From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mx.groups.io with SMTP id smtpd.web09.3838.1571818983406047359 for ; Wed, 23 Oct 2019 01:23:03 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.136, mailfrom: jian.j.wang@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Oct 2019 01:23:03 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,220,1569308400"; d="scan'208";a="209872946" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga001.fm.intel.com with ESMTP; 23 Oct 2019 01:23:03 -0700 Received: from fmsmsx162.amr.corp.intel.com (10.18.125.71) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 23 Oct 2019 01:23:02 -0700 Received: from shsmsx153.ccr.corp.intel.com (10.239.6.53) by fmsmsx162.amr.corp.intel.com (10.18.125.71) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 23 Oct 2019 01:23:02 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.33]) by SHSMSX153.ccr.corp.intel.com ([10.239.6.53]) with mapi id 14.03.0439.000; Wed, 23 Oct 2019 16:23:00 +0800 From: "Wang, Jian J" To: "Kinney, Michael D" , "devel@edk2.groups.io" CC: Sean Brogan , "Lu, XiaoyuX" Subject: Re: [Patch] CryptoPkg: Add Null instance of the TlsLib class Thread-Topic: [Patch] CryptoPkg: Add Null instance of the TlsLib class Thread-Index: AQHViSFqEK8mkuWHAEKTy4xwWy1V0qdn4xcg Date: Wed, 23 Oct 2019 08:23:00 +0000 Message-ID: References: <20191022214058.21124-1-michael.d.kinney@intel.com> In-Reply-To: <20191022214058.21124-1-michael.d.kinney@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOTQ0ZjkxOTMtMzE0NS00MmYxLWI5ZjUtZDc2NDhkMDY1ODVlIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiQmlDQjY0UWkxS0pwSVZMeDRmRVBRc0djeUQ2dSswNXEzczVNSE9WRGVjZUE0elkzOEdoSVwvMUtZU3FpYTNRNHoifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Mike, The copyright and the year might need update (Not sure about it. I guess th= ey're copied from non-null version of file.) With it addressed (if necessary), Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: Kinney, Michael D > Sent: Wednesday, October 23, 2019 5:41 AM > To: devel@edk2.groups.io > Cc: Sean Brogan ; Wang, Jian J > ; Lu, XiaoyuX > Subject: [Patch] CryptoPkg: Add Null instance of the TlsLib class >=20 > From: Sean Brogan >=20 > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2258 >=20 > Add a Null instance of the TlsLib class. This lib instance > can be used as a template for new implementations of the TlsLib > class and can also be used to reduce CI build times for build > checks that depend on the TlsLib class. >=20 > Cc: Jian J Wang > Cc: Xiaoyu Lu > Signed-off-by: Michael D Kinney > --- > CryptoPkg/CryptoPkg.dsc | 1 + > CryptoPkg/Library/TlsLibNull/InternalTlsLib.h | 16 + > CryptoPkg/Library/TlsLibNull/TlsConfigNull.c | 622 ++++++++++++++++++ > CryptoPkg/Library/TlsLibNull/TlsInitNull.c | 111 ++++ > CryptoPkg/Library/TlsLibNull/TlsLibNull.inf | 38 ++ > CryptoPkg/Library/TlsLibNull/TlsLibNull.uni | 13 + > CryptoPkg/Library/TlsLibNull/TlsProcessNull.c | 247 +++++++ > 7 files changed, 1048 insertions(+) > create mode 100644 CryptoPkg/Library/TlsLibNull/InternalTlsLib.h > create mode 100644 CryptoPkg/Library/TlsLibNull/TlsConfigNull.c > create mode 100644 CryptoPkg/Library/TlsLibNull/TlsInitNull.c > create mode 100644 CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > create mode 100644 CryptoPkg/Library/TlsLibNull/TlsLibNull.uni > create mode 100644 CryptoPkg/Library/TlsLibNull/TlsProcessNull.c >=20 > diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc > index c90e76c721..cea4335afb 100644 > --- a/CryptoPkg/CryptoPkg.dsc > +++ b/CryptoPkg/CryptoPkg.dsc > @@ -115,6 +115,7 @@ [Components] > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > CryptoPkg/Library/TlsLib/TlsLib.inf > + CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > CryptoPkg/Library/OpensslLib/OpensslLib.inf > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf >=20 > diff --git a/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h > b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h > new file mode 100644 > index 0000000000..888c9066bf > --- /dev/null > +++ b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h > @@ -0,0 +1,16 @@ > +/** @file > + Internal include file for TlsLibNull. > + > +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef __INTERNAL_TLS_LIB_NULL_H__ > +#define __INTERNAL_TLS_LIB_NULL_H__ > + > +#include > +#include > +#include > + > +#endif > diff --git a/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c > b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c > new file mode 100644 > index 0000000000..8033a61790 > --- /dev/null > +++ b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c > @@ -0,0 +1,622 @@ > +/** @file > + SSL/TLS Configuration Null Library Wrapper Implementation. > + > +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP
> +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include "InternalTlsLib.h" > + > +/** > + Set a new TLS/SSL method for a particular TLS object. > + > + This function sets a new TLS/SSL method for a particular TLS object. > + > + @param[in] Tls Pointer to a TLS object. > + @param[in] MajorVer Major Version of TLS/SSL Protocol. > + @param[in] MinorVer Minor Version of TLS/SSL Protocol. > + > + @retval EFI_SUCCESS The TLS/SSL method was set successfully= . > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_UNSUPPORTED Unsupported TLS/SSL method. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetVersion ( > + IN VOID *Tls, > + IN UINT8 MajorVer, > + IN UINT8 MinorVer > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Set TLS object to work in client or server mode. > + > + This function prepares a TLS object to work in client or server mode. > + > + @param[in] Tls Pointer to a TLS object. > + @param[in] IsServer Work in server mode. > + > + @retval EFI_SUCCESS The TLS/SSL work mode was set successfu= lly. > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_UNSUPPORTED Unsupported TLS/SSL work mode. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetConnectionEnd ( > + IN VOID *Tls, > + IN BOOLEAN IsServer > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Set the ciphers list to be used by the TLS object. > + > + This function sets the ciphers for use by a specified TLS object. > + > + @param[in] Tls Pointer to a TLS object. > + @param[in] CipherId Array of UINT16 cipher identifiers. Each UINT= 16 > + cipher identifier comes from the TLS Cipher S= uite > + Registry of the IANA, interpreting Byte1 and = Byte2 > + in network (big endian) byte order. > + @param[in] CipherNum The number of cipher in the list. > + > + @retval EFI_SUCCESS The ciphers list was set successfully. > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_UNSUPPORTED No supported TLS cipher was found in > CipherId. > + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetCipherList ( > + IN VOID *Tls, > + IN UINT16 *CipherId, > + IN UINTN CipherNum > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Set the compression method for TLS/SSL operations. > + > + This function handles TLS/SSL integrated compression methods. > + > + @param[in] CompMethod The compression method ID. > + > + @retval EFI_SUCCESS The compression method for the communicati= on > was > + set successfully. > + @retval EFI_UNSUPPORTED Unsupported compression method. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetCompressionMethod ( > + IN UINT8 CompMethod > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Set peer certificate verification mode for the TLS connection. > + > + This function sets the verification mode flags for the TLS connection. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in] VerifyMode A set of logically or'ed verification mode f= lags. > + > +**/ > +VOID > +EFIAPI > +TlsSetVerify ( > + IN VOID *Tls, > + IN UINT32 VerifyMode > + ) > +{ > + ASSERT(FALSE); > +} > + > +// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN) > accepted. [BEGIN] > +/** > + Set the specified host name to be verified. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in] Flags The setting flags during the validation. > + @param[in] HostName The specified host name to be verified. > + > + @retval EFI_SUCCESS The HostName setting was set successful= ly. > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_ABORTED Invalid HostName setting. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetVerifyHost ( > + IN VOID *Tls, > + IN UINT32 Flags, > + IN CHAR8 *HostName > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN) > accepted. [END] > + > +/** > + Sets a TLS/SSL session ID to be used during TLS/SSL connect. > + > + This function sets a session ID to be used when the TLS/SSL connection= is > + to be established. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in] SessionId Session ID data used for session resumptio= n. > + @param[in] SessionIdLen Length of Session ID in bytes. > + > + @retval EFI_SUCCESS Session ID was set successfully. > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_UNSUPPORTED No available session for ID setting. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetSessionId ( > + IN VOID *Tls, > + IN UINT8 *SessionId, > + IN UINT16 SessionIdLen > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Adds the CA to the cert store when requesting Server or Client authent= ication. > + > + This function adds the CA certificate to the list of CAs when requesti= ng > + Server or Client authentication for the chosen TLS connection. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in] Data Pointer to the data buffer of a DER-encoded bi= nary > + X.509 certificate or PEM-encoded X.509 certifi= cate. > + @param[in] DataSize The size of data buffer in bytes. > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_OUT_OF_RESOURCES Required resources could not be > allocated. > + @retval EFI_ABORTED Invalid X.509 certificate. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetCaCertificate ( > + IN VOID *Tls, > + IN VOID *Data, > + IN UINTN DataSize > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Loads the local public certificate into the specified TLS object. > + > + This function loads the X.509 certificate into the specified TLS objec= t > + for TLS negotiation. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in] Data Pointer to the data buffer of a DER-encoded bi= nary > + X.509 certificate or PEM-encoded X.509 certifi= cate. > + @param[in] DataSize The size of data buffer in bytes. > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_OUT_OF_RESOURCES Required resources could not be > allocated. > + @retval EFI_ABORTED Invalid X.509 certificate. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetHostPublicCert ( > + IN VOID *Tls, > + IN VOID *Data, > + IN UINTN DataSize > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Adds the local private key to the specified TLS object. > + > + This function adds the local private key (PEM-encoded RSA or PKCS#8 pr= ivate > + key) into the specified TLS object for TLS negotiation. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in] Data Pointer to the data buffer of a PEM-encoded RS= A > + or PKCS#8 private key. > + @param[in] DataSize The size of data buffer in bytes. > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_UNSUPPORTED This function is not supported. > + @retval EFI_ABORTED Invalid private key data. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetHostPrivateKey ( > + IN VOID *Tls, > + IN VOID *Data, > + IN UINTN DataSize > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Adds the CA-supplied certificate revocation list for certificate valid= ation. > + > + This function adds the CA-supplied certificate revocation list data fo= r > + certificate validity checking. > + > + @param[in] Data Pointer to the data buffer of a DER-encoded CR= L data. > + @param[in] DataSize The size of data buffer in bytes. > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_UNSUPPORTED This function is not supported. > + @retval EFI_ABORTED Invalid CRL data. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsSetCertRevocationList ( > + IN VOID *Data, > + IN UINTN DataSize > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Gets the protocol version used by the specified TLS connection. > + > + This function returns the protocol version used by the specified TLS > + connection. > + > + If Tls is NULL, then ASSERT(). > + > + @param[in] Tls Pointer to the TLS object. > + > + @return The protocol version of the specified TLS connection. > + > +**/ > +UINT16 > +EFIAPI > +TlsGetVersion ( > + IN VOID *Tls > + ) > +{ > + ASSERT(FALSE); > + return 0; > +} > + > +/** > + Gets the connection end of the specified TLS connection. > + > + This function returns the connection end (as client or as server) used= by > + the specified TLS connection. > + > + If Tls is NULL, then ASSERT(). > + > + @param[in] Tls Pointer to the TLS object. > + > + @return The connection end used by the specified TLS connection. > + > +**/ > +UINT8 > +EFIAPI > +TlsGetConnectionEnd ( > + IN VOID *Tls > + ) > +{ > + ASSERT(FALSE); > + return 0; > +} > + > +/** > + Gets the cipher suite used by the specified TLS connection. > + > + This function returns current cipher suite used by the specified > + TLS connection. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in,out] CipherId The cipher suite used by the TLS object. > + > + @retval EFI_SUCCESS The cipher suite was returned successfu= lly. > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_UNSUPPORTED Unsupported cipher suite. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsGetCurrentCipher ( > + IN VOID *Tls, > + IN OUT UINT16 *CipherId > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Gets the compression methods used by the specified TLS connection. > + > + This function returns current integrated compression methods used by > + the specified TLS connection. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in,out] CompressionId The current compression method used b= y > + the TLS object. > + > + @retval EFI_SUCCESS The compression method was returned > successfully. > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_ABORTED Invalid Compression method. > + @retval EFI_UNSUPPORTED This function is not supported. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsGetCurrentCompressionId ( > + IN VOID *Tls, > + IN OUT UINT8 *CompressionId > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Gets the verification mode currently set in the TLS connection. > + > + This function returns the peer verification mode currently set in the > + specified TLS connection. > + > + If Tls is NULL, then ASSERT(). > + > + @param[in] Tls Pointer to the TLS object. > + > + @return The verification mode set in the specified TLS connection. > + > +**/ > +UINT32 > +EFIAPI > +TlsGetVerify ( > + IN VOID *Tls > + ) > +{ > + ASSERT(FALSE); > + return 0; > +} > + > +/** > + Gets the session ID used by the specified TLS connection. > + > + This function returns the TLS/SSL session ID currently used by the > + specified TLS connection. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in,out] SessionId Buffer to contain the returned session= ID. > + @param[in,out] SessionIdLen The length of Session ID in bytes. > + > + @retval EFI_SUCCESS The Session ID was returned successfull= y. > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_UNSUPPORTED Invalid TLS/SSL session. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsGetSessionId ( > + IN VOID *Tls, > + IN OUT UINT8 *SessionId, > + IN OUT UINT16 *SessionIdLen > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Gets the client random data used in the specified TLS connection. > + > + This function returns the TLS/SSL client random data currently used in > + the specified TLS connection. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in,out] ClientRandom Buffer to contain the returned client > + random data (32 bytes). > + > +**/ > +VOID > +EFIAPI > +TlsGetClientRandom ( > + IN VOID *Tls, > + IN OUT UINT8 *ClientRandom > + ) > +{ > + ASSERT(FALSE); > +} > + > +/** > + Gets the server random data used in the specified TLS connection. > + > + This function returns the TLS/SSL server random data currently used in > + the specified TLS connection. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in,out] ServerRandom Buffer to contain the returned server > + random data (32 bytes). > + > +**/ > +VOID > +EFIAPI > +TlsGetServerRandom ( > + IN VOID *Tls, > + IN OUT UINT8 *ServerRandom > + ) > +{ > + ASSERT(FALSE); > +} > + > +/** > + Gets the master key data used in the specified TLS connection. > + > + This function returns the TLS/SSL master key material currently used i= n > + the specified TLS connection. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in,out] KeyMaterial Buffer to contain the returned key mate= rial. > + > + @retval EFI_SUCCESS Key material was returned successfully. > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_UNSUPPORTED Invalid TLS/SSL session. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsGetKeyMaterial ( > + IN VOID *Tls, > + IN OUT UINT8 *KeyMaterial > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Gets the CA Certificate from the cert store. > + > + This function returns the CA certificate for the chosen > + TLS connection. > + > + @param[in] Tls Pointer to the TLS object. > + @param[out] Data Pointer to the data buffer to receive the = CA > + certificate data sent to the client. > + @param[in,out] DataSize The size of data buffer in bytes. > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_UNSUPPORTED This function is not supported. > + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the dat= a. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsGetCaCertificate ( > + IN VOID *Tls, > + OUT VOID *Data, > + IN OUT UINTN *DataSize > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Gets the local public Certificate set in the specified TLS object. > + > + This function returns the local public certificate which was currently= set > + in the specified TLS object. > + > + @param[in] Tls Pointer to the TLS object. > + @param[out] Data Pointer to the data buffer to receive the = local > + public certificate. > + @param[in,out] DataSize The size of data buffer in bytes. > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_INVALID_PARAMETER The parameter is invalid. > + @retval EFI_NOT_FOUND The certificate is not found. > + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the dat= a. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsGetHostPublicCert ( > + IN VOID *Tls, > + OUT VOID *Data, > + IN OUT UINTN *DataSize > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Gets the local private key set in the specified TLS object. > + > + This function returns the local private key data which was currently s= et > + in the specified TLS object. > + > + @param[in] Tls Pointer to the TLS object. > + @param[out] Data Pointer to the data buffer to receive the = local > + private key data. > + @param[in,out] DataSize The size of data buffer in bytes. > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_UNSUPPORTED This function is not supported. > + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the dat= a. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsGetHostPrivateKey ( > + IN VOID *Tls, > + OUT VOID *Data, > + IN OUT UINTN *DataSize > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Gets the CA-supplied certificate revocation list data set in the speci= fied > + TLS object. > + > + This function returns the CA-supplied certificate revocation list data= which > + was currently set in the specified TLS object. > + > + @param[out] Data Pointer to the data buffer to receive the = CRL data. > + @param[in,out] DataSize The size of data buffer in bytes. > + > + @retval EFI_SUCCESS The operation succeeded. > + @retval EFI_UNSUPPORTED This function is not supported. > + @retval EFI_BUFFER_TOO_SMALL The Data is too small to hold the dat= a. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsGetCertRevocationList ( > + OUT VOID *Data, > + IN OUT UINTN *DataSize > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > diff --git a/CryptoPkg/Library/TlsLibNull/TlsInitNull.c > b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c > new file mode 100644 > index 0000000000..3e44117b82 > --- /dev/null > +++ b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c > @@ -0,0 +1,111 @@ > +/** @file > + SSL/TLS Initialization Null Library Wrapper Implementation. > + > +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP
> +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include "InternalTlsLib.h" > + > +/** > + Initializes the library. > + > + This function registers ciphers and digests used directly and indirect= ly > + by SSL/TLS, and initializes the readable error messages. > + This function must be called before any other action takes places. > + > + @retval TRUE The library has been initialized. > + @retval FALSE Failed to initialize the library. > + > +**/ > +BOOLEAN > +EFIAPI > +TlsInitialize ( > + VOID > + ) > +{ > + ASSERT(FALSE); > + return FALSE; > +} > + > +/** > + Free an allocated SSL_CTX object. > + > + @param[in] TlsCtx Pointer to the SSL_CTX object to be released. > + > +**/ > +VOID > +EFIAPI > +TlsCtxFree ( > + IN VOID *TlsCtx > + ) > +{ > + ASSERT(FALSE); > + return; > +} > + > +/** > + Creates a new SSL_CTX object as framework to establish TLS/SSL enabled > + connections. > + > + @param[in] MajorVer Major Version of TLS/SSL Protocol. > + @param[in] MinorVer Minor Version of TLS/SSL Protocol. > + > + @return Pointer to an allocated SSL_CTX object. > + If the creation failed, TlsCtxNew() returns NULL. > + > +**/ > +VOID * > +EFIAPI > +TlsCtxNew ( > + IN UINT8 MajorVer, > + IN UINT8 MinorVer > + ) > +{ > + ASSERT(FALSE); > + return NULL; > +} > + > +/** > + Free an allocated TLS object. > + > + This function removes the TLS object pointed to by Tls and frees up th= e > + allocated memory. If Tls is NULL, nothing is done. > + > + @param[in] Tls Pointer to the TLS object to be freed. > + > +**/ > +VOID > +EFIAPI > +TlsFree ( > + IN VOID *Tls > + ) > +{ > + ASSERT(FALSE); > +} > + > +/** > + Create a new TLS object for a connection. > + > + This function creates a new TLS object for a connection. The new objec= t > + inherits the setting of the underlying context TlsCtx: connection meth= od, > + options, verification setting. > + > + @param[in] TlsCtx Pointer to the SSL_CTX object. > + > + @return Pointer to an allocated SSL object. > + If the creation failed, TlsNew() returns NULL. > + > +**/ > +VOID * > +EFIAPI > +TlsNew ( > + IN VOID *TlsCtx > + ) > +{ > + ASSERT(FALSE); > + return NULL; > +} > + > diff --git a/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > new file mode 100644 > index 0000000000..33f0e7493f > --- /dev/null > +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > @@ -0,0 +1,38 @@ > +## @file > +# SSL/TLS Wrapper Null Library Instance. > +# > +# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved. > +# (C) Copyright 2016 Hewlett Packard Enterprise Development LP
> +# SPDX-License-Identifier: BSD-2-Clause-Patent > +# > +## > + > +[Defines] > + INF_VERSION =3D 0x00010005 > + BASE_NAME =3D TlsLibNull > + MODULE_UNI_FILE =3D TlsLibNull.uni > + FILE_GUID =3D 705a5b3b-cfa5-42ea-87f0-f2b8d44ec52= 1 > + MODULE_TYPE =3D BASE > + VERSION_STRING =3D 1.0 > + LIBRARY_CLASS =3D TlsLib > + > +# > +# The following information is for reference only and not required by th= e build > tools. > +# > +# VALID_ARCHITECTURES =3D IA32 X64 ARM AARCH64 > +# > + > +[Sources] > + InternalTlsLib.h > + TlsInitNull.c > + TlsConfigNull.c > + TlsProcessNull.c > + > +[Packages] > + MdePkg/MdePkg.dec > + CryptoPkg/CryptoPkg.dec > + > +[LibraryClasses] > + BaseCryptLib > + DebugLib > + BaseLib > diff --git a/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni > b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni > new file mode 100644 > index 0000000000..869f3fcf78 > --- /dev/null > +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni > @@ -0,0 +1,13 @@ > +// /** @file > +// SSL/TLS Wrapper Null Library Instance. > +// > +// Copyright (c) 2016, Intel Corporation. All rights reserved.
> +// > +// SPDX-License-Identifier: BSD-2-Clause-Patent > +// > +// **/ > + > + > +#string STR_MODULE_ABSTRACT #language en-US "SSL/TLS Wrapper > Null Library Instance" > + > +#string STR_MODULE_DESCRIPTION #language en-US "This module > provides SSL/TLS Wrapper Null Library Instance." > diff --git a/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c > b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c > new file mode 100644 > index 0000000000..2949d4c885 > --- /dev/null > +++ b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c > @@ -0,0 +1,247 @@ > +/** @file > + SSL/TLS Process Null Library Wrapper Implementation. > + The process includes the TLS handshake and packet I/O. > + > +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP
> +SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include "InternalTlsLib.h" > + > +/** > + Checks if the TLS handshake was done. > + > + This function will check if the specified TLS handshake was done. > + > + @param[in] Tls Pointer to the TLS object for handshake state check= ing. > + > + @retval TRUE The TLS handshake was done. > + @retval FALSE The TLS handshake was not done. > + > +**/ > +BOOLEAN > +EFIAPI > +TlsInHandshake ( > + IN VOID *Tls > + ) > +{ > + ASSERT(FALSE); > + return FALSE; > +} > + > +/** > + Perform a TLS/SSL handshake. > + > + This function will perform a TLS/SSL handshake. > + > + @param[in] Tls Pointer to the TLS object for handshak= e operation. > + @param[in] BufferIn Pointer to the most recently received = TLS > Handshake packet. > + @param[in] BufferInSize Packet size in bytes for the most rece= ntly > received TLS > + Handshake packet. > + @param[out] BufferOut Pointer to the buffer to hold the buil= t packet. > + @param[in, out] BufferOutSize Pointer to the buffer size in bytes. O= n input, it > is > + the buffer size provided by the caller= . On output, it > + is the buffer size in fact needed to c= ontain the > + packet. > + > + @retval EFI_SUCCESS The required TLS packet is built succe= ssfully. > + @retval EFI_INVALID_PARAMETER One or more of the following condition= s > is TRUE: > + Tls is NULL. > + BufferIn is NULL but BufferInSize is N= OT 0. > + BufferInSize is 0 but BufferIn is NOT = NULL. > + BufferOutSize is NULL. > + BufferOut is NULL if *BufferOutSize is= not zero. > + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the > response packet. > + @retval EFI_ABORTED Something wrong during handshake. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsDoHandshake ( > + IN VOID *Tls, > + IN UINT8 *BufferIn, OPTIONAL > + IN UINTN BufferInSize, OPTIONAL > + OUT UINT8 *BufferOut, OPTIONAL > + IN OUT UINTN *BufferOutSize > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Handle Alert message recorded in BufferIn. If BufferIn is NULL and > BufferInSize is zero, > + TLS session has errors and the response packet needs to be Alert messa= ge > based on error type. > + > + @param[in] Tls Pointer to the TLS object for state ch= ecking. > + @param[in] BufferIn Pointer to the most recently received = TLS Alert > packet. > + @param[in] BufferInSize Packet size in bytes for the most rece= ntly > received TLS > + Alert packet. > + @param[out] BufferOut Pointer to the buffer to hold the buil= t packet. > + @param[in, out] BufferOutSize Pointer to the buffer size in bytes. O= n input, it > is > + the buffer size provided by the caller= . On output, it > + is the buffer size in fact needed to c= ontain the > + packet. > + > + @retval EFI_SUCCESS The required TLS packet is built succe= ssfully. > + @retval EFI_INVALID_PARAMETER One or more of the following condition= s > is TRUE: > + Tls is NULL. > + BufferIn is NULL but BufferInSize is N= OT 0. > + BufferInSize is 0 but BufferIn is NOT = NULL. > + BufferOutSize is NULL. > + BufferOut is NULL if *BufferOutSize is= not zero. > + @retval EFI_ABORTED An error occurred. > + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the > response packet. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsHandleAlert ( > + IN VOID *Tls, > + IN UINT8 *BufferIn, OPTIONAL > + IN UINTN BufferInSize, OPTIONAL > + OUT UINT8 *BufferOut, OPTIONAL > + IN OUT UINTN *BufferOutSize > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Build the CloseNotify packet. > + > + @param[in] Tls Pointer to the TLS object for state ch= ecking. > + @param[in, out] Buffer Pointer to the buffer to hold the buil= t packet. > + @param[in, out] BufferSize Pointer to the buffer size in bytes. O= n input, it is > + the buffer size provided by the caller= . On output, it > + is the buffer size in fact needed to c= ontain the > + packet. > + > + @retval EFI_SUCCESS The required TLS packet is built succe= ssfully. > + @retval EFI_INVALID_PARAMETER One or more of the following condition= s > is TRUE: > + Tls is NULL. > + BufferSize is NULL. > + Buffer is NULL if *BufferSize is not z= ero. > + @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the > response packet. > + > +**/ > +EFI_STATUS > +EFIAPI > +TlsCloseNotify ( > + IN VOID *Tls, > + IN OUT UINT8 *Buffer, > + IN OUT UINTN *BufferSize > + ) > +{ > + ASSERT(FALSE); > + return EFI_UNSUPPORTED; > +} > + > +/** > + Attempts to read bytes from one TLS object and places the data in Buff= er. > + > + This function will attempt to read BufferSize bytes from the TLS objec= t > + and places the data in Buffer. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in,out] Buffer Pointer to the buffer to store the data. > + @param[in] BufferSize The size of Buffer in bytes. > + > + @retval >0 The amount of data successfully read from the TLS objec= t. > + @retval <=3D0 No data was successfully read. > + > +**/ > +INTN > +EFIAPI > +TlsCtrlTrafficOut ( > + IN VOID *Tls, > + IN OUT VOID *Buffer, > + IN UINTN BufferSize > + ) > +{ > + ASSERT(FALSE); > + return 0; > +} > + > +/** > + Attempts to write data from the buffer to TLS object. > + > + This function will attempt to write BufferSize bytes data from the Buf= fer > + to the TLS object. > + > + @param[in] Tls Pointer to the TLS object. > + @param[in] Buffer Pointer to the data buffer. > + @param[in] BufferSize The size of Buffer in bytes. > + > + @retval >0 The amount of data successfully written to the TLS obje= ct. > + @retval <=3D0 No data was successfully written. > + > +**/ > +INTN > +EFIAPI > +TlsCtrlTrafficIn ( > + IN VOID *Tls, > + IN VOID *Buffer, > + IN UINTN BufferSize > + ) > +{ > + ASSERT(FALSE); > + return 0; > +} > +/** > + Attempts to read bytes from the specified TLS connection into the buff= er. > + > + This function tries to read BufferSize bytes data from the specified T= LS > + connection into the Buffer. > + > + @param[in] Tls Pointer to the TLS connection for data r= eading. > + @param[in,out] Buffer Pointer to the data buffer. > + @param[in] BufferSize The size of Buffer in bytes. > + > + @retval >0 The read operation was successful, and return value is = the > + number of bytes actually read from the TLS connection. > + @retval <=3D0 The read operation was not successful. > + > +**/ > +INTN > +EFIAPI > +TlsRead ( > + IN VOID *Tls, > + IN OUT VOID *Buffer, > + IN UINTN BufferSize > + ) > +{ > + ASSERT(FALSE); > + return 0; > +} > + > +/** > + Attempts to write data to a TLS connection. > + > + This function tries to write BufferSize bytes data from the Buffer int= o the > + specified TLS connection. > + > + @param[in] Tls Pointer to the TLS connection for data writi= ng. > + @param[in] Buffer Pointer to the data buffer. > + @param[in] BufferSize The size of Buffer in bytes. > + > + @retval >0 The write operation was successful, and return value is= the > + number of bytes actually written to the TLS connection. > + @retval <=3D0 The write operation was not successful. > + > +**/ > +INTN > +EFIAPI > +TlsWrite ( > + IN VOID *Tls, > + IN VOID *Buffer, > + IN UINTN BufferSize > + ) > +{ > + ASSERT(FALSE); > + return 0; > +} > + > -- > 2.21.0.windows.1