From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: "Wang, Jian J" <jian.j.wang@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Kinney, Michael D" <michael.d.kinney@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>,
"Lu, XiaoyuX" <xiaoyux.lu@intel.com>
Subject: Re: [Patch] CryptoPkg: Add Null instance of the TlsLib class
Date: Wed, 23 Oct 2019 21:39:26 +0000 [thread overview]
Message-ID: <E92EE9817A31E24EB0585FDF735412F5B9DF110E@ORSMSX113.amr.corp.intel.com> (raw)
In-Reply-To: <D827630B58408649ACB04F44C510003625997A53@SHSMSX107.ccr.corp.intel.com>
Hi Jian,
Thanks for the feedback. I verified with Sean that the
current patch contents are correct.
Mike
> -----Original Message-----
> From: Wang, Jian J <jian.j.wang@intel.com>
> Sent: Wednesday, October 23, 2019 1:23 AM
> To: Kinney, Michael D <michael.d.kinney@intel.com>;
> devel@edk2.groups.io
> Cc: Sean Brogan <sean.brogan@microsoft.com>; Lu, XiaoyuX
> <xiaoyux.lu@intel.com>
> Subject: RE: [Patch] CryptoPkg: Add Null instance of the
> TlsLib class
>
> Hi Mike,
>
> The copyright and the year might need update (Not sure
> about it. I guess they're copied from non-null version
> of file.) With it addressed (if necessary),
>
> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
>
> Regards,
> Jian
>
> > -----Original Message-----
> > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > Sent: Wednesday, October 23, 2019 5:41 AM
> > To: devel@edk2.groups.io
> > Cc: Sean Brogan <sean.brogan@microsoft.com>; Wang,
> Jian J
> > <jian.j.wang@intel.com>; Lu, XiaoyuX
> <xiaoyux.lu@intel.com>
> > Subject: [Patch] CryptoPkg: Add Null instance of the
> TlsLib class
> >
> > From: Sean Brogan <sean.brogan@microsoft.com>
> >
> > https://bugzilla.tianocore.org/show_bug.cgi?id=2258
> >
> > Add a Null instance of the TlsLib class. This lib
> instance can be
> > used as a template for new implementations of the
> TlsLib class and can
> > also be used to reduce CI build times for build checks
> that depend on
> > the TlsLib class.
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Signed-off-by: Michael D Kinney
> <michael.d.kinney@intel.com>
> > ---
> > CryptoPkg/CryptoPkg.dsc | 1 +
> > CryptoPkg/Library/TlsLibNull/InternalTlsLib.h | 16 +
> > CryptoPkg/Library/TlsLibNull/TlsConfigNull.c | 622
> ++++++++++++++++++
> > CryptoPkg/Library/TlsLibNull/TlsInitNull.c | 111
> ++++
> > CryptoPkg/Library/TlsLibNull/TlsLibNull.inf | 38
> ++
> > CryptoPkg/Library/TlsLibNull/TlsLibNull.uni | 13 +
> > CryptoPkg/Library/TlsLibNull/TlsProcessNull.c | 247
> +++++++
> > 7 files changed, 1048 insertions(+)
> > create mode 100644
> CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> > create mode 100644
> CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> > create mode 100644
> CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> > create mode 100644
> CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> > create mode 100644
> CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> > create mode 100644
> CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> >
> > diff --git a/CryptoPkg/CryptoPkg.dsc
> b/CryptoPkg/CryptoPkg.dsc index
> > c90e76c721..cea4335afb 100644
> > --- a/CryptoPkg/CryptoPkg.dsc
> > +++ b/CryptoPkg/CryptoPkg.dsc
> > @@ -115,6 +115,7 @@ [Components]
> > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> > CryptoPkg/Library/TlsLib/TlsLib.inf
> > + CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> > CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> >
> > diff --git
> a/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> > b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> > new file mode 100644
> > index 0000000000..888c9066bf
> > --- /dev/null
> > +++ b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> > @@ -0,0 +1,16 @@
> > +/** @file
> > + Internal include file for TlsLibNull.
> > +
> > +Copyright (c) 2016 - 2017, Intel Corporation. All
> rights
> > +reserved.<BR>
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#ifndef __INTERNAL_TLS_LIB_NULL_H__
> > +#define __INTERNAL_TLS_LIB_NULL_H__
> > +
> > +#include <Library/BaseCryptLib.h>
> > +#include <Library/DebugLib.h>
> > +#include <Library/BaseLib.h>
> > +
> > +#endif
> > diff --git
> a/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> > b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> > new file mode 100644
> > index 0000000000..8033a61790
> > --- /dev/null
> > +++ b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> > @@ -0,0 +1,622 @@
> > +/** @file
> > + SSL/TLS Configuration Null Library Wrapper
> Implementation.
> > +
> > +Copyright (c) 2016 - 2017, Intel Corporation. All
> rights
> > +reserved.<BR>
> > +(C) Copyright 2016 Hewlett Packard Enterprise
> Development LP<BR>
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include "InternalTlsLib.h"
> > +
> > +/**
> > + Set a new TLS/SSL method for a particular TLS
> object.
> > +
> > + This function sets a new TLS/SSL method for a
> particular TLS object.
> > +
> > + @param[in] Tls Pointer to a TLS object.
> > + @param[in] MajorVer Major Version of TLS/SSL
> Protocol.
> > + @param[in] MinorVer Minor Version of TLS/SSL
> Protocol.
> > +
> > + @retval EFI_SUCCESS The TLS/SSL method
> was set successfully.
> > + @retval EFI_INVALID_PARAMETER The parameter is
> invalid.
> > + @retval EFI_UNSUPPORTED Unsupported TLS/SSL
> method.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetVersion (
> > + IN VOID *Tls,
> > + IN UINT8 MajorVer,
> > + IN UINT8 MinorVer
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Set TLS object to work in client or server mode.
> > +
> > + This function prepares a TLS object to work in
> client or server mode.
> > +
> > + @param[in] Tls Pointer to a TLS object.
> > + @param[in] IsServer Work in server mode.
> > +
> > + @retval EFI_SUCCESS The TLS/SSL work
> mode was set successfully.
> > + @retval EFI_INVALID_PARAMETER The parameter is
> invalid.
> > + @retval EFI_UNSUPPORTED Unsupported TLS/SSL
> work mode.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetConnectionEnd (
> > + IN VOID *Tls,
> > + IN BOOLEAN IsServer
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Set the ciphers list to be used by the TLS object.
> > +
> > + This function sets the ciphers for use by a
> specified TLS object.
> > +
> > + @param[in] Tls Pointer to a TLS object.
> > + @param[in] CipherId Array of UINT16 cipher
> identifiers. Each UINT16
> > + cipher identifier comes
> from the TLS Cipher Suite
> > + Registry of the IANA,
> interpreting Byte1 and Byte2
> > + in network (big endian)
> byte order.
> > + @param[in] CipherNum The number of cipher in
> the list.
> > +
> > + @retval EFI_SUCCESS The ciphers list was
> set successfully.
> > + @retval EFI_INVALID_PARAMETER The parameter is
> invalid.
> > + @retval EFI_UNSUPPORTED No supported TLS
> cipher was found in
> > CipherId.
> > + @retval EFI_OUT_OF_RESOURCES Memory allocation
> failed.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetCipherList (
> > + IN VOID *Tls,
> > + IN UINT16 *CipherId,
> > + IN UINTN CipherNum
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Set the compression method for TLS/SSL operations.
> > +
> > + This function handles TLS/SSL integrated
> compression methods.
> > +
> > + @param[in] CompMethod The compression method
> ID.
> > +
> > + @retval EFI_SUCCESS The compression method
> for the communication
> > was
> > + set successfully.
> > + @retval EFI_UNSUPPORTED Unsupported compression
> method.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetCompressionMethod (
> > + IN UINT8 CompMethod
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Set peer certificate verification mode for the TLS
> connection.
> > +
> > + This function sets the verification mode flags for
> the TLS connection.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[in] VerifyMode A set of logically or'ed
> verification mode flags.
> > +
> > +**/
> > +VOID
> > +EFIAPI
> > +TlsSetVerify (
> > + IN VOID *Tls,
> > + IN UINT32 VerifyMode
> > + )
> > +{
> > + ASSERT(FALSE);
> > +}
> > +
> > +// MU_CHANGE - Proposed fixes for TCBZ960, invalid
> domain name (CN)
> > accepted. [BEGIN]
> > +/**
> > + Set the specified host name to be verified.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[in] Flags The setting flags during
> the validation.
> > + @param[in] HostName The specified host name
> to be verified.
> > +
> > + @retval EFI_SUCCESS The HostName setting
> was set successfully.
> > + @retval EFI_INVALID_PARAMETER The parameter is
> invalid.
> > + @retval EFI_ABORTED Invalid HostName
> setting.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetVerifyHost (
> > + IN VOID *Tls,
> > + IN UINT32 Flags,
> > + IN CHAR8 *HostName
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +// MU_CHANGE - Proposed fixes for TCBZ960, invalid
> domain name (CN)
> > accepted. [END]
> > +
> > +/**
> > + Sets a TLS/SSL session ID to be used during TLS/SSL
> connect.
> > +
> > + This function sets a session ID to be used when the
> TLS/SSL
> > + connection is to be established.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[in] SessionId Session ID data used
> for session resumption.
> > + @param[in] SessionIdLen Length of Session ID in
> bytes.
> > +
> > + @retval EFI_SUCCESS Session ID was set
> successfully.
> > + @retval EFI_INVALID_PARAMETER The parameter is
> invalid.
> > + @retval EFI_UNSUPPORTED No available session
> for ID setting.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetSessionId (
> > + IN VOID *Tls,
> > + IN UINT8 *SessionId,
> > + IN UINT16 SessionIdLen
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Adds the CA to the cert store when requesting
> Server or Client authentication.
> > +
> > + This function adds the CA certificate to the list
> of CAs when
> > + requesting Server or Client authentication for the
> chosen TLS connection.
> > +
> > + @param[in] Tls Pointer to the TLS object.
> > + @param[in] Data Pointer to the data buffer
> of a DER-encoded binary
> > + X.509 certificate or PEM-
> encoded X.509 certificate.
> > + @param[in] DataSize The size of data buffer in
> bytes.
> > +
> > + @retval EFI_SUCCESS The operation
> succeeded.
> > + @retval EFI_INVALID_PARAMETER The parameter is
> invalid.
> > + @retval EFI_OUT_OF_RESOURCES Required resources
> could not be
> > allocated.
> > + @retval EFI_ABORTED Invalid X.509
> certificate.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetCaCertificate (
> > + IN VOID *Tls,
> > + IN VOID *Data,
> > + IN UINTN DataSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Loads the local public certificate into the
> specified TLS object.
> > +
> > + This function loads the X.509 certificate into the
> specified TLS
> > + object for TLS negotiation.
> > +
> > + @param[in] Tls Pointer to the TLS object.
> > + @param[in] Data Pointer to the data buffer
> of a DER-encoded binary
> > + X.509 certificate or PEM-
> encoded X.509 certificate.
> > + @param[in] DataSize The size of data buffer in
> bytes.
> > +
> > + @retval EFI_SUCCESS The operation
> succeeded.
> > + @retval EFI_INVALID_PARAMETER The parameter is
> invalid.
> > + @retval EFI_OUT_OF_RESOURCES Required resources
> could not be
> > allocated.
> > + @retval EFI_ABORTED Invalid X.509
> certificate.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetHostPublicCert (
> > + IN VOID *Tls,
> > + IN VOID *Data,
> > + IN UINTN DataSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Adds the local private key to the specified TLS
> object.
> > +
> > + This function adds the local private key (PEM-
> encoded RSA or PKCS#8
> > + private
> > + key) into the specified TLS object for TLS
> negotiation.
> > +
> > + @param[in] Tls Pointer to the TLS object.
> > + @param[in] Data Pointer to the data buffer
> of a PEM-encoded RSA
> > + or PKCS#8 private key.
> > + @param[in] DataSize The size of data buffer in
> bytes.
> > +
> > + @retval EFI_SUCCESS The operation succeeded.
> > + @retval EFI_UNSUPPORTED This function is not
> supported.
> > + @retval EFI_ABORTED Invalid private key data.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetHostPrivateKey (
> > + IN VOID *Tls,
> > + IN VOID *Data,
> > + IN UINTN DataSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Adds the CA-supplied certificate revocation list
> for certificate validation.
> > +
> > + This function adds the CA-supplied certificate
> revocation list data
> > + for certificate validity checking.
> > +
> > + @param[in] Data Pointer to the data buffer
> of a DER-encoded CRL data.
> > + @param[in] DataSize The size of data buffer in
> bytes.
> > +
> > + @retval EFI_SUCCESS The operation succeeded.
> > + @retval EFI_UNSUPPORTED This function is not
> supported.
> > + @retval EFI_ABORTED Invalid CRL data.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetCertRevocationList (
> > + IN VOID *Data,
> > + IN UINTN DataSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Gets the protocol version used by the specified TLS
> connection.
> > +
> > + This function returns the protocol version used by
> the specified
> > + TLS connection.
> > +
> > + If Tls is NULL, then ASSERT().
> > +
> > + @param[in] Tls Pointer to the TLS object.
> > +
> > + @return The protocol version of the specified TLS
> connection.
> > +
> > +**/
> > +UINT16
> > +EFIAPI
> > +TlsGetVersion (
> > + IN VOID *Tls
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return 0;
> > +}
> > +
> > +/**
> > + Gets the connection end of the specified TLS
> connection.
> > +
> > + This function returns the connection end (as client
> or as server)
> > + used by the specified TLS connection.
> > +
> > + If Tls is NULL, then ASSERT().
> > +
> > + @param[in] Tls Pointer to the TLS object.
> > +
> > + @return The connection end used by the specified
> TLS connection.
> > +
> > +**/
> > +UINT8
> > +EFIAPI
> > +TlsGetConnectionEnd (
> > + IN VOID *Tls
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return 0;
> > +}
> > +
> > +/**
> > + Gets the cipher suite used by the specified TLS
> connection.
> > +
> > + This function returns current cipher suite used by
> the specified
> > + TLS connection.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[in,out] CipherId The cipher suite used
> by the TLS object.
> > +
> > + @retval EFI_SUCCESS The cipher suite was
> returned successfully.
> > + @retval EFI_INVALID_PARAMETER The parameter is
> invalid.
> > + @retval EFI_UNSUPPORTED Unsupported cipher
> suite.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetCurrentCipher (
> > + IN VOID *Tls,
> > + IN OUT UINT16 *CipherId
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Gets the compression methods used by the specified
> TLS connection.
> > +
> > + This function returns current integrated
> compression methods used
> > + by the specified TLS connection.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[in,out] CompressionId The current
> compression method used by
> > + the TLS object.
> > +
> > + @retval EFI_SUCCESS The compression
> method was returned
> > successfully.
> > + @retval EFI_INVALID_PARAMETER The parameter is
> invalid.
> > + @retval EFI_ABORTED Invalid Compression
> method.
> > + @retval EFI_UNSUPPORTED This function is not
> supported.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetCurrentCompressionId (
> > + IN VOID *Tls,
> > + IN OUT UINT8 *CompressionId
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Gets the verification mode currently set in the TLS
> connection.
> > +
> > + This function returns the peer verification mode
> currently set in
> > + the specified TLS connection.
> > +
> > + If Tls is NULL, then ASSERT().
> > +
> > + @param[in] Tls Pointer to the TLS object.
> > +
> > + @return The verification mode set in the specified
> TLS connection.
> > +
> > +**/
> > +UINT32
> > +EFIAPI
> > +TlsGetVerify (
> > + IN VOID *Tls
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return 0;
> > +}
> > +
> > +/**
> > + Gets the session ID used by the specified TLS
> connection.
> > +
> > + This function returns the TLS/SSL session ID
> currently used by the
> > + specified TLS connection.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[in,out] SessionId Buffer to contain
> the returned session ID.
> > + @param[in,out] SessionIdLen The length of
> Session ID in bytes.
> > +
> > + @retval EFI_SUCCESS The Session ID was
> returned successfully.
> > + @retval EFI_INVALID_PARAMETER The parameter is
> invalid.
> > + @retval EFI_UNSUPPORTED Invalid TLS/SSL
> session.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetSessionId (
> > + IN VOID *Tls,
> > + IN OUT UINT8 *SessionId,
> > + IN OUT UINT16 *SessionIdLen
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Gets the client random data used in the specified
> TLS connection.
> > +
> > + This function returns the TLS/SSL client random
> data currently used
> > + in the specified TLS connection.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[in,out] ClientRandom Buffer to contain
> the returned client
> > + random data (32
> bytes).
> > +
> > +**/
> > +VOID
> > +EFIAPI
> > +TlsGetClientRandom (
> > + IN VOID *Tls,
> > + IN OUT UINT8 *ClientRandom
> > + )
> > +{
> > + ASSERT(FALSE);
> > +}
> > +
> > +/**
> > + Gets the server random data used in the specified
> TLS connection.
> > +
> > + This function returns the TLS/SSL server random
> data currently used
> > + in the specified TLS connection.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[in,out] ServerRandom Buffer to contain
> the returned server
> > + random data (32
> bytes).
> > +
> > +**/
> > +VOID
> > +EFIAPI
> > +TlsGetServerRandom (
> > + IN VOID *Tls,
> > + IN OUT UINT8 *ServerRandom
> > + )
> > +{
> > + ASSERT(FALSE);
> > +}
> > +
> > +/**
> > + Gets the master key data used in the specified TLS
> connection.
> > +
> > + This function returns the TLS/SSL master key
> material currently
> > + used in the specified TLS connection.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[in,out] KeyMaterial Buffer to contain
> the returned key material.
> > +
> > + @retval EFI_SUCCESS Key material was
> returned successfully.
> > + @retval EFI_INVALID_PARAMETER The parameter is
> invalid.
> > + @retval EFI_UNSUPPORTED Invalid TLS/SSL
> session.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetKeyMaterial (
> > + IN VOID *Tls,
> > + IN OUT UINT8 *KeyMaterial
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Gets the CA Certificate from the cert store.
> > +
> > + This function returns the CA certificate for the
> chosen TLS
> > + connection.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[out] Data Pointer to the data
> buffer to receive the CA
> > + certificate data sent
> to the client.
> > + @param[in,out] DataSize The size of data buffer
> in bytes.
> > +
> > + @retval EFI_SUCCESS The operation
> succeeded.
> > + @retval EFI_UNSUPPORTED This function is
> not supported.
> > + @retval EFI_BUFFER_TOO_SMALL The Data is too
> small to hold the data.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetCaCertificate (
> > + IN VOID *Tls,
> > + OUT VOID *Data,
> > + IN OUT UINTN *DataSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Gets the local public Certificate set in the
> specified TLS object.
> > +
> > + This function returns the local public certificate
> which was
> > + currently set in the specified TLS object.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[out] Data Pointer to the data
> buffer to receive the local
> > + public certificate.
> > + @param[in,out] DataSize The size of data buffer
> in bytes.
> > +
> > + @retval EFI_SUCCESS The operation
> succeeded.
> > + @retval EFI_INVALID_PARAMETER The parameter is
> invalid.
> > + @retval EFI_NOT_FOUND The certificate is
> not found.
> > + @retval EFI_BUFFER_TOO_SMALL The Data is too
> small to hold the data.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetHostPublicCert (
> > + IN VOID *Tls,
> > + OUT VOID *Data,
> > + IN OUT UINTN *DataSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Gets the local private key set in the specified TLS
> object.
> > +
> > + This function returns the local private key data
> which was
> > + currently set in the specified TLS object.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[out] Data Pointer to the data
> buffer to receive the local
> > + private key data.
> > + @param[in,out] DataSize The size of data buffer
> in bytes.
> > +
> > + @retval EFI_SUCCESS The operation
> succeeded.
> > + @retval EFI_UNSUPPORTED This function is
> not supported.
> > + @retval EFI_BUFFER_TOO_SMALL The Data is too
> small to hold the data.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetHostPrivateKey (
> > + IN VOID *Tls,
> > + OUT VOID *Data,
> > + IN OUT UINTN *DataSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Gets the CA-supplied certificate revocation list
> data set in the
> > +specified
> > + TLS object.
> > +
> > + This function returns the CA-supplied certificate
> revocation list
> > + data which was currently set in the specified TLS
> object.
> > +
> > + @param[out] Data Pointer to the data
> buffer to receive the CRL data.
> > + @param[in,out] DataSize The size of data buffer
> in bytes.
> > +
> > + @retval EFI_SUCCESS The operation
> succeeded.
> > + @retval EFI_UNSUPPORTED This function is
> not supported.
> > + @retval EFI_BUFFER_TOO_SMALL The Data is too
> small to hold the data.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetCertRevocationList (
> > + OUT VOID *Data,
> > + IN OUT UINTN *DataSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > diff --git
> a/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> > b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> > new file mode 100644
> > index 0000000000..3e44117b82
> > --- /dev/null
> > +++ b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> > @@ -0,0 +1,111 @@
> > +/** @file
> > + SSL/TLS Initialization Null Library Wrapper
> Implementation.
> > +
> > +Copyright (c) 2016 - 2017, Intel Corporation. All
> rights
> > +reserved.<BR>
> > +(C) Copyright 2016 Hewlett Packard Enterprise
> Development LP<BR>
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include "InternalTlsLib.h"
> > +
> > +/**
> > + Initializes the library.
> > +
> > + This function registers ciphers and digests used
> directly and
> > + indirectly by SSL/TLS, and initializes the readable
> error messages.
> > + This function must be called before any other
> action takes places.
> > +
> > + @retval TRUE The library has been initialized.
> > + @retval FALSE Failed to initialize the library.
> > +
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +TlsInitialize (
> > + VOID
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return FALSE;
> > +}
> > +
> > +/**
> > + Free an allocated SSL_CTX object.
> > +
> > + @param[in] TlsCtx Pointer to the SSL_CTX object
> to be released.
> > +
> > +**/
> > +VOID
> > +EFIAPI
> > +TlsCtxFree (
> > + IN VOID *TlsCtx
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return;
> > +}
> > +
> > +/**
> > + Creates a new SSL_CTX object as framework to
> establish TLS/SSL
> > +enabled
> > + connections.
> > +
> > + @param[in] MajorVer Major Version of TLS/SSL
> Protocol.
> > + @param[in] MinorVer Minor Version of TLS/SSL
> Protocol.
> > +
> > + @return Pointer to an allocated SSL_CTX object.
> > + If the creation failed, TlsCtxNew()
> returns NULL.
> > +
> > +**/
> > +VOID *
> > +EFIAPI
> > +TlsCtxNew (
> > + IN UINT8 MajorVer,
> > + IN UINT8 MinorVer
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return NULL;
> > +}
> > +
> > +/**
> > + Free an allocated TLS object.
> > +
> > + This function removes the TLS object pointed to by
> Tls and frees up
> > + the allocated memory. If Tls is NULL, nothing is
> done.
> > +
> > + @param[in] Tls Pointer to the TLS object to be
> freed.
> > +
> > +**/
> > +VOID
> > +EFIAPI
> > +TlsFree (
> > + IN VOID *Tls
> > + )
> > +{
> > + ASSERT(FALSE);
> > +}
> > +
> > +/**
> > + Create a new TLS object for a connection.
> > +
> > + This function creates a new TLS object for a
> connection. The new
> > + object inherits the setting of the underlying
> context TlsCtx:
> > + connection method, options, verification setting.
> > +
> > + @param[in] TlsCtx Pointer to the SSL_CTX
> object.
> > +
> > + @return Pointer to an allocated SSL object.
> > + If the creation failed, TlsNew() returns
> NULL.
> > +
> > +**/
> > +VOID *
> > +EFIAPI
> > +TlsNew (
> > + IN VOID *TlsCtx
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return NULL;
> > +}
> > +
> > diff --git
> a/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> > b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> > new file mode 100644
> > index 0000000000..33f0e7493f
> > --- /dev/null
> > +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> > @@ -0,0 +1,38 @@
> > +## @file
> > +# SSL/TLS Wrapper Null Library Instance.
> > +#
> > +# Copyright (c) 2016 - 2018, Intel Corporation. All
> rights
> > +reserved.<BR> # (C) Copyright 2016 Hewlett Packard
> Enterprise
> > +Development LP<BR> # SPDX-License-Identifier: BSD-2-
> Clause-Patent #
> > +##
> > +
> > +[Defines]
> > + INF_VERSION = 0x00010005
> > + BASE_NAME = TlsLibNull
> > + MODULE_UNI_FILE = TlsLibNull.uni
> > + FILE_GUID = 705a5b3b-cfa5-
> 42ea-87f0-f2b8d44ec521
> > + MODULE_TYPE = BASE
> > + VERSION_STRING = 1.0
> > + LIBRARY_CLASS = TlsLib
> > +
> > +#
> > +# The following information is for reference only and
> not required by
> > +the build
> > tools.
> > +#
> > +# VALID_ARCHITECTURES = IA32 X64 ARM
> AARCH64
> > +#
> > +
> > +[Sources]
> > + InternalTlsLib.h
> > + TlsInitNull.c
> > + TlsConfigNull.c
> > + TlsProcessNull.c
> > +
> > +[Packages]
> > + MdePkg/MdePkg.dec
> > + CryptoPkg/CryptoPkg.dec
> > +
> > +[LibraryClasses]
> > + BaseCryptLib
> > + DebugLib
> > + BaseLib
> > diff --git
> a/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> > b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> > new file mode 100644
> > index 0000000000..869f3fcf78
> > --- /dev/null
> > +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> > @@ -0,0 +1,13 @@
> > +// /** @file
> > +// SSL/TLS Wrapper Null Library Instance.
> > +//
> > +// Copyright (c) 2016, Intel Corporation. All rights
> reserved.<BR> //
> > +// SPDX-License-Identifier: BSD-2-Clause-Patent // //
> **/
> > +
> > +
> > +#string STR_MODULE_ABSTRACT #language en-
> US "SSL/TLS Wrapper
> > Null Library Instance"
> > +
> > +#string STR_MODULE_DESCRIPTION #language en-
> US "This module
> > provides SSL/TLS Wrapper Null Library Instance."
> > diff --git
> a/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> > b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> > new file mode 100644
> > index 0000000000..2949d4c885
> > --- /dev/null
> > +++ b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> > @@ -0,0 +1,247 @@
> > +/** @file
> > + SSL/TLS Process Null Library Wrapper
> Implementation.
> > + The process includes the TLS handshake and packet
> I/O.
> > +
> > +Copyright (c) 2016 - 2017, Intel Corporation. All
> rights
> > +reserved.<BR>
> > +(C) Copyright 2016 Hewlett Packard Enterprise
> Development LP<BR>
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include "InternalTlsLib.h"
> > +
> > +/**
> > + Checks if the TLS handshake was done.
> > +
> > + This function will check if the specified TLS
> handshake was done.
> > +
> > + @param[in] Tls Pointer to the TLS object for
> handshake state checking.
> > +
> > + @retval TRUE The TLS handshake was done.
> > + @retval FALSE The TLS handshake was not done.
> > +
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +TlsInHandshake (
> > + IN VOID *Tls
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return FALSE;
> > +}
> > +
> > +/**
> > + Perform a TLS/SSL handshake.
> > +
> > + This function will perform a TLS/SSL handshake.
> > +
> > + @param[in] Tls Pointer to the TLS
> object for handshake operation.
> > + @param[in] BufferIn Pointer to the most
> recently received TLS
> > Handshake packet.
> > + @param[in] BufferInSize Packet size in
> bytes for the most recently
> > received TLS
> > + Handshake packet.
> > + @param[out] BufferOut Pointer to the
> buffer to hold the built packet.
> > + @param[in, out] BufferOutSize Pointer to the
> buffer size in
> > + bytes. On input, it
> > is
> > + the buffer size
> provided by the caller. On output, it
> > + is the buffer size
> in fact needed to contain the
> > + packet.
> > +
> > + @retval EFI_SUCCESS The required TLS
> packet is built successfully.
> > + @retval EFI_INVALID_PARAMETER One or more of the
> following conditions
> > is TRUE:
> > + Tls is NULL.
> > + BufferIn is NULL
> but BufferInSize is NOT 0.
> > + BufferInSize is 0
> but BufferIn is NOT NULL.
> > + BufferOutSize is
> NULL.
> > + BufferOut is NULL
> if *BufferOutSize is not zero.
> > + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is
> too small to hold the
> > response packet.
> > + @retval EFI_ABORTED Something wrong
> during handshake.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsDoHandshake (
> > + IN VOID *Tls,
> > + IN UINT8 *BufferIn, OPTIONAL
> > + IN UINTN BufferInSize,
> OPTIONAL
> > + OUT UINT8 *BufferOut,
> OPTIONAL
> > + IN OUT UINTN *BufferOutSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Handle Alert message recorded in BufferIn. If
> BufferIn is NULL and
> > BufferInSize is zero,
> > + TLS session has errors and the response packet
> needs to be Alert
> > + message
> > based on error type.
> > +
> > + @param[in] Tls Pointer to the TLS
> object for state checking.
> > + @param[in] BufferIn Pointer to the most
> recently received TLS Alert
> > packet.
> > + @param[in] BufferInSize Packet size in
> bytes for the most recently
> > received TLS
> > + Alert packet.
> > + @param[out] BufferOut Pointer to the
> buffer to hold the built packet.
> > + @param[in, out] BufferOutSize Pointer to the
> buffer size in
> > + bytes. On input, it
> > is
> > + the buffer size
> provided by the caller. On output, it
> > + is the buffer size
> in fact needed to contain the
> > + packet.
> > +
> > + @retval EFI_SUCCESS The required TLS
> packet is built successfully.
> > + @retval EFI_INVALID_PARAMETER One or more of the
> following conditions
> > is TRUE:
> > + Tls is NULL.
> > + BufferIn is NULL
> but BufferInSize is NOT 0.
> > + BufferInSize is 0
> but BufferIn is NOT NULL.
> > + BufferOutSize is
> NULL.
> > + BufferOut is NULL
> if *BufferOutSize is not zero.
> > + @retval EFI_ABORTED An error occurred.
> > + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is
> too small to hold the
> > response packet.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsHandleAlert (
> > + IN VOID *Tls,
> > + IN UINT8 *BufferIn, OPTIONAL
> > + IN UINTN BufferInSize,
> OPTIONAL
> > + OUT UINT8 *BufferOut,
> OPTIONAL
> > + IN OUT UINTN *BufferOutSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Build the CloseNotify packet.
> > +
> > + @param[in] Tls Pointer to the TLS
> object for state checking.
> > + @param[in, out] Buffer Pointer to the
> buffer to hold the built packet.
> > + @param[in, out] BufferSize Pointer to the
> buffer size in bytes. On input, it is
> > + the buffer size
> provided by the caller. On output, it
> > + is the buffer size
> in fact needed to contain the
> > + packet.
> > +
> > + @retval EFI_SUCCESS The required TLS
> packet is built successfully.
> > + @retval EFI_INVALID_PARAMETER One or more of the
> following conditions
> > is TRUE:
> > + Tls is NULL.
> > + BufferSize is NULL.
> > + Buffer is NULL if
> *BufferSize is not zero.
> > + @retval EFI_BUFFER_TOO_SMALL BufferSize is too
> small to hold the
> > response packet.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsCloseNotify (
> > + IN VOID *Tls,
> > + IN OUT UINT8 *Buffer,
> > + IN OUT UINTN *BufferSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > + Attempts to read bytes from one TLS object and
> places the data in Buffer.
> > +
> > + This function will attempt to read BufferSize bytes
> from the TLS
> > + object and places the data in Buffer.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[in,out] Buffer Pointer to the buffer
> to store the data.
> > + @param[in] BufferSize The size of Buffer in
> bytes.
> > +
> > + @retval >0 The amount of data successfully read
> from the TLS object.
> > + @retval <=0 No data was successfully read.
> > +
> > +**/
> > +INTN
> > +EFIAPI
> > +TlsCtrlTrafficOut (
> > + IN VOID *Tls,
> > + IN OUT VOID *Buffer,
> > + IN UINTN BufferSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return 0;
> > +}
> > +
> > +/**
> > + Attempts to write data from the buffer to TLS
> object.
> > +
> > + This function will attempt to write BufferSize
> bytes data from the
> > + Buffer to the TLS object.
> > +
> > + @param[in] Tls Pointer to the TLS
> object.
> > + @param[in] Buffer Pointer to the data
> buffer.
> > + @param[in] BufferSize The size of Buffer in
> bytes.
> > +
> > + @retval >0 The amount of data successfully
> written to the TLS object.
> > + @retval <=0 No data was successfully written.
> > +
> > +**/
> > +INTN
> > +EFIAPI
> > +TlsCtrlTrafficIn (
> > + IN VOID *Tls,
> > + IN VOID *Buffer,
> > + IN UINTN BufferSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return 0;
> > +}
> > +/**
> > + Attempts to read bytes from the specified TLS
> connection into the buffer.
> > +
> > + This function tries to read BufferSize bytes data
> from the
> > + specified TLS connection into the Buffer.
> > +
> > + @param[in] Tls Pointer to the TLS
> connection for data reading.
> > + @param[in,out] Buffer Pointer to the data
> buffer.
> > + @param[in] BufferSize The size of Buffer in
> bytes.
> > +
> > + @retval >0 The read operation was successful,
> and return value is the
> > + number of bytes actually read from
> the TLS connection.
> > + @retval <=0 The read operation was not
> successful.
> > +
> > +**/
> > +INTN
> > +EFIAPI
> > +TlsRead (
> > + IN VOID *Tls,
> > + IN OUT VOID *Buffer,
> > + IN UINTN BufferSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return 0;
> > +}
> > +
> > +/**
> > + Attempts to write data to a TLS connection.
> > +
> > + This function tries to write BufferSize bytes data
> from the Buffer
> > + into the specified TLS connection.
> > +
> > + @param[in] Tls Pointer to the TLS
> connection for data writing.
> > + @param[in] Buffer Pointer to the data
> buffer.
> > + @param[in] BufferSize The size of Buffer in
> bytes.
> > +
> > + @retval >0 The write operation was successful,
> and return value is the
> > + number of bytes actually written to
> the TLS connection.
> > + @retval <=0 The write operation was not
> successful.
> > +
> > +**/
> > +INTN
> > +EFIAPI
> > +TlsWrite (
> > + IN VOID *Tls,
> > + IN VOID *Buffer,
> > + IN UINTN BufferSize
> > + )
> > +{
> > + ASSERT(FALSE);
> > + return 0;
> > +}
> > +
> > --
> > 2.21.0.windows.1
prev parent reply other threads:[~2019-10-23 21:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-22 21:40 [Patch] CryptoPkg: Add Null instance of the TlsLib class Michael D Kinney
2019-10-23 8:23 ` Wang, Jian J
2019-10-23 21:39 ` Michael D Kinney [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E92EE9817A31E24EB0585FDF735412F5B9DF110E@ORSMSX113.amr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox