tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-23 21:54:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

CryptoPkg: Convert files to CRLF line ending

Browse Source 
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
This commit is contained in:
Hao Wu 2017-04-06 09:53:07 +08:00
parent 6035094da8
commit 264702a04b
8 changed files with 2923 additions and 2916 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1575
CryptoPkg/Include/Library/TlsLib.h
View File

File diff suppressed because it is too large Load Diff

447
CryptoPkg/Library/OpensslLib/process_files.pl
View File

@ -1,223 +1,224 @@
#!/usr/bin/perl -w #!/usr/bin/perl -w
# #
# This script runs the OpenSSL Configure script, then processes the # This script runs the OpenSSL Configure script, then processes the
# resulting file list into our local OpensslLib[Crypto].inf and also # resulting file list into our local OpensslLib[Crypto].inf and also
# takes a copy of opensslconf.h. # takes a copy of opensslconf.h.
# #
# This only needs to be done once by a developer when updating to a # This only needs to be done once by a developer when updating to a
# new version of OpenSSL (or changing options, etc.). Normal users # new version of OpenSSL (or changing options, etc.). Normal users
# do not need to do this, since the results are stored in the EDK2 # do not need to do this, since the results are stored in the EDK2
# git repository for them. # git repository for them.
# #
use strict; use strict;
use Cwd; use Cwd;
use File::Copy; use File::Copy;
# #
# Find the openssl directory name for use lib. We have to do this # Find the openssl directory name for use lib. We have to do this
# inside of BEGIN. The variables we create here, however, don't seem # inside of BEGIN. The variables we create here, however, don't seem
# to be available to the main script, so we have to repeat the # to be available to the main script, so we have to repeat the
# exercise. # exercise.
# #
my $inf_file; my $inf_file;
my $OPENSSL_PATH; my $OPENSSL_PATH;
my @inf; my @inf;
BEGIN { BEGIN {
$inf_file = "OpensslLib.inf"; $inf_file = "OpensslLib.inf";
# Read the contents of the inf file # Read the contents of the inf file
open( FD, "<" . $inf_file ) || open( FD, "<" . $inf_file ) ||
die "Cannot open \"" . $inf_file . "\"!"; die "Cannot open \"" . $inf_file . "\"!";
@inf = (<FD>); @inf = (<FD>);
close(FD) || close(FD) ||
die "Cannot close \"" . $inf_file . "\"!"; die "Cannot close \"" . $inf_file . "\"!";
foreach (@inf) { foreach (@inf) {
if (/DEFINE\s+OPENSSL_PATH\s*=\s*([a-z]+)/) { if (/DEFINE\s+OPENSSL_PATH\s*=\s*([a-z]+)/) {
# We need to run Configure before we can include its result... # We need to run Configure before we can include its result...
$OPENSSL_PATH = $1; $OPENSSL_PATH = $1;
my $basedir = getcwd(); my $basedir = getcwd();
chdir($OPENSSL_PATH) || chdir($OPENSSL_PATH) ||
die "Cannot change to OpenSSL directory \"" . $OPENSSL_PATH . "\""; die "Cannot change to OpenSSL directory \"" . $OPENSSL_PATH . "\"";
# Configure UEFI # Configure UEFI
system( system(
"./Configure", "./Configure",
"UEFI", "UEFI",
"no-afalgeng", "no-afalgeng",
"no-asm", "no-asm",
"no-async", "no-async",
"no-autoalginit", "no-autoalginit",
"no-autoerrinit", "no-autoerrinit",
"no-bf", "no-bf",
"no-blake2", "no-blake2",
"no-camellia", "no-camellia",
"no-capieng", "no-capieng",
"no-cast", "no-cast",
"no-chacha", "no-chacha",
"no-cms", "no-cms",
"no-ct", "no-ct",
"no-deprecated", "no-deprecated",
"no-dgram", "no-dgram",
"no-dsa", "no-dsa",
"no-dynamic-engine", "no-dynamic-engine",
"no-ec", "no-ec",
"no-ec2m", "no-ec2m",
"no-engine", "no-engine",
"no-err", "no-err",
"no-filenames", "no-filenames",
"no-gost", "no-gost",
"no-hw", "no-hw",
"no-idea", "no-idea",
"no-mdc2", "no-mdc2",
"no-pic", "no-pic",
"no-ocb", "no-ocb",
"no-poly1305", "no-poly1305",
"no-posix-io", "no-posix-io",
"no-rc2", "no-rc2",
"no-rfc3779", "no-rfc3779",
"no-rmd160", "no-rmd160",
"no-scrypt", "no-scrypt",
"no-seed", "no-seed",
"no-sock", "no-sock",
"no-srp", "no-srp",
"no-ssl", "no-ssl",
"no-stdio", "no-stdio",
"no-threads", "no-threads",
"no-ts", "no-ts",
"no-ui", "no-ui",
"no-whirlpool" "no-whirlpool"
) == 0 || ) == 0 ||
die "OpenSSL Configure failed!\n"; die "OpenSSL Configure failed!\n";
# Generate opensslconf.h per config data # Generate opensslconf.h per config data
system( system(
"perl -I. -Mconfigdata util/dofile.pl " . "perl -I. -Mconfigdata util/dofile.pl " .
"include/openssl/opensslconf.h.in " . "include/openssl/opensslconf.h.in " .
"> include/openssl/opensslconf.h" "> include/openssl/opensslconf.h"
) == 0 || ) == 0 ||
die "Failed to generate opensslconf.h!\n"; die "Failed to generate opensslconf.h!\n";
chdir($basedir) || chdir($basedir) ||
die "Cannot change to base directory \"" . $basedir . "\""; die "Cannot change to base directory \"" . $basedir . "\"";
push @INC, $1; push @INC, $1;
last; last;
} }
} }
} }
# #
# Retrieve file lists from OpenSSL configdata # Retrieve file lists from OpenSSL configdata
# #
use configdata qw/%unified_info/; use configdata qw/%unified_info/;
my @cryptofilelist = (); my @cryptofilelist = ();
my @sslfilelist = (); my @sslfilelist = ();
foreach my $product ((@{$unified_info{libraries}}, foreach my $product ((@{$unified_info{libraries}},
@{$unified_info{engines}})) { @{$unified_info{engines}})) {
foreach my $o (@{$unified_info{sources}->{$product}}) { foreach my $o (@{$unified_info{sources}->{$product}}) {
foreach my $s (@{$unified_info{sources}->{$o}}) { foreach my $s (@{$unified_info{sources}->{$o}}) {
next if ($unified_info{generate}->{$s}); next if ($unified_info{generate}->{$s});
next if $s =~ "crypto/bio/b_print.c"; next if $s =~ "crypto/bio/b_print.c";
if ($product =~ "libssl") { if ($product =~ "libssl") {
push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n"; push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
next; next;
} }
push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n"; push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
} }
} }
} }
# #
# Update OpensslLib.inf with autogenerated file list # Update OpensslLib.inf with autogenerated file list
# #
my @new_inf = (); my @new_inf = ();
my $subbing = 0; my $subbing = 0;
print "\n--> Updating OpensslLib.inf ... "; print "\n--> Updating OpensslLib.inf ... ";
foreach (@inf) { foreach (@inf) {
if ( $_ =~ "# Autogenerated files list starts here" ) { if ( $_ =~ "# Autogenerated files list starts here" ) {
push @new_inf, $_, @cryptofilelist, @sslfilelist; push @new_inf, $_, @cryptofilelist, @sslfilelist;
$subbing = 1; $subbing = 1;
next; next;
} }
if ( $_ =~ "# Autogenerated files list ends here" ) { if ( $_ =~ "# Autogenerated files list ends here" ) {
push @new_inf, $_; push @new_inf, $_;
$subbing = 0; $subbing = 0;
next; next;
} }
push @new_inf, $_ push @new_inf, $_
unless ($subbing); unless ($subbing);
} }
my $new_inf_file = $inf_file . ".new"; my $new_inf_file = $inf_file . ".new";
open( FD, ">" . $new_inf_file ) || open( FD, ">" . $new_inf_file ) ||
die $new_inf_file; die $new_inf_file;
print( FD @new_inf ) || print( FD @new_inf ) ||
die $new_inf_file; die $new_inf_file;
close(FD) || close(FD) ||
die $new_inf_file; die $new_inf_file;
rename( $new_inf_file, $inf_file ) || rename( $new_inf_file, $inf_file ) ||
die "rename $inf_file"; die "rename $inf_file";
print "Done!"; print "Done!";
# #
# Update OpensslLibCrypto.inf with auto-generated file list (no libssl) # Update OpensslLibCrypto.inf with auto-generated file list (no libssl)
# #
$inf_file = "OpensslLibCrypto.inf"; $inf_file = "OpensslLibCrypto.inf";
# Read the contents of the inf file # Read the contents of the inf file
@inf = (); @inf = ();
@new_inf = (); @new_inf = ();
open( FD, "<" . $inf_file ) || open( FD, "<" . $inf_file ) ||
die "Cannot open \"" . $inf_file . "\"!"; die "Cannot open \"" . $inf_file . "\"!";
@inf = (<FD>); @inf = (<FD>);
close(FD) || close(FD) ||
die "Cannot close \"" . $inf_file . "\"!"; die "Cannot close \"" . $inf_file . "\"!";
$subbing = 0; $subbing = 0;
print "\n--> Updating OpensslLibCrypto.inf ... "; print "\n--> Updating OpensslLibCrypto.inf ... ";
foreach (@inf) { foreach (@inf) {
if ( $_ =~ "# Autogenerated files list starts here" ) { if ( $_ =~ "# Autogenerated files list starts here" ) {
push @new_inf, $_, @cryptofilelist; push @new_inf, $_, @cryptofilelist;
$subbing = 1; $subbing = 1;
next; next;
} }
if ( $_ =~ "# Autogenerated files list ends here" ) { if ( $_ =~ "# Autogenerated files list ends here" ) {
push @new_inf, $_; push @new_inf, $_;
$subbing = 0; $subbing = 0;
next; next;
} }
push @new_inf, $_ push @new_inf, $_
unless ($subbing); unless ($subbing);
} }
$new_inf_file = $inf_file . ".new"; $new_inf_file = $inf_file . ".new";
open( FD, ">" . $new_inf_file ) || open( FD, ">" . $new_inf_file ) ||
die $new_inf_file; die $new_inf_file;
print( FD @new_inf ) || print( FD @new_inf ) ||
die $new_inf_file; die $new_inf_file;
close(FD) || close(FD) ||
die $new_inf_file; die $new_inf_file;
rename( $new_inf_file, $inf_file ) || rename( $new_inf_file, $inf_file ) ||
die "rename $inf_file"; die "rename $inf_file";
print "Done!"; print "Done!";
# #
# Copy opensslconf.h generated from OpenSSL Configuration # Copy opensslconf.h generated from OpenSSL Configuration
# #
print "\n--> Duplicating opensslconf.h into Include/openssl ... "; print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
copy($OPENSSL_PATH . "/include/openssl/opensslconf.h", copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
$OPENSSL_PATH . "/../../../Include/openssl/") || $OPENSSL_PATH . "/../../../Include/openssl/") ||
die "Cannot copy opensslconf.h!"; die "Cannot copy opensslconf.h!";
print "Done!\n"; print "Done!\n";
print "\nProcessing Files Done!\n"; print "\nProcessing Files Done!\n";
exit(0); exit(0);

85
CryptoPkg/Library/TlsLib/InternalTlsLib.h
View File

@ -1,42 +1,43 @@
/** @file /** @file
Internal include file for TlsLib. Internal include file for TlsLib.
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/ **/
#ifndef __INTERNAL_TLS_LIB_H__ #ifndef __INTERNAL_TLS_LIB_H__
#define __INTERNAL_TLS_LIB_H__ #define __INTERNAL_TLS_LIB_H__
#undef _WIN32 #undef _WIN32
#undef _WIN64 #undef _WIN64
#include <Library/BaseCryptLib.h> #include <Library/BaseCryptLib.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/err.h> #include <openssl/err.h>
typedef struct { typedef struct {
// //
// Main SSL Connection which is created by a server or a client // Main SSL Connection which is created by a server or a client
// per established connection. // per established connection.
// //
SSL *Ssl; SSL *Ssl;
// //
// Memory BIO for the TLS/SSL Reading operations. // Memory BIO for the TLS/SSL Reading operations.
// //
BIO *InBio; BIO *InBio;
// //
// Memory BIO for the TLS/SSL Writing operations. // Memory BIO for the TLS/SSL Writing operations.
// //
BIO *OutBio; BIO *OutBio;
} TLS_CONNECTION; } TLS_CONNECTION;
#endif #endif

2119
CryptoPkg/Library/TlsLib/TlsConfig.c
View File

File diff suppressed because it is too large Load Diff

537
CryptoPkg/Library/TlsLib/TlsInit.c
View File

@ -1,268 +1,269 @@
/** @file /** @file
SSL/TLS Initialization Library Wrapper Implementation over OpenSSL. SSL/TLS Initialization Library Wrapper Implementation over OpenSSL.
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/ **/
#include "InternalTlsLib.h" #include "InternalTlsLib.h"
/** /**
Initializes the OpenSSL library. Initializes the OpenSSL library.
This function registers ciphers and digests used directly and indirectly This function registers ciphers and digests used directly and indirectly
by SSL/TLS, and initializes the readable error messages. by SSL/TLS, and initializes the readable error messages.
This function must be called before any other action takes places. This function must be called before any other action takes places.
**/ **/
VOID VOID
EFIAPI EFIAPI
TlsInitialize ( TlsInitialize (
VOID VOID
) )
{ {
// //
// Performs initialization of crypto and ssl library, and loads required // Performs initialization of crypto and ssl library, and loads required
// algorithms. // algorithms.
// //
OPENSSL_init_ssl ( OPENSSL_init_ssl (
OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS,
NULL NULL
); );
// //
// Initialize the pseudorandom number generator. // Initialize the pseudorandom number generator.
// //
RandomSeed (NULL, 0); RandomSeed (NULL, 0);
} }
/** /**
Free an allocated SSL_CTX object. Free an allocated SSL_CTX object.
@param[in] TlsCtx Pointer to the SSL_CTX object to be released. @param[in] TlsCtx Pointer to the SSL_CTX object to be released.
**/ **/
VOID VOID
EFIAPI EFIAPI
TlsCtxFree ( TlsCtxFree (
IN VOID *TlsCtx IN VOID *TlsCtx
) )
{ {
if (TlsCtx == NULL) { if (TlsCtx == NULL) {
return; return;
} }
if (TlsCtx != NULL) { if (TlsCtx != NULL) {
SSL_CTX_free ((SSL_CTX *) (TlsCtx)); SSL_CTX_free ((SSL_CTX *) (TlsCtx));
} }
} }
/** /**
Creates a new SSL_CTX object as framework to establish TLS/SSL enabled Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
connections. connections.
@param[in] MajorVer Major Version of TLS/SSL Protocol. @param[in] MajorVer Major Version of TLS/SSL Protocol.
@param[in] MinorVer Minor Version of TLS/SSL Protocol. @param[in] MinorVer Minor Version of TLS/SSL Protocol.
@return Pointer to an allocated SSL_CTX object. @return Pointer to an allocated SSL_CTX object.
If the creation failed, TlsCtxNew() returns NULL. If the creation failed, TlsCtxNew() returns NULL.
**/ **/
VOID * VOID *
EFIAPI EFIAPI
TlsCtxNew ( TlsCtxNew (
IN UINT8 MajorVer, IN UINT8 MajorVer,
IN UINT8 MinorVer IN UINT8 MinorVer
) )
{ {
SSL_CTX *TlsCtx; SSL_CTX *TlsCtx;
UINT16 ProtoVersion; UINT16 ProtoVersion;
ProtoVersion = (MajorVer << 8) | MinorVer; ProtoVersion = (MajorVer << 8) | MinorVer;
TlsCtx = SSL_CTX_new (SSLv23_client_method ()); TlsCtx = SSL_CTX_new (SSLv23_client_method ());
if (TlsCtx == NULL) { if (TlsCtx == NULL) {
return NULL; return NULL;
} }
// //
// Ensure SSLv3 is disabled // Ensure SSLv3 is disabled
// //
SSL_CTX_set_options (TlsCtx, SSL_OP_NO_SSLv3); SSL_CTX_set_options (TlsCtx, SSL_OP_NO_SSLv3);
// //
// Treat as minimum accepted versions by setting the minimal bound. // Treat as minimum accepted versions by setting the minimal bound.
// Client can use higher TLS version if server supports it // Client can use higher TLS version if server supports it
// //
SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion); SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion);
return (VOID *) TlsCtx; return (VOID *) TlsCtx;
} }
/** /**
Free an allocated TLS object. Free an allocated TLS object.
This function removes the TLS object pointed to by Tls and frees up the This function removes the TLS object pointed to by Tls and frees up the
allocated memory. If Tls is NULL, nothing is done. allocated memory. If Tls is NULL, nothing is done.
@param[in] Tls Pointer to the TLS object to be freed. @param[in] Tls Pointer to the TLS object to be freed.
**/ **/
VOID VOID
EFIAPI EFIAPI
TlsFree ( TlsFree (
IN VOID *Tls IN VOID *Tls
) )
{ {
TLS_CONNECTION *TlsConn; TLS_CONNECTION *TlsConn;
TlsConn = (TLS_CONNECTION *) Tls; TlsConn = (TLS_CONNECTION *) Tls;
if (TlsConn == NULL) { if (TlsConn == NULL) {
return; return;
} }
// //
// Free the internal TLS and BIO objects. // Free the internal TLS and BIO objects.
// //
if (TlsConn->Ssl != NULL) { if (TlsConn->Ssl != NULL) {
SSL_free (TlsConn->Ssl); SSL_free (TlsConn->Ssl);
} }
if (TlsConn->InBio != NULL) { if (TlsConn->InBio != NULL) {
BIO_free (TlsConn->InBio); BIO_free (TlsConn->InBio);
} }
if (TlsConn->OutBio != NULL) { if (TlsConn->OutBio != NULL) {
BIO_free (TlsConn->OutBio); BIO_free (TlsConn->OutBio);
} }
OPENSSL_free (Tls); OPENSSL_free (Tls);
} }
/** /**
Create a new TLS object for a connection. Create a new TLS object for a connection.
This function creates a new TLS object for a connection. The new object This function creates a new TLS object for a connection. The new object
inherits the setting of the underlying context TlsCtx: connection method, inherits the setting of the underlying context TlsCtx: connection method,
options, verification setting. options, verification setting.
@param[in] TlsCtx Pointer to the SSL_CTX object. @param[in] TlsCtx Pointer to the SSL_CTX object.
@return Pointer to an allocated SSL object. @return Pointer to an allocated SSL object.
If the creation failed, TlsNew() returns NULL. If the creation failed, TlsNew() returns NULL.
**/ **/
VOID * VOID *
EFIAPI EFIAPI
TlsNew ( TlsNew (
IN VOID *TlsCtx IN VOID *TlsCtx
) )
{ {
TLS_CONNECTION *TlsConn; TLS_CONNECTION *TlsConn;
SSL_CTX *SslCtx; SSL_CTX *SslCtx;
X509_STORE *X509Store; X509_STORE *X509Store;
TlsConn = NULL; TlsConn = NULL;
// //
// Allocate one new TLS_CONNECTION object // Allocate one new TLS_CONNECTION object
// //
TlsConn = (TLS_CONNECTION *) OPENSSL_malloc (sizeof (TLS_CONNECTION)); TlsConn = (TLS_CONNECTION *) OPENSSL_malloc (sizeof (TLS_CONNECTION));
if (TlsConn == NULL) { if (TlsConn == NULL) {
return NULL; return NULL;
} }
TlsConn->Ssl = NULL; TlsConn->Ssl = NULL;
// //
// Create a new SSL Object // Create a new SSL Object
// //
TlsConn->Ssl = SSL_new ((SSL_CTX *) TlsCtx); TlsConn->Ssl = SSL_new ((SSL_CTX *) TlsCtx);
if (TlsConn->Ssl == NULL) { if (TlsConn->Ssl == NULL) {
TlsFree ((VOID *) TlsConn); TlsFree ((VOID *) TlsConn);
return NULL; return NULL;
} }
// //
// This retains compatibility with previous version of OpenSSL. // This retains compatibility with previous version of OpenSSL.
// //
SSL_set_security_level (TlsConn->Ssl, 0); SSL_set_security_level (TlsConn->Ssl, 0);
// //
// Initialize the created SSL Object // Initialize the created SSL Object
// //
SSL_set_info_callback (TlsConn->Ssl, NULL); SSL_set_info_callback (TlsConn->Ssl, NULL);
TlsConn->InBio = NULL; TlsConn->InBio = NULL;
// //
// Set up Reading BIO for TLS connection // Set up Reading BIO for TLS connection
// //
TlsConn->InBio = BIO_new (BIO_s_mem ()); TlsConn->InBio = BIO_new (BIO_s_mem ());
if (TlsConn->InBio == NULL) { if (TlsConn->InBio == NULL) {
TlsFree ((VOID *) TlsConn); TlsFree ((VOID *) TlsConn);
return NULL; return NULL;
} }
// //
// Sets the behaviour of memory BIO when it is empty. It will set the // Sets the behaviour of memory BIO when it is empty. It will set the
// read retry flag. // read retry flag.
// //
BIO_set_mem_eof_return (TlsConn->InBio, -1); BIO_set_mem_eof_return (TlsConn->InBio, -1);
TlsConn->OutBio = NULL; TlsConn->OutBio = NULL;
// //
// Set up Writing BIO for TLS connection // Set up Writing BIO for TLS connection
// //
TlsConn->OutBio = BIO_new (BIO_s_mem ()); TlsConn->OutBio = BIO_new (BIO_s_mem ());
if (TlsConn->OutBio == NULL) { if (TlsConn->OutBio == NULL) {
TlsFree ((VOID *) TlsConn); TlsFree ((VOID *) TlsConn);
return NULL; return NULL;
} }
// //
// Sets the behaviour of memory BIO when it is empty. It will set the // Sets the behaviour of memory BIO when it is empty. It will set the
// write retry flag. // write retry flag.
// //
BIO_set_mem_eof_return (TlsConn->OutBio, -1); BIO_set_mem_eof_return (TlsConn->OutBio, -1);
ASSERT (TlsConn->Ssl != NULL && TlsConn->InBio != NULL && TlsConn->OutBio != NULL); ASSERT (TlsConn->Ssl != NULL && TlsConn->InBio != NULL && TlsConn->OutBio != NULL);
// //
// Connects the InBio and OutBio for the read and write operations. // Connects the InBio and OutBio for the read and write operations.
// //
SSL_set_bio (TlsConn->Ssl, TlsConn->InBio, TlsConn->OutBio); SSL_set_bio (TlsConn->Ssl, TlsConn->InBio, TlsConn->OutBio);
// //
// Create new X509 store if needed // Create new X509 store if needed
// //
SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl); SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);
X509Store = SSL_CTX_get_cert_store (SslCtx); X509Store = SSL_CTX_get_cert_store (SslCtx);
if (X509Store == NULL) { if (X509Store == NULL) {
X509Store = X509_STORE_new (); X509Store = X509_STORE_new ();
if (X509Store == NULL) { if (X509Store == NULL) {
TlsFree ((VOID *) TlsConn); TlsFree ((VOID *) TlsConn);
return NULL; return NULL;
} }
SSL_CTX_set1_verify_cert_store (SslCtx, X509Store); SSL_CTX_set1_verify_cert_store (SslCtx, X509Store);
X509_STORE_free (X509Store); X509_STORE_free (X509Store);
} }
// //
// Set X509_STORE flags used in certificate validation // Set X509_STORE flags used in certificate validation
// //
X509_STORE_set_flags ( X509_STORE_set_flags (
X509Store, X509Store,
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
); );
return (VOID *) TlsConn; return (VOID *) TlsConn;
} }

113
CryptoPkg/Library/TlsLib/TlsLib.inf
View File

@ -1,56 +1,57 @@
## @file ## @file
# SSL/TLS Wrapper Library Instance based on OpenSSL. # SSL/TLS Wrapper Library Instance based on OpenSSL.
# #
# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> # (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
# This program and the accompanying materials # This program and the accompanying materials
# are licensed and made available under the terms and conditions of the BSD License # are licensed and made available under the terms and conditions of the BSD License
# which accompanies this distribution. The full text of the license may be found at # which accompanies this distribution. The full text of the license may be found at
# http://opensource.org/licenses/bsd-license.php # http://opensource.org/licenses/bsd-license.php
# #
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, # THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. # WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
# #
## ##
[Defines] [Defines]
INF_VERSION = 0x00010005 INF_VERSION = 0x00010005
BASE_NAME = TlsLib BASE_NAME = TlsLib
MODULE_UNI_FILE = TlsLib.uni MODULE_UNI_FILE = TlsLib.uni
FILE_GUID = CC729DC5-4E21-0B36-1A00-3A8E1B86A155 FILE_GUID = CC729DC5-4E21-0B36-1A00-3A8E1B86A155
MODULE_TYPE = DXE_DRIVER MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0 VERSION_STRING = 1.0
LIBRARY_CLASS = TlsLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER LIBRARY_CLASS = TlsLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
# #
# The following information is for reference only and not required by the build tools. # The following information is for reference only and not required by the build tools.
# #
# VALID_ARCHITECTURES = IA32 X64 IPF ARM AARCH64 # VALID_ARCHITECTURES = IA32 X64 IPF ARM AARCH64
# #
[Sources] [Sources]
InternalTlsLib.h InternalTlsLib.h
TlsInit.c TlsInit.c
TlsConfig.c TlsConfig.c
TlsProcess.c TlsProcess.c
[Packages] [Packages]
MdePkg/MdePkg.dec MdePkg/MdePkg.dec
CryptoPkg/CryptoPkg.dec CryptoPkg/CryptoPkg.dec
[LibraryClasses] [LibraryClasses]
BaseLib BaseLib
BaseMemoryLib BaseMemoryLib
MemoryAllocationLib MemoryAllocationLib
UefiRuntimeServicesTableLib UefiRuntimeServicesTableLib
DebugLib DebugLib
OpensslLib OpensslLib
IntrinsicLib IntrinsicLib
PrintLib PrintLib
[BuildOptions] [BuildOptions]
# #
# suppress the following warnings so we do not break the build with warnings-as-errors: # suppress the following warnings so we do not break the build with warnings-as-errors:
# C4090: 'function' : different 'const' qualifiers # C4090: 'function' : different 'const' qualifiers
# #
MSFT:*_*_*_CC_FLAGS = /wd4090 MSFT:*_*_*_CC_FLAGS = /wd4090

38
CryptoPkg/Library/TlsLib/TlsLib.uni
View File

@ -1,19 +1,19 @@
// /** @file // /** @file
// SSL/TLS Wrapper Library Instance based on OpenSSL. // SSL/TLS Wrapper Library Instance based on OpenSSL.
// //
// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> // Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
// //
// This program and the accompanying materials // This program and the accompanying materials
// are licensed and made available under the terms and conditions of the BSD License // are licensed and made available under the terms and conditions of the BSD License
// which accompanies this distribution. The full text of the license may be found at // which accompanies this distribution. The full text of the license may be found at
// http://opensource.org/licenses/bsd-license.php // http://opensource.org/licenses/bsd-license.php
// //
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, // THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. // WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
// //
// **/ // **/
#string STR_MODULE_ABSTRACT #language en-US "SSL/TLS Wrapper Library Instance" #string STR_MODULE_ABSTRACT #language en-US "SSL/TLS Wrapper Library Instance"
#string STR_MODULE_DESCRIPTION #language en-US "This module provides SSL/TLS Wrapper Library Instance." #string STR_MODULE_DESCRIPTION #language en-US "This module provides SSL/TLS Wrapper Library Instance."

925
CryptoPkg/Library/TlsLib/TlsProcess.c
View File

@ -1,462 +1,463 @@
/** @file /** @file
SSL/TLS Process Library Wrapper Implementation over OpenSSL. SSL/TLS Process Library Wrapper Implementation over OpenSSL.
The process includes the TLS handshake and packet I/O. The process includes the TLS handshake and packet I/O.
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at which accompanies this distribution. The full text of the license may be found at
http://opensource.org/licenses/bsd-license.php http://opensource.org/licenses/bsd-license.php
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
**/ **/
#include "InternalTlsLib.h" #include "InternalTlsLib.h"
#define MAX_BUFFER_SIZE 32768 #define MAX_BUFFER_SIZE 32768
/** /**
Checks if the TLS handshake was done. Checks if the TLS handshake was done.
This function will check if the specified TLS handshake was done. This function will check if the specified TLS handshake was done.
@param[in] Tls Pointer to the TLS object for handshake state checking. @param[in] Tls Pointer to the TLS object for handshake state checking.
@retval TRUE The TLS handshake was done. @retval TRUE The TLS handshake was done.
@retval FALSE The TLS handshake was not done. @retval FALSE The TLS handshake was not done.
**/ **/
BOOLEAN BOOLEAN
EFIAPI EFIAPI
TlsInHandshake ( TlsInHandshake (
IN VOID *Tls IN VOID *Tls
) )
{ {
TLS_CONNECTION *TlsConn; TLS_CONNECTION *TlsConn;
TlsConn = (TLS_CONNECTION *) Tls; TlsConn = (TLS_CONNECTION *) Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL) { if (TlsConn == NULL || TlsConn->Ssl == NULL) {
return FALSE; return FALSE;
} }
// //
// Return the status which indicates if the TLS handshake was done. // Return the status which indicates if the TLS handshake was done.
// //
return !SSL_is_init_finished (TlsConn->Ssl); return !SSL_is_init_finished (TlsConn->Ssl);
} }
/** /**
Perform a TLS/SSL handshake. Perform a TLS/SSL handshake.
This function will perform a TLS/SSL handshake. This function will perform a TLS/SSL handshake.
@param[in] Tls Pointer to the TLS object for handshake operation. @param[in] Tls Pointer to the TLS object for handshake operation.
@param[in] BufferIn Pointer to the most recently received TLS Handshake packet. @param[in] BufferIn Pointer to the most recently received TLS Handshake packet.
@param[in] BufferInSize Packet size in bytes for the most recently received TLS @param[in] BufferInSize Packet size in bytes for the most recently received TLS
Handshake packet. Handshake packet.
@param[out] BufferOut Pointer to the buffer to hold the built packet. @param[out] BufferOut Pointer to the buffer to hold the built packet.
@param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
the buffer size provided by the caller. On output, it the buffer size provided by the caller. On output, it
is the buffer size in fact needed to contain the is the buffer size in fact needed to contain the
packet. packet.
@retval EFI_SUCCESS The required TLS packet is built successfully. @retval EFI_SUCCESS The required TLS packet is built successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
Tls is NULL. Tls is NULL.
BufferIn is NULL but BufferInSize is NOT 0. BufferIn is NULL but BufferInSize is NOT 0.
BufferInSize is 0 but BufferIn is NOT NULL. BufferInSize is 0 but BufferIn is NOT NULL.
BufferOutSize is NULL. BufferOutSize is NULL.
BufferOut is NULL if *BufferOutSize is not zero. BufferOut is NULL if *BufferOutSize is not zero.
@retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet. @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
@retval EFI_ABORTED Something wrong during handshake. @retval EFI_ABORTED Something wrong during handshake.
**/ **/
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
TlsDoHandshake ( TlsDoHandshake (
IN VOID *Tls, IN VOID *Tls,
IN UINT8 *BufferIn, OPTIONAL IN UINT8 *BufferIn, OPTIONAL
IN UINTN BufferInSize, OPTIONAL IN UINTN BufferInSize, OPTIONAL
OUT UINT8 *BufferOut, OPTIONAL OUT UINT8 *BufferOut, OPTIONAL
IN OUT UINTN *BufferOutSize IN OUT UINTN *BufferOutSize
) )
{ {
TLS_CONNECTION *TlsConn; TLS_CONNECTION *TlsConn;
UINTN PendingBufferSize; UINTN PendingBufferSize;
INTN Ret; INTN Ret;
UINTN ErrorCode; UINTN ErrorCode;
TlsConn = (TLS_CONNECTION *) Tls; TlsConn = (TLS_CONNECTION *) Tls;
PendingBufferSize = 0; PendingBufferSize = 0;
Ret = 1; Ret = 1;
if (TlsConn == NULL || \ if (TlsConn == NULL || \
TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \ TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
BufferOutSize == NULL || \ BufferOutSize == NULL || \
(BufferIn == NULL && BufferInSize != 0) || \ (BufferIn == NULL && BufferInSize != 0) || \
(BufferIn != NULL && BufferInSize == 0) || \ (BufferIn != NULL && BufferInSize == 0) || \
(BufferOut == NULL && *BufferOutSize != 0)) { (BufferOut == NULL && *BufferOutSize != 0)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
if(BufferIn == NULL && BufferInSize == 0) { if(BufferIn == NULL && BufferInSize == 0) {
// //
// If RequestBuffer is NULL and RequestSize is 0, and TLS session // If RequestBuffer is NULL and RequestSize is 0, and TLS session
// status is EfiTlsSessionNotStarted, the TLS session will be initiated // status is EfiTlsSessionNotStarted, the TLS session will be initiated
// and the response packet needs to be ClientHello. // and the response packet needs to be ClientHello.
// //
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio); PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
if (PendingBufferSize == 0) { if (PendingBufferSize == 0) {
SSL_set_connect_state (TlsConn->Ssl); SSL_set_connect_state (TlsConn->Ssl);
Ret = SSL_do_handshake (TlsConn->Ssl); Ret = SSL_do_handshake (TlsConn->Ssl);
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio); PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
} }
} else { } else {
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio); PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
if (PendingBufferSize == 0) { if (PendingBufferSize == 0) {
BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize); BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
Ret = SSL_do_handshake (TlsConn->Ssl); Ret = SSL_do_handshake (TlsConn->Ssl);
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio); PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
} }
} }
if (Ret < 1) { if (Ret < 1) {
Ret = SSL_get_error (TlsConn->Ssl, (int) Ret); Ret = SSL_get_error (TlsConn->Ssl, (int) Ret);
if (Ret == SSL_ERROR_SSL || if (Ret == SSL_ERROR_SSL ||
Ret == SSL_ERROR_SYSCALL || Ret == SSL_ERROR_SYSCALL ||
Ret == SSL_ERROR_ZERO_RETURN) { Ret == SSL_ERROR_ZERO_RETURN) {
DEBUG (( DEBUG ((
DEBUG_ERROR, DEBUG_ERROR,
"%a SSL_HANDSHAKE_ERROR State=0x%x SSL_ERROR_%a\n", "%a SSL_HANDSHAKE_ERROR State=0x%x SSL_ERROR_%a\n",
__FUNCTION__, __FUNCTION__,
SSL_get_state (TlsConn->Ssl), SSL_get_state (TlsConn->Ssl),
Ret == SSL_ERROR_SSL ? "SSL" : Ret == SSL_ERROR_SYSCALL ? "SYSCALL" : "ZERO_RETURN" Ret == SSL_ERROR_SSL ? "SSL" : Ret == SSL_ERROR_SYSCALL ? "SYSCALL" : "ZERO_RETURN"
)); ));
DEBUG_CODE_BEGIN (); DEBUG_CODE_BEGIN ();
while (TRUE) { while (TRUE) {
ErrorCode = ERR_get_error (); ErrorCode = ERR_get_error ();
if (ErrorCode == 0) { if (ErrorCode == 0) {
break; break;
} }
DEBUG (( DEBUG ((
DEBUG_ERROR, DEBUG_ERROR,
"%a ERROR 0x%x=L%x:F%x:R%x\n", "%a ERROR 0x%x=L%x:F%x:R%x\n",
__FUNCTION__, __FUNCTION__,
ErrorCode, ErrorCode,
ERR_GET_LIB (ErrorCode), ERR_GET_LIB (ErrorCode),
ERR_GET_FUNC (ErrorCode), ERR_GET_FUNC (ErrorCode),
ERR_GET_REASON (ErrorCode) ERR_GET_REASON (ErrorCode)
)); ));
} }
DEBUG_CODE_END (); DEBUG_CODE_END ();
return EFI_ABORTED; return EFI_ABORTED;
} }
} }
if (PendingBufferSize > *BufferOutSize) { if (PendingBufferSize > *BufferOutSize) {
*BufferOutSize = PendingBufferSize; *BufferOutSize = PendingBufferSize;
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
if (PendingBufferSize > 0) { if (PendingBufferSize > 0) {
*BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize); *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize);
} else { } else {
*BufferOutSize = 0; *BufferOutSize = 0;
} }
return EFI_SUCCESS; return EFI_SUCCESS;
} }
/** /**
Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero, Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,
TLS session has errors and the response packet needs to be Alert message based on error type. TLS session has errors and the response packet needs to be Alert message based on error type.
@param[in] Tls Pointer to the TLS object for state checking. @param[in] Tls Pointer to the TLS object for state checking.
@param[in] BufferIn Pointer to the most recently received TLS Alert packet. @param[in] BufferIn Pointer to the most recently received TLS Alert packet.
@param[in] BufferInSize Packet size in bytes for the most recently received TLS @param[in] BufferInSize Packet size in bytes for the most recently received TLS
Alert packet. Alert packet.
@param[out] BufferOut Pointer to the buffer to hold the built packet. @param[out] BufferOut Pointer to the buffer to hold the built packet.
@param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is @param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
the buffer size provided by the caller. On output, it the buffer size provided by the caller. On output, it
is the buffer size in fact needed to contain the is the buffer size in fact needed to contain the
packet. packet.
@retval EFI_SUCCESS The required TLS packet is built successfully. @retval EFI_SUCCESS The required TLS packet is built successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
Tls is NULL. Tls is NULL.
BufferIn is NULL but BufferInSize is NOT 0. BufferIn is NULL but BufferInSize is NOT 0.
BufferInSize is 0 but BufferIn is NOT NULL. BufferInSize is 0 but BufferIn is NOT NULL.
BufferOutSize is NULL. BufferOutSize is NULL.
BufferOut is NULL if *BufferOutSize is not zero. BufferOut is NULL if *BufferOutSize is not zero.
@retval EFI_ABORTED An error occurred. @retval EFI_ABORTED An error occurred.
@retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet. @retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
**/ **/
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
TlsHandleAlert ( TlsHandleAlert (
IN VOID *Tls, IN VOID *Tls,
IN UINT8 *BufferIn, OPTIONAL IN UINT8 *BufferIn, OPTIONAL
IN UINTN BufferInSize, OPTIONAL IN UINTN BufferInSize, OPTIONAL
OUT UINT8 *BufferOut, OPTIONAL OUT UINT8 *BufferOut, OPTIONAL
IN OUT UINTN *BufferOutSize IN OUT UINTN *BufferOutSize
) )
{ {
TLS_CONNECTION *TlsConn; TLS_CONNECTION *TlsConn;
UINTN PendingBufferSize; UINTN PendingBufferSize;
UINT8 *TempBuffer; UINT8 *TempBuffer;
INTN Ret; INTN Ret;
TlsConn = (TLS_CONNECTION *) Tls; TlsConn = (TLS_CONNECTION *) Tls;
PendingBufferSize = 0; PendingBufferSize = 0;
TempBuffer = NULL; TempBuffer = NULL;
Ret = 0; Ret = 0;
if (TlsConn == NULL || \ if (TlsConn == NULL || \
TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \ TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
BufferOutSize == NULL || \ BufferOutSize == NULL || \
(BufferIn == NULL && BufferInSize != 0) || \ (BufferIn == NULL && BufferInSize != 0) || \
(BufferIn != NULL && BufferInSize == 0) || \ (BufferIn != NULL && BufferInSize == 0) || \
(BufferOut == NULL && *BufferOutSize != 0)) { (BufferOut == NULL && *BufferOutSize != 0)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio); PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
if (PendingBufferSize == 0 && BufferIn != NULL && BufferInSize != 0) { if (PendingBufferSize == 0 && BufferIn != NULL && BufferInSize != 0) {
Ret = BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize); Ret = BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
if (Ret != (INTN) BufferInSize) { if (Ret != (INTN) BufferInSize) {
return EFI_ABORTED; return EFI_ABORTED;
} }
TempBuffer = (UINT8 *) OPENSSL_malloc (MAX_BUFFER_SIZE); TempBuffer = (UINT8 *) OPENSSL_malloc (MAX_BUFFER_SIZE);
// //
// ssl3_send_alert() will be called in ssl3_read_bytes() function. // ssl3_send_alert() will be called in ssl3_read_bytes() function.
// TempBuffer is invalid since it's a Alert message, so just ignore it. // TempBuffer is invalid since it's a Alert message, so just ignore it.
// //
SSL_read (TlsConn->Ssl, TempBuffer, MAX_BUFFER_SIZE); SSL_read (TlsConn->Ssl, TempBuffer, MAX_BUFFER_SIZE);
OPENSSL_free (TempBuffer); OPENSSL_free (TempBuffer);
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio); PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
} }
if (PendingBufferSize > *BufferOutSize) { if (PendingBufferSize > *BufferOutSize) {
*BufferOutSize = PendingBufferSize; *BufferOutSize = PendingBufferSize;
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
if (PendingBufferSize > 0) { if (PendingBufferSize > 0) {
*BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize); *BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize);
} else { } else {
*BufferOutSize = 0; *BufferOutSize = 0;
} }
return EFI_SUCCESS; return EFI_SUCCESS;
} }
/** /**
Build the CloseNotify packet. Build the CloseNotify packet.
@param[in] Tls Pointer to the TLS object for state checking. @param[in] Tls Pointer to the TLS object for state checking.
@param[in, out] Buffer Pointer to the buffer to hold the built packet. @param[in, out] Buffer Pointer to the buffer to hold the built packet.
@param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is @param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
the buffer size provided by the caller. On output, it the buffer size provided by the caller. On output, it
is the buffer size in fact needed to contain the is the buffer size in fact needed to contain the
packet. packet.
@retval EFI_SUCCESS The required TLS packet is built successfully. @retval EFI_SUCCESS The required TLS packet is built successfully.
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE: @retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
Tls is NULL. Tls is NULL.
BufferSize is NULL. BufferSize is NULL.
Buffer is NULL if *BufferSize is not zero. Buffer is NULL if *BufferSize is not zero.
@retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet. @retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
**/ **/
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
TlsCloseNotify ( TlsCloseNotify (
IN VOID *Tls, IN VOID *Tls,
IN OUT UINT8 *Buffer, IN OUT UINT8 *Buffer,
IN OUT UINTN *BufferSize IN OUT UINTN *BufferSize
) )
{ {
TLS_CONNECTION *TlsConn; TLS_CONNECTION *TlsConn;
UINTN PendingBufferSize; UINTN PendingBufferSize;
TlsConn = (TLS_CONNECTION *) Tls; TlsConn = (TLS_CONNECTION *) Tls;
PendingBufferSize = 0; PendingBufferSize = 0;
if (TlsConn == NULL || \ if (TlsConn == NULL || \
TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \ TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
BufferSize == NULL || \ BufferSize == NULL || \
(Buffer == NULL && *BufferSize != 0)) { (Buffer == NULL && *BufferSize != 0)) {
return EFI_INVALID_PARAMETER; return EFI_INVALID_PARAMETER;
} }
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio); PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
if (PendingBufferSize == 0) { if (PendingBufferSize == 0) {
// //
// ssl3_send_alert() and ssl3_dispatch_alert() function will be called. // ssl3_send_alert() and ssl3_dispatch_alert() function will be called.
// //
SSL_shutdown (TlsConn->Ssl); SSL_shutdown (TlsConn->Ssl);
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio); PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
} }
if (PendingBufferSize > *BufferSize) { if (PendingBufferSize > *BufferSize) {
*BufferSize = PendingBufferSize; *BufferSize = PendingBufferSize;
return EFI_BUFFER_TOO_SMALL; return EFI_BUFFER_TOO_SMALL;
} }
if (PendingBufferSize > 0) { if (PendingBufferSize > 0) {
*BufferSize = BIO_read (TlsConn->OutBio, Buffer, (UINT32) PendingBufferSize); *BufferSize = BIO_read (TlsConn->OutBio, Buffer, (UINT32) PendingBufferSize);
} else { } else {
*BufferSize = 0; *BufferSize = 0;
} }
return EFI_SUCCESS; return EFI_SUCCESS;
} }
/** /**
Attempts to read bytes from one TLS object and places the data in Buffer. Attempts to read bytes from one TLS object and places the data in Buffer.
This function will attempt to read BufferSize bytes from the TLS object This function will attempt to read BufferSize bytes from the TLS object
and places the data in Buffer. and places the data in Buffer.
@param[in] Tls Pointer to the TLS object. @param[in] Tls Pointer to the TLS object.
@param[in,out] Buffer Pointer to the buffer to store the data. @param[in,out] Buffer Pointer to the buffer to store the data.
@param[in] BufferSize The size of Buffer in bytes. @param[in] BufferSize The size of Buffer in bytes.
@retval >0 The amount of data successfully read from the TLS object. @retval >0 The amount of data successfully read from the TLS object.
@retval <=0 No data was successfully read. @retval <=0 No data was successfully read.
**/ **/
INTN INTN
EFIAPI EFIAPI
TlsCtrlTrafficOut ( TlsCtrlTrafficOut (
IN VOID *Tls, IN VOID *Tls,
IN OUT VOID *Buffer, IN OUT VOID *Buffer,
IN UINTN BufferSize IN UINTN BufferSize
) )
{ {
TLS_CONNECTION *TlsConn; TLS_CONNECTION *TlsConn;
TlsConn = (TLS_CONNECTION *) Tls; TlsConn = (TLS_CONNECTION *) Tls;
if (TlsConn == NULL || TlsConn->OutBio == 0) { if (TlsConn == NULL || TlsConn->OutBio == 0) {
return -1; return -1;
} }
// //
// Read and return the amount of data from the BIO. // Read and return the amount of data from the BIO.
// //
return BIO_read (TlsConn->OutBio, Buffer, (UINT32) BufferSize); return BIO_read (TlsConn->OutBio, Buffer, (UINT32) BufferSize);
} }
/** /**
Attempts to write data from the buffer to TLS object. Attempts to write data from the buffer to TLS object.
This function will attempt to write BufferSize bytes data from the Buffer This function will attempt to write BufferSize bytes data from the Buffer
to the TLS object. to the TLS object.
@param[in] Tls Pointer to the TLS object. @param[in] Tls Pointer to the TLS object.
@param[in] Buffer Pointer to the data buffer. @param[in] Buffer Pointer to the data buffer.
@param[in] BufferSize The size of Buffer in bytes. @param[in] BufferSize The size of Buffer in bytes.
@retval >0 The amount of data successfully written to the TLS object. @retval >0 The amount of data successfully written to the TLS object.
@retval <=0 No data was successfully written. @retval <=0 No data was successfully written.
**/ **/
INTN INTN
EFIAPI EFIAPI
TlsCtrlTrafficIn ( TlsCtrlTrafficIn (
IN VOID *Tls, IN VOID *Tls,
IN VOID *Buffer, IN VOID *Buffer,
IN UINTN BufferSize IN UINTN BufferSize
) )
{ {
TLS_CONNECTION *TlsConn; TLS_CONNECTION *TlsConn;
TlsConn = (TLS_CONNECTION *) Tls; TlsConn = (TLS_CONNECTION *) Tls;
if (TlsConn == NULL || TlsConn->InBio == 0) { if (TlsConn == NULL || TlsConn->InBio == 0) {
return -1; return -1;
} }
// //
// Write and return the amount of data to the BIO. // Write and return the amount of data to the BIO.
// //
return BIO_write (TlsConn->InBio, Buffer, (UINT32) BufferSize); return BIO_write (TlsConn->InBio, Buffer, (UINT32) BufferSize);
} }
/** /**
Attempts to read bytes from the specified TLS connection into the buffer. Attempts to read bytes from the specified TLS connection into the buffer.
This function tries to read BufferSize bytes data from the specified TLS This function tries to read BufferSize bytes data from the specified TLS
connection into the Buffer. connection into the Buffer.
@param[in] Tls Pointer to the TLS connection for data reading. @param[in] Tls Pointer to the TLS connection for data reading.
@param[in,out] Buffer Pointer to the data buffer. @param[in,out] Buffer Pointer to the data buffer.
@param[in] BufferSize The size of Buffer in bytes. @param[in] BufferSize The size of Buffer in bytes.
@retval >0 The read operation was successful, and return value is the @retval >0 The read operation was successful, and return value is the
number of bytes actually read from the TLS connection. number of bytes actually read from the TLS connection.
@retval <=0 The read operation was not successful. @retval <=0 The read operation was not successful.
**/ **/
INTN INTN
EFIAPI EFIAPI
TlsRead ( TlsRead (
IN VOID *Tls, IN VOID *Tls,
IN OUT VOID *Buffer, IN OUT VOID *Buffer,
IN UINTN BufferSize IN UINTN BufferSize
) )
{ {
TLS_CONNECTION *TlsConn; TLS_CONNECTION *TlsConn;
TlsConn = (TLS_CONNECTION *) Tls; TlsConn = (TLS_CONNECTION *) Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL) { if (TlsConn == NULL || TlsConn->Ssl == NULL) {
return -1; return -1;
} }
// //
// Read bytes from the specified TLS connection. // Read bytes from the specified TLS connection.
// //
return SSL_read (TlsConn->Ssl, Buffer, (UINT32) BufferSize); return SSL_read (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
} }
/** /**
Attempts to write data to a TLS connection. Attempts to write data to a TLS connection.
This function tries to write BufferSize bytes data from the Buffer into the This function tries to write BufferSize bytes data from the Buffer into the
specified TLS connection. specified TLS connection.
@param[in] Tls Pointer to the TLS connection for data writing. @param[in] Tls Pointer to the TLS connection for data writing.
@param[in] Buffer Pointer to the data buffer. @param[in] Buffer Pointer to the data buffer.
@param[in] BufferSize The size of Buffer in bytes. @param[in] BufferSize The size of Buffer in bytes.
@retval >0 The write operation was successful, and return value is the @retval >0 The write operation was successful, and return value is the
number of bytes actually written to the TLS connection. number of bytes actually written to the TLS connection.
@retval <=0 The write operation was not successful. @retval <=0 The write operation was not successful.
**/ **/
INTN INTN
EFIAPI EFIAPI
TlsWrite ( TlsWrite (
IN VOID *Tls, IN VOID *Tls,
IN VOID *Buffer, IN VOID *Buffer,
IN UINTN BufferSize IN UINTN BufferSize
) )
{ {
TLS_CONNECTION *TlsConn; TLS_CONNECTION *TlsConn;
TlsConn = (TLS_CONNECTION *) Tls; TlsConn = (TLS_CONNECTION *) Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL) { if (TlsConn == NULL || TlsConn->Ssl == NULL) {
return -1; return -1;
} }
// //
// Write bytes to the specified TLS connection. // Write bytes to the specified TLS connection.
// //
return SSL_write (TlsConn->Ssl, Buffer, (UINT32) BufferSize); return SSL_write (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
} }