetConnectionEnd (Instance->TlsConn,
> *((EFI_TLS_CONNECTION_END *) Data));
> + break;
> + case EfiTlsCipherList:
> + CipherId = AllocatePool (DataSize);
> + if (CipherId == NULL) {
> + Status = EFI_OUT_OF_RESOURCES;
> + goto ON_EXIT;
> + }
> +
> + for (Index = 0; Index < DataSize / sizeof (EFI_TLS_CIPHER); Index++) {
> + *(CipherId +Index) = HTONS (*(((UINT16 *) Data) + Index));
> + }
> +
> + Status = TlsSetCipherList (Instance->TlsConn, CipherId, DataSize / sizeof
> (EFI_TLS_CIPHER));
> +
> + FreePool (CipherId);
> + break;
> + case EfiTlsCompressionMethod:
> + //
> + // TLS seems only define one CompressionMethod.null, which specifies
> that data exchanged via the
> + // record protocol will not be compressed.
> + // More information from OpenSSL:
> http://www.openssl.org/docs/manmaster/ssl/SSL_COMP_add_compressio
> n_method.html
> + // The TLS RFC does however not specify compression methods or their
> corresponding identifiers,
> + // so there is currently no compatible way to integrate compression with
> unknown peers.
> + // It is therefore currently not recommended to integrate compression
> into applications.
> + // Applications for non-public use may agree on certain compression
> methods.
> + // Using different compression methods with the same identifier will lead
> to connection failure.
> + //
> + for (Index = 0; Index < DataSize / sizeof (EFI_TLS_COMPRESSION);
> Index++) {
> + Status = TlsSetCompressionMethod (*((UINT8 *) Data + Index));
> + if (EFI_ERROR (Status)) {
> + break;
> + }
> + }
> +
> + break;
> + case EfiTlsExtensionData:
> + Status = EFI_UNSUPPORTED;
> + goto ON_EXIT;
> + case EfiTlsVerifyMethod:
> + if (DataSize != sizeof (EFI_TLS_VERIFY)) {
> + Status = EFI_INVALID_PARAMETER;
> + goto ON_EXIT;
> + }
> +
> + TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));
> + break;
> + case EfiTlsSessionID:
> + if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {
> + Status = EFI_INVALID_PARAMETER;
> + goto ON_EXIT;
> + }
> +
> + Status = TlsSetSessionId (
> + Instance->TlsConn,
> + ((EFI_TLS_SESSION_ID *) Data)->Data,
> + ((EFI_TLS_SESSION_ID *) Data)->Length
> + );
> + break;
> + case EfiTlsSessionState:
> + if (DataSize != sizeof (EFI_TLS_SESSION_STATE)) {
> + Status = EFI_INVALID_PARAMETER;
> + goto ON_EXIT;
> + }
> +
> + Instance->TlsSessionState = *(EFI_TLS_SESSION_STATE *) Data;
> + break;
> + //
> + // Session information
> + //
> + case EfiTlsClientRandom:
> + Status = EFI_ACCESS_DENIED;
> + break;
> + case EfiTlsServerRandom:
> + Status = EFI_ACCESS_DENIED;
> + break;
> + case EfiTlsKeyMaterial:
> + Status = EFI_ACCESS_DENIED;
> + break;
> + //
> + // Unsupported type.
> + //
> + default:
> + Status = EFI_UNSUPPORTED;
> + }
> +
> +ON_EXIT:
> + gBS->RestoreTPL (OldTpl);
> + return Status;
> +}
> +
> +/**
> + Get TLS session data.
> +
> + The GetSessionData() function return the TLS session information.
> +
> + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[in] DataType TLS session data type.
> + @param[in, out] Data Pointer to session data.
> + @param[in, out] DataSize Total size of session data. On input, it means
> + the size of Data buffer. On output, it means the size
> + of copied Data buffer if EFI_SUCCESS, and means the
> + size of desired Data buffer if EFI_BUFFER_TOO_SMALL.
> +
> + @retval EFI_SUCCESS The TLS session data is got successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + DataSize is NULL.
> + Data is NULL if *DataSize is not zero.
> + @retval EFI_UNSUPPORTED The DataType is unsupported.
> + @retval EFI_NOT_FOUND The TLS session data is not found.
> + @retval EFI_NOT_READY The DataType is not ready in current session
> state.
> + @retval EFI_BUFFER_TOO_SMALL The buffer is too small to hold the data.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetSessionData (
> + IN EFI_TLS_PROTOCOL *This,
> + IN EFI_TLS_SESSION_DATA_TYPE DataType,
> + IN OUT VOID *Data, OPTIONAL
> + IN OUT UINTN *DataSize
> + )
> +{
> + EFI_STATUS Status;
> + TLS_INSTANCE *Instance;
> +
> + EFI_TPL OldTpl;
> +
> + Status = EFI_SUCCESS;
> +
> + if (This == NULL || DataSize == NULL || (Data == NULL && *DataSize != 0))
> {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> +
> + Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
> +
> + if (Instance->TlsSessionState == EfiTlsSessionNotStarted &&
> + (DataType == EfiTlsSessionID || DataType == EfiTlsClientRandom ||
> + DataType == EfiTlsServerRandom || DataType == EfiTlsKeyMaterial)) {
> + Status = EFI_NOT_READY;
> + goto ON_EXIT;
> + }
> +
> + switch (DataType) {
> + case EfiTlsVersion:
> + if (*DataSize < sizeof (EFI_TLS_VERSION)) {
> + *DataSize = sizeof (EFI_TLS_VERSION);
> + Status = EFI_BUFFER_TOO_SMALL;
> + goto ON_EXIT;
> + }
> + *DataSize = sizeof (EFI_TLS_VERSION);
> + *((UINT16 *) Data) = HTONS (TlsGetVersion (Instance->TlsConn));
> + break;
> + case EfiTlsConnectionEnd:
> + if (*DataSize < sizeof (EFI_TLS_CONNECTION_END)) {
> + *DataSize = sizeof (EFI_TLS_CONNECTION_END);
> + Status = EFI_BUFFER_TOO_SMALL;
> + goto ON_EXIT;
> + }
> + *DataSize = sizeof (EFI_TLS_CONNECTION_END);
> + *((UINT8 *) Data) = TlsGetConnectionEnd (Instance->TlsConn);
> + break;
> + case EfiTlsCipherList:
> + //
> + // Get the current session cipher suite.
> + //
> + if (*DataSize < sizeof (EFI_TLS_CIPHER)) {
> + *DataSize = sizeof (EFI_TLS_CIPHER);
> + Status = EFI_BUFFER_TOO_SMALL;
> + goto ON_EXIT;
> + }
> + *DataSize = sizeof(EFI_TLS_CIPHER);
> + Status = TlsGetCurrentCipher (Instance->TlsConn, (UINT16 *) Data);
> + *((UINT16 *) Data) = HTONS (*((UINT16 *) Data));
> + break;
> + case EfiTlsCompressionMethod:
> + //
> + // Get the current session compression method.
> + //
> + if (*DataSize < sizeof (EFI_TLS_COMPRESSION)) {
> + *DataSize = sizeof (EFI_TLS_COMPRESSION);
> + Status = EFI_BUFFER_TOO_SMALL;
> + goto ON_EXIT;
> + }
> + *DataSize = sizeof (EFI_TLS_COMPRESSION);
> + Status = TlsGetCurrentCompressionId (Instance->TlsConn, (UINT8 *)
> Data);
> + break;
> + case EfiTlsExtensionData:
> + Status = EFI_UNSUPPORTED;
> + goto ON_EXIT;
> + case EfiTlsVerifyMethod:
> + if (*DataSize < sizeof (EFI_TLS_VERIFY)) {
> + *DataSize = sizeof (EFI_TLS_VERIFY);
> + Status = EFI_BUFFER_TOO_SMALL;
> + goto ON_EXIT;
> + }
> + *DataSize = sizeof (EFI_TLS_VERIFY);
> + *((UINT32 *) Data) = TlsGetVerify (Instance->TlsConn);
> + break;
> + case EfiTlsSessionID:
> + if (*DataSize < sizeof (EFI_TLS_SESSION_ID)) {
> + *DataSize = sizeof (EFI_TLS_SESSION_ID);
> + Status = EFI_BUFFER_TOO_SMALL;
> + goto ON_EXIT;
> + }
> + *DataSize = sizeof (EFI_TLS_SESSION_ID);
> + Status = TlsGetSessionId (
> + Instance->TlsConn,
> + ((EFI_TLS_SESSION_ID *) Data)->Data,
> + &(((EFI_TLS_SESSION_ID *) Data)->Length)
> + );
> + break;
> + case EfiTlsSessionState:
> + if (*DataSize < sizeof (EFI_TLS_SESSION_STATE)) {
> + *DataSize = sizeof (EFI_TLS_SESSION_STATE);
> + Status = EFI_BUFFER_TOO_SMALL;
> + goto ON_EXIT;
> + }
> + *DataSize = sizeof (EFI_TLS_SESSION_STATE);
> + CopyMem (Data, &Instance->TlsSessionState, *DataSize);
> + break;
> + case EfiTlsClientRandom:
> + if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
> + *DataSize = sizeof (EFI_TLS_RANDOM);
> + Status = EFI_BUFFER_TOO_SMALL;
> + goto ON_EXIT;
> + }
> + *DataSize = sizeof (EFI_TLS_RANDOM);
> + TlsGetClientRandom (Instance->TlsConn, (UINT8 *) Data);
> + break;
> + case EfiTlsServerRandom:
> + if (*DataSize < sizeof (EFI_TLS_RANDOM)) {
> + *DataSize = sizeof (EFI_TLS_RANDOM);
> + Status = EFI_BUFFER_TOO_SMALL;
> + goto ON_EXIT;
> + }
> + *DataSize = sizeof (EFI_TLS_RANDOM);
> + TlsGetServerRandom (Instance->TlsConn, (UINT8 *) Data);
> + break;
> + case EfiTlsKeyMaterial:
> + if (*DataSize < sizeof (EFI_TLS_MASTER_SECRET)) {
> + *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
> + Status = EFI_BUFFER_TOO_SMALL;
> + goto ON_EXIT;
> + }
> + *DataSize = sizeof (EFI_TLS_MASTER_SECRET);
> + Status = TlsGetKeyMaterial (Instance->TlsConn, (UINT8 *) Data);
> + break;
> + //
> + // Unsupported type.
> + //
> + default:
> + Status = EFI_UNSUPPORTED;
> + }
> +
> +ON_EXIT:
> + gBS->RestoreTPL (OldTpl);
> + return Status;
> +}
> +
> +/**
> + Build response packet according to TLS state machine. This function is only
> valid for
> + alert, handshake and change_cipher_spec content type.
> +
> + The BuildResponsePacket() function builds TLS response packet in
> response to the TLS
> + request packet specified by RequestBuffer and RequestSize. If
> RequestBuffer is NULL and
> + RequestSize is 0, and TLS session status is EfiTlsSessionNotStarted, the TLS
> session
> + will be initiated and the response packet needs to be ClientHello. If
> RequestBuffer is
> + NULL and RequestSize is 0, and TLS session status is EfiTlsSessionClosing,
> the TLS
> + session will be closed and response packet needs to be CloseNotify. If
> RequestBuffer is
> + NULL and RequestSize is 0, and TLS session status is EfiTlsSessionError, the
> TLS
> + session has errors and the response packet needs to be Alert message
> based on error
> + type.
> +
> + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[in] RequestBuffer Pointer to the most recently received TLS
> packet. NULL
> + means TLS need initiate the TLS session and response
> + packet need to be ClientHello.
> + @param[in] RequestSize Packet size in bytes for the most recently
> received TLS
> + packet. 0 is only valid when RequestBuffer is NULL.
> + @param[out] Buffer Pointer to the buffer to hold the built packet.
> + @param[in, out] BufferSize Pointer to the buffer size in bytes. On input,
> it is
> + the buffer size provided by the caller. On output, it
> + is the buffer size in fact needed to contain the
> + packet.
> +
> + @retval EFI_SUCCESS The required TLS packet is built successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + RequestBuffer is NULL but RequestSize is NOT 0.
> + RequestSize is 0 but RequestBuffer is NOT NULL.
> + BufferSize is NULL.
> + Buffer is NULL if *BufferSize is not zero.
> + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the
> response packet.
> + @retval EFI_NOT_READY Current TLS session state is NOT ready to
> build
> + ResponsePacket.
> + @retval EFI_ABORTED Something wrong build response packet.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsBuildResponsePacket (
> + IN EFI_TLS_PROTOCOL *This,
> + IN UINT8 *RequestBuffer, OPTIONAL
> + IN UINTN RequestSize, OPTIONAL
> + OUT UINT8 *Buffer, OPTIONAL
> + IN OUT UINTN *BufferSize
> + )
> +{
> + EFI_STATUS Status;
> + TLS_INSTANCE *Instance;
> + EFI_TPL OldTpl;
> +
> + Status = EFI_SUCCESS;
> +
> + if ((This == NULL) || (BufferSize == NULL) ||
> + (RequestBuffer == NULL && RequestSize != 0) ||
> + (RequestBuffer != NULL && RequestSize == 0) ||
> + (Buffer == NULL && *BufferSize !=0)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> +
> + Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
> +
> + if(RequestBuffer == NULL && RequestSize == 0) {
> + switch (Instance->TlsSessionState) {
> + case EfiTlsSessionNotStarted:
> + //
> + // ClientHello.
> + //
> + Status = TlsDoHandshake (
> + Instance->TlsConn,
> + NULL,
> + 0,
> + Buffer,
> + BufferSize
> + );
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + //
> + // *BufferSize should not be zero when ClientHello.
> + //
> + if (*BufferSize == 0) {
> + Status = EFI_ABORTED;
> + goto ON_EXIT;
> + }
> +
> + Instance->TlsSessionState = EfiTlsSessionHandShaking;
> +
> + break;
> + case EfiTlsSessionClosing:
> + //
> + // TLS session will be closed and response packet needs to be
> CloseNotify.
> + //
> + Status = TlsCloseNotify (
> + Instance->TlsConn,
> + Buffer,
> + BufferSize
> + );
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + //
> + // *BufferSize should not be zero when build CloseNotify message.
> + //
> + if (*BufferSize == 0) {
> + Status = EFI_ABORTED;
> + goto ON_EXIT;
> + }
> +
> + break;
> + case EfiTlsSessionError:
> + //
> + // TLS session has errors and the response packet needs to be Alert
> + // message based on error type.
> + //
> + Status = TlsHandleAlert (
> + Instance->TlsConn,
> + NULL,
> + 0,
> + Buffer,
> + BufferSize
> + );
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + break;
> + default:
> + //
> + // Current TLS session state is NOT ready to build ResponsePacket.
> + //
> + Status = EFI_NOT_READY;
> + }
> + } else {
> + //
> + // 1. Received packet may have multiple TLS record messages.
> + // 2. One TLS record message may have multiple handshake protocol.
> + // 3. Some errors may be happened in handshake.
> + // TlsDoHandshake() can handle all of those cases.
> + //
> + if (TlsInHandshake (Instance->TlsConn)) {
> + Status = TlsDoHandshake (
> + Instance->TlsConn,
> + RequestBuffer,
> + RequestSize,
> + Buffer,
> + BufferSize
> + );
> + if (EFI_ERROR (Status)) {
> + goto ON_EXIT;
> + }
> +
> + if (!TlsInHandshake (Instance->TlsConn)) {
> + Instance->TlsSessionState = EfiTlsSessionDataTransferring;
> + }
> + } else {
> + //
> + // Must be alert message, Decrypt it and build the ResponsePacket.
> + //
> + ASSERT (((TLS_RECORD_HEADER *) RequestBuffer)->ContentType ==
> TlsContentTypeAlert);
> +
> + Status = TlsHandleAlert (
> + Instance->TlsConn,
> + RequestBuffer,
> + RequestSize,
> + Buffer,
> + BufferSize
> + );
> + if (EFI_ERROR (Status)) {
> + if (Status != EFI_BUFFER_TOO_SMALL) {
> + Instance->TlsSessionState = EfiTlsSessionError;
> + }
> +
> + goto ON_EXIT;
> + }
> + }
> + }
> +
> +ON_EXIT:
> + gBS->RestoreTPL (OldTpl);
> + return Status;
> +}
> +
> +/**
> + Decrypt or encrypt TLS packet during session. This function is only valid
> after
> + session connected and for application_data content type.
> +
> + The ProcessPacket () function process each inbound or outbound TLS APP
> packet.
> +
> + @param[in] This Pointer to the EFI_TLS_PROTOCOL instance.
> + @param[in, out] FragmentTable Pointer to a list of fragment. The caller
> will take
> + responsible to handle the original FragmentTable while
> + it may be reallocated in TLS driver. If CryptMode is
> + EfiTlsEncrypt, on input these fragments contain the TLS
> + header and plain text TLS APP payload; on output these
> + fragments contain the TLS header and cipher text TLS
> + APP payload. If CryptMode is EfiTlsDecrypt, on input
> + these fragments contain the TLS header and cipher text
> + TLS APP payload; on output these fragments contain the
> + TLS header and plain text TLS APP payload.
> + @param[in] FragmentCount Number of fragment.
> + @param[in] CryptMode Crypt mode.
> +
> + @retval EFI_SUCCESS The operation completed successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following
> conditions is TRUE:
> + This is NULL.
> + FragmentTable is NULL.
> + FragmentCount is NULL.
> + CryptoMode is invalid.
> + @retval EFI_NOT_READY Current TLS session state is NOT
> + EfiTlsSessionDataTransferring.
> + @retval EFI_ABORTED Something wrong decryption the message.
> TLS session
> + status will become EfiTlsSessionError. The caller need
> + call BuildResponsePacket() to generate Error Alert
> + message and send it out.
> + @retval EFI_OUT_OF_RESOURCES No enough resource to finish the
> operation.
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsProcessPacket (
> + IN EFI_TLS_PROTOCOL *This,
> + IN OUT EFI_TLS_FRAGMENT_DATA **FragmentTable,
> + IN UINT32 *FragmentCount,
> + IN EFI_TLS_CRYPT_MODE CryptMode
> + )
> +{
> + EFI_STATUS Status;
> + TLS_INSTANCE *Instance;
> +
> + EFI_TPL OldTpl;
> +
> + Status = EFI_SUCCESS;
> +
> + if (This == NULL || FragmentTable == NULL || FragmentCount == NULL) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
> +
> + Instance = TLS_INSTANCE_FROM_PROTOCOL (This);
> +
> + if (Instance->TlsSessionState != EfiTlsSessionDataTransferring) {
> + Status = EFI_NOT_READY;
> + goto ON_EXIT;
> + }
> +
> + //
> + // Packet sent or received may have multiple TLS record messages
> (Application data type).
> + // So,on input these fragments contain the TLS header and TLS APP
> payload;
> + // on output these fragments also contain the TLS header and TLS APP
> payload.
> + //
> + switch (CryptMode) {
> + case EfiTlsEncrypt:
> + Status = TlsEncryptPacket (Instance, FragmentTable, FragmentCount);
> + break;
> + case EfiTlsDecrypt:
> + Status = TlsDecryptPacket (Instance, FragmentTable, FragmentCount);
> + break;
> + default:
> + return EFI_INVALID_PARAMETER;
> + }
> +
> +ON_EXIT:
> + gBS->RestoreTPL (OldTpl);
> + return Status;
> +}
> +
> --
> 2.12.0.windows.1
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2017-04-06 5:29 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-04-06 2:25 [PATCH 0/6] Convert files to CRLF line ending Hao Wu
2017-04-06 2:25 ` [PATCH 1/6] CryptoPkg: " Hao Wu
2017-04-06 2:56 ` Long, Qin
2017-04-06 2:25 ` [PATCH 2/6] IntelFsp2Pkg: " Hao Wu
2017-04-06 3:08 ` Yao, Jiewen
2017-04-06 2:25 ` [PATCH 3/6] IntelFsp2WrapperPkg: " Hao Wu
2017-04-06 3:08 ` Yao, Jiewen
2017-04-06 2:25 ` [PATCH 4/6] SignedCapsulePkg: " Hao Wu
2017-04-06 3:08 ` Yao, Jiewen
2017-04-06 2:25 ` [PATCH 5/6] MdePkg: " Hao Wu
2017-04-06 4:45 ` Gao, Liming
2017-04-06 2:25 ` [PATCH 6/6] NetworkPkg: " Hao Wu
2017-04-06 5:29 ` Wu, Jiaxin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox