From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "Kinney, Michael D" <michael.d.kinney@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: Sean Brogan <sean.brogan@microsoft.com>,
"Lu, XiaoyuX" <xiaoyux.lu@intel.com>
Subject: Re: [Patch] CryptoPkg: Add Null instance of the TlsLib class
Date: Wed, 23 Oct 2019 08:23:00 +0000 [thread overview]
Message-ID: <D827630B58408649ACB04F44C510003625997A53@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <20191022214058.21124-1-michael.d.kinney@intel.com>
Hi Mike,
The copyright and the year might need update (Not sure about it. I guess they're
copied from non-null version of file.) With it addressed (if necessary),
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Regards,
Jian
> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Wednesday, October 23, 2019 5:41 AM
> To: devel@edk2.groups.io
> Cc: Sean Brogan <sean.brogan@microsoft.com>; Wang, Jian J
> <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Subject: [Patch] CryptoPkg: Add Null instance of the TlsLib class
>
> From: Sean Brogan <sean.brogan@microsoft.com>
>
> https://bugzilla.tianocore.org/show_bug.cgi?id=2258
>
> Add a Null instance of the TlsLib class. This lib instance
> can be used as a template for new implementations of the TlsLib
> class and can also be used to reduce CI build times for build
> checks that depend on the TlsLib class.
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> ---
> CryptoPkg/CryptoPkg.dsc | 1 +
> CryptoPkg/Library/TlsLibNull/InternalTlsLib.h | 16 +
> CryptoPkg/Library/TlsLibNull/TlsConfigNull.c | 622 ++++++++++++++++++
> CryptoPkg/Library/TlsLibNull/TlsInitNull.c | 111 ++++
> CryptoPkg/Library/TlsLibNull/TlsLibNull.inf | 38 ++
> CryptoPkg/Library/TlsLibNull/TlsLibNull.uni | 13 +
> CryptoPkg/Library/TlsLibNull/TlsProcessNull.c | 247 +++++++
> 7 files changed, 1048 insertions(+)
> create mode 100644 CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> create mode 100644 CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> create mode 100644 CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> create mode 100644 CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> create mode 100644 CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> create mode 100644 CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
>
> diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
> index c90e76c721..cea4335afb 100644
> --- a/CryptoPkg/CryptoPkg.dsc
> +++ b/CryptoPkg/CryptoPkg.dsc
> @@ -115,6 +115,7 @@ [Components]
> CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> CryptoPkg/Library/TlsLib/TlsLib.inf
> + CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> CryptoPkg/Library/OpensslLib/OpensslLib.inf
> CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
>
> diff --git a/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> new file mode 100644
> index 0000000000..888c9066bf
> --- /dev/null
> +++ b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> @@ -0,0 +1,16 @@
> +/** @file
> + Internal include file for TlsLibNull.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef __INTERNAL_TLS_LIB_NULL_H__
> +#define __INTERNAL_TLS_LIB_NULL_H__
> +
> +#include <Library/BaseCryptLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/BaseLib.h>
> +
> +#endif
> diff --git a/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> new file mode 100644
> index 0000000000..8033a61790
> --- /dev/null
> +++ b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> @@ -0,0 +1,622 @@
> +/** @file
> + SSL/TLS Configuration Null Library Wrapper Implementation.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "InternalTlsLib.h"
> +
> +/**
> + Set a new TLS/SSL method for a particular TLS object.
> +
> + This function sets a new TLS/SSL method for a particular TLS object.
> +
> + @param[in] Tls Pointer to a TLS object.
> + @param[in] MajorVer Major Version of TLS/SSL Protocol.
> + @param[in] MinorVer Minor Version of TLS/SSL Protocol.
> +
> + @retval EFI_SUCCESS The TLS/SSL method was set successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Unsupported TLS/SSL method.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetVersion (
> + IN VOID *Tls,
> + IN UINT8 MajorVer,
> + IN UINT8 MinorVer
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Set TLS object to work in client or server mode.
> +
> + This function prepares a TLS object to work in client or server mode.
> +
> + @param[in] Tls Pointer to a TLS object.
> + @param[in] IsServer Work in server mode.
> +
> + @retval EFI_SUCCESS The TLS/SSL work mode was set successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetConnectionEnd (
> + IN VOID *Tls,
> + IN BOOLEAN IsServer
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Set the ciphers list to be used by the TLS object.
> +
> + This function sets the ciphers for use by a specified TLS object.
> +
> + @param[in] Tls Pointer to a TLS object.
> + @param[in] CipherId Array of UINT16 cipher identifiers. Each UINT16
> + cipher identifier comes from the TLS Cipher Suite
> + Registry of the IANA, interpreting Byte1 and Byte2
> + in network (big endian) byte order.
> + @param[in] CipherNum The number of cipher in the list.
> +
> + @retval EFI_SUCCESS The ciphers list was set successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED No supported TLS cipher was found in
> CipherId.
> + @retval EFI_OUT_OF_RESOURCES Memory allocation failed.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCipherList (
> + IN VOID *Tls,
> + IN UINT16 *CipherId,
> + IN UINTN CipherNum
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Set the compression method for TLS/SSL operations.
> +
> + This function handles TLS/SSL integrated compression methods.
> +
> + @param[in] CompMethod The compression method ID.
> +
> + @retval EFI_SUCCESS The compression method for the communication
> was
> + set successfully.
> + @retval EFI_UNSUPPORTED Unsupported compression method.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCompressionMethod (
> + IN UINT8 CompMethod
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Set peer certificate verification mode for the TLS connection.
> +
> + This function sets the verification mode flags for the TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] VerifyMode A set of logically or'ed verification mode flags.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsSetVerify (
> + IN VOID *Tls,
> + IN UINT32 VerifyMode
> + )
> +{
> + ASSERT(FALSE);
> +}
> +
> +// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN)
> accepted. [BEGIN]
> +/**
> + Set the specified host name to be verified.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] Flags The setting flags during the validation.
> + @param[in] HostName The specified host name to be verified.
> +
> + @retval EFI_SUCCESS The HostName setting was set successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_ABORTED Invalid HostName setting.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetVerifyHost (
> + IN VOID *Tls,
> + IN UINT32 Flags,
> + IN CHAR8 *HostName
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN)
> accepted. [END]
> +
> +/**
> + Sets a TLS/SSL session ID to be used during TLS/SSL connect.
> +
> + This function sets a session ID to be used when the TLS/SSL connection is
> + to be established.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] SessionId Session ID data used for session resumption.
> + @param[in] SessionIdLen Length of Session ID in bytes.
> +
> + @retval EFI_SUCCESS Session ID was set successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED No available session for ID setting.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetSessionId (
> + IN VOID *Tls,
> + IN UINT8 *SessionId,
> + IN UINT16 SessionIdLen
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Adds the CA to the cert store when requesting Server or Client authentication.
> +
> + This function adds the CA certificate to the list of CAs when requesting
> + Server or Client authentication for the chosen TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] Data Pointer to the data buffer of a DER-encoded binary
> + X.509 certificate or PEM-encoded X.509 certificate.
> + @param[in] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_OUT_OF_RESOURCES Required resources could not be
> allocated.
> + @retval EFI_ABORTED Invalid X.509 certificate.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCaCertificate (
> + IN VOID *Tls,
> + IN VOID *Data,
> + IN UINTN DataSize
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Loads the local public certificate into the specified TLS object.
> +
> + This function loads the X.509 certificate into the specified TLS object
> + for TLS negotiation.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] Data Pointer to the data buffer of a DER-encoded binary
> + X.509 certificate or PEM-encoded X.509 certificate.
> + @param[in] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_OUT_OF_RESOURCES Required resources could not be
> allocated.
> + @retval EFI_ABORTED Invalid X.509 certificate.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetHostPublicCert (
> + IN VOID *Tls,
> + IN VOID *Data,
> + IN UINTN DataSize
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Adds the local private key to the specified TLS object.
> +
> + This function adds the local private key (PEM-encoded RSA or PKCS#8 private
> + key) into the specified TLS object for TLS negotiation.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] Data Pointer to the data buffer of a PEM-encoded RSA
> + or PKCS#8 private key.
> + @param[in] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_ABORTED Invalid private key data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetHostPrivateKey (
> + IN VOID *Tls,
> + IN VOID *Data,
> + IN UINTN DataSize
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Adds the CA-supplied certificate revocation list for certificate validation.
> +
> + This function adds the CA-supplied certificate revocation list data for
> + certificate validity checking.
> +
> + @param[in] Data Pointer to the data buffer of a DER-encoded CRL data.
> + @param[in] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_ABORTED Invalid CRL data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCertRevocationList (
> + IN VOID *Data,
> + IN UINTN DataSize
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Gets the protocol version used by the specified TLS connection.
> +
> + This function returns the protocol version used by the specified TLS
> + connection.
> +
> + If Tls is NULL, then ASSERT().
> +
> + @param[in] Tls Pointer to the TLS object.
> +
> + @return The protocol version of the specified TLS connection.
> +
> +**/
> +UINT16
> +EFIAPI
> +TlsGetVersion (
> + IN VOID *Tls
> + )
> +{
> + ASSERT(FALSE);
> + return 0;
> +}
> +
> +/**
> + Gets the connection end of the specified TLS connection.
> +
> + This function returns the connection end (as client or as server) used by
> + the specified TLS connection.
> +
> + If Tls is NULL, then ASSERT().
> +
> + @param[in] Tls Pointer to the TLS object.
> +
> + @return The connection end used by the specified TLS connection.
> +
> +**/
> +UINT8
> +EFIAPI
> +TlsGetConnectionEnd (
> + IN VOID *Tls
> + )
> +{
> + ASSERT(FALSE);
> + return 0;
> +}
> +
> +/**
> + Gets the cipher suite used by the specified TLS connection.
> +
> + This function returns current cipher suite used by the specified
> + TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] CipherId The cipher suite used by the TLS object.
> +
> + @retval EFI_SUCCESS The cipher suite was returned successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Unsupported cipher suite.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCurrentCipher (
> + IN VOID *Tls,
> + IN OUT UINT16 *CipherId
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Gets the compression methods used by the specified TLS connection.
> +
> + This function returns current integrated compression methods used by
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] CompressionId The current compression method used by
> + the TLS object.
> +
> + @retval EFI_SUCCESS The compression method was returned
> successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_ABORTED Invalid Compression method.
> + @retval EFI_UNSUPPORTED This function is not supported.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCurrentCompressionId (
> + IN VOID *Tls,
> + IN OUT UINT8 *CompressionId
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Gets the verification mode currently set in the TLS connection.
> +
> + This function returns the peer verification mode currently set in the
> + specified TLS connection.
> +
> + If Tls is NULL, then ASSERT().
> +
> + @param[in] Tls Pointer to the TLS object.
> +
> + @return The verification mode set in the specified TLS connection.
> +
> +**/
> +UINT32
> +EFIAPI
> +TlsGetVerify (
> + IN VOID *Tls
> + )
> +{
> + ASSERT(FALSE);
> + return 0;
> +}
> +
> +/**
> + Gets the session ID used by the specified TLS connection.
> +
> + This function returns the TLS/SSL session ID currently used by the
> + specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] SessionId Buffer to contain the returned session ID.
> + @param[in,out] SessionIdLen The length of Session ID in bytes.
> +
> + @retval EFI_SUCCESS The Session ID was returned successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetSessionId (
> + IN VOID *Tls,
> + IN OUT UINT8 *SessionId,
> + IN OUT UINT16 *SessionIdLen
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Gets the client random data used in the specified TLS connection.
> +
> + This function returns the TLS/SSL client random data currently used in
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] ClientRandom Buffer to contain the returned client
> + random data (32 bytes).
> +
> +**/
> +VOID
> +EFIAPI
> +TlsGetClientRandom (
> + IN VOID *Tls,
> + IN OUT UINT8 *ClientRandom
> + )
> +{
> + ASSERT(FALSE);
> +}
> +
> +/**
> + Gets the server random data used in the specified TLS connection.
> +
> + This function returns the TLS/SSL server random data currently used in
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] ServerRandom Buffer to contain the returned server
> + random data (32 bytes).
> +
> +**/
> +VOID
> +EFIAPI
> +TlsGetServerRandom (
> + IN VOID *Tls,
> + IN OUT UINT8 *ServerRandom
> + )
> +{
> + ASSERT(FALSE);
> +}
> +
> +/**
> + Gets the master key data used in the specified TLS connection.
> +
> + This function returns the TLS/SSL master key material currently used in
> + the specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] KeyMaterial Buffer to contain the returned key material.
> +
> + @retval EFI_SUCCESS Key material was returned successfully.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_UNSUPPORTED Invalid TLS/SSL session.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetKeyMaterial (
> + IN VOID *Tls,
> + IN OUT UINT8 *KeyMaterial
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Gets the CA Certificate from the cert store.
> +
> + This function returns the CA certificate for the chosen
> + TLS connection.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[out] Data Pointer to the data buffer to receive the CA
> + certificate data sent to the client.
> + @param[in,out] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCaCertificate (
> + IN VOID *Tls,
> + OUT VOID *Data,
> + IN OUT UINTN *DataSize
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Gets the local public Certificate set in the specified TLS object.
> +
> + This function returns the local public certificate which was currently set
> + in the specified TLS object.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[out] Data Pointer to the data buffer to receive the local
> + public certificate.
> + @param[in,out] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_INVALID_PARAMETER The parameter is invalid.
> + @retval EFI_NOT_FOUND The certificate is not found.
> + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetHostPublicCert (
> + IN VOID *Tls,
> + OUT VOID *Data,
> + IN OUT UINTN *DataSize
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Gets the local private key set in the specified TLS object.
> +
> + This function returns the local private key data which was currently set
> + in the specified TLS object.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[out] Data Pointer to the data buffer to receive the local
> + private key data.
> + @param[in,out] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetHostPrivateKey (
> + IN VOID *Tls,
> + OUT VOID *Data,
> + IN OUT UINTN *DataSize
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Gets the CA-supplied certificate revocation list data set in the specified
> + TLS object.
> +
> + This function returns the CA-supplied certificate revocation list data which
> + was currently set in the specified TLS object.
> +
> + @param[out] Data Pointer to the data buffer to receive the CRL data.
> + @param[in,out] DataSize The size of data buffer in bytes.
> +
> + @retval EFI_SUCCESS The operation succeeded.
> + @retval EFI_UNSUPPORTED This function is not supported.
> + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCertRevocationList (
> + OUT VOID *Data,
> + IN OUT UINTN *DataSize
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> diff --git a/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> new file mode 100644
> index 0000000000..3e44117b82
> --- /dev/null
> +++ b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> @@ -0,0 +1,111 @@
> +/** @file
> + SSL/TLS Initialization Null Library Wrapper Implementation.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "InternalTlsLib.h"
> +
> +/**
> + Initializes the library.
> +
> + This function registers ciphers and digests used directly and indirectly
> + by SSL/TLS, and initializes the readable error messages.
> + This function must be called before any other action takes places.
> +
> + @retval TRUE The library has been initialized.
> + @retval FALSE Failed to initialize the library.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +TlsInitialize (
> + VOID
> + )
> +{
> + ASSERT(FALSE);
> + return FALSE;
> +}
> +
> +/**
> + Free an allocated SSL_CTX object.
> +
> + @param[in] TlsCtx Pointer to the SSL_CTX object to be released.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsCtxFree (
> + IN VOID *TlsCtx
> + )
> +{
> + ASSERT(FALSE);
> + return;
> +}
> +
> +/**
> + Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
> + connections.
> +
> + @param[in] MajorVer Major Version of TLS/SSL Protocol.
> + @param[in] MinorVer Minor Version of TLS/SSL Protocol.
> +
> + @return Pointer to an allocated SSL_CTX object.
> + If the creation failed, TlsCtxNew() returns NULL.
> +
> +**/
> +VOID *
> +EFIAPI
> +TlsCtxNew (
> + IN UINT8 MajorVer,
> + IN UINT8 MinorVer
> + )
> +{
> + ASSERT(FALSE);
> + return NULL;
> +}
> +
> +/**
> + Free an allocated TLS object.
> +
> + This function removes the TLS object pointed to by Tls and frees up the
> + allocated memory. If Tls is NULL, nothing is done.
> +
> + @param[in] Tls Pointer to the TLS object to be freed.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsFree (
> + IN VOID *Tls
> + )
> +{
> + ASSERT(FALSE);
> +}
> +
> +/**
> + Create a new TLS object for a connection.
> +
> + This function creates a new TLS object for a connection. The new object
> + inherits the setting of the underlying context TlsCtx: connection method,
> + options, verification setting.
> +
> + @param[in] TlsCtx Pointer to the SSL_CTX object.
> +
> + @return Pointer to an allocated SSL object.
> + If the creation failed, TlsNew() returns NULL.
> +
> +**/
> +VOID *
> +EFIAPI
> +TlsNew (
> + IN VOID *TlsCtx
> + )
> +{
> + ASSERT(FALSE);
> + return NULL;
> +}
> +
> diff --git a/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> new file mode 100644
> index 0000000000..33f0e7493f
> --- /dev/null
> +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> @@ -0,0 +1,38 @@
> +## @file
> +# SSL/TLS Wrapper Null Library Instance.
> +#
> +# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
> +# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> + INF_VERSION = 0x00010005
> + BASE_NAME = TlsLibNull
> + MODULE_UNI_FILE = TlsLibNull.uni
> + FILE_GUID = 705a5b3b-cfa5-42ea-87f0-f2b8d44ec521
> + MODULE_TYPE = BASE
> + VERSION_STRING = 1.0
> + LIBRARY_CLASS = TlsLib
> +
> +#
> +# The following information is for reference only and not required by the build
> tools.
> +#
> +# VALID_ARCHITECTURES = IA32 X64 ARM AARCH64
> +#
> +
> +[Sources]
> + InternalTlsLib.h
> + TlsInitNull.c
> + TlsConfigNull.c
> + TlsProcessNull.c
> +
> +[Packages]
> + MdePkg/MdePkg.dec
> + CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> + BaseCryptLib
> + DebugLib
> + BaseLib
> diff --git a/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> new file mode 100644
> index 0000000000..869f3fcf78
> --- /dev/null
> +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> @@ -0,0 +1,13 @@
> +// /** @file
> +// SSL/TLS Wrapper Null Library Instance.
> +//
> +// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +//
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT #language en-US "SSL/TLS Wrapper
> Null Library Instance"
> +
> +#string STR_MODULE_DESCRIPTION #language en-US "This module
> provides SSL/TLS Wrapper Null Library Instance."
> diff --git a/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> new file mode 100644
> index 0000000000..2949d4c885
> --- /dev/null
> +++ b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> @@ -0,0 +1,247 @@
> +/** @file
> + SSL/TLS Process Null Library Wrapper Implementation.
> + The process includes the TLS handshake and packet I/O.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "InternalTlsLib.h"
> +
> +/**
> + Checks if the TLS handshake was done.
> +
> + This function will check if the specified TLS handshake was done.
> +
> + @param[in] Tls Pointer to the TLS object for handshake state checking.
> +
> + @retval TRUE The TLS handshake was done.
> + @retval FALSE The TLS handshake was not done.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +TlsInHandshake (
> + IN VOID *Tls
> + )
> +{
> + ASSERT(FALSE);
> + return FALSE;
> +}
> +
> +/**
> + Perform a TLS/SSL handshake.
> +
> + This function will perform a TLS/SSL handshake.
> +
> + @param[in] Tls Pointer to the TLS object for handshake operation.
> + @param[in] BufferIn Pointer to the most recently received TLS
> Handshake packet.
> + @param[in] BufferInSize Packet size in bytes for the most recently
> received TLS
> + Handshake packet.
> + @param[out] BufferOut Pointer to the buffer to hold the built packet.
> + @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it
> is
> + the buffer size provided by the caller. On output, it
> + is the buffer size in fact needed to contain the
> + packet.
> +
> + @retval EFI_SUCCESS The required TLS packet is built successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following conditions
> is TRUE:
> + Tls is NULL.
> + BufferIn is NULL but BufferInSize is NOT 0.
> + BufferInSize is 0 but BufferIn is NOT NULL.
> + BufferOutSize is NULL.
> + BufferOut is NULL if *BufferOutSize is not zero.
> + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the
> response packet.
> + @retval EFI_ABORTED Something wrong during handshake.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsDoHandshake (
> + IN VOID *Tls,
> + IN UINT8 *BufferIn, OPTIONAL
> + IN UINTN BufferInSize, OPTIONAL
> + OUT UINT8 *BufferOut, OPTIONAL
> + IN OUT UINTN *BufferOutSize
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Handle Alert message recorded in BufferIn. If BufferIn is NULL and
> BufferInSize is zero,
> + TLS session has errors and the response packet needs to be Alert message
> based on error type.
> +
> + @param[in] Tls Pointer to the TLS object for state checking.
> + @param[in] BufferIn Pointer to the most recently received TLS Alert
> packet.
> + @param[in] BufferInSize Packet size in bytes for the most recently
> received TLS
> + Alert packet.
> + @param[out] BufferOut Pointer to the buffer to hold the built packet.
> + @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it
> is
> + the buffer size provided by the caller. On output, it
> + is the buffer size in fact needed to contain the
> + packet.
> +
> + @retval EFI_SUCCESS The required TLS packet is built successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following conditions
> is TRUE:
> + Tls is NULL.
> + BufferIn is NULL but BufferInSize is NOT 0.
> + BufferInSize is 0 but BufferIn is NOT NULL.
> + BufferOutSize is NULL.
> + BufferOut is NULL if *BufferOutSize is not zero.
> + @retval EFI_ABORTED An error occurred.
> + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the
> response packet.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsHandleAlert (
> + IN VOID *Tls,
> + IN UINT8 *BufferIn, OPTIONAL
> + IN UINTN BufferInSize, OPTIONAL
> + OUT UINT8 *BufferOut, OPTIONAL
> + IN OUT UINTN *BufferOutSize
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Build the CloseNotify packet.
> +
> + @param[in] Tls Pointer to the TLS object for state checking.
> + @param[in, out] Buffer Pointer to the buffer to hold the built packet.
> + @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
> + the buffer size provided by the caller. On output, it
> + is the buffer size in fact needed to contain the
> + packet.
> +
> + @retval EFI_SUCCESS The required TLS packet is built successfully.
> + @retval EFI_INVALID_PARAMETER One or more of the following conditions
> is TRUE:
> + Tls is NULL.
> + BufferSize is NULL.
> + Buffer is NULL if *BufferSize is not zero.
> + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the
> response packet.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsCloseNotify (
> + IN VOID *Tls,
> + IN OUT UINT8 *Buffer,
> + IN OUT UINTN *BufferSize
> + )
> +{
> + ASSERT(FALSE);
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Attempts to read bytes from one TLS object and places the data in Buffer.
> +
> + This function will attempt to read BufferSize bytes from the TLS object
> + and places the data in Buffer.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in,out] Buffer Pointer to the buffer to store the data.
> + @param[in] BufferSize The size of Buffer in bytes.
> +
> + @retval >0 The amount of data successfully read from the TLS object.
> + @retval <=0 No data was successfully read.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsCtrlTrafficOut (
> + IN VOID *Tls,
> + IN OUT VOID *Buffer,
> + IN UINTN BufferSize
> + )
> +{
> + ASSERT(FALSE);
> + return 0;
> +}
> +
> +/**
> + Attempts to write data from the buffer to TLS object.
> +
> + This function will attempt to write BufferSize bytes data from the Buffer
> + to the TLS object.
> +
> + @param[in] Tls Pointer to the TLS object.
> + @param[in] Buffer Pointer to the data buffer.
> + @param[in] BufferSize The size of Buffer in bytes.
> +
> + @retval >0 The amount of data successfully written to the TLS object.
> + @retval <=0 No data was successfully written.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsCtrlTrafficIn (
> + IN VOID *Tls,
> + IN VOID *Buffer,
> + IN UINTN BufferSize
> + )
> +{
> + ASSERT(FALSE);
> + return 0;
> +}
> +/**
> + Attempts to read bytes from the specified TLS connection into the buffer.
> +
> + This function tries to read BufferSize bytes data from the specified TLS
> + connection into the Buffer.
> +
> + @param[in] Tls Pointer to the TLS connection for data reading.
> + @param[in,out] Buffer Pointer to the data buffer.
> + @param[in] BufferSize The size of Buffer in bytes.
> +
> + @retval >0 The read operation was successful, and return value is the
> + number of bytes actually read from the TLS connection.
> + @retval <=0 The read operation was not successful.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsRead (
> + IN VOID *Tls,
> + IN OUT VOID *Buffer,
> + IN UINTN BufferSize
> + )
> +{
> + ASSERT(FALSE);
> + return 0;
> +}
> +
> +/**
> + Attempts to write data to a TLS connection.
> +
> + This function tries to write BufferSize bytes data from the Buffer into the
> + specified TLS connection.
> +
> + @param[in] Tls Pointer to the TLS connection for data writing.
> + @param[in] Buffer Pointer to the data buffer.
> + @param[in] BufferSize The size of Buffer in bytes.
> +
> + @retval >0 The write operation was successful, and return value is the
> + number of bytes actually written to the TLS connection.
> + @retval <=0 The write operation was not successful.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsWrite (
> + IN VOID *Tls,
> + IN VOID *Buffer,
> + IN UINTN BufferSize
> + )
> +{
> + ASSERT(FALSE);
> + return 0;
> +}
> +
> --
> 2.21.0.windows.1
next prev parent reply other threads:[~2019-10-23 8:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-22 21:40 [Patch] CryptoPkg: Add Null instance of the TlsLib class Michael D Kinney
2019-10-23 8:23 ` Wang, Jian J [this message]
2019-10-23 21:39 ` Michael D Kinney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D827630B58408649ACB04F44C510003625997A53@SHSMSX107.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox