public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [Patch] CryptoPkg: Add Null instance of the TlsLib class
@ 2019-10-22 21:40 Michael D Kinney
  2019-10-23  8:23 ` Wang, Jian J
  0 siblings, 1 reply; 3+ messages in thread
From: Michael D Kinney @ 2019-10-22 21:40 UTC (permalink / raw)
  To: devel; +Cc: Sean Brogan, Jian J Wang, Xiaoyu Lu

From: Sean Brogan <sean.brogan@microsoft.com>

https://bugzilla.tianocore.org/show_bug.cgi?id=2258

Add a Null instance of the TlsLib class.  This lib instance
can be used as a template for new implementations of the TlsLib
class and can also be used to reduce CI build times for build
checks that depend on the TlsLib class.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
---
 CryptoPkg/CryptoPkg.dsc                       |   1 +
 CryptoPkg/Library/TlsLibNull/InternalTlsLib.h |  16 +
 CryptoPkg/Library/TlsLibNull/TlsConfigNull.c  | 622 ++++++++++++++++++
 CryptoPkg/Library/TlsLibNull/TlsInitNull.c    | 111 ++++
 CryptoPkg/Library/TlsLibNull/TlsLibNull.inf   |  38 ++
 CryptoPkg/Library/TlsLibNull/TlsLibNull.uni   |  13 +
 CryptoPkg/Library/TlsLibNull/TlsProcessNull.c | 247 +++++++
 7 files changed, 1048 insertions(+)
 create mode 100644 CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
 create mode 100644 CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
 create mode 100644 CryptoPkg/Library/TlsLibNull/TlsInitNull.c
 create mode 100644 CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
 create mode 100644 CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
 create mode 100644 CryptoPkg/Library/TlsLibNull/TlsProcessNull.c

diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index c90e76c721..cea4335afb 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -115,6 +115,7 @@ [Components]
   CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
   CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
   CryptoPkg/Library/TlsLib/TlsLib.inf
+  CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
   CryptoPkg/Library/OpensslLib/OpensslLib.inf
   CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
 
diff --git a/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
new file mode 100644
index 0000000000..888c9066bf
--- /dev/null
+++ b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
@@ -0,0 +1,16 @@
+/** @file
+  Internal include file for TlsLibNull.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __INTERNAL_TLS_LIB_NULL_H__
+#define __INTERNAL_TLS_LIB_NULL_H__
+
+#include <Library/BaseCryptLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseLib.h>
+
+#endif
diff --git a/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
new file mode 100644
index 0000000000..8033a61790
--- /dev/null
+++ b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
@@ -0,0 +1,622 @@
+/** @file
+  SSL/TLS Configuration Null Library Wrapper Implementation.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalTlsLib.h"
+
+/**
+  Set a new TLS/SSL method for a particular TLS object.
+
+  This function sets a new TLS/SSL method for a particular TLS object.
+
+  @param[in]  Tls         Pointer to a TLS object.
+  @param[in]  MajorVer    Major Version of TLS/SSL Protocol.
+  @param[in]  MinorVer    Minor Version of TLS/SSL Protocol.
+
+  @retval  EFI_SUCCESS           The TLS/SSL method was set successfully.
+  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
+  @retval  EFI_UNSUPPORTED       Unsupported TLS/SSL method.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetVersion (
+  IN     VOID                     *Tls,
+  IN     UINT8                    MajorVer,
+  IN     UINT8                    MinorVer
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Set TLS object to work in client or server mode.
+
+  This function prepares a TLS object to work in client or server mode.
+
+  @param[in]  Tls         Pointer to a TLS object.
+  @param[in]  IsServer    Work in server mode.
+
+  @retval  EFI_SUCCESS           The TLS/SSL work mode was set successfully.
+  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
+  @retval  EFI_UNSUPPORTED       Unsupported TLS/SSL work mode.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetConnectionEnd (
+  IN     VOID                     *Tls,
+  IN     BOOLEAN                  IsServer
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Set the ciphers list to be used by the TLS object.
+
+  This function sets the ciphers for use by a specified TLS object.
+
+  @param[in]  Tls          Pointer to a TLS object.
+  @param[in]  CipherId     Array of UINT16 cipher identifiers. Each UINT16
+                           cipher identifier comes from the TLS Cipher Suite
+                           Registry of the IANA, interpreting Byte1 and Byte2
+                           in network (big endian) byte order.
+  @param[in]  CipherNum    The number of cipher in the list.
+
+  @retval  EFI_SUCCESS           The ciphers list was set successfully.
+  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
+  @retval  EFI_UNSUPPORTED       No supported TLS cipher was found in CipherId.
+  @retval  EFI_OUT_OF_RESOURCES  Memory allocation failed.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCipherList (
+  IN     VOID                     *Tls,
+  IN     UINT16                   *CipherId,
+  IN     UINTN                    CipherNum
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Set the compression method for TLS/SSL operations.
+
+  This function handles TLS/SSL integrated compression methods.
+
+  @param[in]  CompMethod    The compression method ID.
+
+  @retval  EFI_SUCCESS        The compression method for the communication was
+                              set successfully.
+  @retval  EFI_UNSUPPORTED    Unsupported compression method.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCompressionMethod (
+  IN     UINT8                    CompMethod
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Set peer certificate verification mode for the TLS connection.
+
+  This function sets the verification mode flags for the TLS connection.
+
+  @param[in]  Tls           Pointer to the TLS object.
+  @param[in]  VerifyMode    A set of logically or'ed verification mode flags.
+
+**/
+VOID
+EFIAPI
+TlsSetVerify (
+  IN     VOID                     *Tls,
+  IN     UINT32                   VerifyMode
+  )
+{
+  ASSERT(FALSE);
+}
+
+// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN) accepted. [BEGIN]
+/**
+  Set the specified host name to be verified.
+
+  @param[in]  Tls           Pointer to the TLS object.
+  @param[in]  Flags         The setting flags during the validation.
+  @param[in]  HostName      The specified host name to be verified.
+
+  @retval  EFI_SUCCESS           The HostName setting was set successfully.
+  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
+  @retval  EFI_ABORTED           Invalid HostName setting.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetVerifyHost (
+  IN     VOID                     *Tls,
+  IN     UINT32                   Flags,
+  IN     CHAR8                    *HostName
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN) accepted. [END]
+
+/**
+  Sets a TLS/SSL session ID to be used during TLS/SSL connect.
+
+  This function sets a session ID to be used when the TLS/SSL connection is
+  to be established.
+
+  @param[in]  Tls             Pointer to the TLS object.
+  @param[in]  SessionId       Session ID data used for session resumption.
+  @param[in]  SessionIdLen    Length of Session ID in bytes.
+
+  @retval  EFI_SUCCESS           Session ID was set successfully.
+  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
+  @retval  EFI_UNSUPPORTED       No available session for ID setting.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetSessionId (
+  IN     VOID                     *Tls,
+  IN     UINT8                    *SessionId,
+  IN     UINT16                   SessionIdLen
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Adds the CA to the cert store when requesting Server or Client authentication.
+
+  This function adds the CA certificate to the list of CAs when requesting
+  Server or Client authentication for the chosen TLS connection.
+
+  @param[in]  Tls         Pointer to the TLS object.
+  @param[in]  Data        Pointer to the data buffer of a DER-encoded binary
+                          X.509 certificate or PEM-encoded X.509 certificate.
+  @param[in]  DataSize    The size of data buffer in bytes.
+
+  @retval  EFI_SUCCESS             The operation succeeded.
+  @retval  EFI_INVALID_PARAMETER   The parameter is invalid.
+  @retval  EFI_OUT_OF_RESOURCES    Required resources could not be allocated.
+  @retval  EFI_ABORTED             Invalid X.509 certificate.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCaCertificate (
+  IN     VOID                     *Tls,
+  IN     VOID                     *Data,
+  IN     UINTN                    DataSize
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Loads the local public certificate into the specified TLS object.
+
+  This function loads the X.509 certificate into the specified TLS object
+  for TLS negotiation.
+
+  @param[in]  Tls         Pointer to the TLS object.
+  @param[in]  Data        Pointer to the data buffer of a DER-encoded binary
+                          X.509 certificate or PEM-encoded X.509 certificate.
+  @param[in]  DataSize    The size of data buffer in bytes.
+
+  @retval  EFI_SUCCESS             The operation succeeded.
+  @retval  EFI_INVALID_PARAMETER   The parameter is invalid.
+  @retval  EFI_OUT_OF_RESOURCES    Required resources could not be allocated.
+  @retval  EFI_ABORTED             Invalid X.509 certificate.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetHostPublicCert (
+  IN     VOID                     *Tls,
+  IN     VOID                     *Data,
+  IN     UINTN                    DataSize
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Adds the local private key to the specified TLS object.
+
+  This function adds the local private key (PEM-encoded RSA or PKCS#8 private
+  key) into the specified TLS object for TLS negotiation.
+
+  @param[in]  Tls         Pointer to the TLS object.
+  @param[in]  Data        Pointer to the data buffer of a PEM-encoded RSA
+                          or PKCS#8 private key.
+  @param[in]  DataSize    The size of data buffer in bytes.
+
+  @retval  EFI_SUCCESS     The operation succeeded.
+  @retval  EFI_UNSUPPORTED This function is not supported.
+  @retval  EFI_ABORTED     Invalid private key data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetHostPrivateKey (
+  IN     VOID                     *Tls,
+  IN     VOID                     *Data,
+  IN     UINTN                    DataSize
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Adds the CA-supplied certificate revocation list for certificate validation.
+
+  This function adds the CA-supplied certificate revocation list data for
+  certificate validity checking.
+
+  @param[in]  Data        Pointer to the data buffer of a DER-encoded CRL data.
+  @param[in]  DataSize    The size of data buffer in bytes.
+
+  @retval  EFI_SUCCESS     The operation succeeded.
+  @retval  EFI_UNSUPPORTED This function is not supported.
+  @retval  EFI_ABORTED     Invalid CRL data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetCertRevocationList (
+  IN     VOID                     *Data,
+  IN     UINTN                    DataSize
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Gets the protocol version used by the specified TLS connection.
+
+  This function returns the protocol version used by the specified TLS
+  connection.
+
+  If Tls is NULL, then ASSERT().
+
+  @param[in]  Tls    Pointer to the TLS object.
+
+  @return  The protocol version of the specified TLS connection.
+
+**/
+UINT16
+EFIAPI
+TlsGetVersion (
+  IN     VOID                     *Tls
+  )
+{
+  ASSERT(FALSE);
+  return 0;
+}
+
+/**
+  Gets the connection end of the specified TLS connection.
+
+  This function returns the connection end (as client or as server) used by
+  the specified TLS connection.
+
+  If Tls is NULL, then ASSERT().
+
+  @param[in]  Tls    Pointer to the TLS object.
+
+  @return  The connection end used by the specified TLS connection.
+
+**/
+UINT8
+EFIAPI
+TlsGetConnectionEnd (
+  IN     VOID                     *Tls
+  )
+{
+  ASSERT(FALSE);
+  return 0;
+}
+
+/**
+  Gets the cipher suite used by the specified TLS connection.
+
+  This function returns current cipher suite used by the specified
+  TLS connection.
+
+  @param[in]      Tls         Pointer to the TLS object.
+  @param[in,out]  CipherId    The cipher suite used by the TLS object.
+
+  @retval  EFI_SUCCESS           The cipher suite was returned successfully.
+  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
+  @retval  EFI_UNSUPPORTED       Unsupported cipher suite.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCurrentCipher (
+  IN     VOID                     *Tls,
+  IN OUT UINT16                   *CipherId
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Gets the compression methods used by the specified TLS connection.
+
+  This function returns current integrated compression methods used by
+  the specified TLS connection.
+
+  @param[in]      Tls              Pointer to the TLS object.
+  @param[in,out]  CompressionId    The current compression method used by
+                                   the TLS object.
+
+  @retval  EFI_SUCCESS           The compression method was returned successfully.
+  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
+  @retval  EFI_ABORTED           Invalid Compression method.
+  @retval  EFI_UNSUPPORTED       This function is not supported.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCurrentCompressionId (
+  IN     VOID                     *Tls,
+  IN OUT UINT8                    *CompressionId
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Gets the verification mode currently set in the TLS connection.
+
+  This function returns the peer verification mode currently set in the
+  specified TLS connection.
+
+  If Tls is NULL, then ASSERT().
+
+  @param[in]  Tls    Pointer to the TLS object.
+
+  @return  The verification mode set in the specified TLS connection.
+
+**/
+UINT32
+EFIAPI
+TlsGetVerify (
+  IN     VOID                     *Tls
+  )
+{
+  ASSERT(FALSE);
+  return 0;
+}
+
+/**
+  Gets the session ID used by the specified TLS connection.
+
+  This function returns the TLS/SSL session ID currently used by the
+  specified TLS connection.
+
+  @param[in]      Tls             Pointer to the TLS object.
+  @param[in,out]  SessionId       Buffer to contain the returned session ID.
+  @param[in,out]  SessionIdLen    The length of Session ID in bytes.
+
+  @retval  EFI_SUCCESS           The Session ID was returned successfully.
+  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
+  @retval  EFI_UNSUPPORTED       Invalid TLS/SSL session.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetSessionId (
+  IN     VOID                     *Tls,
+  IN OUT UINT8                    *SessionId,
+  IN OUT UINT16                   *SessionIdLen
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Gets the client random data used in the specified TLS connection.
+
+  This function returns the TLS/SSL client random data currently used in
+  the specified TLS connection.
+
+  @param[in]      Tls             Pointer to the TLS object.
+  @param[in,out]  ClientRandom    Buffer to contain the returned client
+                                  random data (32 bytes).
+
+**/
+VOID
+EFIAPI
+TlsGetClientRandom (
+  IN     VOID                     *Tls,
+  IN OUT UINT8                    *ClientRandom
+  )
+{
+  ASSERT(FALSE);
+}
+
+/**
+  Gets the server random data used in the specified TLS connection.
+
+  This function returns the TLS/SSL server random data currently used in
+  the specified TLS connection.
+
+  @param[in]      Tls             Pointer to the TLS object.
+  @param[in,out]  ServerRandom    Buffer to contain the returned server
+                                  random data (32 bytes).
+
+**/
+VOID
+EFIAPI
+TlsGetServerRandom (
+  IN     VOID                     *Tls,
+  IN OUT UINT8                    *ServerRandom
+  )
+{
+  ASSERT(FALSE);
+}
+
+/**
+  Gets the master key data used in the specified TLS connection.
+
+  This function returns the TLS/SSL master key material currently used in
+  the specified TLS connection.
+
+  @param[in]      Tls            Pointer to the TLS object.
+  @param[in,out]  KeyMaterial    Buffer to contain the returned key material.
+
+  @retval  EFI_SUCCESS           Key material was returned successfully.
+  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
+  @retval  EFI_UNSUPPORTED       Invalid TLS/SSL session.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetKeyMaterial (
+  IN     VOID                     *Tls,
+  IN OUT UINT8                    *KeyMaterial
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Gets the CA Certificate from the cert store.
+
+  This function returns the CA certificate for the chosen
+  TLS connection.
+
+  @param[in]      Tls         Pointer to the TLS object.
+  @param[out]     Data        Pointer to the data buffer to receive the CA
+                              certificate data sent to the client.
+  @param[in,out]  DataSize    The size of data buffer in bytes.
+
+  @retval  EFI_SUCCESS             The operation succeeded.
+  @retval  EFI_UNSUPPORTED         This function is not supported.
+  @retval  EFI_BUFFER_TOO_SMALL    The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCaCertificate (
+  IN     VOID                     *Tls,
+  OUT    VOID                     *Data,
+  IN OUT UINTN                    *DataSize
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Gets the local public Certificate set in the specified TLS object.
+
+  This function returns the local public certificate which was currently set
+  in the specified TLS object.
+
+  @param[in]      Tls         Pointer to the TLS object.
+  @param[out]     Data        Pointer to the data buffer to receive the local
+                              public certificate.
+  @param[in,out]  DataSize    The size of data buffer in bytes.
+
+  @retval  EFI_SUCCESS             The operation succeeded.
+  @retval  EFI_INVALID_PARAMETER   The parameter is invalid.
+  @retval  EFI_NOT_FOUND           The certificate is not found.
+  @retval  EFI_BUFFER_TOO_SMALL    The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetHostPublicCert (
+  IN     VOID                     *Tls,
+  OUT    VOID                     *Data,
+  IN OUT UINTN                    *DataSize
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Gets the local private key set in the specified TLS object.
+
+  This function returns the local private key data which was currently set
+  in the specified TLS object.
+
+  @param[in]      Tls         Pointer to the TLS object.
+  @param[out]     Data        Pointer to the data buffer to receive the local
+                              private key data.
+  @param[in,out]  DataSize    The size of data buffer in bytes.
+
+  @retval  EFI_SUCCESS             The operation succeeded.
+  @retval  EFI_UNSUPPORTED         This function is not supported.
+  @retval  EFI_BUFFER_TOO_SMALL    The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetHostPrivateKey (
+  IN     VOID                     *Tls,
+  OUT    VOID                     *Data,
+  IN OUT UINTN                    *DataSize
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Gets the CA-supplied certificate revocation list data set in the specified
+  TLS object.
+
+  This function returns the CA-supplied certificate revocation list data which
+  was currently set in the specified TLS object.
+
+  @param[out]     Data        Pointer to the data buffer to receive the CRL data.
+  @param[in,out]  DataSize    The size of data buffer in bytes.
+
+  @retval  EFI_SUCCESS             The operation succeeded.
+  @retval  EFI_UNSUPPORTED         This function is not supported.
+  @retval  EFI_BUFFER_TOO_SMALL    The Data is too small to hold the data.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsGetCertRevocationList (
+  OUT    VOID                     *Data,
+  IN OUT UINTN                    *DataSize
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
diff --git a/CryptoPkg/Library/TlsLibNull/TlsInitNull.c b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
new file mode 100644
index 0000000000..3e44117b82
--- /dev/null
+++ b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
@@ -0,0 +1,111 @@
+/** @file
+  SSL/TLS Initialization Null Library Wrapper Implementation.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalTlsLib.h"
+
+/**
+  Initializes the library.
+
+  This function registers ciphers and digests used directly and indirectly
+  by SSL/TLS, and initializes the readable error messages.
+  This function must be called before any other action takes places.
+
+  @retval TRUE   The library has been initialized.
+  @retval FALSE  Failed to initialize the library.
+
+**/
+BOOLEAN
+EFIAPI
+TlsInitialize (
+  VOID
+  )
+{
+  ASSERT(FALSE);
+  return FALSE;
+}
+
+/**
+  Free an allocated SSL_CTX object.
+
+  @param[in]  TlsCtx    Pointer to the SSL_CTX object to be released.
+
+**/
+VOID
+EFIAPI
+TlsCtxFree (
+  IN   VOID                  *TlsCtx
+  )
+{
+  ASSERT(FALSE);
+  return;
+}
+
+/**
+  Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
+  connections.
+
+  @param[in]  MajorVer    Major Version of TLS/SSL Protocol.
+  @param[in]  MinorVer    Minor Version of TLS/SSL Protocol.
+
+  @return  Pointer to an allocated SSL_CTX object.
+           If the creation failed, TlsCtxNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+TlsCtxNew (
+  IN     UINT8                    MajorVer,
+  IN     UINT8                    MinorVer
+  )
+{
+  ASSERT(FALSE);
+  return NULL;
+}
+
+/**
+  Free an allocated TLS object.
+
+  This function removes the TLS object pointed to by Tls and frees up the
+  allocated memory. If Tls is NULL, nothing is done.
+
+  @param[in]  Tls    Pointer to the TLS object to be freed.
+
+**/
+VOID
+EFIAPI
+TlsFree (
+  IN     VOID                     *Tls
+  )
+{
+  ASSERT(FALSE);
+}
+
+/**
+  Create a new TLS object for a connection.
+
+  This function creates a new TLS object for a connection. The new object
+  inherits the setting of the underlying context TlsCtx: connection method,
+  options, verification setting.
+
+  @param[in]  TlsCtx    Pointer to the SSL_CTX object.
+
+  @return  Pointer to an allocated SSL object.
+           If the creation failed, TlsNew() returns NULL.
+
+**/
+VOID *
+EFIAPI
+TlsNew (
+  IN     VOID                     *TlsCtx
+  )
+{
+  ASSERT(FALSE);
+  return NULL;
+}
+
diff --git a/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
new file mode 100644
index 0000000000..33f0e7493f
--- /dev/null
+++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
@@ -0,0 +1,38 @@
+## @file
+#  SSL/TLS Wrapper Null Library Instance.
+#
+#  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
+#  (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = TlsLibNull
+  MODULE_UNI_FILE                = TlsLibNull.uni
+  FILE_GUID                      = 705a5b3b-cfa5-42ea-87f0-f2b8d44ec521
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = TlsLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
+#
+
+[Sources]
+  InternalTlsLib.h
+  TlsInitNull.c
+  TlsConfigNull.c
+  TlsProcessNull.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseCryptLib
+  DebugLib
+  BaseLib
diff --git a/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
new file mode 100644
index 0000000000..869f3fcf78
--- /dev/null
+++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
@@ -0,0 +1,13 @@
+// /** @file
+// SSL/TLS Wrapper Null Library Instance.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "SSL/TLS Wrapper Null Library Instance"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This module provides SSL/TLS Wrapper Null Library Instance."
diff --git a/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
new file mode 100644
index 0000000000..2949d4c885
--- /dev/null
+++ b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
@@ -0,0 +1,247 @@
+/** @file
+  SSL/TLS Process Null Library Wrapper Implementation.
+  The process includes the TLS handshake and packet I/O.
+
+Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "InternalTlsLib.h"
+
+/**
+  Checks if the TLS handshake was done.
+
+  This function will check if the specified TLS handshake was done.
+
+  @param[in]  Tls    Pointer to the TLS object for handshake state checking.
+
+  @retval  TRUE     The TLS handshake was done.
+  @retval  FALSE    The TLS handshake was not done.
+
+**/
+BOOLEAN
+EFIAPI
+TlsInHandshake (
+  IN     VOID                     *Tls
+  )
+{
+  ASSERT(FALSE);
+  return FALSE;
+}
+
+/**
+  Perform a TLS/SSL handshake.
+
+  This function will perform a TLS/SSL handshake.
+
+  @param[in]       Tls            Pointer to the TLS object for handshake operation.
+  @param[in]       BufferIn       Pointer to the most recently received TLS Handshake packet.
+  @param[in]       BufferInSize   Packet size in bytes for the most recently received TLS
+                                  Handshake packet.
+  @param[out]      BufferOut      Pointer to the buffer to hold the built packet.
+  @param[in, out]  BufferOutSize  Pointer to the buffer size in bytes. On input, it is
+                                  the buffer size provided by the caller. On output, it
+                                  is the buffer size in fact needed to contain the
+                                  packet.
+
+  @retval EFI_SUCCESS             The required TLS packet is built successfully.
+  @retval EFI_INVALID_PARAMETER   One or more of the following conditions is TRUE:
+                                  Tls is NULL.
+                                  BufferIn is NULL but BufferInSize is NOT 0.
+                                  BufferInSize is 0 but BufferIn is NOT NULL.
+                                  BufferOutSize is NULL.
+                                  BufferOut is NULL if *BufferOutSize is not zero.
+  @retval EFI_BUFFER_TOO_SMALL    BufferOutSize is too small to hold the response packet.
+  @retval EFI_ABORTED             Something wrong during handshake.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsDoHandshake (
+  IN     VOID                     *Tls,
+  IN     UINT8                    *BufferIn, OPTIONAL
+  IN     UINTN                    BufferInSize, OPTIONAL
+     OUT UINT8                    *BufferOut, OPTIONAL
+  IN OUT UINTN                    *BufferOutSize
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,
+  TLS session has errors and the response packet needs to be Alert message based on error type.
+
+  @param[in]       Tls            Pointer to the TLS object for state checking.
+  @param[in]       BufferIn       Pointer to the most recently received TLS Alert packet.
+  @param[in]       BufferInSize   Packet size in bytes for the most recently received TLS
+                                  Alert packet.
+  @param[out]      BufferOut      Pointer to the buffer to hold the built packet.
+  @param[in, out]  BufferOutSize  Pointer to the buffer size in bytes. On input, it is
+                                  the buffer size provided by the caller. On output, it
+                                  is the buffer size in fact needed to contain the
+                                  packet.
+
+  @retval EFI_SUCCESS             The required TLS packet is built successfully.
+  @retval EFI_INVALID_PARAMETER   One or more of the following conditions is TRUE:
+                                  Tls is NULL.
+                                  BufferIn is NULL but BufferInSize is NOT 0.
+                                  BufferInSize is 0 but BufferIn is NOT NULL.
+                                  BufferOutSize is NULL.
+                                  BufferOut is NULL if *BufferOutSize is not zero.
+  @retval EFI_ABORTED             An error occurred.
+  @retval EFI_BUFFER_TOO_SMALL    BufferOutSize is too small to hold the response packet.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsHandleAlert (
+  IN     VOID                     *Tls,
+  IN     UINT8                    *BufferIn, OPTIONAL
+  IN     UINTN                    BufferInSize, OPTIONAL
+     OUT UINT8                    *BufferOut, OPTIONAL
+  IN OUT UINTN                    *BufferOutSize
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Build the CloseNotify packet.
+
+  @param[in]       Tls            Pointer to the TLS object for state checking.
+  @param[in, out]  Buffer         Pointer to the buffer to hold the built packet.
+  @param[in, out]  BufferSize     Pointer to the buffer size in bytes. On input, it is
+                                  the buffer size provided by the caller. On output, it
+                                  is the buffer size in fact needed to contain the
+                                  packet.
+
+  @retval EFI_SUCCESS             The required TLS packet is built successfully.
+  @retval EFI_INVALID_PARAMETER   One or more of the following conditions is TRUE:
+                                  Tls is NULL.
+                                  BufferSize is NULL.
+                                  Buffer is NULL if *BufferSize is not zero.
+  @retval EFI_BUFFER_TOO_SMALL    BufferSize is too small to hold the response packet.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsCloseNotify (
+  IN     VOID                     *Tls,
+  IN OUT UINT8                    *Buffer,
+  IN OUT UINTN                    *BufferSize
+  )
+{
+  ASSERT(FALSE);
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Attempts to read bytes from one TLS object and places the data in Buffer.
+
+  This function will attempt to read BufferSize bytes from the TLS object
+  and places the data in Buffer.
+
+  @param[in]      Tls           Pointer to the TLS object.
+  @param[in,out]  Buffer        Pointer to the buffer to store the data.
+  @param[in]      BufferSize    The size of Buffer in bytes.
+
+  @retval  >0    The amount of data successfully read from the TLS object.
+  @retval  <=0   No data was successfully read.
+
+**/
+INTN
+EFIAPI
+TlsCtrlTrafficOut (
+  IN     VOID                     *Tls,
+  IN OUT VOID                     *Buffer,
+  IN     UINTN                    BufferSize
+  )
+{
+  ASSERT(FALSE);
+  return 0;
+}
+
+/**
+  Attempts to write data from the buffer to TLS object.
+
+  This function will attempt to write BufferSize bytes data from the Buffer
+  to the TLS object.
+
+  @param[in]  Tls           Pointer to the TLS object.
+  @param[in]  Buffer        Pointer to the data buffer.
+  @param[in]  BufferSize    The size of Buffer in bytes.
+
+  @retval  >0    The amount of data successfully written to the TLS object.
+  @retval <=0    No data was successfully written.
+
+**/
+INTN
+EFIAPI
+TlsCtrlTrafficIn (
+  IN     VOID                     *Tls,
+  IN     VOID                     *Buffer,
+  IN     UINTN                    BufferSize
+  )
+{
+  ASSERT(FALSE);
+  return 0;
+}
+/**
+  Attempts to read bytes from the specified TLS connection into the buffer.
+
+  This function tries to read BufferSize bytes data from the specified TLS
+  connection into the Buffer.
+
+  @param[in]      Tls           Pointer to the TLS connection for data reading.
+  @param[in,out]  Buffer        Pointer to the data buffer.
+  @param[in]      BufferSize    The size of Buffer in bytes.
+
+  @retval  >0    The read operation was successful, and return value is the
+                 number of bytes actually read from the TLS connection.
+  @retval  <=0   The read operation was not successful.
+
+**/
+INTN
+EFIAPI
+TlsRead (
+  IN     VOID                     *Tls,
+  IN OUT VOID                     *Buffer,
+  IN     UINTN                    BufferSize
+  )
+{
+  ASSERT(FALSE);
+  return 0;
+}
+
+/**
+  Attempts to write data to a TLS connection.
+
+  This function tries to write BufferSize bytes data from the Buffer into the
+  specified TLS connection.
+
+  @param[in]  Tls           Pointer to the TLS connection for data writing.
+  @param[in]  Buffer        Pointer to the data buffer.
+  @param[in]  BufferSize    The size of Buffer in bytes.
+
+  @retval  >0    The write operation was successful, and return value is the
+                 number of bytes actually written to the TLS connection.
+  @retval <=0    The write operation was not successful.
+
+**/
+INTN
+EFIAPI
+TlsWrite (
+  IN     VOID                     *Tls,
+  IN     VOID                     *Buffer,
+  IN     UINTN                    BufferSize
+  )
+{
+  ASSERT(FALSE);
+  return 0;
+}
+
-- 
2.21.0.windows.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [Patch] CryptoPkg: Add Null instance of the TlsLib class
  2019-10-22 21:40 [Patch] CryptoPkg: Add Null instance of the TlsLib class Michael D Kinney
@ 2019-10-23  8:23 ` Wang, Jian J
  2019-10-23 21:39   ` Michael D Kinney
  0 siblings, 1 reply; 3+ messages in thread
From: Wang, Jian J @ 2019-10-23  8:23 UTC (permalink / raw)
  To: Kinney, Michael D, devel@edk2.groups.io; +Cc: Sean Brogan, Lu, XiaoyuX

Hi Mike,

The copyright and the year might need update (Not sure about it. I guess they're
copied from non-null version of file.) With it addressed (if necessary),

Reviewed-by: Jian J Wang <jian.j.wang@intel.com>

Regards,
Jian

> -----Original Message-----
> From: Kinney, Michael D <michael.d.kinney@intel.com>
> Sent: Wednesday, October 23, 2019 5:41 AM
> To: devel@edk2.groups.io
> Cc: Sean Brogan <sean.brogan@microsoft.com>; Wang, Jian J
> <jian.j.wang@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Subject: [Patch] CryptoPkg: Add Null instance of the TlsLib class
> 
> From: Sean Brogan <sean.brogan@microsoft.com>
> 
> https://bugzilla.tianocore.org/show_bug.cgi?id=2258
> 
> Add a Null instance of the TlsLib class.  This lib instance
> can be used as a template for new implementations of the TlsLib
> class and can also be used to reduce CI build times for build
> checks that depend on the TlsLib class.
> 
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
> ---
>  CryptoPkg/CryptoPkg.dsc                       |   1 +
>  CryptoPkg/Library/TlsLibNull/InternalTlsLib.h |  16 +
>  CryptoPkg/Library/TlsLibNull/TlsConfigNull.c  | 622 ++++++++++++++++++
>  CryptoPkg/Library/TlsLibNull/TlsInitNull.c    | 111 ++++
>  CryptoPkg/Library/TlsLibNull/TlsLibNull.inf   |  38 ++
>  CryptoPkg/Library/TlsLibNull/TlsLibNull.uni   |  13 +
>  CryptoPkg/Library/TlsLibNull/TlsProcessNull.c | 247 +++++++
>  7 files changed, 1048 insertions(+)
>  create mode 100644 CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
>  create mode 100644 CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
>  create mode 100644 CryptoPkg/Library/TlsLibNull/TlsInitNull.c
>  create mode 100644 CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
>  create mode 100644 CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
>  create mode 100644 CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> 
> diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
> index c90e76c721..cea4335afb 100644
> --- a/CryptoPkg/CryptoPkg.dsc
> +++ b/CryptoPkg/CryptoPkg.dsc
> @@ -115,6 +115,7 @@ [Components]
>    CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
>    CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
>    CryptoPkg/Library/TlsLib/TlsLib.inf
> +  CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
>    CryptoPkg/Library/OpensslLib/OpensslLib.inf
>    CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> 
> diff --git a/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> new file mode 100644
> index 0000000000..888c9066bf
> --- /dev/null
> +++ b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> @@ -0,0 +1,16 @@
> +/** @file
> +  Internal include file for TlsLibNull.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef __INTERNAL_TLS_LIB_NULL_H__
> +#define __INTERNAL_TLS_LIB_NULL_H__
> +
> +#include <Library/BaseCryptLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/BaseLib.h>
> +
> +#endif
> diff --git a/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> new file mode 100644
> index 0000000000..8033a61790
> --- /dev/null
> +++ b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> @@ -0,0 +1,622 @@
> +/** @file
> +  SSL/TLS Configuration Null Library Wrapper Implementation.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "InternalTlsLib.h"
> +
> +/**
> +  Set a new TLS/SSL method for a particular TLS object.
> +
> +  This function sets a new TLS/SSL method for a particular TLS object.
> +
> +  @param[in]  Tls         Pointer to a TLS object.
> +  @param[in]  MajorVer    Major Version of TLS/SSL Protocol.
> +  @param[in]  MinorVer    Minor Version of TLS/SSL Protocol.
> +
> +  @retval  EFI_SUCCESS           The TLS/SSL method was set successfully.
> +  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
> +  @retval  EFI_UNSUPPORTED       Unsupported TLS/SSL method.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetVersion (
> +  IN     VOID                     *Tls,
> +  IN     UINT8                    MajorVer,
> +  IN     UINT8                    MinorVer
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Set TLS object to work in client or server mode.
> +
> +  This function prepares a TLS object to work in client or server mode.
> +
> +  @param[in]  Tls         Pointer to a TLS object.
> +  @param[in]  IsServer    Work in server mode.
> +
> +  @retval  EFI_SUCCESS           The TLS/SSL work mode was set successfully.
> +  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
> +  @retval  EFI_UNSUPPORTED       Unsupported TLS/SSL work mode.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetConnectionEnd (
> +  IN     VOID                     *Tls,
> +  IN     BOOLEAN                  IsServer
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Set the ciphers list to be used by the TLS object.
> +
> +  This function sets the ciphers for use by a specified TLS object.
> +
> +  @param[in]  Tls          Pointer to a TLS object.
> +  @param[in]  CipherId     Array of UINT16 cipher identifiers. Each UINT16
> +                           cipher identifier comes from the TLS Cipher Suite
> +                           Registry of the IANA, interpreting Byte1 and Byte2
> +                           in network (big endian) byte order.
> +  @param[in]  CipherNum    The number of cipher in the list.
> +
> +  @retval  EFI_SUCCESS           The ciphers list was set successfully.
> +  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
> +  @retval  EFI_UNSUPPORTED       No supported TLS cipher was found in
> CipherId.
> +  @retval  EFI_OUT_OF_RESOURCES  Memory allocation failed.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCipherList (
> +  IN     VOID                     *Tls,
> +  IN     UINT16                   *CipherId,
> +  IN     UINTN                    CipherNum
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Set the compression method for TLS/SSL operations.
> +
> +  This function handles TLS/SSL integrated compression methods.
> +
> +  @param[in]  CompMethod    The compression method ID.
> +
> +  @retval  EFI_SUCCESS        The compression method for the communication
> was
> +                              set successfully.
> +  @retval  EFI_UNSUPPORTED    Unsupported compression method.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCompressionMethod (
> +  IN     UINT8                    CompMethod
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Set peer certificate verification mode for the TLS connection.
> +
> +  This function sets the verification mode flags for the TLS connection.
> +
> +  @param[in]  Tls           Pointer to the TLS object.
> +  @param[in]  VerifyMode    A set of logically or'ed verification mode flags.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsSetVerify (
> +  IN     VOID                     *Tls,
> +  IN     UINT32                   VerifyMode
> +  )
> +{
> +  ASSERT(FALSE);
> +}
> +
> +// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN)
> accepted. [BEGIN]
> +/**
> +  Set the specified host name to be verified.
> +
> +  @param[in]  Tls           Pointer to the TLS object.
> +  @param[in]  Flags         The setting flags during the validation.
> +  @param[in]  HostName      The specified host name to be verified.
> +
> +  @retval  EFI_SUCCESS           The HostName setting was set successfully.
> +  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
> +  @retval  EFI_ABORTED           Invalid HostName setting.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetVerifyHost (
> +  IN     VOID                     *Tls,
> +  IN     UINT32                   Flags,
> +  IN     CHAR8                    *HostName
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +// MU_CHANGE - Proposed fixes for TCBZ960, invalid domain name (CN)
> accepted. [END]
> +
> +/**
> +  Sets a TLS/SSL session ID to be used during TLS/SSL connect.
> +
> +  This function sets a session ID to be used when the TLS/SSL connection is
> +  to be established.
> +
> +  @param[in]  Tls             Pointer to the TLS object.
> +  @param[in]  SessionId       Session ID data used for session resumption.
> +  @param[in]  SessionIdLen    Length of Session ID in bytes.
> +
> +  @retval  EFI_SUCCESS           Session ID was set successfully.
> +  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
> +  @retval  EFI_UNSUPPORTED       No available session for ID setting.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetSessionId (
> +  IN     VOID                     *Tls,
> +  IN     UINT8                    *SessionId,
> +  IN     UINT16                   SessionIdLen
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Adds the CA to the cert store when requesting Server or Client authentication.
> +
> +  This function adds the CA certificate to the list of CAs when requesting
> +  Server or Client authentication for the chosen TLS connection.
> +
> +  @param[in]  Tls         Pointer to the TLS object.
> +  @param[in]  Data        Pointer to the data buffer of a DER-encoded binary
> +                          X.509 certificate or PEM-encoded X.509 certificate.
> +  @param[in]  DataSize    The size of data buffer in bytes.
> +
> +  @retval  EFI_SUCCESS             The operation succeeded.
> +  @retval  EFI_INVALID_PARAMETER   The parameter is invalid.
> +  @retval  EFI_OUT_OF_RESOURCES    Required resources could not be
> allocated.
> +  @retval  EFI_ABORTED             Invalid X.509 certificate.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCaCertificate (
> +  IN     VOID                     *Tls,
> +  IN     VOID                     *Data,
> +  IN     UINTN                    DataSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Loads the local public certificate into the specified TLS object.
> +
> +  This function loads the X.509 certificate into the specified TLS object
> +  for TLS negotiation.
> +
> +  @param[in]  Tls         Pointer to the TLS object.
> +  @param[in]  Data        Pointer to the data buffer of a DER-encoded binary
> +                          X.509 certificate or PEM-encoded X.509 certificate.
> +  @param[in]  DataSize    The size of data buffer in bytes.
> +
> +  @retval  EFI_SUCCESS             The operation succeeded.
> +  @retval  EFI_INVALID_PARAMETER   The parameter is invalid.
> +  @retval  EFI_OUT_OF_RESOURCES    Required resources could not be
> allocated.
> +  @retval  EFI_ABORTED             Invalid X.509 certificate.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetHostPublicCert (
> +  IN     VOID                     *Tls,
> +  IN     VOID                     *Data,
> +  IN     UINTN                    DataSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Adds the local private key to the specified TLS object.
> +
> +  This function adds the local private key (PEM-encoded RSA or PKCS#8 private
> +  key) into the specified TLS object for TLS negotiation.
> +
> +  @param[in]  Tls         Pointer to the TLS object.
> +  @param[in]  Data        Pointer to the data buffer of a PEM-encoded RSA
> +                          or PKCS#8 private key.
> +  @param[in]  DataSize    The size of data buffer in bytes.
> +
> +  @retval  EFI_SUCCESS     The operation succeeded.
> +  @retval  EFI_UNSUPPORTED This function is not supported.
> +  @retval  EFI_ABORTED     Invalid private key data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetHostPrivateKey (
> +  IN     VOID                     *Tls,
> +  IN     VOID                     *Data,
> +  IN     UINTN                    DataSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Adds the CA-supplied certificate revocation list for certificate validation.
> +
> +  This function adds the CA-supplied certificate revocation list data for
> +  certificate validity checking.
> +
> +  @param[in]  Data        Pointer to the data buffer of a DER-encoded CRL data.
> +  @param[in]  DataSize    The size of data buffer in bytes.
> +
> +  @retval  EFI_SUCCESS     The operation succeeded.
> +  @retval  EFI_UNSUPPORTED This function is not supported.
> +  @retval  EFI_ABORTED     Invalid CRL data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsSetCertRevocationList (
> +  IN     VOID                     *Data,
> +  IN     UINTN                    DataSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Gets the protocol version used by the specified TLS connection.
> +
> +  This function returns the protocol version used by the specified TLS
> +  connection.
> +
> +  If Tls is NULL, then ASSERT().
> +
> +  @param[in]  Tls    Pointer to the TLS object.
> +
> +  @return  The protocol version of the specified TLS connection.
> +
> +**/
> +UINT16
> +EFIAPI
> +TlsGetVersion (
> +  IN     VOID                     *Tls
> +  )
> +{
> +  ASSERT(FALSE);
> +  return 0;
> +}
> +
> +/**
> +  Gets the connection end of the specified TLS connection.
> +
> +  This function returns the connection end (as client or as server) used by
> +  the specified TLS connection.
> +
> +  If Tls is NULL, then ASSERT().
> +
> +  @param[in]  Tls    Pointer to the TLS object.
> +
> +  @return  The connection end used by the specified TLS connection.
> +
> +**/
> +UINT8
> +EFIAPI
> +TlsGetConnectionEnd (
> +  IN     VOID                     *Tls
> +  )
> +{
> +  ASSERT(FALSE);
> +  return 0;
> +}
> +
> +/**
> +  Gets the cipher suite used by the specified TLS connection.
> +
> +  This function returns current cipher suite used by the specified
> +  TLS connection.
> +
> +  @param[in]      Tls         Pointer to the TLS object.
> +  @param[in,out]  CipherId    The cipher suite used by the TLS object.
> +
> +  @retval  EFI_SUCCESS           The cipher suite was returned successfully.
> +  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
> +  @retval  EFI_UNSUPPORTED       Unsupported cipher suite.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCurrentCipher (
> +  IN     VOID                     *Tls,
> +  IN OUT UINT16                   *CipherId
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Gets the compression methods used by the specified TLS connection.
> +
> +  This function returns current integrated compression methods used by
> +  the specified TLS connection.
> +
> +  @param[in]      Tls              Pointer to the TLS object.
> +  @param[in,out]  CompressionId    The current compression method used by
> +                                   the TLS object.
> +
> +  @retval  EFI_SUCCESS           The compression method was returned
> successfully.
> +  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
> +  @retval  EFI_ABORTED           Invalid Compression method.
> +  @retval  EFI_UNSUPPORTED       This function is not supported.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCurrentCompressionId (
> +  IN     VOID                     *Tls,
> +  IN OUT UINT8                    *CompressionId
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Gets the verification mode currently set in the TLS connection.
> +
> +  This function returns the peer verification mode currently set in the
> +  specified TLS connection.
> +
> +  If Tls is NULL, then ASSERT().
> +
> +  @param[in]  Tls    Pointer to the TLS object.
> +
> +  @return  The verification mode set in the specified TLS connection.
> +
> +**/
> +UINT32
> +EFIAPI
> +TlsGetVerify (
> +  IN     VOID                     *Tls
> +  )
> +{
> +  ASSERT(FALSE);
> +  return 0;
> +}
> +
> +/**
> +  Gets the session ID used by the specified TLS connection.
> +
> +  This function returns the TLS/SSL session ID currently used by the
> +  specified TLS connection.
> +
> +  @param[in]      Tls             Pointer to the TLS object.
> +  @param[in,out]  SessionId       Buffer to contain the returned session ID.
> +  @param[in,out]  SessionIdLen    The length of Session ID in bytes.
> +
> +  @retval  EFI_SUCCESS           The Session ID was returned successfully.
> +  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
> +  @retval  EFI_UNSUPPORTED       Invalid TLS/SSL session.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetSessionId (
> +  IN     VOID                     *Tls,
> +  IN OUT UINT8                    *SessionId,
> +  IN OUT UINT16                   *SessionIdLen
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Gets the client random data used in the specified TLS connection.
> +
> +  This function returns the TLS/SSL client random data currently used in
> +  the specified TLS connection.
> +
> +  @param[in]      Tls             Pointer to the TLS object.
> +  @param[in,out]  ClientRandom    Buffer to contain the returned client
> +                                  random data (32 bytes).
> +
> +**/
> +VOID
> +EFIAPI
> +TlsGetClientRandom (
> +  IN     VOID                     *Tls,
> +  IN OUT UINT8                    *ClientRandom
> +  )
> +{
> +  ASSERT(FALSE);
> +}
> +
> +/**
> +  Gets the server random data used in the specified TLS connection.
> +
> +  This function returns the TLS/SSL server random data currently used in
> +  the specified TLS connection.
> +
> +  @param[in]      Tls             Pointer to the TLS object.
> +  @param[in,out]  ServerRandom    Buffer to contain the returned server
> +                                  random data (32 bytes).
> +
> +**/
> +VOID
> +EFIAPI
> +TlsGetServerRandom (
> +  IN     VOID                     *Tls,
> +  IN OUT UINT8                    *ServerRandom
> +  )
> +{
> +  ASSERT(FALSE);
> +}
> +
> +/**
> +  Gets the master key data used in the specified TLS connection.
> +
> +  This function returns the TLS/SSL master key material currently used in
> +  the specified TLS connection.
> +
> +  @param[in]      Tls            Pointer to the TLS object.
> +  @param[in,out]  KeyMaterial    Buffer to contain the returned key material.
> +
> +  @retval  EFI_SUCCESS           Key material was returned successfully.
> +  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
> +  @retval  EFI_UNSUPPORTED       Invalid TLS/SSL session.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetKeyMaterial (
> +  IN     VOID                     *Tls,
> +  IN OUT UINT8                    *KeyMaterial
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Gets the CA Certificate from the cert store.
> +
> +  This function returns the CA certificate for the chosen
> +  TLS connection.
> +
> +  @param[in]      Tls         Pointer to the TLS object.
> +  @param[out]     Data        Pointer to the data buffer to receive the CA
> +                              certificate data sent to the client.
> +  @param[in,out]  DataSize    The size of data buffer in bytes.
> +
> +  @retval  EFI_SUCCESS             The operation succeeded.
> +  @retval  EFI_UNSUPPORTED         This function is not supported.
> +  @retval  EFI_BUFFER_TOO_SMALL    The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCaCertificate (
> +  IN     VOID                     *Tls,
> +  OUT    VOID                     *Data,
> +  IN OUT UINTN                    *DataSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Gets the local public Certificate set in the specified TLS object.
> +
> +  This function returns the local public certificate which was currently set
> +  in the specified TLS object.
> +
> +  @param[in]      Tls         Pointer to the TLS object.
> +  @param[out]     Data        Pointer to the data buffer to receive the local
> +                              public certificate.
> +  @param[in,out]  DataSize    The size of data buffer in bytes.
> +
> +  @retval  EFI_SUCCESS             The operation succeeded.
> +  @retval  EFI_INVALID_PARAMETER   The parameter is invalid.
> +  @retval  EFI_NOT_FOUND           The certificate is not found.
> +  @retval  EFI_BUFFER_TOO_SMALL    The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetHostPublicCert (
> +  IN     VOID                     *Tls,
> +  OUT    VOID                     *Data,
> +  IN OUT UINTN                    *DataSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Gets the local private key set in the specified TLS object.
> +
> +  This function returns the local private key data which was currently set
> +  in the specified TLS object.
> +
> +  @param[in]      Tls         Pointer to the TLS object.
> +  @param[out]     Data        Pointer to the data buffer to receive the local
> +                              private key data.
> +  @param[in,out]  DataSize    The size of data buffer in bytes.
> +
> +  @retval  EFI_SUCCESS             The operation succeeded.
> +  @retval  EFI_UNSUPPORTED         This function is not supported.
> +  @retval  EFI_BUFFER_TOO_SMALL    The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetHostPrivateKey (
> +  IN     VOID                     *Tls,
> +  OUT    VOID                     *Data,
> +  IN OUT UINTN                    *DataSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Gets the CA-supplied certificate revocation list data set in the specified
> +  TLS object.
> +
> +  This function returns the CA-supplied certificate revocation list data which
> +  was currently set in the specified TLS object.
> +
> +  @param[out]     Data        Pointer to the data buffer to receive the CRL data.
> +  @param[in,out]  DataSize    The size of data buffer in bytes.
> +
> +  @retval  EFI_SUCCESS             The operation succeeded.
> +  @retval  EFI_UNSUPPORTED         This function is not supported.
> +  @retval  EFI_BUFFER_TOO_SMALL    The Data is too small to hold the data.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsGetCertRevocationList (
> +  OUT    VOID                     *Data,
> +  IN OUT UINTN                    *DataSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> diff --git a/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> new file mode 100644
> index 0000000000..3e44117b82
> --- /dev/null
> +++ b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> @@ -0,0 +1,111 @@
> +/** @file
> +  SSL/TLS Initialization Null Library Wrapper Implementation.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "InternalTlsLib.h"
> +
> +/**
> +  Initializes the library.
> +
> +  This function registers ciphers and digests used directly and indirectly
> +  by SSL/TLS, and initializes the readable error messages.
> +  This function must be called before any other action takes places.
> +
> +  @retval TRUE   The library has been initialized.
> +  @retval FALSE  Failed to initialize the library.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +TlsInitialize (
> +  VOID
> +  )
> +{
> +  ASSERT(FALSE);
> +  return FALSE;
> +}
> +
> +/**
> +  Free an allocated SSL_CTX object.
> +
> +  @param[in]  TlsCtx    Pointer to the SSL_CTX object to be released.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsCtxFree (
> +  IN   VOID                  *TlsCtx
> +  )
> +{
> +  ASSERT(FALSE);
> +  return;
> +}
> +
> +/**
> +  Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
> +  connections.
> +
> +  @param[in]  MajorVer    Major Version of TLS/SSL Protocol.
> +  @param[in]  MinorVer    Minor Version of TLS/SSL Protocol.
> +
> +  @return  Pointer to an allocated SSL_CTX object.
> +           If the creation failed, TlsCtxNew() returns NULL.
> +
> +**/
> +VOID *
> +EFIAPI
> +TlsCtxNew (
> +  IN     UINT8                    MajorVer,
> +  IN     UINT8                    MinorVer
> +  )
> +{
> +  ASSERT(FALSE);
> +  return NULL;
> +}
> +
> +/**
> +  Free an allocated TLS object.
> +
> +  This function removes the TLS object pointed to by Tls and frees up the
> +  allocated memory. If Tls is NULL, nothing is done.
> +
> +  @param[in]  Tls    Pointer to the TLS object to be freed.
> +
> +**/
> +VOID
> +EFIAPI
> +TlsFree (
> +  IN     VOID                     *Tls
> +  )
> +{
> +  ASSERT(FALSE);
> +}
> +
> +/**
> +  Create a new TLS object for a connection.
> +
> +  This function creates a new TLS object for a connection. The new object
> +  inherits the setting of the underlying context TlsCtx: connection method,
> +  options, verification setting.
> +
> +  @param[in]  TlsCtx    Pointer to the SSL_CTX object.
> +
> +  @return  Pointer to an allocated SSL object.
> +           If the creation failed, TlsNew() returns NULL.
> +
> +**/
> +VOID *
> +EFIAPI
> +TlsNew (
> +  IN     VOID                     *TlsCtx
> +  )
> +{
> +  ASSERT(FALSE);
> +  return NULL;
> +}
> +
> diff --git a/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> new file mode 100644
> index 0000000000..33f0e7493f
> --- /dev/null
> +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> @@ -0,0 +1,38 @@
> +## @file
> +#  SSL/TLS Wrapper Null Library Instance.
> +#
> +#  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
> +#  (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +#  SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION                    = 0x00010005
> +  BASE_NAME                      = TlsLibNull
> +  MODULE_UNI_FILE                = TlsLibNull.uni
> +  FILE_GUID                      = 705a5b3b-cfa5-42ea-87f0-f2b8d44ec521
> +  MODULE_TYPE                    = BASE
> +  VERSION_STRING                 = 1.0
> +  LIBRARY_CLASS                  = TlsLib
> +
> +#
> +# The following information is for reference only and not required by the build
> tools.
> +#
> +#  VALID_ARCHITECTURES           = IA32 X64 ARM AARCH64
> +#
> +
> +[Sources]
> +  InternalTlsLib.h
> +  TlsInitNull.c
> +  TlsConfigNull.c
> +  TlsProcessNull.c
> +
> +[Packages]
> +  MdePkg/MdePkg.dec
> +  CryptoPkg/CryptoPkg.dec
> +
> +[LibraryClasses]
> +  BaseCryptLib
> +  DebugLib
> +  BaseLib
> diff --git a/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> new file mode 100644
> index 0000000000..869f3fcf78
> --- /dev/null
> +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> @@ -0,0 +1,13 @@
> +// /** @file
> +// SSL/TLS Wrapper Null Library Instance.
> +//
> +// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
> +//
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> +//
> +// **/
> +
> +
> +#string STR_MODULE_ABSTRACT             #language en-US "SSL/TLS Wrapper
> Null Library Instance"
> +
> +#string STR_MODULE_DESCRIPTION          #language en-US "This module
> provides SSL/TLS Wrapper Null Library Instance."
> diff --git a/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> new file mode 100644
> index 0000000000..2949d4c885
> --- /dev/null
> +++ b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> @@ -0,0 +1,247 @@
> +/** @file
> +  SSL/TLS Process Null Library Wrapper Implementation.
> +  The process includes the TLS handshake and packet I/O.
> +
> +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "InternalTlsLib.h"
> +
> +/**
> +  Checks if the TLS handshake was done.
> +
> +  This function will check if the specified TLS handshake was done.
> +
> +  @param[in]  Tls    Pointer to the TLS object for handshake state checking.
> +
> +  @retval  TRUE     The TLS handshake was done.
> +  @retval  FALSE    The TLS handshake was not done.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +TlsInHandshake (
> +  IN     VOID                     *Tls
> +  )
> +{
> +  ASSERT(FALSE);
> +  return FALSE;
> +}
> +
> +/**
> +  Perform a TLS/SSL handshake.
> +
> +  This function will perform a TLS/SSL handshake.
> +
> +  @param[in]       Tls            Pointer to the TLS object for handshake operation.
> +  @param[in]       BufferIn       Pointer to the most recently received TLS
> Handshake packet.
> +  @param[in]       BufferInSize   Packet size in bytes for the most recently
> received TLS
> +                                  Handshake packet.
> +  @param[out]      BufferOut      Pointer to the buffer to hold the built packet.
> +  @param[in, out]  BufferOutSize  Pointer to the buffer size in bytes. On input, it
> is
> +                                  the buffer size provided by the caller. On output, it
> +                                  is the buffer size in fact needed to contain the
> +                                  packet.
> +
> +  @retval EFI_SUCCESS             The required TLS packet is built successfully.
> +  @retval EFI_INVALID_PARAMETER   One or more of the following conditions
> is TRUE:
> +                                  Tls is NULL.
> +                                  BufferIn is NULL but BufferInSize is NOT 0.
> +                                  BufferInSize is 0 but BufferIn is NOT NULL.
> +                                  BufferOutSize is NULL.
> +                                  BufferOut is NULL if *BufferOutSize is not zero.
> +  @retval EFI_BUFFER_TOO_SMALL    BufferOutSize is too small to hold the
> response packet.
> +  @retval EFI_ABORTED             Something wrong during handshake.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsDoHandshake (
> +  IN     VOID                     *Tls,
> +  IN     UINT8                    *BufferIn, OPTIONAL
> +  IN     UINTN                    BufferInSize, OPTIONAL
> +     OUT UINT8                    *BufferOut, OPTIONAL
> +  IN OUT UINTN                    *BufferOutSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Handle Alert message recorded in BufferIn. If BufferIn is NULL and
> BufferInSize is zero,
> +  TLS session has errors and the response packet needs to be Alert message
> based on error type.
> +
> +  @param[in]       Tls            Pointer to the TLS object for state checking.
> +  @param[in]       BufferIn       Pointer to the most recently received TLS Alert
> packet.
> +  @param[in]       BufferInSize   Packet size in bytes for the most recently
> received TLS
> +                                  Alert packet.
> +  @param[out]      BufferOut      Pointer to the buffer to hold the built packet.
> +  @param[in, out]  BufferOutSize  Pointer to the buffer size in bytes. On input, it
> is
> +                                  the buffer size provided by the caller. On output, it
> +                                  is the buffer size in fact needed to contain the
> +                                  packet.
> +
> +  @retval EFI_SUCCESS             The required TLS packet is built successfully.
> +  @retval EFI_INVALID_PARAMETER   One or more of the following conditions
> is TRUE:
> +                                  Tls is NULL.
> +                                  BufferIn is NULL but BufferInSize is NOT 0.
> +                                  BufferInSize is 0 but BufferIn is NOT NULL.
> +                                  BufferOutSize is NULL.
> +                                  BufferOut is NULL if *BufferOutSize is not zero.
> +  @retval EFI_ABORTED             An error occurred.
> +  @retval EFI_BUFFER_TOO_SMALL    BufferOutSize is too small to hold the
> response packet.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsHandleAlert (
> +  IN     VOID                     *Tls,
> +  IN     UINT8                    *BufferIn, OPTIONAL
> +  IN     UINTN                    BufferInSize, OPTIONAL
> +     OUT UINT8                    *BufferOut, OPTIONAL
> +  IN OUT UINTN                    *BufferOutSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Build the CloseNotify packet.
> +
> +  @param[in]       Tls            Pointer to the TLS object for state checking.
> +  @param[in, out]  Buffer         Pointer to the buffer to hold the built packet.
> +  @param[in, out]  BufferSize     Pointer to the buffer size in bytes. On input, it is
> +                                  the buffer size provided by the caller. On output, it
> +                                  is the buffer size in fact needed to contain the
> +                                  packet.
> +
> +  @retval EFI_SUCCESS             The required TLS packet is built successfully.
> +  @retval EFI_INVALID_PARAMETER   One or more of the following conditions
> is TRUE:
> +                                  Tls is NULL.
> +                                  BufferSize is NULL.
> +                                  Buffer is NULL if *BufferSize is not zero.
> +  @retval EFI_BUFFER_TOO_SMALL    BufferSize is too small to hold the
> response packet.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +TlsCloseNotify (
> +  IN     VOID                     *Tls,
> +  IN OUT UINT8                    *Buffer,
> +  IN OUT UINTN                    *BufferSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Attempts to read bytes from one TLS object and places the data in Buffer.
> +
> +  This function will attempt to read BufferSize bytes from the TLS object
> +  and places the data in Buffer.
> +
> +  @param[in]      Tls           Pointer to the TLS object.
> +  @param[in,out]  Buffer        Pointer to the buffer to store the data.
> +  @param[in]      BufferSize    The size of Buffer in bytes.
> +
> +  @retval  >0    The amount of data successfully read from the TLS object.
> +  @retval  <=0   No data was successfully read.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsCtrlTrafficOut (
> +  IN     VOID                     *Tls,
> +  IN OUT VOID                     *Buffer,
> +  IN     UINTN                    BufferSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return 0;
> +}
> +
> +/**
> +  Attempts to write data from the buffer to TLS object.
> +
> +  This function will attempt to write BufferSize bytes data from the Buffer
> +  to the TLS object.
> +
> +  @param[in]  Tls           Pointer to the TLS object.
> +  @param[in]  Buffer        Pointer to the data buffer.
> +  @param[in]  BufferSize    The size of Buffer in bytes.
> +
> +  @retval  >0    The amount of data successfully written to the TLS object.
> +  @retval <=0    No data was successfully written.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsCtrlTrafficIn (
> +  IN     VOID                     *Tls,
> +  IN     VOID                     *Buffer,
> +  IN     UINTN                    BufferSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return 0;
> +}
> +/**
> +  Attempts to read bytes from the specified TLS connection into the buffer.
> +
> +  This function tries to read BufferSize bytes data from the specified TLS
> +  connection into the Buffer.
> +
> +  @param[in]      Tls           Pointer to the TLS connection for data reading.
> +  @param[in,out]  Buffer        Pointer to the data buffer.
> +  @param[in]      BufferSize    The size of Buffer in bytes.
> +
> +  @retval  >0    The read operation was successful, and return value is the
> +                 number of bytes actually read from the TLS connection.
> +  @retval  <=0   The read operation was not successful.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsRead (
> +  IN     VOID                     *Tls,
> +  IN OUT VOID                     *Buffer,
> +  IN     UINTN                    BufferSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return 0;
> +}
> +
> +/**
> +  Attempts to write data to a TLS connection.
> +
> +  This function tries to write BufferSize bytes data from the Buffer into the
> +  specified TLS connection.
> +
> +  @param[in]  Tls           Pointer to the TLS connection for data writing.
> +  @param[in]  Buffer        Pointer to the data buffer.
> +  @param[in]  BufferSize    The size of Buffer in bytes.
> +
> +  @retval  >0    The write operation was successful, and return value is the
> +                 number of bytes actually written to the TLS connection.
> +  @retval <=0    The write operation was not successful.
> +
> +**/
> +INTN
> +EFIAPI
> +TlsWrite (
> +  IN     VOID                     *Tls,
> +  IN     VOID                     *Buffer,
> +  IN     UINTN                    BufferSize
> +  )
> +{
> +  ASSERT(FALSE);
> +  return 0;
> +}
> +
> --
> 2.21.0.windows.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Patch] CryptoPkg: Add Null instance of the TlsLib class
  2019-10-23  8:23 ` Wang, Jian J
@ 2019-10-23 21:39   ` Michael D Kinney
  0 siblings, 0 replies; 3+ messages in thread
From: Michael D Kinney @ 2019-10-23 21:39 UTC (permalink / raw)
  To: Wang, Jian J, devel@edk2.groups.io, Kinney, Michael D
  Cc: Sean Brogan, Lu, XiaoyuX

Hi Jian,

Thanks for the feedback.  I verified with Sean that the 
current patch contents are correct.

Mike

> -----Original Message-----
> From: Wang, Jian J <jian.j.wang@intel.com>
> Sent: Wednesday, October 23, 2019 1:23 AM
> To: Kinney, Michael D <michael.d.kinney@intel.com>;
> devel@edk2.groups.io
> Cc: Sean Brogan <sean.brogan@microsoft.com>; Lu, XiaoyuX
> <xiaoyux.lu@intel.com>
> Subject: RE: [Patch] CryptoPkg: Add Null instance of the
> TlsLib class
> 
> Hi Mike,
> 
> The copyright and the year might need update (Not sure
> about it. I guess they're copied from non-null version
> of file.) With it addressed (if necessary),
> 
> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
> 
> Regards,
> Jian
> 
> > -----Original Message-----
> > From: Kinney, Michael D <michael.d.kinney@intel.com>
> > Sent: Wednesday, October 23, 2019 5:41 AM
> > To: devel@edk2.groups.io
> > Cc: Sean Brogan <sean.brogan@microsoft.com>; Wang,
> Jian J
> > <jian.j.wang@intel.com>; Lu, XiaoyuX
> <xiaoyux.lu@intel.com>
> > Subject: [Patch] CryptoPkg: Add Null instance of the
> TlsLib class
> >
> > From: Sean Brogan <sean.brogan@microsoft.com>
> >
> > https://bugzilla.tianocore.org/show_bug.cgi?id=2258
> >
> > Add a Null instance of the TlsLib class.  This lib
> instance can be
> > used as a template for new implementations of the
> TlsLib class and can
> > also be used to reduce CI build times for build checks
> that depend on
> > the TlsLib class.
> >
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> > Signed-off-by: Michael D Kinney
> <michael.d.kinney@intel.com>
> > ---
> >  CryptoPkg/CryptoPkg.dsc                       |   1 +
> >  CryptoPkg/Library/TlsLibNull/InternalTlsLib.h |  16 +
> > CryptoPkg/Library/TlsLibNull/TlsConfigNull.c  | 622
> ++++++++++++++++++
> >  CryptoPkg/Library/TlsLibNull/TlsInitNull.c    | 111
> ++++
> >  CryptoPkg/Library/TlsLibNull/TlsLibNull.inf   |  38
> ++
> >  CryptoPkg/Library/TlsLibNull/TlsLibNull.uni   |  13 +
> >  CryptoPkg/Library/TlsLibNull/TlsProcessNull.c | 247
> +++++++
> >  7 files changed, 1048 insertions(+)
> >  create mode 100644
> CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> >  create mode 100644
> CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> >  create mode 100644
> CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> >  create mode 100644
> CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> >  create mode 100644
> CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> >  create mode 100644
> CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> >
> > diff --git a/CryptoPkg/CryptoPkg.dsc
> b/CryptoPkg/CryptoPkg.dsc index
> > c90e76c721..cea4335afb 100644
> > --- a/CryptoPkg/CryptoPkg.dsc
> > +++ b/CryptoPkg/CryptoPkg.dsc
> > @@ -115,6 +115,7 @@ [Components]
> >    CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf
> >    CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
> >    CryptoPkg/Library/TlsLib/TlsLib.inf
> > +  CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> >    CryptoPkg/Library/OpensslLib/OpensslLib.inf
> >    CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> >
> > diff --git
> a/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> > b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> > new file mode 100644
> > index 0000000000..888c9066bf
> > --- /dev/null
> > +++ b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h
> > @@ -0,0 +1,16 @@
> > +/** @file
> > +  Internal include file for TlsLibNull.
> > +
> > +Copyright (c) 2016 - 2017, Intel Corporation. All
> rights
> > +reserved.<BR>
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#ifndef __INTERNAL_TLS_LIB_NULL_H__
> > +#define __INTERNAL_TLS_LIB_NULL_H__
> > +
> > +#include <Library/BaseCryptLib.h>
> > +#include <Library/DebugLib.h>
> > +#include <Library/BaseLib.h>
> > +
> > +#endif
> > diff --git
> a/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> > b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> > new file mode 100644
> > index 0000000000..8033a61790
> > --- /dev/null
> > +++ b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c
> > @@ -0,0 +1,622 @@
> > +/** @file
> > +  SSL/TLS Configuration Null Library Wrapper
> Implementation.
> > +
> > +Copyright (c) 2016 - 2017, Intel Corporation. All
> rights
> > +reserved.<BR>
> > +(C) Copyright 2016 Hewlett Packard Enterprise
> Development LP<BR>
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include "InternalTlsLib.h"
> > +
> > +/**
> > +  Set a new TLS/SSL method for a particular TLS
> object.
> > +
> > +  This function sets a new TLS/SSL method for a
> particular TLS object.
> > +
> > +  @param[in]  Tls         Pointer to a TLS object.
> > +  @param[in]  MajorVer    Major Version of TLS/SSL
> Protocol.
> > +  @param[in]  MinorVer    Minor Version of TLS/SSL
> Protocol.
> > +
> > +  @retval  EFI_SUCCESS           The TLS/SSL method
> was set successfully.
> > +  @retval  EFI_INVALID_PARAMETER The parameter is
> invalid.
> > +  @retval  EFI_UNSUPPORTED       Unsupported TLS/SSL
> method.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetVersion (
> > +  IN     VOID                     *Tls,
> > +  IN     UINT8                    MajorVer,
> > +  IN     UINT8                    MinorVer
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Set TLS object to work in client or server mode.
> > +
> > +  This function prepares a TLS object to work in
> client or server mode.
> > +
> > +  @param[in]  Tls         Pointer to a TLS object.
> > +  @param[in]  IsServer    Work in server mode.
> > +
> > +  @retval  EFI_SUCCESS           The TLS/SSL work
> mode was set successfully.
> > +  @retval  EFI_INVALID_PARAMETER The parameter is
> invalid.
> > +  @retval  EFI_UNSUPPORTED       Unsupported TLS/SSL
> work mode.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetConnectionEnd (
> > +  IN     VOID                     *Tls,
> > +  IN     BOOLEAN                  IsServer
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Set the ciphers list to be used by the TLS object.
> > +
> > +  This function sets the ciphers for use by a
> specified TLS object.
> > +
> > +  @param[in]  Tls          Pointer to a TLS object.
> > +  @param[in]  CipherId     Array of UINT16 cipher
> identifiers. Each UINT16
> > +                           cipher identifier comes
> from the TLS Cipher Suite
> > +                           Registry of the IANA,
> interpreting Byte1 and Byte2
> > +                           in network (big endian)
> byte order.
> > +  @param[in]  CipherNum    The number of cipher in
> the list.
> > +
> > +  @retval  EFI_SUCCESS           The ciphers list was
> set successfully.
> > +  @retval  EFI_INVALID_PARAMETER The parameter is
> invalid.
> > +  @retval  EFI_UNSUPPORTED       No supported TLS
> cipher was found in
> > CipherId.
> > +  @retval  EFI_OUT_OF_RESOURCES  Memory allocation
> failed.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetCipherList (
> > +  IN     VOID                     *Tls,
> > +  IN     UINT16                   *CipherId,
> > +  IN     UINTN                    CipherNum
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Set the compression method for TLS/SSL operations.
> > +
> > +  This function handles TLS/SSL integrated
> compression methods.
> > +
> > +  @param[in]  CompMethod    The compression method
> ID.
> > +
> > +  @retval  EFI_SUCCESS        The compression method
> for the communication
> > was
> > +                              set successfully.
> > +  @retval  EFI_UNSUPPORTED    Unsupported compression
> method.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetCompressionMethod (
> > +  IN     UINT8                    CompMethod
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Set peer certificate verification mode for the TLS
> connection.
> > +
> > +  This function sets the verification mode flags for
> the TLS connection.
> > +
> > +  @param[in]  Tls           Pointer to the TLS
> object.
> > +  @param[in]  VerifyMode    A set of logically or'ed
> verification mode flags.
> > +
> > +**/
> > +VOID
> > +EFIAPI
> > +TlsSetVerify (
> > +  IN     VOID                     *Tls,
> > +  IN     UINT32                   VerifyMode
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +}
> > +
> > +// MU_CHANGE - Proposed fixes for TCBZ960, invalid
> domain name (CN)
> > accepted. [BEGIN]
> > +/**
> > +  Set the specified host name to be verified.
> > +
> > +  @param[in]  Tls           Pointer to the TLS
> object.
> > +  @param[in]  Flags         The setting flags during
> the validation.
> > +  @param[in]  HostName      The specified host name
> to be verified.
> > +
> > +  @retval  EFI_SUCCESS           The HostName setting
> was set successfully.
> > +  @retval  EFI_INVALID_PARAMETER The parameter is
> invalid.
> > +  @retval  EFI_ABORTED           Invalid HostName
> setting.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetVerifyHost (
> > +  IN     VOID                     *Tls,
> > +  IN     UINT32                   Flags,
> > +  IN     CHAR8                    *HostName
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +// MU_CHANGE - Proposed fixes for TCBZ960, invalid
> domain name (CN)
> > accepted. [END]
> > +
> > +/**
> > +  Sets a TLS/SSL session ID to be used during TLS/SSL
> connect.
> > +
> > +  This function sets a session ID to be used when the
> TLS/SSL
> > + connection is  to be established.
> > +
> > +  @param[in]  Tls             Pointer to the TLS
> object.
> > +  @param[in]  SessionId       Session ID data used
> for session resumption.
> > +  @param[in]  SessionIdLen    Length of Session ID in
> bytes.
> > +
> > +  @retval  EFI_SUCCESS           Session ID was set
> successfully.
> > +  @retval  EFI_INVALID_PARAMETER The parameter is
> invalid.
> > +  @retval  EFI_UNSUPPORTED       No available session
> for ID setting.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetSessionId (
> > +  IN     VOID                     *Tls,
> > +  IN     UINT8                    *SessionId,
> > +  IN     UINT16                   SessionIdLen
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Adds the CA to the cert store when requesting
> Server or Client authentication.
> > +
> > +  This function adds the CA certificate to the list
> of CAs when
> > + requesting  Server or Client authentication for the
> chosen TLS connection.
> > +
> > +  @param[in]  Tls         Pointer to the TLS object.
> > +  @param[in]  Data        Pointer to the data buffer
> of a DER-encoded binary
> > +                          X.509 certificate or PEM-
> encoded X.509 certificate.
> > +  @param[in]  DataSize    The size of data buffer in
> bytes.
> > +
> > +  @retval  EFI_SUCCESS             The operation
> succeeded.
> > +  @retval  EFI_INVALID_PARAMETER   The parameter is
> invalid.
> > +  @retval  EFI_OUT_OF_RESOURCES    Required resources
> could not be
> > allocated.
> > +  @retval  EFI_ABORTED             Invalid X.509
> certificate.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetCaCertificate (
> > +  IN     VOID                     *Tls,
> > +  IN     VOID                     *Data,
> > +  IN     UINTN                    DataSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Loads the local public certificate into the
> specified TLS object.
> > +
> > +  This function loads the X.509 certificate into the
> specified TLS
> > + object  for TLS negotiation.
> > +
> > +  @param[in]  Tls         Pointer to the TLS object.
> > +  @param[in]  Data        Pointer to the data buffer
> of a DER-encoded binary
> > +                          X.509 certificate or PEM-
> encoded X.509 certificate.
> > +  @param[in]  DataSize    The size of data buffer in
> bytes.
> > +
> > +  @retval  EFI_SUCCESS             The operation
> succeeded.
> > +  @retval  EFI_INVALID_PARAMETER   The parameter is
> invalid.
> > +  @retval  EFI_OUT_OF_RESOURCES    Required resources
> could not be
> > allocated.
> > +  @retval  EFI_ABORTED             Invalid X.509
> certificate.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetHostPublicCert (
> > +  IN     VOID                     *Tls,
> > +  IN     VOID                     *Data,
> > +  IN     UINTN                    DataSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Adds the local private key to the specified TLS
> object.
> > +
> > +  This function adds the local private key (PEM-
> encoded RSA or PKCS#8
> > + private
> > +  key) into the specified TLS object for TLS
> negotiation.
> > +
> > +  @param[in]  Tls         Pointer to the TLS object.
> > +  @param[in]  Data        Pointer to the data buffer
> of a PEM-encoded RSA
> > +                          or PKCS#8 private key.
> > +  @param[in]  DataSize    The size of data buffer in
> bytes.
> > +
> > +  @retval  EFI_SUCCESS     The operation succeeded.
> > +  @retval  EFI_UNSUPPORTED This function is not
> supported.
> > +  @retval  EFI_ABORTED     Invalid private key data.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetHostPrivateKey (
> > +  IN     VOID                     *Tls,
> > +  IN     VOID                     *Data,
> > +  IN     UINTN                    DataSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Adds the CA-supplied certificate revocation list
> for certificate validation.
> > +
> > +  This function adds the CA-supplied certificate
> revocation list data
> > + for  certificate validity checking.
> > +
> > +  @param[in]  Data        Pointer to the data buffer
> of a DER-encoded CRL data.
> > +  @param[in]  DataSize    The size of data buffer in
> bytes.
> > +
> > +  @retval  EFI_SUCCESS     The operation succeeded.
> > +  @retval  EFI_UNSUPPORTED This function is not
> supported.
> > +  @retval  EFI_ABORTED     Invalid CRL data.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsSetCertRevocationList (
> > +  IN     VOID                     *Data,
> > +  IN     UINTN                    DataSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Gets the protocol version used by the specified TLS
> connection.
> > +
> > +  This function returns the protocol version used by
> the specified
> > + TLS  connection.
> > +
> > +  If Tls is NULL, then ASSERT().
> > +
> > +  @param[in]  Tls    Pointer to the TLS object.
> > +
> > +  @return  The protocol version of the specified TLS
> connection.
> > +
> > +**/
> > +UINT16
> > +EFIAPI
> > +TlsGetVersion (
> > +  IN     VOID                     *Tls
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return 0;
> > +}
> > +
> > +/**
> > +  Gets the connection end of the specified TLS
> connection.
> > +
> > +  This function returns the connection end (as client
> or as server)
> > + used by  the specified TLS connection.
> > +
> > +  If Tls is NULL, then ASSERT().
> > +
> > +  @param[in]  Tls    Pointer to the TLS object.
> > +
> > +  @return  The connection end used by the specified
> TLS connection.
> > +
> > +**/
> > +UINT8
> > +EFIAPI
> > +TlsGetConnectionEnd (
> > +  IN     VOID                     *Tls
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return 0;
> > +}
> > +
> > +/**
> > +  Gets the cipher suite used by the specified TLS
> connection.
> > +
> > +  This function returns current cipher suite used by
> the specified
> > + TLS connection.
> > +
> > +  @param[in]      Tls         Pointer to the TLS
> object.
> > +  @param[in,out]  CipherId    The cipher suite used
> by the TLS object.
> > +
> > +  @retval  EFI_SUCCESS           The cipher suite was
> returned successfully.
> > +  @retval  EFI_INVALID_PARAMETER The parameter is
> invalid.
> > +  @retval  EFI_UNSUPPORTED       Unsupported cipher
> suite.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetCurrentCipher (
> > +  IN     VOID                     *Tls,
> > +  IN OUT UINT16                   *CipherId
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Gets the compression methods used by the specified
> TLS connection.
> > +
> > +  This function returns current integrated
> compression methods used
> > + by  the specified TLS connection.
> > +
> > +  @param[in]      Tls              Pointer to the TLS
> object.
> > +  @param[in,out]  CompressionId    The current
> compression method used by
> > +                                   the TLS object.
> > +
> > +  @retval  EFI_SUCCESS           The compression
> method was returned
> > successfully.
> > +  @retval  EFI_INVALID_PARAMETER The parameter is
> invalid.
> > +  @retval  EFI_ABORTED           Invalid Compression
> method.
> > +  @retval  EFI_UNSUPPORTED       This function is not
> supported.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetCurrentCompressionId (
> > +  IN     VOID                     *Tls,
> > +  IN OUT UINT8                    *CompressionId
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Gets the verification mode currently set in the TLS
> connection.
> > +
> > +  This function returns the peer verification mode
> currently set in
> > + the  specified TLS connection.
> > +
> > +  If Tls is NULL, then ASSERT().
> > +
> > +  @param[in]  Tls    Pointer to the TLS object.
> > +
> > +  @return  The verification mode set in the specified
> TLS connection.
> > +
> > +**/
> > +UINT32
> > +EFIAPI
> > +TlsGetVerify (
> > +  IN     VOID                     *Tls
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return 0;
> > +}
> > +
> > +/**
> > +  Gets the session ID used by the specified TLS
> connection.
> > +
> > +  This function returns the TLS/SSL session ID
> currently used by the
> > + specified TLS connection.
> > +
> > +  @param[in]      Tls             Pointer to the TLS
> object.
> > +  @param[in,out]  SessionId       Buffer to contain
> the returned session ID.
> > +  @param[in,out]  SessionIdLen    The length of
> Session ID in bytes.
> > +
> > +  @retval  EFI_SUCCESS           The Session ID was
> returned successfully.
> > +  @retval  EFI_INVALID_PARAMETER The parameter is
> invalid.
> > +  @retval  EFI_UNSUPPORTED       Invalid TLS/SSL
> session.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetSessionId (
> > +  IN     VOID                     *Tls,
> > +  IN OUT UINT8                    *SessionId,
> > +  IN OUT UINT16                   *SessionIdLen
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Gets the client random data used in the specified
> TLS connection.
> > +
> > +  This function returns the TLS/SSL client random
> data currently used
> > + in  the specified TLS connection.
> > +
> > +  @param[in]      Tls             Pointer to the TLS
> object.
> > +  @param[in,out]  ClientRandom    Buffer to contain
> the returned client
> > +                                  random data (32
> bytes).
> > +
> > +**/
> > +VOID
> > +EFIAPI
> > +TlsGetClientRandom (
> > +  IN     VOID                     *Tls,
> > +  IN OUT UINT8                    *ClientRandom
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +}
> > +
> > +/**
> > +  Gets the server random data used in the specified
> TLS connection.
> > +
> > +  This function returns the TLS/SSL server random
> data currently used
> > + in  the specified TLS connection.
> > +
> > +  @param[in]      Tls             Pointer to the TLS
> object.
> > +  @param[in,out]  ServerRandom    Buffer to contain
> the returned server
> > +                                  random data (32
> bytes).
> > +
> > +**/
> > +VOID
> > +EFIAPI
> > +TlsGetServerRandom (
> > +  IN     VOID                     *Tls,
> > +  IN OUT UINT8                    *ServerRandom
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +}
> > +
> > +/**
> > +  Gets the master key data used in the specified TLS
> connection.
> > +
> > +  This function returns the TLS/SSL master key
> material currently
> > + used in  the specified TLS connection.
> > +
> > +  @param[in]      Tls            Pointer to the TLS
> object.
> > +  @param[in,out]  KeyMaterial    Buffer to contain
> the returned key material.
> > +
> > +  @retval  EFI_SUCCESS           Key material was
> returned successfully.
> > +  @retval  EFI_INVALID_PARAMETER The parameter is
> invalid.
> > +  @retval  EFI_UNSUPPORTED       Invalid TLS/SSL
> session.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetKeyMaterial (
> > +  IN     VOID                     *Tls,
> > +  IN OUT UINT8                    *KeyMaterial
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Gets the CA Certificate from the cert store.
> > +
> > +  This function returns the CA certificate for the
> chosen  TLS
> > + connection.
> > +
> > +  @param[in]      Tls         Pointer to the TLS
> object.
> > +  @param[out]     Data        Pointer to the data
> buffer to receive the CA
> > +                              certificate data sent
> to the client.
> > +  @param[in,out]  DataSize    The size of data buffer
> in bytes.
> > +
> > +  @retval  EFI_SUCCESS             The operation
> succeeded.
> > +  @retval  EFI_UNSUPPORTED         This function is
> not supported.
> > +  @retval  EFI_BUFFER_TOO_SMALL    The Data is too
> small to hold the data.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetCaCertificate (
> > +  IN     VOID                     *Tls,
> > +  OUT    VOID                     *Data,
> > +  IN OUT UINTN                    *DataSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Gets the local public Certificate set in the
> specified TLS object.
> > +
> > +  This function returns the local public certificate
> which was
> > + currently set  in the specified TLS object.
> > +
> > +  @param[in]      Tls         Pointer to the TLS
> object.
> > +  @param[out]     Data        Pointer to the data
> buffer to receive the local
> > +                              public certificate.
> > +  @param[in,out]  DataSize    The size of data buffer
> in bytes.
> > +
> > +  @retval  EFI_SUCCESS             The operation
> succeeded.
> > +  @retval  EFI_INVALID_PARAMETER   The parameter is
> invalid.
> > +  @retval  EFI_NOT_FOUND           The certificate is
> not found.
> > +  @retval  EFI_BUFFER_TOO_SMALL    The Data is too
> small to hold the data.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetHostPublicCert (
> > +  IN     VOID                     *Tls,
> > +  OUT    VOID                     *Data,
> > +  IN OUT UINTN                    *DataSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Gets the local private key set in the specified TLS
> object.
> > +
> > +  This function returns the local private key data
> which was
> > + currently set  in the specified TLS object.
> > +
> > +  @param[in]      Tls         Pointer to the TLS
> object.
> > +  @param[out]     Data        Pointer to the data
> buffer to receive the local
> > +                              private key data.
> > +  @param[in,out]  DataSize    The size of data buffer
> in bytes.
> > +
> > +  @retval  EFI_SUCCESS             The operation
> succeeded.
> > +  @retval  EFI_UNSUPPORTED         This function is
> not supported.
> > +  @retval  EFI_BUFFER_TOO_SMALL    The Data is too
> small to hold the data.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetHostPrivateKey (
> > +  IN     VOID                     *Tls,
> > +  OUT    VOID                     *Data,
> > +  IN OUT UINTN                    *DataSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Gets the CA-supplied certificate revocation list
> data set in the
> > +specified
> > +  TLS object.
> > +
> > +  This function returns the CA-supplied certificate
> revocation list
> > + data which  was currently set in the specified TLS
> object.
> > +
> > +  @param[out]     Data        Pointer to the data
> buffer to receive the CRL data.
> > +  @param[in,out]  DataSize    The size of data buffer
> in bytes.
> > +
> > +  @retval  EFI_SUCCESS             The operation
> succeeded.
> > +  @retval  EFI_UNSUPPORTED         This function is
> not supported.
> > +  @retval  EFI_BUFFER_TOO_SMALL    The Data is too
> small to hold the data.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsGetCertRevocationList (
> > +  OUT    VOID                     *Data,
> > +  IN OUT UINTN                    *DataSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > diff --git
> a/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> > b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> > new file mode 100644
> > index 0000000000..3e44117b82
> > --- /dev/null
> > +++ b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c
> > @@ -0,0 +1,111 @@
> > +/** @file
> > +  SSL/TLS Initialization Null Library Wrapper
> Implementation.
> > +
> > +Copyright (c) 2016 - 2017, Intel Corporation. All
> rights
> > +reserved.<BR>
> > +(C) Copyright 2016 Hewlett Packard Enterprise
> Development LP<BR>
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include "InternalTlsLib.h"
> > +
> > +/**
> > +  Initializes the library.
> > +
> > +  This function registers ciphers and digests used
> directly and
> > + indirectly  by SSL/TLS, and initializes the readable
> error messages.
> > +  This function must be called before any other
> action takes places.
> > +
> > +  @retval TRUE   The library has been initialized.
> > +  @retval FALSE  Failed to initialize the library.
> > +
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +TlsInitialize (
> > +  VOID
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return FALSE;
> > +}
> > +
> > +/**
> > +  Free an allocated SSL_CTX object.
> > +
> > +  @param[in]  TlsCtx    Pointer to the SSL_CTX object
> to be released.
> > +
> > +**/
> > +VOID
> > +EFIAPI
> > +TlsCtxFree (
> > +  IN   VOID                  *TlsCtx
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return;
> > +}
> > +
> > +/**
> > +  Creates a new SSL_CTX object as framework to
> establish TLS/SSL
> > +enabled
> > +  connections.
> > +
> > +  @param[in]  MajorVer    Major Version of TLS/SSL
> Protocol.
> > +  @param[in]  MinorVer    Minor Version of TLS/SSL
> Protocol.
> > +
> > +  @return  Pointer to an allocated SSL_CTX object.
> > +           If the creation failed, TlsCtxNew()
> returns NULL.
> > +
> > +**/
> > +VOID *
> > +EFIAPI
> > +TlsCtxNew (
> > +  IN     UINT8                    MajorVer,
> > +  IN     UINT8                    MinorVer
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return NULL;
> > +}
> > +
> > +/**
> > +  Free an allocated TLS object.
> > +
> > +  This function removes the TLS object pointed to by
> Tls and frees up
> > + the  allocated memory. If Tls is NULL, nothing is
> done.
> > +
> > +  @param[in]  Tls    Pointer to the TLS object to be
> freed.
> > +
> > +**/
> > +VOID
> > +EFIAPI
> > +TlsFree (
> > +  IN     VOID                     *Tls
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +}
> > +
> > +/**
> > +  Create a new TLS object for a connection.
> > +
> > +  This function creates a new TLS object for a
> connection. The new
> > + object  inherits the setting of the underlying
> context TlsCtx:
> > + connection method,  options, verification setting.
> > +
> > +  @param[in]  TlsCtx    Pointer to the SSL_CTX
> object.
> > +
> > +  @return  Pointer to an allocated SSL object.
> > +           If the creation failed, TlsNew() returns
> NULL.
> > +
> > +**/
> > +VOID *
> > +EFIAPI
> > +TlsNew (
> > +  IN     VOID                     *TlsCtx
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return NULL;
> > +}
> > +
> > diff --git
> a/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> > b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> > new file mode 100644
> > index 0000000000..33f0e7493f
> > --- /dev/null
> > +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
> > @@ -0,0 +1,38 @@
> > +## @file
> > +#  SSL/TLS Wrapper Null Library Instance.
> > +#
> > +#  Copyright (c) 2016 - 2018, Intel Corporation. All
> rights
> > +reserved.<BR> #  (C) Copyright 2016 Hewlett Packard
> Enterprise
> > +Development LP<BR> #  SPDX-License-Identifier: BSD-2-
> Clause-Patent #
> > +##
> > +
> > +[Defines]
> > +  INF_VERSION                    = 0x00010005
> > +  BASE_NAME                      = TlsLibNull
> > +  MODULE_UNI_FILE                = TlsLibNull.uni
> > +  FILE_GUID                      = 705a5b3b-cfa5-
> 42ea-87f0-f2b8d44ec521
> > +  MODULE_TYPE                    = BASE
> > +  VERSION_STRING                 = 1.0
> > +  LIBRARY_CLASS                  = TlsLib
> > +
> > +#
> > +# The following information is for reference only and
> not required by
> > +the build
> > tools.
> > +#
> > +#  VALID_ARCHITECTURES           = IA32 X64 ARM
> AARCH64
> > +#
> > +
> > +[Sources]
> > +  InternalTlsLib.h
> > +  TlsInitNull.c
> > +  TlsConfigNull.c
> > +  TlsProcessNull.c
> > +
> > +[Packages]
> > +  MdePkg/MdePkg.dec
> > +  CryptoPkg/CryptoPkg.dec
> > +
> > +[LibraryClasses]
> > +  BaseCryptLib
> > +  DebugLib
> > +  BaseLib
> > diff --git
> a/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> > b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> > new file mode 100644
> > index 0000000000..869f3fcf78
> > --- /dev/null
> > +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni
> > @@ -0,0 +1,13 @@
> > +// /** @file
> > +// SSL/TLS Wrapper Null Library Instance.
> > +//
> > +// Copyright (c) 2016, Intel Corporation. All rights
> reserved.<BR> //
> > +// SPDX-License-Identifier: BSD-2-Clause-Patent // //
> **/
> > +
> > +
> > +#string STR_MODULE_ABSTRACT             #language en-
> US "SSL/TLS Wrapper
> > Null Library Instance"
> > +
> > +#string STR_MODULE_DESCRIPTION          #language en-
> US "This module
> > provides SSL/TLS Wrapper Null Library Instance."
> > diff --git
> a/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> > b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> > new file mode 100644
> > index 0000000000..2949d4c885
> > --- /dev/null
> > +++ b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c
> > @@ -0,0 +1,247 @@
> > +/** @file
> > +  SSL/TLS Process Null Library Wrapper
> Implementation.
> > +  The process includes the TLS handshake and packet
> I/O.
> > +
> > +Copyright (c) 2016 - 2017, Intel Corporation. All
> rights
> > +reserved.<BR>
> > +(C) Copyright 2016 Hewlett Packard Enterprise
> Development LP<BR>
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include "InternalTlsLib.h"
> > +
> > +/**
> > +  Checks if the TLS handshake was done.
> > +
> > +  This function will check if the specified TLS
> handshake was done.
> > +
> > +  @param[in]  Tls    Pointer to the TLS object for
> handshake state checking.
> > +
> > +  @retval  TRUE     The TLS handshake was done.
> > +  @retval  FALSE    The TLS handshake was not done.
> > +
> > +**/
> > +BOOLEAN
> > +EFIAPI
> > +TlsInHandshake (
> > +  IN     VOID                     *Tls
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return FALSE;
> > +}
> > +
> > +/**
> > +  Perform a TLS/SSL handshake.
> > +
> > +  This function will perform a TLS/SSL handshake.
> > +
> > +  @param[in]       Tls            Pointer to the TLS
> object for handshake operation.
> > +  @param[in]       BufferIn       Pointer to the most
> recently received TLS
> > Handshake packet.
> > +  @param[in]       BufferInSize   Packet size in
> bytes for the most recently
> > received TLS
> > +                                  Handshake packet.
> > +  @param[out]      BufferOut      Pointer to the
> buffer to hold the built packet.
> > +  @param[in, out]  BufferOutSize  Pointer to the
> buffer size in
> > + bytes. On input, it
> > is
> > +                                  the buffer size
> provided by the caller. On output, it
> > +                                  is the buffer size
> in fact needed to contain the
> > +                                  packet.
> > +
> > +  @retval EFI_SUCCESS             The required TLS
> packet is built successfully.
> > +  @retval EFI_INVALID_PARAMETER   One or more of the
> following conditions
> > is TRUE:
> > +                                  Tls is NULL.
> > +                                  BufferIn is NULL
> but BufferInSize is NOT 0.
> > +                                  BufferInSize is 0
> but BufferIn is NOT NULL.
> > +                                  BufferOutSize is
> NULL.
> > +                                  BufferOut is NULL
> if *BufferOutSize is not zero.
> > +  @retval EFI_BUFFER_TOO_SMALL    BufferOutSize is
> too small to hold the
> > response packet.
> > +  @retval EFI_ABORTED             Something wrong
> during handshake.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsDoHandshake (
> > +  IN     VOID                     *Tls,
> > +  IN     UINT8                    *BufferIn, OPTIONAL
> > +  IN     UINTN                    BufferInSize,
> OPTIONAL
> > +     OUT UINT8                    *BufferOut,
> OPTIONAL
> > +  IN OUT UINTN                    *BufferOutSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Handle Alert message recorded in BufferIn. If
> BufferIn is NULL and
> > BufferInSize is zero,
> > +  TLS session has errors and the response packet
> needs to be Alert
> > + message
> > based on error type.
> > +
> > +  @param[in]       Tls            Pointer to the TLS
> object for state checking.
> > +  @param[in]       BufferIn       Pointer to the most
> recently received TLS Alert
> > packet.
> > +  @param[in]       BufferInSize   Packet size in
> bytes for the most recently
> > received TLS
> > +                                  Alert packet.
> > +  @param[out]      BufferOut      Pointer to the
> buffer to hold the built packet.
> > +  @param[in, out]  BufferOutSize  Pointer to the
> buffer size in
> > + bytes. On input, it
> > is
> > +                                  the buffer size
> provided by the caller. On output, it
> > +                                  is the buffer size
> in fact needed to contain the
> > +                                  packet.
> > +
> > +  @retval EFI_SUCCESS             The required TLS
> packet is built successfully.
> > +  @retval EFI_INVALID_PARAMETER   One or more of the
> following conditions
> > is TRUE:
> > +                                  Tls is NULL.
> > +                                  BufferIn is NULL
> but BufferInSize is NOT 0.
> > +                                  BufferInSize is 0
> but BufferIn is NOT NULL.
> > +                                  BufferOutSize is
> NULL.
> > +                                  BufferOut is NULL
> if *BufferOutSize is not zero.
> > +  @retval EFI_ABORTED             An error occurred.
> > +  @retval EFI_BUFFER_TOO_SMALL    BufferOutSize is
> too small to hold the
> > response packet.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsHandleAlert (
> > +  IN     VOID                     *Tls,
> > +  IN     UINT8                    *BufferIn, OPTIONAL
> > +  IN     UINTN                    BufferInSize,
> OPTIONAL
> > +     OUT UINT8                    *BufferOut,
> OPTIONAL
> > +  IN OUT UINTN                    *BufferOutSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Build the CloseNotify packet.
> > +
> > +  @param[in]       Tls            Pointer to the TLS
> object for state checking.
> > +  @param[in, out]  Buffer         Pointer to the
> buffer to hold the built packet.
> > +  @param[in, out]  BufferSize     Pointer to the
> buffer size in bytes. On input, it is
> > +                                  the buffer size
> provided by the caller. On output, it
> > +                                  is the buffer size
> in fact needed to contain the
> > +                                  packet.
> > +
> > +  @retval EFI_SUCCESS             The required TLS
> packet is built successfully.
> > +  @retval EFI_INVALID_PARAMETER   One or more of the
> following conditions
> > is TRUE:
> > +                                  Tls is NULL.
> > +                                  BufferSize is NULL.
> > +                                  Buffer is NULL if
> *BufferSize is not zero.
> > +  @retval EFI_BUFFER_TOO_SMALL    BufferSize is too
> small to hold the
> > response packet.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +TlsCloseNotify (
> > +  IN     VOID                     *Tls,
> > +  IN OUT UINT8                    *Buffer,
> > +  IN OUT UINTN                    *BufferSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Attempts to read bytes from one TLS object and
> places the data in Buffer.
> > +
> > +  This function will attempt to read BufferSize bytes
> from the TLS
> > + object  and places the data in Buffer.
> > +
> > +  @param[in]      Tls           Pointer to the TLS
> object.
> > +  @param[in,out]  Buffer        Pointer to the buffer
> to store the data.
> > +  @param[in]      BufferSize    The size of Buffer in
> bytes.
> > +
> > +  @retval  >0    The amount of data successfully read
> from the TLS object.
> > +  @retval  <=0   No data was successfully read.
> > +
> > +**/
> > +INTN
> > +EFIAPI
> > +TlsCtrlTrafficOut (
> > +  IN     VOID                     *Tls,
> > +  IN OUT VOID                     *Buffer,
> > +  IN     UINTN                    BufferSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return 0;
> > +}
> > +
> > +/**
> > +  Attempts to write data from the buffer to TLS
> object.
> > +
> > +  This function will attempt to write BufferSize
> bytes data from the
> > + Buffer  to the TLS object.
> > +
> > +  @param[in]  Tls           Pointer to the TLS
> object.
> > +  @param[in]  Buffer        Pointer to the data
> buffer.
> > +  @param[in]  BufferSize    The size of Buffer in
> bytes.
> > +
> > +  @retval  >0    The amount of data successfully
> written to the TLS object.
> > +  @retval <=0    No data was successfully written.
> > +
> > +**/
> > +INTN
> > +EFIAPI
> > +TlsCtrlTrafficIn (
> > +  IN     VOID                     *Tls,
> > +  IN     VOID                     *Buffer,
> > +  IN     UINTN                    BufferSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return 0;
> > +}
> > +/**
> > +  Attempts to read bytes from the specified TLS
> connection into the buffer.
> > +
> > +  This function tries to read BufferSize bytes data
> from the
> > + specified TLS  connection into the Buffer.
> > +
> > +  @param[in]      Tls           Pointer to the TLS
> connection for data reading.
> > +  @param[in,out]  Buffer        Pointer to the data
> buffer.
> > +  @param[in]      BufferSize    The size of Buffer in
> bytes.
> > +
> > +  @retval  >0    The read operation was successful,
> and return value is the
> > +                 number of bytes actually read from
> the TLS connection.
> > +  @retval  <=0   The read operation was not
> successful.
> > +
> > +**/
> > +INTN
> > +EFIAPI
> > +TlsRead (
> > +  IN     VOID                     *Tls,
> > +  IN OUT VOID                     *Buffer,
> > +  IN     UINTN                    BufferSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return 0;
> > +}
> > +
> > +/**
> > +  Attempts to write data to a TLS connection.
> > +
> > +  This function tries to write BufferSize bytes data
> from the Buffer
> > + into the  specified TLS connection.
> > +
> > +  @param[in]  Tls           Pointer to the TLS
> connection for data writing.
> > +  @param[in]  Buffer        Pointer to the data
> buffer.
> > +  @param[in]  BufferSize    The size of Buffer in
> bytes.
> > +
> > +  @retval  >0    The write operation was successful,
> and return value is the
> > +                 number of bytes actually written to
> the TLS connection.
> > +  @retval <=0    The write operation was not
> successful.
> > +
> > +**/
> > +INTN
> > +EFIAPI
> > +TlsWrite (
> > +  IN     VOID                     *Tls,
> > +  IN     VOID                     *Buffer,
> > +  IN     UINTN                    BufferSize
> > +  )
> > +{
> > +  ASSERT(FALSE);
> > +  return 0;
> > +}
> > +
> > --
> > 2.21.0.windows.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-10-23 21:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-10-22 21:40 [Patch] CryptoPkg: Add Null instance of the TlsLib class Michael D Kinney
2019-10-23  8:23 ` Wang, Jian J
2019-10-23 21:39   ` Michael D Kinney

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox