mirror of
https://github.com/acidanthera/audk.git
synced 2025-07-23 21:54:27 +02:00
CryptoPkg: Convert files to CRLF line ending
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Hao Wu <hao.a.wu@intel.com> Reviewed-by: Long Qin <qin.long@intel.com>
This commit is contained in:
parent
6035094da8
commit
264702a04b
File diff suppressed because it is too large
Load Diff
@ -1,223 +1,224 @@
|
|||||||
#!/usr/bin/perl -w
|
#!/usr/bin/perl -w
|
||||||
#
|
#
|
||||||
# This script runs the OpenSSL Configure script, then processes the
|
# This script runs the OpenSSL Configure script, then processes the
|
||||||
# resulting file list into our local OpensslLib[Crypto].inf and also
|
# resulting file list into our local OpensslLib[Crypto].inf and also
|
||||||
# takes a copy of opensslconf.h.
|
# takes a copy of opensslconf.h.
|
||||||
#
|
#
|
||||||
# This only needs to be done once by a developer when updating to a
|
# This only needs to be done once by a developer when updating to a
|
||||||
# new version of OpenSSL (or changing options, etc.). Normal users
|
# new version of OpenSSL (or changing options, etc.). Normal users
|
||||||
# do not need to do this, since the results are stored in the EDK2
|
# do not need to do this, since the results are stored in the EDK2
|
||||||
# git repository for them.
|
# git repository for them.
|
||||||
#
|
#
|
||||||
use strict;
|
use strict;
|
||||||
use Cwd;
|
use Cwd;
|
||||||
use File::Copy;
|
use File::Copy;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Find the openssl directory name for use lib. We have to do this
|
# Find the openssl directory name for use lib. We have to do this
|
||||||
# inside of BEGIN. The variables we create here, however, don't seem
|
# inside of BEGIN. The variables we create here, however, don't seem
|
||||||
# to be available to the main script, so we have to repeat the
|
# to be available to the main script, so we have to repeat the
|
||||||
# exercise.
|
# exercise.
|
||||||
#
|
#
|
||||||
my $inf_file;
|
my $inf_file;
|
||||||
my $OPENSSL_PATH;
|
my $OPENSSL_PATH;
|
||||||
my @inf;
|
my @inf;
|
||||||
|
|
||||||
BEGIN {
|
BEGIN {
|
||||||
$inf_file = "OpensslLib.inf";
|
$inf_file = "OpensslLib.inf";
|
||||||
|
|
||||||
# Read the contents of the inf file
|
# Read the contents of the inf file
|
||||||
open( FD, "<" . $inf_file ) ||
|
open( FD, "<" . $inf_file ) ||
|
||||||
die "Cannot open \"" . $inf_file . "\"!";
|
die "Cannot open \"" . $inf_file . "\"!";
|
||||||
@inf = (<FD>);
|
@inf = (<FD>);
|
||||||
close(FD) ||
|
close(FD) ||
|
||||||
die "Cannot close \"" . $inf_file . "\"!";
|
die "Cannot close \"" . $inf_file . "\"!";
|
||||||
|
|
||||||
foreach (@inf) {
|
foreach (@inf) {
|
||||||
if (/DEFINE\s+OPENSSL_PATH\s*=\s*([a-z]+)/) {
|
if (/DEFINE\s+OPENSSL_PATH\s*=\s*([a-z]+)/) {
|
||||||
|
|
||||||
# We need to run Configure before we can include its result...
|
# We need to run Configure before we can include its result...
|
||||||
$OPENSSL_PATH = $1;
|
$OPENSSL_PATH = $1;
|
||||||
|
|
||||||
my $basedir = getcwd();
|
my $basedir = getcwd();
|
||||||
|
|
||||||
chdir($OPENSSL_PATH) ||
|
chdir($OPENSSL_PATH) ||
|
||||||
die "Cannot change to OpenSSL directory \"" . $OPENSSL_PATH . "\"";
|
die "Cannot change to OpenSSL directory \"" . $OPENSSL_PATH . "\"";
|
||||||
|
|
||||||
# Configure UEFI
|
# Configure UEFI
|
||||||
system(
|
system(
|
||||||
"./Configure",
|
"./Configure",
|
||||||
"UEFI",
|
"UEFI",
|
||||||
"no-afalgeng",
|
"no-afalgeng",
|
||||||
"no-asm",
|
"no-asm",
|
||||||
"no-async",
|
"no-async",
|
||||||
"no-autoalginit",
|
"no-autoalginit",
|
||||||
"no-autoerrinit",
|
"no-autoerrinit",
|
||||||
"no-bf",
|
"no-bf",
|
||||||
"no-blake2",
|
"no-blake2",
|
||||||
"no-camellia",
|
"no-camellia",
|
||||||
"no-capieng",
|
"no-capieng",
|
||||||
"no-cast",
|
"no-cast",
|
||||||
"no-chacha",
|
"no-chacha",
|
||||||
"no-cms",
|
"no-cms",
|
||||||
"no-ct",
|
"no-ct",
|
||||||
"no-deprecated",
|
"no-deprecated",
|
||||||
"no-dgram",
|
"no-dgram",
|
||||||
"no-dsa",
|
"no-dsa",
|
||||||
"no-dynamic-engine",
|
"no-dynamic-engine",
|
||||||
"no-ec",
|
"no-ec",
|
||||||
"no-ec2m",
|
"no-ec2m",
|
||||||
"no-engine",
|
"no-engine",
|
||||||
"no-err",
|
"no-err",
|
||||||
"no-filenames",
|
"no-filenames",
|
||||||
"no-gost",
|
"no-gost",
|
||||||
"no-hw",
|
"no-hw",
|
||||||
"no-idea",
|
"no-idea",
|
||||||
"no-mdc2",
|
"no-mdc2",
|
||||||
"no-pic",
|
"no-pic",
|
||||||
"no-ocb",
|
"no-ocb",
|
||||||
"no-poly1305",
|
"no-poly1305",
|
||||||
"no-posix-io",
|
"no-posix-io",
|
||||||
"no-rc2",
|
"no-rc2",
|
||||||
"no-rfc3779",
|
"no-rfc3779",
|
||||||
"no-rmd160",
|
"no-rmd160",
|
||||||
"no-scrypt",
|
"no-scrypt",
|
||||||
"no-seed",
|
"no-seed",
|
||||||
"no-sock",
|
"no-sock",
|
||||||
"no-srp",
|
"no-srp",
|
||||||
"no-ssl",
|
"no-ssl",
|
||||||
"no-stdio",
|
"no-stdio",
|
||||||
"no-threads",
|
"no-threads",
|
||||||
"no-ts",
|
"no-ts",
|
||||||
"no-ui",
|
"no-ui",
|
||||||
"no-whirlpool"
|
"no-whirlpool"
|
||||||
) == 0 ||
|
) == 0 ||
|
||||||
die "OpenSSL Configure failed!\n";
|
die "OpenSSL Configure failed!\n";
|
||||||
|
|
||||||
# Generate opensslconf.h per config data
|
# Generate opensslconf.h per config data
|
||||||
system(
|
system(
|
||||||
"perl -I. -Mconfigdata util/dofile.pl " .
|
"perl -I. -Mconfigdata util/dofile.pl " .
|
||||||
"include/openssl/opensslconf.h.in " .
|
"include/openssl/opensslconf.h.in " .
|
||||||
"> include/openssl/opensslconf.h"
|
"> include/openssl/opensslconf.h"
|
||||||
) == 0 ||
|
) == 0 ||
|
||||||
die "Failed to generate opensslconf.h!\n";
|
die "Failed to generate opensslconf.h!\n";
|
||||||
|
|
||||||
chdir($basedir) ||
|
chdir($basedir) ||
|
||||||
die "Cannot change to base directory \"" . $basedir . "\"";
|
die "Cannot change to base directory \"" . $basedir . "\"";
|
||||||
|
|
||||||
push @INC, $1;
|
push @INC, $1;
|
||||||
last;
|
last;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Retrieve file lists from OpenSSL configdata
|
# Retrieve file lists from OpenSSL configdata
|
||||||
#
|
#
|
||||||
use configdata qw/%unified_info/;
|
use configdata qw/%unified_info/;
|
||||||
|
|
||||||
my @cryptofilelist = ();
|
my @cryptofilelist = ();
|
||||||
my @sslfilelist = ();
|
my @sslfilelist = ();
|
||||||
foreach my $product ((@{$unified_info{libraries}},
|
foreach my $product ((@{$unified_info{libraries}},
|
||||||
@{$unified_info{engines}})) {
|
@{$unified_info{engines}})) {
|
||||||
foreach my $o (@{$unified_info{sources}->{$product}}) {
|
foreach my $o (@{$unified_info{sources}->{$product}}) {
|
||||||
foreach my $s (@{$unified_info{sources}->{$o}}) {
|
foreach my $s (@{$unified_info{sources}->{$o}}) {
|
||||||
next if ($unified_info{generate}->{$s});
|
next if ($unified_info{generate}->{$s});
|
||||||
next if $s =~ "crypto/bio/b_print.c";
|
next if $s =~ "crypto/bio/b_print.c";
|
||||||
if ($product =~ "libssl") {
|
if ($product =~ "libssl") {
|
||||||
push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
|
push @sslfilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
|
push @cryptofilelist, ' $(OPENSSL_PATH)/' . $s . "\r\n";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Update OpensslLib.inf with autogenerated file list
|
# Update OpensslLib.inf with autogenerated file list
|
||||||
#
|
#
|
||||||
my @new_inf = ();
|
my @new_inf = ();
|
||||||
my $subbing = 0;
|
my $subbing = 0;
|
||||||
print "\n--> Updating OpensslLib.inf ... ";
|
print "\n--> Updating OpensslLib.inf ... ";
|
||||||
foreach (@inf) {
|
foreach (@inf) {
|
||||||
if ( $_ =~ "# Autogenerated files list starts here" ) {
|
if ( $_ =~ "# Autogenerated files list starts here" ) {
|
||||||
push @new_inf, $_, @cryptofilelist, @sslfilelist;
|
push @new_inf, $_, @cryptofilelist, @sslfilelist;
|
||||||
$subbing = 1;
|
$subbing = 1;
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
if ( $_ =~ "# Autogenerated files list ends here" ) {
|
if ( $_ =~ "# Autogenerated files list ends here" ) {
|
||||||
push @new_inf, $_;
|
push @new_inf, $_;
|
||||||
$subbing = 0;
|
$subbing = 0;
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
|
|
||||||
push @new_inf, $_
|
push @new_inf, $_
|
||||||
unless ($subbing);
|
unless ($subbing);
|
||||||
}
|
}
|
||||||
|
|
||||||
my $new_inf_file = $inf_file . ".new";
|
my $new_inf_file = $inf_file . ".new";
|
||||||
open( FD, ">" . $new_inf_file ) ||
|
open( FD, ">" . $new_inf_file ) ||
|
||||||
die $new_inf_file;
|
die $new_inf_file;
|
||||||
print( FD @new_inf ) ||
|
print( FD @new_inf ) ||
|
||||||
die $new_inf_file;
|
die $new_inf_file;
|
||||||
close(FD) ||
|
close(FD) ||
|
||||||
die $new_inf_file;
|
die $new_inf_file;
|
||||||
rename( $new_inf_file, $inf_file ) ||
|
rename( $new_inf_file, $inf_file ) ||
|
||||||
die "rename $inf_file";
|
die "rename $inf_file";
|
||||||
print "Done!";
|
print "Done!";
|
||||||
|
|
||||||
#
|
#
|
||||||
# Update OpensslLibCrypto.inf with auto-generated file list (no libssl)
|
# Update OpensslLibCrypto.inf with auto-generated file list (no libssl)
|
||||||
#
|
#
|
||||||
$inf_file = "OpensslLibCrypto.inf";
|
$inf_file = "OpensslLibCrypto.inf";
|
||||||
|
|
||||||
# Read the contents of the inf file
|
# Read the contents of the inf file
|
||||||
@inf = ();
|
@inf = ();
|
||||||
@new_inf = ();
|
@new_inf = ();
|
||||||
open( FD, "<" . $inf_file ) ||
|
open( FD, "<" . $inf_file ) ||
|
||||||
die "Cannot open \"" . $inf_file . "\"!";
|
die "Cannot open \"" . $inf_file . "\"!";
|
||||||
@inf = (<FD>);
|
@inf = (<FD>);
|
||||||
close(FD) ||
|
close(FD) ||
|
||||||
die "Cannot close \"" . $inf_file . "\"!";
|
die "Cannot close \"" . $inf_file . "\"!";
|
||||||
|
|
||||||
$subbing = 0;
|
$subbing = 0;
|
||||||
print "\n--> Updating OpensslLibCrypto.inf ... ";
|
print "\n--> Updating OpensslLibCrypto.inf ... ";
|
||||||
foreach (@inf) {
|
foreach (@inf) {
|
||||||
if ( $_ =~ "# Autogenerated files list starts here" ) {
|
if ( $_ =~ "# Autogenerated files list starts here" ) {
|
||||||
push @new_inf, $_, @cryptofilelist;
|
push @new_inf, $_, @cryptofilelist;
|
||||||
$subbing = 1;
|
$subbing = 1;
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
if ( $_ =~ "# Autogenerated files list ends here" ) {
|
if ( $_ =~ "# Autogenerated files list ends here" ) {
|
||||||
push @new_inf, $_;
|
push @new_inf, $_;
|
||||||
$subbing = 0;
|
$subbing = 0;
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
|
|
||||||
push @new_inf, $_
|
push @new_inf, $_
|
||||||
unless ($subbing);
|
unless ($subbing);
|
||||||
}
|
}
|
||||||
|
|
||||||
$new_inf_file = $inf_file . ".new";
|
$new_inf_file = $inf_file . ".new";
|
||||||
open( FD, ">" . $new_inf_file ) ||
|
open( FD, ">" . $new_inf_file ) ||
|
||||||
die $new_inf_file;
|
die $new_inf_file;
|
||||||
print( FD @new_inf ) ||
|
print( FD @new_inf ) ||
|
||||||
die $new_inf_file;
|
die $new_inf_file;
|
||||||
close(FD) ||
|
close(FD) ||
|
||||||
die $new_inf_file;
|
die $new_inf_file;
|
||||||
rename( $new_inf_file, $inf_file ) ||
|
rename( $new_inf_file, $inf_file ) ||
|
||||||
die "rename $inf_file";
|
die "rename $inf_file";
|
||||||
print "Done!";
|
print "Done!";
|
||||||
|
|
||||||
#
|
#
|
||||||
# Copy opensslconf.h generated from OpenSSL Configuration
|
# Copy opensslconf.h generated from OpenSSL Configuration
|
||||||
#
|
#
|
||||||
print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
|
print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
|
||||||
copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
|
copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
|
||||||
$OPENSSL_PATH . "/../../../Include/openssl/") ||
|
$OPENSSL_PATH . "/../../../Include/openssl/") ||
|
||||||
die "Cannot copy opensslconf.h!";
|
die "Cannot copy opensslconf.h!";
|
||||||
print "Done!\n";
|
print "Done!\n";
|
||||||
|
|
||||||
print "\nProcessing Files Done!\n";
|
print "\nProcessing Files Done!\n";
|
||||||
|
|
||||||
exit(0);
|
exit(0);
|
||||||
|
|
||||||
|
@ -1,42 +1,43 @@
|
|||||||
/** @file
|
/** @file
|
||||||
Internal include file for TlsLib.
|
Internal include file for TlsLib.
|
||||||
|
|
||||||
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||||
This program and the accompanying materials
|
This program and the accompanying materials
|
||||||
are licensed and made available under the terms and conditions of the BSD License
|
are licensed and made available under the terms and conditions of the BSD License
|
||||||
which accompanies this distribution. The full text of the license may be found at
|
which accompanies this distribution. The full text of the license may be found at
|
||||||
http://opensource.org/licenses/bsd-license.php
|
http://opensource.org/licenses/bsd-license.php
|
||||||
|
|
||||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
|
||||||
#ifndef __INTERNAL_TLS_LIB_H__
|
#ifndef __INTERNAL_TLS_LIB_H__
|
||||||
#define __INTERNAL_TLS_LIB_H__
|
#define __INTERNAL_TLS_LIB_H__
|
||||||
|
|
||||||
#undef _WIN32
|
#undef _WIN32
|
||||||
#undef _WIN64
|
#undef _WIN64
|
||||||
|
|
||||||
#include <Library/BaseCryptLib.h>
|
#include <Library/BaseCryptLib.h>
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
#include <openssl/bio.h>
|
#include <openssl/bio.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
//
|
//
|
||||||
// Main SSL Connection which is created by a server or a client
|
// Main SSL Connection which is created by a server or a client
|
||||||
// per established connection.
|
// per established connection.
|
||||||
//
|
//
|
||||||
SSL *Ssl;
|
SSL *Ssl;
|
||||||
//
|
//
|
||||||
// Memory BIO for the TLS/SSL Reading operations.
|
// Memory BIO for the TLS/SSL Reading operations.
|
||||||
//
|
//
|
||||||
BIO *InBio;
|
BIO *InBio;
|
||||||
//
|
//
|
||||||
// Memory BIO for the TLS/SSL Writing operations.
|
// Memory BIO for the TLS/SSL Writing operations.
|
||||||
//
|
//
|
||||||
BIO *OutBio;
|
BIO *OutBio;
|
||||||
} TLS_CONNECTION;
|
} TLS_CONNECTION;
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,268 +1,269 @@
|
|||||||
/** @file
|
/** @file
|
||||||
SSL/TLS Initialization Library Wrapper Implementation over OpenSSL.
|
SSL/TLS Initialization Library Wrapper Implementation over OpenSSL.
|
||||||
|
|
||||||
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||||
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
|
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
|
||||||
This program and the accompanying materials
|
This program and the accompanying materials
|
||||||
are licensed and made available under the terms and conditions of the BSD License
|
are licensed and made available under the terms and conditions of the BSD License
|
||||||
which accompanies this distribution. The full text of the license may be found at
|
which accompanies this distribution. The full text of the license may be found at
|
||||||
http://opensource.org/licenses/bsd-license.php
|
http://opensource.org/licenses/bsd-license.php
|
||||||
|
|
||||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
|
||||||
#include "InternalTlsLib.h"
|
#include "InternalTlsLib.h"
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Initializes the OpenSSL library.
|
Initializes the OpenSSL library.
|
||||||
|
|
||||||
This function registers ciphers and digests used directly and indirectly
|
This function registers ciphers and digests used directly and indirectly
|
||||||
by SSL/TLS, and initializes the readable error messages.
|
by SSL/TLS, and initializes the readable error messages.
|
||||||
This function must be called before any other action takes places.
|
This function must be called before any other action takes places.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
VOID
|
VOID
|
||||||
EFIAPI
|
EFIAPI
|
||||||
TlsInitialize (
|
TlsInitialize (
|
||||||
VOID
|
VOID
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
//
|
//
|
||||||
// Performs initialization of crypto and ssl library, and loads required
|
// Performs initialization of crypto and ssl library, and loads required
|
||||||
// algorithms.
|
// algorithms.
|
||||||
//
|
//
|
||||||
OPENSSL_init_ssl (
|
OPENSSL_init_ssl (
|
||||||
OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS,
|
OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS,
|
||||||
NULL
|
NULL
|
||||||
);
|
);
|
||||||
|
|
||||||
//
|
//
|
||||||
// Initialize the pseudorandom number generator.
|
// Initialize the pseudorandom number generator.
|
||||||
//
|
//
|
||||||
RandomSeed (NULL, 0);
|
RandomSeed (NULL, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Free an allocated SSL_CTX object.
|
Free an allocated SSL_CTX object.
|
||||||
|
|
||||||
@param[in] TlsCtx Pointer to the SSL_CTX object to be released.
|
@param[in] TlsCtx Pointer to the SSL_CTX object to be released.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
VOID
|
VOID
|
||||||
EFIAPI
|
EFIAPI
|
||||||
TlsCtxFree (
|
TlsCtxFree (
|
||||||
IN VOID *TlsCtx
|
IN VOID *TlsCtx
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
if (TlsCtx == NULL) {
|
if (TlsCtx == NULL) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (TlsCtx != NULL) {
|
if (TlsCtx != NULL) {
|
||||||
SSL_CTX_free ((SSL_CTX *) (TlsCtx));
|
SSL_CTX_free ((SSL_CTX *) (TlsCtx));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
|
Creates a new SSL_CTX object as framework to establish TLS/SSL enabled
|
||||||
connections.
|
connections.
|
||||||
|
|
||||||
@param[in] MajorVer Major Version of TLS/SSL Protocol.
|
@param[in] MajorVer Major Version of TLS/SSL Protocol.
|
||||||
@param[in] MinorVer Minor Version of TLS/SSL Protocol.
|
@param[in] MinorVer Minor Version of TLS/SSL Protocol.
|
||||||
|
|
||||||
@return Pointer to an allocated SSL_CTX object.
|
@return Pointer to an allocated SSL_CTX object.
|
||||||
If the creation failed, TlsCtxNew() returns NULL.
|
If the creation failed, TlsCtxNew() returns NULL.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
VOID *
|
VOID *
|
||||||
EFIAPI
|
EFIAPI
|
||||||
TlsCtxNew (
|
TlsCtxNew (
|
||||||
IN UINT8 MajorVer,
|
IN UINT8 MajorVer,
|
||||||
IN UINT8 MinorVer
|
IN UINT8 MinorVer
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
SSL_CTX *TlsCtx;
|
SSL_CTX *TlsCtx;
|
||||||
UINT16 ProtoVersion;
|
UINT16 ProtoVersion;
|
||||||
|
|
||||||
ProtoVersion = (MajorVer << 8) | MinorVer;
|
ProtoVersion = (MajorVer << 8) | MinorVer;
|
||||||
|
|
||||||
TlsCtx = SSL_CTX_new (SSLv23_client_method ());
|
TlsCtx = SSL_CTX_new (SSLv23_client_method ());
|
||||||
if (TlsCtx == NULL) {
|
if (TlsCtx == NULL) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Ensure SSLv3 is disabled
|
// Ensure SSLv3 is disabled
|
||||||
//
|
//
|
||||||
SSL_CTX_set_options (TlsCtx, SSL_OP_NO_SSLv3);
|
SSL_CTX_set_options (TlsCtx, SSL_OP_NO_SSLv3);
|
||||||
|
|
||||||
//
|
//
|
||||||
// Treat as minimum accepted versions by setting the minimal bound.
|
// Treat as minimum accepted versions by setting the minimal bound.
|
||||||
// Client can use higher TLS version if server supports it
|
// Client can use higher TLS version if server supports it
|
||||||
//
|
//
|
||||||
SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion);
|
SSL_CTX_set_min_proto_version (TlsCtx, ProtoVersion);
|
||||||
|
|
||||||
return (VOID *) TlsCtx;
|
return (VOID *) TlsCtx;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Free an allocated TLS object.
|
Free an allocated TLS object.
|
||||||
|
|
||||||
This function removes the TLS object pointed to by Tls and frees up the
|
This function removes the TLS object pointed to by Tls and frees up the
|
||||||
allocated memory. If Tls is NULL, nothing is done.
|
allocated memory. If Tls is NULL, nothing is done.
|
||||||
|
|
||||||
@param[in] Tls Pointer to the TLS object to be freed.
|
@param[in] Tls Pointer to the TLS object to be freed.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
VOID
|
VOID
|
||||||
EFIAPI
|
EFIAPI
|
||||||
TlsFree (
|
TlsFree (
|
||||||
IN VOID *Tls
|
IN VOID *Tls
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
TLS_CONNECTION *TlsConn;
|
TLS_CONNECTION *TlsConn;
|
||||||
|
|
||||||
TlsConn = (TLS_CONNECTION *) Tls;
|
TlsConn = (TLS_CONNECTION *) Tls;
|
||||||
if (TlsConn == NULL) {
|
if (TlsConn == NULL) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Free the internal TLS and BIO objects.
|
// Free the internal TLS and BIO objects.
|
||||||
//
|
//
|
||||||
if (TlsConn->Ssl != NULL) {
|
if (TlsConn->Ssl != NULL) {
|
||||||
SSL_free (TlsConn->Ssl);
|
SSL_free (TlsConn->Ssl);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (TlsConn->InBio != NULL) {
|
if (TlsConn->InBio != NULL) {
|
||||||
BIO_free (TlsConn->InBio);
|
BIO_free (TlsConn->InBio);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (TlsConn->OutBio != NULL) {
|
if (TlsConn->OutBio != NULL) {
|
||||||
BIO_free (TlsConn->OutBio);
|
BIO_free (TlsConn->OutBio);
|
||||||
}
|
}
|
||||||
|
|
||||||
OPENSSL_free (Tls);
|
OPENSSL_free (Tls);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Create a new TLS object for a connection.
|
Create a new TLS object for a connection.
|
||||||
|
|
||||||
This function creates a new TLS object for a connection. The new object
|
This function creates a new TLS object for a connection. The new object
|
||||||
inherits the setting of the underlying context TlsCtx: connection method,
|
inherits the setting of the underlying context TlsCtx: connection method,
|
||||||
options, verification setting.
|
options, verification setting.
|
||||||
|
|
||||||
@param[in] TlsCtx Pointer to the SSL_CTX object.
|
@param[in] TlsCtx Pointer to the SSL_CTX object.
|
||||||
|
|
||||||
@return Pointer to an allocated SSL object.
|
@return Pointer to an allocated SSL object.
|
||||||
If the creation failed, TlsNew() returns NULL.
|
If the creation failed, TlsNew() returns NULL.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
VOID *
|
VOID *
|
||||||
EFIAPI
|
EFIAPI
|
||||||
TlsNew (
|
TlsNew (
|
||||||
IN VOID *TlsCtx
|
IN VOID *TlsCtx
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
TLS_CONNECTION *TlsConn;
|
TLS_CONNECTION *TlsConn;
|
||||||
SSL_CTX *SslCtx;
|
SSL_CTX *SslCtx;
|
||||||
X509_STORE *X509Store;
|
X509_STORE *X509Store;
|
||||||
|
|
||||||
TlsConn = NULL;
|
TlsConn = NULL;
|
||||||
|
|
||||||
//
|
//
|
||||||
// Allocate one new TLS_CONNECTION object
|
// Allocate one new TLS_CONNECTION object
|
||||||
//
|
//
|
||||||
TlsConn = (TLS_CONNECTION *) OPENSSL_malloc (sizeof (TLS_CONNECTION));
|
TlsConn = (TLS_CONNECTION *) OPENSSL_malloc (sizeof (TLS_CONNECTION));
|
||||||
if (TlsConn == NULL) {
|
if (TlsConn == NULL) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
TlsConn->Ssl = NULL;
|
TlsConn->Ssl = NULL;
|
||||||
|
|
||||||
//
|
//
|
||||||
// Create a new SSL Object
|
// Create a new SSL Object
|
||||||
//
|
//
|
||||||
TlsConn->Ssl = SSL_new ((SSL_CTX *) TlsCtx);
|
TlsConn->Ssl = SSL_new ((SSL_CTX *) TlsCtx);
|
||||||
if (TlsConn->Ssl == NULL) {
|
if (TlsConn->Ssl == NULL) {
|
||||||
TlsFree ((VOID *) TlsConn);
|
TlsFree ((VOID *) TlsConn);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// This retains compatibility with previous version of OpenSSL.
|
// This retains compatibility with previous version of OpenSSL.
|
||||||
//
|
//
|
||||||
SSL_set_security_level (TlsConn->Ssl, 0);
|
SSL_set_security_level (TlsConn->Ssl, 0);
|
||||||
|
|
||||||
//
|
//
|
||||||
// Initialize the created SSL Object
|
// Initialize the created SSL Object
|
||||||
//
|
//
|
||||||
SSL_set_info_callback (TlsConn->Ssl, NULL);
|
SSL_set_info_callback (TlsConn->Ssl, NULL);
|
||||||
|
|
||||||
TlsConn->InBio = NULL;
|
TlsConn->InBio = NULL;
|
||||||
|
|
||||||
//
|
//
|
||||||
// Set up Reading BIO for TLS connection
|
// Set up Reading BIO for TLS connection
|
||||||
//
|
//
|
||||||
TlsConn->InBio = BIO_new (BIO_s_mem ());
|
TlsConn->InBio = BIO_new (BIO_s_mem ());
|
||||||
if (TlsConn->InBio == NULL) {
|
if (TlsConn->InBio == NULL) {
|
||||||
TlsFree ((VOID *) TlsConn);
|
TlsFree ((VOID *) TlsConn);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Sets the behaviour of memory BIO when it is empty. It will set the
|
// Sets the behaviour of memory BIO when it is empty. It will set the
|
||||||
// read retry flag.
|
// read retry flag.
|
||||||
//
|
//
|
||||||
BIO_set_mem_eof_return (TlsConn->InBio, -1);
|
BIO_set_mem_eof_return (TlsConn->InBio, -1);
|
||||||
|
|
||||||
TlsConn->OutBio = NULL;
|
TlsConn->OutBio = NULL;
|
||||||
|
|
||||||
//
|
//
|
||||||
// Set up Writing BIO for TLS connection
|
// Set up Writing BIO for TLS connection
|
||||||
//
|
//
|
||||||
TlsConn->OutBio = BIO_new (BIO_s_mem ());
|
TlsConn->OutBio = BIO_new (BIO_s_mem ());
|
||||||
if (TlsConn->OutBio == NULL) {
|
if (TlsConn->OutBio == NULL) {
|
||||||
TlsFree ((VOID *) TlsConn);
|
TlsFree ((VOID *) TlsConn);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Sets the behaviour of memory BIO when it is empty. It will set the
|
// Sets the behaviour of memory BIO when it is empty. It will set the
|
||||||
// write retry flag.
|
// write retry flag.
|
||||||
//
|
//
|
||||||
BIO_set_mem_eof_return (TlsConn->OutBio, -1);
|
BIO_set_mem_eof_return (TlsConn->OutBio, -1);
|
||||||
|
|
||||||
ASSERT (TlsConn->Ssl != NULL && TlsConn->InBio != NULL && TlsConn->OutBio != NULL);
|
ASSERT (TlsConn->Ssl != NULL && TlsConn->InBio != NULL && TlsConn->OutBio != NULL);
|
||||||
|
|
||||||
//
|
//
|
||||||
// Connects the InBio and OutBio for the read and write operations.
|
// Connects the InBio and OutBio for the read and write operations.
|
||||||
//
|
//
|
||||||
SSL_set_bio (TlsConn->Ssl, TlsConn->InBio, TlsConn->OutBio);
|
SSL_set_bio (TlsConn->Ssl, TlsConn->InBio, TlsConn->OutBio);
|
||||||
|
|
||||||
//
|
//
|
||||||
// Create new X509 store if needed
|
// Create new X509 store if needed
|
||||||
//
|
//
|
||||||
SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);
|
SslCtx = SSL_get_SSL_CTX (TlsConn->Ssl);
|
||||||
X509Store = SSL_CTX_get_cert_store (SslCtx);
|
X509Store = SSL_CTX_get_cert_store (SslCtx);
|
||||||
if (X509Store == NULL) {
|
if (X509Store == NULL) {
|
||||||
X509Store = X509_STORE_new ();
|
X509Store = X509_STORE_new ();
|
||||||
if (X509Store == NULL) {
|
if (X509Store == NULL) {
|
||||||
TlsFree ((VOID *) TlsConn);
|
TlsFree ((VOID *) TlsConn);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
SSL_CTX_set1_verify_cert_store (SslCtx, X509Store);
|
SSL_CTX_set1_verify_cert_store (SslCtx, X509Store);
|
||||||
X509_STORE_free (X509Store);
|
X509_STORE_free (X509Store);
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Set X509_STORE flags used in certificate validation
|
// Set X509_STORE flags used in certificate validation
|
||||||
//
|
//
|
||||||
X509_STORE_set_flags (
|
X509_STORE_set_flags (
|
||||||
X509Store,
|
X509Store,
|
||||||
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
|
X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_NO_CHECK_TIME
|
||||||
);
|
);
|
||||||
return (VOID *) TlsConn;
|
return (VOID *) TlsConn;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,56 +1,57 @@
|
|||||||
## @file
|
## @file
|
||||||
# SSL/TLS Wrapper Library Instance based on OpenSSL.
|
# SSL/TLS Wrapper Library Instance based on OpenSSL.
|
||||||
#
|
#
|
||||||
# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||||
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
|
# (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
|
||||||
# This program and the accompanying materials
|
# This program and the accompanying materials
|
||||||
# are licensed and made available under the terms and conditions of the BSD License
|
# are licensed and made available under the terms and conditions of the BSD License
|
||||||
# which accompanies this distribution. The full text of the license may be found at
|
# which accompanies this distribution. The full text of the license may be found at
|
||||||
# http://opensource.org/licenses/bsd-license.php
|
# http://opensource.org/licenses/bsd-license.php
|
||||||
#
|
#
|
||||||
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
#
|
#
|
||||||
##
|
##
|
||||||
|
|
||||||
[Defines]
|
[Defines]
|
||||||
INF_VERSION = 0x00010005
|
INF_VERSION = 0x00010005
|
||||||
BASE_NAME = TlsLib
|
BASE_NAME = TlsLib
|
||||||
MODULE_UNI_FILE = TlsLib.uni
|
MODULE_UNI_FILE = TlsLib.uni
|
||||||
FILE_GUID = CC729DC5-4E21-0B36-1A00-3A8E1B86A155
|
FILE_GUID = CC729DC5-4E21-0B36-1A00-3A8E1B86A155
|
||||||
MODULE_TYPE = DXE_DRIVER
|
MODULE_TYPE = DXE_DRIVER
|
||||||
VERSION_STRING = 1.0
|
VERSION_STRING = 1.0
|
||||||
LIBRARY_CLASS = TlsLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
|
LIBRARY_CLASS = TlsLib|DXE_DRIVER DXE_CORE UEFI_APPLICATION UEFI_DRIVER
|
||||||
|
|
||||||
#
|
#
|
||||||
# The following information is for reference only and not required by the build tools.
|
# The following information is for reference only and not required by the build tools.
|
||||||
#
|
#
|
||||||
# VALID_ARCHITECTURES = IA32 X64 IPF ARM AARCH64
|
# VALID_ARCHITECTURES = IA32 X64 IPF ARM AARCH64
|
||||||
#
|
#
|
||||||
|
|
||||||
[Sources]
|
[Sources]
|
||||||
InternalTlsLib.h
|
InternalTlsLib.h
|
||||||
TlsInit.c
|
TlsInit.c
|
||||||
TlsConfig.c
|
TlsConfig.c
|
||||||
TlsProcess.c
|
TlsProcess.c
|
||||||
|
|
||||||
[Packages]
|
[Packages]
|
||||||
MdePkg/MdePkg.dec
|
MdePkg/MdePkg.dec
|
||||||
CryptoPkg/CryptoPkg.dec
|
CryptoPkg/CryptoPkg.dec
|
||||||
|
|
||||||
[LibraryClasses]
|
[LibraryClasses]
|
||||||
BaseLib
|
BaseLib
|
||||||
BaseMemoryLib
|
BaseMemoryLib
|
||||||
MemoryAllocationLib
|
MemoryAllocationLib
|
||||||
UefiRuntimeServicesTableLib
|
UefiRuntimeServicesTableLib
|
||||||
DebugLib
|
DebugLib
|
||||||
OpensslLib
|
OpensslLib
|
||||||
IntrinsicLib
|
IntrinsicLib
|
||||||
PrintLib
|
PrintLib
|
||||||
|
|
||||||
[BuildOptions]
|
[BuildOptions]
|
||||||
#
|
#
|
||||||
# suppress the following warnings so we do not break the build with warnings-as-errors:
|
# suppress the following warnings so we do not break the build with warnings-as-errors:
|
||||||
# C4090: 'function' : different 'const' qualifiers
|
# C4090: 'function' : different 'const' qualifiers
|
||||||
#
|
#
|
||||||
MSFT:*_*_*_CC_FLAGS = /wd4090
|
MSFT:*_*_*_CC_FLAGS = /wd4090
|
||||||
|
|
||||||
|
@ -1,19 +1,19 @@
|
|||||||
// /** @file
|
// /** @file
|
||||||
// SSL/TLS Wrapper Library Instance based on OpenSSL.
|
// SSL/TLS Wrapper Library Instance based on OpenSSL.
|
||||||
//
|
//
|
||||||
// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
|
// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
|
||||||
//
|
//
|
||||||
// This program and the accompanying materials
|
// This program and the accompanying materials
|
||||||
// are licensed and made available under the terms and conditions of the BSD License
|
// are licensed and made available under the terms and conditions of the BSD License
|
||||||
// which accompanies this distribution. The full text of the license may be found at
|
// which accompanies this distribution. The full text of the license may be found at
|
||||||
// http://opensource.org/licenses/bsd-license.php
|
// http://opensource.org/licenses/bsd-license.php
|
||||||
//
|
//
|
||||||
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
//
|
//
|
||||||
// **/
|
// **/
|
||||||
|
|
||||||
|
|
||||||
#string STR_MODULE_ABSTRACT #language en-US "SSL/TLS Wrapper Library Instance"
|
#string STR_MODULE_ABSTRACT #language en-US "SSL/TLS Wrapper Library Instance"
|
||||||
|
|
||||||
#string STR_MODULE_DESCRIPTION #language en-US "This module provides SSL/TLS Wrapper Library Instance."
|
#string STR_MODULE_DESCRIPTION #language en-US "This module provides SSL/TLS Wrapper Library Instance."
|
||||||
|
@ -1,462 +1,463 @@
|
|||||||
/** @file
|
/** @file
|
||||||
SSL/TLS Process Library Wrapper Implementation over OpenSSL.
|
SSL/TLS Process Library Wrapper Implementation over OpenSSL.
|
||||||
The process includes the TLS handshake and packet I/O.
|
The process includes the TLS handshake and packet I/O.
|
||||||
|
|
||||||
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||||
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
|
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
|
||||||
This program and the accompanying materials
|
This program and the accompanying materials
|
||||||
are licensed and made available under the terms and conditions of the BSD License
|
are licensed and made available under the terms and conditions of the BSD License
|
||||||
which accompanies this distribution. The full text of the license may be found at
|
which accompanies this distribution. The full text of the license may be found at
|
||||||
http://opensource.org/licenses/bsd-license.php
|
http://opensource.org/licenses/bsd-license.php
|
||||||
|
|
||||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
|
|
||||||
#include "InternalTlsLib.h"
|
#include "InternalTlsLib.h"
|
||||||
|
|
||||||
#define MAX_BUFFER_SIZE 32768
|
#define MAX_BUFFER_SIZE 32768
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Checks if the TLS handshake was done.
|
Checks if the TLS handshake was done.
|
||||||
|
|
||||||
This function will check if the specified TLS handshake was done.
|
This function will check if the specified TLS handshake was done.
|
||||||
|
|
||||||
@param[in] Tls Pointer to the TLS object for handshake state checking.
|
@param[in] Tls Pointer to the TLS object for handshake state checking.
|
||||||
|
|
||||||
@retval TRUE The TLS handshake was done.
|
@retval TRUE The TLS handshake was done.
|
||||||
@retval FALSE The TLS handshake was not done.
|
@retval FALSE The TLS handshake was not done.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
BOOLEAN
|
BOOLEAN
|
||||||
EFIAPI
|
EFIAPI
|
||||||
TlsInHandshake (
|
TlsInHandshake (
|
||||||
IN VOID *Tls
|
IN VOID *Tls
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
TLS_CONNECTION *TlsConn;
|
TLS_CONNECTION *TlsConn;
|
||||||
|
|
||||||
TlsConn = (TLS_CONNECTION *) Tls;
|
TlsConn = (TLS_CONNECTION *) Tls;
|
||||||
if (TlsConn == NULL || TlsConn->Ssl == NULL) {
|
if (TlsConn == NULL || TlsConn->Ssl == NULL) {
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Return the status which indicates if the TLS handshake was done.
|
// Return the status which indicates if the TLS handshake was done.
|
||||||
//
|
//
|
||||||
return !SSL_is_init_finished (TlsConn->Ssl);
|
return !SSL_is_init_finished (TlsConn->Ssl);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Perform a TLS/SSL handshake.
|
Perform a TLS/SSL handshake.
|
||||||
|
|
||||||
This function will perform a TLS/SSL handshake.
|
This function will perform a TLS/SSL handshake.
|
||||||
|
|
||||||
@param[in] Tls Pointer to the TLS object for handshake operation.
|
@param[in] Tls Pointer to the TLS object for handshake operation.
|
||||||
@param[in] BufferIn Pointer to the most recently received TLS Handshake packet.
|
@param[in] BufferIn Pointer to the most recently received TLS Handshake packet.
|
||||||
@param[in] BufferInSize Packet size in bytes for the most recently received TLS
|
@param[in] BufferInSize Packet size in bytes for the most recently received TLS
|
||||||
Handshake packet.
|
Handshake packet.
|
||||||
@param[out] BufferOut Pointer to the buffer to hold the built packet.
|
@param[out] BufferOut Pointer to the buffer to hold the built packet.
|
||||||
@param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
|
@param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
|
||||||
the buffer size provided by the caller. On output, it
|
the buffer size provided by the caller. On output, it
|
||||||
is the buffer size in fact needed to contain the
|
is the buffer size in fact needed to contain the
|
||||||
packet.
|
packet.
|
||||||
|
|
||||||
@retval EFI_SUCCESS The required TLS packet is built successfully.
|
@retval EFI_SUCCESS The required TLS packet is built successfully.
|
||||||
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
|
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
|
||||||
Tls is NULL.
|
Tls is NULL.
|
||||||
BufferIn is NULL but BufferInSize is NOT 0.
|
BufferIn is NULL but BufferInSize is NOT 0.
|
||||||
BufferInSize is 0 but BufferIn is NOT NULL.
|
BufferInSize is 0 but BufferIn is NOT NULL.
|
||||||
BufferOutSize is NULL.
|
BufferOutSize is NULL.
|
||||||
BufferOut is NULL if *BufferOutSize is not zero.
|
BufferOut is NULL if *BufferOutSize is not zero.
|
||||||
@retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
|
@retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
|
||||||
@retval EFI_ABORTED Something wrong during handshake.
|
@retval EFI_ABORTED Something wrong during handshake.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
EFI_STATUS
|
EFI_STATUS
|
||||||
EFIAPI
|
EFIAPI
|
||||||
TlsDoHandshake (
|
TlsDoHandshake (
|
||||||
IN VOID *Tls,
|
IN VOID *Tls,
|
||||||
IN UINT8 *BufferIn, OPTIONAL
|
IN UINT8 *BufferIn, OPTIONAL
|
||||||
IN UINTN BufferInSize, OPTIONAL
|
IN UINTN BufferInSize, OPTIONAL
|
||||||
OUT UINT8 *BufferOut, OPTIONAL
|
OUT UINT8 *BufferOut, OPTIONAL
|
||||||
IN OUT UINTN *BufferOutSize
|
IN OUT UINTN *BufferOutSize
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
TLS_CONNECTION *TlsConn;
|
TLS_CONNECTION *TlsConn;
|
||||||
UINTN PendingBufferSize;
|
UINTN PendingBufferSize;
|
||||||
INTN Ret;
|
INTN Ret;
|
||||||
UINTN ErrorCode;
|
UINTN ErrorCode;
|
||||||
|
|
||||||
TlsConn = (TLS_CONNECTION *) Tls;
|
TlsConn = (TLS_CONNECTION *) Tls;
|
||||||
PendingBufferSize = 0;
|
PendingBufferSize = 0;
|
||||||
Ret = 1;
|
Ret = 1;
|
||||||
|
|
||||||
if (TlsConn == NULL || \
|
if (TlsConn == NULL || \
|
||||||
TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
|
TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
|
||||||
BufferOutSize == NULL || \
|
BufferOutSize == NULL || \
|
||||||
(BufferIn == NULL && BufferInSize != 0) || \
|
(BufferIn == NULL && BufferInSize != 0) || \
|
||||||
(BufferIn != NULL && BufferInSize == 0) || \
|
(BufferIn != NULL && BufferInSize == 0) || \
|
||||||
(BufferOut == NULL && *BufferOutSize != 0)) {
|
(BufferOut == NULL && *BufferOutSize != 0)) {
|
||||||
return EFI_INVALID_PARAMETER;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(BufferIn == NULL && BufferInSize == 0) {
|
if(BufferIn == NULL && BufferInSize == 0) {
|
||||||
//
|
//
|
||||||
// If RequestBuffer is NULL and RequestSize is 0, and TLS session
|
// If RequestBuffer is NULL and RequestSize is 0, and TLS session
|
||||||
// status is EfiTlsSessionNotStarted, the TLS session will be initiated
|
// status is EfiTlsSessionNotStarted, the TLS session will be initiated
|
||||||
// and the response packet needs to be ClientHello.
|
// and the response packet needs to be ClientHello.
|
||||||
//
|
//
|
||||||
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
||||||
if (PendingBufferSize == 0) {
|
if (PendingBufferSize == 0) {
|
||||||
SSL_set_connect_state (TlsConn->Ssl);
|
SSL_set_connect_state (TlsConn->Ssl);
|
||||||
Ret = SSL_do_handshake (TlsConn->Ssl);
|
Ret = SSL_do_handshake (TlsConn->Ssl);
|
||||||
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
||||||
if (PendingBufferSize == 0) {
|
if (PendingBufferSize == 0) {
|
||||||
BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
|
BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
|
||||||
Ret = SSL_do_handshake (TlsConn->Ssl);
|
Ret = SSL_do_handshake (TlsConn->Ssl);
|
||||||
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Ret < 1) {
|
if (Ret < 1) {
|
||||||
Ret = SSL_get_error (TlsConn->Ssl, (int) Ret);
|
Ret = SSL_get_error (TlsConn->Ssl, (int) Ret);
|
||||||
if (Ret == SSL_ERROR_SSL ||
|
if (Ret == SSL_ERROR_SSL ||
|
||||||
Ret == SSL_ERROR_SYSCALL ||
|
Ret == SSL_ERROR_SYSCALL ||
|
||||||
Ret == SSL_ERROR_ZERO_RETURN) {
|
Ret == SSL_ERROR_ZERO_RETURN) {
|
||||||
DEBUG ((
|
DEBUG ((
|
||||||
DEBUG_ERROR,
|
DEBUG_ERROR,
|
||||||
"%a SSL_HANDSHAKE_ERROR State=0x%x SSL_ERROR_%a\n",
|
"%a SSL_HANDSHAKE_ERROR State=0x%x SSL_ERROR_%a\n",
|
||||||
__FUNCTION__,
|
__FUNCTION__,
|
||||||
SSL_get_state (TlsConn->Ssl),
|
SSL_get_state (TlsConn->Ssl),
|
||||||
Ret == SSL_ERROR_SSL ? "SSL" : Ret == SSL_ERROR_SYSCALL ? "SYSCALL" : "ZERO_RETURN"
|
Ret == SSL_ERROR_SSL ? "SSL" : Ret == SSL_ERROR_SYSCALL ? "SYSCALL" : "ZERO_RETURN"
|
||||||
));
|
));
|
||||||
DEBUG_CODE_BEGIN ();
|
DEBUG_CODE_BEGIN ();
|
||||||
while (TRUE) {
|
while (TRUE) {
|
||||||
ErrorCode = ERR_get_error ();
|
ErrorCode = ERR_get_error ();
|
||||||
if (ErrorCode == 0) {
|
if (ErrorCode == 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
DEBUG ((
|
DEBUG ((
|
||||||
DEBUG_ERROR,
|
DEBUG_ERROR,
|
||||||
"%a ERROR 0x%x=L%x:F%x:R%x\n",
|
"%a ERROR 0x%x=L%x:F%x:R%x\n",
|
||||||
__FUNCTION__,
|
__FUNCTION__,
|
||||||
ErrorCode,
|
ErrorCode,
|
||||||
ERR_GET_LIB (ErrorCode),
|
ERR_GET_LIB (ErrorCode),
|
||||||
ERR_GET_FUNC (ErrorCode),
|
ERR_GET_FUNC (ErrorCode),
|
||||||
ERR_GET_REASON (ErrorCode)
|
ERR_GET_REASON (ErrorCode)
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
DEBUG_CODE_END ();
|
DEBUG_CODE_END ();
|
||||||
return EFI_ABORTED;
|
return EFI_ABORTED;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PendingBufferSize > *BufferOutSize) {
|
if (PendingBufferSize > *BufferOutSize) {
|
||||||
*BufferOutSize = PendingBufferSize;
|
*BufferOutSize = PendingBufferSize;
|
||||||
return EFI_BUFFER_TOO_SMALL;
|
return EFI_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PendingBufferSize > 0) {
|
if (PendingBufferSize > 0) {
|
||||||
*BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize);
|
*BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize);
|
||||||
} else {
|
} else {
|
||||||
*BufferOutSize = 0;
|
*BufferOutSize = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return EFI_SUCCESS;
|
return EFI_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,
|
Handle Alert message recorded in BufferIn. If BufferIn is NULL and BufferInSize is zero,
|
||||||
TLS session has errors and the response packet needs to be Alert message based on error type.
|
TLS session has errors and the response packet needs to be Alert message based on error type.
|
||||||
|
|
||||||
@param[in] Tls Pointer to the TLS object for state checking.
|
@param[in] Tls Pointer to the TLS object for state checking.
|
||||||
@param[in] BufferIn Pointer to the most recently received TLS Alert packet.
|
@param[in] BufferIn Pointer to the most recently received TLS Alert packet.
|
||||||
@param[in] BufferInSize Packet size in bytes for the most recently received TLS
|
@param[in] BufferInSize Packet size in bytes for the most recently received TLS
|
||||||
Alert packet.
|
Alert packet.
|
||||||
@param[out] BufferOut Pointer to the buffer to hold the built packet.
|
@param[out] BufferOut Pointer to the buffer to hold the built packet.
|
||||||
@param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
|
@param[in, out] BufferOutSize Pointer to the buffer size in bytes. On input, it is
|
||||||
the buffer size provided by the caller. On output, it
|
the buffer size provided by the caller. On output, it
|
||||||
is the buffer size in fact needed to contain the
|
is the buffer size in fact needed to contain the
|
||||||
packet.
|
packet.
|
||||||
|
|
||||||
@retval EFI_SUCCESS The required TLS packet is built successfully.
|
@retval EFI_SUCCESS The required TLS packet is built successfully.
|
||||||
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
|
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
|
||||||
Tls is NULL.
|
Tls is NULL.
|
||||||
BufferIn is NULL but BufferInSize is NOT 0.
|
BufferIn is NULL but BufferInSize is NOT 0.
|
||||||
BufferInSize is 0 but BufferIn is NOT NULL.
|
BufferInSize is 0 but BufferIn is NOT NULL.
|
||||||
BufferOutSize is NULL.
|
BufferOutSize is NULL.
|
||||||
BufferOut is NULL if *BufferOutSize is not zero.
|
BufferOut is NULL if *BufferOutSize is not zero.
|
||||||
@retval EFI_ABORTED An error occurred.
|
@retval EFI_ABORTED An error occurred.
|
||||||
@retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
|
@retval EFI_BUFFER_TOO_SMALL BufferOutSize is too small to hold the response packet.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
EFI_STATUS
|
EFI_STATUS
|
||||||
EFIAPI
|
EFIAPI
|
||||||
TlsHandleAlert (
|
TlsHandleAlert (
|
||||||
IN VOID *Tls,
|
IN VOID *Tls,
|
||||||
IN UINT8 *BufferIn, OPTIONAL
|
IN UINT8 *BufferIn, OPTIONAL
|
||||||
IN UINTN BufferInSize, OPTIONAL
|
IN UINTN BufferInSize, OPTIONAL
|
||||||
OUT UINT8 *BufferOut, OPTIONAL
|
OUT UINT8 *BufferOut, OPTIONAL
|
||||||
IN OUT UINTN *BufferOutSize
|
IN OUT UINTN *BufferOutSize
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
TLS_CONNECTION *TlsConn;
|
TLS_CONNECTION *TlsConn;
|
||||||
UINTN PendingBufferSize;
|
UINTN PendingBufferSize;
|
||||||
UINT8 *TempBuffer;
|
UINT8 *TempBuffer;
|
||||||
INTN Ret;
|
INTN Ret;
|
||||||
|
|
||||||
TlsConn = (TLS_CONNECTION *) Tls;
|
TlsConn = (TLS_CONNECTION *) Tls;
|
||||||
PendingBufferSize = 0;
|
PendingBufferSize = 0;
|
||||||
TempBuffer = NULL;
|
TempBuffer = NULL;
|
||||||
Ret = 0;
|
Ret = 0;
|
||||||
|
|
||||||
if (TlsConn == NULL || \
|
if (TlsConn == NULL || \
|
||||||
TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
|
TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
|
||||||
BufferOutSize == NULL || \
|
BufferOutSize == NULL || \
|
||||||
(BufferIn == NULL && BufferInSize != 0) || \
|
(BufferIn == NULL && BufferInSize != 0) || \
|
||||||
(BufferIn != NULL && BufferInSize == 0) || \
|
(BufferIn != NULL && BufferInSize == 0) || \
|
||||||
(BufferOut == NULL && *BufferOutSize != 0)) {
|
(BufferOut == NULL && *BufferOutSize != 0)) {
|
||||||
return EFI_INVALID_PARAMETER;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
||||||
if (PendingBufferSize == 0 && BufferIn != NULL && BufferInSize != 0) {
|
if (PendingBufferSize == 0 && BufferIn != NULL && BufferInSize != 0) {
|
||||||
Ret = BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
|
Ret = BIO_write (TlsConn->InBio, BufferIn, (UINT32) BufferInSize);
|
||||||
if (Ret != (INTN) BufferInSize) {
|
if (Ret != (INTN) BufferInSize) {
|
||||||
return EFI_ABORTED;
|
return EFI_ABORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
TempBuffer = (UINT8 *) OPENSSL_malloc (MAX_BUFFER_SIZE);
|
TempBuffer = (UINT8 *) OPENSSL_malloc (MAX_BUFFER_SIZE);
|
||||||
|
|
||||||
//
|
//
|
||||||
// ssl3_send_alert() will be called in ssl3_read_bytes() function.
|
// ssl3_send_alert() will be called in ssl3_read_bytes() function.
|
||||||
// TempBuffer is invalid since it's a Alert message, so just ignore it.
|
// TempBuffer is invalid since it's a Alert message, so just ignore it.
|
||||||
//
|
//
|
||||||
SSL_read (TlsConn->Ssl, TempBuffer, MAX_BUFFER_SIZE);
|
SSL_read (TlsConn->Ssl, TempBuffer, MAX_BUFFER_SIZE);
|
||||||
|
|
||||||
OPENSSL_free (TempBuffer);
|
OPENSSL_free (TempBuffer);
|
||||||
|
|
||||||
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PendingBufferSize > *BufferOutSize) {
|
if (PendingBufferSize > *BufferOutSize) {
|
||||||
*BufferOutSize = PendingBufferSize;
|
*BufferOutSize = PendingBufferSize;
|
||||||
return EFI_BUFFER_TOO_SMALL;
|
return EFI_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PendingBufferSize > 0) {
|
if (PendingBufferSize > 0) {
|
||||||
*BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize);
|
*BufferOutSize = BIO_read (TlsConn->OutBio, BufferOut, (UINT32) PendingBufferSize);
|
||||||
} else {
|
} else {
|
||||||
*BufferOutSize = 0;
|
*BufferOutSize = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return EFI_SUCCESS;
|
return EFI_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Build the CloseNotify packet.
|
Build the CloseNotify packet.
|
||||||
|
|
||||||
@param[in] Tls Pointer to the TLS object for state checking.
|
@param[in] Tls Pointer to the TLS object for state checking.
|
||||||
@param[in, out] Buffer Pointer to the buffer to hold the built packet.
|
@param[in, out] Buffer Pointer to the buffer to hold the built packet.
|
||||||
@param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
|
@param[in, out] BufferSize Pointer to the buffer size in bytes. On input, it is
|
||||||
the buffer size provided by the caller. On output, it
|
the buffer size provided by the caller. On output, it
|
||||||
is the buffer size in fact needed to contain the
|
is the buffer size in fact needed to contain the
|
||||||
packet.
|
packet.
|
||||||
|
|
||||||
@retval EFI_SUCCESS The required TLS packet is built successfully.
|
@retval EFI_SUCCESS The required TLS packet is built successfully.
|
||||||
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
|
@retval EFI_INVALID_PARAMETER One or more of the following conditions is TRUE:
|
||||||
Tls is NULL.
|
Tls is NULL.
|
||||||
BufferSize is NULL.
|
BufferSize is NULL.
|
||||||
Buffer is NULL if *BufferSize is not zero.
|
Buffer is NULL if *BufferSize is not zero.
|
||||||
@retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
|
@retval EFI_BUFFER_TOO_SMALL BufferSize is too small to hold the response packet.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
EFI_STATUS
|
EFI_STATUS
|
||||||
EFIAPI
|
EFIAPI
|
||||||
TlsCloseNotify (
|
TlsCloseNotify (
|
||||||
IN VOID *Tls,
|
IN VOID *Tls,
|
||||||
IN OUT UINT8 *Buffer,
|
IN OUT UINT8 *Buffer,
|
||||||
IN OUT UINTN *BufferSize
|
IN OUT UINTN *BufferSize
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
TLS_CONNECTION *TlsConn;
|
TLS_CONNECTION *TlsConn;
|
||||||
UINTN PendingBufferSize;
|
UINTN PendingBufferSize;
|
||||||
|
|
||||||
TlsConn = (TLS_CONNECTION *) Tls;
|
TlsConn = (TLS_CONNECTION *) Tls;
|
||||||
PendingBufferSize = 0;
|
PendingBufferSize = 0;
|
||||||
|
|
||||||
if (TlsConn == NULL || \
|
if (TlsConn == NULL || \
|
||||||
TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
|
TlsConn->Ssl == NULL || TlsConn->InBio == NULL || TlsConn->OutBio == NULL || \
|
||||||
BufferSize == NULL || \
|
BufferSize == NULL || \
|
||||||
(Buffer == NULL && *BufferSize != 0)) {
|
(Buffer == NULL && *BufferSize != 0)) {
|
||||||
return EFI_INVALID_PARAMETER;
|
return EFI_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
||||||
if (PendingBufferSize == 0) {
|
if (PendingBufferSize == 0) {
|
||||||
//
|
//
|
||||||
// ssl3_send_alert() and ssl3_dispatch_alert() function will be called.
|
// ssl3_send_alert() and ssl3_dispatch_alert() function will be called.
|
||||||
//
|
//
|
||||||
SSL_shutdown (TlsConn->Ssl);
|
SSL_shutdown (TlsConn->Ssl);
|
||||||
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
PendingBufferSize = (UINTN) BIO_ctrl_pending (TlsConn->OutBio);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PendingBufferSize > *BufferSize) {
|
if (PendingBufferSize > *BufferSize) {
|
||||||
*BufferSize = PendingBufferSize;
|
*BufferSize = PendingBufferSize;
|
||||||
return EFI_BUFFER_TOO_SMALL;
|
return EFI_BUFFER_TOO_SMALL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PendingBufferSize > 0) {
|
if (PendingBufferSize > 0) {
|
||||||
*BufferSize = BIO_read (TlsConn->OutBio, Buffer, (UINT32) PendingBufferSize);
|
*BufferSize = BIO_read (TlsConn->OutBio, Buffer, (UINT32) PendingBufferSize);
|
||||||
} else {
|
} else {
|
||||||
*BufferSize = 0;
|
*BufferSize = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return EFI_SUCCESS;
|
return EFI_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Attempts to read bytes from one TLS object and places the data in Buffer.
|
Attempts to read bytes from one TLS object and places the data in Buffer.
|
||||||
|
|
||||||
This function will attempt to read BufferSize bytes from the TLS object
|
This function will attempt to read BufferSize bytes from the TLS object
|
||||||
and places the data in Buffer.
|
and places the data in Buffer.
|
||||||
|
|
||||||
@param[in] Tls Pointer to the TLS object.
|
@param[in] Tls Pointer to the TLS object.
|
||||||
@param[in,out] Buffer Pointer to the buffer to store the data.
|
@param[in,out] Buffer Pointer to the buffer to store the data.
|
||||||
@param[in] BufferSize The size of Buffer in bytes.
|
@param[in] BufferSize The size of Buffer in bytes.
|
||||||
|
|
||||||
@retval >0 The amount of data successfully read from the TLS object.
|
@retval >0 The amount of data successfully read from the TLS object.
|
||||||
@retval <=0 No data was successfully read.
|
@retval <=0 No data was successfully read.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
INTN
|
INTN
|
||||||
EFIAPI
|
EFIAPI
|
||||||
TlsCtrlTrafficOut (
|
TlsCtrlTrafficOut (
|
||||||
IN VOID *Tls,
|
IN VOID *Tls,
|
||||||
IN OUT VOID *Buffer,
|
IN OUT VOID *Buffer,
|
||||||
IN UINTN BufferSize
|
IN UINTN BufferSize
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
TLS_CONNECTION *TlsConn;
|
TLS_CONNECTION *TlsConn;
|
||||||
|
|
||||||
TlsConn = (TLS_CONNECTION *) Tls;
|
TlsConn = (TLS_CONNECTION *) Tls;
|
||||||
if (TlsConn == NULL || TlsConn->OutBio == 0) {
|
if (TlsConn == NULL || TlsConn->OutBio == 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Read and return the amount of data from the BIO.
|
// Read and return the amount of data from the BIO.
|
||||||
//
|
//
|
||||||
return BIO_read (TlsConn->OutBio, Buffer, (UINT32) BufferSize);
|
return BIO_read (TlsConn->OutBio, Buffer, (UINT32) BufferSize);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Attempts to write data from the buffer to TLS object.
|
Attempts to write data from the buffer to TLS object.
|
||||||
|
|
||||||
This function will attempt to write BufferSize bytes data from the Buffer
|
This function will attempt to write BufferSize bytes data from the Buffer
|
||||||
to the TLS object.
|
to the TLS object.
|
||||||
|
|
||||||
@param[in] Tls Pointer to the TLS object.
|
@param[in] Tls Pointer to the TLS object.
|
||||||
@param[in] Buffer Pointer to the data buffer.
|
@param[in] Buffer Pointer to the data buffer.
|
||||||
@param[in] BufferSize The size of Buffer in bytes.
|
@param[in] BufferSize The size of Buffer in bytes.
|
||||||
|
|
||||||
@retval >0 The amount of data successfully written to the TLS object.
|
@retval >0 The amount of data successfully written to the TLS object.
|
||||||
@retval <=0 No data was successfully written.
|
@retval <=0 No data was successfully written.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
INTN
|
INTN
|
||||||
EFIAPI
|
EFIAPI
|
||||||
TlsCtrlTrafficIn (
|
TlsCtrlTrafficIn (
|
||||||
IN VOID *Tls,
|
IN VOID *Tls,
|
||||||
IN VOID *Buffer,
|
IN VOID *Buffer,
|
||||||
IN UINTN BufferSize
|
IN UINTN BufferSize
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
TLS_CONNECTION *TlsConn;
|
TLS_CONNECTION *TlsConn;
|
||||||
|
|
||||||
TlsConn = (TLS_CONNECTION *) Tls;
|
TlsConn = (TLS_CONNECTION *) Tls;
|
||||||
if (TlsConn == NULL || TlsConn->InBio == 0) {
|
if (TlsConn == NULL || TlsConn->InBio == 0) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Write and return the amount of data to the BIO.
|
// Write and return the amount of data to the BIO.
|
||||||
//
|
//
|
||||||
return BIO_write (TlsConn->InBio, Buffer, (UINT32) BufferSize);
|
return BIO_write (TlsConn->InBio, Buffer, (UINT32) BufferSize);
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
Attempts to read bytes from the specified TLS connection into the buffer.
|
Attempts to read bytes from the specified TLS connection into the buffer.
|
||||||
|
|
||||||
This function tries to read BufferSize bytes data from the specified TLS
|
This function tries to read BufferSize bytes data from the specified TLS
|
||||||
connection into the Buffer.
|
connection into the Buffer.
|
||||||
|
|
||||||
@param[in] Tls Pointer to the TLS connection for data reading.
|
@param[in] Tls Pointer to the TLS connection for data reading.
|
||||||
@param[in,out] Buffer Pointer to the data buffer.
|
@param[in,out] Buffer Pointer to the data buffer.
|
||||||
@param[in] BufferSize The size of Buffer in bytes.
|
@param[in] BufferSize The size of Buffer in bytes.
|
||||||
|
|
||||||
@retval >0 The read operation was successful, and return value is the
|
@retval >0 The read operation was successful, and return value is the
|
||||||
number of bytes actually read from the TLS connection.
|
number of bytes actually read from the TLS connection.
|
||||||
@retval <=0 The read operation was not successful.
|
@retval <=0 The read operation was not successful.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
INTN
|
INTN
|
||||||
EFIAPI
|
EFIAPI
|
||||||
TlsRead (
|
TlsRead (
|
||||||
IN VOID *Tls,
|
IN VOID *Tls,
|
||||||
IN OUT VOID *Buffer,
|
IN OUT VOID *Buffer,
|
||||||
IN UINTN BufferSize
|
IN UINTN BufferSize
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
TLS_CONNECTION *TlsConn;
|
TLS_CONNECTION *TlsConn;
|
||||||
|
|
||||||
TlsConn = (TLS_CONNECTION *) Tls;
|
TlsConn = (TLS_CONNECTION *) Tls;
|
||||||
if (TlsConn == NULL || TlsConn->Ssl == NULL) {
|
if (TlsConn == NULL || TlsConn->Ssl == NULL) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Read bytes from the specified TLS connection.
|
// Read bytes from the specified TLS connection.
|
||||||
//
|
//
|
||||||
return SSL_read (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
|
return SSL_read (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Attempts to write data to a TLS connection.
|
Attempts to write data to a TLS connection.
|
||||||
|
|
||||||
This function tries to write BufferSize bytes data from the Buffer into the
|
This function tries to write BufferSize bytes data from the Buffer into the
|
||||||
specified TLS connection.
|
specified TLS connection.
|
||||||
|
|
||||||
@param[in] Tls Pointer to the TLS connection for data writing.
|
@param[in] Tls Pointer to the TLS connection for data writing.
|
||||||
@param[in] Buffer Pointer to the data buffer.
|
@param[in] Buffer Pointer to the data buffer.
|
||||||
@param[in] BufferSize The size of Buffer in bytes.
|
@param[in] BufferSize The size of Buffer in bytes.
|
||||||
|
|
||||||
@retval >0 The write operation was successful, and return value is the
|
@retval >0 The write operation was successful, and return value is the
|
||||||
number of bytes actually written to the TLS connection.
|
number of bytes actually written to the TLS connection.
|
||||||
@retval <=0 The write operation was not successful.
|
@retval <=0 The write operation was not successful.
|
||||||
|
|
||||||
**/
|
**/
|
||||||
INTN
|
INTN
|
||||||
EFIAPI
|
EFIAPI
|
||||||
TlsWrite (
|
TlsWrite (
|
||||||
IN VOID *Tls,
|
IN VOID *Tls,
|
||||||
IN VOID *Buffer,
|
IN VOID *Buffer,
|
||||||
IN UINTN BufferSize
|
IN UINTN BufferSize
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
TLS_CONNECTION *TlsConn;
|
TLS_CONNECTION *TlsConn;
|
||||||
|
|
||||||
TlsConn = (TLS_CONNECTION *) Tls;
|
TlsConn = (TLS_CONNECTION *) Tls;
|
||||||
if (TlsConn == NULL || TlsConn->Ssl == NULL) {
|
if (TlsConn == NULL || TlsConn->Ssl == NULL) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// Write bytes to the specified TLS connection.
|
// Write bytes to the specified TLS connection.
|
||||||
//
|
//
|
||||||
return SSL_write (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
|
return SSL_write (TlsConn->Ssl, Buffer, (UINT32) BufferSize);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user