From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web12.715.1571866772222837154 for ; Wed, 23 Oct 2019 14:39:32 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: michael.d.kinney@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Oct 2019 14:39:31 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,222,1569308400"; d="scan'208";a="399544198" Received: from orsmsx101.amr.corp.intel.com ([10.22.225.128]) by fmsmga006.fm.intel.com with ESMTP; 23 Oct 2019 14:39:28 -0700 Received: from orsmsx155.amr.corp.intel.com (10.22.240.21) by ORSMSX101.amr.corp.intel.com (10.22.225.128) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 23 Oct 2019 14:39:28 -0700 Received: from orsmsx113.amr.corp.intel.com ([169.254.9.28]) by ORSMSX155.amr.corp.intel.com ([169.254.7.105]) with mapi id 14.03.0439.000; Wed, 23 Oct 2019 14:39:27 -0700 From: "Michael D Kinney" To: "Wang, Jian J" , "devel@edk2.groups.io" , "Kinney, Michael D" CC: Sean Brogan , "Lu, XiaoyuX" Subject: Re: [Patch] CryptoPkg: Add Null instance of the TlsLib class Thread-Topic: [Patch] CryptoPkg: Add Null instance of the TlsLib class Thread-Index: AQHViXsWB8UoGN7fM0GgaqmKIdrggKdowXyw Date: Wed, 23 Oct 2019 21:39:26 +0000 Message-ID: References: <20191022214058.21124-1-michael.d.kinney@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.22.254.140] MIME-Version: 1.0 Return-Path: michael.d.kinney@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Jian, Thanks for the feedback. I verified with Sean that the=20 current patch contents are correct. Mike > -----Original Message----- > From: Wang, Jian J > Sent: Wednesday, October 23, 2019 1:23 AM > To: Kinney, Michael D ; > devel@edk2.groups.io > Cc: Sean Brogan ; Lu, XiaoyuX > > Subject: RE: [Patch] CryptoPkg: Add Null instance of the > TlsLib class >=20 > Hi Mike, >=20 > The copyright and the year might need update (Not sure > about it. I guess they're copied from non-null version > of file.) With it addressed (if necessary), >=20 > Reviewed-by: Jian J Wang >=20 > Regards, > Jian >=20 > > -----Original Message----- > > From: Kinney, Michael D > > Sent: Wednesday, October 23, 2019 5:41 AM > > To: devel@edk2.groups.io > > Cc: Sean Brogan ; Wang, > Jian J > > ; Lu, XiaoyuX > > > Subject: [Patch] CryptoPkg: Add Null instance of the > TlsLib class > > > > From: Sean Brogan > > > > https://bugzilla.tianocore.org/show_bug.cgi?id=3D2258 > > > > Add a Null instance of the TlsLib class. This lib > instance can be > > used as a template for new implementations of the > TlsLib class and can > > also be used to reduce CI build times for build checks > that depend on > > the TlsLib class. > > > > Cc: Jian J Wang > > Cc: Xiaoyu Lu > > Signed-off-by: Michael D Kinney > > > --- > > CryptoPkg/CryptoPkg.dsc | 1 + > > CryptoPkg/Library/TlsLibNull/InternalTlsLib.h | 16 + > > CryptoPkg/Library/TlsLibNull/TlsConfigNull.c | 622 > ++++++++++++++++++ > > CryptoPkg/Library/TlsLibNull/TlsInitNull.c | 111 > ++++ > > CryptoPkg/Library/TlsLibNull/TlsLibNull.inf | 38 > ++ > > CryptoPkg/Library/TlsLibNull/TlsLibNull.uni | 13 + > > CryptoPkg/Library/TlsLibNull/TlsProcessNull.c | 247 > +++++++ > > 7 files changed, 1048 insertions(+) > > create mode 100644 > CryptoPkg/Library/TlsLibNull/InternalTlsLib.h > > create mode 100644 > CryptoPkg/Library/TlsLibNull/TlsConfigNull.c > > create mode 100644 > CryptoPkg/Library/TlsLibNull/TlsInitNull.c > > create mode 100644 > CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > > create mode 100644 > CryptoPkg/Library/TlsLibNull/TlsLibNull.uni > > create mode 100644 > CryptoPkg/Library/TlsLibNull/TlsProcessNull.c > > > > diff --git a/CryptoPkg/CryptoPkg.dsc > b/CryptoPkg/CryptoPkg.dsc index > > c90e76c721..cea4335afb 100644 > > --- a/CryptoPkg/CryptoPkg.dsc > > +++ b/CryptoPkg/CryptoPkg.dsc > > @@ -115,6 +115,7 @@ [Components] > > CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf > > CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf > > CryptoPkg/Library/TlsLib/TlsLib.inf > > + CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > > CryptoPkg/Library/OpensslLib/OpensslLib.inf > > CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > > > diff --git > a/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h > > b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h > > new file mode 100644 > > index 0000000000..888c9066bf > > --- /dev/null > > +++ b/CryptoPkg/Library/TlsLibNull/InternalTlsLib.h > > @@ -0,0 +1,16 @@ > > +/** @file > > + Internal include file for TlsLibNull. > > + > > +Copyright (c) 2016 - 2017, Intel Corporation. All > rights > > +reserved.
> > +SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#ifndef __INTERNAL_TLS_LIB_NULL_H__ > > +#define __INTERNAL_TLS_LIB_NULL_H__ > > + > > +#include > > +#include > > +#include > > + > > +#endif > > diff --git > a/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c > > b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c > > new file mode 100644 > > index 0000000000..8033a61790 > > --- /dev/null > > +++ b/CryptoPkg/Library/TlsLibNull/TlsConfigNull.c > > @@ -0,0 +1,622 @@ > > +/** @file > > + SSL/TLS Configuration Null Library Wrapper > Implementation. > > + > > +Copyright (c) 2016 - 2017, Intel Corporation. All > rights > > +reserved.
> > +(C) Copyright 2016 Hewlett Packard Enterprise > Development LP
> > +SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include "InternalTlsLib.h" > > + > > +/** > > + Set a new TLS/SSL method for a particular TLS > object. > > + > > + This function sets a new TLS/SSL method for a > particular TLS object. > > + > > + @param[in] Tls Pointer to a TLS object. > > + @param[in] MajorVer Major Version of TLS/SSL > Protocol. > > + @param[in] MinorVer Minor Version of TLS/SSL > Protocol. > > + > > + @retval EFI_SUCCESS The TLS/SSL method > was set successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED Unsupported TLS/SSL > method. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetVersion ( > > + IN VOID *Tls, > > + IN UINT8 MajorVer, > > + IN UINT8 MinorVer > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Set TLS object to work in client or server mode. > > + > > + This function prepares a TLS object to work in > client or server mode. > > + > > + @param[in] Tls Pointer to a TLS object. > > + @param[in] IsServer Work in server mode. > > + > > + @retval EFI_SUCCESS The TLS/SSL work > mode was set successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED Unsupported TLS/SSL > work mode. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetConnectionEnd ( > > + IN VOID *Tls, > > + IN BOOLEAN IsServer > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Set the ciphers list to be used by the TLS object. > > + > > + This function sets the ciphers for use by a > specified TLS object. > > + > > + @param[in] Tls Pointer to a TLS object. > > + @param[in] CipherId Array of UINT16 cipher > identifiers. Each UINT16 > > + cipher identifier comes > from the TLS Cipher Suite > > + Registry of the IANA, > interpreting Byte1 and Byte2 > > + in network (big endian) > byte order. > > + @param[in] CipherNum The number of cipher in > the list. > > + > > + @retval EFI_SUCCESS The ciphers list was > set successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED No supported TLS > cipher was found in > > CipherId. > > + @retval EFI_OUT_OF_RESOURCES Memory allocation > failed. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetCipherList ( > > + IN VOID *Tls, > > + IN UINT16 *CipherId, > > + IN UINTN CipherNum > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Set the compression method for TLS/SSL operations. > > + > > + This function handles TLS/SSL integrated > compression methods. > > + > > + @param[in] CompMethod The compression method > ID. > > + > > + @retval EFI_SUCCESS The compression method > for the communication > > was > > + set successfully. > > + @retval EFI_UNSUPPORTED Unsupported compression > method. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetCompressionMethod ( > > + IN UINT8 CompMethod > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Set peer certificate verification mode for the TLS > connection. > > + > > + This function sets the verification mode flags for > the TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in] VerifyMode A set of logically or'ed > verification mode flags. > > + > > +**/ > > +VOID > > +EFIAPI > > +TlsSetVerify ( > > + IN VOID *Tls, > > + IN UINT32 VerifyMode > > + ) > > +{ > > + ASSERT(FALSE); > > +} > > + > > +// MU_CHANGE - Proposed fixes for TCBZ960, invalid > domain name (CN) > > accepted. [BEGIN] > > +/** > > + Set the specified host name to be verified. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in] Flags The setting flags during > the validation. > > + @param[in] HostName The specified host name > to be verified. > > + > > + @retval EFI_SUCCESS The HostName setting > was set successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_ABORTED Invalid HostName > setting. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetVerifyHost ( > > + IN VOID *Tls, > > + IN UINT32 Flags, > > + IN CHAR8 *HostName > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +// MU_CHANGE - Proposed fixes for TCBZ960, invalid > domain name (CN) > > accepted. [END] > > + > > +/** > > + Sets a TLS/SSL session ID to be used during TLS/SSL > connect. > > + > > + This function sets a session ID to be used when the > TLS/SSL > > + connection is to be established. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in] SessionId Session ID data used > for session resumption. > > + @param[in] SessionIdLen Length of Session ID in > bytes. > > + > > + @retval EFI_SUCCESS Session ID was set > successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED No available session > for ID setting. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetSessionId ( > > + IN VOID *Tls, > > + IN UINT8 *SessionId, > > + IN UINT16 SessionIdLen > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Adds the CA to the cert store when requesting > Server or Client authentication. > > + > > + This function adds the CA certificate to the list > of CAs when > > + requesting Server or Client authentication for the > chosen TLS connection. > > + > > + @param[in] Tls Pointer to the TLS object. > > + @param[in] Data Pointer to the data buffer > of a DER-encoded binary > > + X.509 certificate or PEM- > encoded X.509 certificate. > > + @param[in] DataSize The size of data buffer in > bytes. > > + > > + @retval EFI_SUCCESS The operation > succeeded. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_OUT_OF_RESOURCES Required resources > could not be > > allocated. > > + @retval EFI_ABORTED Invalid X.509 > certificate. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetCaCertificate ( > > + IN VOID *Tls, > > + IN VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Loads the local public certificate into the > specified TLS object. > > + > > + This function loads the X.509 certificate into the > specified TLS > > + object for TLS negotiation. > > + > > + @param[in] Tls Pointer to the TLS object. > > + @param[in] Data Pointer to the data buffer > of a DER-encoded binary > > + X.509 certificate or PEM- > encoded X.509 certificate. > > + @param[in] DataSize The size of data buffer in > bytes. > > + > > + @retval EFI_SUCCESS The operation > succeeded. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_OUT_OF_RESOURCES Required resources > could not be > > allocated. > > + @retval EFI_ABORTED Invalid X.509 > certificate. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetHostPublicCert ( > > + IN VOID *Tls, > > + IN VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Adds the local private key to the specified TLS > object. > > + > > + This function adds the local private key (PEM- > encoded RSA or PKCS#8 > > + private > > + key) into the specified TLS object for TLS > negotiation. > > + > > + @param[in] Tls Pointer to the TLS object. > > + @param[in] Data Pointer to the data buffer > of a PEM-encoded RSA > > + or PKCS#8 private key. > > + @param[in] DataSize The size of data buffer in > bytes. > > + > > + @retval EFI_SUCCESS The operation succeeded. > > + @retval EFI_UNSUPPORTED This function is not > supported. > > + @retval EFI_ABORTED Invalid private key data. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetHostPrivateKey ( > > + IN VOID *Tls, > > + IN VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Adds the CA-supplied certificate revocation list > for certificate validation. > > + > > + This function adds the CA-supplied certificate > revocation list data > > + for certificate validity checking. > > + > > + @param[in] Data Pointer to the data buffer > of a DER-encoded CRL data. > > + @param[in] DataSize The size of data buffer in > bytes. > > + > > + @retval EFI_SUCCESS The operation succeeded. > > + @retval EFI_UNSUPPORTED This function is not > supported. > > + @retval EFI_ABORTED Invalid CRL data. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsSetCertRevocationList ( > > + IN VOID *Data, > > + IN UINTN DataSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Gets the protocol version used by the specified TLS > connection. > > + > > + This function returns the protocol version used by > the specified > > + TLS connection. > > + > > + If Tls is NULL, then ASSERT(). > > + > > + @param[in] Tls Pointer to the TLS object. > > + > > + @return The protocol version of the specified TLS > connection. > > + > > +**/ > > +UINT16 > > +EFIAPI > > +TlsGetVersion ( > > + IN VOID *Tls > > + ) > > +{ > > + ASSERT(FALSE); > > + return 0; > > +} > > + > > +/** > > + Gets the connection end of the specified TLS > connection. > > + > > + This function returns the connection end (as client > or as server) > > + used by the specified TLS connection. > > + > > + If Tls is NULL, then ASSERT(). > > + > > + @param[in] Tls Pointer to the TLS object. > > + > > + @return The connection end used by the specified > TLS connection. > > + > > +**/ > > +UINT8 > > +EFIAPI > > +TlsGetConnectionEnd ( > > + IN VOID *Tls > > + ) > > +{ > > + ASSERT(FALSE); > > + return 0; > > +} > > + > > +/** > > + Gets the cipher suite used by the specified TLS > connection. > > + > > + This function returns current cipher suite used by > the specified > > + TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in,out] CipherId The cipher suite used > by the TLS object. > > + > > + @retval EFI_SUCCESS The cipher suite was > returned successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED Unsupported cipher > suite. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetCurrentCipher ( > > + IN VOID *Tls, > > + IN OUT UINT16 *CipherId > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Gets the compression methods used by the specified > TLS connection. > > + > > + This function returns current integrated > compression methods used > > + by the specified TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in,out] CompressionId The current > compression method used by > > + the TLS object. > > + > > + @retval EFI_SUCCESS The compression > method was returned > > successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_ABORTED Invalid Compression > method. > > + @retval EFI_UNSUPPORTED This function is not > supported. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetCurrentCompressionId ( > > + IN VOID *Tls, > > + IN OUT UINT8 *CompressionId > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Gets the verification mode currently set in the TLS > connection. > > + > > + This function returns the peer verification mode > currently set in > > + the specified TLS connection. > > + > > + If Tls is NULL, then ASSERT(). > > + > > + @param[in] Tls Pointer to the TLS object. > > + > > + @return The verification mode set in the specified > TLS connection. > > + > > +**/ > > +UINT32 > > +EFIAPI > > +TlsGetVerify ( > > + IN VOID *Tls > > + ) > > +{ > > + ASSERT(FALSE); > > + return 0; > > +} > > + > > +/** > > + Gets the session ID used by the specified TLS > connection. > > + > > + This function returns the TLS/SSL session ID > currently used by the > > + specified TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in,out] SessionId Buffer to contain > the returned session ID. > > + @param[in,out] SessionIdLen The length of > Session ID in bytes. > > + > > + @retval EFI_SUCCESS The Session ID was > returned successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED Invalid TLS/SSL > session. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetSessionId ( > > + IN VOID *Tls, > > + IN OUT UINT8 *SessionId, > > + IN OUT UINT16 *SessionIdLen > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Gets the client random data used in the specified > TLS connection. > > + > > + This function returns the TLS/SSL client random > data currently used > > + in the specified TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in,out] ClientRandom Buffer to contain > the returned client > > + random data (32 > bytes). > > + > > +**/ > > +VOID > > +EFIAPI > > +TlsGetClientRandom ( > > + IN VOID *Tls, > > + IN OUT UINT8 *ClientRandom > > + ) > > +{ > > + ASSERT(FALSE); > > +} > > + > > +/** > > + Gets the server random data used in the specified > TLS connection. > > + > > + This function returns the TLS/SSL server random > data currently used > > + in the specified TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in,out] ServerRandom Buffer to contain > the returned server > > + random data (32 > bytes). > > + > > +**/ > > +VOID > > +EFIAPI > > +TlsGetServerRandom ( > > + IN VOID *Tls, > > + IN OUT UINT8 *ServerRandom > > + ) > > +{ > > + ASSERT(FALSE); > > +} > > + > > +/** > > + Gets the master key data used in the specified TLS > connection. > > + > > + This function returns the TLS/SSL master key > material currently > > + used in the specified TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in,out] KeyMaterial Buffer to contain > the returned key material. > > + > > + @retval EFI_SUCCESS Key material was > returned successfully. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_UNSUPPORTED Invalid TLS/SSL > session. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetKeyMaterial ( > > + IN VOID *Tls, > > + IN OUT UINT8 *KeyMaterial > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Gets the CA Certificate from the cert store. > > + > > + This function returns the CA certificate for the > chosen TLS > > + connection. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[out] Data Pointer to the data > buffer to receive the CA > > + certificate data sent > to the client. > > + @param[in,out] DataSize The size of data buffer > in bytes. > > + > > + @retval EFI_SUCCESS The operation > succeeded. > > + @retval EFI_UNSUPPORTED This function is > not supported. > > + @retval EFI_BUFFER_TOO_SMALL The Data is too > small to hold the data. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetCaCertificate ( > > + IN VOID *Tls, > > + OUT VOID *Data, > > + IN OUT UINTN *DataSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Gets the local public Certificate set in the > specified TLS object. > > + > > + This function returns the local public certificate > which was > > + currently set in the specified TLS object. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[out] Data Pointer to the data > buffer to receive the local > > + public certificate. > > + @param[in,out] DataSize The size of data buffer > in bytes. > > + > > + @retval EFI_SUCCESS The operation > succeeded. > > + @retval EFI_INVALID_PARAMETER The parameter is > invalid. > > + @retval EFI_NOT_FOUND The certificate is > not found. > > + @retval EFI_BUFFER_TOO_SMALL The Data is too > small to hold the data. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetHostPublicCert ( > > + IN VOID *Tls, > > + OUT VOID *Data, > > + IN OUT UINTN *DataSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Gets the local private key set in the specified TLS > object. > > + > > + This function returns the local private key data > which was > > + currently set in the specified TLS object. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[out] Data Pointer to the data > buffer to receive the local > > + private key data. > > + @param[in,out] DataSize The size of data buffer > in bytes. > > + > > + @retval EFI_SUCCESS The operation > succeeded. > > + @retval EFI_UNSUPPORTED This function is > not supported. > > + @retval EFI_BUFFER_TOO_SMALL The Data is too > small to hold the data. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetHostPrivateKey ( > > + IN VOID *Tls, > > + OUT VOID *Data, > > + IN OUT UINTN *DataSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Gets the CA-supplied certificate revocation list > data set in the > > +specified > > + TLS object. > > + > > + This function returns the CA-supplied certificate > revocation list > > + data which was currently set in the specified TLS > object. > > + > > + @param[out] Data Pointer to the data > buffer to receive the CRL data. > > + @param[in,out] DataSize The size of data buffer > in bytes. > > + > > + @retval EFI_SUCCESS The operation > succeeded. > > + @retval EFI_UNSUPPORTED This function is > not supported. > > + @retval EFI_BUFFER_TOO_SMALL The Data is too > small to hold the data. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsGetCertRevocationList ( > > + OUT VOID *Data, > > + IN OUT UINTN *DataSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > diff --git > a/CryptoPkg/Library/TlsLibNull/TlsInitNull.c > > b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c > > new file mode 100644 > > index 0000000000..3e44117b82 > > --- /dev/null > > +++ b/CryptoPkg/Library/TlsLibNull/TlsInitNull.c > > @@ -0,0 +1,111 @@ > > +/** @file > > + SSL/TLS Initialization Null Library Wrapper > Implementation. > > + > > +Copyright (c) 2016 - 2017, Intel Corporation. All > rights > > +reserved.
> > +(C) Copyright 2016 Hewlett Packard Enterprise > Development LP
> > +SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include "InternalTlsLib.h" > > + > > +/** > > + Initializes the library. > > + > > + This function registers ciphers and digests used > directly and > > + indirectly by SSL/TLS, and initializes the readable > error messages. > > + This function must be called before any other > action takes places. > > + > > + @retval TRUE The library has been initialized. > > + @retval FALSE Failed to initialize the library. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +TlsInitialize ( > > + VOID > > + ) > > +{ > > + ASSERT(FALSE); > > + return FALSE; > > +} > > + > > +/** > > + Free an allocated SSL_CTX object. > > + > > + @param[in] TlsCtx Pointer to the SSL_CTX object > to be released. > > + > > +**/ > > +VOID > > +EFIAPI > > +TlsCtxFree ( > > + IN VOID *TlsCtx > > + ) > > +{ > > + ASSERT(FALSE); > > + return; > > +} > > + > > +/** > > + Creates a new SSL_CTX object as framework to > establish TLS/SSL > > +enabled > > + connections. > > + > > + @param[in] MajorVer Major Version of TLS/SSL > Protocol. > > + @param[in] MinorVer Minor Version of TLS/SSL > Protocol. > > + > > + @return Pointer to an allocated SSL_CTX object. > > + If the creation failed, TlsCtxNew() > returns NULL. > > + > > +**/ > > +VOID * > > +EFIAPI > > +TlsCtxNew ( > > + IN UINT8 MajorVer, > > + IN UINT8 MinorVer > > + ) > > +{ > > + ASSERT(FALSE); > > + return NULL; > > +} > > + > > +/** > > + Free an allocated TLS object. > > + > > + This function removes the TLS object pointed to by > Tls and frees up > > + the allocated memory. If Tls is NULL, nothing is > done. > > + > > + @param[in] Tls Pointer to the TLS object to be > freed. > > + > > +**/ > > +VOID > > +EFIAPI > > +TlsFree ( > > + IN VOID *Tls > > + ) > > +{ > > + ASSERT(FALSE); > > +} > > + > > +/** > > + Create a new TLS object for a connection. > > + > > + This function creates a new TLS object for a > connection. The new > > + object inherits the setting of the underlying > context TlsCtx: > > + connection method, options, verification setting. > > + > > + @param[in] TlsCtx Pointer to the SSL_CTX > object. > > + > > + @return Pointer to an allocated SSL object. > > + If the creation failed, TlsNew() returns > NULL. > > + > > +**/ > > +VOID * > > +EFIAPI > > +TlsNew ( > > + IN VOID *TlsCtx > > + ) > > +{ > > + ASSERT(FALSE); > > + return NULL; > > +} > > + > > diff --git > a/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > > b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > > new file mode 100644 > > index 0000000000..33f0e7493f > > --- /dev/null > > +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.inf > > @@ -0,0 +1,38 @@ > > +## @file > > +# SSL/TLS Wrapper Null Library Instance. > > +# > > +# Copyright (c) 2016 - 2018, Intel Corporation. All > rights > > +reserved.
# (C) Copyright 2016 Hewlett Packard > Enterprise > > +Development LP
# SPDX-License-Identifier: BSD-2- > Clause-Patent # > > +## > > + > > +[Defines] > > + INF_VERSION =3D 0x00010005 > > + BASE_NAME =3D TlsLibNull > > + MODULE_UNI_FILE =3D TlsLibNull.uni > > + FILE_GUID =3D 705a5b3b-cfa5- > 42ea-87f0-f2b8d44ec521 > > + MODULE_TYPE =3D BASE > > + VERSION_STRING =3D 1.0 > > + LIBRARY_CLASS =3D TlsLib > > + > > +# > > +# The following information is for reference only and > not required by > > +the build > > tools. > > +# > > +# VALID_ARCHITECTURES =3D IA32 X64 ARM > AARCH64 > > +# > > + > > +[Sources] > > + InternalTlsLib.h > > + TlsInitNull.c > > + TlsConfigNull.c > > + TlsProcessNull.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + CryptoPkg/CryptoPkg.dec > > + > > +[LibraryClasses] > > + BaseCryptLib > > + DebugLib > > + BaseLib > > diff --git > a/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni > > b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni > > new file mode 100644 > > index 0000000000..869f3fcf78 > > --- /dev/null > > +++ b/CryptoPkg/Library/TlsLibNull/TlsLibNull.uni > > @@ -0,0 +1,13 @@ > > +// /** @file > > +// SSL/TLS Wrapper Null Library Instance. > > +// > > +// Copyright (c) 2016, Intel Corporation. All rights > reserved.
// > > +// SPDX-License-Identifier: BSD-2-Clause-Patent // // > **/ > > + > > + > > +#string STR_MODULE_ABSTRACT #language en- > US "SSL/TLS Wrapper > > Null Library Instance" > > + > > +#string STR_MODULE_DESCRIPTION #language en- > US "This module > > provides SSL/TLS Wrapper Null Library Instance." > > diff --git > a/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c > > b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c > > new file mode 100644 > > index 0000000000..2949d4c885 > > --- /dev/null > > +++ b/CryptoPkg/Library/TlsLibNull/TlsProcessNull.c > > @@ -0,0 +1,247 @@ > > +/** @file > > + SSL/TLS Process Null Library Wrapper > Implementation. > > + The process includes the TLS handshake and packet > I/O. > > + > > +Copyright (c) 2016 - 2017, Intel Corporation. All > rights > > +reserved.
> > +(C) Copyright 2016 Hewlett Packard Enterprise > Development LP
> > +SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include "InternalTlsLib.h" > > + > > +/** > > + Checks if the TLS handshake was done. > > + > > + This function will check if the specified TLS > handshake was done. > > + > > + @param[in] Tls Pointer to the TLS object for > handshake state checking. > > + > > + @retval TRUE The TLS handshake was done. > > + @retval FALSE The TLS handshake was not done. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +TlsInHandshake ( > > + IN VOID *Tls > > + ) > > +{ > > + ASSERT(FALSE); > > + return FALSE; > > +} > > + > > +/** > > + Perform a TLS/SSL handshake. > > + > > + This function will perform a TLS/SSL handshake. > > + > > + @param[in] Tls Pointer to the TLS > object for handshake operation. > > + @param[in] BufferIn Pointer to the most > recently received TLS > > Handshake packet. > > + @param[in] BufferInSize Packet size in > bytes for the most recently > > received TLS > > + Handshake packet. > > + @param[out] BufferOut Pointer to the > buffer to hold the built packet. > > + @param[in, out] BufferOutSize Pointer to the > buffer size in > > + bytes. On input, it > > is > > + the buffer size > provided by the caller. On output, it > > + is the buffer size > in fact needed to contain the > > + packet. > > + > > + @retval EFI_SUCCESS The required TLS > packet is built successfully. > > + @retval EFI_INVALID_PARAMETER One or more of the > following conditions > > is TRUE: > > + Tls is NULL. > > + BufferIn is NULL > but BufferInSize is NOT 0. > > + BufferInSize is 0 > but BufferIn is NOT NULL. > > + BufferOutSize is > NULL. > > + BufferOut is NULL > if *BufferOutSize is not zero. > > + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is > too small to hold the > > response packet. > > + @retval EFI_ABORTED Something wrong > during handshake. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsDoHandshake ( > > + IN VOID *Tls, > > + IN UINT8 *BufferIn, OPTIONAL > > + IN UINTN BufferInSize, > OPTIONAL > > + OUT UINT8 *BufferOut, > OPTIONAL > > + IN OUT UINTN *BufferOutSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Handle Alert message recorded in BufferIn. If > BufferIn is NULL and > > BufferInSize is zero, > > + TLS session has errors and the response packet > needs to be Alert > > + message > > based on error type. > > + > > + @param[in] Tls Pointer to the TLS > object for state checking. > > + @param[in] BufferIn Pointer to the most > recently received TLS Alert > > packet. > > + @param[in] BufferInSize Packet size in > bytes for the most recently > > received TLS > > + Alert packet. > > + @param[out] BufferOut Pointer to the > buffer to hold the built packet. > > + @param[in, out] BufferOutSize Pointer to the > buffer size in > > + bytes. On input, it > > is > > + the buffer size > provided by the caller. On output, it > > + is the buffer size > in fact needed to contain the > > + packet. > > + > > + @retval EFI_SUCCESS The required TLS > packet is built successfully. > > + @retval EFI_INVALID_PARAMETER One or more of the > following conditions > > is TRUE: > > + Tls is NULL. > > + BufferIn is NULL > but BufferInSize is NOT 0. > > + BufferInSize is 0 > but BufferIn is NOT NULL. > > + BufferOutSize is > NULL. > > + BufferOut is NULL > if *BufferOutSize is not zero. > > + @retval EFI_ABORTED An error occurred. > > + @retval EFI_BUFFER_TOO_SMALL BufferOutSize is > too small to hold the > > response packet. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsHandleAlert ( > > + IN VOID *Tls, > > + IN UINT8 *BufferIn, OPTIONAL > > + IN UINTN BufferInSize, > OPTIONAL > > + OUT UINT8 *BufferOut, > OPTIONAL > > + IN OUT UINTN *BufferOutSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Build the CloseNotify packet. > > + > > + @param[in] Tls Pointer to the TLS > object for state checking. > > + @param[in, out] Buffer Pointer to the > buffer to hold the built packet. > > + @param[in, out] BufferSize Pointer to the > buffer size in bytes. On input, it is > > + the buffer size > provided by the caller. On output, it > > + is the buffer size > in fact needed to contain the > > + packet. > > + > > + @retval EFI_SUCCESS The required TLS > packet is built successfully. > > + @retval EFI_INVALID_PARAMETER One or more of the > following conditions > > is TRUE: > > + Tls is NULL. > > + BufferSize is NULL. > > + Buffer is NULL if > *BufferSize is not zero. > > + @retval EFI_BUFFER_TOO_SMALL BufferSize is too > small to hold the > > response packet. > > + > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TlsCloseNotify ( > > + IN VOID *Tls, > > + IN OUT UINT8 *Buffer, > > + IN OUT UINTN *BufferSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return EFI_UNSUPPORTED; > > +} > > + > > +/** > > + Attempts to read bytes from one TLS object and > places the data in Buffer. > > + > > + This function will attempt to read BufferSize bytes > from the TLS > > + object and places the data in Buffer. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in,out] Buffer Pointer to the buffer > to store the data. > > + @param[in] BufferSize The size of Buffer in > bytes. > > + > > + @retval >0 The amount of data successfully read > from the TLS object. > > + @retval <=3D0 No data was successfully read. > > + > > +**/ > > +INTN > > +EFIAPI > > +TlsCtrlTrafficOut ( > > + IN VOID *Tls, > > + IN OUT VOID *Buffer, > > + IN UINTN BufferSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return 0; > > +} > > + > > +/** > > + Attempts to write data from the buffer to TLS > object. > > + > > + This function will attempt to write BufferSize > bytes data from the > > + Buffer to the TLS object. > > + > > + @param[in] Tls Pointer to the TLS > object. > > + @param[in] Buffer Pointer to the data > buffer. > > + @param[in] BufferSize The size of Buffer in > bytes. > > + > > + @retval >0 The amount of data successfully > written to the TLS object. > > + @retval <=3D0 No data was successfully written. > > + > > +**/ > > +INTN > > +EFIAPI > > +TlsCtrlTrafficIn ( > > + IN VOID *Tls, > > + IN VOID *Buffer, > > + IN UINTN BufferSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return 0; > > +} > > +/** > > + Attempts to read bytes from the specified TLS > connection into the buffer. > > + > > + This function tries to read BufferSize bytes data > from the > > + specified TLS connection into the Buffer. > > + > > + @param[in] Tls Pointer to the TLS > connection for data reading. > > + @param[in,out] Buffer Pointer to the data > buffer. > > + @param[in] BufferSize The size of Buffer in > bytes. > > + > > + @retval >0 The read operation was successful, > and return value is the > > + number of bytes actually read from > the TLS connection. > > + @retval <=3D0 The read operation was not > successful. > > + > > +**/ > > +INTN > > +EFIAPI > > +TlsRead ( > > + IN VOID *Tls, > > + IN OUT VOID *Buffer, > > + IN UINTN BufferSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return 0; > > +} > > + > > +/** > > + Attempts to write data to a TLS connection. > > + > > + This function tries to write BufferSize bytes data > from the Buffer > > + into the specified TLS connection. > > + > > + @param[in] Tls Pointer to the TLS > connection for data writing. > > + @param[in] Buffer Pointer to the data > buffer. > > + @param[in] BufferSize The size of Buffer in > bytes. > > + > > + @retval >0 The write operation was successful, > and return value is the > > + number of bytes actually written to > the TLS connection. > > + @retval <=3D0 The write operation was not > successful. > > + > > +**/ > > +INTN > > +EFIAPI > > +TlsWrite ( > > + IN VOID *Tls, > > + IN VOID *Buffer, > > + IN UINTN BufferSize > > + ) > > +{ > > + ASSERT(FALSE); > > + return 0; > > +} > > + > > -- > > 2.21.0.windows.1