* [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor TlsCreateChild
2024-01-05 8:37 [edk2-devel] [PATCH 0/5] Refactor HTTP DXE to provide TLS reconfiguration capability Chang, Abner via groups.io
@ 2024-01-05 8:37 ` Chang, Abner via groups.io
2024-01-05 17:11 ` Michael Brown
2024-01-05 8:37 ` [edk2-devel] [PATCH 2/5] NetwokrPkg/HttpDxe: Consider TLS certificate not found as a success case Chang, Abner via groups.io
` (3 subsequent siblings)
4 siblings, 1 reply; 15+ messages in thread
From: Chang, Abner via groups.io @ 2024-01-05 8:37 UTC (permalink / raw)
To: devel
Cc: Saloni Kasbekar, Zachary Clark-williams, Michael Brown,
Nickle Wang, Igor Kulchytskyy
From: Abner Chang <abner.chang@amd.com>
- Use HTTP instance as the parameter for TlsCreateChild function.
- Install TLS protocol on the HTTP instance thats create TLS child.
Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
NetworkPkg/HttpDxe/HttpProto.h | 3 +-
NetworkPkg/HttpDxe/HttpsSupport.h | 18 ++++---
NetworkPkg/HttpDxe/HttpImpl.c | 23 ++-------
NetworkPkg/HttpDxe/HttpProto.c | 7 +--
NetworkPkg/HttpDxe/HttpsSupport.c | 78 ++++++++++++++++++-------------
5 files changed, 64 insertions(+), 65 deletions(-)
diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h
index 012f1f4b467..7e77b389a78 100644
--- a/NetworkPkg/HttpDxe/HttpProto.h
+++ b/NetworkPkg/HttpDxe/HttpProto.h
@@ -3,6 +3,7 @@
Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -171,7 +172,7 @@ typedef struct _HTTP_PROTOCOL {
BOOLEAN UseHttps;
EFI_SERVICE_BINDING_PROTOCOL *TlsSb;
- EFI_HANDLE TlsChildHandle; /// Tls ChildHandle
+ BOOLEAN TlsAlreadyCreated;
TLS_CONFIG_DATA TlsConfigData;
EFI_TLS_PROTOCOL *Tls;
EFI_TLS_CONFIGURATION_PROTOCOL *TlsConfiguration;
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h b/NetworkPkg/HttpDxe/HttpsSupport.h
index 3c70825e8c3..5b44c7ac395 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.h
+++ b/NetworkPkg/HttpDxe/HttpsSupport.h
@@ -2,6 +2,7 @@
The header files of miscellaneous routines specific to Https for HttpDxe driver.
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -30,21 +31,18 @@ IsHttpsUrl (
/**
Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
- @param[in] ImageHandle The firmware allocated handle for the UEFI image.
- @param[out] TlsSb Pointer to the TLS SERVICE_BINDING_PROTOCOL.
- @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
- @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+ @return EFI_SUCCESS TLS child handle is returned in HttpInstance->TlsChildHandle
+ with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+ EFI_DEVICE_ERROR TLS service binding protocol is not found.
+ Otherwise Fail to create TLS chile handle.
**/
-EFI_HANDLE
+EFI_STATUS
EFIAPI
TlsCreateChild (
- IN EFI_HANDLE ImageHandle,
- OUT EFI_SERVICE_BINDING_PROTOCOL **TlsSb,
- OUT EFI_TLS_PROTOCOL **TlsProto,
- OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
+ IN HTTP_PROTOCOL *HttpInstance
);
/**
diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c
index 7c5c925cf78..6606c293421 100644
--- a/NetworkPkg/HttpDxe/HttpImpl.c
+++ b/NetworkPkg/HttpDxe/HttpImpl.c
@@ -3,6 +3,7 @@
Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015-2016 Hewlett Packard Enterprise Development LP<BR>
+ Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -248,7 +249,6 @@ EfiHttpRequest (
HTTP_TOKEN_WRAP *Wrap;
CHAR8 *FileUrl;
UINTN RequestMsgSize;
- EFI_HANDLE ImageHandle;
//
// Initializations
@@ -371,23 +371,10 @@ EfiHttpRequest (
//
// Check whether we need to create Tls child and open the TLS protocol.
//
- if (HttpInstance->UseHttps && (HttpInstance->TlsChildHandle == NULL)) {
- //
- // Use TlsSb to create Tls child and open the TLS protocol.
- //
- if (HttpInstance->LocalAddressIsIPv6) {
- ImageHandle = HttpInstance->Service->Ip6DriverBindingHandle;
- } else {
- ImageHandle = HttpInstance->Service->Ip4DriverBindingHandle;
- }
-
- HttpInstance->TlsChildHandle = TlsCreateChild (
- ImageHandle,
- &(HttpInstance->TlsSb),
- &(HttpInstance->Tls),
- &(HttpInstance->TlsConfiguration)
- );
- if (HttpInstance->TlsChildHandle == NULL) {
+ if (HttpInstance->UseHttps && !HttpInstance->TlsAlreadyCreated) {
+ // Create TLS child for this HTTP instance.
+ Status = TlsCreateChild (HttpInstance);
+ if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c
index 7dfb82dd2e5..94900328ba9 100644
--- a/NetworkPkg/HttpDxe/HttpProto.c
+++ b/NetworkPkg/HttpDxe/HttpProto.c
@@ -3,6 +3,7 @@
Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -852,12 +853,12 @@ HttpCleanProtocol (
NetMapClean (&HttpInstance->TxTokens);
NetMapClean (&HttpInstance->RxTokens);
- if ((HttpInstance->TlsSb != NULL) && (HttpInstance->TlsChildHandle != NULL)) {
+ if ((HttpInstance->TlsSb != NULL) && HttpInstance->TlsAlreadyCreated) {
//
// Destroy the TLS instance.
//
- HttpInstance->TlsSb->DestroyChild (HttpInstance->TlsSb, HttpInstance->TlsChildHandle);
- HttpInstance->TlsChildHandle = NULL;
+ HttpInstance->TlsSb->DestroyChild (HttpInstance->TlsSb, HttpInstance->Handle);
+ HttpInstance->TlsAlreadyCreated = FALSE;
}
if (HttpInstance->Tcp4ChildHandle != NULL) {
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index 7330be42c00..a07323ff0bd 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -3,6 +3,7 @@
Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+Copyright (C) 2024 Advanced Micro Devices, Inc. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -134,27 +135,31 @@ IsHttpsUrl (
/**
Creates a Tls child handle, open EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
- @param[in] ImageHandle The firmware allocated handle for the UEFI image.
- @param[out] TlsSb Pointer to the TLS SERVICE_BINDING_PROTOCOL.
- @param[out] TlsProto Pointer to the EFI_TLS_PROTOCOL instance.
- @param[out] TlsConfiguration Pointer to the EFI_TLS_CONFIGURATION_PROTOCOL instance.
+ @param[in] HttpInstance Pointer to HTTP_PROTOCOL structure.
- @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+ @return EFI_SUCCESS TLS child handle is returned in HttpInstance->TlsChildHandle
+ with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
+ EFI_DEVICE_ERROR TLS service binding protocol is not found.
+ Otherwise Fail to create TLS chile handle.
**/
-EFI_HANDLE
+EFI_STATUS
EFIAPI
TlsCreateChild (
- IN EFI_HANDLE ImageHandle,
- OUT EFI_SERVICE_BINDING_PROTOCOL **TlsSb,
- OUT EFI_TLS_PROTOCOL **TlsProto,
- OUT EFI_TLS_CONFIGURATION_PROTOCOL **TlsConfiguration
+ IN HTTP_PROTOCOL *HttpInstance
)
{
+ EFI_HANDLE ImageHandle;
EFI_STATUS Status;
- EFI_HANDLE TlsChildHandle;
- TlsChildHandle = 0;
+ //
+ // Use TlsSb to create Tls child and open the TLS protocol.
+ //
+ if (HttpInstance->LocalAddressIsIPv6) {
+ ImageHandle = HttpInstance->Service->Ip6DriverBindingHandle;
+ } else {
+ ImageHandle = HttpInstance->Service->Ip4DriverBindingHandle;
+ }
//
// Locate TlsServiceBinding protocol.
@@ -162,44 +167,51 @@ TlsCreateChild (
gBS->LocateProtocol (
&gEfiTlsServiceBindingProtocolGuid,
NULL,
- (VOID **)TlsSb
+ (VOID **)&HttpInstance->TlsSb
);
- if (*TlsSb == NULL) {
- return NULL;
+ if (HttpInstance->TlsSb == NULL) {
+ return EFI_DEVICE_ERROR;
}
- Status = (*TlsSb)->CreateChild (*TlsSb, &TlsChildHandle);
+ //
+ // Create TLS protocol on HTTP handle, this creates the association between HTTP and TLS
+ // for HTTP driver external usages.
+ //
+ Status = HttpInstance->TlsSb->CreateChild (HttpInstance->TlsSb, &HttpInstance->Handle);
if (EFI_ERROR (Status)) {
- return NULL;
+ return Status;
}
- Status = gBS->OpenProtocol (
- TlsChildHandle,
- &gEfiTlsProtocolGuid,
- (VOID **)TlsProto,
- ImageHandle,
- TlsChildHandle,
- EFI_OPEN_PROTOCOL_GET_PROTOCOL
- );
+ HttpInstance->TlsAlreadyCreated = TRUE;
+ Status = gBS->OpenProtocol (
+ HttpInstance->Handle,
+ &gEfiTlsProtocolGuid,
+ (VOID **)&HttpInstance->Tls,
+ ImageHandle,
+ HttpInstance->Handle,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL
+ );
if (EFI_ERROR (Status)) {
- (*TlsSb)->DestroyChild (*TlsSb, TlsChildHandle);
- return NULL;
+ HttpInstance->TlsSb->DestroyChild (HttpInstance->TlsSb, HttpInstance->Handle);
+ HttpInstance->TlsAlreadyCreated = FALSE;
+ return Status;
}
Status = gBS->OpenProtocol (
- TlsChildHandle,
+ HttpInstance->Handle,
&gEfiTlsConfigurationProtocolGuid,
- (VOID **)TlsConfiguration,
+ (VOID **)&HttpInstance->TlsConfiguration,
ImageHandle,
- TlsChildHandle,
+ HttpInstance->Handle,
EFI_OPEN_PROTOCOL_GET_PROTOCOL
);
if (EFI_ERROR (Status)) {
- (*TlsSb)->DestroyChild (*TlsSb, TlsChildHandle);
- return NULL;
+ HttpInstance->TlsSb->DestroyChild (HttpInstance->TlsSb, HttpInstance->Handle);
+ HttpInstance->TlsAlreadyCreated = FALSE;
+ return Status;
}
- return TlsChildHandle;
+ return EFI_SUCCESS;
}
/**
--
2.37.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113225): https://edk2.groups.io/g/devel/message/113225
Mute This Topic: https://groups.io/mt/103539578/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor TlsCreateChild
2024-01-05 8:37 ` [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor TlsCreateChild Chang, Abner via groups.io
@ 2024-01-05 17:11 ` Michael Brown
2024-01-05 21:32 ` Saloni Kasbekar
0 siblings, 1 reply; 15+ messages in thread
From: Michael Brown @ 2024-01-05 17:11 UTC (permalink / raw)
To: abner.chang, devel
Cc: Saloni Kasbekar, Zachary Clark-williams, Nickle Wang,
Igor Kulchytskyy
On 05/01/2024 08:37, abner.chang@amd.com wrote:
> From: Abner Chang <abner.chang@amd.com>
>
> - Use HTTP instance as the parameter for TlsCreateChild function.
> - Install TLS protocol on the HTTP instance thats create TLS child.
Logic looks good to me, just some minor cosmetic comments.
Commit title has "NetwokrPkg" typo, should be "NetworkPkg".
> - @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
> + @return EFI_SUCCESS TLS child handle is returned in HttpInstance->TlsChildHandle
> + with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
Comment refers to TlsChildHandle, which no longer exists after this patch.
> - @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
> + @return EFI_SUCCESS TLS child handle is returned in HttpInstance->TlsChildHandle
> + with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
As above.
Reviewed-by: Michael Brown <mcb30@ipxe.org>
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113309): https://edk2.groups.io/g/devel/message/113309
Mute This Topic: https://groups.io/mt/103539578/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor TlsCreateChild
2024-01-05 17:11 ` Michael Brown
@ 2024-01-05 21:32 ` Saloni Kasbekar
2024-01-07 12:08 ` Chang, Abner via groups.io
0 siblings, 1 reply; 15+ messages in thread
From: Saloni Kasbekar @ 2024-01-05 21:32 UTC (permalink / raw)
To: devel@edk2.groups.io, mcb30@ipxe.org, abner.chang@amd.com
Cc: Clark-williams, Zachary, Nickle Wang, Igor Kulchytskyy
//
// Check whether we need to create Tls child and open the TLS protocol.
//
+ if (HttpInstance->UseHttps && !HttpInstance->TlsAlreadyCreated) {
+ // Create TLS child for this HTTP instance.
+ Status = TlsCreateChild (HttpInstance);
+ if (EFI_ERROR (Status)) {
return EFI_DEVICE_ERROR;
}
Considering we're not creating TlsChildHandle anymore, we should probably rename TlsCreateChild() to TlsCreateHandle(). Also update the comments accordingly.
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael Brown
Sent: Friday, January 5, 2024 9:12 AM
To: abner.chang@amd.com; devel@edk2.groups.io
Cc: Kasbekar, Saloni <saloni.kasbekar@intel.com>; Clark-williams, Zachary <zachary.clark-williams@intel.com>; Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy <igork@ami.com>
Subject: Re: [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor TlsCreateChild
On 05/01/2024 08:37, abner.chang@amd.com wrote:
> From: Abner Chang <abner.chang@amd.com>
>
> - Use HTTP instance as the parameter for TlsCreateChild function.
> - Install TLS protocol on the HTTP instance thats create TLS child.
Logic looks good to me, just some minor cosmetic comments.
Commit title has "NetwokrPkg" typo, should be "NetworkPkg".
> - @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
> + @return EFI_SUCCESS TLS child handle is returned in HttpInstance->TlsChildHandle
> + with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
Comment refers to TlsChildHandle, which no longer exists after this patch.
> - @return The child handle with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
> + @return EFI_SUCCESS TLS child handle is returned in HttpInstance->TlsChildHandle
> + with opened EFI_TLS_PROTOCOL and EFI_TLS_CONFIGURATION_PROTOCOL.
As above.
Reviewed-by: Michael Brown <mcb30@ipxe.org>
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113321): https://edk2.groups.io/g/devel/message/113321
Mute This Topic: https://groups.io/mt/103539578/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor TlsCreateChild
2024-01-05 21:32 ` Saloni Kasbekar
@ 2024-01-07 12:08 ` Chang, Abner via groups.io
2024-01-09 4:31 ` Chang, Abner via groups.io
0 siblings, 1 reply; 15+ messages in thread
From: Chang, Abner via groups.io @ 2024-01-07 12:08 UTC (permalink / raw)
To: devel@edk2.groups.io, saloni.kasbekar@intel.com, mcb30@ipxe.org
Cc: Clark-williams, Zachary, Nickle Wang, Igor Kulchytskyy
[AMD Official Use Only - General]
Hi Saloni,
We still create TLS child via service binding protocol, the difference is we give HTTP handle to TLS service binding for installing TLS protocol on the HTTP handle instead of a on a new EFI handle.
The logic is still the same just the code is moved around, I think we can just keep the function name the same..
Thanks
Abner
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Saloni
> Kasbekar via groups.io
> Sent: Saturday, January 6, 2024 5:32 AM
> To: devel@edk2.groups.io; mcb30@ipxe.org; Chang, Abner
> <Abner.Chang@amd.com>
> Cc: Clark-williams, Zachary <zachary.clark-williams@intel.com>; Nickle Wang
> <nicklew@nvidia.com>; Igor Kulchytskyy <igork@ami.com>
> Subject: Re: [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor
> TlsCreateChild
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> //
> // Check whether we need to create Tls child and open the TLS protocol.
> //
> + if (HttpInstance->UseHttps && !HttpInstance->TlsAlreadyCreated) {
> + // Create TLS child for this HTTP instance.
> + Status = TlsCreateChild (HttpInstance);
> + if (EFI_ERROR (Status)) {
> return EFI_DEVICE_ERROR;
> }
>
> Considering we're not creating TlsChildHandle anymore, we should probably
> rename TlsCreateChild() to TlsCreateHandle(). Also update the comments
> accordingly.
>
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael
> Brown
> Sent: Friday, January 5, 2024 9:12 AM
> To: abner.chang@amd.com; devel@edk2.groups.io
> Cc: Kasbekar, Saloni <saloni.kasbekar@intel.com>; Clark-williams, Zachary
> <zachary.clark-williams@intel.com>; Nickle Wang <nicklew@nvidia.com>; Igor
> Kulchytskyy <igork@ami.com>
> Subject: Re: [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor
> TlsCreateChild
>
> On 05/01/2024 08:37, abner.chang@amd.com wrote:
> > From: Abner Chang <abner.chang@amd.com>
> >
> > - Use HTTP instance as the parameter for TlsCreateChild function.
> > - Install TLS protocol on the HTTP instance thats create TLS child.
>
> Logic looks good to me, just some minor cosmetic comments.
>
> Commit title has "NetwokrPkg" typo, should be "NetworkPkg".
>
> > - @return The child handle with opened EFI_TLS_PROTOCOL and
> EFI_TLS_CONFIGURATION_PROTOCOL.
> > + @return EFI_SUCCESS TLS child handle is returned in HttpInstance-
> >TlsChildHandle
> > + with opened EFI_TLS_PROTOCOL and
> EFI_TLS_CONFIGURATION_PROTOCOL.
>
> Comment refers to TlsChildHandle, which no longer exists after this patch.
>
> > - @return The child handle with opened EFI_TLS_PROTOCOL and
> EFI_TLS_CONFIGURATION_PROTOCOL.
> > + @return EFI_SUCCESS TLS child handle is returned in HttpInstance-
> >TlsChildHandle
> > + with opened EFI_TLS_PROTOCOL and
> EFI_TLS_CONFIGURATION_PROTOCOL.
>
> As above.
>
> Reviewed-by: Michael Brown <mcb30@ipxe.org>
>
> Michael
>
>
>
>
>
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113324): https://edk2.groups.io/g/devel/message/113324
Mute This Topic: https://groups.io/mt/103539578/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor TlsCreateChild
2024-01-07 12:08 ` Chang, Abner via groups.io
@ 2024-01-09 4:31 ` Chang, Abner via groups.io
0 siblings, 0 replies; 15+ messages in thread
From: Chang, Abner via groups.io @ 2024-01-09 4:31 UTC (permalink / raw)
To: devel@edk2.groups.io, saloni.kasbekar@intel.com, mcb30@ipxe.org
Cc: Clark-williams, Zachary, Nickle Wang, Igor Kulchytskyy
[AMD Official Use Only - General]
Hi @saloni.kasbekar@intel.com,
Could you please check patch 1/6 and 3/6 in V2 and give your RB if there is no more concerns from you? Then I can merge this patch set. Thank you.
Abner
> -----Original Message-----
> From: Chang, Abner
> Sent: Sunday, January 7, 2024 8:08 PM
> To: devel@edk2.groups.io; saloni.kasbekar@intel.com; mcb30@ipxe.org
> Cc: Clark-williams, Zachary <zachary.clark-williams@intel.com>; Nickle Wang
> <nicklew@nvidia.com>; Igor Kulchytskyy <igork@ami.com>
> Subject: RE: [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor
> TlsCreateChild
>
> Hi Saloni,
> We still create TLS child via service binding protocol, the difference is we give
> HTTP handle to TLS service binding for installing TLS protocol on the HTTP
> handle instead of a on a new EFI handle.
> The logic is still the same just the code is moved around, I think we can just
> keep the function name the same..
>
> Thanks
> Abner
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Saloni
> > Kasbekar via groups.io
> > Sent: Saturday, January 6, 2024 5:32 AM
> > To: devel@edk2.groups.io; mcb30@ipxe.org; Chang, Abner
> > <Abner.Chang@amd.com>
> > Cc: Clark-williams, Zachary <zachary.clark-williams@intel.com>; Nickle Wang
> > <nicklew@nvidia.com>; Igor Kulchytskyy <igork@ami.com>
> > Subject: Re: [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor
> > TlsCreateChild
> >
> > Caution: This message originated from an External Source. Use proper
> caution
> > when opening attachments, clicking links, or responding.
> >
> >
> > //
> > // Check whether we need to create Tls child and open the TLS protocol.
> > //
> > + if (HttpInstance->UseHttps && !HttpInstance->TlsAlreadyCreated) {
> > + // Create TLS child for this HTTP instance.
> > + Status = TlsCreateChild (HttpInstance);
> > + if (EFI_ERROR (Status)) {
> > return EFI_DEVICE_ERROR;
> > }
> >
> > Considering we're not creating TlsChildHandle anymore, we should probably
> > rename TlsCreateChild() to TlsCreateHandle(). Also update the comments
> > accordingly.
> >
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael
> > Brown
> > Sent: Friday, January 5, 2024 9:12 AM
> > To: abner.chang@amd.com; devel@edk2.groups.io
> > Cc: Kasbekar, Saloni <saloni.kasbekar@intel.com>; Clark-williams, Zachary
> > <zachary.clark-williams@intel.com>; Nickle Wang <nicklew@nvidia.com>;
> Igor
> > Kulchytskyy <igork@ami.com>
> > Subject: Re: [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor
> > TlsCreateChild
> >
> > On 05/01/2024 08:37, abner.chang@amd.com wrote:
> > > From: Abner Chang <abner.chang@amd.com>
> > >
> > > - Use HTTP instance as the parameter for TlsCreateChild function.
> > > - Install TLS protocol on the HTTP instance thats create TLS child.
> >
> > Logic looks good to me, just some minor cosmetic comments.
> >
> > Commit title has "NetwokrPkg" typo, should be "NetworkPkg".
> >
> > > - @return The child handle with opened EFI_TLS_PROTOCOL and
> > EFI_TLS_CONFIGURATION_PROTOCOL.
> > > + @return EFI_SUCCESS TLS child handle is returned in HttpInstance-
> > >TlsChildHandle
> > > + with opened EFI_TLS_PROTOCOL and
> > EFI_TLS_CONFIGURATION_PROTOCOL.
> >
> > Comment refers to TlsChildHandle, which no longer exists after this patch.
> >
> > > - @return The child handle with opened EFI_TLS_PROTOCOL and
> > EFI_TLS_CONFIGURATION_PROTOCOL.
> > > + @return EFI_SUCCESS TLS child handle is returned in HttpInstance-
> > >TlsChildHandle
> > > + with opened EFI_TLS_PROTOCOL and
> > EFI_TLS_CONFIGURATION_PROTOCOL.
> >
> > As above.
> >
> > Reviewed-by: Michael Brown <mcb30@ipxe.org>
> >
> > Michael
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113420): https://edk2.groups.io/g/devel/message/113420
Mute This Topic: https://groups.io/mt/103539578/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 15+ messages in thread
* [edk2-devel] [PATCH 2/5] NetwokrPkg/HttpDxe: Consider TLS certificate not found as a success case
2024-01-05 8:37 [edk2-devel] [PATCH 0/5] Refactor HTTP DXE to provide TLS reconfiguration capability Chang, Abner via groups.io
2024-01-05 8:37 ` [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor TlsCreateChild Chang, Abner via groups.io
@ 2024-01-05 8:37 ` Chang, Abner via groups.io
2024-01-05 17:12 ` Michael Brown
2024-01-05 20:26 ` Saloni Kasbekar
2024-01-05 8:37 ` [edk2-devel] [PATCH 3/5] NetwokrPkg/HttpDxe: Add HttpEventTlsConfigured HTTP callback event Chang, Abner via groups.io
` (2 subsequent siblings)
4 siblings, 2 replies; 15+ messages in thread
From: Chang, Abner via groups.io @ 2024-01-05 8:37 UTC (permalink / raw)
To: devel
Cc: Saloni Kasbekar, Zachary Clark-williams, Michael Brown,
Nickle Wang, Igor Kulchytskyy
From: Abner Chang <abner.chang@amd.com>
We still return EFI_SUCCESS to the caller when TlsConfigCertificate
returns error, for the use case the platform doesn't require
certificate for the specific HTTP session. This ensures
HttpInitSession function still initiated and returns EFI_SUCCESS to
the caller. The failure is pushed back to TLS DXE driver if the
HTTP communication actually requires certificate.
Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
NetworkPkg/HttpDxe/HttpsSupport.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index a07323ff0bd..04a830f7152 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -722,8 +722,21 @@ TlsConfigureSession (
//
Status = TlsConfigCertificate (HttpInstance);
if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
- return Status;
+ if (Status == EFI_NOT_FOUND) {
+ DEBUG((DEBUG_WARN, "TLS Certificate is not found on the system!\n"));
+ //
+ // We still return EFI_SUCCESS to the caller when TlsConfigCertificate
+ // returns error, for the use case the platform doesn't require
+ // certificate for the specific HTTP session. This ensures
+ // HttpInitSession function still initiated and returns EFI_SUCCESS to
+ // the caller. The failure is pushed back to TLS DXE driver if the
+ // HTTP communication actually requires certificate.
+ //
+ Status = EFI_SUCCESS;
+ } else {
+ DEBUG((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
+ return Status;
+ }
}
//
--
2.37.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113226): https://edk2.groups.io/g/devel/message/113226
Mute This Topic: https://groups.io/mt/103539579/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH 2/5] NetwokrPkg/HttpDxe: Consider TLS certificate not found as a success case
2024-01-05 8:37 ` [edk2-devel] [PATCH 2/5] NetwokrPkg/HttpDxe: Consider TLS certificate not found as a success case Chang, Abner via groups.io
@ 2024-01-05 17:12 ` Michael Brown
2024-01-05 20:26 ` Saloni Kasbekar
1 sibling, 0 replies; 15+ messages in thread
From: Michael Brown @ 2024-01-05 17:12 UTC (permalink / raw)
To: abner.chang, devel
Cc: Saloni Kasbekar, Zachary Clark-williams, Nickle Wang,
Igor Kulchytskyy
On 05/01/2024 08:37, abner.chang@amd.com wrote:
> We still return EFI_SUCCESS to the caller when TlsConfigCertificate
> returns error, for the use case the platform doesn't require
> certificate for the specific HTTP session. This ensures
> HttpInitSession function still initiated and returns EFI_SUCCESS to
> the caller. The failure is pushed back to TLS DXE driver if the
> HTTP communication actually requires certificate.
Reviewed-by: Michael Brown <mcb30@ipxe.org>
Thanks,
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113310): https://edk2.groups.io/g/devel/message/113310
Mute This Topic: https://groups.io/mt/103539579/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH 2/5] NetwokrPkg/HttpDxe: Consider TLS certificate not found as a success case
2024-01-05 8:37 ` [edk2-devel] [PATCH 2/5] NetwokrPkg/HttpDxe: Consider TLS certificate not found as a success case Chang, Abner via groups.io
2024-01-05 17:12 ` Michael Brown
@ 2024-01-05 20:26 ` Saloni Kasbekar
1 sibling, 0 replies; 15+ messages in thread
From: Saloni Kasbekar @ 2024-01-05 20:26 UTC (permalink / raw)
To: abner.chang@amd.com, devel@edk2.groups.io
Cc: Clark-williams, Zachary, Michael Brown, Nickle Wang,
Igor Kulchytskyy
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-----Original Message-----
From: abner.chang@amd.com <abner.chang@amd.com>
Sent: Friday, January 5, 2024 12:37 AM
To: devel@edk2.groups.io
Cc: Kasbekar, Saloni <saloni.kasbekar@intel.com>; Clark-williams, Zachary <zachary.clark-williams@intel.com>; Michael Brown <mcb30@ipxe.org>; Nickle Wang <nicklew@nvidia.com>; Igor Kulchytskyy <igork@ami.com>
Subject: [PATCH 2/5] NetwokrPkg/HttpDxe: Consider TLS certificate not found as a success case
From: Abner Chang <abner.chang@amd.com>
We still return EFI_SUCCESS to the caller when TlsConfigCertificate returns error, for the use case the platform doesn't require certificate for the specific HTTP session. This ensures HttpInitSession function still initiated and returns EFI_SUCCESS to the caller. The failure is pushed back to TLS DXE driver if the HTTP communication actually requires certificate.
Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
NetworkPkg/HttpDxe/HttpsSupport.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index a07323ff0bd..04a830f7152 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -722,8 +722,21 @@ TlsConfigureSession (
//
Status = TlsConfigCertificate (HttpInstance);
if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
- return Status;
+ if (Status == EFI_NOT_FOUND) {
+ DEBUG((DEBUG_WARN, "TLS Certificate is not found on the system!\n"));
+ //
+ // We still return EFI_SUCCESS to the caller when TlsConfigCertificate
+ // returns error, for the use case the platform doesn't require
+ // certificate for the specific HTTP session. This ensures
+ // HttpInitSession function still initiated and returns EFI_SUCCESS to
+ // the caller. The failure is pushed back to TLS DXE driver if the
+ // HTTP communication actually requires certificate.
+ //
+ Status = EFI_SUCCESS;
+ } else {
+ DEBUG((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
+ return Status;
+ }
}
//
--
2.37.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113319): https://edk2.groups.io/g/devel/message/113319
Mute This Topic: https://groups.io/mt/103539579/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [edk2-devel] [PATCH 3/5] NetwokrPkg/HttpDxe: Add HttpEventTlsConfigured HTTP callback event
2024-01-05 8:37 [edk2-devel] [PATCH 0/5] Refactor HTTP DXE to provide TLS reconfiguration capability Chang, Abner via groups.io
2024-01-05 8:37 ` [edk2-devel] [PATCH 1/5] NetwokrPkg/HttpDxe: Refactor TlsCreateChild Chang, Abner via groups.io
2024-01-05 8:37 ` [edk2-devel] [PATCH 2/5] NetwokrPkg/HttpDxe: Consider TLS certificate not found as a success case Chang, Abner via groups.io
@ 2024-01-05 8:37 ` Chang, Abner via groups.io
2024-01-05 17:14 ` Michael Brown
2024-01-05 8:37 ` [edk2-devel] [PATCH 4/5] RedfishPkg/RedfishRestExDxe: Implement EDKII_HTTP_CALLBACK_PROTOCOL Chang, Abner via groups.io
2024-01-05 8:37 ` [edk2-devel] [PATCH 5/5] RedfishPkg/RedfishRestExDxe: Update Supported function Chang, Abner via groups.io
4 siblings, 1 reply; 15+ messages in thread
From: Chang, Abner via groups.io @ 2024-01-05 8:37 UTC (permalink / raw)
To: devel
Cc: Saloni Kasbekar, Zachary Clark-williams, Michael Brown,
Nickle Wang, Igor Kulchytskyy
From: Abner Chang <abner.chang@amd.com>
Add HttpEventTlsConfigured HTTP callback event and notify
callback functions when TlsConfigureSession () returns.
Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
NetworkPkg/Include/Protocol/HttpCallback.h | 11 +++++++++++
NetworkPkg/HttpDxe/HttpProto.c | 1 +
NetworkPkg/HttpDxe/HttpsSupport.c | 4 ++--
3 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/NetworkPkg/Include/Protocol/HttpCallback.h b/NetworkPkg/Include/Protocol/HttpCallback.h
index 3accd2f8424..a785c972f8f 100644
--- a/NetworkPkg/Include/Protocol/HttpCallback.h
+++ b/NetworkPkg/Include/Protocol/HttpCallback.h
@@ -39,6 +39,17 @@ typedef enum {
///
HttpEventConnectTcp,
+ ///
+ /// The Status of Event to configure TLS configuration data.
+ /// EventStatus:
+ /// EFI_SUCCESS The TLS is configured successfully with the default value.
+ /// EFI_INVALID_PARAMETER One or more input parameters to SetSessionData() is invalid.
+ /// EFI_NOT_READY Current TLS session state is NOT EfiTlsSessionStateNotStarted.
+ /// EFI_NOT_FOUND Fail to get 'HttpTlsCipherList' variable.
+ /// Others Other error as indicated.
+ ///
+ HttpEventTlsConfigured,
+
///
/// The Status of Event to connect one TLS session by finishing the TLS handshake process.
/// EventStatus:
diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.c
index 94900328ba9..9c3b497dce2 100644
--- a/NetworkPkg/HttpDxe/HttpProto.c
+++ b/NetworkPkg/HttpDxe/HttpProto.c
@@ -1418,6 +1418,7 @@ HttpInitSession (
//
if (TlsConfigure) {
Status = TlsConfigureSession (HttpInstance);
+ HttpNotify (HttpEventTlsConfigured, Status);
if (EFI_ERROR (Status)) {
return Status;
}
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index 04a830f7152..8d7bffe1e9c 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -723,7 +723,7 @@ TlsConfigureSession (
Status = TlsConfigCertificate (HttpInstance);
if (EFI_ERROR (Status)) {
if (Status == EFI_NOT_FOUND) {
- DEBUG((DEBUG_WARN, "TLS Certificate is not found on the system!\n"));
+ DEBUG ((DEBUG_WARN, "TLS Certificate is not found on the system!\n"));
//
// We still return EFI_SUCCESS to the caller when TlsConfigCertificate
// returns error, for the use case the platform doesn't require
@@ -734,7 +734,7 @@ TlsConfigureSession (
//
Status = EFI_SUCCESS;
} else {
- DEBUG((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
+ DEBUG ((DEBUG_ERROR, "TLS Certificate Config Error!\n"));
return Status;
}
}
--
2.37.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113227): https://edk2.groups.io/g/devel/message/113227
Mute This Topic: https://groups.io/mt/103539580/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH 3/5] NetwokrPkg/HttpDxe: Add HttpEventTlsConfigured HTTP callback event
2024-01-05 8:37 ` [edk2-devel] [PATCH 3/5] NetwokrPkg/HttpDxe: Add HttpEventTlsConfigured HTTP callback event Chang, Abner via groups.io
@ 2024-01-05 17:14 ` Michael Brown
2024-01-07 12:19 ` Chang, Abner via groups.io
0 siblings, 1 reply; 15+ messages in thread
From: Michael Brown @ 2024-01-05 17:14 UTC (permalink / raw)
To: abner.chang, devel
Cc: Saloni Kasbekar, Zachary Clark-williams, Nickle Wang,
Igor Kulchytskyy
On 05/01/2024 08:37, abner.chang@amd.com wrote:
> + ///
> + /// The Status of Event to configure TLS configuration data.
> + /// EventStatus:
> + /// EFI_SUCCESS The TLS is configured successfully with the default value.
> + /// EFI_INVALID_PARAMETER One or more input parameters to SetSessionData() is invalid.
> + /// EFI_NOT_READY Current TLS session state is NOT EfiTlsSessionStateNotStarted.
> + /// EFI_NOT_FOUND Fail to get 'HttpTlsCipherList' variable.
> + /// Others Other error as indicated.
> + ///
> + HttpEventTlsConfigured,
> +
Since this changes the ABI, you may want to also update the protocol
GUID to prevent strange errors if old and new binaries are used on the
same system.
Reviewed-by: Michael Brown <mcb30@ipxe.org>
Thanks,
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113311): https://edk2.groups.io/g/devel/message/113311
Mute This Topic: https://groups.io/mt/103539580/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH 3/5] NetwokrPkg/HttpDxe: Add HttpEventTlsConfigured HTTP callback event
2024-01-05 17:14 ` Michael Brown
@ 2024-01-07 12:19 ` Chang, Abner via groups.io
2024-01-07 13:26 ` Chang, Abner via groups.io
0 siblings, 1 reply; 15+ messages in thread
From: Chang, Abner via groups.io @ 2024-01-07 12:19 UTC (permalink / raw)
To: Michael Brown, devel@edk2.groups.io
Cc: Saloni Kasbekar, Zachary Clark-williams, Nickle Wang,
Igor Kulchytskyy
[AMD Official Use Only - General]
> -----Original Message-----
> From: Michael Brown <mcb30@ipxe.org>
> Sent: Saturday, January 6, 2024 1:15 AM
> To: Chang, Abner <Abner.Chang@amd.com>; devel@edk2.groups.io
> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>; Zachary Clark-williams
> <zachary.clark-williams@intel.com>; Nickle Wang <nicklew@nvidia.com>; Igor
> Kulchytskyy <igork@ami.com>
> Subject: Re: [PATCH 3/5] NetwokrPkg/HttpDxe: Add HttpEventTlsConfigured
> HTTP callback event
>
> Caution: This message originated from an External Source. Use proper caution
> when opening attachments, clicking links, or responding.
>
>
> On 05/01/2024 08:37, abner.chang@amd.com wrote:
> > + ///
> > + /// The Status of Event to configure TLS configuration data.
> > + /// EventStatus:
> > + /// EFI_SUCCESS The TLS is configured successfully with the default
> value.
> > + /// EFI_INVALID_PARAMETER One or more input parameters to
> SetSessionData() is invalid.
> > + /// EFI_NOT_READY Current TLS session state is NOT
> EfiTlsSessionStateNotStarted.
> > + /// EFI_NOT_FOUND Fail to get 'HttpTlsCipherList' variable.
> > + /// Others Other error as indicated.
> > + ///
> > + HttpEventTlsConfigured,
> > +
>
> Since this changes the ABI, you may want to also update the protocol
> GUID to prevent strange errors if old and new binaries are used on the
> same system.
This makes sense, will send out V2.
Thanks
Abner
>
> Reviewed-by: Michael Brown <mcb30@ipxe.org>
>
> Thanks,
>
> Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113325): https://edk2.groups.io/g/devel/message/113325
Mute This Topic: https://groups.io/mt/103539580/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [edk2-devel] [PATCH 3/5] NetwokrPkg/HttpDxe: Add HttpEventTlsConfigured HTTP callback event
2024-01-07 12:19 ` Chang, Abner via groups.io
@ 2024-01-07 13:26 ` Chang, Abner via groups.io
0 siblings, 0 replies; 15+ messages in thread
From: Chang, Abner via groups.io @ 2024-01-07 13:26 UTC (permalink / raw)
To: Michael Brown, devel@edk2.groups.io
Cc: Saloni Kasbekar, Zachary Clark-williams, Nickle Wang,
Igor Kulchytskyy
[AMD Official Use Only - General]
> -----Original Message-----
> From: Chang, Abner
> Sent: Sunday, January 7, 2024 8:19 PM
> To: Michael Brown <mcb30@ipxe.org>; devel@edk2.groups.io
> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>; Zachary Clark-williams
> <zachary.clark-williams@intel.com>; Nickle Wang <nicklew@nvidia.com>; Igor
> Kulchytskyy <igork@ami.com>
> Subject: RE: [PATCH 3/5] NetwokrPkg/HttpDxe: Add HttpEventTlsConfigured
> HTTP callback event
>
>
> > -----Original Message-----
> > From: Michael Brown <mcb30@ipxe.org>
> > Sent: Saturday, January 6, 2024 1:15 AM
> > To: Chang, Abner <Abner.Chang@amd.com>; devel@edk2.groups.io
> > Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>; Zachary Clark-williams
> > <zachary.clark-williams@intel.com>; Nickle Wang <nicklew@nvidia.com>;
> Igor
> > Kulchytskyy <igork@ami.com>
> > Subject: Re: [PATCH 3/5] NetwokrPkg/HttpDxe: Add
> HttpEventTlsConfigured
> > HTTP callback event
> >
> > Caution: This message originated from an External Source. Use proper
> caution
> > when opening attachments, clicking links, or responding.
> >
> >
> > On 05/01/2024 08:37, abner.chang@amd.com wrote:
> > > + ///
> > > + /// The Status of Event to configure TLS configuration data.
> > > + /// EventStatus:
> > > + /// EFI_SUCCESS The TLS is configured successfully with the default
> > value.
> > > + /// EFI_INVALID_PARAMETER One or more input parameters to
> > SetSessionData() is invalid.
> > > + /// EFI_NOT_READY Current TLS session state is NOT
> > EfiTlsSessionStateNotStarted.
> > > + /// EFI_NOT_FOUND Fail to get 'HttpTlsCipherList' variable.
> > > + /// Others Other error as indicated.
> > > + ///
> > > + HttpEventTlsConfigured,
> > > +
> >
> > Since this changes the ABI, you may want to also update the protocol
> > GUID to prevent strange errors if old and new binaries are used on the
> > same system.
> This makes sense, will send out V2.
Hi Michael,
In order to minimize the change, I decided to relocate HttpEventTlsConfigured to the end of enum declaration to keep the enum number backward compatible.
Please check it in V2 patch.
Thanks
Abner
>
> Thanks
> Abner
>
> >
> > Reviewed-by: Michael Brown <mcb30@ipxe.org>
> >
> > Thanks,
> >
> > Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113326): https://edk2.groups.io/g/devel/message/113326
Mute This Topic: https://groups.io/mt/103539580/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 15+ messages in thread
* [edk2-devel] [PATCH 4/5] RedfishPkg/RedfishRestExDxe: Implement EDKII_HTTP_CALLBACK_PROTOCOL
2024-01-05 8:37 [edk2-devel] [PATCH 0/5] Refactor HTTP DXE to provide TLS reconfiguration capability Chang, Abner via groups.io
` (2 preceding siblings ...)
2024-01-05 8:37 ` [edk2-devel] [PATCH 3/5] NetwokrPkg/HttpDxe: Add HttpEventTlsConfigured HTTP callback event Chang, Abner via groups.io
@ 2024-01-05 8:37 ` Chang, Abner via groups.io
2024-01-05 8:37 ` [edk2-devel] [PATCH 5/5] RedfishPkg/RedfishRestExDxe: Update Supported function Chang, Abner via groups.io
4 siblings, 0 replies; 15+ messages in thread
From: Chang, Abner via groups.io @ 2024-01-05 8:37 UTC (permalink / raw)
To: devel; +Cc: Nickle Wang, Igor Kulchytskyy
From: Abner Chang <abner.chang@amd.com>
Implement EDKII_HTTP_CALLBACK_PROTOCOL that listens to
HttpEventTlsConfigured event for reconfiguring TLS configuration
data.
Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
.../RedfishRestExDxe/RedfishRestExDxe.inf | 2 +
.../RedfishRestExDxe/RedfishRestExDriver.h | 31 ++++++---
.../RedfishRestExDxe/RedfishRestExDriver.c | 69 +++++++++++++++++++
3 files changed, 92 insertions(+), 10 deletions(-)
diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf b/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf
index 64e6343bfbf..706d5a5f15e 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDxe.inf
@@ -57,6 +57,8 @@
gEfiHttpServiceBindingProtocolGuid ## TO_START
gEfiHttpProtocolGuid ## TO_START
gEfiDevicePathProtocolGuid ## TO_START
+ gEdkiiHttpCallbackProtocolGuid ## CONSUMES
+ gEfiTlsProtocolGuid ## CONSUMES
[Pcd]
gEfiRedfishPkgTokenSpaceGuid.PcdRedfishRestExServiceAccessModeInBand ## CONSUMES
diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
index 6b94e5814c4..8d2b9ecb80b 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.h
@@ -32,6 +32,8 @@
#include <Protocol/DriverBinding.h>
#include <Protocol/RestEx.h>
#include <Protocol/ServiceBinding.h>
+#include <Protocol/HttpCallback.h>
+#include <Protocol/Tls.h>
///
/// Protocol instances
@@ -67,6 +69,9 @@ typedef struct _RESTEX_INSTANCE RESTEX_INSTANCE;
#define RESTEX_INSTANCE_FROM_THIS(a) \
CR (a, RESTEX_INSTANCE, RestEx, RESTEX_INSTANCE_SIGNATURE)
+#define RESTEX_INSTANCE_FROM_HTTP_CALLBACK(a) \
+ CR (a, RESTEX_INSTANCE, HttpCallbakFunction, RESTEX_INSTANCE_SIGNATURE)
+
#define RESTEX_STATE_UNCONFIGED 0
#define RESTEX_STATE_CONFIGED 1
@@ -94,25 +99,31 @@ struct _RESTEX_SERVICE {
#define RESTEX_INSTANCE_FLAGS_TCP_ERROR_RETRY 0x00000002
struct _RESTEX_INSTANCE {
- UINT32 Signature;
- LIST_ENTRY Link;
+ UINT32 Signature;
+ LIST_ENTRY Link;
- EFI_REST_EX_PROTOCOL RestEx;
+ EFI_REST_EX_PROTOCOL RestEx;
- INTN State;
- BOOLEAN InDestroy;
+ INTN State;
+ BOOLEAN InDestroy;
- RESTEX_SERVICE *Service;
- EFI_HANDLE ChildHandle;
+ RESTEX_SERVICE *Service;
+ EFI_HANDLE ChildHandle;
- EFI_REST_EX_CONFIG_DATA ConfigData;
+ EFI_REST_EX_CONFIG_DATA ConfigData;
//
// HTTP_IO to access the HTTP service
//
- HTTP_IO HttpIo;
+ HTTP_IO HttpIo;
+
+ //
+ // EDKII_HTTP_CALLBACK_PROTOCOL that listens to
+ // HttpEventInitSession event.
+ //
+ EDKII_HTTP_CALLBACK_PROTOCOL HttpCallbakFunction;
- UINT32 Flags;
+ UINT32 Flags;
};
typedef struct {
diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
index 7036aed4268..9a20c90d49a 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
@@ -585,6 +585,53 @@ RedfishRestExDriverBindingStop (
return Status;
}
+/**
+ Callback function that is invoked when HTTP event occurs.
+
+ @param[in] This Pointer to the EDKII_HTTP_CALLBACK_PROTOCOL instance.
+ @param[in] Event The event that occurs in the current state.
+ @param[in] EventStatus The Status of Event, EFI_SUCCESS or other errors.
+**/
+VOID
+EFIAPI
+RestExHttpCallback (
+ IN EDKII_HTTP_CALLBACK_PROTOCOL *This,
+ IN EDKII_HTTP_CALLBACK_EVENT Event,
+ IN EFI_STATUS EventStatus
+ )
+{
+ EFI_STATUS Status;
+ EFI_TLS_PROTOCOL *TlsProtocol;
+ RESTEX_INSTANCE *Instance;
+ EFI_TLS_VERIFY TlsVerifyMethod;
+
+ if ((Event == HttpEventTlsConfigured) && (EventStatus == EFI_SUCCESS)) {
+ // Reconfigure TLS configuration data.
+ Instance = RESTEX_INSTANCE_FROM_HTTP_CALLBACK (This);
+ Status = gBS->HandleProtocol (
+ Instance->HttpIo.Handle,
+ &gEfiTlsProtocolGuid,
+ (VOID **)&TlsProtocol
+ );
+ if (EFI_ERROR (Status)) {
+ return;
+ }
+
+ TlsVerifyMethod = EFI_TLS_VERIFY_NONE;
+ Status = TlsProtocol->SetSessionData (
+ TlsProtocol,
+ EfiTlsVerifyMethod,
+ &TlsVerifyMethod,
+ sizeof (EFI_TLS_VERIFY)
+ );
+ if (!EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_MANAGEABILITY, "%a: REST EX reconfigures TLS verify method.\n", __func__));
+ }
+ }
+
+ return;
+}
+
/**
Creates a child handle and installs a protocol.
@@ -699,6 +746,19 @@ RedfishRestExServiceBindingCreateChild (
goto ON_ERROR;
}
+ // Initial HTTP callback funciton on this REST EX instance
+ Instance->HttpCallbakFunction.Callback = RestExHttpCallback;
+ Status = gBS->InstallProtocolInterface (
+ &Instance->HttpIo.Handle,
+ &gEdkiiHttpCallbackProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &Instance->HttpCallbakFunction
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "%a: Fail to install HttpCallbakFunction.\n", __func__));
+ goto ON_ERROR;
+ }
+
//
// Add it to the parent's child list.
//
@@ -812,6 +872,15 @@ RedfishRestExServiceBindingDestroyChild (
RestEx
);
+ //
+ // Uninstall the HTTP callback protocol.
+ //
+ Status = gBS->UninstallProtocolInterface (
+ Instance->HttpIo.Handle,
+ &gEdkiiHttpCallbackProtocolGuid,
+ &Instance->HttpCallbakFunction
+ );
+
OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
if (EFI_ERROR (Status)) {
--
2.37.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113228): https://edk2.groups.io/g/devel/message/113228
Mute This Topic: https://groups.io/mt/103539581/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [edk2-devel] [PATCH 5/5] RedfishPkg/RedfishRestExDxe: Update Supported function
2024-01-05 8:37 [edk2-devel] [PATCH 0/5] Refactor HTTP DXE to provide TLS reconfiguration capability Chang, Abner via groups.io
` (3 preceding siblings ...)
2024-01-05 8:37 ` [edk2-devel] [PATCH 4/5] RedfishPkg/RedfishRestExDxe: Implement EDKII_HTTP_CALLBACK_PROTOCOL Chang, Abner via groups.io
@ 2024-01-05 8:37 ` Chang, Abner via groups.io
4 siblings, 0 replies; 15+ messages in thread
From: Chang, Abner via groups.io @ 2024-01-05 8:37 UTC (permalink / raw)
To: devel; +Cc: Nickle Wang, Igor Kulchytskyy
From: Abner Chang <abner.chang@amd.com>
Update Supported function to check it the given
controller handle is already started.
Signed-off-by: Abner Chang <abner.chang@amd.com>
Cc: Nickle Wang <nicklew@nvidia.com>
Cc: Igor Kulchytskyy <igork@ami.com>
---
RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
index 9a20c90d49a..38bcf28d993 100644
--- a/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
+++ b/RedfishPkg/RedfishRestExDxe/RedfishRestExDriver.c
@@ -356,6 +356,21 @@ RedfishRestExDriverBindingSupported (
IN EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath OPTIONAL
)
{
+ EFI_STATUS Status;
+ UINT32 *Id;
+
+ Status = gBS->OpenProtocol (
+ ControllerHandle,
+ &gEfiCallerIdGuid,
+ (VOID **)&Id,
+ This->DriverBindingHandle,
+ ControllerHandle,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL
+ );
+ if (!EFI_ERROR (Status)) {
+ return EFI_ALREADY_STARTED;
+ }
+
//
// Test for the HttpServiceBinding Protocol.
//
--
2.37.1.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#113229): https://edk2.groups.io/g/devel/message/113229
Mute This Topic: https://groups.io/mt/103539584/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 15+ messages in thread