From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <karunakarp@amiindia.co.in>
Received-SPF: None (no SPF record) identity=mailfrom; client-ip=203.199.198.232;
 helo=imsva.in.megatrends.com; envelope-from=karunakarp@amiindia.co.in;
 receiver=edk2-devel@lists.01.org 
Received: from IMSVA.IN.MEGATRENDS.COM (Webmail.amiindia.co.in
 [203.199.198.232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id A0EE3208F7CB2
 for <edk2-devel@lists.01.org>; Tue, 20 Mar 2018 00:01:53 -0700 (PDT)
Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 89ED782055;
 Tue, 20 Mar 2018 12:42:08 +0530 (IST)
Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 6A3318204A;
 Tue, 20 Mar 2018 12:42:08 +0530 (IST)
Received: from webmail.amiindia.co.in (venus1.in.megatrends.com [10.0.0.5])
 by IMSVA.IN.MEGATRENDS.COM (Postfix) with ESMTPS;
 Tue, 20 Mar 2018 12:42:08 +0530 (IST)
Received: from VENUS2.in.megatrends.com ([fe80::2002:4a07:4f17:c09b]) by
 VENUS1.in.megatrends.com ([fe80::951:7975:6ecf:eae5%14]) with mapi id
 14.01.0438.000; Tue, 20 Mar 2018 12:38:19 +0530
From: Karunakar P <karunakarp@amiindia.co.in>
To: 'Jiaxin Wu' <jiaxin.wu@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: Fu Siyuan <siyuan.fu@intel.com>, Ye Ting <ting.ye@intel.com>
Thread-Topic: [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request
 via HTTPS channel.
Thread-Index: AQHTv+O9EtJxyuPz10q3AEvTxuiGGKPYtKSA
Date: Tue, 20 Mar 2018 07:08:19 +0000
Message-ID: <A885E3F3F1F22B44AF7CC779C062228E0121592B07@Venus2.in.megatrends.com>
References: <20180320003657.4524-1-jiaxin.wu@intel.com>
 <20180320003657.4524-4-jiaxin.wu@intel.com>
In-Reply-To: <20180320003657.4524-4-jiaxin.wu@intel.com>
Accept-Language: en-GB, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.0.84.140]
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.1.0.1600-8.2.0.1013-23730.005
X-TM-AS-Result: No--11.208-5.0-31-10
X-imss-scan-details: No--11.208-5.0-31-10
X-TMASE-Version: IMSVA-9.1.0.1600-8.2.1013-23730.005
X-TMASE-Result: 10--11.208100-10.000000
X-TMASE-MatchedRID: 1GZI+iG+MtfSw3nP8ewgPMzWN98iBBeGF2pUb6YRYK61eX0jEQ9c6ktt
 NR/47hK8tJpHKHYUE3Lijpjet3oGSEzhWNnvpqvYP6EiYXMHWm1VftPGBTR0rnOIYmIDc5gXyFM
 rieefREr9Ck+wzHe+YfjDlA9c5qydFn5JheFFrVZoMLOoNHsM9l+U6kGoEdO3xFtR/ZpZD+e3Wj
 IVml7BR1YKuZ4Abi+QTT/qLMJWlmuOrWWoyQ237QKDWtq/hHcNBGvINcfHqhdLgo8+IIHbcEvBU
 YaaBg9+FLwMPO51wuCfmihmkwrihovTpuEjuIpk7spMO3HwKCClAfiiC1VA/cUVPlOJ0nnc0c8a
 NDRHFani8zVgXoAltj3qzHKAhsUYC24oEZ6SpSkj80Za3RRg8I6bIwlcmXJkVL31IcrQh8gaEkL
 cGN+qBLC8hCAJjAhcB9KyKa03xSY=
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Subject: Re: [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2018 07:01:54 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Reviewed-by: Karunakar p <karunakarp@amiindia.co.in>


-----Original Message-----
From: Jiaxin Wu [mailto:jiaxin.wu@intel.com]=20
Sent: Tuesday, March 20, 2018 6:07 AM
To: edk2-devel@lists.01.org
Cc: Karunakar P; Fu Siyuan; Ye Ting
Subject: [Patch 3/3] NetworkPkg/HttpDxe: Handle the large data request via =
HTTPS channel.

Cc: Karunakar P <karunakarp@amiindia.co.in>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Ye Ting <ting.ye@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
---
 NetworkPkg/HttpDxe/HttpProto.c    | 121 +++++++++++++++++++++++++++-------=
----
 NetworkPkg/HttpDxe/HttpsSupport.c |  17 +++++-  NetworkPkg/HttpDxe/HttpsSu=
pport.h |  12 +++-
 3 files changed, 111 insertions(+), 39 deletions(-)

diff --git a/NetworkPkg/HttpDxe/HttpProto.c b/NetworkPkg/HttpDxe/HttpProto.=
c index d7fe271168..35c4a166c4 100644
--- a/NetworkPkg/HttpDxe/HttpProto.c
+++ b/NetworkPkg/HttpDxe/HttpProto.c
@@ -1,9 +1,9 @@
 /** @file
   Miscellaneous routines for HttpDxe driver.
=20
-Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
 (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>  This pro=
gram and the accompanying materials  are licensed and made available under =
the terms and conditions of the BSD License  which accompanies this distrib=
ution.  The full text of the license may be found at  http://opensource.org=
/licenses/bsd-license.php
@@ -1474,64 +1474,101 @@ HttpTransmitTcp (
   EFI_STATUS                    Status;
   EFI_TCP4_IO_TOKEN             *Tx4Token;
   EFI_TCP4_PROTOCOL             *Tcp4;
   EFI_TCP6_IO_TOKEN             *Tx6Token;
   EFI_TCP6_PROTOCOL             *Tcp6;
-  UINT8                         *Buffer; =20
-  UINTN                         BufferSize;
+  UINT8                         *TlsRecord; =20
+  UINT16                        PayloadSize;
   NET_FRAGMENT                  TempFragment;
+  NET_FRAGMENT                  Fragment;
+  UINTN                         RecordCount;
+  UINTN                         RemainingLen;
=20
   Status                =3D EFI_SUCCESS;
-  Buffer                =3D NULL;
+  TlsRecord             =3D NULL;
+  PayloadSize           =3D 0;
   TempFragment.Len      =3D 0;
   TempFragment.Bulk     =3D NULL;
+  Fragment.Len          =3D 0;
+  Fragment.Bulk         =3D NULL;
+  RecordCount           =3D 0;
+  RemainingLen          =3D 0;
=20
   //
   // Need to encrypt data.
   //
   if (HttpInstance->UseHttps) {
     //
-    // Build BufferOut data
+    // Allocate enough buffer for each TLS plaintext records.
     //
-    BufferSize =3D sizeof (TLS_RECORD_HEADER) + TxStringLen;
-    Buffer     =3D AllocateZeroPool (BufferSize);
-    if (Buffer =3D=3D NULL) {
+    TlsRecord =3D AllocateZeroPool (TLS_RECORD_HEADER_LENGTH + TLS_PLAINTE=
XT_RECORD_MAX_PAYLOAD_LENGTH);
+    if (TlsRecord =3D=3D NULL) {
       Status =3D EFI_OUT_OF_RESOURCES;
       return Status;
     }
-    ((TLS_RECORD_HEADER *) Buffer)->ContentType =3D TlsContentTypeApplicat=
ionData;
-    ((TLS_RECORD_HEADER *) Buffer)->Version.Major =3D HttpInstance->TlsCon=
figData.Version.Major;
-    ((TLS_RECORD_HEADER *) Buffer)->Version.Minor =3D HttpInstance->TlsCon=
figData.Version.Minor;
-    ((TLS_RECORD_HEADER *) Buffer)->Length =3D (UINT16) (TxStringLen);
-    CopyMem (Buffer + sizeof (TLS_RECORD_HEADER), TxString, TxStringLen);
-   =20
+
     //
-    // Encrypt Packet.
+    // Allocate enough buffer for all TLS ciphertext records.
     //
-    Status =3D TlsProcessMessage (
-               HttpInstance,=20
-               Buffer,=20
-               BufferSize,=20
-               EfiTlsEncrypt,=20
-               &TempFragment
-               );
-   =20
-    FreePool (Buffer);
+    RecordCount =3D TxStringLen / TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH =
+ 1;
+    Fragment.Bulk =3D AllocateZeroPool (RecordCount * (TLS_RECORD_HEADER_L=
ENGTH + TLS_CIPHERTEXT_RECORD_MAX_PAYLOAD_LENGTH));
+    if (Fragment.Bulk =3D=3D NULL) {
+      Status =3D EFI_OUT_OF_RESOURCES;
+      goto ON_ERROR;
+    }
=20
-    if (EFI_ERROR (Status)) {
-      return Status;
+    //
+    // Encrypt each TLS plaintext records.
+    //
+    RemainingLen =3D TxStringLen;
+    while (RemainingLen !=3D 0) {
+      PayloadSize =3D (UINT16) MIN=20
+ (TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH, RemainingLen);
+     =20
+      ((TLS_RECORD_HEADER *) TlsRecord)->ContentType =3D TlsContentTypeApp=
licationData;
+      ((TLS_RECORD_HEADER *) TlsRecord)->Version.Major =3D HttpInstance->T=
lsConfigData.Version.Major;
+      ((TLS_RECORD_HEADER *) TlsRecord)->Version.Minor =3D HttpInstance->T=
lsConfigData.Version.Minor;
+      ((TLS_RECORD_HEADER *) TlsRecord)->Length =3D PayloadSize;
+
+      CopyMem (TlsRecord + TLS_RECORD_HEADER_LENGTH, TxString +=20
+ (TxStringLen - RemainingLen), PayloadSize);
+     =20
+      Status =3D TlsProcessMessage (
+                 HttpInstance,=20
+                 TlsRecord,=20
+                 TLS_RECORD_HEADER_LENGTH + PayloadSize,=20
+                 EfiTlsEncrypt,=20
+                 &TempFragment
+                 );
+      if (EFI_ERROR (Status)) {
+        goto ON_ERROR;
+      }
+
+      //
+      // Record the processed/encrypted Packet.=20
+      //
+      CopyMem (Fragment.Bulk + Fragment.Len, TempFragment.Bulk, TempFragme=
nt.Len);
+      Fragment.Len +=3D TempFragment.Len;
+
+      FreePool (TempFragment.Bulk);
+      TempFragment.Len  =3D 0;
+      TempFragment.Bulk =3D NULL;
+     =20
+      RemainingLen -=3D (UINTN) PayloadSize;
+      ZeroMem (TlsRecord, TLS_RECORD_HEADER_LENGTH +=20
+ TLS_PLAINTEXT_RECORD_MAX_PAYLOAD_LENGTH);
     }
+
+    FreePool (TlsRecord);
+    TlsRecord =3D NULL;
   }
  =20
   if (!HttpInstance->LocalAddressIsIPv6) {
     Tcp4 =3D HttpInstance->Tcp4;
     Tx4Token =3D &Wrap->TcpWrap.Tx4Token;
=20
     if (HttpInstance->UseHttps) {
-      Tx4Token->Packet.TxData->DataLength =3D TempFragment.Len;
-      Tx4Token->Packet.TxData->FragmentTable[0].FragmentLength =3D TempFra=
gment.Len;
-      Tx4Token->Packet.TxData->FragmentTable[0].FragmentBuffer =3D (VOID *=
) TempFragment.Bulk;
+      Tx4Token->Packet.TxData->DataLength =3D Fragment.Len;
+      Tx4Token->Packet.TxData->FragmentTable[0].FragmentLength =3D Fragmen=
t.Len;
+      Tx4Token->Packet.TxData->FragmentTable[0].FragmentBuffer =3D (VOID=20
+ *) Fragment.Bulk;
     } else {
       Tx4Token->Packet.TxData->DataLength =3D (UINT32) TxStringLen;
       Tx4Token->Packet.TxData->FragmentTable[0].FragmentLength =3D (UINT32=
) TxStringLen;
       Tx4Token->Packet.TxData->FragmentTable[0].FragmentBuffer =3D (VOID *=
) TxString;
     }
@@ -1540,21 +1577,21 @@ HttpTransmitTcp (
    =20
     Wrap->TcpWrap.IsTxDone =3D FALSE;
     Status  =3D Tcp4->Transmit (Tcp4, Tx4Token);
     if (EFI_ERROR (Status)) {
       DEBUG ((EFI_D_ERROR, "Transmit failed: %r\n", Status));
-      return Status;
+      goto ON_ERROR;
     }
=20
   } else {
     Tcp6 =3D HttpInstance->Tcp6;
     Tx6Token =3D &Wrap->TcpWrap.Tx6Token;
    =20
     if (HttpInstance->UseHttps) {
-      Tx6Token->Packet.TxData->DataLength =3D TempFragment.Len;
-      Tx6Token->Packet.TxData->FragmentTable[0].FragmentLength =3D TempFra=
gment.Len;
-      Tx6Token->Packet.TxData->FragmentTable[0].FragmentBuffer =3D (VOID *=
) TempFragment.Bulk;
+      Tx6Token->Packet.TxData->DataLength =3D Fragment.Len;
+      Tx6Token->Packet.TxData->FragmentTable[0].FragmentLength =3D Fragmen=
t.Len;
+      Tx6Token->Packet.TxData->FragmentTable[0].FragmentBuffer =3D (VOID=20
+ *) Fragment.Bulk;
     } else {
       Tx6Token->Packet.TxData->DataLength =3D (UINT32) TxStringLen;
       Tx6Token->Packet.TxData->FragmentTable[0].FragmentLength =3D (UINT32=
) TxStringLen;
       Tx6Token->Packet.TxData->FragmentTable[0].FragmentBuffer =3D (VOID *=
) TxString;
     }
@@ -1563,14 +1600,30 @@ HttpTransmitTcp (
=20
     Wrap->TcpWrap.IsTxDone =3D FALSE;
     Status =3D Tcp6->Transmit (Tcp6, Tx6Token);
     if (EFI_ERROR (Status)) {
       DEBUG ((EFI_D_ERROR, "Transmit failed: %r\n", Status));
-      return Status;
+      goto ON_ERROR;
     }
   }
  =20
+  return Status;
+
+ON_ERROR:
+ =20
+  if (HttpInstance->UseHttps) {
+    if (TlsRecord !=3D NULL) {
+      FreePool (TlsRecord);
+      TlsRecord =3D NULL;
+    }
+   =20
+    if (Fragment.Bulk !=3D NULL) {
+      FreePool (Fragment.Bulk);
+      Fragment.Bulk =3D NULL;
+    }
+  }
+
   return Status;
 }
=20
 /**
   Check whether the user's token or event has already diff --git a/Network=
Pkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index f5e5911b86..5105a2014c 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -949,11 +949,11 @@ TlsReceiveOnePdu (
   InitializeListHead (NbufList);
=20
   //
   // Allocate buffer to receive one TLS header.
   //
-  Len     =3D sizeof (TLS_RECORD_HEADER);
+  Len     =3D TLS_RECORD_HEADER_LENGTH;
   PduHdr  =3D NetbufAlloc (Len);
   if (PduHdr =3D=3D NULL) {
     Status =3D EFI_OUT_OF_RESOURCES;
     goto ON_EXIT;
   }
@@ -1389,15 +1389,23 @@ TlsCloseSession (
=20
 /**
   Process one message according to the CryptMode.
=20
   @param[in]           HttpInstance    Pointer to HTTP_PROTOCOL structure.
-  @param[in]           Message         Pointer to the message buffer neede=
d to processed.
+  @param[in]           Message         Pointer to the message buffer neede=
d to processed.=20
+                                       If ProcessMode is EfiTlsEncrypt, th=
e message contain the TLS
+                                       header and plain text TLS APP paylo=
ad.
+                                       If ProcessMode is EfiTlsDecrypt, th=
e message contain the TLS=20
+                                       header and cipher text TLS APP payl=
oad.
   @param[in]           MessageSize     Pointer to the message buffer size.
   @param[in]           ProcessMode     Process mode.
   @param[in, out]      Fragment        Only one Fragment returned after th=
e Message is
                                        processed successfully.
+                                       If ProcessMode is EfiTlsEncrypt, th=
e fragment contain the TLS=20
+                                       header and cipher text TLS APP payl=
oad.
+                                       If ProcessMode is EfiTlsDecrypt, th=
e fragment contain the TLS=20
+                                       header and plain text TLS APP paylo=
ad.
=20
   @retval EFI_SUCCESS          Message is processed successfully.
   @retval EFI_OUT_OF_RESOURCES   Can't allocate memory resources.
   @retval Others               Other errors as indicated.
=20
@@ -1496,10 +1504,13 @@ TlsProcessMessage (
   Fragment->Bulk =3D Buffer;
=20
 ON_EXIT:
=20
   if (OriginalFragmentTable !=3D NULL) {
+    if( FragmentTable =3D=3D OriginalFragmentTable) {
+      FragmentTable =3D NULL;
+    }
     FreePool (OriginalFragmentTable);
     OriginalFragmentTable =3D NULL;
   }
=20
   //
@@ -1680,11 +1691,11 @@ HttpsReceive (
     if (BufferIn =3D=3D NULL) {
       Status =3D EFI_OUT_OF_RESOURCES;
       return Status;
     }
=20
-    CopyMem (BufferIn, TempFragment.Bulk + sizeof (TLS_RECORD_HEADER), Buf=
ferInSize);
+    CopyMem (BufferIn, TempFragment.Bulk + TLS_RECORD_HEADER_LENGTH,=20
+ BufferInSize);
=20
     //
     // Free the buffer in TempFragment.
     //
     FreePool (TempFragment.Bulk);
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.h b/NetworkPkg/HttpDxe/HttpsSu=
pport.h
index f7a2d303e6..5d4ca01108 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.h
+++ b/NetworkPkg/HttpDxe/HttpsSupport.h
@@ -1,9 +1,9 @@
 /** @file
   The header files of miscellaneous routines specific to Https for HttpDxe=
 driver.
=20
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
 This program and the accompanying materials  are licensed and made availab=
le under the terms and conditions of the BSD License  which accompanies thi=
s distribution.  The full text of the license may be found at  http://opens=
ource.org/licenses/bsd-license.php
=20
@@ -215,15 +215,23 @@ TlsCloseSession (
=20
 /**
   Process one message according to the CryptMode.
=20
   @param[in]           HttpInstance    Pointer to HTTP_PROTOCOL structure.
-  @param[in]           Message         Pointer to the message buffer neede=
d to processed.
+  @param[in]           Message         Pointer to the message buffer neede=
d to processed.=20
+                                       If ProcessMode is EfiTlsEncrypt, th=
e message contain the TLS
+                                       header and plain text TLS APP paylo=
ad.
+                                       If ProcessMode is EfiTlsDecrypt, th=
e message contain the TLS=20
+                                       header and cipher text TLS APP payl=
oad.
   @param[in]           MessageSize     Pointer to the message buffer size.
   @param[in]           ProcessMode     Process mode.
   @param[in, out]      Fragment        Only one Fragment returned after th=
e Message is
                                        processed successfully.
+                                       If ProcessMode is EfiTlsEncrypt, th=
e fragment contain the TLS=20
+                                       header and cipher text TLS APP payl=
oad.
+                                       If ProcessMode is EfiTlsDecrypt, th=
e fragment contain the TLS=20
+                                       header and plain text TLS APP paylo=
ad.
=20
   @retval EFI_SUCCESS          Message is processed successfully.
   @retval EFI_OUT_OF_RESOURCES   Can't allocate memory resources.
   @retval Others               Other errors as indicated.
=20
--
2.16.2.windows.1